Skip to content

Platform Privacy Policy

Last updated on 08.06.2022

1. Introduction and general information

Thank you for your interest in our web-application. The protection of your personal data is very important to us. Below you will find information about how we handle your data that is collected through your use of our web-application https://app.netzo.io/, herein onward "Platform". This platform and all other websites under the netzo.io domain are provided by Rokaware S.L. (“Rokaware”, “Netzo,” “we,” or “us”), who offers an all-in-one orchestration platform for IoT and IT services with combined developer features and functions.

This Privacy Policy (“Policy”) applies to the personal information Rokaware S.L., branded under the product name "Netzo", its subsidiaries, located worldwide within the Netzo family of companies (“Affiliates”), collect through https://app.netzo.io/ (Platform), owned or controlled by us or within the Netzo family of companies that give reference to this Policy.

A separate privacy policy applies to our website, available at https://netzo.io/, herein onwards ("Website"). Collectively referred to as "Services". The data collected will be processed in accordance with the statutory data protection regulations.

2. Contact Information

2.1 Identity and contact of the data controller under data protection law:

Main place of business (HQ)

Spain
Rokaware S.L.
Paseo de la Castellana 30, Bajo Derecha
28046 Madrid, Spain
+34 910 601 536
[email protected]
https://netzo.io

Managing Director:
Arturo Romero Karam (M. Sc.)
Place of jurisdiction: Madrid Local Court
NIF (Tax-ID): B09980772

Netzo family of companies ("Affiliates")

GermanyMexico
Asterisc GmbH
Tal 44, 80331 Munich, Germany
+49 892 4886 6390

Managing Director:
Arturo Romero Karam (M. Sc.)
Place of jurisdiction: Munich Local Court
Commercial register number: HRB 265887
USt-ID (Tax-ID): DE344312042
Rokaware S.A.P.I. de C.V.
Corinto 206, San Pedro Garza Garcia
Nuevo Leon, 66274 Mexico

Managing Director:
Arturo Romero Vargas (MBA)
RFC (Tax-ID): ROK220225I67


2.2 Contact of the data protection officer:

Proliance GmbH / datenschutzexperte.de
Data Protection Officer
Leopoldstr. 21
80802 Munich
[email protected]

INFO

Support in English and German. For questions in Spanish, please write to us at: [email protected]

When contacting the data protection officer, please state the company to which your request relates. Please DO NOT provide sensitive information that could identify you, e.g. attaching copy of ID.

3. Data protection regarding the Joint Controllership ("JC")

In the course of the use of our Services, ROKAWARE S.L. and its Affiliates (hereinafter "the Controllers") shall work closely together. This also concerns the processing of personal data relating to you. In this regard, the Controllers are jointly responsible for the protection of the personal data they process to the extent described below (Art. 26 GDPR).

3.1 Agreement made by the parties

Within the scope of their joint responsibility under data protection law, ROKAWARE S.L. and its Affiliates have set out in a written agreement which of the controllers are subject to certain obligations under data protection law and who of the controllers fulfills which obligations. In particular, the data controllers have reached an agreement on who is responsible for exercising data subject rights in accordance with Art. 15-22 of the GDPR and for fulfilling information obligations in accordance with Art. 12-14 of the GDPR (see point 3.3).

3.2 Processing operations covered by the joint responsibility

Your data is collected as part of:

  • Submitting inquiries and/or requests to the Controllers through email, telephone, or through the Services;

  • Registration and/or through a purchase process in the Platform.

  • While using and navigating through our Services (according to your consent collected through the cookie banner)

  • Applications sent through our job portal or email.

In particular, the data is centrally processed in the CRM, HR or respective system by ROKAWARE S.L. for order management and passed on to the Affiliates for order fulfillment.

Apart from the processing operations listed above, the (further) processing of personal data is carried out in each case under the separate responsibility of ROKAWARE S.L. and its Affiliates.

You will be informed separately by the respective controller about the areas in which any company under the Netzo family of companies act under their own responsibility.

