Privacy

Last updated: June 2026

1. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

norrd c/o Nywerk Software GmbH
Fabrikzeile 21
95028 Hof, Germany
Local court Hof · HRB 6072
Managing director: Johannes Brock
Email: hello@norrd.de

2. Your rights as a data subject

You have the right to:

• access (Art. 15 GDPR)
• rectification (Art. 16 GDPR)
• erasure (Art. 17 GDPR)
• restriction of processing (Art. 18 GDPR)
• data portability (Art. 20 GDPR)
• object to processing (Art. 21 GDPR)

Where processing is based on your consent, you may withdraw it at any time with effect for the future. You also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). The authority responsible for us is the Bavarian State Office for Data Protection Supervision (BayLDA), Ansbach.

3. Visiting the website / server log files

Each time the website is accessed, our hosting provider automatically collects information transmitted by your browser: IP address, date and time, the page accessed, the volume of data transferred, the referrer URL, browser type and operating system. This data is technically necessary to deliver the website and to ensure its stability and security. The legal basis is our legitimate interest (Art. 6(1)(f) GDPR). Processing is carried out on our behalf by a hosting provider under a data processing agreement.

4. Web analytics with Umami

To analyse the use of our website statistically, we use Umami, a web analytics tool provided by Umami Software, Inc., in its hosted version (cloud.umami.is). Umami works without cookies and without cross-site tracking. No personal user profiles are created; analysis (e.g. page views, country of origin, browser and device type) is carried out solely in aggregated, anonymised form. Your IP address is not stored permanently.

The legal basis is our legitimate interest in privacy-friendly reach measurement (Art. 6(1)(f) GDPR). As no information is accessed on your device and no cookies are set, no consent is required. We do not use Google Analytics. A transfer of data to the USA cannot be excluded; it takes place on the basis of appropriate safeguards (standard contractual clauses).

5. Booking an appointment

You can arrange an introductory appointment via our website. In doing so, we process the data you provide — name, email address and phone number — together with the chosen appointment in order to handle your request and hold the meeting. The legal basis is Art. 6(1)(b) GDPR (pre-contractual measures) as well as our legitimate interest in handling your request (Art. 6(1)(f) GDPR).

6. Contacting us by email

If you contact us by email, we process your details solely to handle your request and any follow-up questions. The legal basis is Art. 6(1)(b) or (f) GDPR.

7. Retention period

We process personal data only for as long as is necessary for the stated purposes or as required by statutory retention periods. The data is deleted thereafter.

8. SSL/TLS encryption

For security reasons, this website uses SSL/TLS encryption. You can recognise an encrypted connection by the “https://“ in your browser’s address bar.

9. No automated decision-making

Automated decision-making, including profiling within the meaning of Art. 22 GDPR, does not take place.

10. Updates to this policy

We will update this privacy policy as soon as there are changes to the legal situation or to our data processing.