Privacy Policy

Download German Version

Thank you for your interest in our company, our products and our services. As the data controller, we want you to feel comfortable interacting with us and our employees regarding the protection of your personal data. We take compliance with all applicable data protection regulations, especially the GDPR, very seriously. The protection of your personal data is therefore a top priority for us. With the following information, we would like to inform you about how we handle your personal data in detail:

1. Data controller

NT-ware Systemprogrammierungs-GmbH
Niedersachsenstraße 6
49186 Bad Iburg

2. Contact Details of the Data Privacy Officer

Data Protection Officer
NT-ware Systemprogrammierungs-GmbH
Niedersachsenstr. 6
49186 Bad Iburg
privacy@nt-ware.com

3. Data sharing and international transfer

As explained in this Privacy Policy, we use various service providers to help us deliver our services and keep your data secure. When we use these service providers, it is necessary for us to share your personal information with them.

We have entered into agreements with all service providers to whom we share your data, which oblige them to protect your data.

If your personal data is transferred outside the EU, we will ensure that your personal data receives an equivalent level of protection, either because the country to which your data being transferred has an adequate standard of data protection according to the European Commission, or by applying another safeguard such as an enhanced contractual arrangement, i.e. the Standard Contractual Clauses (SCCs) adopted by the European Commission. For example, when we use US service providers, we rely on either the SCC or the EU-US Data Privacy Framework, depending on the provider.

4. Provision of the website and creation of log files

4.1 Description and scope of data processing

Each time you access our websites, our system automatically collects data and information from the computer system of the accessing computer.

The following data is collected:

IP address
Information about the browser type and version used
The user's operating system
Date and time of access
Referrer URL
Host name of the accessing computer

This data is stored in the log files of our system.

This data is not stored together with other personal data of the user.

4.2 Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the websites to be delivered to the user's computer. For this purpose, the user's IP address must be stored for the duration of the session.

The data is stored in log files to ensure the functionality of the website. Furthermore, we use the data to optimize the website and ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context.

4.3 Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 (1) (f) GDPR.

4.4 Duration of storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. If the data is collected to provide the website, this is the case when the respective session ends.

If data is stored in log files, this occurs after a maximum of 30 days. Longer storage is possible. In this case, the users' IP addresses are deleted or distorted, making it impossible to identify the accessing client.

4.5 Exercising your rights

The collection of data to provide the website and the storage of data in log files are essential for the operation of the website. The user may object to this. Whether the objection is successful will be determined by weighing the interests of the respective users.

5. WP Statistics

5.1 Description and scope of data processing

This website uses the WordPress plugin WP Statistics to analyze visitor traffic and usage behavior. WP Statistics collects statistical information about how visitors use the website, such as

Page URL
HTTP Referrer
Browser
Operation system
Device type
Country, region, city

The data collected is processed in an anonymized form. IP addresses are shortened or anonymized before storage so that a direct personal identification of visitors is not possible. The collected data is stored exclusively on the website’s own server and is not shared with third parties.

5.2 Purpose of data processing

The purpose of processing this data is to analyze website usage, improve content, and optimize the technical performance of the website.

5.3 Legal basis for data processing

The legal basis for processing is Art. 6 (1) (f) GDPR.

5.4 Duration of storage

The maximum retention period is 3 months.

5.5 Exercising your rights

The user may object to the data processing. Whether the objection is successful will be determined by weighing the interests of the respective users.

6. Use of cookies

6.1 Description and scope of data processing

When you visit our websites, we use technical tools for various functions, particularly cookies, which can be stored on your device. When you visit our websites and at any time thereafter, you can choose whether you want to generally allow cookies or which individual additional functions you would like to select. You can make changes in your browser settings or via our consent manager.

Cookies are text files or information in a database that are stored on your hard drive and associated with the browser you use, allowing certain information to be sent to the location that placed the cookie. Below we describe the types of cookies we use:

We use technically necessary cookies that are required for the technical structure of the website. Without these cookies, our website cannot be displayed (fully correctly).

The following data is stored and transmitted by the technically necessary cookies:

Language settings
Consent ID
Opt-in and opt-out data
User agent
Time of consent
Consent type
Geographical location
Template version

We use cookies on our website that are not technically necessary to display YouTube videos. Non-technically necessary cookies are text files that not only serve to ensure the functionality of the website but also collect other data.

