Data Privacy

We apologize for the inconvenience. 

This page is currently being updated due to the acquisition of the water division of Norma Group (NDS + TECO) by ADS, effective February 2, 2026, and the related transition period. An improved version of this page will be available soon.

For any questions regarding Data Privacy or your personal data, please contact: infoemea@ndspro.com

Thank you for your understanding.

1. General Information

The following information provides a simple overview of what happens to your personal data when you visit our website. Personal data is all data with which you can be personally identified.

1.1 Name and contact details of the person responsible

The Controller according to Art. 4 (7) of the EU General Data Protection Regulation (hereinafter "GDPR") is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, email addresses, etc.).

You can ask for information about the Controller via the following email: infoemea@ndspro.com.

The Controller responsible for the processing on this NDS EMEA website is:

TECO Srl

Trav. S.P. 130 Trani-Andria - Km 1.800

76125 Trani (BT)

Italy

Email: infoemea@ndspro.com

1.2 Contact Details of the Data Protection Officer

The Controller is part of TECO, we have appointed a Data Protection Officer for TECO Srl.

You can reach our Data Protection Officer at:

Address:

TECO Srl

Trav. S.P. 130 Trani-Andria - Km 1.800

76125 Trani (BT)

Italy

Email: infoemea@ndspro.com

1.3 Processing of Personal Data

Data collection

On the one hand, your data is collected when you provide it to us. This may, for example, be data that you enter in a contact form. Other data is collected automatically by our IT systems when you visit the website. This is primarily technical data (e.g. information on the Internet browser, operating system or time of the page visit). This data is collected automatically as soon as you access our website.

Use of data

Some of the data is collected to ensure that the website is provided without errors. Other data may be used, for example, to communicate with you or to analyse your usage behaviour.

Analysis tools

When you visit our website, your usage behaviour may be statistically evaluated. This is mainly done using so-called analysis tools. The analysis tools are only used if you consent to their use. You can revoke your consent at any time with effect for the future without incurring any costs. You can find detailed information on this in the following Data Protection Notice. Further information on this topic can be found at Section 3.4 Analysis Tools and Advertising.

Legal basis

The processing of personal data is only lawful if this is permitted by law, i.e. if there is a legal basis, or if the person has consented. The following legal bases may come into consideration:

  • Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6(1) lit. a GDPR serves as the legal basis.
  • When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6(1) lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
  • Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6(1) lit. c GDPR serves as the legal basis.
  • In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6(1) lit. d GDPR serves as the legal basis.
  • If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6(1) lit. f GDPR serves as the legal basis.
     

Data processing for Contractual Purposes

Our services are primarily aimed at tradespersons. Therefore, when processing personal data for Contractual Purposes, the legal basis is (unless otherwise specified in individual cases),

1. if you are a registered merchant or freelancer, Art. 6(1) lit. b GDPR, the data processing is for the purpose of performing the contract or pre-contractual measures with the data subject; or

2. if you act as an employee of a company, e.g. as an employee in purchasing, Art. 6(1) lit. f GDPR, the legitimate interest of the controller, which is defined in section 1.1. The legitimate interest of the controller consists in the sale of its own goods and services, which is based in particular on entrepreneurial freedom and freedom to choose an occupation.

Within the scope of this processing purpose, we summarize data that is stored and processed in our central systems due to interactions of customers or interested parties and their employees with us via the various communication channels and also use the data when contacting you via another communication channel.

For the sake of simplicity, the term "data processing for Contractual Purposes" is used below.

Potential recipients of data

The potential recipients of transferred personal data are

  • public bodies, insofar as a legal obligation exists,
  • service providers and other business partners, insofar as this is necessary to fulfil the respective purpose and a legal provision permits or requires this or the data subject has consented.
     

Transfer to third countries or international organizations

If we transfer your data to a third country (countries that are not member states of the European Economic Area (EEA)) or to an international organization, we will provide you with the information required for this case.

