Privacy Policy

This privacy notice was updated in December 2025.

NT-ware respects your privacy and is committed to protecting your personal data. This privacy notice informs you as to how we look after your personal data when you use the uniFLOW Online website and services and tells you about your privacy rights and how the law protects you.

Please note: uniFLOW Online is intended for use by organizations. Where uniFLOW Online is made available to you through an organization (e.g., your employer or your educational institution), that organization is the administrator of uniFLOW Online and is responsible for the accounts over which it has control (Data Controller). If this is the case, please direct your data privacy questions to your administrator, as your use of uniFLOW Online is subject to that organization's policies. We, as a Data Processor, are not responsible for the privacy or security practices of an administrator's organization, which may be different than this policy. NT-ware is only responsible for the following processing activities:

1. Data Controller

For customers from EMEA, Asia, and Australia:

NT-ware Systemprogrammierungs-GmbH
Niedersachsenstraße 6
49186 Bad Iburg

Email: info@nt-ware.com

For customers from North America and South America:

NT-ware USA, Inc.
105 Maxess Road, Suite S129
Melville N.Y. 11747

Email: info@nt-ware.com

2. Contact details of the Data Privacy Officer

Data Privacy Officer

NT-ware Systemprogrammierungs-GmbH
Niedersachsenstr. 6
49186 Bad Iburg

Email: privacy@nt-ware.com

3. Purpose of data processing and legal basis

We only process our users' personal data to the extent necessary to provide a functional website and our content and services.

3.1 uniFLOW Online logging

If you use uniFLOW Online, we collect platform/infrastructure (server) logs and uniFLOW Online web portal (application) logs to detect any anomalies and keep the service (infrastructure and software) up and running. The following data is involved:

1. Browser type and version
2. Operating system used
3. Referrer URL
4. Host name of the accessing computer
5. Time of the server request
6. IP address

When NT-ware Systemprogrammierungs-GmbH is the data controller, then the processing is based on our legitimate interest, according to Art. 6 (1) (f) GDPR. We have a legitimate interest in ensuring that our platform is presented as reliably as possible.

We retain users' browser data up to a period of 12 months.

3.2 uniFLOW Online – Creation of a tenant

To create your uniFLOW Online tenant it is necessary to process your personal data. The user account is necessary so that you can use uniFLOW Online cloud service in accordance with its terms. You need to complete and submit an online form with the data set out below; you will receive your access data from us by email.

The following data will be processed by us as described above:

• User name
• Email address
• Department (optional)
• Company address
• "Tenant" Name (Domain Name)
• Telephone number (optional)
• Place of residence (country)
• Serial number of the "Dealer Tenant" (optional)

Some information is mandatory (e.g., email address and postal address), some is optional (e.g., telephone number), and some is automatically assigned to you (e.g., serial number). The processing is based on our legitimate interest in proper user management, making the platform user-friendly and implementing the contractual relationship with your organization (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR) if this has been requested.

The data you send to us will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g., after you have cancelled your account or are no longer authorized to use this account). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

3.3 Cookies

uniFLOW Online uses so-called "cookies". Cookies are small text files and do not cause any damage to your end device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser.

Cookies have various functions. The majority of our cookies are technically necessary, as certain website functions would not work without them.

Cookies that are required to carry out the electronic communication process or to provide certain functions that you have requested are stored – if NT-ware Systemprogrammierungs-GmbH is the data controller – on the basis of § 25 (2) (2) TDDDG.

In some cases, cookies from third-party companies may also be stored on your terminal device when you enter our sites (third-party cookies). These enable you or us to use certain services of the third-party company. If we use third-party cookies, we will obtain your consent.

Further information on the cookies used on this website is set out in our Cookie Policy.

The website may include links to sites or applications operated by third parties ("Third-Party Sites"). We do not control any Third-Party Sites and are not responsible for any personal information they may collect. The information collection practices of Third-Party Sites are governed by their privacy policies. If you choose to enter any Third-Party Site from this website, please refer to that site's privacy policy to learn more about that site’s processing of your personal information.

4. Recipients of the data

In the course of the data processing, your data may be transmitted to Microsoft Azure Services acting as hosting services, provided by Microsoft Ireland Operations, Ltd., located One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland, and to the following NT-ware Group members on a need-to-know-basis provided that is necessary for (a) auditing compliance with policies and applicable laws, (b) helping to ensure security and integrity, (c) debugging, (d) short-term transient use, (e) internal research, and (f) activities to maintain or improve the quality or safety of a service or device:

• NT-ware Systemprogrammierungs-GmbH, Niedersachsenstraße 6, 49186 Bad Iburg, Germany
• NT-ware Enterprise Solutions GmbH, Otto-Lilienthal-Straße 36,71034 Böblingen, Germany
• NT-ware USA, Inc.,105 Maxess Road, Suite S129, Melville, N.Y. 11747, USA
• NT-ware Asia, Pte. Ltd., 438 Alexandra Road #04-01 Alexandra Point, 119958, Singapore
• NT-ware Japan Inc., 70-1 Yanagicho, Saiwai-ku, Kawasaki, Kanagawa 212-8602, Japan

5. Duration of data storage

The personal data of the data subject will be erased or restricted as soon as the purpose of its storage has been accomplished. Additional storage may occur if it was provided for by the European or national legislator within the EU regulations, law, or other relevant regulations to which the data controller is subject. Restriction or erasure of the data also takes place when the storage period stipulated by the aforementioned standards expires, unless there is a need to prolong the storage of the data for the purpose of concluding or fulfilling the respective contract.

