Last updated on 26.09.2022
1. Introduction and general information
Rokaware S.L. (“Rokaware”, “Netzo,” “we,” or “us”), who offers an all-in-one orchestration platform for IoT and IT services with combined developer features and functions.
2. Contact Information
2.1 Identity and contact of the data controller under data protection law:
Main place of business (HQ)
Paseo de la Castellana 30, Bajo Derecha
28046 Madrid, Spain
+34 910 601 536
Arturo Romero Karam (M. Sc.)
Place of jurisdiction: Madrid Local Court
NIF (Tax-ID): B09980772
Netzo family of companies ("Affiliates")
Tal 44, 80331 Munich, Germany
+49 892 4886 6390
Arturo Romero Karam (M. Sc.)
Place of jurisdiction: Munich Local Court
Commercial register number: HRB 265887
USt-ID (Tax-ID): DE344312042
|Rokaware S.A.P.I. de C.V.|
Corinto 206, San Pedro Garza Garcia
Nuevo Leon, 66274 Mexico
Arturo Romero Vargas (MBA)
RFC (Tax-ID): ROK220225I67
2.2 Contact of the data protection officer:
Support in English and German. For questions in Spanish, please write to us at: [email protected]
When contacting the data protection officer, please state the company to which your request relates. Please DO NOT provide sensitive information that could identify you, e.g. attaching copy of ID.
3. Data protection regarding the Joint Controllership ("JC")
In the course of the use of our Services, ROKAWARE S.L. and its Affiliates (hereinafter "the Controllers") shall work closely together. This also concerns the processing of personal data relating to you. In this regard, the Controllers are jointly responsible for the protection of the personal data they process to the extent described below (Art. 26 GDPR).
3.1 Agreement made by the parties
Within the scope of their joint responsibility under data protection law, ROKAWARE S.L. and its Affiliates have set out in a written agreement which of the controllers are subject to certain obligations under data protection law and who of the controllers fulfills which obligations. In particular, the data controllers have reached an agreement on who is responsible for exercising data subject rights in accordance with Art. 15-22 of the GDPR and for fulfilling information obligations in accordance with Art. 12-14 of the GDPR (see point 3.3).
3.2 Processing operations covered by the joint responsibility
Your data is collected as part of:
Submitting inquiries and/or requests to the Controllers through email, telephone, or through the Services;
Registration and/or through a purchase process in the Platform.
While using and navigating through our Services (according to your consent collected through the cookie banner)
Applications sent through our job portal or email.
In particular, the data is centrally processed in the CRM, HR or respective system by ROKAWARE S.L. for order management and passed on to the Affiliates for order fulfillment.
Apart from the processing operations listed above, the (further) processing of personal data is carried out in each case under the separate responsibility of ROKAWARE S.L. and its Affiliates.
You will be informed separately by the respective controller about the areas in which any company under the Netzo family of companies act under their own responsibility.
3.3 Separation of Controller obligation under GDPR and its meaning to you as data subject
Within the scope of their joint responsibility under data protection law, ROKAWARE S.L. and its Affiliates have agreed, who fulfills which obligations under the GDPR and have specified this in a written agreement:
|Processing activity||Obligation under data protection law||Responsible company in charge of the duty and description of its implementation|
|Operation and provision of the Services, Registration and use of the Platform||Information obligations pursuant to Art. 12 et seq. GDPR and Art. 26 para. 2 (2) GDPR||ROKAWARE S.L.|
|Operation and provision of the Services, Registration and use of the Platform||Processing of requests to exercise data subject rights according to Art. 15-21 GDPR||The persons responsible inform each other immediately about the rights of data subjects asserted by data subjects in accordance with Art. 12 et seq. GDPR. They provide each other with all the information necessary to respond to requests for information or other inquiries.|
|Operation and provision of the Services, Registration and use of the Platform||Data protection incidents: Fulfillment of obligations according to Art. 33, 34 GDPR||The persons responsible are jointly responsible for examining and processing in the event of violations of the protection of personal data or a security-related disruption in joint data processing, including the fulfillment of any reporting obligations to the competent supervisory authority (Article 33 GDPR) or notification obligations towards the data subjects that may be triggered as a result (Art. 34 GDPR) responsible. The persons responsible have undertaken to inform each other immediately and completely if they identify errors or irregularities with regard to data protection regulations when checking the processing activities.|
|Operation and provision of the Services, Registration and use of the Platform||Ensuring appropriate technical and organizational measures according to Art. 24, 25, 32 GDPR||The Controllers are jointly responsible for ensuring appropiate technical and organizational measures in joint data processing according to Art. 24, 25, 32 GDPR|
In addition, the responsible parties shall ensure that employees maintain the confidentiality are appropriately bound to confidentiality under data protection law and instructed guidelines on the protection of data that are relevant to them.
