Data protection at a glance
- General information
The following information provides a simple overview of what happens to your personal data when you visit our website. Personal data is all data that identifies you personally. You will find detailed information on the subject of data protection in our data protection declaration listed below this text.
Data collection on our website:
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. Contact details can be found in the Impressum section of this website.
How do we collect your data?
On the one hand, the data you communicate to us is collected. This can be data that you enter in a contact form, for example.
Further data is automatically collected by our IT systems when you visit the website. These are mainly technical data (e.g. internet browser, operating system, or time of the page call). This data is collected automatically when you visit our website.
What do we use your data for?
Part of the data is collected to ensure that the website is error-free. Other data can be used to analyse your user behaviour and enhance User Experience on our website.
What rights do you have in relation to your data?
You have the right to receive information about the origin, recipient, and purpose of your stored personal data at any time and free of charge. You also have the right to demand the correction, blocking or deletion of this data. For this purpose and for further questions on the subject of data protection, we are available to you at any time at the address given in the imprint. Furthermore, you have the right to contact the responsible supervisory authority.
Liability for contents:
As a service provider, we are responsible for our own content on these pages in accordance with § 7 para.1 TMG (German Telemedia Act) and general laws. However, according to §§ 8 to 10 TMG, we are not obliged as a service provider to monitor transmitted or stored third-party information or to investigate circumstances that indicate illegal activity.
Obligations to remove or block the use of information according to general laws remain unaffected by this. However, liability in this respect is only possible from the time of knowledge of a concrete infringement. Upon becoming aware of any such legal infringements, we will remove the content in question immediately.
- General information and Mandatory information
Our offer contains links to external websites of third parties, the contents of which we have no influence on. Therefore we cannot assume any liability for these external contents. The respective provider or operator of the sites is always responsible for the content of the linked sites. The linked sites were checked for possible legal violations at the time of linking. Illegal contents were not identified at the time of linking.
However, a permanent control of the contents of the linked pages is not reasonable without concrete evidence of a violation of the law. If we become aware of any infringements, we will remove such links immediately.
We would like to point out that data transmission over the Internet (e.g. communication by e-mail) can have security gaps. It is not possible to completely protect data from access by third parties.
Reference to the responsible office:
NORTH IT GROUP GmbH
Represented by Stephan Hoffmann
The data protection officer will also assist you with the right of information (Art. 15 DSGVO), the right of correction (Art. 16 DSGVO) and the right of deletion (Art. 17 DSGVO). In the case of information pursuant to Art. 15 DSGVO, we reserve the right to check your identity in advance so that your personal data does not become known to unauthorised persons.
Please also take note of the section “Your rights as a data subject” further down in this document.
What are personal data and what personal data do we collect?
Personal data is data that allows conclusions to be drawn about the identity of a person. The data subject’s browser also transmits certain personal data (see subsection “Transmission of technical data”).
These data are stored in log files. The legal basis for this storage of data and log files is Art. 6 para. 1 lit. f DSGVO. The data are deleted after six weeks (see section “Storage period and deletion”).
Personal data is only actively processed by us if the user voluntarily agrees to the use of his data. This is the case after corresponding consent to the use of statistics cookies, which are then processed by Google Analytics (see below).
Sending contact forms and subscribing to the newsletter also requires the consent of the person concerned (Art. 6 Para. 1 letter a DSGVO ). Purposes and legal bases of data processing General information on the legal basis
If (forms, newsletter registration) the consent of the data subject is required for the processing of personal data, Article 6 (1) (a) of the EU Basic Data Protection Regulation (DSGVO) serves as the legal basis.
When processing personal data which is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) lit. b DSGVO serves as the legal basis. This also applies to processing operations which are necessary for the implementation of pre-contractual measures.
Insofar as processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c DSGVO serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or of a third party and if the interests, fundamental rights and freedoms of the person concerned do not outweigh the former interest, Art. 6 para. 1 lit. f DSGVO serves as the legal basis for the processing.
