Global Privacy Notice

Last modified on 07/11/2024

Welcome to TrueNorth's Global Privacy Notice ('Privacy Notice') Protecting your Personal Data and complying with the General Data Protection Regulation (GDPR) and other relevant data protection legislation are matters that we take very seriously. This Privacy Notice is intended to give you an overview of how we ensure this protection and compliance, what kinds of data we collect and why, and how we deal with it.

We refer to GDPR, when describing the processing of personal data, but because we operate globally, other relevant data protection legislation can apply. When reading the Privacy Notice, please note that the reference to the GDPR only applies when it is applicable.

By 'Personal Data' we mean, in accordance with the GDPR, any information relating to an identified or identifiable individual. This is broader than just information of a personal or private nature and also includes information such as your name, date of birth, and email address.

1. Why and how do we collect, process and use your personal data?
2. Legal basis for data processing
3. Visitors to our website
4. To whom we may disclose your Personal Data?
5. What are your rights?
6. How long do we retain your Personal Data?
7. Data protection principles
8. Security
9. Changes to this Privacy Notice

We welcome your feedback. If you have any comments, complaints or questions regarding this Privacy Notice or our processing of your Personal Data, or would like to exercise any of your rights, you can contact us at:

TrueNorth Management Consultants Dr. Schuppert und Partner beratende Betriebs- und Volkswirte PartG
An der Alster 6
20099 Hamburg
Germany
Contact Information
Phone: +49 157 527 59567
Email [email protected]

The contact details of our data protection officer are:

There are some points on our websites where we collect data for information and marketing purposes with your consent. This is generally done for all TrueNorth entities as joint controllers (Art. 26 GDPR).

1. Why and how do we collect, process and use your personal data?

This Privacy Notice explains how we collect, store, use, disclose and transfer (hereinafter “process”) your personal data. The personal data that we collect about you depends on the context of your interactions with us, the products, services and features that you use, your location, and applicable law. We process your data for the reasons described below and only for the purpose intended in each case.

Our services are neither aimed at nor intended for children.

It is important that the personal data we hold about you is accurate and current. Should your personal information change, please notify us of any changes of which we need to be aware of. Please use the contact details above or keep your contact person at TrueNorth informed.

2. Legal basis for data processing

In principle, any processing of personal data is prohibited by law and is only permitted if the data processing is subject to an explicit permission. We process your data under the following circumstances:

'Consent': If you have voluntarily, in an informed and unambiguous manner, by means of a statement or other unambiguous affirmative act, indicated that you consent to the processing of personal data concerning you for one or more specific purposes (Art. 6 para. 1 sentence 1 lit. a GDPR)
'Performance of a contract': If we conclude a contract with you and the processing is necessary for the performance of this contract to which you are a party or for the implementation of pre-contractual measures taken at your request (Art. 6 para. 1 sentence 1 lit. b GDPR);
'Legal or regulatory obligation': If the processing is necessary to fulfill a legal obligation to which we are subject, e.g. a legal obligation to retain data (Art. 6 para. 1 sentence 1 lit. c GDPR);
'Legitimate interests': Where processing is necessary for the purposes of our legitimate interests (in particular legal or economic interests) or those of a third party, except where such interests are overridden by your interests or rights to the contrary (in particular where the data subject is a minor) (Art. 6 para. 1 sentence 1 lit. f GDPR);

The storage of information in your terminal device or access to information that is already stored in the terminal device is only permitted if it is covered by one of the following legal grounds:

§ 25 (1) of the German Telecommunications Digital Services Data Protection Act (TDDDG): If you have given your consent on the basis of clear and comprehensive information. Consent must be given in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR;
§ 25 para. 2 no. 2 TDDDG: If the storage or access is absolutely necessary so that we, as provider of a telemedia service, can offer a telemedia service expressly requested by you.

3. Visitors

We use cookies to personalize your experience by displaying the website in the most relevant language version based on your location or previous preferences.