The Controllers shall ensure that the processing operations covered by the joint controllership are documented in their processing records pursuant to Article 30 (1) of the GDPR and that other documentation is prepared to fulfill the accountability obligation pursuant to Article 5 (2) of the GDPR.
The responsible parties shall independently ensure that the statutory provisions on the deletion of data and the restriction of data processing are complied with. The responsible parties shall observe the statutory retention obligations.
5. Access to and storage of information in terminal equipment
By using our platform, access to information (e.g. IP address) or storage of information (e.g. cookies) in your terminal equipment and a subsequent processing of personal data within the meaning of the GDPR may occur. In cases where such access to information or such storage of information is strictly necessary for the technically error-free delivery of our services, this is done on the basis of §25 (1)(1) and §25 (2)(2) Telecommunications and Telemedia Data Protection Act (TTDSG).
In cases where such a process serves other purposes (e.g. the needs-based design of our platform), this will only be carried out on the basis of § 25 (1) TTDSG with your consent pursuant to Art. 6 (1)(a) GDPR. The consent can be revoked at any time with effect for the future.
For more information on the processing of your personal data and the relevant legal basis in this context, please refer to the following sections on the specific processing activities on our platform.
This website is hosted by an external service provider (Cloudflare) and is hosted through Cloudflare's CDN. A content delivery network (CDN) is a distributed server infrastructure that enables faster download speed and better performance while navigating through our sites. Our website is therefore served by many servers worldwide. Personal data collected on this web-application is stored on the hoster's servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, web page accesses and other data generated.
We have concluded a Data Processing Agreement with the providers in accordance with the requirements of Art. 28 GDPR, in which we oblige them to protect the data of our customers and not to pass them on to third parties.
Once you visit our website, it is technically necessary that data is transmitted to our web server via your internet browser. The following data is recorded during an active connection for communication between your internet browser and our web server:
- Visited domain
- Date and time of the request
- The page from which the file was requested
- Access status (file transferred, file not found, etc.)
- Web browser and operating system used
- IP address of the requesting computer
- Amount of data transferred
8. Cookies and similar tools
Our web-application uses so-called “cookies”. Cookies are small text files that are either temporarily stored on your end device for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or an automatic solution is provided by your web browser.
Cookies have various functions. Many cookies are technically necessary, as certain web-application functions would not work without them (e.g. the shopping basket function or language settings). Other cookies are used to evaluate user behavior or display advertising.
The processing of data using strictly necessary cookies is based on a legitimate interest pursuant to Art. 6 (1)(f) GDPR in the technically error-free delivery of our services. For details on the processing purposes and legitimate interests, please refer to the following explanations on the specific data processing.
You can set your browser to
- be informed about the setting of cookies,
- only allow cookies in individual cases,
- exclude the acceptance of cookies for certain cases or generally,
- activate the automatic deletion of cookies when the browser is closed.
