Privacy Policy

Seal

Information on the handling of personal data

We are very pleased about your interest in our website - and thus in our company. The protection of your private rights and freedoms is very important to us; we only use your data for the purposes intended. Since it is important to us that you are aware at all times of the extent to which we collect, use and, if necessary, transfer your data to third parties, we will provide you with the following comprehensive information on the processing of your personal data collected by us or stored by us.

Visiting our website is generally possible without providing (personal) data; if there are exceptions to this for selected services, we will explain these in the following chapters. When processing personal data, we strictly adhere to the requirements of the EU General Data Protection Regulation (GDPR) and any other data protection regulations.

Name and address of the controller

north.io GmbH
Jann Wendt, Frithjof Hennemann
Einsteinstraße 1
24118 Kiel
Germany

Phone: +49 431 36 30 540
E-mail: datenschutz@north.io | data-protection@north.io

Contact details of the data protection officer

Cortina Consult GmbH
Jörg ter Beek
Hafenweg 24
48155 Münster

Data Protection Team:
E-Mail: dsb.north.io@cortina-consult.de
Website: https://www.cortina-consult.com

Rights of the data subject

The General Data Protection Regulation (GDPR) guarantees every data subject certain rights in relation to their personal data. These include:

  • The right of access: every data subject has the right to obtain from us confirmation as to whether or not personal data concerning them are being processed, and access to those data, as well as further information and copies of those data.
  • The right to rectification: Every data subject has the right to request the rectification of inaccurate personal data without undue delay.
  • The right to erasure ("right to be forgotten"): Every data subject has the right to request the erasure of their personal data without undue delay.
  • The right to restriction of processing: Every data subject has the right to request the restriction of the processing of their personal data.
  • The right to data portability: Every data subject has the right to receive the personal data concerning them, which they have provided to us, in a structured, commonly used and machine-readable format.
  • Right to object: Every data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) GDPR. If we process personal data concerning the data subject for the purpose of direct marketing, the data subject may object to this processing pursuant to Art. 21 (2) and (3) GDPR.
  • Right to Withdraw Consent to Data Processing: Every data subject has the right to withdraw their consent to the processing of personal data at any time.
  • The data subject also has the right to lodge a complaint with a supervisory authority if they consider that the processing of their personal data infringes the GDPR.

The supervisory authority responsible for us is: -

General information on the legal basis for data processing

"Personal data" is all information that relates to a specific person. We process this data in accordance with the applicable data protection laws, in particular the GDPR and the BDSG. We may only process personal data if one of the following legal permissions applies:

  • Permissive element Requirement of the GDPR
  • Informed consent Art. 6 para. 1 a
  • Fulfilment of a contract Art. 6 para. 1 b
  • Performance of pre-contractual measures Art. 6 para. 1 b
  • Fulfilment of legal obligations Art. 6 para. 1 c
  • Protection of vital interests Art. 6 para. 1 d
  • Safeguarding our legitimate interests Art. 6 para. 1 f

Storage duration of personal data

We only store your data for as long as is necessary to achieve the purpose of the processing or to fulfill our contractual or legal obligations, unless otherwise stated in the following information. Statutory retention obligations may arise from commercial or tax regulations. After the end of the calendar year in which we collected the data, we will retain personal data contained in our accounting records for ten years and personal data contained in business letters and contracts for six years. Furthermore, we will retain data in connection with consents requiring proof as well as complaints and claims for the duration of the statutory limitation periods. Data stored for advertising purposes will be deleted if you object to processing for this purpose.

Collection of general data and information

As soon as you visit our website, our web server collects some general data and technical information - as shown in the following table:

Data collected

Purpose of the collection
Browser types and versions used correct display of the page content
Operating system used, visitor origin (referrer, e.g. Google), subpages clicked on Optimization of our website content and our advertising
Date and time of access to the website as well as IP address and internet service provider of the visitor Ensuring the permanent functionality of our IT systems (for the operation of the website) and prevention of misuse

Other data and information for security purposes in the event of attacks

Provision of relevant information for law enforcement authorities in the event of a cyber attack

Actuality of Our Privacy Policy

To ensure that our privacy policy information is always up to date in connection with the services of our website, we use the CLOUD DSE service provided by Cortina Consult GmbH, Hafenweg 24, 48155 Münster, Germany.

The content of our privacy policy is hosted on Cortina Consult's servers and centrally managed. Necessary changes are promptly implemented by Cortina Consult and immediately displayed through direct integration on our website.

The legal basis for this processing is the legal obligation pursuant to Art. 6 (1) (c) of the General Data Protection Regulation (GDPR) as well as our legitimate interest according to Art. 6 (1) (f) in maintaining an up-to-date privacy policy at all times.

The duration of data storage is based on the general time limits for data deletion. Data is not transferred to a third country and such transfer is not planned.

The data is usually provided by the data subject but may also come from third parties. The data collected includes metadata and communication data (IP address, log data).