Types of Cookies We Use:

Functional Cookies

These cookies help us identify your location or language preferences so we can show you the correct language version of our website. They do not track your browsing beyond this purpose.

Managing Cookies

You can control the use of cookies by adjusting your browser settings. However, disabling cookies may affect the language display on our website.

3.2 Integration of content and third-party services we currently use or may use in the future

Within our website, we use may content or service offers from third parties in order to integrate their content and services. In case of technically necessary cookies we do this on the legal basis of our legitimate interests according to Art. 6 para. 1 lit. f) GDPR, in case of technically non-necessary cookies on the legal basis of your consent according to Art. 6 para. 1 lit. a) GDPR and § 25 para. 1 TDDDG.

Third-party providers may also use so-called pixel tags (invisible graphics, also known as 'web beacons') for statistical or marketing purposes. The 'pixel tags' can be used to evaluate information such as visitor traffic on the pages of this website.

During some visits we may use software tools such as JavaScript to measure and collect session information, including page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse overs), and methods used to browse away from the page. We may use this information to measure website activity, to develop ideas for improving our websites and for any other purpose to the extent permitted by applicable law.

The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, visiting times and other details about the use of our online offering, and may also be linked to such information from other sources.

We use and engage certain providers to use cookies, web beacons, and similar tracking technologies (collectively, 'cookies') on our website. In the following you will find an overview of third-party providers and their content as well as links to their privacy policies, which contain further information on the processing of data and if applicable further options to object (known as opting out). You can, of course, change or withdraw any consent you may have given for cookies that are not absolutely technically necessary in this Privacy Policy under Cookie Declaration.

3.2.1 Cloudflare

We use Cloudflare, a trusted hosting and security provider, to protect our site and optimize loading times.

Cloudflare may collect and process certain information automatically, such as IP addresses and user interactions, to detect and mitigate potential security threats. This integration helps us ensure that our website remains secure and functions reliably.

For more information on how Cloudflare processes data, please refer to their Privacy Policy: https://www.cloudflare.com/privacypolicy/

3.2.2 Google Analytics

If you have given your consent, this website uses Google Analytics (GA4), a web analytics service provided by Google LLC. The responsible party for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ('Google').

Scope of processing

Google Analytics uses cookies that enable an analysis of your use of our websites. The information collected by means of the cookies about your use of this website is generally transferred to a Google server in the USA and stored there.

We use the User ID function. User ID allows us to assign a unique, persistent ID to one or more sessions (and the activities within those sessions) and to analyze user behavior across devices.

We use Google Signals. This allows Google Analytics to collect additional information about users who have personalized ads enabled (interests and demographics) and ads can be delivered to these users in cross-device remarketing campaigns.

Google Analytics 4 has IP address anonymization enabled by default. Due to IP anonymization, your IP address will be shortened by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

During your website visit, your user behavior is recorded in the form of 'events'. Events can be:

Page views
First visit to the website
Start of session
Your 'click path', interaction with the website
Scrolls (whenever a user scrolls to the bottom of the page (90%))
clicks on external links
internal search queries
interaction with videos
file downloads
seen / clicked ads
language settings

Also recorded:

Your approximate location (region)
your IP address (in shortened form)
technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
your internet service provider
the referrer URL (via which website/advertising medium you came to this website)

Purposes of processing

On our behalf, Google will use this information to evaluate your use of the website and to compile reports on website activity. The reports provided by Google Analytics serve to analyze the performance of our website and the success of our marketing campaigns.

Recipients

Recipients of the data are/may be:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor under Art. 28 DSGVO).
Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

It cannot be ruled out that US authorities may access the data stored by Google.

Third country transfer

Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.

Duration of storage

The data sent by us and linked to cookies are automatically deleted after 14 months. The deletion of data whose retention period has been reached occurs automatically once a month.

Legal basis

The legal basis for this data processing is your consent pursuant to Art.6 para.1 p.1 lit. a GDPR.

Revocation

You can revoke your consent at any time with effect for the future by accessing the cookie settings and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected.