The cookie settings can be managed under the following links for each browser:
You can also manage cookies of many companies and functions used for advertising individually. To do so, use the appropriate user tools, available at:
Most browsers also offer a so-called "do-not-track function". When this feature is enabled, the browser tells ad networks, web-applications and applications that you do not want to be "tracked" for behavioral advertising and the like.
For information and instructions on how to edit this feature, please refer to the links below, depending on your browser provider:
Please note that if you disable cookies, the functionality of our web-application may be limited.
9. SSL/TLS encryption
This website uses SSL/TLS encryption to secure surfing through our websites to protect the transmission of confidential content, such as the inquiries that you send to us as the website operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If the SSL/TLS encryption is activated, the data that you transmit to us cannot be intercepted or read by third parties.
You have the option of registering for certain services provided on our web-application and thus creating a user profile. We collect and use the following personal data as part of registration and setup:
- First name/Last name
- Email Address
- Company Name
- Freely selectable username
Mandatory information provided for the purpose of registration is marked with an "asterisk" as a mandatory field in the input mask. There is no obligation to use a clear name, a pseudonymous use is possible. For registration, we use the so-called double opt-in procedure, i.e. your registration is not completed until you have confirmed your registration by clicking on the link contained in a confirmation email sent to you for this purpose. If your confirmation in this regard is not received promptly, your registration will automatically be deleted from our database.
Furthermore, we store the voluntary data provided by you for the duration of your use of the platform, unless you delete it beforehand. All data, except for your user name, can be administered and changed in the protected customer area. With your user account, you have the possibility to use further parts of our web-application and to log in for the offers you have purchased.
The legal basis for data processing with consent is Art. 6 (1)(a) GDPR or Art. 6 (1)(b) GDPR if the processing is necessary to provide the desired services. Your data will be deleted as soon as the user account on our web-application is deleted and insofar as there are no legal storage obligations. As a rule, you can change and/or delete your user account, including the data you have entered, directly in your user account after logging in or by sending a corresponding message to the responsible person named in the introduction.
11. Contact forms and contact per email
For inquiries sent using our contact forms or email, the details contained in the form or email including your first names, last names, email addresses, IP addresses and other company details will be stored with us for the purpose of processing the request and in the event of follow-up questions. Entering an email address is required in order for us to get in touch and handle your request; providing your first name, last name, company name and telephone number and other information is voluntary.
We will never pass on this data without your consent. The legal basis for the processing of the data is our legitimate interest in answering your request, in accordance with Art. 6 (1)(f) GDPR and, if applicable, Art. 6 (1)(b) GDPR, provided that your request is aimed at concluding a contract or for pre-contractual measures. Your data will be deleted after your request has been processed, provided that there are no statutory retention requirements. In case of legitimate interest from us, contained in Art. 6 (1)(f) GDPR, you can object to the processing of your personal data at any time.
12. Blog and email newsletter
Our email newsletter is powered by Hashnode. Hashnode is a content creation platform that enables us to share ideas with people in tech, developers and engineers. When you navigate to blog.netzo.io, you are automatically redirected to the Netzo channel hosted by Hashnode.
You may subscribe to receive the newsletter Hashnode sends when we upload new content directly from our website or via the company page in the blog.
The Hashnode platform is operated by LinearBytes Inc., an American company headquartered in 16192 Coastal Hwy, Lewes, Delaware, 19958, United States
For questions or concerns relating to privacy, you can contact them directly at: [email protected]
Hashnode's data protection officer can be contacted at: [email protected]
12.1 Subscribing to e-mail marketing
When you subscribe to the Netzo channel of Hashnode's newsletter, you will be required to confirm your subscription in the confirmation email sent to you for this purpose. This is commonly known as double opt-in.
If your confirmation in this regard is not received promptly, your subscription will automatically be deleted from the database.
Customers that have opened an account with us may subscribe or unsubscribe to the newsletter by visiting the user settings and toggling the newsletter switch respectively.