Information on Specific Data Processing on the Website

Where applicable, deviating from or supplementing the general information mentioned above, you will find below details on the individual data processing activities on our website.

Contact form

Our contact form is used for processing and, if applicable, responding to inquiries from the form senders. The processing is carried out to fulfill a contract according to Art. 6 para. 1 lit. b GDPR when the inquiry serves to clarify a contractual relationship. For all other inquiries, the processing is based on our legitimate interest according to Art. 6 para. 1 lit. f GDPR, as we are interested in promptly responding to your inquiry.

There is no disclosure of data to third parties and/or to a third country, and such disclosure is not planned.

The duration of data storage is subject to the general deadlines for data deletion. There is no obligation to provide personal data, and there are no consequences for not providing the required data. We refrain from automated decision-making in this context.

The data comes directly from the data subject. No specific categories of personal data are collected.

There is no planned change in purpose.

Newsletter with Chimpify

You can also subscribe to an email newsletter on our website. In addition to the voluntary information provided in the respective form, we only process your email address. However, this is also essential in order to send you the newsletter.

You can unsubscribe from the newsletter at any time. Alternatively, you will find a link to unsubscribe in every newsletter email.

In order to analyse the popularity of our newsletter mailings and to optimise them, we log when emails are opened and links are clicked. This usage analysis is based on a balancing of interests. You can object to this processing by unsubscribing from the newsletter.

When sending the newsletter, our service provider (‘Chimpify’) may also use service providers outside the European Union. In this case, the service provider ensures that the requirements for an adequate level of data protection within the meaning of Art. 44 ff. GDPR are met.

Newsletter old version

Our newsletter is designed to provide information in the form of electronic circulars. The processing of your data for this purpose is based on your consent according to Art. 6 para. 1 lit. a GDPR.

Your data will not be disclosed to third parties, and there are no plans to transfer it to a third country.

The duration of data storage is in accordance with the general deadlines for data deletion. There is no obligation to provide personal data. The newsletter will only be sent after your registration via a double opt-in procedure or after a successfully concluded purchase contract, in which case your email address was collected.

Failure to provide the required data would result in the newsletter not being delivered to you.

There is no automated decision-making in this context, and the data comes directly from you.

There are no planned changes in purpose.

Stetic

This website uses the web analysis tool ‘Stetic’. The purpose of this tool is to ensure that this website is designed to meet user needs, based on a balancing of interests. Web analysis also enables us to identify and rectify errors on the website, e.g. broken links. Stetic uses so-called ‘cookies’. These are text files that are stored on your computer and enable an analysis of your use of the website.

You can prevent the collection of data generated by the cookie and related to your use of the website by opting out on this page.

Google Fonts

This site uses Google Fonts, which are provided by Google, to ensure consistent font display. Google Fonts are installed locally. No connection to Google servers is established. For more information about Google Fonts, please visit https://developers.google.com/fonts/faq and Google's privacy policy: https://policies.google.com/privacy?hl=de.

Cookies

On this website we use cookies; these are small text files that are placed or stored on your computer via your internet browser (e.g. Google Chrome, Safari, Firefox, Edge). These cookies are used for various purposes: many cookies are technically necessary to provide you with certain website functions (e.g. shopping cart functions, saving your login information), other cookies are used to ensure the security of your data or the website and some cookies can be used to analyze your user behavior. The latter cookies may contain a so-called cookie ID - a unique identifier consisting of a string of characters that allows Internet pages and servers to be assigned to the storing browser.

Cookies that are necessary to carry out the transmission of a message via a public telecommunications network and cookies that are absolutely necessary to provide you with an expressly requested function are referred to as "technically necessary cookies" and may be set without your explicit consent (Section 25 (2) TDDDG). All other cookies are subject to consent (§ 25 para. 1 TDDDG); if applicable, regulated by our Consent Management Platform.

We use cookies partly only for the duration of your stay on the website, partly for a predefined period and partly permanently. You can delete all these cookies manually or automatically at any time via your web browser.

It is possible to use our offers (although possibly not to the full extent of their functions) without cookies. Most browsers are set to accept cookies automatically. However, you can deactivate the storage of cookies or set your browser to notify you as soon as cookies are sent.

Google Tag Manager

The Google Tag Manager is used to simplify the management of analytical tools by centrally controlling and managing the collected analysis mechanisms. The processing of associated personal data is based on your consent according to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG.

If necessary, the data may be forwarded to Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, and may be transferred, stored, and processed in the USA. The data transfer is based on the standard contractual clauses of the EU Commission, and Google LLC is certified under the EU-US Data Privacy Framework (DPF).

The duration of data storage is subject to the general deadlines for data deletion.

The data usually comes directly from the data subject. Possible categories of personal data include click behavior, anonymized IP addresses, referrer information, visited subpages, duration of stay on the website, frequency of visits, date, access location, and time of visit.

