This privacy policy applies only to visits of this marketing website. Use of our password-protected application is governed by separate privacy notices and a separate data processing agreement, which are made available during contracting.
1. Controller
Flow Edge Solutions
Owner: Khaled Ayub
Königsallee 63-65
40215 Düsseldorf
Email: privacy@normendo.com
VAT ID: DE458470452
2. Server log files
Each time the website is accessed, the user's browser automatically transmits information to our server, where it is temporarily stored in a log file: date and time of access, browser type and version, operating system, requested content, referrer URL, transferred data volume, HTTP status code, and IP address.
This processing is strictly necessary within the meaning of § 25(2)(2) TDDDG to provide the telemedia service requested by the user. Subsequent evaluation serves to enhance data protection and security on the basis of Art. 6(1)(f) GDPR. Data — in particular the IP address — is deleted no later than 30 days after collection unless an attack or threat has been detected.
3. Contact form
Our /contact page (German: /kontakt) provides a contact form. Name, email address, and message content are processed. The purpose is to handle the inquiry and to support pre- and post-contract coordination regarding a possible business relationship. The legal basis is Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR. The form is transmitted securely over HTTPS.
Data is deleted once the inquiry has been finally handled and no statutory retention obligations apply.
4. Embedded scheduling provider
On our contact page and in the demo section we provide an external scheduling tool through which users can book a meeting. The calendar is not loaded automatically when the website is opened. Only when the user actively loads the scheduling widget or opens the external booking link is content loaded from the external provider's server; this technically transmits IP address and browser information. When a booking is made, the additional data entered in the booking form is processed.
Legal basis is Art. 6(1)(f) GDPR, and for storage of cookies or similar information on the user's device Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG once the user actively loads the booking dialog. The provider of the scheduling service is independently responsible for processing within its own service.
5. Images, Videos, Maps, and External Content
Images and videos on this website are served locally or through our own website delivery. External video or map embeds such as YouTube, Vimeo, or Google Maps are not loaded automatically when the page opens. Map references are implemented as static displays or external links; Google Maps opens in a new tab only after the user actively clicks the link. External embeds are loaded only through a two-click solution.
6. Cookies
We use only strictly necessary cookies on this website. No marketing, tracking, or web analytics cookies are used, and we therefore do not operate a consent management tool. The legal basis for the necessary cookies is § 25(2)(2) TDDDG.
External content that may use its own cookies or similar storage technologies is not loaded automatically. This applies in particular to scheduling through Cal.com.
7. Recipients and international transfers
To provide the website we use carefully selected processors, in particular for hosting and infrastructure, sending transactional emails, and, where enabled, cookieless reach measurement. Data processing agreements under Art. 28 GDPR are in place with all processors. Disclosure beyond this occurs only where legally permitted or required.
Where third-country access cannot be excluded, transfers are based on EU Standard Contractual Clauses (Implementing Decision (EU) 2021/914), the EU-US Data Privacy Framework, or other lawful safeguards under Art. 46 et seq. GDPR.
8. Profiling and web analytics
We do not perform automated profiling within the meaning of Art. 22 GDPR and we do not use web analytics or marketing tracking tools.
9. Data subject rights
- Access, rectification, erasure, and restriction of processing (Art. 15–18 GDPR)
- Data portability and objection under Art. 20 and Art. 21 GDPR
- Withdrawal of consent for future processing (Art. 7(3) GDPR)
- Lodging a complaint with a competent supervisory authority. For us, this is the Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW), Kavalleriestraße 2–4, 40213 Düsseldorf, Germany (Art. 77 GDPR)
10. Security
We apply technical and organizational measures pursuant to Art. 32 GDPR and § 19 TDDDG to protect personal data. Transmission is encrypted via HTTPS.
11. Changes to this policy
We reserve the right to adapt this privacy policy if the website or the legal framework changes. The current version is published at /privacy.
12. Contact
Privacy inquiries: privacy@normendo.com
General inquiries: info@normendo.com