By setting technically unnecessary cookies, the following data is processed:

IP address
Device information, referrer URL and videos viewed

For the consent management platform we Usercentrics of Usercentrics GmbH, Rosental 4, 80331 Munich, Germany. Usercentrics enables us to obtain, manage, and legally document user consent for data processing. Usercentrics places cookies on the user's device for this purpose.

The data is processed geographically within the European Union.

6.2 Purpose of data processing

The purpose of using technically necessary cookies is to ensure the functionality of our website. Some features of our website cannot be offered without the use of cookies. These features require that the browser is recognized even after changing pages.

We require technically necessary cookies for the following applications:

Adoption of language settings
Functionality of the website

The technically unnecessary cookies are used to display YouTube videos embedded on the website.

6.3 Legal basis for data processing

The provisions of the Telecommunications Digital Services Data Protection Act (TDDDG) apply to the storage of information in the end user's terminal equipment and/or access to information already stored in the end user's terminal equipment.

If the setting and reading of cookies is technically necessary, this is done to ensure the functionality of our website. In this case, the storage of and access to cookies on your terminal equipment is based on Section 25 (2) (2) TDDDG. This storage and access to the information stored on your device makes it easier for you to use our website and to provide you with our services as you wish. Some features of our website would not work without the use of these cookies and therefore could not be offered. Cookies are generally deleted after the end of the session (e.g., logging out or closing the browser) or after a specified period of time. Information about different storage periods for cookies can be found in the following sections of this privacy policy.

If cookies are used that are not technically necessary, this is done on the basis of your express consent, which you can grant via the cookie banner. The basis for storing and accessing information in this case is Section 25 (1) TDDDG in conjunction with Article 6 (1) (a) and Article 7 GDPR. You can revoke your consent at any time with effect for the future.

You can subsequently revoke your consent by configuring your cookie settings accordingly. Alternatively, you can prevent cookies from being saved by configuring your browser software accordingly. Please note that the browser settings you make only apply to the browser you are currently using. If personal data is processed following the storage of and access to the information on your device, the provisions of the GDPR apply. Information on this can be found in the following sections of this privacy policy.

6.4 Exercise of your rights

You can withdraw your consent to the use of technically unnecessary cookies at any time and manage your consent preferences by clicking on "Privacy Settings" in the footer.

7. Newsletter

7.1 Description and scope of data processing

On our Partner Site, you can subscribe to various newsletters. When you register for a newsletter, the data you enter in the form will be transmitted to us.

To provide this service, we collect the following data from you:

Email address

Your consent to the processing of your data will be obtained during the registration process and reference will be made to this privacy policy.

The data will be used exclusively for sending the newsletter.

We use the service provider MailChimp from The Rocket Science Group, LLC, 512 Means Street, Suite 404, Atlanta, GA 30318, USA, to manage and send our newsletters. MailChimp's servers are located in the USA.

7.2 Purpose of data processing

The user's email address is collected for the purpose of delivering the newsletter.

7.3 Legal basis for data processing

The legal basis for the processing of data after the user has registered for the newsletter is Art. 6 (1) (a) GDPR.

7.4 Duration of storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. The user's email address will therefore be stored as long as the newsletter subscription is active.

7.5 Exercising your rights

You can cancel your newsletter subscriptions at any time. A link for this purpose is provided in each newsletter.

8. Email contact

8.1 Description and scope of data processing

You can contact us using the email addresses provided on our website. In this case, the user's personal data transmitted with the email will be stored.

The data will be used exclusively for processing the conversation.

8.2 Purpose of data processing

In the event of contact being made by email, this also constitutes the necessary legitimate interest in the processing of the data.

8.3 Legal basis for data processing

The legal basis for processing data transmitted when sending an email is Art. 6 (1) (f) GDPR. Our legitimate interest is to provide an optimal response to your email inquiry.

If the email contact aims at concluding a contract to which you are a party, the additional legal basis for processing is Art. 6 (1) (b) GDPR.

8.4 Duration of storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent via email, this is the case when the respective conversation with you has ended. The conversation is terminated when it can be inferred from the circumstances that the matter in question has been conclusively resolved.

