Last updated on 08.06.2022
1. Introduction and general information
Thank you for your interest in our web-application. The protection of your personal data is very important to us. Below you will find information about how we handle your data that is collected through your use of our web-application https://app.netzo.io/, herein onward "Platform". This platform and all other websites under the netzo.io domain are provided by Rokaware S.L. (“Rokaware”, “Netzo,” “we,” or “us”), who offers an all-in-one orchestration platform for IoT and IT services with combined developer features and functions.
2. Contact Information
2.1 Identity and contact of the data controller under data protection law:
Main place of business (HQ)
Paseo de la Castellana 30, Bajo Derecha
28046 Madrid, Spain
+34 910 601 536
Arturo Romero Karam (M. Sc.)
Place of jurisdiction: Madrid Local Court
NIF (Tax-ID): B09980772
Netzo family of companies ("Affiliates")
Tal 44, 80331 Munich, Germany
+49 892 4886 6390
Arturo Romero Karam (M. Sc.)
Place of jurisdiction: Munich Local Court
Commercial register number: HRB 265887
USt-ID (Tax-ID): DE344312042
|Rokaware S.A.P.I. de C.V.|
Corinto 206, San Pedro Garza Garcia
Nuevo Leon, 66274 Mexico
Arturo Romero Vargas (MBA)
RFC (Tax-ID): ROK220225I67
2.2 Contact of the data protection officer:
Support in English and German. For questions in Spanish, please write to us at: [email protected]
When contacting the data protection officer, please state the company to which your request relates. Please DO NOT provide sensitive information that could identify you, e.g. attaching copy of ID.
3. Data protection regarding the Joint Controllership ("JC")
In the course of the use of our Services, ROKAWARE S.L. and its Affiliates (hereinafter "the Controllers") shall work closely together. This also concerns the processing of personal data relating to you. In this regard, the Controllers are jointly responsible for the protection of the personal data they process to the extent described below (Art. 26 GDPR).
3.1 Agreement made by the parties
Within the scope of their joint responsibility under data protection law, ROKAWARE S.L. and its Affiliates have set out in a written agreement which of the controllers are subject to certain obligations under data protection law and who of the controllers fulfills which obligations. In particular, the data controllers have reached an agreement on who is responsible for exercising data subject rights in accordance with Art. 15-22 of the GDPR and for fulfilling information obligations in accordance with Art. 12-14 of the GDPR (see point 3.3).
3.2 Processing operations covered by the joint responsibility
Your data is collected as part of:
Submitting inquiries and/or requests to the Controllers through email, telephone, or through the Services;
Registration and/or through a purchase process in the Platform.
While using and navigating through our Services (according to your consent collected through the cookie banner)
Applications sent through our job portal or email.
In particular, the data is centrally processed in the CRM, HR or respective system by ROKAWARE S.L. for order management and passed on to the Affiliates for order fulfillment.
Apart from the processing operations listed above, the (further) processing of personal data is carried out in each case under the separate responsibility of ROKAWARE S.L. and its Affiliates.
You will be informed separately by the respective controller about the areas in which any company under the Netzo family of companies act under their own responsibility.
3.3 Separation of Controller obligation under GDPR and its meaning to you as data subject
Within the scope of their joint responsibility under data protection law, ROKAWARE S.L. and its Affiliates have agreed, who fulfills which obligations under the GDPR and have specified this in a written agreement:
|Processing activity||Obligation under data protection law||Responsible company in charge of the duty and description of its implementation|
|Operation and provision of the Services, Registration and use of the Platform||Information obligations pursuant to Art. 12 et seq. GDPR and Art. 26 para. 2 (2) GDPR||ROKAWARE S.L.|
|Operation and provision of the Services, Registration and use of the Platform||Processing of requests to exercise data subject rights according to Art. 15-21 GDPR||The persons responsible inform each other immediately about the rights of data subjects asserted by data subjects in accordance with Art. 12 et seq. GDPR. They provide each other with all the information necessary to respond to requests for information or other inquiries.|
|Operation and provision of the Services, Registration and use of the Platform||Data protection incidents: Fulfillment of obligations according to Art. 33, 34 GDPR||The persons responsible are jointly responsible for examining and processing in the event of violations of the protection of personal data or a security-related disruption in joint data processing, including the fulfillment of any reporting obligations to the competent supervisory authority (Article 33 GDPR) or notification obligations towards the data subjects that may be triggered as a result (Art. 34 GDPR) responsible. The persons responsible have undertaken to inform each other immediately and completely if they identify errors or irregularities with regard to data protection regulations when checking the processing activities.|
|Operation and provision of the Services, Registration and use of the Platform||Ensuring appropriate technical and organizational measures according to Art. 24, 25, 32 GDPR||The Controllers are jointly responsible for ensuring appropiate technical and organizational measures in joint data processing according to Art. 24, 25, 32 GDPR|
In addition, the responsible parties shall ensure that employees maintain the confidentiality are appropriately bound to confidentiality under data protection law and instructed guidelines on the protection of data that are relevant to them.