3.3 Separation of Controller obligation under GDPR and its meaning to you as data subject

Within the scope of their joint responsibility under data protection law, ROKAWARE S.L. and its Affiliates have agreed, who fulfills which obligations under the GDPR and have specified this in a written agreement:

Processing activity Obligation under data protection law Responsible company in charge of the duty and description of its implementation
Operation and provision of the Services, Registration and use of the Platform
Information obligations pursuant to Art. 12 et seq. GDPR and Art. 26 para. 2 (2) GDPRROKAWARE S.L.
Operation and provision of the Services, Registration and use of the PlatformProcessing of requests to exercise data subject rights according to Art. 15-21 GDPRThe persons responsible inform each other immediately about the rights of data subjects asserted by data subjects in accordance with Art. 12 et seq. GDPR. They provide each other with all the information necessary to respond to requests for information or other inquiries.
Operation and provision of the Services, Registration and use of the PlatformData protection incidents: Fulfillment of obligations according to Art. 33, 34 GDPRThe persons responsible are jointly responsible for examining and processing in the event of violations of the protection of personal data or a security-related disruption in joint data processing, including the fulfillment of any reporting obligations to the competent supervisory authority (Article 33 GDPR) or notification obligations towards the data subjects that may be triggered as a result (Art. 34 GDPR) responsible. The persons responsible have undertaken to inform each other immediately and completely if they identify errors or irregularities with regard to data protection regulations when checking the processing activities.
Operation and provision of the Services, Registration and use of the PlatformEnsuring appropriate technical and organizational measures according to Art. 24, 25, 32 GDPRThe Controllers are jointly responsible for ensuring appropiate technical and organizational measures in joint data processing according to Art. 24, 25, 32 GDPR

In addition, the responsible parties shall ensure that employees maintain the confidentiality are appropriately bound to confidentiality under data protection law and instructed guidelines on the protection of data that are relevant to them.

The Controllers shall ensure that the processing operations covered by the joint controllership are documented in their processing records pursuant to Article 30 (1) of the GDPR and that other documentation is prepared to fulfill the accountability obligation pursuant to Article 5 (2) of the GDPR.

The responsible parties shall independently ensure that the statutory provisions on the deletion of data and the restriction of data processing are complied with. The responsible parties shall observe the statutory retention obligations.

You can find the rights you are entitled to and the contact details for asserting your rights in section "Your rights" in this Privacy Policy. Notwithstanding the above arrangements, data subject rights can be asserted with all data controllers using the contact details described in section "Contact information" of this Privacy Policy or by sending an email to: [email protected]

4. Definitions

Our privacy policy should be simple and understandable for everyone. For this reason, our privacy policy generally uses the official terms of the General Data Protection Regulation (GDPR). The official definitions are explained in Art. 4 GDPR.

5. Access to and storage of information in terminal equipment

By using our platform, access to information (e.g. IP address) or storage of information (e.g. cookies) in your terminal equipment and a subsequent processing of personal data within the meaning of the GDPR may occur. In cases where such access to information or such storage of information is strictly necessary for the technically error-free delivery of our services, this is done on the basis of §25 (1)(1) and §25 (2)(2) Telecommunications and Telemedia Data Protection Act (TTDSG).

In cases where such a process serves other purposes (e.g. the needs-based design of our platform), this will only be carried out on the basis of § 25 (1) TTDSG with your consent pursuant to Art. 6 (1)(a) GDPR. The consent can be revoked at any time with effect for the future.

For more information on the processing of your personal data and the relevant legal basis in this context, please refer to the following sections on the specific processing activities on our platform.

6. Hosting

This web-application's frontend is hosted by an external service provider (Cloudflare). This web-application is hosted through Cloudflare's CDN and is therefore served by many servers worldwide. Personal data collected on this web-application is stored on the hoster's servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, web page accesses and other data generated. Our backend API is hosted with Google Cloud Run primarly Belgium.

We have concluded a Data Processing Agreement with the providers in accordance with the requirements of Art. 28 GDPR, in which we commit him to protect the data of our customers and not to pass them on to third parties.

7. Server-Logfiles

Once you visit our web-application, it is technically necessary that data is transmitted to our web server via your internet browser. The following data is recorded during an active connection for communication between your internet browser and our web server:

  • Visited domain
  • Date and time of the request
  • The page from which the file was requested
  • Access status (file transferred, file not found, etc.)
  • Web browser and operating system used
  • IP address of the requesting computer
  • Amount of data transferred

We collect the listed data in order to be able to guarantee a smooth connection to the website and a technically error-free provision of our services. In addition, the log file is used to evaluate system security and stability as well as for administrative purposes. The legal basis for the temporary storage of the data or the log files is Art. 6 (1)(f) GDPR. These logs are stored by default for a period of 3 days by our hosting provider. Please review the subsection on our hosting service provider Cloudflare in the "Third-party tools we use" section in this privacy policy for more information.

8. Cookies and similar tools

Our web-application uses so-called “cookies”. Cookies are small text files that are either temporarily stored on your end device for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or an automatic solution is provided by your web browser.

Cookies have various functions. Many cookies are technically necessary, as certain web-application functions would not work without them (e.g. the shopping basket function or language settings). Other cookies are used to evaluate user behavior or display advertising.

