Privacy policy

Information on the handling of personal data

We are very pleased about your interest in our website - and thus in our company. The protection of your private rights and freedoms is very important to us; we only use your data for the purposes intended. Since it is important to us that you are aware at all times of the extent to which we collect, use and, if necessary, transfer your data to third parties, we will provide you with the following comprehensive information on the processing of your personal data collected by us or stored by us. Visiting our website is generally possible without providing (personal) data; if there are exceptions to this for selected services, we will explain these in the following chapters. When processing personal data, we strictly adhere to the requirements of the eu general data protection regulation (gdpr) and any other data protection regulations.

Name and address of the controller

NorthRock software GmbH

Leon Bernard

Hanauer Landstraße 146

60314 Frankfurt am Main

Deutschland

Phone: +49 (0) 173 1719939

E-mail: legal@northrock.software

Website: https://northrock.software/

Name and address of the data protection officer

Mr Jörg ter Beek

Cortina Consult GmbH

Hafenweg 24

48155 Münster

Deutschland

E-mail: dsb.northrock.software@cortina-consult.de

Website: https://cortina-consult.com/

Rights of data subjects

The EU General Data Protection Regulation (GDPR) provides for extensive rights for data subjects in Chapter III, which we explain to you accordingly below with regard to the processing of your personal data:

1. Right to information

This requirement concerns in particular information on the following details of data processing:

Processing purposes

Data categories

Recipients or categories of recipients, if applicable

If applicable, the planned storage duration or the criteria for determining this duration

Note on the respective right of correction, deletion, restriction or objection

Existence of the right to complain to a supervisory authority

If applicable, origin of the data (if not collected from you)

If applicable, existence of automated decision-making including profiling, including meaningful information about the logic involved, the scope and the effects to be expected

If applicable, (planned) transfer to a third country or international organization

2. Right to rectification

We will correct any erroneous data immediately, provided that you inform us of the circumstance accordingly.

3. Right to erasure (right to be forgotten)

Provided that the processing is no longer necessary and one of the following conditions is met:

Discontinuation of the purpose of processing

Withdrawal of their consent and absence of any other legal basis for processing

Objection to processing without an important reason to the contrary

Unlawful processing

Required to fulfill a legal obligation

Data collection was carried out in accordance with Art. 8 (1) GDPR

4. Right to restriction of processing

Provided that one of the following conditions is met:

You dispute the accuracy of your data (restriction can be made for the duration of the review on our side)

In the event of unlawful processing and if the data is not to be deleted, restriction of processing shall take the place of deletion

If the processing purposes cease to apply, at the same time you need your data for the assertion, exercise or defense of legal claims

After you have lodged an objection pursuant to Art. 21 (1) GDPR and for the duration of the examination as to whether our legitimate reasons outweigh yours.

5. Right to data portability

If it is technically possible and does not affect the rights and freedoms of other persons, we will - at your request - transfer your data to another recipient (responsible party).

6. Right to object

If we collect or have collected and process personal data from you (on the basis of Art. 6 (1) e or f or Art. 9 (2) a GDPR), you have the right to object to the data processing (including profiling) at any time (with effect for the future). In exceptional cases, the objection may be ineffective, e.g. if we can demonstrate compelling interests worthy of protection for the processing that outweigh your interests or processing serves the assertion, exercise or defense of legal claims. If we process your personal data for the purpose of direct marketing, you have the right to object to such processing at any time. This also applies to profiling, insofar as it is related to such direct advertising. You also have the right to object to processing of your data concerning you which is carried out by us for scientific or historical research purposes or for statistical purposes pursuant to Article 89 (1) GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.

7. Automated decisions in individual cases including profiling

If we collect or have collected and process personal data from you, you have the right not to be subject to any decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you. Exceptions to this requirement apply if the decision is necessary for the conclusion or performance of a contract between you and us or you have expressly consented to the processing. In any case, we will take reasonable steps to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain the intervention of a person on our part, to express our own point of view and to contest the decision.

