Privacy Policy
1. General information on data processing
This privacy policy describes the collection and use of personal data in connection with the use of our website https://north.io/ ("website") in accordance with the provisions of the General Data Protection Regulation ("GDPR"). Processing activities that are not covered by this data protection declaration may be supplemented by other data protection declarations, which must be observed separately. This is merely a translation of the privacy policy. Only the German version is legally binding.
1.1 Responsible person
The controller within the meaning of the GDPR is
north.io GmbH ("north.io"/"we"/"us")
Einsteinstrasse 1
24118 Kiel
Germany
1.2 Data Protection Officer
We have appointed an external data protection officer through Simpliant. Simpliant advises us as an external data protection officer and on the implementation and maintenance of our data protection management system. You can find more information about Simpliant at http://www.simpliant.eu.
You can contact our appointed data protection officer by e-mail at
1.3 Affected party rights and supervisory authority
You may exercise the following rights:
- Right of access by the data subject (Art. 15 GDPR),
- Right to rectification (Art. 16 GDPR),
- Right to erasure (‘right to be forgotten’, Art. 17 GDPR),
- Right to restriction of processing (Art. 18 GDPR),
- Right to data portability (Art. 20 GDPR),
- Right to object (Art. 21 GDPR),
- If we process your data on the basis of your consent, you have the right to revoke your consent at any time with effect for the future (Art. 7 para. 3 GDPR).
To exercise your rights, you can contact us by e-mail at datenschutz@north.io / data-protection@north.io.
Please note that in this case we will need to verify your identity and therefore identify you by suitable means. The processing of your application and the identification of your person takes place on the basis of Art. 6 para. 1 lit. c GDPR.
You may at any time pursuant to Art. 77 GDPR i.V.m. § Section 19 of the Federal Data Protection Act ("BDSG") to lodge a complaint with a supervisory authority, e.g. with the competent supervisory authority of the federal state in which you live or with the authority responsible for us.
1.4 Processing of data, purpose and legal basis
We process your personal data in accordance with the provisions of the GDPR and the BDSG.
In particular, your data will be processed on the basis of the following legal bases:
- Art. 6 para. 1 lit. a GDPR - your consent,
- Art. 6 para. 1 lit. b GDPR - contract performance or pre-contractual measures,
- Art. 6 para. 1 lit. c GDPR - fulfillment of a legal obligation,
- Art. 6 para. 1 lit. e GDPR - Public interest or exercise of official authority,
- Art. 6 para. 1 lit. f GDPR - legitimate interests.
Several legal bases may apply to individual processing operations. Further information can be found in the description of the individual processing operations.
1.5 Retention period
We will take all reasonable steps to ensure that your personal data is only processed for the period necessary for the purpose for which it is processed. If the storage period is not specified below, your personal data will be deleted or blocked as soon as the purpose or legal basis for storage ceases to apply. Personal data will not be erased if storage is required by law (e.g. § 257 HGB, 147 AO). Furthermore, we may retain your personal data until the expiry of the statutory limitation periods (usually 3 years; in individual cases, however, up to 10 years or longer) if this is necessary for the assertion, exercise or defense of legal claims.
1.6 Data security
To protect the security of your data during transmission, we use technical and organizational security measures, in particular the encryption of our website, to prevent unauthorized access by third parties. Our security measures are continuously improved and adapted in line with technological developments.
1.7 Transmission to service providers
We use service providers to provide our services. These service providers only act in accordance with our instructions and are contractually obliged to comply with the provisions of Art. 28 GDPR.
1.8 Data transfer to third countries
Unless otherwise stated below, your data will not be transferred to a third country outside the European Union. Your personal data will only be transferred to third countries if the requirements of Art. 44-49 GDPR are met (this includes particularly the conclusion of the standard contractual clauses adopted by the EU Commission, binding corporate rules and adequacy decisions by the Commission).
1.9 No obligation to provide data/no profiling
There is no legal or contractual obligation to provide us with data. However, some services can only be provided if you provide the necessary data. Your personal data will not be used for automated individual decision-making, including profiling.
2. Website
Our website offers various areas with different functionalities for the visitor, which are described in more detail below.
2.1 Server log files
Nature and purpose of data processing:
When you access our website, information of a general nature is automatically collected. This information, which is referred to as server log files, includes IP address, name of the access provider, browser type, browser software version and browser language, operating system, date and time of access, content of access, amount of data transferred, access status (successful transfer/error), website(s) to which access was redirected, websites visited.
