Data protection statement

The following statements and information about the General Data Protection Regulation (GDPR) are intended for all our customers and for those interested in our product portfolio and/or in establishing business relations. As a company, J. Nowak Glas GmbH & Co KG, Mausegatt 3-5 in 44866 Bochum gives great priority to protecting your personal data, so that we would like to inform you about how we use and protect your personal data in our company.

Which specific data are being processed and how depends on the ordered products and on the order handling process, including necessary suppliers, trade credit insurers, banks or service providers involved in managing our data.

1. Who is responsible for data processing and whom can I contact?

The controller responsible for data processing pursuant to the GDPR is:

J. Nowak Glas GmbH & Co. KG
Mausegatt 3-5
44866 Bochum
Amtsgericht Bochum, HRA 2411
Tel.: +49 (0)2327 809-0
Fax: +49 (0)2327 809-127

We, J. Nowak Glas GmbH & Co. KG, are responsible for ensuring that your personal data are only processed in accordance with the valid data protection regulations (Art. 4 (7), Art. 24 (1), GDPR). Please send any data protection enquiries to:

or to our mailing address stating “Data Protection”.

2. Which sources and data do we use?

We process data that we receive through our business relationship with you. We receive the data from you directly, e.g. in the context of concluding a contract or placing an order or in the course of an enquiry. In specific terms, we process the following data:

  • Master data from the contract documents (e.g. name, address and contact details, bank details)
  • Data in the context of contract performance (e.g. subject of the contract, delivery address, method and type of payment)
  • Correspondence (e.g. correspondence with you), advertising and sales data (e.g. for potentially interesting products)

Furthermore, personal data are saved at least temporarily when you access our website or when you use our contact form.

3. Why do we process your data (processing purpose) and on which legal basis?

The following section informs you about why we process your data and on which legal basis:

3.1 For the performance of contractual obligations (Art. 6 (1) b GDPR)

Art. 6 (1) b GDPR regulates the normal exchange of data for setting up/initiating and managing contract relationships.

As soon as we receive an enquiry from you, we create a corresponding dossier. Frequently an enquiry will be accompanied by details about commission, delivery addresses and customer data, together with the names, phone numbers and e-mail addresses of the staff responsible for dealing with the project. Where necessary, we revert to these master data when drawing up our quotation. Incoming orders are entered in the system and the corresponding data are used for the production process. The finished glass products are prepared for shipment and delivered/handed over on endorsement of the delivery notes. The transaction is invoiced. Incoming payments are posted against the invoices. Initially the transaction is recorded on paper and subsequently archived digitally.

All transactions refer to the order handling process and are used solely for the documentation needed under commercial law.

3.2 In the context of balancing interests (Art. 6 (1) f GDPR)

Art. 6 (1) f GDPR also allows us to use your data on the basis of balancing interests for protecting the legitimate interests of ourselves or the third party. This is carried out for the following purposes:

  • General control of business and further development of our services
  • General control of business and further development of our services
  • Asserting legal claims and for defence purposes in legal disputes
  • Warranting IT security and operation of the IT system
  • Involving trade credit insurers and providing information they need to ascertain creditworthiness or default risks
  • Preventing and investigating criminal offences
  • Mailing newsletters at irregular intervals, whereby you may opt out of such mailings.

Our interest in such processing is business-related (efficient task fulfilment, prevention of legal risks, quality control). We process your data in pseudonymous form where permitted by the specific purpose.

3.3 On the basis of your consent Art. 6 (1) a GDPR

Art. 6 (1) a GDPR refers to transactions for which you have specifically given your consent. Your consent is the legal basis for the use named in this context (e.g. direct debit authorisation and others). You can withdraw your consent at any time with future effect. This also applies to declarations of consent which you may have given us before the GDPR came into effect. This also applies to consent that you may have given us in the context of completing the contact form, or in the context of payment transactions.

3.4 On the basis of legal obligations (Art. 6 (1) c GDPR)

Art. 6 (1) c GDPR regulates the disclosure of personal data in the context of valid legislation. We are subject to these obligations in the same way as everyone else. In other words, we have to comply with the statutory requirements (e.g. German Commercial Code, tax laws). The Tax Office has the right to hold audits, and may gain insight into business transactions in the context of such audits. The data may also be relevant in the context of legal representation.