8.5 Exercising your rights

If you contact us by email, you can object to the storage of your personal data at any time. In such a case, the conversation cannot be continued.

You can object to data processing by sending an email to privacy@nt-ware.com.

In this case, all personal data stored during the contact process will be deleted.

9. Corporate appearances

Instagram and Facebook:

Instagram, Part of Meta Platforms Ireland Ltd., Merrion Road, Dublin 4, D04 X2K5, Ireland

Facebook, Part of Meta Platforms Ireland Ltd., Merrion Road, Dublin 4, D04 X2K5, Ireland

If you take action on our Instagram or Facebook corporate pages (e.g. comments, posts, likes, etc.), you may thereby make personal data (e.g. your real name or photo of your user profile) public.

We use our corporate presences in social networks for communication and
exchange of information with (potential) customers. In particular, we use them to inform the public about our company.

The publications on our Instagram or Facebook corporate pages may contain the following content:

Information about products
Advertising

Every user is free to publish personal data through activities.

The legal basis for the processing of personal data for the purpose of communicating with customers and interested parties is Art. 6 (1) (f) GDPR. Our legitimate interest lies in being able to respond to your inquiry as effectively as possible and to provide the requested information.

If the purpose of contacting us is to conclude a contract to which you are a party, the additional legal basis for processing is Art. 6 (1) (b) GDPR.

We have entered into a Joint Controller Agreement with Meta for our Facebook and Instagram pages. The Joint Controller Agreement with Meta can be found here: Facebook

You can object to the processing of your personal data, which we collect as part of your use of our Instagram or Facebook corporate pages, at any time and assert your rights as a data subject, as set out in the "Your Rights" section of this Privacy Policy. To do so, please send us an informal email to privacy@nt-ware.com. You can find further information about the processing of your personal data by Instagram and Facebook and the corresponding objection options here:

Instagram: https://privacycenter.instagram.com/policy
Facebook: https://de-de.facebook.com/legal/controller_addendum and https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0

10. Use of company presence in professional networks

10.1 Description and scope of data processing

Our corporate page in LinkedIn serves informational and PR purposes and offers users the opportunity to communicate with us.

LinkedIn and we are jointly responsible for our corporate page in LinkedIn and have entered into a Joint Controller Addendum: LinkedIn Pages Joint Controller Addendum.

Further information can be found in the privacy policy of LinkedIn:

https://www.linkedin.com/legal/privacy-policy

If you perform an action on our corporate page in LinkedIn (e.g. comments, posts, likes etc.) you may thereby make personal data (e.g. real name or photo of your user profile) public.

10.2 Purpose of data processing

Our corporate page in LinkedIn serves informational and PR purposes and offers users the opportunity to communicate. Users are free to disclose personal data through their activities.

10.3 Legal basis for data processing

The legal basis for the processing of personal data for the purpose of communicating with customers and interested parties is Art. 6 (1) (f) GDPR. Our legitimate interest is to respond to your inquiry as effectively as possible and to provide you with the information you require.

If the purpose of contacting us is to conclude a contract to which you are a party, the additional legal basis for processing is Art. 6 (1) (b) GDPR.

10.4 Duration of storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent via LinkedIn, this is the case when the respective conversation with you has ended. The conversation is terminated when it can be inferred from the circumstances that the matter in question has been conclusively resolved.

10.5 Exercising your rights

You can object to the processing of your personal data, which we collect as part of your use of our website, at any time and exercise your rights as a data subject, as set out in the "Your Rights" section of this Privacy Policy. To do so, send us an informal email to the email address stated in this Privacy Policy.

Further information on exercising your rights can be found here https://legal.linkedin.com/pages-joint-controller-addendum and here https://www.linkedin.com/legal/privacy-policy.

11. Hosting

The NT-ware website is hosted on servers of service providers commissioned by us.

Our service provider are WordPress, which is provided by Aut O'Mattic A8C Ireland Ltd., Grand Canal Dock, 25 Herbert Pl, Dublin D02 AY86, Ireland, and Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany.

The servers automatically collect and store information in so-called server log files, which your browser automatically transmits when you visit the website. The stored information includes:

IP address
Information about the browser type and version used
The user's operating system
Date and time of access
Referrer URL
Host name of the accessing computer

This data will not be merged with other data sources. This data is collected on the basis of Art. 6 (1) (f) GDPR. Our legitimate interest in processing this data is to ensure that our website is displayed correctly and to optimize its functions.

