Privacy Policy
Welcome to Norman!
As part of the registration, login and use of the Norman platform, we collect certain personal data that we receive from you in order to enable the provision of tax and accounting services to you.
We attach great importance to protecting your data and maintaining your privacy. Below, we will therefore inform you about the collection and use of personal data when using our website and app.
1. Name and contact details of the data controller
This data protection information applies to data processing by Norman AI GmbH, Kolonnenstrasse 8, Berlin, Germany, 10827.
2. Collection and storage of personal data as well as the type and purpose of their use
a) When visiting the website
When you access our website https://www.norman.finance/, the browser used on your device - possibly through our hosting provider - automatically sends information to our website's server. This information is temporarily stored in a so-called log file. The following information is recorded without your intervention and stored until it is automatically deleted:
· IP address of the requesting computer,
· Date and time of access,
· Name and URL of the retrieved file,
· Website from which access is made (referrer URL)
· browser used and, if applicable, the operating system of your computer as well as the name of your access provider.
The data mentioned will be processed by us for the following purposes:
· Ensuring a smooth connection to the website
· Ensuring comfortable use of our website
· Evaluation of system security and stability as well
· for further administrative purposes.
The legal basis for data processing is Article 6 Paragraph 1 Sentence 1 Letter f GDPR. Our legitimate interest follows from the data collection purposes listed above. Under no circumstances do we use the data collected for the purpose of drawing conclusions about you personally. We also use cookies and analysis services when you visit our website. Further explanations can be found in sections 5 and 6 of this data protection declaration.
b) When registering for our newsletter
If you have expressly consented in accordance with Article 6 Paragraph 1 Sentence 1 Letter a GDPR, we will use your email address to regularly send you our newsletter. To receive the newsletter, it is sufficient to provide an email address. You can unsubscribe at any time, for example via a link at the end of each newsletter. Alternatively, you can send your request to unsubscribe at any time to compliance@norman.finance.
If you are our customer, we may send you direct advertising for our own products based on the provisions of Article 6 (1) (f) GDPR in conjunction with Section 7 (3) UWG. In this case, too, you have the right at any time to object to our use of your email address for advertising purposes. There are no additional costs to you (except for possible transmission costs according to the basic tariffs). To do this, simply click on the unsubscribe link within a newsletter or send us a short email with your wish to unsubscribe or unsubscribe to compliance@norman.finance. You will not incur any costs for unsubscribing (except for possible transmission costs according to the basic tariffs).
c) When requesting the download link
On our website we offer you the opportunity to request a download link to use our app. It is necessary to provide a valid telephone number, which must be confirmed to ensure that the request comes from you. Data processing for the purpose of contacting you is carried out in accordance with Article 6 Paragraph 1 Sentence 1 Letter a GDPR based on your voluntarily given consent.
d) When using the app
In order to be able to download and install our app from an app store (e.g. Google Play, Apple App Store), you must first register for a user account with the provider of the respective app store and conclude a corresponding usage agreement with them. We have no influence on this, and in particular we are not a party to such a user agreement. When you download and install the app, the necessary information is transferred to the respective app store, in particular your user name, your email address and the customer number of your account, the time of download, payment information and the individual device code. We have no influence on this data collection and are not responsible for it. We only process the data provided to the extent that this is necessary for downloading and installing the app on your mobile device (e.g. smartphone, tablet). Data processing is carried out on the basis of our legitimate interest in the efficient and secure provision of our services in accordance with Art. 6 Para. 1 lit. f GDPR, to fulfill the contract in accordance with Art. 6 Para. 1 lit 6 Paragraph 1 Letter a GDPR.
e) When making an appointment via calendly
We use the calendly tool to make appointments simple, quick and uncomplicated.
When using the tool, you will be asked for personal information such as name, email address and telephone number. You also have the opportunity to present your concerns and provide us with further information. If you use the tool, your details from the inquiry form, including the information you provided there, will be saved and transmitted to us. The data entered is processed based on your consent in accordance with Art. 6 Para. 1 lit. a GDPR.