4. Data access / data forwarding

Your data will only be forwarded if this is allowed by law. Within our company, your data will be received by those who need the data to fulfil our contractual and legal obligations or to perform their specific tasks.

  • Public bodies and institutions (e.g. finance authorities) when statutory or official obligations apply and
  • Other bodies for whom you have given us your consent to data forwarding (e.g. payment transactions, trade credit enquiries, creditworthiness checks pp.)
  • Suppliers where direct delivery has been agreed
  • Drivers/hauliers delivering the glass, whereby the delivery notes are to be endorsed by the consignee as proof of faultless handover.

4.1 Internal forwarding of emails

If emails are sent to named employees of our company and they cannot be reached, we will forward the email to the relevant internal representative.
If employees from other areas need to gain knowledge of the contents of the email in order to fulfill the order, it will also be forwarded internally, taking data protection-relevant requirements into account.

5. For how long will my data be stored?

Where necessary, we process your personal data for the duration of our business relationship, which also includes the initiation and implementation of a contract. Furthermore, we are subject to various retention and documentation obligations resulting among others from the German Commercial Code and the Tax Code. The storage and documentation periods stipulated therein amount to two to ten years.

Finally, the storage period also depends on the legal statutes of limitations. As a rule these amount to three years e.g. pursuant to §§ 195 et seq. German Civil Code, but in some cases they can also amount to 30 years. The warranty period for the construction industry is usually 5 years.

The original version of the privacy policy

The original version of the privacy policy is written in German and therefore the German version is authoritative for the meaning and interpretation of the translated version.

6. Are data transferred to a third country or to an international organisation?

We only transfer your data to countries outside the European Economic Area insofar as this is necessary or stipulated by law in order to fulfil your orders, or you have given us your consent.

7. Which data are processed on visiting our website?

When you visit our websites, we process your personal data for various reasons, depending on whether you just use our websites for information or want to contact us.

7.1 Visiting the website for information

First and foremost, our website serves a purely informational purpose. When used for purely informational purposes, in other words if you do not send us any information on our online contact form, for technical reasons we collect initially the personal data sent by your browser to our server. When you access our website, the browser used on your device automatically sends information to our website server. This information is saved temporarily in a so-called log file. The data are only analysed for statistical purposes in anonymised form.

The following data are collected and saved when you access our website:

  • Date and time of access
  • Access status/http status code, IP address of the enquiring computer, referrer URL of the website from which you accessed our website
  • The browser and possibly the operating system of your computer together with the name of your access provider

We process these data in order to warrant a smooth connection and convenient use of our website. The data are also used to warrant and analyse the technical security and stability of our systems. These data are not processed in any other way. In particular, they are not compared with other data statuses.

The legal basis for processing is Art. 6 (1) f GDPR and § 15 (1) 1 Telemedia Law (TMG). Our legitimate interest consists in warranting the technical security and stability of our systems.

The above information and data are saved for maximum 7 days for security reasons (e.g. to investigate misuse or attacks on our web server) and are then erased. Data that have to be stored for longer for purposes of proof are exempted from erasure until conclusive clarification of the incident.

The personal data collected when you access our website are not forwarded to third parties or to other bodies.

7.2 Use of our contact form

When you visit our website, you have the possibility of contacting us with the website contact form or with the e-mail address stated in the legal notice. Your personal data are collected when you use the website contact form by e-mail. These include

  • Form of address
  • Your name
  • Your address
  • Your phone number
  • Your e-mail address
  • Other details about your enquiry

The specially marked data fields are mandatory data (name and e-mail address) which we need to answer and deal with your request. Failure to complete these data means that you will not be able to send us an enquiry with the contact form. At the same time, you click on a button to give your consent to our use of your personal data for dealing with your enquiry.

We shall only collect and use the personal data provided by you in the contact form or e-mail where necessary to process, answer and handle your contact enquiry. The legal basis for data processing is Art. 6 (1) b GDPR in the context of contract initiation and possibly performance. Otherwise the legal basis is Art. 6 (1) f GDPR; our legitimate interest consists in answering and handling your enquiry, which necessitates the saved data. The personal data collected by us from the contact form are erased automatically after your enquiry has been dealt with. They are fundamentally never forwarded to third parties.