Standard retention periods for the deletion of data

The deletion of personal data is carried out in accordance with Regulation (EU) 2016/679 (GDPR), as well as with the applicable legal or contractual provisions in Italy regarding data retention and deletion, taking into account the legal retention obligations.

The retention periods established may extend up to ten years from the end of the contractual or pre-contractual relationship, particularly for tax and accounting purposes.

In addition, other legal provisions may require longer retention periods, for example, for the preservation of evidence in accordance with the limitation periods established under Italian law. The standard limitation period is ten years, although in certain cases shorter or longer periods may apply.

Personal data that is not subject to a legal or contractual retention requirement is deleted once it is no longer necessary for the purpose for which it was collected.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the controller. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your address bar of your browser. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

1.4 Rights of the Data Subjects

As a data subject, you have a variety of rights regarding data protection. These rights are explained below. The abovementioned contact details can be used to exercise these rights.

1.4.1 Right of access (Art. 15 GDPR), rectification (Art. 16 GDPR), restriction of processing (Art. 18 GDPR) and erasure (Art. 17 GDPR)

You have the right to access your personal data at any time within the framework of the applicable legal provisions:

  • a right to free information about your personal data stored by the controller, its origin and recipients and the purpose of the data processing (this also includes the right to a one-time copy of your personal data stored by us free of charge). We reserve the right to charge a reasonable administrative fee for the creation of subsequent copies),
  • a right to rectification (this also includes the right to have incomplete personal data completed),
  • a right to restriction of processing (processing of this data is then only allowed with your consent or for a few legally defined purposes),
  • a right to erasure. If we have published your data, this also includes our obligation to forward your deletion request to other controllers responsible for processing this published personal data within the framework of the "right to be forgotten" in accordance with Art. 17(2) GDPR, taking into account available technology and implementation costs.
     

1.4.2 Right to object (Art. 21 GDPR)

You have the right to object to the processing of your data if the data processing is carried out based on Art. 6(1) lit. f GDPR or for direct marketing purposes. In the event of an objection to the processing of your personal data, we will examine your objection on a case-by-case basis. If we are obliged to delete your personal data due to your objection under data protection law, we will delete your data taking into account statutory retention obligations. The objection does not affect the permissibility of the processing carried out prior to the objection.

1.4.3 Right to data portability (Art. 20 GDPR)

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract transferred to yourself or to a third party in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only take place if it is technically feasible.

1.4.4 Information on the obligation to disclose data

You have the right to know whether the provision of personal data is required by law or contract or is necessary for the conclusion of a contract and what the possible consequences of not providing the data would be.

1.4.5 Right to lodge a complaint with the competent supervisory authority

You have the right to lodge a complaint with a supervisory authority if you believe that one of your rights has been violated. For this purpose, you can contact the supervisory authority in the respective country or the respective member state of the European Union. However, you can also contact, for example, the supervisory authority of your usual place of residence, your place of work or the place of the suspected infringement. A list of data protection supervisory authorities and their contact details can be found under the following links:

EU: English: https: //edpb.europa.eu/about-edpb/about-edpb/members_en

1.4.6 Revocation of your consent to data processing

Some data processing operations are only possible with your consent. You can withdraw your consent at any time. All you need to do is send a message in any written form, e.g. by email, to one of the abovementioned contact details. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

1.4.7 Use of your data for (direct) marketing purposes

Irrespective of your subscription to our newsletter, we may use your data, in particular your email address, for (direct) marketing purposes. We will only use your data for this purpose if you have not objected to this. We would like to point out that you can object to the use of your data for (direct) marketing purposes at any time, without incurring any costs other than the transmission costs at the basic rates.

1.4.8 Automated decision-making including profiling

You have the right to obtain information on the existence of automated decision-making, including profiling, in accordance with Art. 22(1) and (4) GDPR and, if applicable, relevant information on the logic involved and the scope and intended effects of such processing for you.

2. Data Collection on our Website

(1) In the following, we provide information about the collection of personal data when using our website.

