Data protection

1. General information
The following information provides a simple overview of what happens to your personal data when you visit our website. Personal data is all data that identifies you personally. You will find detailed information on the subject of data protection in our data protection declaration listed below this text.

Data collection on our website:

Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. Contact details can be found in the Impressum section of this website.

How do we collect your data?
On the one hand, the data you communicate to us is collected. This can be data that you enter in a contact form, for example.
Further data is automatically collected by our IT systems when you visit the website. These are mainly technical data (e.g. internet browser, operating system, or time of the page call). This data is collected automatically when you visit our website.

What do we use your data for?
Part of the data is collected to ensure that the website is error-free. Other data can be used to analyse your user behaviour and enhance User Experience on our website.

What rights do you have in relation to your data?
You have the right to receive information about the origin, recipient, and purpose of your stored personal data at any time and free of charge. You also have the right to demand the correction, blocking or deletion of this data. For this purpose and for further questions on the subject of data protection, we are available to you at any time at the address given in the imprint. Furthermore, you have the right to contact the responsible supervisory authority.

Liability for contents:
As a service provider, we are responsible for our own content on these pages in accordance with § 7 para.1 TMG (German Telemedia Act) and general laws. However, according to §§ 8 to 10 TMG, we are not obliged as a service provider to monitor transmitted or stored third-party information or to investigate circumstances that indicate illegal activity.
Obligations to remove or block the use of information according to general laws remain unaffected by this. However, liability in this respect is only possible from the time of knowledge of a concrete infringement. Upon becoming aware of any such legal infringements, we will remove the content in question immediately.

2. General information and Mandatory information
Our offer contains links to external websites of third parties, the contents of which we have no influence on. Therefore we cannot assume any liability for these external contents. The respective provider or operator of the sites is always responsible for the content of the linked sites. The linked sites were checked for possible legal violations at the time of linking. Illegal contents were not identified at the time of linking.
However, a permanent control of the contents of the linked pages is not reasonable without concrete evidence of a violation of the law. If we become aware of any infringements, we will remove such links immediately.

Privacy policy:
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the legal data protection regulations and this privacy policy.
When you use this website, various personal data is collected. Personal data is data with which you can be personally identified. This privacy policy explains what information we collect and how we use it. It also explains how we do this and for what purpose.
We would like to point out that data transmission over the Internet (e.g. communication by e-mail) can have security gaps. It is not possible to completely protect data from access by third parties.

Reference to the responsible office:
NORTH IT GROUP GmbH
Represented by Stephan Hoffmann

The data protection officer will also assist you with the right of information (Art. 15 DSGVO), the right of correction (Art. 16 DSGVO) and the right of deletion (Art. 17 DSGVO). In the case of information pursuant to Art. 15 DSGVO, we reserve the right to check your identity in advance so that your personal data does not become known to unauthorised persons.
Please also take note of the section "Your rights as a data subject" further down in this document.

What are personal data and what personal data do we collect?
Personal data is data that allows conclusions to be drawn about the identity of a person. The data subject's browser also transmits certain personal data (see subsection "Transmission of technical data").
These data are stored in log files. The legal basis for this storage of data and log files is Art. 6 para. 1 lit. f DSGVO. The data are deleted after six weeks (see section "Storage period and deletion").
Personal data is only actively processed by us if the user voluntarily agrees to the use of his data. This is the case after corresponding consent to the use of statistics cookies, which are then processed by Google Analytics (see below).
Sending contact forms and subscribing to the newsletter also requires the consent of the person concerned (Art. 6 Para. 1 letter a DSGVO ). Purposes and legal bases of data processing General information on the legal basis
If (forms, newsletter registration) the consent of the data subject is required for the processing of personal data, Article 6 (1) (a) of the EU Basic Data Protection Regulation (DSGVO) serves as the legal basis.
When processing personal data which is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) lit. b DSGVO serves as the legal basis. This also applies to processing operations which are necessary for the implementation of pre-contractual measures.
Insofar as processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c DSGVO serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or of a third party and if the interests, fundamental rights and freedoms of the person concerned do not outweigh the former interest, Art. 6 para. 1 lit. f DSGVO serves as the legal basis for the processing.
Visiting the website
You can visit our website without providing any personal information. Only the browser transmits data (see below).
If you do not agree to the use of cookies when you first visit our website, none will be used, otherwise the category of cookies you have chosen will be used.
Hosting, transmission of technical data
Our website is hosted by an external service provider. We have concluded an agreement with the host for order processing in accordance with Art. 28 DSGVO. Please refer to the section "Order processing" further down in this document.
When you access our website, your browser transmits data to the server of the hosting service provider. We have no influence on the content of this transmission. The following data is involved:

• Host (Internet service provider, company)
• Browser type and the version of the browser used
• Operating system of the user
• IP address of the user
• Protocol (http, https)
• Date and time of access
• Error messages if necessary
• "Referrer-URL", i.e. the website from which a link to our website was made.
• Requested page of our website

Data deletion and storage duration
In principle, personal data of the person concerned is deleted or blocked as soon as the purpose of the storage no longer applies.
In addition, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws, or other regulations to which the person responsible is subject.
Blocking or erasure of data is also carried out when a storage period prescribed by the above-mentioned standards expires unless there is a need to continue storing the data for the purpose of concluding or fulfilling a contract.

Your rights as a data subject
The DSGVO guarantees you rights to your data and possibilities to enforce them. In the following we list these rights and quote the wording of the corresponding paragraph in the DSGVO.

Right to information (Art. 15 DSGVO)
"The data subject shall have the right to obtain confirmation from the controller as to whether personal data relating to him or her are being processed; if this is the case, he or she shall have the right to be informed of such personal data and to receive the following information:

• the purposes of the processing;
• the categories of personal data being processed;
• the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organisations;
• if possible, the envisaged period for which the personal data will be stored or, if this is not possible, the criteria for determining this period; the existence of a right of rectification or erasure of personal data relating to them or of a right of objection to their processing by the controller;
• the existence of a right of appeal to a supervisory authority; if the personal data are not collected from the data subject, any available information concerning the origin of the data;
• the existence of automated decision making, including profiling, as referred to in Article 22(1) and (4) and, at least in those cases, relevant information about the logic involved and the scope and intended impact of such processing on the data subject.

Right of rectification (Art. 16 DSGVO)
"The data subject shall have the right to obtain from the controller the rectification without delay of inaccurate personal data relating to him/her. 2 Having regard to the purposes of the processing, the data subject shall have the right to obtain the completion of incomplete personal data, including by means of a supplementary declaration". Right of deletion (Art. 17 DSGVO)
You have the right to request us to delete your personal data. We will delete your data as long as this does not conflict with any other legal obligations. "The person concerned has the right to demand that the person responsible for the data be immediately deleted, and the person responsible is obliged to delete personal data immediately if one of the following reasons applies:
• the personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
• the data subject withdraws the consent on which the processing was based pursuant to Article 6(1)(a) or Article 9(2)(a) and there is no other legal basis for the processing.
• the data subject objects to the processing in accordance with Article 21(1) and there are no legal basis overriding the processing, or the data subject objects to the processing in accordance with Article 21(2)
• the personal data have been processed unlawfully.
• The erasure of personal data is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject.
• The personal data have been collected in relation to information society services provided in accordance with Article 8(1).

Right to restrict processing (Art. 18 DSGVO)
"The data subject shall have the right to obtain from the controller the restriction of processing if one of the following conditions is met:
• the accuracy of the personal data is disputed by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
• the processing is unlawful, and the data subject refuses to have the personal data deleted and instead requests that the use of the personal data be restricted;
• the controller no longer needs the personal data for the purposes of the processing, but the data subject needs them in order to exercise or defend his rights; or
• the data subject has lodged an objection to the processing operation pursuant to Article 21(1), pending the determination of whether the controller's legitimate reasons outweigh those of the data subject.
Where processing has been restricted in accordance with paragraph 1, such personal data may be processed except with the consent of the data subject or for the purpose of asserting, exercising or defending legal claims or defending the rights of another natural or legal person or for reasons relating to an important public interest of the Union or a Member State".