12.2 Unsubscribing to e-mail marketing
All unsubscribe or opt-out requests may be made by clicking the "unsubscribe" link at the bottom of the email or by changing the email preferences in your account settings (both in Hashnode and in the Netzo Web Platform). By making changes to your consent preferences you are modifying the previously given consent, according to Art. 6 (1)(a) GDPR.
For requests regarding the deletion of your personal data with Hashnode, you must get in touch with them directly.
13. Third-party tools we use
In order to provide you with a modern and efficient service, we use the service and tools of various third-party providers, which may in turn process parts of your personal data. We have carefully selected the below listed third-party providers in accordance with GDPR guidelines.
In the following, you will find information on how we handle your data, which is processed through your use of our social media presence on social networks and platforms. The processing of your data is in accordance with the legal regulations.
14.1 Social media links, community chat and blog on our website
14.2 Facebook fan page
In case you provide us with data, which is also or exclusively processed by Facebook, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, is the controller for data processing, in accordance with the GDPR, in addition to or instead of us. For this purpose, we have concluded an agreement with Facebook pursuant to Art. 26 GDPR on joint controllership for data processing (Controller Addendum). This agreement specifies which data processing operations we or Facebook are responsible for when you visit our Facebook fan page. See the following link to consult this agreement:
Since a transfer of personal data by Facebook Ltd. to the U.S. is made to Facebook Inc. among others, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To ensure this, the provider uses standard contractual clauses in accordance with Art. 46 (2)(c) GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe.
If you, as a visitor to the site, wish to exercise your rights (access, rectification, erasure, restriction, data portability, complaint with a supervisory authority, objection or withdrawal), you can contact both, Facebook and us.
You can edit your advertising preferences in your account settings. Click on the following link and log in to your account to change your settings:
Facebook’s Data Protection Officer
You can use Facebook’s online form to contact Facebook’s data protection officer. To access it, please use the following link: https://www.facebook.com/help/contact/540977946302970.
Data processing for statistical purposes using Page Insights
Facebook provides Page Insights Data for our Facebook fan page:
This aggregated data gives us an insight into how people interact with our page. Page Insights data may be based on personal data gathered from visits and interactions on, or with our page and from connections with provided content. Please consider which personal data you share with us via Facebook. Your data may be processed for market research and promotional purposes, even if you are not logged into Facebook or do not have a Facebook account. User profiles can be created on the basis of user behavior and the resulting interests of users. User profiles may be used for targeted advertisements within or outside the platform. Data recording is done using cookies, which are stored on your terminal device. In addition, user profiles may contain data, that is gathered from memberships on other platforms. The legal basis of the processing is Art. 6 (1)(f) GDPR.
Our legitimate interest lies in the optimized presentation of our proposition, the effective information and communication with customers and interested parties as well as in the targeted placement of advertisements. Please note that we have no influence on the data gathering and further processing by Facebook. As a result, we cannot provide any access to where, for how long and to which extent Facebook retains the data. Furthermore, we cannot make any statements about the extent to which Facebook complies with existing erasure deadlines, what evaluations and translations are made and to whom the data is transferred by Facebook. If you want to prevent your personal data from being processed by Facebook, please contact us by other means.
14.3. Other social media providers
If your personal data is processed by a provider listed below, this provider is the data controller within the meaning of the GDPR. For the assertion of your data subject rights, we point out that these can be asserted most effectively with the respective providers. Only they have access to the data collected from you. Should you still require assistance, please feel free to contact us at any time.