For visitors to the website within the EU, the location of the website's server is in the EU. For visitors outside the EU, we use regional data centers located outside the EU, depending on the visitor's location.

12. Registration to Customer Portal

12.1 Description and scope of data processing

We offer users (exclusively reserved for Canon directly or Canon partners) the possibility to register for our NT-ware Customer Portal by providing personal data. The data is collected using Microsoft Forms.

By submitting the form, the following personal data will be collected for the purpose of the registration process:

Email address
Name
Position
Country/region

We use Jira, provided by Atlassian. Pty Ltd, Level 6, 341 George Street, Sydney NSW 2000, Australia, to operate the Customer Portal. Your data is hosted on data centers within the EU.

12.2 Purpose of data processing

User registration is required to access the customer portal.

12.3 Legal basis for data processing

The legal basis for the processing of the data is Art. 6 (1) (b) GDPR.

12.4 Duration of storage

We will store your data until the purpose for storing the data no longer applies (e.g., after you have canceled your account or are no longer authorized to use this account).

12.5 Exercising your rights

As a user, you have the option to cancel your registration at any time.

The data sent to us will remain with us until you request us to delete it or the purpose for storing the data no longer applies (e.g., after you have canceled your account or are no longer authorized to use this account).

13. Registration to Partner Site

13.1 Description and scope of data processing

We offer users (exclusively reserved for Canon directly or Canon partners) the possibility to register for our NT-ware Partner Site by providing personal data. The data is collected using Microsoft Forms.

By submitting the form, the following personal data will be collected for the purpose of the registration process:

Email address
Name
Position
Country/region

Your user identities are managed by us using Microsoft Entra ID, provided by Microsoft, in data centers in the EU.
To reset your password for the NT-ware Partner Portal, you will be redirected to Microsoft Forms to enter the information required to reset your password.

By submitting the form, your request will be processed, including all personal data resulting from it:

Email address
Name
"Comment" (optional free text field for further information)

We use a data center provided by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany, to host the Partner Site. Your data is hosted on data centers within the EU.

13.2 Purpose of data processing

User registration is required to access the Partner Site.

13.3 Legal basis for data processing

The legal basis for the processing of the data is Art. 6 (1) (b) GDPR.

13.4 Duration of storage

We will store your data until the purpose for storing the data no longer applies (e.g., after you have canceled your account or are no longer authorized to use this account). Your data will be automatically deleted after 12 months if you have not logged into your account in the meantime.

13.5 Exercising your rights

As a user, you have the option to cancel your registration at any time.

14. Registration to Learning Portal

14.1 Description and scope of data processing

We offer users who have registered for our Partner Portal (NT-ware or Canon employees, Canon Partners) the opportunity to register to our

Learning Portal by providing personal information.

Some information is automatically added to your profile when you register on the Partner Site and can be managed there. Other information is optional and can be added and changed. The following data may therefore be processed:

Email address
Name
Position
Country/region
Title
Address
Phone number
Skype
X-Account
Job role

If you wish to take and start an online training course via our Learning Portal, the following data may be collected and processed from you further to the information above:

Start and finish date of the course
Time to take the course
Last login
Assigned date
Attempts for the test/quiz

Your data (including the training carried out) can be made available to the so-called "Team Manager". The Team Manager is a role within the system and comprises one or more persons (usually from the Business Development Department) and is responsible for a specific region (e.g. Germany/Netherlands/USA). If you are subordinate to this Team Manager or Managers in the system, access can take place here by the named Managers. This is for the purpose of general organization. Furthermore, it is of central importance for the Team Managers to evaluate the level of knowledge of the training participants, where there is still potential for development and to convey general awareness about the NT-ware products.

We use Litmos, provided by Litmos US, L.P, 548 Market Street Unit #34398,San Francisco, CA 94104-5401, United States, to operate the Learning Platform. Your data is hosted on data centers in the US.

14.2 Purpose of data processing

User registration is required to access the Learning Portal.

14.3 Legal basis for data processing

The legal basis in the context of the registration and the use of the Learning Portal is Art. 6 (1) (b) GDPR.