Calendly's privacy policy can be found at https://calendly.com/pages/privacy
f) When registering for tax purposes via our website
If you use our tax registration service via our website, you will be asked for personal data such as name, email address and telephone number, birthday, marital status and religious affiliation. Your details will then be transmitted directly to the tax office via the ELSTER interface (you can find more information about the ELSTER software under g)). The data entered is processed based on your consent in accordance with Art. 6 Para. 1 lit. a GDPR.
g) When filing a tax return
If you instruct us to file a tax return, you will provide us with personal data such as name, email address and telephone number, date of birth, marital status, religious affiliation, national tax number, responsible tax office, home address, second home if applicable, work address, legal form, commercial register number, bank details , proof of identity, bank details, information on income and expenses. Your details will then be transmitted directly to the tax office via the ELSTER interface. The data entered is processed on the basis of your consent in accordance with Article 6 (1) (a) GDPR and for the purpose of executing the contract in accordance with Article 6 (1) (b) GDPR.
As far as sensitive personal data, such as health data, data on religious affiliation or trade union membership, is requested, this is done on the basis of your consent in accordance with Art. 9 Para. 2 lit. a GDPR. The tax return is submitted to the tax office using the ELSTER tax software. Your tax return and the tax assessment notice, as soon as it is available, can be accessed in digital form in our APP after submission, unless you have objected to this. We issue the following information from the tax authorities regarding the use of ELSTER:
“This software is used to collect personal data within the meaning of Article 4 No. 1 of the General Data Protection Regulation (GDPR) and Article 9 Paragraph 1 of the GDPR for the purpose of processing. In addition to the pure data required for tax assessment, the software collects data about the type of operating system of the user and transmits this to the tax authorities.
This data is needed to ensure the proper processing of the data and to prevent errors in the processing process. The use of the data takes place within the framework of Article 6 Paragraph 1 Subparagraph 1 Letter e i. V. m. Paragraph 3 Subparagraph 1 Letter b GDPR in conjunction with V. m. federal or state tax laws by the tax authorities and only for the stated purpose. General information on the implementation of the data protection requirements of Articles 12 to 14 of the General Data Protection Regulation in tax administration can be found at https://download.elster.de/download/documents/Informationen_zu_artikel_12_bis_14_Datenschutz-Grundverfassung.pdf.
3. Duration for which the personal data will be stored
The personal data is generally stored for as long as is necessary for the processing purposes described. The criterion for the duration of the storage of personal data is generally the respective statutory, tax and commercial law retention period (usually 6-10 years) or . the period for which the data is required for legal and/or factual reasons. After the deadline has expired, the relevant data will be routinely deleted unless it is no longer required to fulfill the contract or initiate/execute the contract.
4. Sharing of data
Your personal data will not be transferred to third parties for purposes other than those listed below. We will only share your personal information with third parties if:
· you have given your express consent to this in accordance with Article 6 Paragraph 1 Sentence 1 Letter a or Article 9 Paragraph 2 Letter a of the GDPR,
· the disclosure in accordance with Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
· in the event that there is a legal obligation for the transfer in accordance with Article 6 Paragraph 1 Sentence 1 Letter c GDPR, as well as
· This is legally permissible and is necessary for the processing of contractual relationships with you in accordance with Article 6 Paragraph 1 Sentence 1 Letter b of the GDPR.
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs as part of the use of third-party services or disclosure or transmission of data to third parties, this will only occur if it is done to fulfill our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process or have the data processed in a third country if the special requirements of Art. 44 ff. GDPR are met. This means that the processing is carried out, for example, on the basis of special guarantees, such as the officially recognized determination of a data protection level that corresponds to the EU or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).
5. Cookies
Our website uses at several locations so-called cookies. Cookies are small text files that are stored on your computer and that your browser saves. They serve to make our offering more user-friendly, effective and secure. Cookies do not contain any personal data and do not cause any damage to your device; they do not contain any malware.
On the one hand, the use of cookies serves to make the use of our offer more pleasant for you. We use so-called session cookies to recognize that you have already visited individual pages on our website. These are automatically deleted after you leave our site. In addition, to optimize user-friendliness, we also use temporary cookies that are stored on your device for a specific period of time. If you visit our site again to use our services, it will automatically be recognized that you have already been with us and what entries and settings you have made so that you do not have to enter them again.