We have online presences on the social media platforms of the following providers:
- Discord Inc.: 444 De Haro Street Suite 200 San Francisco, CA 94107 United States
- Hashnode (LinearBytes Inc.): 16192 Coastal Hwy, Lewes, Delaware, 19958, United States
- Instagram Inc.: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland
- LinkedIn Ireland Unlimited Company: Wilton Place, Dublin 2, Ireland
- Twitter International Company: One Cumberland Place, Fenian Street, Dublin2, D02 AX07 Ireland
- YouTube, Google Ireland Limited: Gordon House, Barrow Street, Dublin 4, Ireland
Data Protection Officer
Information on how to contact the Data Protection Officer of the respective social media providers can be found in the following links:
- Discord: https://www.verasafe.com/privacy-services/contact-article-27-representative
- Hashnode (LinearBytes Inc.): https://hashnode.com/privacy
- Instagram Inc.: https://www.facebook.com/help/contact/540977946302970
- LinkedIn Ireland Unlimited Company: https://www.linkedin.com/help/linkedin/ask/TSO-DPO
- Twitter Inc.: https://twitter.ethicspointvp.com/custom/twitter/forms/data/form_data.asp
- YouTube/Google: To contact the Data Protection Officer of YouTube, please approach Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
General information on social media platforms
Our Data Protection Officer
General data processing on social media platforms
|i. Data processing for market research and advertising|
|ii. Data processing through making contact|
|We collect data when you contact us, for example via contact form or messenger services such as Facebook Messenger. The data collected depends on the details you provide and the contact details you specify. It will be stored for the purpose of processing the inquiry and in the event of follow-up questions. Under no circumstances we will pass on the data to third parties without your consent. The legal basis for the data processing is our legitimate interest in responding to your request pursuant to Art. 6 (1)(f) GDPR and, if applicable, Art. 6 (1)(b) GDPR if your request is aimed at the conclusion of a contract. Unless there are compelling reasons, your data will be erased after final processing. We assume the processing is finalized when the circumstances are clarified.|
|iii. Data processing for the purpose of performing a contract or entering into a contract|
|If your request via social media or other platforms is aimed at the conclusion of a contract, regarding the delivery of goods or the provision of services, we process your data in order to perform the contract and the requested services, or pre-contractual measures. In this case, the legal basis for the processing of your data is Art. 6 (1)(b) GDPR. Your data will be erased if they are no longer necessary for the fulfillment of the contract or if it is certain, that pre-contractual measures will not lead to the conclusion of a contract corresponding to the purpose of establishing the contract. Please take into account, that it may be necessary to store the personal data of our contractual partners in order to comply with contractual or legal obligations even after the conclusion of the contract.|
|iv. Data processing on the legal basis of consent|
|If the respective platform providers request you to give consent to the processing for a particular purpose, the legal basis for the processing is Art. 6 (1)(a), Art. 7 GDPR. You have the right to withdraw such consent with effect for the future at any time.|
Data transfer and recipient
When visiting and using the above-mentioned platforms, personal data may be transferred to the U.S. or other third countries outside the EU, therefore further appropriate safeguards are required to ensure the level of data protection under the GDPR. Further information on whether and what suitable guarantees the providers can provide in this regard can be found in the list below.
- Opt-out: https://adssettings.google.com/authenticated
- Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
15. Job Application
If you apply for a job at our company via contact form or by email, we collect personal data. This includes, in particular, your contact details (such as first and last name, telephone number and email address of the user) as well as other data provided by you regarding your background (e.g. CV, qualifications, degrees and work experience) and your person (e.g. cover letter, personal interests). This may also include special categories of personal data (e.g. information on a severe disability).
Your personal data generally is collected directly from you during the application process and is encrypted during electronic transmission. The primary legal basis for this is § 26 (1) BDSG. In addition, consent in accordance with Art. 6 (1)(a) GDPR in conjunction with § 26 (2) BDSG can be a legal basis. If the processing of your data is based on consent, you have the right to revoke your consent at any time with effect for the future.
Within our company, only those persons and positions (e.g. human resources) have access to your personal data which absolutely need to carry out the application procedure or to fulfill our legal obligations. Your applications will be forwarded to the responsible person for examination. Under no circumstances will your personal data be passed on to third parties without authorisation.