8. Right to revoke consent under data protection law

You have the right to revoke consent to the processing of personal data at any time.

9. Right to complain to a supervisory authority

A list of the supervisory authorities responsible in Germany can be found on the website of the Federal Commissioner for Data Protection.

General information on data processing on the website

The following information applies to the data processing on our website in general. If there are exceptions or additions to this information, these are described in detail in the relevant sections.

1. Data security information

We secure our website and other systems through technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons. In addition, we have implemented SSL encryption (SHA256) on our website to protect your data. However, despite regular checks, complete protection against all dangers is not possible.

2. Legal basis of processing

We process personal data in accordance with the requirements of the GDPR, depending on the type and purpose of the processing as follows:

Permitted use - Specification of the GDPR

Informed consent - Art. 6 para. 1 a

Performance of a contract - Art. 6 para. 1 b

Implementation of pre-contractual measures - Art. 6 para. 1 b

Fulfillment of legal obligations - Art. 6 para. 1 c

Protection of vital interests - Art. 6 para. 1 d

Safeguarding our legitimate interest - Art. 6 para. 1 f

3. Our legitimate interest

Our legitimate interest, as defined in Article 6 (1) f GDPR, is based on the performance of our business activities in order to maintain our ability to operate and secure the employment of our employees.

4. General deadlines for data deletion

After the purpose of storage has ceased, the retention periods are generally at least six or ten years. As a rule, data is deleted immediately in accordance with our deletion concept, provided that this does not conflict with any retention obligation, necessity for contract fulfillment or a legitimate interest.

5. Deletion or blocking of personal data

We store your personal data only for the period required to fulfill the specified purpose. After the purpose no longer applies and after expiration of any existing retention periods, your data will be deleted immediately. If deletion is not possible, the data will be blocked instead.

6. Collection of general data and information

Data collected

browser types and versions used

Operating system used, visitor origin (referrer, e.g. Google), subpages clicked on

Date and time of access to the website as well as IP address and internet service provider of the visitor

Other data and information for security in the event of attacks

Purpose of the survey

correct display of the page content

Optimization of our website content as well as our advertising

Ensuring the permanent functionality of our IT systems (for the operation of the website) and prevention of misuse

Providing relevant information to law enforcement agencies in the event of a cyberattack

7. Obligation to provide personal data

Nature or purpose of the processing

Conclusion of a sales contract (e.g. your address)

In the employee context (e.g. transmission of data to the tax office)

Need

Fulfillment of the contractual obligation (e.g. delivery of the goods to your address)

Compliance with legal requirements (e.g. tax regulations)

Information about specific data processing on the website

If applicable, in deviation from or in addition to the above-mentioned general information, you will find details of the individual data processing on our website below.

Applications and application procedure

Purpose of processing

Data of applicants are collected, processed and used for the purpose of selecting potential employees.

Recipient (if applicable)

A transfer to third parties and / or to a third country does not take place.

If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)

Forwarding does not take place and is not planned.

If known: Duration of data storage

The personal data of applicants whom we do not hire will be stored for the required period (maximum 6 months) for possible legal claims (e.g. under the General Equal Treatment Act (AGG)) and then immediately destroyed or deleted.

Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity

For a smooth application process, it is necessary that you truthfully provide us with the requested information.

Consequences of non-compliance (in case of failure to provide the required data)

Non-compliance (i.e. failure to provide the required data) may result in your inability to enter into an employment contract with us.

If applicable, existence of an automated decision-making process

In this context, we do not use automatic decision-making.

If applicable, origin of the data (if not collected directly from the data subject)

As a rule, the data originates from the data subject him/herself; however, it may also originate from third parties.

Where applicable, categories of personal data (if not collected directly from the data subject).

Master data, contact data, application data

Change of purpose if necessary

If we take you on as an employee after completion of the application process, the purpose for processing the relevant data changes: in this case, it will be used in the future to implement and maintain the employment relationship.

