Data protection
The protection of your privacy when processing personal data is an important concern for us. When you visit our websites, our web servers store the IP of your internet service provider, the website from which you visit us, the web pages you visit on our website and the date and duration of the visit as standard. This information is functionally necessary for the technical transmission of the web pages and the secure server operation . A personalised evaluation of this data does not take place.
If you send us data via the contact form, this data will be stored on our servers in the course of data backup. We will only use your data to process your request. Your data will be treated as strictly confidential. It will not be passed on to third parties.
Responsible Entity
noris network AG
Thomas-Mann-Straße 16–20
90471 Nuremberg
Phone: +49 911 9352-0
E-Mail: info@noris.de
Internet: www.noris.de
Data Protection Officer
Mr. Christian Volkmer
Projekt 29 GmbH & Co. KG
Ostengasse 14
93047 Regensburg
Phone: +49 941 2986930
Fax: 0941 29869316
E-Mail: anfragen@projekt29.de
Internet: www.projekt29.de
All interested parties and visitors to our website are welcome to contact us with questions regarding data protection, e.g. via the responsible entity and/or the data protection officer, as mentioned above.
Purpose and legal basis for the processing of your data
We only process personal data for specific purposes, these are explained below. The way in which your data is processed depends on the services, functionalities and offers of our website that are used. We process data for
- an establishment of contact and communication as well as
- a guarantee of security in the use of the site
The processing of your personal data is only carried out under the conditions of Article 6 paragraph 1 GDPR – lawfulness of the processing.
Visiting and calling up our website
You can visit our website purely for information purposes without transmitting any further personal data. When you visit our website, only the technically necessary information automatically transmitted by the browser is stored, i.e. the name of your internet service provider, the page from which you are visiting us, the date and time of your visit and the type of browser/operating system.
The information collected during the use of our website is only stored for the duration of your visit, as this data is required to achieve the aforementioned purposes. The storage of this data takes place in the form of log files on our web server and is necessary for technical reasons for the functionality of our website.
In case of event attacks on our internet infrastructure can be evaluated through the use of a Web Application Firewall (WAF) – which sets cookies – IP address for prevention and defence measures . In this case, we have a legitimate interest within the meaning of Art. 6 paragraph 1 f) GDPR in processing the IP address. This legitimate interest results from the need to ward off the attack on the Internet infrastructure, to determine the origin of the attack in order to be able to take criminal and civil action against the person responsible and to effectively prevent further attacks . The IP address is deleted after a retention period of 30 days if the evaluation excludes a malicious intention.
In addition, we use cookies to enable an optimised and facilitated use. (more details see below in the section “Cookies”).
Customer Self-Support Portal
We set up password-protected direct access for each customer to their inventory data stored with us (customer account for support portal). You, as the customer, undertake to treat the personal access data confidentially and not to make it accessible to unauthorized third parties. We cannot accept any liability for misused passwords unless we are responsible for the misuse.
noris secures access with (optional) two-factor authentication. With the function “stay logged in” or “do not show MFA request in this browser for the next 8 hours”, noris would like to make your visit to our websites as pleasant as possible. This function allows you to use our services without having to log in again each time. For security reasons, however, you will be asked to enter your password again if, for example, personal data is to be changed or an order is placed. noris recommends not using this function if several users use the computer. noris would like to point out that the function “stay logged in” or “do not show MFA prompt in this browser for the next 8 hours” is not available if you use a setting that automatically deletes the stored cookies after each session.
Contact management
In the customer support portal, you have the option of creating your user contacts and managing their authorizations yourself. To create a contact, you enter the name, email address and any other contact details such as telephone numbers within a mandatory environment. The data is required to save the contact in your system and to give you the opportunity to contact noris.
Support requests
You can create processes (cases or tickets) in the support portal to start a support enquiry and/or report a problem to noris. In order to process a support request, we collect a description of the issue, the contact details of the person concerned (if necessary/available) and any other relevant information. This data is necessary in order to process your request and offer you the best possible support.
Insight into products, installation base and order management
In the support portal, you have access to your products, your installation base and your order management. In order to be able to provide you with this information, we collect and process your customer data, contract data and payment data, which are necessary for the fulfilment of the contract between the parties within the framework of Art. 6 para. 1 lit. b) GDPR.