Right to information (Art. 19 DPA)
"The controller shall notify all recipients to whom personal data have been disclosed of any rectification or erasure of personal data or any restriction on processing under Articles 16, 17(1) and 18, except where this proves impossible or involves a disproportionate effort.
The controller shall inform the data subject of such recipients if the data subject so requests.

Right to data transferability (Art. 20 DPA)
"The data subject shall have the right to obtain the personal data concerning him/her which he/she has supplied to a controller in a structured, standard and machine-readable format and the right to have such data communicated to another controller without interference by the controller to whom the personal data has been supplied, provided that
• processing is based on an authorisation in accordance with Article 6(1)(a) or Article 9(2)(a) or on a contract in accordance with Article 6(1)(b), and
• the processing is carried out by means of automated procedures.
• In exercising his or her right to transfer data in accordance with paragraph 1, the data subject shall have the right to obtain that personal data be transferred directly from one controller to another controller, in so far as this is technically feasible.
• The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. This right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
• The right referred to in paragraph 1 may not adversely affect the rights and freedoms of other persons".

Right of objection (Art. 21 DSGVO)
The data subject shall have the right to object at any time, on the grounds relating to his particular situation, to the processing of personal data relating to him which is carried out pursuant to Article 6(1)(e) or (f), including profiling based on those provisions. The controller shall cease processing personal data unless he can demonstrate that there are compelling legitimate reasons for processing which override the interests, rights, and freedoms of the data subject, or unless the processing is carried out in order to pursue, exercise or defend legal claims.
Where personal data are processed for the purpose of direct marketing, the data subject shall have the right to object, at any time, to the processing of personal data relating to him/her for the purpose of such marketing, including profiling, insofar as it relates to such direct marketing.
If the data subject objects to processing for the purposes of direct marketing, the personal data will no longer be processed for those purposes.
The data subject must be expressly informed of the right referred to in paragraphs 1 and 2 no later than the time of the first communication with him/her, in a comprehensible and separate manner from any other information.
In the context of the use of information society services, the data subject may, notwithstanding Directive 2002/58/EC, exercise his right of objection by means of automated procedures involving technical specifications.
The data subject shall have the right to object, on the grounds relating to his particular situation, to the processing of personal data concerning him which is carried out for the purposes of scientific or historical research or for statistical purposes in accordance with Article 89(1), except where such processing is necessary for the performance of a task carried out in the public interest.
Right to withdraw the declaration of consent under data protection law (Art. 7 DSGVO paragraph 3) "The data subject shall have the right to withdraw his or her consent at any time. Revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until revocation. The data subject shall be informed before consent is given. Revocation of consent must be as simple as the granting of consent".

Right to appeal to a supervisory authority (Art.77 para.1 DPA)
"Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to complain to a supervisory authority, in particular in the Member State in which he/she is normally resident, or in the Member State in which he/she works, or in the Member State in which the alleged breach occurred, if he/she considers that personal data relating to him/her are being processed in breach of this Regulation.

Saxony-Anhalt State Commissioner for Data Protection:
Dr Harald von Bose
Leiterstraße 9, 39104 Magdeburg Postfach 1947, 39009 Magdeburg
Phone: +49 391 81803-0
Fax: +49 391 81803-33
E-mail: post office(at)lfd.sachsen-anhalt.de.

Links to other websites
This website contains links to third party websites – so-called external links. The contents of these external links are beyond our control, so that we cannot accept any liability for such contents. The responsibility always lies with the respective operator of the external sites. At the time of linking the external links, no legal violations were apparent. The permanent monitoring of external content for legal violations without concrete evidence is not reasonable for us. Should we become aware of any infringements, we will remove the corresponding external links immediately.

Security
We take technical and organisational security precautions to protect your personal data managed by us against accidental or intentional manipulation, loss, destruction, or access by unauthorised persons. Our data processing and security measures are continuously improved in line with technological developments. When your personal data is transmitted to us, it is encrypted by Secure Socket Layer (SSL).
Our employees are obliged to maintain data secrecy.

Service providers
Some services on our website are provided with the help of service providers. These are services in the following areas:
• Hosting
We have concluded agreements with the relevant companies for processing orders in accordance with Art. 28 DSGVO and subsequently reproduce the data protection declarations of these companies.

Hosting
We have our own hosting.