The legal bases for the data processing in the context of the Team Manager are Art. 6 (1) (b) GDPR and our legitimate interest pursuant to Art. 6 (1) (f) GDPR. The access of the Team Manager follows the need-to-know principle where only the Team Managers have access to the data of their subordinate trainees.

14.4 Duration of storage

14.5 Exercising your rights

As a user, you have the option to cancel your registration at any time.
The data sent to us will remain with us until you request us to delete it or the purpose for storing the data no longer applies (e.g., after you have canceled your account or are no longer authorized to use this account).

15. Registration to Certification Portal

15.1 Description and scope of data processing

We offer users who have registered for our Partner Portal (NT-ware or Canon employees, Canon Partners) the opportunity to register to our Certification Portal by providing personal information.

Email address
Name
Position
Country/region

If you wish to take and start an online certification course via our Certification Portal, the following data may be collected and processed from you further to the information above:

Start and finish date of the course
Time to take the course
Last login
Assigned date
Attempts for the test/quiz

We use Questionmark, provided by Questionmark Computing Ltd, 3rd Floor, 1 Ashley Road, Altrincham, Cheshire, WA14 2DT, United Kingdom, to operate the Learning Platform. Your data is hosted on data centers within the EU.

15.2 Purpose of data processing

User registration is required to access the Certification Portal.

15.3 Legal basis for data processing

The legal basis in the context of the registration and the use of the Learning Portal is Art. 6 (1) (b) GDPR.

15.4 Duration of storage

We will store your data until the purpose for storing the data no longer applies (e.g. after you have canceled your account or are no longer authorized to use this account). Your data will be automatically deleted after 12 months if you have not logged into your account in the meantime.

15.5 Exercising your rights

As a user, you have the option to cancel your registration at any time.

16. Registration to NT-ware community

16.1 Description and scope of data processing

We offer users the possibility to register for our NT-ware community by providing personal data.

By registering and using the NT-ware community, the following personal data will be processed:

Username
Email address
Posts and date
Where applicable:
◦ “About me”
◦ Cover Photo (like a banner for their profile page)
◦ Birthday
◦ Gender
◦ Location
◦ Occupation
◦ Hobbies
◦ Website
◦ Social Media Accounts
◦ Information in their post-signature

The NT-ware community is hosted by WoltLab GmbH, Nedlitzer Str. 27B, 14469 Potsdam. Your data is hosted on data centres within the EU.

16.2 Purpose of data processing

User registration is required to access and use the NT-ware community.

16.3 Legal basis for data processing

The legal basis for the processing of the data is Art. 6 (1) (b) GDPR.

16.4 Duration of storage

We will store your data until the purpose for storing the data no longer applies (e.g., after you have canceled your account or are no longer authorized to use this account).

16.5 Exercising your rights

As a user, you have the option to cancel your registration at any time.

17. AI Chatbot

17.1 Description and scope of data processing

We offer users who have registered for our Partner Portal (NT-ware or Canon employees, Canon Partners) the opportunity to use AI chatbots in the uniFLOW Online Support Toolbox.

This is done using the data you provided when registering on the partner site. The following data may therefore be processed:

Email address
Name
Position
Country/region
Chat history

We use Microsoft's European data centers to provide the AI chatbots.

17.2 Purpose of data processing

The registration is necessary to provide access and use the AI chatbots in the uniFLOW Online Support Toolbox.

17.3 Legal basis for data processing

The legal basis in the context of the registration and the use of the AI chatbots is Art. 6 (1) (b) GDPR.

17.4 Duration of storage

We will store your data until the purpose for storing the data no longer applies (e.g., after you have canceled your account or are no longer authorized to use this account).

17.5 Exercising your rights

As a user, you have the option to cancel your registration at any time.

18. Status Page

18.1 Description and scope of data processing

If you would like to receive automatic notifications about maintenance work and the status of uniFLOW Online (“status email”) by email, the following data will be processed:

Email address

No further data will be collected. We use this data exclusively for sending the requested status information. We use the service provider OneUpTime (c/o HackerBay, Inc.) based at 2711 Centerville Road, Suite 400, Wilmington, New Castle County, Delaware 19808, United States.

Your data is hosted on data centers in the US.

