Privacy Policy

This privacy notice was updated in March 2025.

NT-ware respects your privacy and is committed to protecting your personal data. This privacy notice informs you as to how we look after your personal data when you use uniFLOW Online website and services and tells you about your privacy rights and how the law protects you.

With uniFLOW Online configuration settings, you are in the driving seat of your privacy

  1. General notes and mandatory information
    1. Responsible entity & Data Protection contact
      • Data Protection principles
      • Data Protection at a glance
    2. General information about personal data we collect: what, how, why
    3. Hosting and third-party hosting providers privacy notices
    4. Legal basis for processing
    5. Your legal rights
  2. Data & Retention
    1. Storage duration – general
    2. Data Collection and Storage - specific
    3. Creation of the uniFLOW Online tenant
      • uniFLOW Online Printing and Scanning
      • uniFLOW Online logging
      • uniFLOW Online Services Logs
      • uniFLOW Online Audit Logs
      • Scanning with Filing Assist
      • Device and client-side application (uniFLOW SmartClient) Diagnostic Trace Logs
      • Sales & Support Channel Information
        • Chat function
        • NT-ware Customer Portal registration
      • Enquiries by email, telephone, or fax
  3. Security
  4. Cookies
  5. Data exchange with NT-ware subsidiaries, third parties and in special situations
  6. Plugins and tools
  7. Changes

  1. General notes and mandatory information
    1. Responsible entity & Data Protection contact

    This privacy notice describes how we collect information about you, what we do with that information and what controls you have over that information in relation to your use of our website.

    The responsible entity is: NT-ware Systemprogrammierungs-GmbH Niedersachsenstraße 6, 49186 Bad Iburg, Germany

    Telephone: +49-54 03 – 7243 – 0

    Email: privacy@nt-ware.com

    If you have any questions about your personal data processed by us or this privacy notice, you can contact us by email at privacy@nt-ware.com or by post at the address of the responsible entity with the addition of DATA PROTECTION.

    We comply with data protection law and principles, which means that your data will be:

    We collect data from you, through our interactions with you and through our platform. You provide some of this data directly, and we get some of it by collecting data about your interactions, use, and experiences with our platform. The data we collect depends on the context of your interactions with us and the choices you make, including your privacy settings and the services and features you use. We may also obtain data about you from third parties.

    You have the right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time in the future. You also have the right to request the restriction of the processing of your personal data under certain circumstances. You have the right at any time to receive information free of charge about the source, recipient, and purpose of your stored personal data. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

    1. General information about personal data we collect: what, how, why

      What data is collected

      The personal data (personal data is any data that on its own or with other data can identify you) collected from you depends on the use of our services and the use of certain functions available on the platform and the automatic data collection mentioned above.

      This can include the following data:

      Personal names, domain name, address, country, region, telephone, email address, serial number, language settings;

      • Reasons for contacting NT-ware;
      • uniFLOW Online Service Logs (for more information, see "uniFLOW Online logging" in section 2.2 of this privacy notice);
      • uniFLOW Online Audit Logs (for more information, see "uniFLOW Online logging" in section 2.2 of this privacy notice);
      • Other information relevant to doing business with NT-ware;
      • Potentially all kinds of personal data contained within a scanned or printed document that needs to be processed via uniFLOW Online cloud service, depending on the selected function.

      Caution: As stated above, if uniFLOW Online print and scan jobs are initiated, theoretically, all kinds of personal data can be on the documents and thus be processed via the uniFLOW Online cloud service! We have no influence on which documents are printed or scanned. Therefore, we have no influence on and accept no responsibility for the content of the documents or the personal data contained therein.

      How we collect your data

      Your data is collected when you provide it to us. This may, for example, be data that you send to us via the email function.