6. Data subject rights under GDPR

Under GDPR, you have the following rights towards us with regard to your personal data:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to revoke your consent (Art. 7 GDPR)
• Right to object (Art. 21 GDPR)
• Right to complain to a supervisory authority (Art. 77 GDPR)

7. Data subject rights under US data protection laws

The following section applies only to individuals who reside in the states of California, Colorado, Connecticut, Montana, Oregon, Texas, Utah, and Virginia (collectively, "State Residents"). This section provides State Residents with information that is required by the law of the state where they reside (collectively, "Applicable State Privacy Law").

Subject to any applicable limitations and exceptions, State Residents have the following rights under Applicable State Privacy Laws:

Right to Access/Right to Know: You have the right to information about whether we process your personal information, to access such information, and to certain details about how we use it. If you are a resident of California, you have the right to information about whether we process your personal information, and our collection, use, and disclosure of categories of your personal information. In addition, in lieu of a right to access, you have the right to submit a verifiable request to know specific pieces of your personal information obtained from or about you.

Right to Delete: Except for residents of California and Utah, you have the right to submit a verifiable request to delete personal information that NT-ware has collected from or about you. If you reside in California or Utah, you have the right to submit a verifiable request to delete personal information that NT-ware has collected from you.

Right to Correct: You have the right to submit a verifiable request to correct inaccurate personal information that NT-ware has collected from or about you, taking into account the nature of the personal information and the purposes of processing the personal information.

Right to Data Portability: Except for residents of California, you have the right to obtain from NT-ware, or to ask NT-ware to send to a third party, a copy of your personal information in electronic form that you provided to NT-ware.

Right to Appeal: Except for residents of California, State Residents may also have the right to appeal any decision we make in response to a request to exercise privacy rights. We will inform you of any action taken in response to an appeal, along with a written explanation of the reasons for our decision(s), in accordance with Applicable State Privacy Laws.

Non-Discrimination: NT-ware will not unlawfully discriminate against you for exercising your privacy rights under Applicable State Privacy Laws.

If you reside in Oregon: In addition to the rights described above, you also have the right to obtain, at NT-ware's option, a list of specific third parties to which we have disclosed either your personal information or any personal information.

How to Exercise Your Privacy Rights

NT-ware will respond to requests to exercise privacy rights in accordance with Applicable State Privacy Law if NT-ware can verify the identity of the individual submitting the request. You can exercise these rights in the following ways:

Email: privacy@nt-ware.com

Call + 1-631-669-9100

How we will verify your request

If you submit a request, we match the personal information you provide with the personal information we maintain in our files. The more risk entailed by the request (e.g., a request for specific pieces of personal information), the more items of personal information we may request to verify your identity. If we cannot verify your identity to a sufficient level of certainty to respond securely to your request, we will let you know promptly and explain why we cannot verify your identity.

Authorized Agent

If an authorized agent submits a request to know, correct, or delete on your behalf, the authorized agent must submit with the request a document signed by you that authorizes the authorized agent to submit the request on your behalf. In addition, we may ask you to follow the applicable process described above for verifying your and the authorized agent’s identity. You can submit your authorized agent designation at privacy@nt-ware.com.

8. Additional information for California residents

The California Consumer Privacy Act, as amended by the California Privacy Rights Act (the "CCPA"), requires the following additional information for California residents. The information below concerning the collection and disclosure of California residents' personal information, as well as the information above, apply to NT-ware's collection, use, and disclosure of California residents' personal information during the twelve months preceding the last updated date of this Privacy policy and prospectively.

Notice at Collection

We collect the categories of personal information identified in Section 3 and below for the purposes identified in Section 3, as applicable, and retain personal information for the period described in Section 5, above.

We do not, and will not, sell your personal information or disclose it to third parties for cross-context behavioral advertising ("sharing"). In addition, we have no actual knowledge that we sell or share the personal information of individuals of any age, including the personal information of children under 16. We also do not collect or process sensitive personal information for the purpose of inferring characteristics about you.

Additional information about the categories of personal information we collect

The personal information we collect falls within the following categories of personal information listed in the CCPA:

• Identifiers, such as your name and your email address
• Professional or Employment-Related Information, such as the company name for your employer or your job title,
• Internet or other electronic network activity information, including your IP address, browser type and version, operating system used, and logs of your interactions with our services.

Additional information about disclosures of personal information

We may disclose your personal information to third parties for the following "business purposes" as that term is defined in the CCPA:

• Service providers: We may disclose internet or other electronic network activity information as listed above to service providers for the business purpose of performing services on NT-ware's behalf as described under Section 4.
• NT-ware Group members: We may disclose any of the categories of personal information to the NT-ware Group members listed under 4. for the business purposes of: (a) auditing compliance with policies and applicable laws, (b) helping to ensure security and integrity, (c) debugging, (d) short-term transient use, (e) internal research, and (f) activities to maintain or improve the quality or safety of a service or device.

Note on De-identified Information

At times, we may convert California residents' personal information into de-identified information using reasonable measures to ensure that the de-identified information cannot be associated with the individual ("De-identified Information"). We maintain De-Identified Information in a de-identified form and do not attempt to re-identify it, except that we may attempt to re-identify the information solely for the purpose of determining whether its de-identification processes ensure that the information cannot be associated with the individual. We prohibit vendors, by contract, from attempting to re-identify our De-identified Information.

9. Adaptation of the privacy policy

We reserve the right to update this privacy policy from time to time. Updates will be published. Changes apply from the date of publication.