Access to self-services
In the customer support portal, you have access to the self-services you have purchased in the areas of email, domain, and data centre. In order to be able to provide you with these services, we collect and process your customer data, contract data and usage data, which are necessary for the fulfilment of the contract between the parties within the framework of Art. 6 para. 1 lit. b) GDPR.
Server log files
We automatically collect and store information in so-called server log files, which your browser automatically transmits to us. These are
– Date and time of the request
– Name of the requested file
– Page from which the file was requested
– Access status (file transferred, file not found, etc.)
– Web browser and operating system used
– Complete IP address of the requesting computer
– Volume of data transferred
This data is not merged with other data sources. The processing is carried out in accordance with Art. 6 para. 1 lit. f) GDPR on the basis of our legitimate interest and Art. 6 para. 1 lit. b) GDPR for the fulfilment of the parties’ contract to improve the stability and functionality of our website.
For reasons of technical security, in particular to defend against attempted attacks on our web server, this data is stored by us for a short period of time. It is not possible for us to identify individual persons from this data. After seven days at the latest, the data is anonymised by shortening the IP address at domain level so that it is no longer possible to establish a link to the individual user. The data is also processed in anonymised form for statistical purposes; it is not compared with other databases or passed on to third parties, even in excerpts. Only in the context of our server statistics, which we publish every two years in our activity report, does a presentation of the number of page views take place.
Contact and appointment requests
We collect and store personal data when you contact us, e.g. by e-mail and/or our online contact form. It is your free choice which data you provide to us in a contact request. If you contact us by e-mail, we store the data you provide and process it exclusively for the purpose of the initial contact. If you contact us in the context of an existing business relationship and/or wish to receive information in advance about our offer, the information you provide will be processed for the purpose of processing and responding to your request in accordance with Art. 6 paragraph 1 point b) GDPR. We store personal data collected in connection with your contact until the purpose is fulfilled or for the duration of the processing of your enquiry. Further inventory data collected in the context of a subsequent inclusion in the customer database will be stored after the conclusion of a contract.
Applicant inquiries in the job portal
Security within the application process through noris applicant portal
Your transmitted application data will be collected and processed electronically by us for the purpose of processing the application procedure. This may involve the following personal data in particular: Name, contact details, date of birth, as well as personal data of special categories resulting from Art. 9 paragraph 1 GDPR.
If your application is followed by the conclusion of an employment contract, your transmitted data will be further processed by us in your personnel file for the purpose of the usual organisational and administrative process in compliance with the relevant legal regulations.
The processing of your data within the application procedure is based on Art. 6 paragraph 1 point b) GDPR in conjunction with Section 26 Federal Data Protection Act (BDSG).
If your job application is rejected, the data you have submitted will be automatically deleted six months after notification of the rejection or after the position has been awarded. This does not apply if longer storage is necessary due to other legal obligations (for example, the duty of proof under the General Equal Treatment Act).
Further data protection information on the application process can be found here.
Fairs and Events
At trade fairs and events, we use the SnapADDY app to collect business cards informations; your data will be scanned and digitally recorded. This data is only collected with your consent on the basis of Art. 6 paragraph 1 point a) GDPR or in the context of business negotiations on the basis of Art. 6 paragraph 1 point b, f) GDPR. The contact data is initially collected via the AWS Cloud (server in Frankfurt am Main) and then transferred to our own servers. This serves the purpose of further contact as described in the chapter “Contact and appointment requests”. At the end of a event, the data will be deleted from SnapADDY by noris sales department.
For more information about privacy at SnapADDY, please visit:
https://www.snapaddy.com/de/privacy-security-hub/datenschutz.html
Use of cookies
When you visit our website, we store information on your computer in the form of cookies with your consent. Cookies are small files that are transferred from an internet server to your browser and stored on its hard drive. The legal basis for the use of cookies is Art. 6 paragraph 1 point f) GDPR. This information, which is stored in the cookies, makes it possible to automatically recognise you the next time you visit our website, which makes it easier for you to use it.
If you do not want your computer to be recognised when you visit us, you can refuse the use of cookies, but this may restrict the use of some areas of our website.