The processing of data using strictly necessary cookies is based on a legitimate interest pursuant to Art. 6 (1)(f) GDPR in the technically error-free delivery of our services. For details on the processing purposes and legitimate interests, please refer to the following explanations on the specific data processing.

The processing of personal data using other cookies is based on consent in accordance with Art. 6 (1)(a) GDPR. The consent can be revoked at any time with effect for the future. Insofar as such cookies are used for analysis and optimization purposes, we will inform you separately about this in this privacy policy and obtain your consent in accordance with Art. 6 (1)(a) GDPR.

You can set your browser to

  • be informed about the setting of cookies,
  • only allow cookies in individual cases,
  • exclude the acceptance of cookies for certain cases or generally,
  • activate the automatic deletion of cookies when the browser is closed.

The cookie settings can be managed under the following links for each browser:

You can also manage cookies of many companies and functions used for advertising individually. To do so, use the appropriate user tools, available at:

Most browsers also offer a so-called "do-not-track function". When this feature is enabled, the browser tells ad networks, web-applications and applications that you do not want to be "tracked" for behavioral advertising and the like.

For information and instructions on how to edit this feature, please refer to the links below, depending on your browser provider:

Additionally, you can prevent the loading of so-called scripts by default. "NoScript" allows the execution of JavaScripts, Java and other plug-ins only at trusted domains of your choice. Information and instructions on how to edit this function can be obtained from the provider of your browser (e.g. for Mozilla Firefox) at:

Please note that if you disable cookies, the functionality of our web-application may be limited.

9. SSL/TLS encryption

This web-application uses SSL/TLS encryption to secure surfing through our web-application to protect the transmission of confidential content, such as the inquiries that you send to us as the web-application operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If the SSL/TLS encryption is activated, the data that you transmit to us cannot be intercepted or read by third parties.

10. Registration

You have the option of registering for certain services provided on our web-application and thus creating a user profile. We collect and use the following personal data as part of registration and setup:

  • First name/Last name
  • Email Address
  • Company Name
  • Password
  • Freely selectable username
  • Avatar

Mandatory information provided for the purpose of registration is marked with an "asterisk" as a mandatory field in the input mask. There is no obligation to use a clear name, a pseudonymous use is possible. For registration, we use the so-called double opt-in procedure, i.e. your registration is not completed until you have confirmed your registration by clicking on the link contained in a confirmation email sent to you for this purpose. If your confirmation in this regard is not received promptly, your registration will automatically be deleted from our database.

Furthermore, we store the voluntary data provided by you for the duration of your use of the platform, unless you delete it beforehand. All data, except for your user name, can be administered and changed in the protected customer area. With your user account, you have the possibility to use further parts of our web-application and to log in for the offers you have purchased. The legal basis for data processing with consent is Art. 6 (1)(a) GDPR or Art. 6 (1)(b) GDPR if the processing is necessary to provide the desired services. Your data will be deleted as soon as the user account on our web-application is deleted and insofar as there are no legal storage obligations. As a rule, you can change and/or delete your user account, including the data you have entered, directly in your user account after logging in or by sending a corresponding message to the responsible person named in the introduction.

11. Blog and email newsletter

Our email newsletter is powered by Hashnode. Hashnode is a content creation platform that enables us to share ideas with people in tech, developers and engineers. When you navigate to blog.netzo.io, you are automatically redirected to the Netzo channel hosted by Hashnode.

You may subscribe to receive the newsletter Hashnode sends when we upload new content directly from our website or via the company page in the blog.

INFO

By subscribing to the Netzo newsletter, you are creating an account with Hashnode and agree to THEIR Privacy Policy and Terms of Service. You may review the section "Other social media providers" for further information.

The Hashnode platform is operated by LinearBytes Inc., an American company headquartered in 16192 Coastal Hwy, Lewes, Delaware, 19958, United States

Hashnode takes necessary steps to ensure the protection of data transfers outside of the EEA through legally binding contractual terms or EU-approved standard contractual clases, as described in their privacy policy.

For questions or concerns relating to privacy, you can contact them directly at: [email protected]

Hashnode's data protection officer can be contacted at: [email protected]

11.1 Subscribing to e-mail marketing

When you subscribe to the Netzo channel of Hashnode's newsletter, you will be required to confirm your subscription in the confirmation email sent to you for this purpose. This is commonly known as double opt-in.

By verifying your subscription you agree to Hashnode's privacy policy and are giving consent, according to Art. 6 (1)(a) GDPR, to receive emails when we publish new content to our Hashnode channel.

If your confirmation in this regard is not received promptly, your subscription will automatically be deleted from the database.

