Privacy Policy

This Privacy Policy applies to Noriware AG (Industriestrasse 19, 5242 Lupfig, Switzerland) and all its worldwide Affiliates (“we“, “Noriware”). It governs the handling of information and personal data we collect from our customers, partners, suppliers and other online users (“you”, “User”) in connection with our business, including the provision of our website (“Website”), and our products and services, and support services (together referred to as “Services”).

Noriware reserves the right to amend this Privacy Policy anytime at its own discretion. The User will be appropriately notified of such changes by being required to agree to the new privacy policy (opt-in) the next time the Services are used, or the Website is accessed.

Why do we collect Information and Personal Data?

In general, we collect your information and personal data in order to provide our Website and Services in the most consistent, efficient and user-friendly manner possible. Personal data is only processed with the consent of the Users, unless there is another valid lawful basis for processing data.

We collect personal data and information in particular to:

  • fulfill our contractual obligations with you
  • fulfill our obligations regarding our Services
  • provide you with communications such as information about our Services, updates of standard agreements like this privacy policy, or the status of an order
  • send you payment reminders and receive payments for our Services
  • enable you to communicate with us, respond to your e-mails and deal with other requests
  • process job applications
  • improve the usability of our Website and Services
  • improve and optimize the operation and performance of our Websites and Services
  • diagnose problems, errors and security risks in our Services and on our Website
  • prevent fraud and other abuse of our Services, systems and Website
  • comply with the applicable laws and regulations

When using our Website or Services you generally have choices regarding the information and personal data you wish to share with us. When we ask for such data, you can always decline to provide it. However, parts of our Services or Website require certain personal data for the proper execution and use of the functions of the Services or Website. Therefore, if you refuse to provide us with the necessary information, you will unfortunately not be able to make full use of the Services or Website.

Each time you access our Website, our system automatically collects data and information from the computer system of the accessing computer. Information on this can be found in our Cookie Notice.

Whose Personal Data do we process?

We collect and process Personal Data in particular about the following individuals:

  • Website Users: When browsing or contacting us via our Website
  • Service Users: When using our Services
  • Personnel working for customers, partners and suppliers: If the organization you work for uses our Services or otherwise has a business relationship with us, we may process your data, including in particular data included in emails, call communications or data recorded in any related documentation.
  • Event attendees: If you register for or attend one of our events or webinars, we will process personal data about you in connection with your attendance at the event.
  • Recipients of Marketing Communications and Surveys
  • Job Applicants
  • Employees and Contractors

What type of Personal Data do we process?

In general, we may process the following personal data: 

  • Email address
  • IP Address
  • Name
  • Company name and business address
  • Telephone number
  • Billing and payment information
  • Educational background and employment experience for job applications

When you visit our Website, we also collect information such as your browser type and access times. For more information on the cookies we use, please visit our Cookie Notice.

When do we collect your Information and Personal Data?

In general, we may ask for information and personal data when you:

  • use our Website
  • use our Services
  • request quotes, Services, support, downloads, trials or general information
  • place orders for Services
  • are working for one of our customers, partners or suppliers
  • make payments
  • register for / attend events
  • subscribe to newsletters, programs, promotional emails, or other marketing collateral
  • apply for a job or submit your CV
  • visit our offices
  • contact us in general

How do we keep your Personal Data safe?

We take all reasonable steps to protect your information and personal data from misuse, interference and loss, as well as unauthorized access, modification or disclosure. The ways we do this include:

  • encryption when collecting or transferring sensitive personal data
  • limitation of physical access to our premises and devices
  • limitation of access to the information we collect about you
  • limitation of access on a strict need-to-know basis
  • maintenance of appropriate security safeguards
  • deletion or anonymisation of personal data where required by law or by you (where permitted by the applicable law)
  • signature of strict confidentiality agreements with all employees, partners and third parties we may disclose your personal data to
  • encryption, wherever possible, if personal data is transferred outside the EEA, Switzerland or the UK

If you wish to receive more information about the data security measures at Noriware please contact info@noriware.com to the attention of our Data Protection Officer.

Who may we disclose your Personal Data to?

General. We do not share your personal data with third parties, unless this is necessary to fulfil the purpose for which the data was collected, for example to fulfil contractual obligations, to respond to your enquiries, for our professional or legitimate business purposes or because of legal requirements. Personal data may be disclosed to or processed by the third parties listed below, where strictly necessary, for the purposes set out above and in accordance with applicable data protection laws. This list is non-exhaustive and there may be circumstances where we need to share personal data with other third parties.