Processing is carried out for the following purposes: ensuring a trouble-free connection to the website, ensuring seamless use of our website, evaluating system security and stability.
Legal basis:
Processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interest in hosting the website and improving and monitoring the security, stability and functionality of the website.
Recipient:
The recipient of the data is HubSpot, Inc, 25 First Street, Cambridge, MA 02141 USA, a technical service provider responsible for the operation and maintenance of our website. As a processor on behalf, the service provider is obliged to process the data only in accordance with our instructions.
Transfer to third countries:
As part of the service, personal data is transferred to the USA. The transfer takes place based on an adequacy decision by the EU Commission. HubSpot, Inc. has certified that it complies with the requirements of the GDPR as part of the so-called Data Privacy Framework.
Retention period:
The retention period for the server log files is based on the internal regulations of our service provider.
2.2 Consent management
Nature and purpose of data processing:
Our website uses cookies and similar technologies for various processing activities for which your consent is required. To obtain and store such consent, we use a so-called "cookie banner". As part of this, a cookie - a small text file - is placed on your end device to register your selection/consent. Among other things, we process your IP address for this purpose.
Legal basis:
The processing is carried out to fulfill a legal obligation (including § 25 TDDDG) and based on our legitimate interest in the documentation in accordance with Art. 6 Para. 1 lit. c and lit. f GDPR.
Recipient of the data:
The recipient of the data is HubSpot, Inc, 25 First Street, Cambridge, MA 02141 USA, a technical service provider responsible for the operation and maintenance of our website. As a processor on behalf, the service provider is obliged to process the data only in accordance with our instructions.
Transmission to third countries:
As part of the service, personal data is transferred to the USA. The transfer takes place based on an adequacy decision by the EU Commission. HubSpot, Inc. has certified that it complies with the requirements of the GDPR as part of the so-called Data Privacy Framework.
Further information can be found under "Cookies and third-party tools".
2.3 Application and career
Nature and purpose of data processing:
You have the option of applying to us (especially for open positions). Data about you is usually collected directly from you as part of the application process – due to your application for a specific job ad or your unsolicited application. In addition, we may also have received data from third parties (e.g. online job boards) if you have applied to us via such a platform. In addition, we may process personal data that we have permissibly obtained from publicly accessible sources (e.g. professional social networks).
In order to accept and evaluate your application and depending on the data you provide, we may process the following personal data:
- Name
- Phone number
- Current location
- Files and documents, such as references and certificates, that you send us in connection with your application
- All other information that you send us about yourself.
Legal basis:
The processing of the data that you have provided to us as part of the application process is carried out based on Art. 6 para. 1 lit. b and para. 4, Art. 88 GDPR in conjunction with. § 26 para. 1 BDSG.
Recipient:
Only the departments and groups of people directly involved in the recruitment process have access to the data you provide. All employees involved are obliged to treat your data confidentially.
The data may also be processed by service providers (e.g. job platforms). As processors on behalf, the service providers are obliged to process the data only within the scope of our instructions or - depending on the use of the service provider - as joint controllers in accordance with the GDPR. Our recruiting site is operated by Personio GmbH & Co KG, a company based in Germany that offers personnel administration and applicant management software (https://www.personio.de/impressum/). As a processor, the service provider is obliged to process the data only in accordance with our instructions.
Data transfer to third countries:
Data may be transferred to our processors in the USA. The order processing contracts with the service providers contain standard contractual clauses approved by the EU Commission and/or appropriate guarantees that the data protection obligations will be complied with.
Retention period:
Your personal data will be deleted no later than six months after the end of the application process. In addition, we reserve the right to store your data for inclusion in our "talent pool" within this period in order to identify any other interesting positions for you. You can object to this processing at any time.
In the event of employment, we will include the data provided in our personnel file. Invoices for any travel expense reimbursements will be archived in accordance with tax regulations.
2.4 Newsletter
Nature and purpose of the processing:
On our website, we offer you the opportunity to subscribe to an e-mail newsletter with regular product news and updates. We need to process your e-mail address for this purpose. This data is processed in order to be able to send you this information.
Legal basis:
The processing is based on your consent (Art. 6 para. 1 lit. a GDPR).
