top of page
Normox Logo White

Data privacy

Introduction

We take the protection of the data of users of our website very seriously and are committed to protecting the information users provide to us in connection with the use of our website. We are also committed to protecting and using your data in accordance with applicable law.

This Privacy Policy explains our practices regarding the collection, use, and disclosure of your data through your use of our digital assets when you access the services via your devices.

Please read the Privacy Policy carefully and ensure you fully understand our practices regarding your data before using our services. If you have read and fully understood this policy and do not agree with our approach, you must discontinue the use of our digital assets and services. By using our services, you acknowledge the terms of this Privacy Policy. Continued use of the services constitutes your consent to this Privacy Policy and any amendments to it.

This Privacy Policy will explain:

  • How we collect data

  • What data we collect

  • Why we collect this data

  • With whom we share the data

  • Where the data is stored

  • How long the data is retained

  • How we protect the data

  • How we deal with minors

  • Updates or changes to the Privacy Policy

What data do we collect?

 

Here is an overview of the data we may collect:

  • Unidentified and non-identifiable information you provide during the registration process or that is collected via the use of our services (“non-personal data”). Non-personal data does not allow us to identify the individual it was collected from. This data primarily consists of technical and aggregated usage information.

  • Individually identifiable information, i.e., data that can identify you or could be used to identify you with reasonable effort (“personal data”). The personal data we collect through our services may include information such as names, email addresses, postal addresses, phone numbers, IP addresses, and more. If we combine personal data with non-personal data, we will treat the combined information as personal data for as long as it remains combined.

How do we collect data?

 

Below are the main methods we use to collect data:

  • We collect data when you use our services. When you visit our digital assets and use our services, we may collect, record, and store such usage, sessions, and related information.

  • We collect data that you provide to us voluntarily, such as when you contact us directly via a communication channel (e.g., when you send us an email with a comment or feedback).

  • We may collect data from third-party sources as described below.

  • We collect data that you provide when you log in to our services via a third party such as Facebook or Google.

Why do we collect this data?

We may use your data for the following purposes:

  • To provide and operate our services;

  • To further develop, customize, and improve our services;

  • To respond to your feedback, requests, and inquiries, and to provide support;

  • To analyze demand and usage patterns;

  • For other internal, statistical, and research purposes;

  • To improve our data security and fraud prevention capabilities;

  • To investigate violations and enforce our terms and policies, and to comply with applicable laws, regulations, or legal requirements;

  • To send you updates, news, promotional materials, and other information related to our services. You can opt out of promotional emails by clicking the unsubscribe link in such emails.

With whom do we share your data?

 

We may share your data with our service providers to operate our services (e.g., storing data via third-party hosting services, providing technical support, etc.).

 

We may also disclose your data in the following circumstances: (i) to investigate, detect, prevent, or address illegal activities or other wrongdoing; (ii) to establish or exercise our rights of defense; (iii) to protect our rights, property, or personal safety, and that of our users or the public; (iv) in the event of a change of control at our company or one of our affiliates (e.g., through merger, acquisition, or asset sale); (v) to collect, hold, and/or manage your data through authorized third-party service providers (e.g., cloud service providers) as appropriate for business purposes; (vi) to collaborate with third parties to improve your user experience. For the avoidance of doubt, we may transfer or share non-personal data at our discretion.

 

When you visit or access our services, we authorize third parties to use web beacons, cookies, pixel tags, scripts, and other technologies and analytics services (“tracking technologies”). These may allow third parties to automatically collect your data to enhance your navigation experience, optimize our digital assets’ performance, and ensure a tailored user experience, as well as for security and fraud prevention purposes.

 

We will not share your email address or other personal data with advertising companies or networks without your consent.

 

We may display advertisements on our services and digital assets (including websites and applications that use our services), which may be tailored to you, for example, based on your recent browsing behavior across websites, devices, or browsers. To deliver these ads, we may use cookies, JavaScript, web beacons (including clear GIFs), HTML5 local storage, and other technologies. We may also use third parties such as network advertisers to serve ads tailored to your interests. These third parties may use cookies and similar technologies to measure ad effectiveness and personalize advertising content. The use of such technologies by these third parties is governed by their own privacy policies, not ours.