Visiting the website
You can visit our website without providing any personal information. Only the browser transmits data (see below).
Hosting, transmission of technical data
Our website is hosted by an external service provider. We have concluded an agreement with the host for order processing in accordance with Art. 28 DSGVO. Please refer to the section “Order processing” further down in this document.
When you access our website, your browser transmits data to the server of the hosting service provider. We have no influence on the content of this transmission. The following data is involved:
- Host (Internet service provider, company)
- Browser type and the version of the browser used
- Operating system of the user
- IP address of the user
- Protocol (http, https)
- Date and time of access
- Error messages if necessary
- “Referrer-URL”, i.e. the website from which a link to our website was made.
- Requested page of our website
Data deletion and storage duration
In principle, personal data of the person concerned is deleted or blocked as soon as the purpose of the storage no longer applies.
In addition, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws, or other regulations to which the person responsible is subject.
Blocking or erasure of data is also carried out when a storage period prescribed by the above-mentioned standards expires unless there is a need to continue storing the data for the purpose of concluding or fulfilling a contract.
Your rights as a data subject
The DSGVO guarantees you rights to your data and possibilities to enforce them. In the following we list these rights and quote the wording of the corresponding paragraph in the DSGVO.
Right to information (Art. 15 DSGVO)
“The data subject shall have the right to obtain confirmation from the controller as to whether personal data relating to him or her are being processed; if this is the case, he or she shall have the right to be informed of such personal data and to receive the following information:
- the purposes of the processing;
- the categories of personal data being processed;
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organisations;
- if possible, the envisaged period for which the personal data will be stored or, if this is not possible, the criteria for determining this period; the existence of a right of rectification or erasure of personal data relating to them or of a right of objection to their processing by the controller;
- the existence of a right of appeal to a supervisory authority; if the personal data are not collected from the data subject, any available information concerning the origin of the data;
- the existence of automated decision making, including profiling, as referred to in Article 22(1) and (4) and, at least in those cases, relevant information about the logic involved and the scope and intended impact of such processing on the data subject.
Right of rectification (Art. 16 DSGVO)
“The data subject shall have the right to obtain from the controller the rectification without delay of inaccurate personal data relating to him/her. 2 Having regard to the purposes of the processing, the data subject shall have the right to obtain the completion of incomplete personal data, including by means of a supplementary declaration”. Right of deletion (Art. 17 DSGVO)
You have the right to request us to delete your personal data. We will delete your data as long as this does not conflict with any other legal obligations. “The person concerned has the right to demand that the person responsible for the data be immediately deleted, and the person responsible is obliged to delete personal data immediately if one of the following reasons applies:
- the personal data are no longer necessary for the purposes for which they were collected or otherwise processed
- the data subject withdraws the consent on which the processing was based pursuant to Article 6(1)(a) or Article 9(2)(a) and there is no other legal basis for the processing.
- the data subject objects to the processing in accordance with Article 21(1) and there are no legal basis overriding the processing, or the data subject objects to the processing in accordance with Article 21(2)
- the personal data have been processed unlawfully.
- The erasure of personal data is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject.
- The personal data have been collected in relation to information society services provided in accordance with Article 8(1).
Right to restrict processing (Art. 18 DSGVO)
“The data subject shall have the right to obtain from the controller the restriction of processing if one of the following conditions is met:
- the accuracy of the personal data is disputed by the data subject, for a period enabling the controller to verify the accuracy of the personal data
- the processing is unlawful and the data subject refuses to have the personal data deleted and instead requests that the use of the personal data be restricted;
- the controller no longer needs the personal data for the purposes of the processing, but the data subject needs them in order to exercise or defend his rights; or
- the data subject has lodged an objection to the processing operation pursuant to Article 21(1), pending the determination of whether the controller’s legitimate reasons outweigh those of the data subject.