8. Cookies

We use cookies on our website. These are small files that are automatically created by your browser and saved on your device when you visit our website. Cookies do not cause any damage to your device. They do not contain any viruses, Trojans or other malware. Our approach consists in asking your explicit consent to the use of cookies when you visit our website. The functionality of our website may be impaired if the cookies are deactivated.

The cookies store information resulting from the context of the specific device being used. However, this does not put us in direct knowledge of your identity.

On the one hand, the use of cookies lets us make our website more pleasant for you to handle. We use so-called session cookies to recognise that you have already visited individual pages of our website. They are erased automatically when you leave our website.

We also use temporary cookies to make the website more user-friendly. These are saved on your device for a certain defined period. When you visit our website again to use our services, they recognise automatically that you visited us before and see which inputs and settings you activated so that you don’t have to do that again.

The data processed by cookies are necessary for the stated purposes to protect our legitimate interests and those of third parties pursuant to Art. 6 (1) f GDPR.

Cookies are accepted automatically by most browsers. However, you can configure your browser so that no cookies are saved on your computer or a message appears every time before a new cookie is created. However, if you disable cookies completely, it is then possible that you will no longer be able to use all the functions of our website.

Google Fonts

We use the fonts ("Google Fonts") of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy:,

9. Data security

In the context of your visit to our website, we use the widespread SSL method (secure socket layer) in conjunction with the highest encryption level supported by your browser. As a rule, this refers to 256 bit encryption. If your browser does not support 256 bit encryption, we will revert to 128 bit v3 technology instead. You can see whether an individual page of our website is transmitted in encrypted form by the fact that the key or lock symbol is shown closed in the bottom status bar of your browser.

Otherwise we use suitable technical and organisational measures to protect your data from random or intentional manipulation, partial or complete loss, destruction or unauthorised third-party access. We are constantly improving our security measures in line with technological development.

Your data are only forwarded to previously hand-picked, contractual service providers, partner companies and vicarious agents who are likewise committed to secrecy. The staff in our company receive regular training and have to give a regular undertaking to maintain data confidentiality.

10. Which other data protection rights do I have?

Under the prevailing statutory prerequisites, you have the right to information and access (Art. 15 GDPR, § 34 Federal Data Protection Act - BDSG) as amended on 25 May 2018, the right to rectification (Art. 16 GDPR), to erasure (Art. 17 GDPR; § 35 BDSG), to restriction of processing (Art. 18 GDPR) and to data portability (Art. 20 GDPR). Moreover, you are entitled to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR, § 19 BDSG).

11. Am I under any obligation to provide data?

In the context of our business relationship, you only have to provide those items of personal data that are necessary to establish, process and conclude a business relationship, or that we have to collect by law. Without these items of data, as a rule we will not be able to conclude or fulfil an order, or we might not be in a position to fulfil an existing contract which may then have to be terminated.

12. To what extent does automated individual decision-making take place?

As a matter of principle, we do not use any kind of automated decision making pursuant to Art. 22 GDPR for establishing and processing our business relationships.

13. To what extent are my data used for profiling?

We do not process your data with the aim of analysing certain personal aspects.

14. What rights of objection do I have (Art. 21 GDPR)?

You have the right to object at any time to the processing of your personal data on the basis of legitimate interests pursuant to Art. 6 (1) f GDPR (data processing on the basis of balancing interests), on grounds relating to your particular situation.

In case of objection, we will no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves for the establishment, exercise or defence of legal claims.

15. CCTV

CCTV is installed at the public entrances to our company premises in order to exercise our property rights and as protection from criminal encroachments. The CCTV footage is overwritten at the latest after 48 hours and is not put to any other use unless required for the detection of criminal acts. Use of the CCTV system is permissible pursuant to § 4 BDSG / Art. 6 (1) f GDPR. Clearly visible signs draw attention to the use of CCTV in the affected areas.

16. Timeliness and amendment of this data protection statement

This data protection statement is currently valid as of March 2024. It may become necessary to amend this data protection statement due to the further development of our website and corresponding services or on account of amended statutory or official stipulations. You can access the current data protection statement as amended on the website and print it out where necessary.