In the following, the cookie categories are defined as follows:
| Category | Description |
| Necessary | Cookies or data that are necessary for technical reasons so that the website functions correctly. |
| Functional | Cookies or data that are necessary for certain functions/services of the website to function or to increase the usability of the website. This also includes cookies from third-party providers. |
| Statistical | Cookies to perform analyses of data in order to obtain information about the use of our website and the content requested. The processing is carried out with anonymised data. |
| Marketing | Cookies to perform analytics on location data, visitor interests / interactions and the like to provide information about website visitors and content requested. These are used across channels for personalised profiling and merged with other personal data. |
Borlabs
Our website uses Borlabs Cookies consent technology to obtain your consent to store certain cookies in your browser and to document this in a data protection compliant manner.
When you enter our website, a Borlabs cookie is stored in your browser, which stores the consents you have given or the revocation of these consents. This data is not shared with the Borlabs cookie provider. The collected data will be stored until you request us to delete it or until you delete the Borlabs cookie yourself or until the purpose for storing the data no longer applies. Mandatory legal retention periods remain unaffected.
Details on the data processing of Borlabs Cookie can be found at:
https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/
Borlabs cookie consent technology is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 paragraph 1 point c ) GDPR. The provider of this technology is Borlabs – Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg (hereinafter Borlabs). We have concluded a contract on commissioned processing (CPC) pursuant to Art. 28 GDPR with the provider.
This is a contract required by data protection law, which ensures that it only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
| Category | Cookie name | Description | Validity |
| Necessary | borlabs-cookie | Saves the settings of the visitors selected in the Cookie Box of Borlabs Cookie. | 1 year |
Matomo
Matomo itself is a web application based on PHP and MySQL, which is installed directly on our server. By means of a JavaScript tracking code on our website, individual page views are tracked. The IP of the visitor – pseudonymised – the date and time of the visit, the title and URL of the page visited, the referrer URL, the time zone, downloads, link clicks and the browser language are tracked.
Matomo is an open source project and has no company headquarters; the software is hosted on prem in the noris network data centre.
The legal basis for data processing is your consent in accordance with Art. 6 paragraph 1 point a) GDPR.
| Category | Cookie name | Description | Validity |
| Statistical | _pk_*.* | Cookie from Matomo for website analytics. Generates statistical data about how the visitor uses the website. | 13 months |
truffle.one
On our website, we use the web technology for company recognition of truffle.one GmbH, Am Weißen Stein 16, 53227 Bonn, Germany (“truffle.one”) to identify companies as website visitors. When you visit our site, your IP address is matched to determine whether you as a website visitor come from a static, i.e. a fixed company IP address.
The domain name and the name of the company are derived from this. In doing so, we can determine how long visitors to our website have stayed on one of our web pages. It is not possible for us to draw a personal line. We can only assign you as a visitor to the website who came from the static IP address. The IP address is then discarded. We use the information to evaluate your use of our website, to compile reports on website activity for us and to improve our marketing and promotional approach. The legal basis for data processing is your consent in accordance with Art. 6 paragraph 1 point a) GDPR.
| Category | Cookie name | Description | Validity |
| Marketing | truffle.one | Matching user IP address with static, i.e. a fixed company IP address, to derive the domain name and the name of the company. This allows us to determine how long visitors have stayed on our website. | Session cookies: These cookies are deleted from your end device immediately after you close your web browser. Persistent cookies: These cookies remain on your end device even after you close your web browser and enable us, for example, to recognize you the next time you visit our website. |
LinkedIn Insight Tag
This website uses the Insight tag from LinkedIn. The provider of this service is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
With the help of the LinkedIn Insight Tag, we receive information about the visitors to our website. If a website visitor is registered with LinkedIn, we can, among other things, analyse the key professional data (e.g. career level, company size, country, location, industry and job title) of our website visitors and thus better tailor our site to the respective target groups.
Furthermore, we can use LinkedIn Insight Tags to measure whether visitors to our websites make a purchase or take any other action (conversion measurement). Conversion measurement can also take place across devices (e.g. from PC to tablet). LinkedIn Insight Tag also offers a retargeting function that allows us to display targeted advertising to visitors to our website outside of the website, whereby, according to LinkedIn, no identification of the advertising addressee takes place.