(2) When you contact us by email or via a contact form, the data you provide (your email address, (if applicable, your name and telephone number), Microsoft Bookings: email address, first name and surname, (if applicable, your telephone number, your address and your comments)) will be stored by us in order to answer your questions. We delete the data arising in this context after storage is no longer required, or restrict processing if there are statutory retention obligations.

(3) When using the website for informational purposes only, i.e. if you do not register or otherwise provide us any information, we only collect the personal data that your browser transmits to our server. When you visit our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability and security (the legal basis for this is Art. 6(1) sentence 1 lit. f GDPR :

  • IP address
  • Hostname
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Access status/HTTP status code
  • Amount of data transferred in each case
  • Website from which the request comes (referrer)
  • The specific pages you visit on our website
  • Browser: Type, version and set language
  • Operating system: type and version
  • In case JavaScript is activated, also:
  • Screen resolution
  • Color depth
  • Size of the browser window
  • Installed browser plugins
     

3. Use of Cookies

(1) Also, in addition to the data processing mentioned above, cookies are stored on your computer when you use our website. Cookies are small pieces of text information that can be used by websites to increase user-friendliness.

(2) The use of cookies is permitted without your consent if they are absolutely necessary for the operation of this website. For all other types, we require your consent in advance.

(3) To fulfill these requirements, we use the "Cookiebot" solution from the provider Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark on our website. This gives you the choice of whether to allow cookies from the categories of preferences, statistics and marketing in addition to the cookies required for the operation of our website. You can obtain a detailed overview of the cookies used and how long they are stored by clicking on the "Details" button in the consent banner. You can access the consent banner in the footer area of our website. You can find more information about Cookiebot at the following website Cookiebot .

(4) a) This website uses the following types of cookies, the scope and function of which are explained below:

  • Transient cookies (see b))
  • Persistent cookies (see c))
  • Flash cookies (see f))
     

b) Transient cookies are automatically deleted when you close the browser. These include session cookies in particular. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. The session cookies are deleted when you log out or close the browser.

c) Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete the cookies in your browser settings at any time.

d) You can configure the settings of your browser according to your wishes and, for example, refuse to accept third-party cookies ("third party cookies" are cookies that are set by a third party and therefore not by the actual website you are currently visiting) or all cookies. We would like to point out that you may then not be able to use all the functions of this website.

e) We use cookies to identify you for subsequent visits if you have an account with us. Otherwise you would have to log in again for each visit.

f) The Flash cookies used are not recorded by your browser, but by your Flash plug-in. We also use HTML5 storage objects, which are stored on your end device. These objects store the required data independently of the browser you use and do not have an automatic expiration date. You can configure the setting and deletion of Flash cookies via the Adobe Flash Player settings manager. Alternatively, if you do not want Flash cookies to be processed, you can install a corresponding add-on, e.g. for Mozilla Firefox ( Privacy & Security - Firefox Add-ons ) or the Cookie Killer for Google Chrome. You can prevent the use of HTML5 storage objects by setting your browser to private mode.

4. Other Services on our Website

4.1 General information

(1) In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us and are bound by our instructions. Further details on the respective processing can be found in the individual sections below.

(2) Furthermore, we may pass on your personal data to third parties if we offer participation in promotions, competitions, contracts or similar services together with partners. You will receive more detailed information on this when you provide your personal data as part of your registration or in the description of the respective offer below.

(3) If our service providers or partners are based in a third country (country outside the European Economic Area (EEA)), we will inform you about the consequences of this circumstance in the description of the respective offer.

4.2 Analysis Tools and Advertising

4.2.1 Google Analytics

(1) This website uses the analysis tool "Google Analytics", a web analysis service of Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter "Google Ireland"). Google Analytics uses so-called "cookies", text information that is stored on your computer and enables us to analyze your use of the website. Furthermore, Google Analytics enables a cross-device analysis of visitor flows, which is carried out via a user ID. You can deactivate the cross-device analysis of your use in your Google customer account in the "My data" menu under "Personal data". The information generated by the use of cookies about your use of this website is usually transferred to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (hereinafter "Google LLC") in the USA and processed there. This website uses Google Analytics with the extension "anonymizeIp()". This means that IP addresses are further processed in abbreviated form. However, if IP anonymization is activated on this website, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Google Ireland will use this information on our behalf to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage.