Where do we store the data?

 

Non-personal data:
Please note that we and our trusted partners and service providers are located around the world. For the purposes described in this Privacy Policy, we store and process all non-personal data we collect in various jurisdictions.

 

Personal data:
Personal data may be maintained, processed, and stored in the United States, Ireland, South Korea, Taiwan, Israel, and other jurisdictions as necessary for the proper delivery of our services and/or as required by law.

How long do we retain the data?

We retain the collected data for as long as necessary to provide our services, comply with our legal and contractual obligations to you, resolve disputes, and enforce our agreements. We may correct, complete, or delete inaccurate or incomplete data at our discretion at any time.

How do we protect the data?

The hosting service for our digital assets provides us with the online platform through which we offer our services. Your data may be stored through our hosting provider’s data storage, databases, and general applications. They store your data on secure servers behind a firewall and offer secure HTTPS access to most areas of their services.

All payment options offered by us and our hosting provider for our digital assets comply with the PCI-DSS (Payment Card Industry Data Security Standard) as managed by the PCI Security Standards Council – a joint effort of brands like Visa, MasterCard, American Express, and Discover. PCI-DSS requirements help ensure secure handling of credit card information by our shop and its service providers.

Regardless of the measures and efforts we take, we cannot and do not guarantee the absolute protection and security of the data you upload, post, or otherwise share with us or others.

Therefore, we encourage you to set strong passwords and avoid providing us or others with any sensitive information whose disclosure could cause you significant or lasting harm. Email and instant messaging are not recognized as secure communication forms, so please do not share confidential information through these channels.

How do we deal with minors?

 

The services are not intended for users who are not of legal age. We do not knowingly collect data from children. If you are underage, do not use or download the services or provide us with any personal data.

We reserve the right to request proof of age at any time to verify that minors are not using our services. If we become aware that a minor is using our services, we may prohibit and block access and delete any data stored about that user. If you believe a minor has provided us with personal data, please contact us as indicated below.

We only use your personal data for the purposes set out in this Privacy Policy and only if we believe that:

  • the use of your personal data is necessary to perform or enter into a contract (e.g., to provide you with the services or customer or technical support);

  • the use of your personal data is necessary to comply with legal or regulatory obligations; or

  • the use of your personal data is necessary to support our legitimate business interests (provided that such use is always proportionate and respects your privacy rights).

 

As an EU resident, you may:

  • Request confirmation as to whether or not personal data concerning you is being processed and access your stored personal data and related information;

  • Request to receive personal data you provided to us in a structured, commonly used, and machine-readable format;

  • Request the correction of your personal data stored by us;

  • Request the deletion of your personal data;

  • Object to the processing of your personal data;

  • Request the restriction of the processing of your personal data; or

  • Lodge a complaint with a supervisory authority.

 

Please note, however, that these rights are not absolute and may be subject to our own legitimate interests and regulatory requirements. If you have general questions about the data we collect and how we use it, please contact us as set out below.

 

In the course of providing the services, we may transfer data across borders to affiliates or other third parties and from your country/jurisdiction to other countries/jurisdictions worldwide. By using the services, you consent to the transfer of your data outside the EEA.

If you are located in the EEA, your personal data will only be transferred to locations outside the EEA if we are satisfied that an adequate or comparable level of protection of personal data exists. We will take appropriate steps to ensure we have suitable contractual arrangements with our third parties to ensure adequate safeguards are in place to minimize the risk of unlawful use, alteration, deletion, loss, or theft of your personal data, and that such third parties act at all times in compliance with applicable laws.

Updates or changes to the Privacy Policy

 

We may revise this Privacy Policy at our discretion from time to time. The version published on the website is always the most current (see “Last updated” information). Please review this Privacy Policy regularly for any changes. If there are significant changes, we will post a notice on our website. Your continued use of the services after such notification constitutes your acknowledgment and acceptance of the revised Privacy Policy and your agreement to be bound by its terms.

Contact

 

If you have general questions about the services or the data we collect and how we use it, please contact us:

 

Tim Barth

Kufsteiner Straße 1

70329 Stuttgart (Germany)

tim.barth@normox.com

bottom of page