Customers that have opened an account with us may subscribe or unsubscribe to the newsletter by visiting the user settings and toggling the newsletter switch respectively.

11.2 Unsubscribing to e-mail marketing

All unsubscribe or opt-out requests may be made by clicking the "unsubscribe" link at the bottom of the email or by changing the email preferences in your account settings (both in Hashnode and in the Netzo Web Platform). By making changes to your consent preferences you are modifying the previously given consent, according to Art. 6 (1)(a) GDPR.

INFO

Unsubscribing from the newsletter cannot be interpreted as a request to delete your account with us. Your personal data may therefore be used in accordance to other gathered consents or legally admissible purposes (eg. Registering to our platform). If you would like to request deletion of all of your personal information or account with us please refer to "Your Rights" in this privacy policy.

For requests regarding the deletion of your personal data with Hashnode, you must get in touch with them directly.

12. Third-party tools we use

In order to provide you with modern and efficient service, we use the service and tools of various third-party providers, which may in turn process parts of your personal data. We have carefully selected the below listed third-party providers in accordance with GDPR guidelines.

13. Other specifications

13.1 Data security

We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk in accordance with Article 32 of the GDPR, taking into account the state of the art, the cost of implementation and the nature, scope, circumstances and purposes of the processing, as well as the varying probability and severity of the risk to the rights and freedoms of natural persons. This web-application uses SSL encryption for security reasons and to protect the transmission of confidential content.

13.2 Storage period

The period for which the personal data will be stored is determined by the relevant statutory storage periods (e.g. from commercial law and tax law). The corresponding data is deleted routinely upon expiry of the respective period. If data is required for the fulfillment of a contract or contract initiation, or if we have a legitimate interest in further storage, the data will be deleted if they are no longer required for these purposes or if you make use of your right of withdrawal or objection.

13.3 Necessity of providing personal data

The provision of personal data for the decision on the conclusion of a contract, the fulfillment of the contract or for the implementation of pre-contractual measures is voluntary. However, we can only make the decision in the context of contractual measures if you provide such personal data that is required for the conclusion of the contract, the fulfillment of the contract or pre-contractual measures.

13.4 Automated decision making

Automated decision making or profiling according to Art. 22 GDPR does not take place.

14. Your Rights

In the following, you will find information about your rights as a data subject, granted by the current data protection laws against the controller concerning the processing of your personal data:

  • (1) The right, pursuant to Art. 15 GDPR, to obtain information about your personal data processed by us. In particular, you may request information about the purposes of processing, the categories of personal data concerned, the categories of recipients to whom your data has been or will be disclosed, the envisaged period for which the data will be stored, the existence of the right to request from the controller rectification or erasure or personal data or restriction of processing of personal data concerning you or to object such processing, the existence of a right to lodge a complaint with a supervisory authority, the origin of your data, if these have not been collected by us and the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved, as well as the significance and the envisaged consequences.
  • (2) The right to obtain without undue delay the rectification of inaccurate personal data concerning you. in accordance with Art. 16 GDPR.
  • (3) The right to request the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right of freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
  • (4) The right, pursuant to Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is contested by you, the processing is unlawful, but you oppose the erasure and we no longer need the data for the purposes of processing, but they are required by you for the establishment, exercise or defence of legal claims or you have filed an objection against the processing pursuant to Art. 21 GDPR.
  • (5) The right, in accordance with Art. 20 GDPR, to receive the personal data concerning you, which you have provided to us in in a commonly used and machine-readable format and the right to transmit those data to another controller.
  • (6) The right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR, in particular in the Member State of your habitual residence, place of work.
  • (7) The right to withdraw your given consent pursuant to Art. 7 (3) GDPR: You have the right to withdraw your given consent concerning the processing of your personal data with effect for the future at any time. In the event of withdrawal, we will delete the data concerned without delay, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

INFO

Right to object If your personal data is processed by us based on legitimate interests pursuant to Art. 6 (1)(f) GDPR, you have the right, pursuant to Art. 21 GDPR, to object at any time to the processing of your personal data on grounds relating to your particular situation. If the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the requirement of stating a particular situation.

If you wish to exercise your right of withdrawal, objection or any of your other rights, simply send an e-mail to [email protected].

15. Modifications and status of the privacy policy

We reserve the right, if necessary, to modify and update the status of this data protection declaration in accordance with the applicable data protection regulations. In this way, we are able to adapt to the latest legal requirements and make changes to our services, may it be required; for example, when introducing new services. The latest version of our privacy policy applies for the registration for an account and use of our platform.

Platform Privacy Policy has loaded