(2) The use of Google Analytics for the statistical analysis of the use of our website is based on your consent in accordance with Art. 6(1) lit. a GDPR and § 25(1) TDDDG (German Telecommunications Digital Services Data Protection Act).

(3) The transfer of personal data to the USA is based on the EU-U.S. Data Privacy Framework, according to which Google LLC is certified.

(4) Further information on Google Analytics can be found in the data protection notices of Google Ireland and Google LLC at: Google Data Protection Notice .

(5) You can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google Ireland and the processing of this data by Google Ireland by not giving us your consent. However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.

You can obtain a detailed overview of the cookies used and how long they are stored by clicking on the "Details" button in the consent banner. You can access the consent banner in the footer area of our website. You can revoke your consent at any time in the Consent Manager. In this case, your decision will be saved in the form of a cookie. If you delete your cookies, this cookie will also be deleted. When you visit our website again, you will be asked again whether cookies may be used for web analysis. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

4.2.2 QBank

(1) We use the "QBank" service of the provider QBNK Company AB, Vasagatan 28, 111 22 Stockholm, Sweden (hereinafter "QBNK"). QBank is a web-based storage and management system for images and other files, which we use to display images on our websites.

(2) The following categories of personal data are processed in the context of the use of QBank:

  • Log files, log data
  • Metadata (e.g. IP address)
  • Content data (content of documents, photos, videos, audio, etc.)

(3) The processing of personal data with QBank is based on our legitimate interests (Art. 6(1) lit. f GDPR). Our legitimate interest in processing is to maintain an appealing and efficient digital company presentation to our employees, applicants, interested parties, customers, suppliers, service providers and other business and communication partners. These interests are derived from our right to entrepreneurial freedom and freedom to choose an occupation.

(4) The data processed in connection with the use of QBank will be deleted as soon as it is no longer required to achieve the purpose for which it was collected.

(5) QBNK processes the personal data on our behalf; we have concluded an data processing agreement with QBNK.

 

4.5 Plugins and Tools

4.5.1 Google reCAPTCHA

(1) In order to ensure sufficient data security when submitting forms, we use the "reCAPTCHA" service of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (hereinafter "Google LLC") on our websites in certain cases. This is primarily used to distinguish whether the input is made by a natural person or abusively by machine and automated processing. The service includes sending the IP address and any other data required by Google for the reCAPTCHA service to Google LLC. The deviating data protection provisions of Google LLC apply here.

Google reCAPTCHA uses Google Fonts, also a service of Google LLC, which provides fonts for websites.

(2) The use of Google reCAPTCHA (incl. Google Fonts) to prevent misuse of our website is based on your consent in accordance with Art. 6 (1) lit. a GDPR.

(3) The transfer of personal data to the USA is based on the EU-U.S. Data Privacy Framework, according to which Google LLC is certified ( Data Privacy Framework ).

(4) Further information on reCAPTCHA can be found in Google LLC's privacy policy under Google Data Protection Notice .

4.5.2 Google Web Fonts

This site uses so-called web fonts provided by Google for the uniform display of fonts. When you access a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. For this purpose, the browser you are using must connect to Google's servers. This informs Google that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6(1) lit. f GDPR. If your browser does not support web fonts, a standard font will be used by your computer. You can find more information about Google Web Fonts at Google Fonts FAQ and in Google's privacy policy: Privacy Policy .

4.5.3 Adobe Typekit Web Fonts

This site uses so-called web fonts provided by Adobe Typekit for the uniform display of fonts. When you access a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. For this purpose, the browser you are using must connect to the Adobe Typekit servers. This gives Adobe Typekit knowledge that our website has been accessed via your IP address. The use of Adobe Typekit Web Fonts is in the interest of a uniform and appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6(1) lit. f GDPR. If your browser does not support web fonts, a standard font will be used by your computer. Further information on Adobe Typekit Web Fonts can be found in Adobe's privacy policy .