LinkedIn itself also collects so-called log files (URL, referrer URL, IP address, device and browser properties and time of access). The IP addresses are shortened or (if they are used to reach LinkedIn members across devices) hashed (pseudonymised). The direct identifiers of LinkedIn members are deleted by LinkedIn after 7 days. The remaining pseudonymised data is then deleted within 180 days.
The data collected by LinkedIn cannot be assigned to specific individuals by us as the website operator. LinkedIn will store the collected personal data of website visitors on its servers in the USA and use it in the context of its own advertising measures.
For details, see LinkedIn’s privacy policy at:
https://www.linkedin.com/legal/privacy-policy#choices-oblig.
The use of LinkedIn Insight is based on Art. 6 paragraph 1 point f) GDPR. The website operator has a legitimate interest in effective advertising measures including social media. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 paragraph 1 point a) GDPR.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission.
Details can be found here:
https://www.linkedin.com/legal/l/dpa and
https://www.linkedin.com/legal/l/eu-sccs
You can object to the analysis of usage behaviour and targeted advertising by LinkedIn at the following link:
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
Furthermore, LinkedIn members can control the use of their personal data for advertising purposes in the account settings. To avoid a link between data collected on our website by LinkedIn and your LinkedIn account.
| Category | Cookie name | Description | Validity |
| External Media/Marketing | LinkedIn Insight Tag | Efficiency measurement for retargeting through conversion tracking, website target groups and website demographics analysis | Members’ direct identifiers are removed within seven days to pseudonymise the data. This remaining pseudonymised data is then deleted within 180 days. |
Google Maps
This website uses Google Maps to display maps and to create directions. Google Maps is operated by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By using Google Maps on this website, you consent to the collection, processing and use of automatically collected data and data provided by you by Google, one of its agents, or third parties.
The terms of use for Google Maps can be found at: https://www.google.com/intl/de_de/help/terms_maps/
You can find the Google Maps privacy policy at:
https://policies.google.com/privacy
| Category | Cookie name | Description | Validity |
| External media/functional | NID | Used to unlock Google Maps content. | 6 months |
Youtube
We use the provider YouTube to embed videos. The videos were embedded in the extended data protection mode. Like most websites, however, YouTube also uses cookies to collect information about visitors to its website. YouTube uses these, among other things, to collect video statistics, to prevent fraud and to improve user-friendliness. This also leads to a connection with the Google Double-Click network. When you start the video, this could trigger further data processing operations. We have no influence on this.
For more information about privacy at YouTube, please see their privacy policy at:
http://www.youtube.com/t/privacy_at_youtube
| Category | Cookie name | Description | Validity |
| External media/functional | NID | Used to unlock YouTube content. | 6 months |
Social Media
As a modern future-oriented company, noris network AG informs potential interested parties through our social media pages.
We have no influence on the scope of the data collected by the social network. Please refer to the data protection information of the respective social network for more information:
Security by means of technical organisational measures (TOM for short)
We have taken technical and organisational security precautions to protect your personal data against loss, destruction, manipulation and unauthorised access. All our employees and service providers working for us are obliged to comply with the applicable data protection laws.
Whenever we collect and process personal data, it is encrypted by default during transmission using the SSL protocol. This means that your data cannot be misused by third parties.
Our security measures are subject to a continuous improvement process and our data protection declaration is constantly revised. Our TOMs are continuously 1 reviewed and further developed according to the modern state of the art in accordance with Art. 32 GDPR.
Security by means of video surveillance at noris locations
noris network AG monitors security-relevant areas inside and outside its buildings and premises by means of video transmission (livestreams).
At premises/building locations where noris network AG uses video surveillance, this is indicated by a corresponding sign. As part of the security concept of noris network AG, video recording is carried out in order to ensure a quick inspection of the external building fronts including the adjacent environment without endangering the company’s own personnel. General video surveillance of the public space does not take place. As soon as you are within the detection range of the cameras, you are the subject of this data processing.
noris network AG has a legitimate interest in the use of video surveillance (Art. 6 paragraph 1 point f) GDPR). It makes a significant contribution to ensuring the fullest possible building and personal security in a personnel-friendly manner.