Right to withdraw consent:
You have the right to withdraw your consent at any time and thus object to the use of your data with effect for the future (e.g. by clicking on the unsubscribe link in one of our newsletters).
Retention period:
We process your data until you unsubscribe from our newsletter, revoke your consent or request that we delete it.
2.5 Making contact
Nature and purpose of the processing:
In order to provide you with the best possible support when using our services, we offer you the option of contacting us via a contact form on the website, by telephone, by email or via social media. In this context, we may process your IP address, your email address, your name, and the content of your inquiry.
Legal basis:
The data is processed for the implementation of pre-contractual measures (Art. 6 para. 1 lit. b GDPR). In addition, they are processed to safeguard our legitimate interests (Art. 6 para. 1 lit. f GDPR) in providing our customers with uncomplicated customer service.
Recipient:
The recipient of the data is a technical service provider. As processors on behalf, the service providers are obliged to process the data only in accordance with our instructions. For the contact form, we use HubSpot Forms, a service provided by HubSpot, Inc, 25 First Street, Cambridge, MA 02141 USA. If a contract is initiated, we will process your data in our CRM.
Retention period:
The data will be deleted if it is no longer required. The necessity is checked at regular intervals. Due to the long project durations in our area, we may retain your data for up to three years after the last contact. You can request the deletion of your data at any time.
Transfer to third countries:
As part of the service, personal data is transferred to the USA. The transfer takes place based on an adequacy decision by the EU Commission. HubSpot, Inc. has certified that it complies with the requirements of the GDPR as part of the so-called Data Privacy Framework.
2.6 Website analysis
Nature and purpose of data processing:
This website uses cookie-based technology to help us better understand how the website is used. We do this by compiling reports on website activity that do not identify specific individuals. Analysis cookies process your IP address and data on usage behavior on our website (e.g. which pages were visited and which buttons were clicked) for this purpose.
Legal basis:
The processing takes place with your consent in accordance with Art. 6 para. 1 lit. a GDPR.
Further information can be found under "Cookies".
2.7 Download content / Book demo
Nature and purpose of data processing:
On our website, we offer you the opportunity to download content and book a demo. This involves the processing of the following personal data: First and last name, company name, e-mail address, telephone number.
Legal basis:
The data is processed based on our legitimate interest in offering the public efficient communication channels (Art. 6 para. 1 lit. f GDPR) or based on the initiation of or communication within the framework of an existing business relationship (Art. 6 para. 1 lit. b GDPR).
3. Cookies and third-party tools
Our website uses cookies and similar technologies. Cookies do not damage your device and do not contain viruses. Cookies are used to make our website more user-friendly, effective, and secure. Cookies are small text files that are stored on your device and in your browser.
Most of the cookies we use are so-called session cookies. These cookies are automatically deleted at the end of the session. Session cookies are used to assign successive page views to individual users who access our website at the same time. Other cookies are stored on your device until you delete them. These cookies enable us to recognize your browser on your next visit.
If personal data is processed, the processing is based on Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. In some cases, processing is based on Art. 6 para. 1 lit. f GDPR and Section 25 para. 2 TDDDG.
Your data may be transferred to third countries, e.g. the USA, based on standard contractual clauses and/or other guarantees.
You can set your browser so that you are informed about the setting of cookies, decide on a case-by-case basis whether to accept them or to exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. In addition, it is possible to prevent the collection and processing of data generated by cookies in connection with the use of this website by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout
Unsubscribe links:
- Google Chrome: https://support.google.com/accounts/answer/61416?hl=de
- Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-loeschen-daten-von-Websites-entfernen
- Safari: https://support.apple.com/kb/PH17191?locale=de_DE&viewlocale=de_DE
- Opera: http://www.opera.com/de/help
- Facebook: https://www.facebook.com/ads/preferences or https://www.facebook.com/settings
- Instagram: https://www.instagram.com/accounts/privacy_and_security/
- Twitter: https://twitter.com/personalization
- LinkedIn: https://www.linkedin.com/psettings/privacy
3.1 HubSpot and New Relic
Our website uses HubSpot Analytics, a web service from HubSpot, Inc, 25 First Street, Cambridge, MA 02141 USA . HubSpot analyzes the behavior of website visitors in order to optimize the performance of our website and manage our customer database. If you provide us with information via our web forms (e.g. name and e-mail address), this data is stored on the HubSpot server and linked to your user profile. This allows us to track your user behavior (e.g. clicks on the website, pages visited, emails received and clicks in emails). Integrated into HubSpot Analytics is New Relic, a service of New Relic, Inc. San Francisco, 188 Spear St., Suite 1000, San Francisco, CA USA 94105 to optimize the website and the analysis of the website. You can assert your rights in relation to these tracking activities (e.g. objection to data processing or deletion of personal data collected by HubSpot). You can prevent the website tracking described in your browser settings.