You can also prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you configure your browser to reject all cookies, this may result in a restriction of functionalities on this and other websites. In addition, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google, by

a. not giving your consent to the setting of the cookie or

b. downloading and installing the browser add-on to disable Google Analytics HERE .

For more information on Google Analytics' terms of use and Google's privacy policy, please visit https://marketingplatform.google.com/about/analytics/terms/us/ and at https://policies.google.com/?hl=en .

3.2.3 Google Tag Manager

This website uses Google Tag Manager. Google Tag Manager is a solution that allows marketed website tags to be managed using an interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain and does not register Personal Data. The tool causes other tags to be activated that may, for their part, register data under certain circumstances. Google Tag Manager does not access this information. If recording has been deactivated at the domain or cookie level, this setting will remain in place for all tracking tags implemented with Google Tag Manager.

Your consent is the legal basis for this data processing, Art. 6 para.1 lit.a) GDPR.

3.2.4 Cookiebot

Our website uses the cookie consent technology of Cookiebot to obtain your consent to store certain cookies in your browser and to document these in accordance with data protection regulations. Cookiebot is a self-service cloud service of the company Cybot (https://www.cookiebot.com/de/about/).

When you enter our website, a Cookiebot cookie in which the consents you have given or the withdrawal of these consents are stored is stored in your browser. This data is not passed on to the provider of Cookiebot.

The data collected will be stored until you ask us to delete it or until you delete the cookie yourself or until the purpose for data storage no longer applies. Mandatory legal retention periods remain unaffected. For details on data processing by Cookiebot, please visit https://www.cookiebot.com/de/privacy-policy/.

The Cookiebot consent technology is used to obtain the legally required consent for the use of cookies. The legal basis for this data processing is Art. 6 para. 1 lit. c) GDPR.

3.2.5 Hubspot

We use the CRM, registration and marketing automation system 'HubSpot', operated by our service provider HubSpot Germany GmbH (Unter den Linden 26, 10117 Berlin, Germany), and its subprocessors Hubspot Inc. (25 First Street, 2nd Floor, Cambridge, MA 02141, USA) and Hubspot Ireland ltd. (One Dockland Central, Dublin 1, Ireland). For this purpose, we have concluded a data processing agreement with Hubspot Germany, and additionally so-called standard contractual clauses, in which HubSpot Inc. undertakes to process user data only in accordance with our instructions and to comply with the EU level of data protection. Learn more about HubSpot's data privacy policy here.

The legal basis for the processing is our legitimate interests Art. 6 para. 1 lit. f) GDPR for necessary cookies (to distinguish between humans and bots) and your consent Art. 6 para. 1 lit. a) GDPR for non-necessary cookies (efficient and quick processing of user requests, applications and optimization of our online offering).

3.2.6 LinkedIn Insight Tag

This website uses LinkedIn Conversion Tracking provided by LinkedIn (LinkedIn Inc.). LinkedIn Conversion Tracking is an analytics tool powered by the LinkedIn Insight-Tag. LinkedIn Conversion Tracking offers aggregated and anonymized reports on LinkedIn ad campaigns run by TrueNorth and aggregated and anonymized information on user behavior on the TrueNorth website. We use LinkedIn Conversion Tracking to track ad conversions and show website visitors more relevant ads on LinkedIn. You can prevent the collection of data generated by the cookie and its processing by LinkedIn by following the instructions on this site: www.linkedin.com/psettings/guest-controls/retargeting-opt-out. T.The LinkedIn Insight Tag enables the collection of data regarding members' visits to our website, including the URL, referrer, IP address, device and browser characteristics, timestamp, and page views. This data is encrypted, then de-identified within seven days, and the de-identified data is deleted within 90 days. LinkedIn does not share the personal data with the website owner, it only provides aggregated reports about the website audience and ad performance. LinkedIn also provides retargeting for website visitors, enabling the website owner to show personalized ads from its website by using this data, but without identifying the member.

3.2.7 LinkedIn

Our website uses features of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.