Newsletter

Purpose of processing

Provision of information in the form of electronic circulars

Recipient (if applicable)

None

If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)

A data transfer to a third country does not take place and is not planned.

If known: Duration of data storage

See General deadlines for data deletion

Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity

There is no obligation to provide personal data. Newsletters are sent exclusively after registration via a double opt-in procedure (voluntarily given and revocable informed consent pursuant to Article 6 (1) a DSGVO) or after a purchase contract has been successfully concluded and the e-mail address has been collected in this process (pursuant to Section 7 (3) UWG).

Consequences of non-compliance (in case of failure to provide the required data)

Non-compliance (i.e. not providing the required data) would result in the newsletter not being delivered to you.

If applicable, existence of an automated decision-making process

In this context, we do not use automatic decision-making.

If applicable, origin of the data (if not collected directly from the data subject)

The data comes from the data subject himself.

Change of purpose, if applicable

None

Contact form & Video-Call

ZwePurpose of processing

Processing and, if necessary, answering the request of the form sender

Legal basis

(according to Art. 6 / 9 GDPR) Fulfillment of a contract (Art. 6 para. 1 b), Safeguarding legitimate interests (Art. 6 para. 1 f)

Recipient (if applicable)

A transfer to third parties and / or to a third country does not take place.

If applicable, intention of forwarding to a third country or int. organization (incl. info on adequacy decision of the Commission or suitable guarantees)

A data transfer to a third country does not take place and is not planned.

If known: Duration of data storage

See General deadlines for data deletion

Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity

There is no obligation.

Consequences of non-compliance (in case of failure to provide the required data)

None

If applicable, existence of an automated decision-making process

In this context, we do not use automatic decision-making.

If applicable, origin of the data (if not collected directly from the data subject)

The data comes from the data subject himself.

Where applicable, categories of personal data (if not collected directly from the data subject).

In this context, we do not use automatic decision-making.

Change of purpose if necessary

None

Cookies

We use cookies on this website; these are small text files that are stored on your computer via your Internet browser (e.g. Google Chrome, Safari, Firefox, Edge). This cookie may contain a so-called cookie ID - a unique identifier consisting of a string of characters that allows an assignment of Internet pages and servers to the storing browser. At the same time, these cookies provide us with information that enables us to optimize our websites to meet the needs of our visitors. We use cookies in part only for the duration of the stay on the website. All cookies on our websites contain purely technical information, not personal data. It is possible to use our offers (although possibly not to the full extent of their functions) without cookies. Most browsers are set to accept cookies automatically. However, you can deactivate the storage of cookies or set your browser to notify you as soon as cookies are sent.

Request service

Purpose of the processing

Processing and, if necessary, answering the request of the form sender

Data type

Company, surname, first name, e-mail address, telephone number (optional), estimated budget (optional)

Purpose of the collection

Processing and, if applicable, answering the request of the form sender

Legal basis (pursuant to Art. 6 / 9 GDPR)

Safeguarding legitimate interests (Art. 6 para. 1 f) and implementation of pre-contractual measures (Art. 6 para. 1 b)

Recipient, if applicable (in the case of disclosure)

None

If applicable, intention of transfer to a third country or international organization (incl. information on adequacy decision of the Commission or suitable guarantees)

Data transfer to a third country does not take place and is not planned.

If known: Duration of data storage

See general time limits for data deletion

Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity

None

Consequences of non-compliance (failure to provide the required data)

None

Existence of automated decision-making, if applicable

In this context, we do not use automated decision-making.

If applicable, origin of the data (if not collected directly from the data subject)

The data usually originates from the data subject, but may also originate from third parties.

Where applicable, categories of personal data (if not collected directly from the data subject)

None

Change of purpose, if applicable

None

Cloudflare

Purpose of the processing

Protection of the website operator and website users, and improvement of loading times

Data type

IP address, log data (data on visits to the website/application), information on system configuration

Purpose of the collection

Cloudflare increases the security and performance of our website.