The Controllers shall ensure that the processing operations covered by the joint controllership are documented in their processing records pursuant to Article 30 (1) of the GDPR and that other documentation is prepared to fulfill the accountability obligation pursuant to Article 5 (2) of the GDPR.
The responsible parties shall independently ensure that the statutory provisions on the deletion of data and the restriction of data processing are complied with. The responsible parties shall observe the statutory retention obligations.
5. Access to and storage of information in terminal equipment
By using our platform, access to information (e.g. IP address) or storage of information (e.g. cookies) in your terminal equipment and a subsequent processing of personal data within the meaning of the GDPR may occur. In cases where such access to information or such storage of information is strictly necessary for the technically error-free delivery of our services, this is done on the basis of §25 (1)(1) and §25 (2)(2) Telecommunications and Telemedia Data Protection Act (TTDSG).
In cases where such a process serves other purposes (e.g. the needs-based design of our platform), this will only be carried out on the basis of § 25 (1) TTDSG with your consent pursuant to Art. 6 (1)(a) GDPR. The consent can be revoked at any time with effect for the future.
For more information on the processing of your personal data and the relevant legal basis in this context, please refer to the following sections on the specific processing activities on our platform.
This web-application's frontend is hosted by an external service provider (Cloudflare). This web-application is hosted through Cloudflare's CDN and is therefore served by many servers worldwide. Personal data collected on this web-application is stored on the hoster's servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, web page accesses and other data generated. Our backend API is hosted with Google Cloud Run primarly Belgium.
We have concluded a Data Processing Agreement with the providers in accordance with the requirements of Art. 28 GDPR, in which we commit him to protect the data of our customers and not to pass them on to third parties.
Once you visit our web-application, it is technically necessary that data is transmitted to our web server via your internet browser. The following data is recorded during an active connection for communication between your internet browser and our web server:
- Visited domain
- Date and time of the request
- The page from which the file was requested
- Access status (file transferred, file not found, etc.)
- Web browser and operating system used
- IP address of the requesting computer
- Amount of data transferred
8. Cookies and similar tools
Our web-application uses so-called “cookies”. Cookies are small text files that are either temporarily stored on your end device for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or an automatic solution is provided by your web browser.
Cookies have various functions. Many cookies are technically necessary, as certain web-application functions would not work without them (e.g. the shopping basket function or language settings). Other cookies are used to evaluate user behavior or display advertising.
The processing of data using strictly necessary cookies is based on a legitimate interest pursuant to Art. 6 (1)(f) GDPR in the technically error-free delivery of our services. For details on the processing purposes and legitimate interests, please refer to the following explanations on the specific data processing.
You can set your browser to
- be informed about the setting of cookies,
- only allow cookies in individual cases,
- exclude the acceptance of cookies for certain cases or generally,
- activate the automatic deletion of cookies when the browser is closed.
The cookie settings can be managed under the following links for each browser:
You can also manage cookies of many companies and functions used for advertising individually. To do so, use the appropriate user tools, available at:
Most browsers also offer a so-called "do-not-track function". When this feature is enabled, the browser tells ad networks, web-applications and applications that you do not want to be "tracked" for behavioral advertising and the like.
For information and instructions on how to edit this feature, please refer to the links below, depending on your browser provider:
Please note that if you disable cookies, the functionality of our web-application may be limited.
9. SSL/TLS encryption
This web-application uses SSL/TLS encryption to secure surfing through our web-application to protect the transmission of confidential content, such as the inquiries that you send to us as the web-application operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If the SSL/TLS encryption is activated, the data that you transmit to us cannot be intercepted or read by third parties.
You have the option of registering for certain services provided on our web-application and thus creating a user profile. We collect and use the following personal data as part of registration and setup:
- First name/Last name
- Email Address
- Company Name
- Freely selectable username
Mandatory information provided for the purpose of registration is marked with an "asterisk" as a mandatory field in the input mask. There is no obligation to use a clear name, a pseudonymous use is possible. For registration, we use the so-called double opt-in procedure, i.e. your registration is not completed until you have confirmed your registration by clicking on the link contained in a confirmation email sent to you for this purpose. If your confirmation in this regard is not received promptly, your registration will automatically be deleted from our database.
Furthermore, we store the voluntary data provided by you for the duration of your use of the platform, unless you delete it beforehand. All data, except for your user name, can be administered and changed in the protected customer area. With your user account, you have the possibility to use further parts of our web-application and to log in for the offers you have purchased. The legal basis for data processing with consent is Art. 6 (1)(a) GDPR or Art. 6 (1)(b) GDPR if the processing is necessary to provide the desired services. Your data will be deleted as soon as the user account on our web-application is deleted and insofar as there are no legal storage obligations. As a rule, you can change and/or delete your user account, including the data you have entered, directly in your user account after logging in or by sending a corresponding message to the responsible person named in the introduction.