      Data may also be collected automatically or with your consent by our IT systems when you visit our platform and certain actions such as the below are performed:

      • you create a uniFLOW Online tenant;
      • it is provided to us by a third party on your behalf for the provision to you of uniFLOW Online cloud services;
      • you use uniFLOW Online services through a third party;
      • you receive a download link from a third party through the uniFLOW Online service
      • you use the uniFLOW Online platform and interact directly with our uniFLOW Online services;
      • automated interactions take place through IT systems;
      • you use the NT-ware Customer Portal

      Why we collect your data

      Part of the data is collected to ensure the error-free provision of the platform and the provisions of the services to you. Moreover, we process the data for the following processing activities:

      • Enquiry handling (e.g., via email);
      • Chat function via Userlike;
      • uniFLOW Online tenant creation;
      • Login functionality;
      • Provision of print and scan functionalities.
    2. Hosting and third-party hosting providers privacy notices

      We use multiple hosting services in the delivery of uniFLOW Online cloud service.

      • Microsoft Azure Services: provided by Microsoft Ireland Operations, Ltd., located One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland.
      • Atlassian Pty Ltd, Level 6, 341 George Street, Sydney NSW 2000 Australia provides and hosts Jira software which is used to provide our NT-ware Customer Portal for project and issue tracking.

      Generally, data is only processed within the geographical location the uniFLOW Online tenant has been created. Geographical locations of our dedicated Microsoft Azure deployments can be found on our Trust Center: Reliability – uniFLOW Online.

      When you visit uniFLOW Online cloud services, your personal data is processed on the aforementioned hosting services. Personal data of European website visitors are not hosted on servers located outside the European Union or the European Economic Area but remain within the European Union or the European Economic Area.

      Third party hosting providers privacy notices

      We have concluded a data processing agreement (DPA) with each of the above-mentioned providers. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our platform users in accordance with our instructions and in compliance with GDPR.

    3. Legal basis for processing

      The use of the above hosting providers is based on Art. 6 para. 1 lit. b GDPR if your request is related to the performance of a contract or is necessary for the performance of pre-contractual measures.

      In all other cases, the processing is based on our legitimate interest, according to Art. 6 para. 1 lit. f GDPR.

      We have a legitimate interest in ensuring that our platform is presented as reliably as possible. Insofar as corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

      Furthermore, where we do not rely on your consent, processing of your personal data is subject to legitimate interest, performance of contract or compliance with a legal obligation.

      • Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service and the best and most secure experience.
      • Performance of contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
      • Comply with a legal obligation means processing your personal data where it is necessary for compliance with a legal obligation that we are subject to.
    4. Your Legal Rights

      Within the framework of the applicable legal provisions,

      • Request access to your personal information (commonly known as a "data subject access request"): you have the right at any time to request and receive free information about your stored personal data, its source and recipients and the purpose of the data processing.
      • Request correction of the personal information that we hold about you: this enables you to have any incomplete or inaccurate information we hold about you corrected.
      • Request erasure of your personal information: this enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing.
      • Revocation of your consent to data processing: if data processing is carried out on the basis of your consent, you can revoke the consent you have given at any time. The lawfulness of the data processing carried out until the revocation remains unaffected by the revocation.
      • Right to object to the collection of data in specific cases and to direct marketing: if the data processing is based on Art. 6 para 1 lit. e or f GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy notice. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate interests/reasons for the processing which override your interests, rights, and freedoms or the processing serves the purpose of asserting, exercising, or defending legal claims (objection under Article 21 para. 1 GDPR). If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct advertising (objection pursuant to Art. 21 para. 2 GDPR).
      • Right of complaint to the competent supervisory authority: in the event of breaches of the GDPR, data subjects shall have a right of complaint to a supervisory authority, in particular in the Member State of their habitual residence, their place of work, or the place of the alleged breach. The right of appeal is without prejudice to any other administrative or judicial remedy.
      • Right of data portability: you have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.
      • Right to restriction of processing: You have the right to request the restriction of the processing of your personal data. To do this, you can contact us at any time. The right to restriction of processing exists in the following cases:
        • If you dispute the accuracy of your personal data stored by us, we usually need time to check this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.
        • If the processing of your personal data happened/is happening unlawfully, you can request the restriction of data processing instead of erasure.
        • If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request the restriction of the processing of your personal data instead of erasure.
        • If you have raised an objection pursuant to Art. 21 (1) GDPR, a balancing of your interests and ours must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to demand the restriction of the processing of your personal data.
        • If you have restricted the processing of your personal data, such data may – apart from being stored – only be processed with your consent or for the assertion, exercise, or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.
  2. Data & Retention
    1. Storage duration - general

      Unless a more specific storage period has been specified within this privacy notice, your personal data will remain with us until the purpose for processing the data no longer applies. If you assert a justified request for deletion or revoke consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., retention periods under tax or commercial law); in the latter case, the data will be deleted after these reasons no longer apply.