Legal basis (pursuant to Art. 6 / 9 GDPR)

Protection of legitimate interests (Art. 6 para. 1 f)

Recipient, if applicable (in case of disclosure)

Cloudflare Group - Cloudflare service provider

If applicable, intention of transfer to a third country or international organization (incl. information on adequacy decision of the Commission or suitable guarantees)

This service may transfer the collected data to another country. Please note that this service may transfer data outside the European Union and the European Economic Area and to a country that does not offer an adequate level of data protection. If the data is transferred to the USA, there is a risk that your data may be processed by US authorities for monitoring and surveillance purposes without you having any legal recourse. Below you will find a list of the countries to which the data is transferred. This may be the case for various purposes, e.g. for storage or processing.United States of America (USA) Click here to read the data processor's privacy policy https://www.cloudflare.com/de-de/privacypolicy/

If known: Duration of data storage

The retention period is the period of time during which the collected data is stored for processing. The data must be deleted as soon as it is no longer required for the specified processing purposes. Data is deleted as soon as it is no longer required for processing.

Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity

None

Consequences of non-compliance (failure to provide the required data)

None

Existence of automated decision-making, if applicable

In this context, we do not use automated decision-making.

If applicable, origin of the data (if not collected directly from the data subject)

The data usually originates from the data subject, but may also originate from third parties.

Where applicable, categories of personal data (if not collected directly from the data subject)

None

Change of purpose, if applicable

None

Mapbox

Purpose of the processing

Provision of an interactive map

Type of data

Date and time of visit, device type, geographic location, IP address, referrer URL, usage data, randomly generated identifiers, browser information, access method, device operating system, date and time of request, user interaction data

Purpose of the collection

This is a service for displaying maps. Mapbox offers various software development kits ('SDK') and application programming interfaces ('API') that allow us to integrate maps into our website.

Legal basis (pursuant to Art. 6 / 9 GDPR)

Informed consent (Art. 6 para. 1 a)

Recipient, if applicable (for disclosure)

MapBox IncMapbox International, Inc

If applicable, intention of transfer to a third country or international organization (incl. information on adequacy decision of the Commission or suitable guarantees)

Data transfer to a third country does not take place and is not planned.

If known: Duration of data storage

See general time limits for data deletion

Obligation to provide personal data (e.g. due to legal or contractual regulations)

None

Consequences of non-compliance (failure to provide the required data)

None

Existence of automated decision-making, if applicable

In this context, we do not use automated decision-making.

If applicable, origin of the data (if not collected directly from the data subject)

The data usually originates from the data subject, but may also originate from third parties.

Where applicable, categories of personal data (if not collected directly from the data subject)

None

Change of purpose, if applicable

None

Sentry

Purpose of the processing

Analysis, troubleshooting

Data type

Browser language, date and time of visit, operating system, IP address, previously visited website, browser data

Purpose of the collection

Error analysis, troubleshooting of customer system

Legal basis (pursuant to Art. 6 / 9 GDPR):

Informed consent (Art. 6 para. 1 a)

Recipient, if applicable (for disclosure):

Functional Software GmbH; Neuturmstraße 5, Rothschildplatz 3 Oben 3.02.AB 1020, Vienna, Austria

If applicable, intention of transfer to a third country or international organization (incl. information on adequacy decision of the Commission or suitable guarantees):

Data transfer to a third country does not take place and is not planned.

If known: Duration of data storage

See general time limits for data deletion

Obligation to provide personal data (e.g. due to legal or contractual regulations) / necessity:

Consequences of non-compliance (failure to provide the required data):

If applicable, existence of automated decision-making:

In this context, we do not use automated decision-making.

If applicable, origin of the data (if not collected directly from the data subject):

The data usually originates from the data subject, but may also originate from third parties.

Change of purpose, if applicable:

None