Each time you access one of our pages that contains LinkedIn features, a connection to LinkedIn servers is established. LinkedIn will be notified that you have visited our sites using your IP address. If you click on LinkedIn's 'Recommend' button and are logged into your LinkedIn account, LinkedIn is able to track your visit to our site to you and your account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by LinkedIn.

For more information, please refer to the LinkedIn privacy policy at: https://www.linkedin.com/legal/privacy-policy.

3.2.8 Awesome-Table.com

We use Awesome Table provided by Google Inc. ('Google') to display data in maps and tables on our website. For more information please see Google's privacy policy (https://talarian.io/privacy-policy)

3.2.9 MyNewsDesk

We use the Services of MyNewsdesk AB ('MyNewsDesk') to publish press releases and photos on our website. Additionally, MyNewsDesk is used to display a Feed of the TrueNorth Social Media Channels of Facebook, Instagram, Twitter and YouTube on our website.

For Information on how MyNewsDesk uses Cookies, please see MyNewsDesk's privacy policy (https://www.mynewsdesk.com/dk/about/terms-and-conditions/privacy_policy) , cookie policy (https://www.mynewsdesk.com/us/about/terms-and-conditions/cookies) and their list of cookies used (https://www.mynewsdesk.com/us/about/terms-and-conditions/cookies/cookie-list).

3.2.10 OpenStreetMap

We use the open source mapping tool OpenStreetMap to display geodata. The OpenStreetMap Foundation is based in the UK and operates its servers in Europe. For more details, please see the OpenStreetMap Foundation's privacy policy: https://wiki.osmfoundation.org/wiki/Privacy_Policy#Log_files_and_Information_submitted_to_OSMF_Services .

3.2.11 Pathmotion

We have implemented the career inspiration platform of PathMotion S.A.S ('PathMotion') to connect people who are in interested in our company directly with TrueNorth employees to provide a look behind the scenes. For Information on how PathMotion uses Cookies, please see PathMotion's end user agreement (https://www.pathmotion.co/end-user-agreement).

3.2.12 YouTube

We have embedded videos from YouTube (YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA) in our website. This has been done using the 'double click' procedure. This means that, initially, only a thumbnail is displayed on our website without a connection to YouTube being established. Only when you click on the respective thumbnail is a connection to YouTube established and your IP address forwarded to the YouTube servers. YouTube is thus informed that our website was visited with your IP address. We do not obtain any information about the data collected in this way or how it is used.

If you are signed in to your YouTube or Google account, Google may add the processed information to your account and treat it as personal data, depending on your account settings, see in particular https://www.google.de/policies/privacy/partners/ .

We integrate YouTube so that you can watch videos directly on our website. By including external videos, we reduce the load on our servers and can thus use these resources elsewhere, which can increase the stability of our servers. Further information on data processing by Google is available at https://policies.google.com/privacy .

Your consent is the legal basis for this data processing, Art. 6 para.1 lit.a) GDPR.

3.2.13 Vimeo

We have embedded Vimeo videos in our website. These videos are stored on www.vimeo.com and are directly playable from our website. The video platform is operated by Vimeo, Inc. By visiting a website with embedded Vimeo videos, a direct connection is established between your browser and a server of Vimeo in the US. Vimeo stores information about your visit to our website including your IP address. If you have a Vimeo account and do not wish Vimeo to collect information about you through this website and associate this information with your member data on Vimeo, you must log out before visiting this website. Further information on the purpose and scope of data collection and processing by the third-party provider, as well as on your rights and options for protecting your privacy, can be found at vimeo.com/cookie_policy or vimeo.com/privacy .

3.2.14 New Relic

We use the NewRelic software on our website. This enables analysis of your website usage. The information stored by the cookie about your use of this website (including your IP address) is transferred to a NewRelic server in the US. We process this data due to our predominant interest in the optimal marketing of our online offering according to Art. 6 para. 1 lit. f) GDPR.