      Thus, we treat your personal data regarding deletion and retention periods as follows:

      • Service Log data: 90 days.
      • User data: Generally, we keep your user data as long as you are registered as a user in your uniFLOW Online tenant. As soon as your account no longer exists or has been deleted, user data will be completely deleted after a further 24 hours.
      • uniFLOW Online tenant: Customer data is stored in uniFLOW Online only while it is required. Once the customer is inactive for 120 days, an email is sent out to warn the registered root administrator that after 60 more days, their uniFLOW Online tenant and all private data will be deleted if no further activity is noted. The deletion process can be initiated by Canon / Canon Partners on request.
      • we only store information about your visit to our platform for as long as is necessary for the purposes stated.
      • We retain users’ browser data up to a period of 12 months.
      • (Online) Print Jobs:
        • All submitted print jobs not released will be automatically deleted after the selected print job lifetime has expired. The print job lifetime is by default set to 10 hours.
        • "Classic device UI" offers a “Print & Delete” option, which deletes the print job after release.
        • “Modern device UI' does not offer a “Print & Delete” option. If the print job has been released, it will be available in the "Printed jobs" queue. The initial print job lifetime or a custom lifetime for printed jobs applies as configured. The print job is deleted from the “Printed jobs” queue after the selected initial print job lifetime or custom lifetime for printed jobs span has expired. The custom lifetime for printed jobs is, by default, set to 1 minute. Printed jobs are deleted immediately if the custom lifetime for printed jobs is set to 0.
      • to the extent necessary to provide you with our products or services;
      • to the extent necessary for the purposes set out in this privacy notice or at the time of collection;
      • to the extent necessary to comply with our legal obligations and in accordance with legal requirements; and
      • to resolve disputes and to comply with our contracts

      After expiry of the applicable retention period, the personal data is deleted or made anonymous. This is ensured by the following measures:

      • Deletion of the unique identifiers that allow a record to be associated with a specific individual;
      • Deletion of individual information that identifies the data subject (either alone or in combination with other information);
      • Separation of personal data from non-identifying information (e.g., an order number from a customer’s name and address); or
      • Aggregation of personal data in such a way that it can no longer be attributed to an individual. Save for the uniFLOW Online Audit logs, where personal information remains even after the deletion of a user.
    2. Data Collection and Storage - specific
      • Creation of uniFLOW Online tenant

      To create your uniFLOW Online tenant it is necessary to process your personal data. The user account is necessary so that you can use uniFLOW Online cloud service in accordance with its terms. You need to complete and submit an online form with the data set out below; you will receive your access data from us by email.

      The following data will be processed by us as described above:

      • User name,
      • Email address,
      • Department (optional),
      • Company address,
      • “Tenant” Name (Domain Name),
      • Telephone number (optional),
      • Place of residence (country),
      • Serial number of the “Dealer Tenant” (optional)

      Some information is mandatory (e.g., email address and postal address), some is optional (e.g., telephone number), and some is automatically assigned to you (e.g., serial number). The processing of this data is based on Art. 6 para 1 lit. b GDPR if your request is related to the performance of a contract or is necessary for the performance of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in proper user management and making the platform user-friendly (Art. 6 para 1 lit. f GDPR) or on your consent (Art. 6 para 1 lit. a GDPR) if this has been requested.

      The data you send to us will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g., after you have cancelled your account or are no longer authorized to use this account). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

      • uniFLOW Online Printing and Scanning

      If uniFLOW Online print and scan jobs are initiated, theoretically, all kinds of personal data can be on the documents and thus be processed via uniFLOW Online cloud service! We have no influence on which documents are printed or scanned. Therefore, we have no influence on and accept no responsibility for the content of the documents or the personal data contained therein.

      For cloud processing, we use Microsoft Azure Services, provided by Microsoft Ireland Operations, Ltd., located at One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland.

      Only regionally based data centers are used for document processing. More information on data processing by Microsoft, is set out in section 1.3 above.