On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offering for you. These cookies enable us to automatically recognize that you have already been with us when you visit our site again. These cookies are automatically deleted after a defined period of time. The data processed by cookies is necessary for the purposes mentioned to protect our legitimate interests and those of third parties in accordance with Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR.
Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or that a message always appears before a new cookie is created. However, completely deactivating cookies may mean that you cannot use all functions of our website.
6. Analysis & marketing tools
The tracking measures listed below and used by us are carried out on the basis of Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR. With the tracking measures we use, we want to ensure a needs-based design and the ongoing optimization of our website. On the other hand, we use tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimizing our offering for you. These interests are to be viewed as legitimate within the meaning of the aforementioned provision. The respective data processing purposes and data categories can be found in the corresponding tracking tools.
Google Analytics
For the purpose of needs-based design and ongoing optimization of our pages, we use Google Analytics, a web analysis service from Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA; hereinafter “Google”). In this context, pseudonymized usage profiles are created and cookies are used. The information generated by the cookie about your use of this website such as
· Browser type/version
· operating system used
· Referrer URL (the previously visited page)
· Host name of the accessing computer (IP address)
· time of server request,
are transferred to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website and internet use for the purposes of market research and the needs-based design of these websites.
Google Analytics stores cookies in your web browser for a period of two years since your last visit. These cookies contain a randomly generated user ID that can be used to recognize you on future website visits.
The data we send and linked to cookies, user identifiers (e.g. user ID) or advertising IDs are automatically deleted after 14 months. The deletion of data whose retention period has been reached occurs automatically once a month.
This information may also be transferred to third parties if this is required by law or if third parties process this data on behalf of you. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymized so that assignment is not possible (IP masking). You can prevent the installation of cookies by setting the browser software accordingly; However, we would like to point out that in this case not all functions of this website may be able to be used to their full extent. You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https: // tools.google.com/dlpage/gaoptout?hl=de). As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent data collection by Google Analytics by clicking on this link. An opt-out cookie will be set to prevent future collection of your data when you visit this website. The opt-out cookie only applies in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you will have to set the opt-out cookie again. Further information on data protection in connection with Google Analytics can be found in the Google Analytics help: https://support.google.com/analytics/answer/6004245.
Google Adwords Conversion Tracking
In order to statistically record the use of our website and evaluate it for the purpose of optimizing our website for you, we also use Google Conversion Tracking. Google Adwords sets a cookie on your computer if you came to our website via a Google ad.
These cookies expire after 30 days and are not used for personal identification. If the user visits certain pages on the Adwords customer's website and the cookie has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page.
Every Adwords customer receives a different cookie. Cookies cannot therefore be tracked via the websites of Adwords customers. The information collected using the conversion cookie is used to create conversion statistics for Adwords customers who have opted for conversion tracking. Adwords customers find out the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, you will not receive any information that can be used to personally identify users.
If you do not want to take part in the tracking process, you can also refuse the necessary setting of a cookie - for example by using a browser setting that generally deactivates the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser to block cookies from the domain “www.googleadservices.com”. Google's data protection policy on conversion tracking can be found here: https://services.google.com/sitestats/en.html.
For the purpose of needs-based design and ongoing optimization of our pages and their economic operation, we use Reddit Ads and Reddit Conversion Tracking (Pixels), a marketing service provided by Reddit, Inc., 548 Market St. 16093, San Francisco, California 94104, and also use within our website uses the “Visitor Action Pixel” (Reddit Conversion Tracking) from the Reddit platform.
We use Reddit conversion tracking for marketing and optimization purposes, in particular to analyze the use of our website and to improve individual functions and offers as well as the user experience. By statistically evaluating user behavior, we would like to improve our offering and make it more interesting for users. The legal basis for this is our legitimate interest in the processing of the above data by the third party in accordance with Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR.
You can prevent the installation of cookies by deleting existing cookies and deactivating the storage of cookies in the settings of your web browser.