New Relic will use the stored information to evaluate your use of the website, compile reports on website activities for the website operators and provide further services related to website and internet use. We have concluded so-called standard contractual clauses with New Relic, Inc.

Further information on data protection can be found at https://newrelic.com/termsandconditions/privacy .

3.2.15 Soundcloud

The embed functionality of Soundcloud allows us to integrate music tracks from Soundcloud into our pages. The privacy policy of Soundcloud is available at https://soundcloud.com/pages/privacy .

3.2.16 Typeform

Typeform is used to set cookies that, for example, enable the user to switch to different pages or prevent a form from being sent multiple times. Typeform thus receives your IP address and can deduce that our website was called up with this IP address. According to its own information, Typeform does not store any data by which users can be personally identified (see Typeform: https://help.typeform.com/hc/en-us/articles/360029581691-What-happens-to-my-data ).

3.2.17 MyFonts Web fonts

Our website design relies on, among other things, fonts for display purposes of MyFonts (Monotype). The legal basis for this data processing is Art. 6 para. 1 lit. f) GDPR. Therefore our website uses a visitor counter from MyFonts to record the number of visitors to our website. We are contractually obliged to use this visitor counter. Please also refer to the MyFonts privacy policy: https://www.monotype.com/legal/privacy-policy/web-font-tracking-privacy-policy

3.2.18 Meta Pixel

Within the Join section of our TrueNorth website, the so-called 'Meta Pixel' (formerly Facebook Pixel) of the social network Meta, which is operated by Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ('Meta'), is used.

With the help of the Meta pixel, it is possible for Meta, on the one hand, to determine you as a visitor to our online offer as a target group for the display of advertisements (so-called 'social media ads'). Accordingly, insofar as you have declared your consent, we use the meta pixel to display the social media ads placed by us only to those meta users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics determined on the basis of the websites visited), which we transmit to Meta (so-called 'Custom Audiences'). With the help of the Meta pixel, we also want to ensure that our social media ads correspond to the potential interest of the users and do not have a harassing effect. With the help of the Meta Pixel, we can further track the effectiveness of the Meta Ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Meta Ad (so-called 'conversion').

Meta Pixel uses, among other things, cookies, which are small text files that are stored locally in the cache of your web browser on your terminal device. If you are logged in to Meta (formerly Facebook) with your user account, your visit to our online presence will be noted in your user account. The data collected about you is anonymous for us, so it does not allow us to draw any conclusions about the identity of the user. However, Meta may link this data to your user account there. If you have a user account with Meta and are registered, Meta can assign your visit to your user account.

Basis

The Meta Pixel is used on the basis of Art. 6 para. 1 lit. a) GDPR for marketing and optimization purposes, in particular in order to place relevant and interesting ads for you on Meta and thus improve our services, make them more interesting for you as a user and avoid annoying ads.

Data Processing Agreement

For the processing of data for which Meta acts as a processor, we have concluded a data processing agreement with Meta, in which we oblige Meta to protect our customers' data. This applies to the processing of data relating to contact information for matching (2.a.i. of the Meta Business Tools Terms) and event data for measurement and analytics services (2.a.ii. of the Meta Business Tools Terms).

Joint Controller

We have entered into a Joint Controller Agreement with Meta for the processing of the Data for which we act as Joint Controller with Meta. This applies with respect to Event Data for ads targeting (2.a.iii. of the Meta Business Tools Terms) and Event Data to improve ad delivery, personalize features and content, and to improve and secure Meta products (2.a.v. of the Meta Business Tools Terms).

Required information pursuant to Art. 13 para. 1 lit. a) and lit. b) GDPR can be found in Meta's Data Policy at https://www.facebook.com/about/privacy .

Deletion

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. Data will be deleted after 180 days at the latest.

Third country

Since a transfer of personal data to the USA takes place, further protection mechanisms are required to ensure the level of data protection of the GDPR. To ensure this, Meta concludes standard data protection clauses with its subcontractors in accordance with Art. 46 para. 2 lit. c) GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe.