With video surveillance, we pursue the following goals depending on the circumstances of the respective locations:
- Securing the site from vandalism
- a (necessary) monitoring of alarm-secured doors
- a detection of illegal access attempts
- a detection of blocked emergency exits
- a preservation of evidence in the case of criminal offences
With the help of video surveillance, measures can be initiated immediately to eliminate grievances from the listed points. It not only serves to protect the building, but also your personal safety.
Video data is only evaluated on an ad hoc basis. noris network AG may commission external service providers to evaluate the video surveillance. In addition to the livestream, these also receive access to recordings of the video cameras in the respective contractually defined area of responsibility. The video surveillance data will be deleted immediately if it is no longer necessary to achieve the purposes for which it was collected. In the event of a violation of the house rules, the commission of a criminal offence or if required by law, the recordings can or must be handed over to security authorities.
Security in the application process through noris applicant portal
Your application data transmitted to us will be collected and processed electronically by us for the purpose of processing the application procedure. This may involve the following personal data in particular: Name, contact details, date of birth, as well as personal data of special categories resulting from Art. 9 paragraph 1 GDPR.
If your application is followed by the conclusion of an employment contract, your transmitted data will be further processed by us in your personnel file for the purpose of the usual organisational and administrative process in compliance with the relevant legal regulations.
The processing of your data within the application procedure is based on Art. 6 paragraph 1 point b) GDPR in conjunction with Section 26 Federal Data Protection Act (BDSG).
The deletion of the data you have submitted takes place automatically two months after notification of the rejection or six months after the award of the position if your job application is rejected. This does not apply if longer storage is necessary due to other legal obligations (for example, the duty of proof under the General Equal Treatment Act).
General data subject rights pursuant to Art. 15 ff GDPR
You have the following statutory data protection rights under the respective legal conditions:
- Right to information ( 15 GDPR, Section 34 Federal Data Protection Act (BDSG)
- Right to deletion ( 17 GDPR, Section 35 Federal Data Protection Act (BDSG)
- Right to rectification ( 16 GDPR, Section 34 Federal Data Protection Act (BDSG)
- Right to restriction of processing ( 18 GDPR)
- Right to data portability ( 20 GDPR)
To exercise your rights as described here, you can contact the data controller at any time using the contact details above.
You also have the right to complain to the data protection supervisory authority responsible for us. In Nuremberg, where we have our registered office, the:
| competent supervisory authority: |
| Bavarian State Office for Data Protection Supervision, P.O. Box 606, 91511 Ansbach, Germany |
Alternatively, you can contact the data protection authority in your place of residence, which will then forward your request to the competent authority.
General deletion period according to Art. 17 GDPR
We delete all personal data after the purpose for collecting the information has been fulfilled, unless legal deadlines dictate a different period of time or there is a permanent purpose (e.g. video surveillance) and thus deletion takes place according to fixed routines.
Right of revocation and objection pursuant to Art. 21 GDPR
In accordance with Art. 7 paragraph 2 GDPR, you have the right to revoke your consent at any time. This means that we will no longer process the data based on this consent in the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
Insofar as we process your data on the basis of legitimate interests pursuant to Art. 6 paragraph 1 f) GDPR, you have the right to object to the processing of your data pursuant to Art. 21 GDPR and to provide us with reasons that arise from your particular situation and that you believe outweigh your interests worthy of protection. If it is a matter of objecting to data processing for direct marketing purposes, you have a general right of objection, which will also be implemented by us without giving reasons.
If you wish to make use of your right of revocation or objection, it is sufficient to send an informal message to the contact details of the responsible person mentioned above. For the sake of completeness, this information is presented here once again:
| Responsible entity: |
| noris network AG Thomas-Mann-Strasse 16–20 90471 Nuremberg Phone: +49 911 9352-0 Data protection info@noris.de https://www.noris.de/ |
Changes to privacy notices
Further development of the Internet, as well as the jurisdiction for our website, may also have an effect on this data protection notice. We reserve the right to change this (partly website-specific) data protection notice in the future in order to comply with current legal requirements and/or to reflect additions or changes to our website.
The current version of this data protection notice applies to your visit, which you can access on each sub-page under the link “Data protection”.
Status of this data protection notice April 2024