      • uniFLOW Online logging: uniFLOW Online metric logs, application and service logs

     

    uniFLOW Online Website logs (metrics)

    uniFLOW Online endpoint logs

    (Service logs)

    uniFLOW Online Audit logs

    (Audit log)

    What is Logged?

    Platform / Infrastructure (server) logs

    uniFLOW Online web portal (application) logs

    uniFLOW Online Endpoint component (application) logs

    e.g., Canon MEAP app/Device, uniFLOW SmartClient for Windows/Mac, Chrome Extension, uniFLOW Server, etc.

     

    Which setting changed in uniFLOW Online user interface and who changed it.

     

    What is the Purpose?

    To detect any anomalies and keep the service (infrastructure and software) up and running.

    To diagnose an issue that has occurred at one of the uniFLOW Online endpoints.

    e.g., issues on the customer PC, network, Internet connection or with connection to uniFLOW Online

    As there can be multiple uniFLOW Online Administrators, the Audit Log in uniFLOW Online user interface shows which person actually changed which setting.

    Who Collects?

    NT-ware (Canon Inc. for Filing Assist)

    Could be collected manually by Customer / Canon Sales Company.

    Could be sent automatically to NT-ware, by the end user pressing "Send Diagnostics" function (if applicable to that endpoint and enabled)

    uniFLOW Online automatically creates the log, each time the setting is changed.

    Who Reads?

    NT-ware (Canon Inc. for Filing Assist)

    Canon NSO Helpdesks.

    But NT-ware Technical Support is the main target for this information.

    NT-ware support may provide some of the diagnostic data to Canon Inc. if the issue is Canon device related, but there is a process to anonymise private information before sending.

    A uniFLOW Online user with the role of Administrator / Partner Administrator.

    Which could be the customer or Canon.

    NT-ware does not normally have access to or need access to this log. But NT-ware Technical Support may ask the customer to check, "who changed the setting x", in order to diagnose an issue.

    uniFLOW Online cloud service automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

    This data is not merged with other data sources.

    The collection of this data is based on Art. 6 para. 1 lit. f GDPR. The provider has a legitimate interest in the technically error-free presentation and optimization of the website – for this purpose, the server log files must be collected.

    Reports that your administrator can export and which contain user activity performed against the uniFLOW Online tenant are available for 180 days. Login/Logout events, changes made to configuration, navigation to certain areas of the uniFLOW Online tenant configuration.

    After a user has been deleted from a tenant, the user will continue to be identifiable within the uniFLOW Online Audit log.

    The audit log of a tenant can only be exported by the tenant administrator. The audit entries contained within the report include information that allow the user who performed the action to be identified.

    If the subscription “Advanced Scanning or Cloud Image Processing” is activated (higher subscription), certain data may be processed by our service provider Canon Inc., located at 30-2, Shimomaruko 3-chome, Ohta-ku, Tokyo 146-8501, Japan (over Microsoft Azure Cloud) in the course of Optical Character Recognition (OCR) processing for certain scanning functions so that the function can be performed in accordance with the NT-ware’s online subscription terms.

    The following personal data may be processed in the course of scanning with Filing Assist:

    For this cloud processing, Canon Inc. uses Microsoft Azure Services, provided by Microsoft Ireland Operations, Ltd., located at One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland. Only regionally-based data centers are used for document processing.

    The PIXMA/MAXIFY/PIXUS Cloud Link used for Inkjet Print & Scan is hosted on Amazon Web Services, Inc. (AWS) in Germany. Print jobs are transferred to AWS, temporarily stored for processing, and then sent to the attached Inkjet printer.

    We have concluded a data processing agreement (DPA) with Canon Inc. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and compliance with the GDPR.

    Once enabled, the Trace Logs are sent to us directly. This detailed developer-level log information contains application data at various steps in the execution of the source code. Application data could be:

    The above data processing is for support purposes to gather detailed developer-level log information.

    The processing of the above data is based on Art. 6 para 1 lit. b GDPR, insofar as your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested.