11. Blog and email newsletter
Our email newsletter is powered by Hashnode. Hashnode is a content creation platform that enables us to share ideas with people in tech, developers and engineers. When you navigate to blog.netzo.io, you are automatically redirected to the Netzo channel hosted by Hashnode.
You may subscribe to receive the newsletter Hashnode sends when we upload new content directly from our website or via the company page in the blog.
The Hashnode platform is operated by LinearBytes Inc., an American company headquartered in 16192 Coastal Hwy, Lewes, Delaware, 19958, United States
For questions or concerns relating to privacy, you can contact them directly at: [email protected]
Hashnode's data protection officer can be contacted at: [email protected]
11.1 Subscribing to e-mail marketing
When you subscribe to the Netzo channel of Hashnode's newsletter, you will be required to confirm your subscription in the confirmation email sent to you for this purpose. This is commonly known as double opt-in.
If your confirmation in this regard is not received promptly, your subscription will automatically be deleted from the database.
Customers that have opened an account with us may subscribe or unsubscribe to the newsletter by visiting the user settings and toggling the newsletter switch respectively.
11.2 Unsubscribing to e-mail marketing
All unsubscribe or opt-out requests may be made by clicking the "unsubscribe" link at the bottom of the email or by changing the email preferences in your account settings (both in Hashnode and in the Netzo Web Platform). By making changes to your consent preferences you are modifying the previously given consent, according to Art. 6 (1)(a) GDPR.
For requests regarding the deletion of your personal data with Hashnode, you must get in touch with them directly.
12. Third-party tools we use
In order to provide you with modern and efficient service, we use the service and tools of various third-party providers, which may in turn process parts of your personal data. We have carefully selected the below listed third-party providers in accordance with GDPR guidelines.
13. Other specifications
13.1 Data security
We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk in accordance with Article 32 of the GDPR, taking into account the state of the art, the cost of implementation and the nature, scope, circumstances and purposes of the processing, as well as the varying probability and severity of the risk to the rights and freedoms of natural persons. This web-application uses SSL encryption for security reasons and to protect the transmission of confidential content.
13.2 Storage period
The period for which the personal data will be stored is determined by the relevant statutory storage periods (e.g. from commercial law and tax law). The corresponding data is deleted routinely upon expiry of the respective period. If data is required for the fulfillment of a contract or contract initiation, or if we have a legitimate interest in further storage, the data will be deleted if they are no longer required for these purposes or if you make use of your right of withdrawal or objection.
13.3 Necessity of providing personal data
The provision of personal data for the decision on the conclusion of a contract, the fulfillment of the contract or for the implementation of pre-contractual measures is voluntary. However, we can only make the decision in the context of contractual measures if you provide such personal data that is required for the conclusion of the contract, the fulfillment of the contract or pre-contractual measures.
13.4 Automated decision making
Automated decision making or profiling according to Art. 22 GDPR does not take place.
14. Your Rights
In the following, you will find information about your rights as a data subject, granted by the current data protection laws against the controller concerning the processing of your personal data:
- (1) The right, pursuant to Art. 15 GDPR, to obtain information about your personal data processed by us. In particular, you may request information about the purposes of processing, the categories of personal data concerned, the categories of recipients to whom your data has been or will be disclosed, the envisaged period for which the data will be stored, the existence of the right to request from the controller rectification or erasure or personal data or restriction of processing of personal data concerning you or to object such processing, the existence of a right to lodge a complaint with a supervisory authority, the origin of your data, if these have not been collected by us and the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved, as well as the significance and the envisaged consequences.
- (2) The right to obtain without undue delay the rectification of inaccurate personal data concerning you. in accordance with Art. 16 GDPR.
- (3) The right to request the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right of freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
- (4) The right, pursuant to Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is contested by you, the processing is unlawful, but you oppose the erasure and we no longer need the data for the purposes of processing, but they are required by you for the establishment, exercise or defence of legal claims or you have filed an objection against the processing pursuant to Art. 21 GDPR.
- (5) The right, in accordance with Art. 20 GDPR, to receive the personal data concerning you, which you have provided to us in in a commonly used and machine-readable format and the right to transmit those data to another controller.
- (6) The right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR, in particular in the Member State of your habitual residence, place of work.
- (7) The right to withdraw your given consent pursuant to Art. 7 (3) GDPR: You have the right to withdraw your given consent concerning the processing of your personal data with effect for the future at any time. In the event of withdrawal, we will delete the data concerned without delay, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Right to object If your personal data is processed by us based on legitimate interests pursuant to Art. 6 (1)(f) GDPR, you have the right, pursuant to Art. 21 GDPR, to object at any time to the processing of your personal data on grounds relating to your particular situation. If the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the requirement of stating a particular situation.
If you wish to exercise your right of withdrawal, objection or any of your other rights, simply send an e-mail to [email protected].