You can also prevent Reddit from collecting the above-mentioned information by changing the relevant settings on the Reddit website linked below: https://www.reddit.com/personalization/
For more information about Reddit Ads' use of cookies, see https://www.redditinc.com/policies/cookies
Facebook Pixels (Facebook Ads)
For the purpose of needs-based design and ongoing optimization of our pages and their economic operation, we use (re)marketing services from Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). Using this function, the provider can target website visitors with advertising by displaying personalized, interest-based Facebook ads for website visitors when they visit the social network Facebook. To carry out the function, Facebook's remarketing tag is implemented on the provider's website.
When you visit the website, a direct connection is established to the Facebook servers. Information about the use of the websites visited is transmitted.
Facebook assigns this information to your personal Facebook user account. Further information on the collection and use of data by Facebook, your rights in this regard and options for protecting your privacy can be found in Facebook's data protection information at https://www.facebook.com/about/privacy/.
You can deactivate the functions via your Facebook user account,
If you do not want Facebook to directly assign the collected information to your Facebook user account, you can deactivate the “Custom Audiences” remarketing function here. To do this you must be logged in to Facebook.
The legal basis for processing the data and using the (re)marketing services is the legitimate interest in the analysis, optimization and economic operation of our online offering within the meaning of Art. 6 Para. 1 lit. f. GDPR
Hotjar
For the purpose of needs-based design and ongoing optimization of our pages as well as their economic operation, we use marketing services from Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (Hotjar). Evaluate the behavior of website visitors. In particular, anonymized data is collected via cookies (see section 5), which is used for optimization. This data has no personal reference and will not be used to create one. The data collected will be automatically deleted after a few days. Further information can be found in Hotjar's privacy policy at https://www.hotjar.com/legal/policies/privacy.
TikTok pixels
For the purpose of needs-based design and ongoing optimization of our pages and their economic operation, we use the so-called “TikTok Pixel” from the provider TikTok (for EU: TikTok Information Technologies UK Limited, Aviation House, 125 Kingsway Holborn, London, WC2B 6NH.) . This is a cookie (see section 5) which we have implemented on our site. This creates a connection to the TikTok servers when you visit our website in order to track your behavior on our website. For example, if you purchase a product on our website, the TikTok pixel is triggered and stores your actions on our website in one or more cookies.
Personal data such as your IP address and email address, as well as other information such as device ID, device type and operating system may also be transferred to TikTok. TikTok uses email or other login or device information to identify users of our website and associate their actions with a TikTok user account.
TikTok uses this data to show its users targeted and personalized advertising and to create interest-based user profiles. The data collected is anonymous and cannot be viewed by us and can only be used by us as part of measuring the effectiveness of advertising placements.
The legal basis for using the service is our legitimate interest in the analysis, optimization and economic operation of our online offering within the meaning of Art. 6 Para. 1 Sentence 1 lit f GDPR.
Further information about data protection at TikTok can be found at https://www.tiktok.com/legal/new-privacy-policy.
7. Other tools
Typeform
We use the services of Typeform, SL, Carrer Bac de Roda, 163, 08018 Barcelona, Spain (“Typeform”) to process user input. Typeform receives secure user IDs for this purpose.
The data processing is based on our legitimate interests in accordance with Art. 6 Para. 1 lit. f GDPR in the technically error-free and optimized provision of our services.
Further information on data processing by Typeform can be found at https://admin.typeform.com/to/dwk6gt/
8. Affiliate programs
Tapfiliate
For the purpose of needs-based design and ongoing optimization of our pages as well as their economic operation, we use the affiliate program Tapfiliate from Tapfiliate BV, Rapenburgerstraat 173, 1011 VM Amsterdam, Netherlands.
Tapfiliate always sets a so-called “cookie”, text files that are stored on your computer or device when you click on an ad containing a partner link. This allows us to understand where the order came from and to bill our partners correctly. Tapfilitate also allows us to create, manage and analyze marketing and referral programs.
Tapfilitate stores and processes the following personal data: first name, last name, contact details, email address, IP address.
You can prevent the storage of cookies by selecting the appropriate technical settings in your browser software; However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.
The legal basis for using the partner program is our legitimate interest in the analysis, optimization and economic operation of our online offering within the meaning of Art. 6 Para. 1 Sentence 1 lit f GDPR.