Your data for an application for a specific job advertisement will be stored and processed by us during the ongoing application process. Once the application process has been completed (e.g. in the form of an acceptance or rejection), the application process including all personal data will be deleted from the system no later than six months after the application process has been completed. The data of selected applicants will be stored securely for up to 2 years, provided that the applicants have given their consent in accordance with Art. 6 (1)(a) GDPR in conjunction with § 26 (2) BDSG. You can revoke your consent at any time with effect for the future. For this purpose, an informal e-mail to the contact details of the person responsible listed above is sufficient. If you are accepted, your application documents will be transferred to the personnel file.
Further information regarding applications can be found under Notice for applicants or directly in our applicant portal.
16. Other specifications
16.1 Data security
We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk in accordance with Article 32 of the GDPR, taking into account the state of the art, the cost of implementation and the nature, scope, circumstances and purposes of the processing, as well as the varying probability and severity of the risk to the rights and freedoms of natural persons. This web-application uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content.
16.2 Storage period
The period for which the personal data will be stored is determined by the relevant statutory storage periods (e.g. from commercial law and tax law). The corresponding data is deleted routinely upon expiry of the respective period. If data is required for the fulfillment of a contract or contract initiation, or if we have a legitimate interest in further storage, the data will be deleted if they are no longer required for these purposes or if you make use of your right of withdrawal or objection.
16.3 Necessity of providing personal data
The provision of personal data for the decision on the conclusion of a contract, the fulfillment of the contract or for the implementation of pre-contractual measures is voluntary. However, we can only make the decision in the context of contractual measures if you provide such personal data that is required for the conclusion of the contract, the fulfillment of the contract or pre-contractual measures.
16.4 Automated decision making
Automated decision-making or profiling according to Art. 22 GDPR does not take place.
17. Your Rights
In the following, you will find information about your rights as a data subject, granted by the current data protection laws against the controller concerning the processing of your personal data:
- (1) The right, pursuant to Art. 15 GDPR, to obtain information about your personal data processed by us. In particular, you may request information about the purposes of processing, the categories of personal data concerned, the categories of recipients to whom your data has been or will be disclosed, the envisaged period for which the data will be stored, the existence of the right to request from the controller rectification or erasure or personal data or restriction of processing of personal data concerning you or to object such processing, the existence of a right to lodge a complaint with a supervisory authority, the origin of your data, if these have not been collected by us and the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved, as well as the significance and the envisaged consequences.
- (2) The right to obtain without undue delay the rectification of inaccurate personal data concerning you. in accordance with Art. 16 GDPR.
- (3) The right to request the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right of freedom of expression and information, to fulfill a legal obligation, for reasons of public interest, or to assert, exercise, or defend legal claims.
- (4) The right, pursuant to Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is contested by you, the processing is unlawful, but you oppose the erasure and we no longer need the data for the purposes of processing, but they are required by you for the establishment, exercise or defence of legal claims or you have filed an objection against the processing pursuant to Art. 21 GDPR.
- (5) The right, in accordance with Art. 20 GDPR, to receive the personal data concerning you, which you have provided to us in a commonly used and machine-readable format, and the right to transmit that data to another controller.
- (6) The right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR, in particular in the Member State of your habitual residence, place of work.
- (7) The right to withdraw your given consent pursuant to Art. 7 (3) GDPR: You have the right to withdraw your given consent concerning the processing of your personal data with effect for the future at any time. In the event of withdrawal, we will delete the data concerned without delay, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Right to object
If your personal data is processed by us based on legitimate interests pursuant to Art. 6 (1)(f) GDPR, you have the right, pursuant to Art. 21 GDPR, to object at any time to the processing of your personal data on grounds relating to your particular situation. If the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the requirement of stating a particular situation.
If you wish to exercise your right of withdrawal, objection or any of your other rights, simply send an e-mail to [email protected].