  • Noriware Employees. All Noriware employees including, if applicable, third party contractors, are bound by strict confidentiality undertakings as part of their contract.
  • Third Party Suppliers. Third party suppliers assist Noriware with its general internal business operation or the provision of aspects of the Services. Our suppliers are given access to User information and personal data only as reasonably necessary to provide the Services and will be subject to confidentiality obligations in their service agreements. Some of our main current third party suppliers are:  Google (collaboration tool, customer relationship management and hosting infrastructure); Hubspot (cloud-based CRM system; https://legal.hubspot.com/privacy-policy); MailChimp (cloud-based marketing, automation and mail platform https://www.intuit.com/privacy/statement/).
  • External recruiters, and related organizations such as third-party providers that undertake employee background checks on our behalf.
  • Auditors, lawyers, accountants and other professional advisers who advise and assist us in relation to the lawful and effective management of our organization and in relation to any disputes we may become involved in.
  • Law enforcement or other government and regulatory agencies and bodies or other third parties as required by, and in accordance with, applicable laws or regulations. In certain situations, Noriware may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
  • Other third party providers as set out in our Cookie Notice.

We do not permit our third party providers to use the personal information that we share with them for their marketing purposes or for any other purpose other than in connection with the services they provide to us.

Where do we keep your Personal Data?

Noriware Locations. Data is generally processed by Noriware within the EEA, Switzerland and the UK. Switzerland and the UK have been approved by the EU Commission as countries which ensure an adequate level of protection according to Art. 45 GDPR.

Third Country Transfers. When making any transfers of personal data from the EEA to countries which do not hold a valid adequacy decision by the EU Commission, we will comply with our legal and regulatory obligations in relation to your personal data, including having a lawful basis for transferring personal data and putting appropriate safeguards in place to ensure an adequate level of protection for the personal data. We will take reasonable steps to ensure the security of your personal data in accordance with applicable data protection laws.

How long do we keep your Personal Data for?

General. The personal data of Users will be deleted when the original purpose of the processing no longer exists. Noriware will retain personal data as long as necessary (i) to comply with applicable legal obligations, (ii) for legal and litigation purposes, (iii) to maintain accurate financial records and other records, (iv) to deal with complaints, and (v) to enforce contractual agreements. Personal data will be deleted as soon as these retention requirements cease to apply.

What are your rights?

Right to be Informed and Right of Access. You have the right, at any time, to request information about the personal data we keep of you. You have the right to request information on your personal data available to us in electronic form and, where necessary, request rectification should your personal data not be up to date or inaccurate.

Right to rectification. You have the right to request the rectification of your personal data if it is inaccurate or incomplete.

Right of Erasure. You have the right, at any time, to request that we securely and permanently delete your personal data available to us. Please note that if you request deletion of personal data that is required to provide the Website or Services then you may not be able to use the Website or Services. If your personal data is not strictly necessary for the provision of the Website or Services, you may request that such personal data be permanently and securely deleted.

Right to Restrict Processing. You can ask us to “block” or suppress the processing of your personal data available to us in certain circumstances such as where you contest the accuracy of that personal data or you object to us processing it for a particular purpose. This may not mean that we will stop storing your personal data but, where we do keep it, we will tell you if we remove any restriction that we have placed on your personal data stopping us processing it further.

Right to data portability. You have the right to receive the personal data concerning you, which you have provided us, in a structured, commonly used and machine-readable format, where the processing is based on consent or on the performance of a contract and the processing is carried out by automated means. You can ask us to transmit this data directly to another controller, where technically feasible.

Right to Object. You can ask us to stop processing your personal data, and we will do so, if we are (i) relying on our own or someone else’s legitimate interest to process your personal data, except if we can demonstrate compelling legal grounds for the processing, or (ii) processing your personal data for direct marketing purposes.

Rights relating to automated decision making and profiling. You have the right to object to decisions based solely on automated processing and to question the decision made about you by a computer. You can have any decisions explained to you and also ask for a person to be involved in the decision making, particularly if the decision has a significant effect on you. You cannot object to automated decision making, including profiling, if it is required for a contract you have entered into, it is required by law or you have given explicit consent.

Right to Withdraw Consent. If we have collected and processed your personal data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent.

Legal Restrictions. In some cases, your ability to access or control your personal data will be limited, as required or permitted by the applicable law.

Complaint. You have the right to lodge a complaint with the competent supervisory authority:

Switzerland: Swiss Federal, Data Protection, and Information Commissioner, Feldeggweg 1, 3003 Berne; For more information, please refer to: https://datenschutz.ch/die-datenschutzbeauftragte

Requests

If you wish to receive information on the personal data we keep of you, or would like any actions performed in accordance with your rights set out above, please send an email to info@noriware.com to the attention of our Data Protection Officer with the subject “Data Subject Request” as well as your company reference and/or name. Your request will be dealt with in due course and in any case within twenty days of receipt of such a request. Should Noriware only be the data processor of your personal data, then Noriware will forward your request to the data controller as soon as reasonably practicable.

Representatives

Noriware AG, Industriestrasse 19, 5242 Lupfig, Switzerland; Contact Person: Jessica Farda

Applicable Law and Jurisdiction

Subject to mandatory legal provisions, this Privacy Policy shall be governed by the substantive laws of Switzerland without further reference to its conflicts of law rules and to the exclusion of all and any international conventions. Any dispute arising out of or with respect to this Privacy Policy shall be subject to the jurisdiction of the competent courts in the canton of Aargau, Switzerland.

 

6. January 2025

-0m