18.2 Purpose of data processing

The collection of the user’s email address serves to deliver status updates on uniFLOW Online.

18.3 Legal basis for data processing

The legal basis for the processing of data after the user has registered for status updates is Art. 6 (1) (a) GDPR if the user has given his or her consent.

18.4 Duration of storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. The user's email address will therefore be stored as long as the subscription is active.

18.5 Exercising your rights

The affected user can cancel their status updates subscription at any time. A link for this purpose is provided in each status email.

This also allows you to revoke your consent to the storage of personal data collected during the registration process.

19. Emergency Contact

19.1 Description and scope of data processing

Our employees have the option of specifying an emergency contact in order to inform a person from their private environment in the event of an accident or health hazard.

In this context, the following data may be processed:

Name
Relationship to the employee
Phone number
Address
Email address

19.2 Purpose of data processing

The purpose of the data processing is to enable the employer to contact someone from the employee’s private environment as quickly as possible in case of an emergency. Depending on the severity of the accident, the employee may in fact no longer be able to do this himself.

19.3 Legal basis for data processing

The legal basis for the processing of data is Art. 6 (1) (f) GDPR. Our legitimate interest is to reach someone from the employee’s private environment as quickly as possible in case of an emergency.

19.4 Duration of storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected (e.g. the employee leaves the company or states another emergency contact).

19.5 Exercising your rights

You may object the data processing. Whether the objection is successful will be determined by weighing the interests of NT-ware as a data controller and you as a data subject.

20. Webinars

20.1 Description and scope of data processing

We offer webinars about our services and products. You can participate in a webinar if you have previously registered via our website https://web.nt-ware.net/partner/training-certification/webinars/. The following personal data will be requested for this purpose:

Name
Email address
Company
Country

In order to be able to conduct webinars via the internet, we use the software solution GoToWebinar provided by GoTo Technologies Ireland Unlimited Company, 77 Sir John Rogerson's Quay, Block C, Suite 207, Grand Canal Docklands, Dublin 2, D02 VK60, Ireland.

Your data is stored on data centers in the US.

Your personal data may be shared within the NT-ware Group (NT-ware Systemprogrammierungs- GmbH, NT-ware Enterprise Solutions GmbH, NT-ware USA, Inc. and NT-ware Japan Inc.), the Canon Group and, where applicable, with Canon partners. This is for general organization regarding the actual participation of individual employees and follows a strict need-to-know principle, which means that only authorized persons will be granted access to your personal data who actually need it.

20.2 Purpose of data processing

The purpose of the data processing is to conduct webinars you would like to attend.

20.3 Legal basis for data processing

The legal basis for the processing of data is Art. 6 (1) (a) GDPR. Your consent to the processing of your data will be obtained during your registration for the webinar.

20.4 Duration of storage

The data will be deleted after a maximum of two years.

20.5 Exercising your rights

You may revoke your consent at any time.

21. Video Conference Recording

21.1 Description and scope of data processing

In rare cases, we may take the opportunity to record a video conference. You will of course be informed verbally by the organizer during the online conference prior to this intention.

The ability to record important online conferences may be necessary to avoid holding important conferences more than once and to give absent participants (for example, due to illness or conflicting appointments) the opportunity to view them at a later time. In addition, it can be ensured that participants can access the recording independently for review, eliminating the need for further inquiries to the organizer of the online conference. This leads to less workload for both parties (the participant and the organizer of the online conference).

The following personal data will be processed for this purpose:

Name
Email address
Video recordings
Voice recordings

We use the software solution Microsoft Teams for recordings with data centers in the EU. Further information on how Microsoft Teams processes data can be found here: Microsoft Privacy Statement – Microsoft privacy

21.2 Purpose of data processing

The purpose of the data processing is to record important conferences.

21.3 Legal basis for data processing

The legal basis for this data processing is our legitimate interest pursuant to Art. 6 (1) (f) GDPR. We have a legitimate interest in ensuring that work processes run smoothly and effectively and in making the work of both parties significantly easier.

21.4 Duration of storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected (e.g. when the recording of a conference is no longer relevant).

21.5 Exercising your rights

You may object the data processing. Whether the objection is successful will be determined by weighing out the interests of NT-ware and the data subjects.