4.5.4 YouTube

(1) We have integrated YouTube videos into our online offering, which are stored on www.youtube.com and can be played directly from our website. The provider is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter "Google Ireland"). When using YouTube, personal data may also be transmitted to Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (hereinafter referred to as "Google LLC") in the USA.

(2) YouTube videos on our website are all integrated in "extended data protection mode", i.e. no data about you as a user is transferred to YouTube if you do not play the videos. Data is only transferred when you play the videos. We have no influence on this data transfer. You will be explicitly informed again before the transfer that your data will be transferred to YouTube when you play the video. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your data to be associated to your profile at YouTube, you need to log out of your Google account prior playing the video. YouTube will store your data as user profiles and use them for the purposes of advertising, market research and/or the needs-based design of its website. You have the right to object to the creation of these user profiles, whereby you must contact Google Ireland to exercise this right.

(3) The use of YouTube to display videos on our website is based on your consent in accordance with Art. 6(1) lit. a GDPR. You can obtain an overview of your consent to optional services via the "Details" button in the consent banner. You can access the consent banner in the footer area of our website. You can revoke your consent at any time in the Consent Manager. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

(4) The transfer of personal data to the USA is based on the EU-U.S. Data Privacy Framework, according to which Google LLC is certified ( Data Privacy Framework ).

(5) Further information about YouTube can be found in the privacy policies of Google Ireland and Google LLC under Google Data Protection Notice and the YouTube Terms of Service .

4.5.6 Typeform

(1) We use the services of Typeform on this website. In doing so, we are pursuing our interest in increasing the attractiveness of our website by offering you interactive forms on our website. The legal basis for the use of the plug-in is Art. 6(1) sentence 1 lit. f GDPR.

(2) By visiting our website and participating in surveys, ratings & competitions and forms, data entered there will be stored and processed by Typeform on our behalf. The user's IP address, information on the time and duration of use and the information provided by the user in the forms are transmitted.

(3) Further information can be found in the privacy policy of the provider Typeform, Carrer Bac de Roda, 163, 08018 Barcelona, Spain, available at Typeform Terms and at What happens to my data?

 

4.5.8 Google Tag Manager

(1) This website uses Google Tag Manager. Google Tag Manager is a solution that allows marketers to manage website tags via an interface. The Google Tag Manager only implements tags. The Tag Manager is a cookie-less domain. This means that no cookies are used and no personal data is collected. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If deactivation has been carried out at domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager. Privacy policy: Usage guidelines for Google Tag Manager .

(2) You may block the use of cookies by selecting the appropriate settings in your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie related to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the Google Analytics Opt-out Browser Add-on .

More information about Google Tag Manager can be found at the following link: https://www.google.en/analytics/terms/tag-manager/ .

5. Social Networks

5.1 General information

(1) We operate profiles on social networks to present our company and to communicate with customers and interested parties. In the following, we will inform you about the associated processing activities.

(2) Social networks enable us to present our company to people who have an account with the social network (hereinafter "user") and to all visitors to our profiles without an account with the social network (hereinafter "guest"). Furthermore, customers and interested parties can contact us via this profile. Our profiles and posts can generally be viewed by users and guests (hereinafter users and guests are referred to collectively as "visitors"). If you comment on our posts or send us a message, this data is stored by the social network and can be viewed by us. We can reply to your comment or message. In the case of posts, your comment and our reply may be visible to all users of the social network or even to all visitors.

(3) When you access our profile, the social network can save and evaluate your access and all other interactions you have on the social network's website. This data is made available to the profile owners as statistics and further processed by the social networks for advertising purposes, among other things.

If you have an account with the social network and are logged in when you visit our profile, the provider of the social network can link your interactions with our profile to your account data and process them further. However, it is also possible that data about your interactions with our profile may be stored by the social network for the duration of your visit and processed for further purposes if you are not logged in there or do not have an account. In this case, an assignment can be made, for example, through the use of cookies, small text files that are stored on your device, or in connection with your IP address.

