Introduction
This privacy notice is issued on behalf of NOMOQ AG and its subsidiaries so when we mention "NOMOQ", "we", "us" or "our" in this privacy notice, we are referring to the relevant company in the NOMOQ group responsible for processing your data.
NOMOQ respects your privacy and is committed to protecting your personal data. This privacy notice will inform you about how we look after your personal data when you visit our website or which you provide to us through other means. In addition, this notice serves to tell you about your privacy rights and how the law protects you.
Our contact details
NOMOQ AG (headquarter)
Address: Dreikönigstrasse 51, 8002 Zürich, Switzerland
E-mail: privacy@nomoq.com
NOMOQ GmbH
Address: Morschheimer Str. 15, 67292 Kirchheimbolanden, Germany
E-mail: privacy@nomoq.com
NOMOQ Ltd
Address: Heathcote Industrial Estate, Heathcote Way, Leamington Spa, Warwick, CV34 6QP Warwickshire, United Kingdom
E-mail: privacy@nomoq.com
Processing of personal data we collect related to:
1. Your use of our website, applications and online services
Categories of personal data processed, purpose of the processing
When visiting our external and internal websites or using our applications, or online services (each an “Online Offering”), we may process the following categories of personal data:
- Your contact information, such as full name, address, telephone number and email address;
- Organisational information, including job position, company name, VAT number;
- Information submitted as part of a support request, survey or comment or forum post;
- Further personal data that you provide by filling in forms in our Online Offerings; and
- Information on your interaction with the Online Offering, including your device and user identifier, information on your operating system, sites and services accessed during your visit, the date and time of each visitor request, read-receipt data.
We process your personal data for the following purposes:
- To provide the Online Offering’s services and functions which includes creating and administering your online account, updating, securing, and troubleshooting, providing support, as well as improving and developing our Online Offerings;
- To verify your identity;
- To answer and fulfil your requests or instructions;
- To process your order or to provide you with access to specific information or offers;
- To contact you with information and offers concerning our products and services, to send you further marketing information or to contact you in the context of customer satisfaction surveys as explained in Section 4; and
- As reasonably necessary to enforce the Online Offering’s terms, to establish or preserve a legal claim or defence, to prevent fraud or other illegal activities, including attacks on our information technology systems.
Online Offerings provided by your organisation
Our Online Offerings may be provided to you for your use by the organisation to which you belong, such as our enterprise customers. If your organisation provides you with access to an Online Offering, our processing of personal data provided by or collected from you or your organisation in connection with the Online Offering’s content is performed under the direction of your organisation and is subject to a data processing agreement between your organisation and us. In such an instance, your organisation is responsible for any personal data contained in such content and you should direct any questions about how personal data contained in such content is used to your organisation.
2. Your business relationship with us
Categories of personal data processed, and purpose of the processing
In the context of the business relationship with us, we may process the following categories of personal data of consumers and contact persons at (prospective) customers, suppliers, vendors and partners (each a “Business Partner”):
- Contact information, such as full name, work address, work telephone number, work mobile phone number and work email address;
- Payment data, such as data necessary for processing payments and fraud prevention, including credit/debit card numbers, security code numbers and other related billing information;
- Further information necessarily processed in a project or contractual relationship with us or voluntarily provided by the Business Partner, such as personal data relating to orders placed, payments made, requests, and project milestones;
- Personal data collected from publicly available resources (including business and employment oriented social networks and websites), integrity databases and credit agencies; and
- Information that is legally required for Business Partner compliance screenings or export control checks, such as date of birth, nationality, place of residence, ID numbers, identity cards and information about relevant and significant litigation or other legal proceedings against Business Partners.
We may process the personal data for the following purposes:
- Communicating with Business Partners about our products, services and projects, e.g. by responding to inquiries or requests or providing you with information about purchased products;
- Planning, performing and managing the (contractual) relationship with Business Partners; e.g. by performing transactions and orders of products or services, processing payments, performing accounting, auditing, billing and collection activities, arranging shipments and deliveries, facilitating repairs and providing support services;
- To create a personal profile containing business-related information on interactions between you and us with the aim of being able to offer you and the company you work for relevant information and suitable offers for our services and products and to improve our personal communication with you;
- Administrating and performing market analysis, sweepstakes, contests, or other customer activities or events;
- Contacting you with information and offers concerning our products and services, sending you further marketing messages and conducting customer satisfaction surveys as explained in Section 4;
- Maintaining and protecting the security of our products, services and websites, preventing and detecting security threats, fraud or other criminal or malicious activities;
- Ensuring compliance with legal obligations (such as record keeping obligations), export control and customs, Business Partner compliance screening obligations (to prevent white-collar or money laundering crimes), and our policies or industry standards; and
- Solving disputes, enforcing our contractual agreements and to establish, exercise or defend legal claims.
3. Your job application
When you apply for a job, we process your personal data as set out in the privacy notice of the respective recruiting platform you may use.
When you apply for a job directly with NOMOQ, your personal data will be processed in accordance with our Application Data Privacy Notice. Please carefully review the Notice, which describes how we will use your data.
Application Data Privacy Notice
You must read the NOMOQ Application Data Privacy Notice ("Notice") stated below carefully. When you decided to apply for a NOMOQ job position, you expressly consent to us storing your Application Data (as defined within the Notice) for a period of 6 months following the end of the recruitment process in order to evaluate your suitability for other employment vacancies and consent to NOMOQ's recruitment teams in Switzerland, Germany and the UK having access to and processing your Application Data in accordance with the Notice. You may withdraw your consent at any time in the future by sending an email request to the NOMOQ contact you sent your Application Data or to privacy@nomoq.com . You are aware that the withdrawal of your consent may affect any ongoing applications you have made.