Further information on data protection at tapfiiate can be found at the following link: https://tapfiliate.com/privacy/privacy-policy/
financeAds
For the purpose of needs-based design and ongoing optimization of our pages and their economic operation, we use the partner program financeAds GmbH & Co. KG, Karlstraße 9, 90403 Nuremberg, Germany
This is a so-called affiliate system. financeads.net uses so-called “cookies”, text files that are stored on your computer or device when you click on an ad containing a partner link. This allows us to understand where the order came from and to bill our partners correctly.
Further information on data use by financeads.net and options for objection can be found in the company's data protection declaration: https://www.financeads.net/aboutus/datenschutz/.
9. Payment service providers
GoCardless
We use GoCardless Bank Account Data, a service from GoCardless Ltd., Sutton Yard, 65 Goswell Road, London, EC1V 7EN, United Kingdom.
Norman doesn’t store your banking login credentials.
GoCardless is a fintech company. Transactions via online banking are processed via GoCardless. GoCardless takes care of communication with the bank and sends the account statements or transaction information to Norman (e.g. transfer) after the payment transaction has been completed. Information about GoCardless’s data protection can be found at: https://gocardless.com/privacy/account-holders/.
finAPI
We use finAPI, a service provided by finAPI GmbH, Adams-Lehmann-Str. 44, 80797 Munich. In order to offer online banking, the respective provider must have a banking license from the banking supervisory authority BaFin. We therefore carry out online banking via the service provider finAPI.
Norman doesn’t store your banking login credentials.
finAPI is a fintech company with the corresponding Bafin license. Transactions via online banking are processed via finAPI. finAPI takes care of communication with the bank and transmits the account statements or transaction information to Norman after the payment transaction has been completed (e.g. transfer). Information on finAPI's data protection can be found at: https://www.finapi.io/datenschutz/.
Stripe
We use the services of Stripe from Stipe Inc., 510 Townsend Street, San Francisco, CA 94103,
USA (“Stripe”). Stripe is a third-party payment service provider to process payments made to us. We do not retain any personally identifiable information or financial information such as credit card numbers in connection with processing such payments. Rather, this data (in particular contact and transaction data such as credit card details or bank details) is sent directly to Stripe, whose use of your personal data is governed by their privacy policy. Stripe collects additional data for its own purposes, such as to prevent misuse and further develop its products as well as for marketing purposes. The other data collected through cookies and other technologies includes, in particular, communication data (IP address, device identification, browser version, operating system information). The legal basis is Article 6 Paragraph 1 Sentence 1 Letter b GDPR, in order to fulfill the payment within the framework of a contract with you, and otherwise Article 6 Paragraph 1 Clause 1 Letter f GDPR, whereby the use of an external Payment service provider is based on our legitimate interest in being able to offer you an additional payment option with Stripe.
Some of the data processing by Stripe takes place on servers in the USA.
Further information can be found at https://stripe.com/de/terms
10. Newsletter dispatch & communication
SendGrid
Our newsletters are sent via the shipping service provider “SendGrid”, a brand of Twilio Inc., a Delaware corporation, with a place of business at 101 Spear Street, 5th Floor, San Francisco, California, 94105, United States of America.
The shipping service provider can use the recipient's data in a pseudonymous form, ie without assigning it to a user, to optimize or improve its own services, for example to technically optimize shipping and the presentation of the newsletter or for statistical purposes. However, the shipping service provider does not use the data of our newsletter recipients to write to them itself or to pass the data on to third parties.
The newsletters contain files that are retrieved from our server or the shipping service provider's server when the newsletter is opened. Information about the browser, the system used as well as the IP address and the time of access are collected.
It is also determined whether and when the newsletter was opened and which links were followed. This is not about the possible allocation of data to a user, but only about the statistical evaluation of a newsletter association.
The legal basis for using the service and processing the data is the legitimate interest in the economic operation of our online offering within the meaning of Art. 6 Para. 1 lit. f. GDPR
You can view the shipping service provider’s privacy policy here: https://www.twilio.com/en-us/legal/privacy
Intercom
To improve the user experience in our applications, we use the Intercom service from Intercom Inc., 98 Battery Street, Suite 402, San Francisco, CA 94111, USA, to send messages by email and for live chats.