22. Surveys (especially using Microsoft Forms)

22.1 Description and scope of data processing

From time to time, NT-ware (in particular the Marketing department, Training department and Business Development) conduct surveys or provide special questionnaires which can be addressed internally and externally.
The purpose of the particular survey or questionnaire will be explained in the introductory text. This may involve the processing of personal data about you. The scope of the data processed here depends on the specific survey. Please note that some data can also be provided voluntarily – these fields are marked accordingly. Access to the data you provide follows a strict need-to-know principle, which means that only authorized persons are granted access to your personal data who really need it.

We use Microsoft Forms to conduct surveys with data centers in the EU. Further information on how Microsoft processes data can be found here: Microsoft Privacy Statement – Microsoft privacy

22.2 Purpose of data processing

The purpose of the data processing is to conduct surveys.

22.3 Legal basis for data processing

The legal basis for this data processing is your consent pursuant to Art. 6 (1) (a) GDPR.

22.4 Duration of storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected (e.g. when the survey has been conducted and the results examined).

22.5 Exercising your rights

You may revoke your consent at any time.

23. Rights of data subjects under GDPR

Right to information

(Art. 15 GDPR)

If your personal data is processed, you have the right to obtain information from the controller about the data stored about you (Art. 15 GDPR).

Right to rectification

(Art. 16 GDPR)

You have the right to request the controller to rectify inaccurate personal data concerning you without undue delay and the right to request the completion of incomplete personal data (Art. 16 GDPR).

Right to erasure

(Art. 17 and 18 GDPR)

If the legal requirements are met, you can demand the immediate deletion of your personal data or restriction of processing (Art. 17 and 18 GDPR).

Right to information

(Art. 19 GDPR)

If you have asserted the right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients vis-à-vis the controller (right to information, Art. 19 GDPR).

Right to data portability

(Art. 20 GDPR)

If you have consented to the data processing or if there is a contract for data processing and the data processing is carried out using automated methods, you may have a right to data portability (Art. 20 GDPR). In exercising this right, you also have the right to obtain that the personal data concerning you is transferred directly from one controller to another controller, to the extent that this is technically feasible. The freedoms and rights of other persons must not be impaired by this.

Right to object to processing

(Art. 21 para. 1 GDPR)

You have the right, for reasons relating to your particular situation, to object at any time to the processing of personal data concerning you which is prohibited on the basis of Art. 6 (1) (f) or (e) GDPR; this also applies to profiling based on these provisions. The controller will no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims (Art. 21 (1) GDPR).

Right to object to direct marketing

(Art. 21 (2) GDPR)

If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing, including profiling insofar as it is related to such direct marketing (Art. 21 (2) GDPR). If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes

Right to withdraw consent

(Art. 7 (3) GDPR)

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent before the revocation (Art. 7 (3) GDPR).

Automated individual decision-making, including profiling

(Art. 22 GDPR)

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. In this case, if the legal requirements are met, you have the right to obtain the intervention of a person from the controller, to express your own point of view and to contest the decision (Art. 22 GDPR).

Right to lodge a complaint

(Art. 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of personal data concerning you violates the GDPR (Art. 77 GDPR). The supervisory authority to which the complaint was lodged informs the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.

24. Data subject rights under US data protection laws

The following section applies only to individuals who reside in the states of California, Colorado, Connecticut, Montana, Oregon, Texas, Utah, and Virginia (collectively, “State Residents”). This section provides State Residents with information that is required by the law of the state where they reside (collectively, “Applicable State Privacy Law”).

Subject to any applicable limitations and exceptions, State Residents have the following rights under Applicable State Privacy Laws:

Right to Access/ to Know: You have the right to information about whether we process your personal information, to have access to such information, and certain details about how we use it. If you are a resident of California, you have the right to information about whether we process your personal information, and our collection, use, and disclosure of categories of your personal information. In addition, in lieu of a right to access, you have the right to submit a verifiable request to know specific pieces of your personal information obtained from or about you.

Right to Delete: Except for residents of California and Utah, you have the right to submit a verifiable request to delete personal information that NT-ware has collected from or about you. If you reside in California or Utah, you have the right to submit a verifiable request to delete personal information that NT-ware has collected from you.