The Notice describes the information we collect, what we do with it, whom we share it with, and how long we store it for. For further information on how we secure it and what rights and obligations you as an applicant have, the general data in this privacy notice is also applicable.
Following the completion of your application, the information that you have provided in your application will be made available to NOMOQ's recruitment teams in Europe for the purposes described below. For further questions please email to privacy@nomoq.com
Application Data we may collect and use the following personal data about you:
- Contact information (such as name, address, email address, and phone number);
- Education certificates; experience information (such as education, skills, work experience and/or CVs, employee records and appraisals);
- Demographic information (such as age, date of birth, gender); psychometric and ability test results; other identifying information (such as a social security number);
- (all such data hereinafter jointly referred to as “Application Data”).
We may process the Application Data for the following purposes:
- Determining your qualifications for employment and reaching a recruitment decision;
- Evaluating your suitability for other employment vacancies;
- Informing you, via email, or otherwise about the progress of your application for employment with NOMOQ;
- Protecting our rights and fulfilling our legal obligations; and
- Informing you, via email, or otherwise about other local or global vacancies at NOMOQ that we consider you suitable to make an employment application for.
Should your application for employment be successful, your Application Data may be processed for the necessary employment purposes and included in your employment file. Should you require further information about processing your Application Data for the necessary employment purposes, please contact privacy@nomoq.com
We do not collect or use the Application Data you submit for other purposes than as indicated above.
Disclosure and transfer of Application Data
NOMOQ may share Application Data:
- With employees of NOMOQ only on a need-to-know basis for the purposes above.
- With NOMOQ third party service providers it engages for the purposes as described above.
- For the purposes of protecting our rights and fulfilling our legal obligations.
NOMOQ entities and third-party service providers that use Application Data may be vested in territories where the laws do not offer a level of protection for Application Data equivalent to the law which applies in your jurisdiction. We will ensure that such international data transfers are in compliance with applicable data protection legislation.
Retention Period for Application Data
For the duration of your candidate profile being active, you will be informed by us about such employment vacancies that we consider you suitable to apply for and your Application Data will remain stored in our databases until the earlier of you request for deleting your candidate profile, or 6 months following the end of the recruitment process for the purposes as described in Chapter 3 above, unless we are required by law to store such data for a longer period.
If your application for employment was successful, your Application Data may however be processed for and included in your employment file.
4. Customer satisfaction survey and for direct marketing
Where and as permitted under applicable law, we may process your contact information for direct marketing purposes (e.g. trade show invitations, newsletters with further information and offers concerning our products and services) and to carry out customer satisfaction surveys, in each case also by email. You may object to the processing of your contact data for these purposes at any time by writing to privacy@nomoq.com or by using the opt-out mechanism provided in the respective communication you received.
How we get the personal data and why we have it
Most of the personal data we process is provided to us directly by you. We rely on you to provide us with correct data. If the data changes, we invite you to let us know, so we can keep the data up to date.
We also receive personal data indirectly, from the following sources:
- publicly available databases
- social media platforms
- third-party data brokers
- partner companies and affiliates
- other publicly available sources of information
We may share this information with our group of companies (including, both within and outside of the European Union). Where this is the case, we ensure safeguards are in place in compliance with applicable laws including standard contractual clauses for the transfer of personal data to processors established in third countries as approved by the European Commission or other relevant data protection authority.
How we store your personal data
Your information is securely stored. We have taken technical, physical and organisational measures in order to protect your personal data and Application Data in our custody or control from loss, theft, misuse, unauthorised access, disclosure, alteration, copying, accidental or unlawful destruction and any other unlawful forms of use.
We will only retain your personal data for as long as is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting us at privacy@nomoq.com
In some circumstances you may ask us to delete your data: see below for further information.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
How we disclosure your personal data
We may have to share your personal data with internal or external third parties for the purposes of legitimate interest, performance of contract and to comply with a legal or regulatory obligation.
- Internal third parties:
- Subsidiaries of NOMOQ AG acting as joint controllers or processors and who provide (a) IT and system administration services, and (b) undertake reporting activities.
- Employees within the Sales/Communications/Marketing/Investor Relations teams who have access to the personal information to carry out.
- External third parties:
- Service providers acting as processors who provide IT, email, website and system administration services.
- Professional advisers acting as processors including lawyers, finance providers, auditors and insurers who provide consultancy, financing, legal, insurance and accounting services.
- Regulators and other authorities acting as processors or joint controllers who require reporting of processing activities in certain circumstances (including for reasons of public health).
- Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
How we deal with international personal data transfers
As part of an international group of companies, some of your personal data will be accessible or transferred to countries (including, both within and outside of the European Union). Where this is the case, we ensure safeguards are in place in compliance with applicable laws including standard contractual clauses for the transfer of personal data to processors established in third countries as approved by the European Commission or other relevant data protection authority.
Your data protection rights
Under data protection law, you have rights including:
Your right of access - You have the right to ask us for copies of your personal data.
Your right to rectification - You have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal data in certain circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal data in certain circumstances.
Your right to object to processing - You have the right to object to the processing of your personal data in certain circumstances.
Your right to data portability - You have the right to ask that we transfer the personal data you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
We sometimes need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Please contact the Data Protection Lead at privacy@nomoq.com if you wish to make a request.
This document was last updated on September 7, 2023