Where processing has been restricted in accordance with paragraph 1, such personal data may be processed except with the consent of the data subject or for the purpose of asserting, exercising or defending legal claims or defending the rights of another natural or legal person or for reasons relating to an important public interest of the Union or a Member State”.
Right to information (Art. 19 DPA)
“The controller shall notify all recipients to whom personal data have been disclosed of any rectification or erasure of personal data or any restriction on processing under Articles 16, 17(1) and 18, except where this proves impossible or involves a disproportionate effort.
The controller shall inform the data subject of such recipients if the data subject so requests.
Right to data transferability (Art. 20 DPA)
“The data subject shall have the right to obtain the personal data concerning him/her which he/she has supplied to a controller in a structured, standard and machine-readable format and the right to have such data communicated to another controller without interference by the controller to whom the personal data has been supplied, provided that
- processing is based on an authorisation in accordance with Article 6(1)(a) or Article 9(2)(a) or on a contract in accordance with Article 6(1)(b), and
- the processing is carried out by means of automated procedures.
- In exercising his or her right to transfer data in accordance with paragraph 1, the data subject shall have the right to obtain that personal data be transferred directly from one controller to another controller, in so far as this is technically feasible.
- The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. This right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
- The right referred to in paragraph 1 may not adversely affect the rights and freedoms of other persons”.
Right of objection (Art. 21 DSGVO)
The data subject shall have the right to object at any time, on the grounds relating to his particular situation, to the processing of personal data relating to him which is carried out pursuant to Article 6(1)(e) or (f), including profiling based on those provisions. The controller shall cease processing personal data unless he can demonstrate that there are compelling legitimate reasons for processing which override the interests, rights and freedoms of the data subject, or unless the processing is carried out in order to pursue, exercise or defend legal claims.
Where personal data are processed for the purpose of direct marketing, the data subject shall have the right to object, at any time, to the processing of personal data relating to him/her for the purpose of such marketing, including profiling, insofar as it relates to such direct marketing.
If the data subject objects to processing for the purposes of direct marketing, the personal data will no longer be processed for those purposes.
The data subject must be expressly informed of the right referred to in paragraphs 1 and 2 no later than the time of the first communication with him/her, in a comprehensible and separate manner from any other information.
In the context of the use of information society services, the data subject may, notwithstanding Directive 2002/58/EC, exercise his right of objection by means of automated procedures involving technical specifications.
The data subject shall have the right to object, on the grounds relating to his particular situation, to the processing of personal data concerning him which is carried out for the purposes of scientific or historical research or for statistical purposes in accordance with Article 89(1), except where such processing is necessary for the performance of a task carried out in the public interest.
Right to withdraw the declaration of consent under data protection law (Art. 7 DSGVO paragraph 3) “The data subject shall have the right to withdraw his or her consent at any time. Revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until revocation. The data subject shall be informed before consent is given. Revocation of consent must be as simple as the granting of consent”.
Right to appeal to a supervisory authority (Art.77 para.1 DPA)
“Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to complain to a supervisory authority, in particular in the Member State in which he/she is normally resident, or in the Member State in which he/she works, or in the Member State in which the alleged breach occurred, if he/she considers that personal data relating to him/her are being processed in breach of this Regulation.
Saxony-Anhalt State Commissioner for Data Protection:
Dr Harald von Bose
Leiterstraße 9, 39104 Magdeburg Postfach 1947, 39009 Magdeburg
Phone: +49 391 81803-0
Fax: +49 391 81803-33
E-mail: post office(at)lfd.sachsen-anhalt.de.
Links to other websites
This website contains links to third party websites – so-called external links. The contents of these external links are beyond our control, so that we cannot accept any liability for such contents. The responsibility always lies with the respective operator of the external sites. At the time of linking the external links, no legal violations were apparent. The permanent monitoring of external content for legal violations without concrete evidence is not reasonable for us. Should we become aware of any infringements, we will remove the corresponding external links immediately.