We use HubSpot CDN to properly provide the content of our website. HubSpot CDN is a service of HubSpot, Inc. which acts as a content delivery network (CDN) on our website to ensure the functionality of other HubSpot, Inc. services.
A CDN helps to provide the content of our online offering, in particular files such as graphics or scripts, more quickly with the help of regionally or internationally distributed servers. Integrated into HubSpot CDN is JSDeliver CDN, a service of Volentio JSD Limited, Suite 2a1, Northside House, Mount Pleasant, Barnet, England, EN4 9EB. The use of the content delivery network is based on our legitimate interests, i.e. interest in the secure and efficient provision and optimization of our online offer in accordance with Art. 6 para. 1 lit. f. GDPR.
We use HubSpot Pixel from HubSpot, Inc. to create so-called Custom Audiences, i.e. to segment visitor groups of our online offer, determine conversion rates and subsequently optimize them. This happens in particular when you interact with advertisements that we have placed with HubSpot, Inc.
We use HubSpot API from HubSpot, Inc. to access additional services and data from HubSpot, Inc. as described above. This involves the transmission of your IP address to HubSpot, Inc. The use of HubSpot API is based on our legitimate interests, i.e. interest in optimizing our online offer in accordance with Art. 6 para. 1 lit. f. GDPR.
3.2 Information about Google services/ Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. ("Google"). With your consent to Google services, data may be transferred to the USA. In this case, the data will be transferred based on the adequacy decision of the EU Commission. Google is certified in accordance with the Data Privacy Framework for the secure transfer of data to third countries, in particular to the USA.
Google Analytics uses cookies that enable the website to analyse your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in Ireland and stored there. In principle, IP addresses on our website are automatically anonymized by Google by shortening them. Only in exceptional cases are IP addresses transferred to Google servers in the USA and anonymized there by shortening them. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator. However, you may refuse the use of cookies by selecting the appropriate settings on your browser, but please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
As an alternative to the browser add-on described above or when visiting our website on mobile devices, you can prevent tracking by Google Analytics on our pages by clicking on this link: Opting out of Google Analytics tracking.
This will install an opt-out cookie on your device and prevent Google Analytics from collecting data for this website and for this browser in the future as long as the cookie remains installed in your browser.
You can find more information about the processing of your data in the provider's privacy policy: https://policies.google.com/privacy?hl=de
We use the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to manage website tags via an interface and enables us to control the precise integration of services on our website.
This allows us to flexibly integrate additional services in order to evaluate user access to our website.
Google Maps, an online map service of Google Ireland Limited, is integrated on this website. This map service enables our customers to easily locate our company geographically and is intended to make it easier for you to find us. Google Maps sets various cookies in some versions when you visit our website. The data transmitted by your browser as part of Google Maps, such as GPS and other sensor data from your device, your IP address, activities in Google services (e.g. your search queries and places you have marked such as "Home" or "Work"), information about things near your device (e.g. Wi-Fi access points, mobile phone masts and Bluetooth-enabled devices) are not merged with other Google data. You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of this website.
3.3 LinkedIn Insight Tag and LinkedIn Ads
We use LinkedIn Insight Tag from LinkedIn Corporation, Sunnyvale, California, US, to create target groups, segment visitor groups of our online offer, determine conversion rates and subsequently optimize them. This happens in particular when you interact with advertisements that we have placed with LinkedIn Corporation. For this purpose, LinkedIn Corporation offers retargeting for website visitors in order to display targeted advertising outside our website.
LinkedIn Insight Tag collects data about visits to our website, including URL, referrer URL, IP address, device and browser characteristics (user agent) and timestamp. This data is used to provide anonymized reports on website audience and ad performance.
