1. Who we are
This Privacy Notice applies to Norma when we process personal data for our own business purposes, and thus acts as a data controller.
This Privacy Notice applies to any processing of personal data in connection with all our business activities in all our business areas. It is applicable to the processing of both historical and future personal data. Please note that we separate privacy notices may apply, for example for employees, applicants, and participants at trade fairs, job fairs and similar events.
3. Which personal data do we process and for what purposes?
We may process personal data in the following situations and for the following purposes:
- Communication: We may process personal data when you are contacting Norma or when Norma is contacting you, for example when you are contacting our customer service or when you write to Norma or call us. In this case, we may typically process name(s) and contact data and the content and time of the relevant messages. We may use this data in order to provide you with information, process your request and communicate with you. We can also forward messages within Norma, for example if your request concerns another Norma entity.
- We may also use analytics services provided by third party service providers, for example Google Analytics, which is provided by Google LLC, US. As part of such services, the service provider collects information about the use of the relevant website, but often in a non-personally identifiable form.
- Finally, we may use functionalities from providers such as Facebook, which may result in the provider concerned processing data about you. We advise that you read the privacy policies of these third party providers.
- Use of e-mail: We may use your name and e-mail address to send you alerts, updates, event invitations and other information by e-mail, but will ask for consent first unless we have obtained your contact details from you in the context of our services. If you receive marketing communications from us and no longer wish to do so, you may unsubscribe at any time by following the link included in these e-mails. We may use a third party provider to understand if you open our e-mails or if you click on links included in them. You may prevent this by using the appropriate settings in your e-mail client.
- Visiting our premises: When you enter our premises, we may make video recordings in appropriately marked areas for security and evidence purposes. You may also be able to use a Wi-Fi service. In this case, we collect device-specific data in the course of your registration, and we may ask you to enter your name and e-mail address when registering.
- Customer events: When we hold customer events (such as advertising events, sponsoring events, cultural and sporting events), we may also process personal data. Such data may include the name and address of the participants or interested parties and, other data depending on the event, for example your date of birth. We may process this information for the purpose of carrying out customer events but also to get in direct contact with yourself and get to know you better. Further details can be found in the respective conditions of participation. Please read our Privacy Notice for Trade Fairs, Job Fairs and Similar Events, Should you need further information about how we may process your personal data.
- Business partners: Norma is working together with various companies and business partners, for example with suppliers, commercial customers of goods and services and with service providers (for example IT service providers). We may process personal data about the contact persons in these companies, for example their name, function and title. Depending on the field of activity, we are also required to scrutinize the relevant company and/or its employees. We will notify you separately if this applies. We may also process personal data about yourself to improve our customer orientation, customer satisfaction and customer loyalty (Customer Relationship Management).
- Administration: We may process personal data for our internal and group-internal administration. For example, we may process personal data in the context of IT or real estate management. We may also process personal data for accounting and archiving purposes and generally for checking and improving internal processes.
- Corporate transactions: We may also process personal data in order to prepare and process company and other transactions.
- Job applications: We may also process personal data when you apply to us. As a general rule, we require the usual information and documents as well as the ones mentioned in a job advertisement.
- Employment: We process personal data of our employees in the course of their employment. A dedicated Norma Employee Privacy Notice is applicable in this regard.
- Compliance with legal requirements: We may process personal data to comply with legal requirements. These include, for example, the operation of a whistleblowing scheme for reporting about suspected wrongdoings, internal investigations or the disclosure of documents to an authority if we have good reason to do so or are even legally obliged to do so. In this context we may process names and documentation or narratives referring to yourself or to a third party.
- Protection of rights: We may process personal data in various constellations in order to protect our rights, for example to assert claims in and out of court and before local and foreign authorities or to defend ourselves against claims. For example, we may have process prospects clarified or submit documents to an authority. Authorities may also require us to disclose documents containing personal data.
We process personal data on the following grounds:
- for the performance of a contract;
- for legitimate interests. This includes, for example, the interest in customer care and communication with customers outside of a contract; in marketing activities; in getting to know our customers and other people better; in improving products and services and developing new ones; in combating fraud, and the prevention and investigation of offences; in the protection of customers, employees and other persons and data, secrets and assets of Norma; in the guarantee of IT security, especially in connection with the use of websites, apps and other IT infrastructure; in the guarantee and organisation of business operations, including the operation and further development of websites and other systems; in company management and development; in the sale or purchase of companies, parts of companies and other assets; and in the enforcement or defence of legal claims;
- based on a consent, where such consent was obtained separately; and
- for compliance with legal and regulatory obligations.
You are generally under no obligation to disclose personal data to us. However, we must collect and process certain data in order to be able to conclude and perform a contract and for other purposes.
4. Who do we share your personal information with?
Our employees have access to your personal data as far as it is necessary for the described purposes and the work of the employees concerned. They act in accordance with our instructions and are bound to confidentiality and secrecy when handling your personal data.
We may also transfer your personal data to other legal entities within Norma for the purpose of internal group administration and for the various processing purposes described in this Privacy Notice. This means that your personal data can also be processed and combined with personal data originating from another Norma legal entity for the respective purposes.