Objection

You can object to the collection by the meta pixel and use of your data to display meta ads. To set which types of ads are displayed to you within Meta, after you log in to Meta (formerly Facebook), you can go to the page set up by Meta and follow the instructions there on the settings for usage-based advertising. The settings are done in a platform-independent manner, which means that they are applied to all devices, such as desktop computers or mobile devices. You can further object to the use of cookies that are used for reach measurement and advertising purposes via the deactivation page of the Network Advertising Initiative and additionally the US website aboutads.info or the European website youronlinechoices.com.

You can find another opt-out option in our Cookie-Deklaration.

We would like to point out that this setting will also be deleted when you delete your cookies.

3.2.19 Matomo

The web analysis tool 'Matomo' is used for the purpose of demand-oriented design of our website. Matomo creates usage profiles on the basis of pseudonyms.

Scope of processing

Matomo uses so-called cookies, which are text files that are saved on the end-user's device and allow an analysis of the website. This enables us to collect statistics about the user's visits to the website and to identify the referring website from which the visitor has come. It also tracks the visitor's page views during the session. In this way, we are able to recognise and count returning visitors.

Heatmaps from Matomo

We also use Matomo's heatmaps service on our website. Heatmaps summarizes the end user's behavior to simplify data analysis and combine quantitative and qualitative data. They provide an overview of how our website visitors interact with an individual website or service page - what they click on, what content they browse and what they ignore. This helps us to identify trends and optimize our service.

The use of heatmaps sets an additional cookie. More information at: What are the cookies created by Matomo JavaScript Tracking client? FAQ - Analytics Platform - Matomo.

Legal basis

The legal basis for data processing is your consent in accordance with 25 para. 1 TDDDG, Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by calling up the cookie settings and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected.

Data processing agreement

For the processing of data for which Matomo acts as an data processor, we have concluded a data processing agreement with Matomo, in which we oblige Matomo to protect the data of our users.

Storage location

Your personal data and backups are stored securely in Europe.

Registered office

InnoCraft Ltd, 7 Waterloo Quay, PO Box 625, 6140 Wellington, New Zealand. New Zealand is one of the few countries that the EU considers to have an adequate level of data protection.

Matomo's privacy policy can be found here: Matomo Cloud Privacy Policy - Matomo Analytics

3.3 Participants on Events, Webinars, Surveys, Interviews, Competitions and Newsletter Subscriber

We offer the possibility to subscribe to Newsletters and studies, participate in surveys or in interviews, receive similar information and marketing materials (Newsletter), or register for events. If you would like to use these services, we will need a working email address from you and details to enable us to verify that this email address is really yours and whether you agree to receive the Newsletters. For legal reasons, an email will be sent to the email address you provided asking for confirmation in a double-opt-in procedure after signing up for our Newsletter. The legal basis for sending Newsletters Newsletteris Art. 6 para. 1 lit. a) GDPR.

When you register, we record the following data:

Title (required)
First name (required)
Last name (required)
Email (required)
Company (required)
Job title (required)
Country (optional)

The Personal Data collected when ordering information and marketing material will be used exclusively for the following purposes:

Sending the Newsletter
Consulting, marketing and advertising
Composing the topics of the Newsletter according to your interests

Our Newsletters and other automatically sent emails with information and marketing material as well as emails in connection with events contain so-called web beacons for statistical analysis. We use these to optimize the content of the Newsletters and adapt them better to user interests. By integrating these web beacons, we can identify when an email was opened by a person concerned and which links in the email were opened. This will only be done with your consent when requesting such emails.

If you register for one of our events, we also use your Personal Data for the following purposes: to identify you as a registered participant of the event, to grant you access to the event, to send reminders and to inform you if there are any changes to the event (e.g. a change of date and time), to contact you after the event to ask for your feedback in accordance with Art. 6 para. 1 lit. b) GDPR.

For the implementation of the online event (e.g webinar) we use Teams or Zoom. For this specific purpose separate data protection notice apply (refer to the supplementary Privacy Policy for Telephone Conferences and Webinars via 'Microsoft Team' and Privacy Policy for Telephone Conferences and Webinars via 'Zoom' ).