We have integrated LinkedIn Ads on our website. LinkedIn Ads is a service provided by LinkedIn Corporation that displays targeted advertising to users. LinkedIn Ads uses cookies and other browser technologies to evaluate user behavior and recognize users. LinkedIn Ads collects information about visitor behavior on various websites. This information is used to optimize the relevance of advertising. Furthermore, LinkedIn Ads delivers targeted advertising based on behavioral profiles and geographic location. Your IP address and other identification features such as your user agent are transmitted to the provider. In this case, your data will be passed on to the operator of LinkedIn Ads, LinkedIn Corporation, Sunnyvale, California, US.
Web tracking technologies are used to create pseudonymized user profiles. These profiles cannot be merged with you as a natural person, but are used, for example, for segmentation when displaying advertisements.
3.4 Leadfeeder
We have integrated Leadfeeder on our website as a tool for customer intelligence. Leadfeeder is a service of Leadfeeder, Inc, 3 Warren Street, Suite 2, Glens Falls, NY 12801, United States, which assigns anonymous website visitors to a company, enriches existing contact data if necessary, or provides complete contact data and offers insights into the visit history.
Leadfeeder uses cookies and other browser technologies. Among other things, Leadfeeder shows us which companies have visited our website, determines the history of your visit to this website, including all the pages you have visited and viewed and the length of your stay on this website.
Leadfeeder collects and processes data about companies such as company name, telephone number, address, web address, industry, company profile, turnover and key persons.
We have a legitimate interest (Art. 6 para. 1 lit. f GDPR) in knowing which companies visit our website.
3.5 YouTube video integration
We integrate videos from the "YouTube" platform of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Information regarding data processing by YouTube can be found here: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.
3.6 Facebook Pixel
This website uses the so-called "Facebook pixel", which is operated by Facebook Ireland Ltd ("Facebook"), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, if you are based in the EU, or by Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA, if you are not based in the EU.
With the help of the Facebook pixel, it is possible for Facebook to determine you as a visitor to our online offer as a target group for the placement of advertisements (so-called "Facebook ads"). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products that are determined based on the websites visited) that we transmit to Facebook (so-called "custom audiences"). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of users and are not annoying. In addition, we can track the effectiveness of Facebook ads for statistical and market research purposes by seeing whether users have been redirected to our website after clicking on a Facebook ad (so-called "conversion").
You can object to the collection by the Facebook pixel and the use of your data to display Facebook ads. To set which types of ads are displayed to you within Facebook, you can visit the page set up by Facebook and follow the instructions there on the settings for usage-based advertising. The settings are platform-independent, i.e. they apply to all devices, e.g. desktop computers or mobile devices. You can also object to the use of cookies for reach measurement and advertising purposes via the deactivation page of the network advertising initiative, and also via the US website http://www.aboutads.info or the European website http://www.youronlinechoices.com.
4. Data processing on our social media pages
We can communicate with you on our social media pages and provide you with interesting information. Through your comments, shared images, messages and reactions, we may receive further data from you that we process to communicate with you. If you use social media on multiple devices, the data may be analyzed across devices.
In addition, the providers of social media sites may also use cookies and tracking technologies to analyze and improve their services.
We operate pages on the following social media channels:
- Twitter: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, see also: https://twitter.com/en/privacy
- LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, see also: https://www.linkedin.com/legal/privacy-policy
- Instagram: Meta Platforms, Inc., 1601 Willow Road, Menlo Park 94025, United States, see also, see also: http://instagram.com/about/legal/privacy/
- Facebook: Meta Platforms, Inc., 1601 Willow Road, Menlo Park 94025, United States, see also: https://www.facebook.com/privacy/center/
When you visit our social media pages, data is processed both by us and by the respective social media provider as the controller.
The respective social media provider assumes the data protection obligations towards you as a user, such as providing information about data processing, and is the contact for your rights. This arises from the fact that such a provider has direct access to the relevant information on the social media site and the processing of your data.
Data processing is carried out with your consent or for the purpose of responding to your request (Art. 6 para. 1 lit. a, b GDPR) or based on the legitimate interest in improving the services and the external presentation (Art. 6 para. 1 lit. f GDPR).
When using Twitter, LinkedIn, Facebook or Instagram, data may also be processed outside the EU.
5. Changes to the privacy policy
We reserve the right to update this privacy policy so that it always complies with the current legal requirements or to make changes to our offers in the privacy policy. The current version of the privacy policy applies.