As part of our service agreement with Intercom, we transfer a limited amount of your information (such as email address and sign-up date) to Intercom and use Intercom to analyze the use of our services. Intercom analyzes the use of our services and tracks our customer relationships with the aim of continually improving our offering.
The legal basis for processing is the legitimate interest in the economic operation of our online offering within the meaning of Article 6 Paragraph 1 Letter f of the GDPR
Further information on data protection at Intercom can be found at https://www.intercom.com/legal/privacy.
11. Integration of third-party services and content
Based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offering within the meaning of Art. 6 Para. 1 lit. f. GDPR), we use content or service offerings from third-party providers in order to integrate their content and services.
This always assumes that the third party providers of this content are aware of the user's IP address, as without the IP address they would not be able to send the content to their browser. The IP address is therefore required to display this content. Furthermore, information about visitor traffic on the pages of this website can be evaluated.
Youtube
Videos from the “YouTube” platform of the provider Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, are integrated. Data protection declaration: https://www.google.com/policies/privacy
Google Fonts
Fonts (“Google Fonts”) from the provider Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, are integrated. Privacy policy: https://www.google.com/policies/privacy.
12. Hosting Services
DigitalOcean
We host some of our systems at DigitalOcean, LLC., 101 Avenue of the Americas, 10th Floor, New York, NY 10013 USA. For technical reasons, the infrastructure may be maintained from the USA.
The legal basis for the aforementioned data processing is Article 6 Paragraph 1 f) GDPR based on our legitimate interest. We want to provide you with the technical infrastructure to be able to offer our products and services.
Further information can be found in the DigitalOcean privacy policy https://www.digitalocean.com/legal/privacy-policy
Microsoft Azure
We host some of our systems at Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052, USA. For technical reasons, the infrastructure may be maintained from the USA.
The legal basis for the aforementioned data processing is Art. 6 Para. 1 f) GDPR based on our legitimate interest. We want to provide you with the technical infrastructure to be able to offer our products and services.
For more information, please see Azure’s privacy policy at https://privacy.microsoft.com/en-us/privacystatement
Amazon Web Services
We host some of our systems at Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, USA (“AWS”). For technical reasons, the infrastructure may be maintained from the USA.
The legal basis for the aforementioned data processing is Art. 6 Para. 1 f) GDPR based on our legitimate interest. We want to provide you with the technical infrastructure to be able to offer our products and services.
For more information, please see AWS’s privacy policy at https://aws.amazon.com/de/compliance/data-privacy/
13. Rights of those affected
You have the right:
· in accordance with Art. 15 GDPR, to request information about your personal data processed by us. In particular, you can obtain information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a Right to complain, the origin of your data, if it was not collected by us, as well as the existence of automated decision-making including profiling and, if necessary, meaningful information about its details;
· in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or complete personal data stored by us;
· in accordance with Art. 17 GDPR, to request the deletion of your personal data stored by us, unless the processing is carried out to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims is required;
· in accordance with Art. 18 GDPR, to request the restriction of the processing of your personal data if you dispute the accuracy of the data, the processing is unlawful but you refuse its deletion and we no longer need the data but you use it to assert or exercise your rights or need to defend legal claims or you have objected to the processing in accordance with Art. 21 GDPR;
· in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transmitted to another person responsible;
· In accordance with Art. 7 Para. 3 GDPR, you can revoke your consent to us at any time. This means that we are no longer allowed to continue the data processing based on this consent in the future
· to complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority at your usual place of residence or place of work.
14. Right to object
If your personal data is processed on the basis of legitimate interests in accordance with Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR, you have the right to object to the processing of your personal data in accordance with Article 21 of the GDPR, provided there are reasons for doing so. which arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which we will implement without specifying a special situation. If you would like to exercise your right of withdrawal or objection, all you need to do is send an email to: compliance@norman.finance.
15. Data Security
When visiting our website, we use the common SSL procedure (Secure Socket Layer) in conjunction with the highest level of encryption supported by your browser. This is usually 256 bit encryption. If your browser does not support 256-bit encryption, we will use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the bottom status bar of your browser. We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
16. Currentness and changes to this data protection declaration
This data protection declaration is currently valid and is valid as of March 2024. Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access and print out the current data protection declaration at any time on the website at https://www.norman.finance/privacy-policy.