(4) The purpose of data processing is generally to create a profile of the visitor's interests and to use these profiles for advertising purposes. If a person visits certain websites, information about this visit is analysed and the provider assigns interests to the visitor. Based on the assigned interests, the visitor is shown advertisements. Interest-based advertisements can be displayed by the provider both within and outside the websites of the social network.

(5) Assertion of your rights as a data subject

For requests for information or to assert your other rights as a data subject, we recommend that you contact the provider directly, as only the provider has full access to the data that is processed in connection with accessing our profile or interacting with us on the social network. You can find the social networks' contact information for exercising your rights as a data subject under "Information on the social networks we use". In the case of data processing where the provider of the social network and we are jointly responsible, you also have the right to assert your rights as a data subject against us. In such a case, we will forward your request to the social network insofar as the request concerns data or processing activities that are processed by the social network.

(6) Below you will find further information on the processing activities of the individual social networks we use and the existing objection options:

 

5.3 Information about other social networks we use:

LinkedIn:

Provider

LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland

Website

https://www.linkedin.com/

Privacy policy

https://www.linkedin.com/legal/privacy-policy

 

5.5 integration of LinkedIn

Functions and content of the LinkedIn network, offered by LinkedIn Corporation, 2029 Stierlin Cout, Mountain View, CA 94043, USA, may be integrated into our online offering.

If you click on the LinkedIn "Recommend" button while you are logged into your LinkedIn account, the content of our pages will be linked to your LinkedIn profile. This enables LinkedIn to associate your visit to our pages with your LinkedIn user account. The transfer of personal data to the USA is based on the EU-U.S. Data Privacy Framework, according to which LinkedIn is certified.

Further information on Linkedin can be found in the data protection notice of Linkedin Corporation at: https://www.linkedin.com/legal/privacy-policy?.

6. Applications

6.1 Unsolicited Applications by Email

(1) You have the opportunity to send us an unsolicited application by email. As part of this email application, you provide us with personal data. It is particularly important to us to handle your personal data confidentially during the application process. It is therefore a matter of course for us to treat all personal data that you entrust to us in strict confidence and responsibly in compliance with the applicable statutory data protection regulations. As a precaution, we would like to point out that communication by email may be unencrypted over the Internet. Your data would then not be protected against access by third parties. 

We use technical and organizational security measures to protect your personal data from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. The legal basis for the processing of personal data that you send us as part of your application is generally the implementation of pre-contractual measures initiated by your application in accordance with Art. 6(1) sentence 1 lit. b GDPR. If the data transmitted by you for the purposes of the application also contains particularly sensitive data of a special category pursuant to Art. 9(1) GDPR, we process this data on the legal basis of your consent pursuant to Art. 6(1) sentence 1 lit. a, which we obtain from you for this reason in a binding manner as explained in more detail under para. 2.

(2) When applying by email, you provide us with personal data such as your first and last name, postal address and email address. To make it easier for us to contact you, you can also voluntarily enter further contact details, in particular your landline and cell phone number. To enable us to better meet your application requirements, you also have the option of voluntarily sending us additional data and files, e.g. a personal message, details of your professional qualifications and experience and files containing your application documents, such as your personal cover letter, CV, application photo, certificates, etc. Please note that CVs, certificates or other data you submit for the purposes of your application may also contain particularly sensitive data, such as information on racial or ethnic origin, political opinions, religious or philosophical beliefs, membership of a trade union or political party, physical or mental health or sex life. We therefore recommend that, if possible, you do not provide any information relating to such sensitive data of a special category.

(3) It cannot be ruled out and in individual cases it may be necessary for you to provide us with special category data as listed in paragraph 2 as part of your application. We are prohibited by law from processing such data without your consent. By sending us your application documents, you give us your consent to process this sensitive data of special categories in accordance with this Data Protection Notice.