    Your Canon Support Service team has access to a chat facility built into uniFLOW Online user interface and may use this to get support during the installation and configuration of your tenant. We use the service provider Userlike UG (limited liability) located Probsteigasse 44-46, 50670 Cologne, Germany. The following data may be processed when using the chat function:

    For more information on data processing by Userlike, please refer to the following privacy statement:

    https://www.userlike.com/en/data-privacy

    The use of this service provider is based on Art. 6 para 1 lit. b GDPR, insofar as your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in the effective processing of the communication with the user and the customer or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested.

    We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

    We offer users the possibility to register for our NT-ware Customer Portal by providing personal data. The data is collected by means of Microsoft Forms.

    By submitting the form, the following personal data will be collected for the purpose of the registration process:

    The processing of this data is based on Art. 6 para 1 lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in the effective processing of the inquiries addressed to us and to collect the information required for registration for the NT-ware Customer/Support Portal via an appropriate, reliable and secure platform or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested.

    The data you send to us will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g., after you have cancelled your account or are no longer authorized to use this account). Mandatory legal provisions – in particular legal retention periods – remain unaffected.

    If you contact us by email, telephone, or fax, your inquiry, including all personal data resulting from it (e.g., name, telephone number, email address, country), will be stored and processed by us for the purpose of processing your request.

    The processing of this data is based on Art. 6 para 1 lit. b GDPR if your request is related to the performance of a contract or is necessary for the performance of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para 1 lit. f GDPR) or on your consent (Art. 6 para 1 lit. a GDPR) if this has been requested.

    The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g., after we have completed processing your request). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

  3. Security

    The security of your personal information is very important to us. We use physical, electronic and administrative security measures to protect your personal information from loss, misuse, unauthorized access, disclosure, alteration, and destruction.

    We also conduct employee training, regular reviews, assessments, and implementation of new (or applicable) technologies, as well as data deletion, encryption (we use TLS 1.2 encryption or higher), firewalls, and access restrictions. You can find out more about our security measures on https://www.uniflowonline.com/en/trust-center/security/.

    Furthermore, all personal data is located in data centers with security features that comply with legal requirements. All data is protected in accordance with applicable security standards.

    Unfortunately, it is not possible to fully protect data against access by third parties. In the unlikely event that your personal information is or is reasonably suspected to be in the hands of an unauthorized person we will investigate and if required notify you together with the steps to restore the integrity of the data system.

  4. Cookies

    uniFLOW Online uses so-called “cookies”. Cookies are small text files and do not cause any damage to your end device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser.

    In some cases, cookies from third-party companies may also be stored on your terminal device when you enter our sites (third-party cookies). These enable us or you to use certain services of the third-party company.

    Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them.

    Cookies that are required to carry out the electronic communication process or to provide certain functions that you have requested (e.g., for displaying videos) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies has been requested, the storage of the cookies in question is based exclusively on this consent (Art. 6 para. 1 lit. a GDPR); consent can be revoked at any time.

    You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.
    Insofar as cookies are used by third-party companies or for analysis purposes, we will inform you separately about this within the framework of this privacy notice and, if necessary, request your consent.

    Further information on the cookies used on this website is set out in our Cookie Policy.

    Furthermore, links from external providers or links to other websites for which NT-ware is responsible may be available on the website. If you do not want information about you to be collected through these websites, please do not click on these links or ensure that you only enable the cookies that you agree to use as part of the cookie settings on the relevant website.

  5. Data exchange with NT-ware subsidiaries, third parties and in special situations

    Unless otherwise stated in this privacy notice, personal information is for internal use only and will not be disclosed to third parties. Notwithstanding the foregoing, information in the context of uniFLOW Online support requests may be shared with other NT-ware Group companies, namely:

    These are primarily support requests submitted to us by you, the customer of uniFLOW Online, or a respective Canon dealer (via NT-ware Customer Portal).

    These support requests may contain personal data like user names, email addresses, and, if documents were attached to the ticket, potentially any kind of personal data which is stated in the document. We have no influence on which documents are shared. Therefore, we have no influence on and accept no responsibility for the content of the documents or the personal data contained therein.

    If the processing of your request has a (pre-)contractual background, we rely on Art. 6 para. 1 lit. b GDPR for the transfer (if this is necessary) of your personal data.

    Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

    We have concluded a data processing agreement (DPA) with the above-mentioned subsidiaries. This is a contract required by data protection law, which ensures that they only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

    Standard contractual clauses have been concluded with the subsidiaries in the USA and Singapore as an appropriate safeguard for the exchange of personal data pursuant to Art. 46 para. 2 lit. c GDPR.

    If personal data is exchanged with the subsidiary in Japan, the adequacy decision of the European Commission, pursuant to Art. 45 para. 3 GDPR will be relied upon. Such an adequacy decision means that the European Commission has decided that a transfer of personal data to a third country may be made because the third country in question offers an adequate level of protection.

    Some of the third parties described in this privacy notice, which provide services to us under contract, are based in other countries that may not have equivalent privacy and data protection laws to the country in which you reside. When we disclose information of customers in the European Economic Area, the UK, or Switzerland, we make use of the European Commission-approved standard contractual data protection clauses, binding corporate rules for transfers to data processors, or other appropriate legal mechanisms to safeguard the transfer.

    In the event of an acquisition of NT-ware or substantially all of its assets, customer information may be one of the transferred assets. In addition, in the event of a reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all of our business, assets, or shares (including in connection with a bankruptcy or similar proceeding), the personal information we process may be transferred to the relevant third party.

    In addition, where there is a valid and legitimate request of a government to access your data for national security and law enforcement purposes while safeguarding your privacy and other human rights and freedoms, we will comply with the applicable privacy laws in the territory and - where possible – NT-ware will pass the request to you to be dealt with.

  6. Plugins and Tools

    When you use connectors available on uniFLOW Online website to connect to or send information to third party services, your data is processed and sent to such third-party services and is subject to their privacy policies.

    In addition:

    We use Google Maps (API) from Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”) on uniFLOW Online cloud service. Google Maps is a web service for displaying interactive maps in order to provide geographical information.

    When the Google Maps function is used, information about your use of our platform (e.g., your IP address) is transmitted to Google’s servers in the United States and stored there. This happens regardless of whether Google provides a user account to which you are logged in or whether there is no user account. If you are logged in to Google, your data will be directly assigned to your account.

    If you do not wish to be associated with your Google profile, you must log out of your Google account before activating the “Register” button for the test drive. Google stores your data (also for users who are not logged in) as usage profiles and evaluates them.

    Pursuant to Art. 6 para. 1 lit. f GDPR, such an evaluation is based on Google’s legitimate interests in the display of personalized advertising, market research, and/or the needs-based design of its website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise these rights.

    If you do not agree to the future transmission of your data to Google when using Google Maps, you can also completely deactivate the Google Maps web service by switching off the JavaScript application in your browser. In this case, Google Maps and the map display on this website cannot be used.

    You can find Google’s terms of use at: https://policies.google.com/terms?hl=en.

    Further terms of use for Google Maps can be found at: https://www.google.com/intl/en_US/help/terms_maps/.

    For details on data protection in connection with the use of Google Maps, please refer to Google’s privacy policy: https://policies.google.com/privacy?hl=en.

    For the purpose of preventing so-called bots (machines/robot programs) from abusing certain interactions such as registrations on websites (e.g., through fake user attacks), we use Google reCAPTCHA (Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA) on some of our websites. Google reCAPTCHA tests whether it is a user/website visitor or a bot and thus enables access to the website.

    When checking (activating the tool) whether it is a “human” user or a bot, the following personal data may be processed and forwarded to Google (transmission to the USA is also possible):

    Google reCAPTCHA is used in the interest of the security of our websites and products. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR (among other things, prevention of spam). If a corresponding consent was requested, the processing is based exclusively on Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

    Depending on your configuration, you may be able to connect your preferred third-party payment provider to uniFLOW Online cloud service. This corresponds to our legitimate interest in offering an efficient and secure payment method (Art. 6 para. 1 lit. f DSGVO). By using such third-party payment providers, you agree that your data may be processed by such providers in accordance with their privacy policy. Please ensure you have read and understood such policies.

  7. Changes

    This privacy notice may be amended from time to time. You should therefore check the notice regularly for changes regarding the privacy notice. If necessary, we will inform you directly about such updates either by indicate the update on the platform or through other contact means you have provided to us. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.