We take technical and organisational security precautions to protect your personal data managed by us against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our data processing and security measures are continuously improved in line with technological developments. When your personal data is transmitted to us, it is encrypted by Secure Socket Layer (SSL).
Our employees are obliged to maintain data secrecy.
Some services on our website are provided with the help of service providers. These are services in the following areas
- Newsletter registration, newsletter management
- Web analysis, tracking
- Valuation management
We have concluded agreements with the relevant companies for processing orders in accordance with Art. 28 DSGVO and subsequently reproduce the data protection declarations of these companies.
We have our own hosting.
Our newsletter is sent via “MailChimp”, a newsletter dispatch platform of the US supplier Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. The e-mail addresses of our newsletter recipients, as well as other data described in this notice, are stored on the servers of MailChimp in the USA. MailChimp uses this information to send and evaluate the newsletter on our behalf. Furthermore, MailChimp may use this data according to its own information to optimize or improve its own services, e.g. for technical optimization of the dispatch and the presentation of the newsletter or for economic purposes to determine from which countries the recipients come. However, MailChimp does not use the data of our newsletter recipients to write to them itself or pass them on to third parties. MailChimp is certified under the US-EU data protection agreement “Privacy Shield” and is therefore committed to comply with the EU data protection regulations. Furthermore, we have concluded a “Data-Processing-Agreement” with MailChimp. This is a contract, in which MailChimp commits itself to protect the data of our users, to process them on our behalf according to its data protection regulations and especially not to pass them on to third parties.
Order processing agreement Mailchimp (https://mailchimp.com/legal/data-processing-addendum/)
Google Analytics and Google Tag Manager
Our website uses the services of Google Analytics. This is a web analysis service of Google Inc. The analysis of your use of the website is made possible by the fact that so-called “cookies” are stored on your computer and these then generate information about your user behaviour and forward it to Google Inc. As a rule, a shortened version of your IP address is forwarded to Google servers. In exceptional cases, the complete IP address may also be forwarded. Google uses this information on our behalf to create a report on user behaviour on our pages. The IP address determined by Google Analytics is not combined with other data from Google. If you do not wish cookies to be stored on your computer, you can make appropriate settings in your browser. Unfortunately, this may result in a restricted use of our pages. You can prevent the collection by Google Analytics by clicking on the following link: https://adssettings.google.com/authenticated?hl=de
We would like to point out that on this website Google Analytics has been extended by the code “anonymizeIp” in order to ensure anonymous recording of IP addresses (so-called IP masking).
We also use the Google Tag Manager. With this service you can manage website tags. The Google Tag Manager simply sets up tags – tags are pieces of code that are used to measure visitor traffic and behaviour. Tags come from other services – in our case from Google Analytics (see above). The Google Tag Manager only manages these tags, no cookies are set and no personal data is collected. If tracking has been deactivated, this also applies to all tracking tags that are managed by the Google Tag Manager.
In order to ensure sufficient data security during the transmission of forms, we use the service reCAPTCHA of the company Google Inc. in certain cases. This is mainly used to differentiate whether the input is made by a natural person or abusively by machine and automated processing. The service includes the sending of the IP address and possibly other data required by Google for the service reCAPTCHA to Google. The deviating data protection regulations of Google Inc. apply to this. Further information on the data protection guidelines of Google Inc. can be found at www.google.de/intl/de/privacyoderlink
This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, and campaign data and to track the use of the website for the website analysis report. Cookies store information anonymously and assign a randomly generated number to identify unique visitors.
- 2 years Analytics
This cookie is installed by Google Analytics. The cookie is used to store information on how visitors use a website and helps to produce an analysis report on the state of the website. The data collected includes the number of visitors, the source from which they came and the pages visited in anonymous form.
- 1 day Analytics
These cookies are installed by Google Universal Analytics to reduce the request rate and thus limit the collection of data on heavily frequented websites.
- 1 minute performance
Google uses this cookie to differentiate users.
- 1 minute Analytics