(4) The data and files transmitted by you will be stored and used exclusively for purposes related to the recording and processing of your interest in employment or training with us and the processing of your application, including the necessary contact with you. Your application will be treated confidentially and will only be disclosed to authorized NORMA Group employees. If your application is successful, the data and files you submit may be used in the context of the employment relationship with you. If your application for a job offer is not successful, we will store the data and files you have submitted in our applicant database for six months in order to be able to answer any questions in connection with your application. After this period, the data and files will be deleted automatically.

(5) Your data and files submitted as part of your application will not be passed on to third parties unless we have your express consent or an official order to do so.

(6) You have the option to withdraw your application in whole or in part at any time. You can also request at any time that all or some of the data and files you have submitted be deleted or amended from our applicant database. You are also entitled to withdraw your consent to the processing of the personal data and files you have submitted as part of your application at any time with effect for the future. All you need to do is send an email to infoemea@ndspro.comHowever, certain data relating to your application must be stored for a limited period of time in order to comply with legal provisions and obligations to provide evidence. Once the legal basis no longer applies, the data will be blocked and/or deleted. With regard to your basic rights, we would also like to refer you to section 1.4 of this Data Protection Notice.

7. Processing outside our Website

7.1 Microsoft 365

(1) We use the productivity, collaboration and exchange platform Microsoft 365, which is provided by Microsoft Ireland Operations, Ltd, One Microsoft Place, South County Business Park, Leopardstown Dublin 18, D18 P521, Ireland (hereinafter "Microsoft"). Microsoft 365 is a service that connects various platforms, including for (the planning of) online meetings, as a telephony solution, for surveys, document exchange, editing and translation and for email communication, and enables simple exchange between the platforms.

(2) The following categories of personal data are processed in the context of the use of Microsoft 365:

  • Contact details (company, name, telephone, email (if personal), address)
  • Contract master data (contractual relationship, product or contractual interest)
  • Log files, log data
  • Metadata (e.g. IP address, duration of participation in a meeting)
  • Content data (content of documents, photos, videos, audio, etc.)
     

(3) The processing of personal data with Microsoft 365 is carried out for Contractual Purposes (in the case of processing for the purpose of implementing the contract or pre-contractual measures) or, insofar as personal data is processed in the context of an employment relationship or application procedure, on the basis of Art. 6(1) lit. b GDPR. Furthermore, we process the personal data on the basis of our legitimate interests (Art. 6(1) lit. f GDPR). Our legitimate interest in processing is to enable effective and efficient communication and collaboration between our employees, applicants, interested parties, customers, suppliers, service providers and other business and communication partners. These interests are derived from our right to freedom to conduct a business and freedom to choose an occupation.

(4) As part of the use of Microsoft 365, personal data may also be transferred to Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052, USA (hereinafter "Microsoft Corp.") in the USA. The transfer of personal data to the USA is based on the standard contractual clauses of the EU Commission (Commission Implementing Decision (EU) 2021/914 of 04.06.2021 - Ref. C(2021) 3972, OJ EU No. L 199/31 of 07.06.2021). Microsoft Corp. is also certified under the EU-U.S. Data Privacy Framework.

(5) The data processed in connection with the use of Microsoft 365 is stored for as long as is necessary for the stated purposes.

(6) Microsoft processes the personal data on our behalf. We have concluded a data processing agreement with Microsoft. The latest version can be found at the following link:
https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Da ta-Protection-Addendum-DPA?lang=1

9. Disclaimer/Version

This Data Protection Notice does not apply to applications, products, services, websites or social media functions of third-party providers that are accessible via links that we provide for informational purposes. When you use these links, you leave our websites, so there is a possibility that information about you may be collected or passed on by third parties. We have no influence whatsoever on third-party websites and make no recommendations or assurances about these websites or their data protection practices. We therefore encourage you to carefully read and review the data protection notices of any websites you interact with before allowing them to collect, process and use your personal data.

If we provide addresses and contact information of companies and organizations in this Data Protection Notice, we would like to point out that the addresses may change over time and ask you to check the information before contacting them.

 

Last update: Feb 1, 2026