Right to Correct: You have the right to submit a verifiable request to correct inaccurate personal information that NT-ware has collected from or about you, taking into account the nature of the personal information and the purposes of processing the personal information.

Right to Data Portability: Except for residents of California, you have the right to obtain from NT-ware, or to ask NT-ware to send to a third party, a copy of your personal information in electronic form that you provided to NT-ware.

Right to Appeal: Except for residents of California, State Residents may also have the right to appeal any decision we make in response to a request to exercise privacy rights. We will inform you of any action taken in response to an appeal, along with a written explanation of the reasons for our decision(s), in accordance with Applicable State Privacy Laws.

Non-Discrimination: NT-ware will not unlawfully discriminate against you for exercising your privacy rights under Applicable State Privacy Laws.

If you reside in Oregon: In addition to the rights described above, you also have the right to obtain, at NT-ware’s option, a list of specific third parties to which we have disclosed either your personal information, or any personal information.

How to Exercise Your Privacy Rights

NT-ware will respond to requests to exercise privacy rights in accordance with Applicable State Privacy Law if NT-ware can verify the identity of the individual submitting the request. You can exercise these rights in the following ways:

Email: privacy@nt-ware.com
Call + 1-631-669-9100

How We Will Verify Your Request

If you submit a request, we match personal information that you provide us against personal information we maintain in our files. The more risk entailed by the request (e.g., a request for specific pieces of personal information), the more items of personal information we may request to verify your identity. If we cannot verify your identity to a sufficient level of certainty to respond securely to your request, we will let you know promptly and explain why we cannot verify your identity.

Authorized Agent

If an authorized agent submits a request to know, correct, or delete on your behalf, the authorized agent must submit with the request a document signed by you that authorizes the authorized agent to submit the request on your behalf. In addition, we may ask you to follow the applicable process described above for verifying your and the authorized agent’s identity. You can submit your authorized agent designation at privacy@nt-ware.com.

25. Additional information for California residents

The California Consumer Privacy Act as amended by the California Privacy Rights Act (the “CCPA”) requires the following additional information for California residents. The information below concerning the collection and disclosure of California residents’ personal information as well as the information above apply to NT-ware’s collection, use, and disclosure of California residents’ personal information during the twelve months preceding the last updated date of this Privacy policy and prospectively.

Notice at Collection

We collect the categories of personal information identified in Section 3 and below for the purposes identified in Section 3, as applicable, and retain personal information for the period described in Section 5, above.

We do not, and will not, sell your personal information or disclose it to third parties for cross-context behavioral advertising (“sharing”). In addition, we have no actual knowledge that we sell or share the personal information of individuals of any age, including the personal information of children under 16. We also do not collect or process sensitive personal information for the purpose of inferring characteristics about you.

Additional information about the categories of personal information we collect

The personal information we collect falls within the following categories of personal information listed in the CCPA:

Identifiers, such as your name and your email address
Professional or Employment-Related Information, such as the company name for your employer or your job title,
Internet or other electronic network activity information, including your IP address, browser type and version, operating system used, and logs of your interactions with our services.

Additional information about disclosures of personal information

We may disclose your personal information to third parties for the following “business purposes” as that term is defined in the CCPA:

Service providers: We may disclose internet or other electronic network activity information as listed above to service providers for the business purpose of performing services on NT-ware’s behalf as described under Section 4.
NT-ware Group members: We may disclose any of the categories of personal information to the NT-ware Group members listed under 4. for the business purposes of: (a) auditing compliance with policies and applicable laws, (b) helping to ensure security and integrity, (c) debugging, (d) short-term transient use, (e) internal research, and (f) activities to maintain or improve the quality or safety of a service or device.

Note on Deidentified Information

At times, we may convert California residents’ personal information into deidentified information using reasonable measures to ensure that the deidentified information cannot be associated with the individual (“Deidentified Information”). We maintain Deidentified Information in a deidentified form and do not attempt to reidentify it, except that we may attempt to reidentify the information solely for the purpose of determining whether its deidentification processes ensure that the information cannot be associated with the individual. We prohibit vendors, by contract, from attempting to reidentify our Deidentified Information.

26. Adaption of the privacy policy

We reserve the right to update this privacy policy from time to time. Updates will be published. Changes apply from the date of publication.