In addition, photographs and/or video recordings can be taken at the event. If you do not wish to be photographed or filmed, please let the photographer or camerapeople know on the spot. We process the photographs and/or video recordings for the purposes of documentation of the event, for printed and for online publicity on our publicly available websites or/and on social media (a.o. Instagram, Facebook, LinkedIn). For controllers in the EU the legal basis for taking and publishing of photographs and/or video recordings is our legitimate interests in reporting on the event pursuant to Art. 6 para. 1 lit. f) GDPR. We ask for your separate consent pursuant to Art. 6 para. 1 lit. a) GDPR for the publication of photos, if the content and composition of the photos or the intended use requires this.

In case TrueNorth organizes a competition on a social media channel of Facebook or Instagram following personal data will be process:

participant's account name on social media channel;
winners last name, first name, birthday, address.

A processing of the data is carried out exclusively for the implementation of the competition (for the purpose of the implementation of the participation contract and in particular for the notification of the prize). The legal basis for this data processing is Art. 6 para. 1 lit. b) GDPR and Art. 6 para. 1 lit. f) GDPR.

3.4 Clients / Suppliers

If you have had contact with us for the purpose of concluding a contract (e.g. consulting agreement) between us, for example through emailing or meeting our representative, we collect, use and store limited amounts of personal information relating to you, such as your name, job title, employer organization, contact details and other information necessary for the contract (e.g. for advising to the Client).

The legal basis for processing the data is Art. 6 para 1 lit. b) GDPR as it is necessary for the entering into a contract, for the establishment, execution and termination of the contract and for the mutual fulfilment of obligations arising from the contract, further Art. 6 para 1 lit. c) GDPR as it is legal obligation in case of managing disputes or any other legal complaints, further your consent according to Art. 6 para 1 lit. a) GDPR in case you have given us your business card, and Art. 6 para 1 lit. f) GDPR as it is necessary for the legitimate interests of TrueNorth.

We may carry out sanction list / compliance screenings with regard to the business relationship with you and in compliance with legal compliance obligations. Any such use of your Personal Data is based on the permission to process Personal Data in order to comply with statutory obligations (Art. 6 para. 1 lit. c) GDPR) and our legitimate interests (Art. 6 para. 1 lit. f) GDPR) or under the equivalent provisions under applicable law.

In some cases, we search and use Personal Data from public sources (such as LinkedIn, Xing and other publicly available sources on the internet) to complete or correct your data (first name, company, country, etc.). We store this data in our CRM system. The legal basis for this data processing is Art. 6 para. 1 lit. f) GDPR.

Your personal data, such as names, email addresses, organisational details, may also be processed by us in connection with the use of our Microsoft 365 Services. For this specific purpose separate data protection notice apply (refer to the supplementary Privacy Policy for Microsoft365 Cloud Services).

4. To whom we may disclose your Personal Data?

Where does data go once it reaches TrueNorth?

Once you send data, or it is collected on our websites, we transmit it within TrueNorth to the recipients who need to know it.

External service providers

We may involve service providers who support us in the processing of Personal Data or otherwise and who may come into contact with your Personal Data. This will only happen after the prior conclusion of a Data Protection Agreement that obligates our service providers to process Personal Data only according to our instructions and to keep it confidential.

Intra-group sharing, Joint Controllers

Within the TrueNorth Group's organization, there is a need to exchange Personal Data on an intra-group basis as Controller to Controller or Joint Controllers.

For example in the course of our business relationship with you, we may share Business Partner contact information with affiliated group companies. We and these companies (see the list here ) are jointly responsible for the proper protection of your personal data (Art. 26 GDPR). To allow you to effectively exercise your data subject rights in the context of this joint controllership, we entered into an agreement with these companies granting you the right to centrally exercise your data subject rights under section 4 of this Privacy Notice against TrueNorth.