We may also disclose your personal data to third party service providers who perform certain business operations on our behalf („processors“), in particular:
- IT services, for example data storage, cloud services, data analytics etc.;
- consulting services, for example tax consultants, lawyers, management consultants, recruitment etc.;
- logistics to deliver goods;
- administrative services, for example real estate management;
- business information and debt collection.
There are other cases where we may disclose your personal data, for instance:
- We may disclose your personal data to third parties (for example authorities) if this is required by law. We also reserve the right to process your personal data in order to comply with a court order or to assert or defend legal claims or if we consider it necessary for other legal reasons.
- We may disclose your personal data to third parties (for example acquirer) if this is necessary for a corporate transaction.
5. When do we disclose your personal data to third countries?
The recipients of your personal data (section 4) may be located abroad, including in countries even outside of Switzerland, the EU or the EEA which may not have laws that protect your personal data to the same extent as the laws in Switzerland, the EU or the EEA. If we disclose your personal data to a recipient in such a country, typically enter into a data transfer agreement to ensure adequate protection of your personal data, including contracts.
6. How do we protect your personal data?
We apply appropriate technical and organisational security processes to safeguard the security of your personal data and to protect it against unauthorised or unlawful processing and to prevent the risk of loss, unintentional alteration, unintentional disclosure or unauthorised access.
7. How long do we retain your personal data?
We retain your personal data for no longer than this is necessary for the purposes for which the information is collected or to comply with legal retention obligations.
8. What are your rights with respect to your personal data?
You have the following rights within the limits set forth in applicable law: You may inter alia request to access your personal data as processed by us, to ask us for correction or erasure, to request that the personal data you have provided to us be returned to you or transferred to the person of your choice, in a structured, commonly used and machine-readable format.
You may also withdraw consent, if you have provided consent for Norma to process your personal data. You also have the right to complain to a data protection authority about how we have used your personal data.
Norma Privacy Notice for Trade Fairs and Similar Events
Data protection is a matter of trust and your trust is a core value of Norma. This privacy notice („Privacy Notice”) is based on the EU General Data Protection Regulation („GDPR“) to ensure a high level of protection for all individuals whose personal data is processed by Norma in the frame of trade fairs and similar events and to ensure that Norma companies outside of the EU shall also be GDPR compliant. We may process any information related to yourself (“Personal Data”) for our own purposes and we would therefore act as a Controller of your Personal Data.
1. Categories of your Personal Data and purposes of our processing
We may process your business contact details (e.g. name, position, business e-mail address, business telephone number, department, etc.), your business function, customer relation information such as your interest in our products and services, and any other personal information of yourself contained in communication sent by yourself or others to Norma. We may process this Personal Data for the purposes of customer relationship management and business development with yourself and/or the company you work for. If the company you work for enters into an agreement with us, an additional privacy notice may apply. We may also use your e-mail address to send you marketing and information materials. You have the right to object at any time to processing of your Personal Data for such marketing.
2. Legal basis for the processing of your Personal Data by Norma
Our processing of your Personal Data is permitted by law. If the EU General Data Protection Regulation EU 2016/679 (“GDPR”) applies to our processing, then the legal basis is article 6 para. 1 let. b, and let. f GDPR, permitting the processing of Personal Data for the purposes of entering into and carrying out a contract and for legitimate interests.
3. Sources from which we have obtained your Personal Data
We may have obtained your Personal Data set out in Section 1.1 above from you and from your colleagues if we follow-up with you or your employer.
4. Retention periods
The retention periods for personal data depend on the purpose of the processing activities. We will retain your Personal Data set out under Sec. 1.1 above for as long as it is necessary for the respective purpose and/or required by applicable law.
5. Transfer of your Personal Data to third parties
Your Personal Data may be provided to third parties that perform services on our behalf related to the purposes described in this Privacy Notice, including data hosting providers.
In addition, we may disclose your Personal Data if we are required or permitted to do so by law or legal process, for example due to a court order or a request from a law enforcement agency, when we believe disclosure is necessary or appropriate for our legitimate interest, for example in preventing harm or financial loss, in connection with an investigation of suspected or actual fraudulent or other illegal activity, and in the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, dissolution, or liquidation).
6. Transfer of your Personal Data to third parties in countries outside the European Union?
Third parties referred to in Section 2.1 to which we transfer your Personal Data may be located outside the European Union. There may not be an adequacy decision by the European Commission for such country. This means that the level of data protection in such country may not be comparable with the level of data protection in the European Union. The appropriate safeguard we use to secure your Personal Data in the context of such transfers are the so-called EU Model Clauses.
7. Do you have to provide your Personal Data to us?
The provision of your Personal Data is not a statutory or contractual requirement. This means that you are not obliged to provide your Personal Data to us. The consequence if you do not provide your Personal Data to us is simply that we will not be able to communicate with you and may potentially not be able to proceed with our business relationship with you and with your employer.
8. Your Rights
Under applicable data protection laws, you have rights:
a) of access to, rectification of, and/or erasure of your Personal Data;
b) to restrict or object to its processing;
c) to tell us that you do not wish to receive marketing information; and
d) (in some circumstances) to require certain of your Personal Data to be transferred to yourself or to a third party, which you can exercise by contacting us at the details set out at the beginning of this Privacy Notice.
To the extent our processing of your Personal Data is based on your consent, you also have the right to withdraw your consent, without affecting the lawfulness of our processing based on your consent before its withdrawal.