Information on opt-out can be found under cookie settings. The data protection officer of the provider can be contacted via https://support.google.com/policies/contact/general_privacy_form.

For more information about Google's data processing practices, please visit https://business.safety.google/privacy/

Google Analytics

We process personal data of our website visitors for the purpose of creating usage profiles to optimize the cost-benefit factor on our website. The legal basis for this is consent according to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. If necessary, the data may be forwarded to Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, and may be transferred, stored, and processed in the USA.

We have concluded a contract for order processing with the recipient to ensure that the personal data of our website visitors are processed only in accordance with our instructions.

The duration of data storage is determined by the general deadlines for data deletion.

The data usually come directly from the data subject. The categories of personal data include click behavior, anonymized IP addresses, referrer information, visited subpages, duration of stay on the website, frequency of visits, date, access location and time of visit, as well as the user agent.

To opt out of this processing, a browser plugin can be installed, available at https://tools.google.com/dlpage/gaoptout.

The data protection officer of the provider can be contacted via https://support.google.com/policies/contact/general_privacy_form.

For more information about Google's data processing practices, please visit https://business.safety.google/privacy/

Google Maps

We use Google Maps to provide maps on our website. The processing of associated personal data is based on your consent according to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. If necessary, the data may be forwarded to Google Ireland Limited, Google LLC, and Alphabet Inc. in the United States of America, where they may be transferred, stored, and processed.

The data transfer is based on the standard contractual clauses of the EU Commission, and Google LLC is certified under the EU-US Data Privacy Framework (DPF).

The duration of data storage is subject to the general deadlines for data deletion.

The data usually come from the data subject but may also come from third parties. Possible categories of personal data include IP address, date and time of visit, location information, URL, usage data, search terms, geographic location, and user agent.

The data protection officer of the provider can be contacted via https://support.google.com/policies/contact/general_privacy_form.

For more information about Google's data processing practices, please visit https://business.safety.google/privacy/

LinkedIn Ads

We process personal data of our website visitors for the purpose of optimizing the website & advertising. The legal basis for this is consent pursuant to Art. 6 para. 1 lit. a GDPR. If applicable, the data will be transferred to LinkedIn Ireland Unlimited Company, Ireland, as well as to LinkedIn Corporation, California, USA, and processed there.

LinkedIn Corporation is certified under the Data Privacy Framework.

The duration of data storage is determined by the general periods for data deletion.

The data usually originates directly from the data subject. Categories of personal data include date and time of visit, device type, geographic location, IP address, mouse movements, pages visited, referrer URL, screen resolution, own device ID, language information, device operating system, browser type, clicks, domain name, own user ID, user agent.

Further information on data processing by LinkedIn can be found here: https://www.linkedin.com/legal/cookie_policy

Cloudflare

Cloudflare

Cloudflare is used for optimization and website security. The processing of associated personal data is based on our legitimate interest pursuant to Article 6(1)(f) GDPR and Section 25(2) TDDDG.

Data may be forwarded to Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, United States of America, and may be transferred to, stored, and processed in the USA. The data transfer is based on the EU Commission's Standard Contractual Clauses, and Cloudflare Inc. is certified under the EU-US Data Privacy Framework (DPF).

The duration of data storage is based on the general time limits for data deletion.

The data generally originates directly from the data subject. Possible categories of personal data include IP address, system configuration information, website name, date and time of the request, name and URL of the requested file, data volume transferred, status information, device operating system, referrer URL, requesting provider, device type, and time of the server request.

Further information on data processing by Cloudflare can be found here: https://www.cloudflare.com/de-de/trust-hub/gdpr/

Hubspot CMS

We use HubSpot for hosting the website. In this context, we use HubSpot’s subordinate services such as HubSpot CDNs, HubSpot Video Hosting, and the HubSpot API. The legal basis for this processing is our legitimate interest pursuant to Article 6(1)(f) of the General Data Protection Regulation (GDPR).

In addition, within the scope of HubSpot, other system-integrated CDN providers are used to deliver web content, including JSDelivr and Cloudflare. The legal basis for this processing is our legitimate interest in ensuring the technical functionality, stability, and performance of the website as well as the economically efficient provision of digital content pursuant to Article 6(1)(f) of the General Data Protection Regulation (GDPR).

Where applicable, data may be transferred to HubSpot, Inc., First Street, East Cambridge, Cambridge, Middlesex County, Massachusetts, 02141-9998, United States of America, with possible transfer, storage, and processing in the USA. In addition, data is transferred to Cloudflare, Inc., San Francisco, California, United States, as well as to Prospect One, Królewska 65A/1, PL-30-081 Kraków, Poland. These data transfers are based on the EU-U.S. Data Privacy Framework, under which HubSpot, Inc. and Cloudflare, Inc. are certified.

The data generally originates from the data subject, but may also originate from third parties. The data collected includes IP address, log files, page views, and interaction data.

You can contact the data protection officer of HubSpot, Inc. at: privacy@hubspot.com.