TrueNorth entities are established outside the EU or the EEA. So, we will ensure that there are adequate safeguards (i.e. EU standard contractual clauses) in place to protect your Personal Data. We at TrueNorth are responsible for informing you about your rights as a data subject under applicable data protection laws. You can address any requests or complaints you may have with regard to your Personal Data to TrueNorth The other TrueNorth entities within the TrueNorth Group's organization that might also keep your Personal Data will give us reasonable cooperation, assistance and information in order to comply with such requests or complaints.

Sending data to third parties

As a fundamental rule, we do not disclose, transfer, sell or otherwise market Personal Data to third parties, such as other companies or organizations, without your express consent except as required to meet our contractual obligations between TrueNorth and you.

For example the following categories of recipients may receive your personal data:

authorities, courts, parties to a legal dispute or their designees to whom we are required to provide your personal data by applicable law, regulation, legal process or enforceable governmental order, e.g., tax and customs authorities, regulatory authorities and their designees, financial market regulators, public registries;
auditors or external consultants such as lawyers, tax advisors, insurers or banks, and
another company in the event of a change of ownership, merger, acquisition or disposal of assets.

Transfer of data to countries outside the EU/EEA

Where there is a sufficient legal basis, your Personal Data may be transferred to and processed outside the EU/EEA in other countries where laws and provisions governing the processing of Personal Data may be less stringent. In such cases, we will ensure that the data transfer is based on an adequacy decision (e.g., the EU-US Data Privacy Framework for transfers to the U.S. for certified companies ) or conclusion of the EU standard contractual clauses, which can be viewed and downloaded here.

5. What are your rights?

Data subjects have rights with respect to TrueNorth in relation to their Personal Data in accordance with Art. 15-21 GDPR. In particular, you have the right to:

request a copy of the Personal Data we hold about you (right of access, Art. 15 GDPR);
ask that we update the Personal Data we hold about you, or correct any Personal Data that you think is incorrect or incomplete (right to rectification, Art. 16 GDPR);
ask that we delete Personal Data that we hold about you, or restrict the way in which we use your Personal Data (right to erasure, Art. 17 GDPR and right to restriction of processing, Art. 18 GDPR)
object to our processing of your Personal Data (right to object, Art. 21 and 22 GDPR)
request that your Personal Data be transferred to you or another data controller (right to data portability, Art. 20 GDPR).

If you are unhappy with the way we have handled your Personal Data or any data protection query or request that you have raised with us, you have a right to complain to the competent supervisory authority (Art. 77 GDPR). We would, however, appreciate the chance to deal with your concerns before you approach the data protection authority, so please contact us in the first instance.

We may need to request specific information from you to help us confirm your identity and ensure your right of access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Objection and withdrawal of consent

If you have given us your consent to process your Personal Data (Art. 6 para. 1 lit. a) GDPR), you can withdraw your consent at any time with future effect. If we process your Personal Data based on Art. 6 para. 1 lit. f) GDPR (legitimate interests), you can object at any time to the processing of your Personal Data for marketing reasons.

Please use either the link included in each Newsletter we send you or, alternatively, contact TrueNorth via mail, fax, email or using the contact details given above under How to contact us.

6. How long do we retain your Personal Data?

We store Personal Data in accordance with legal storage periods. We routinely delete this Personal Data or block it once these periods expire or the reasons for storage cease to apply, in accordance with data protection rules.

If you have agreed to a longer duration for storing, processing and using your data, we will delete or block your data after this duration expires or should you revoke your consent (refer to the supplementary Privacy Policy for applicants ).

We will retain the data you transfer to us in contact requests until you ask for their deletion, object to their storage, or the purpose for their storage no longer applies. The purpose for the storage of the data no longer applies when it becomes evident that the underlying issue has been conclusively settled.

7. Data protection principles

We comply with applicable data protection laws. This says that the personal information we hold about you must be:

used lawfully, fairly and in a transparent way;
collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
relevant to the purposes we have told you about and limited only to those purposes;
accurate and to the extent appropriate, kept up to date;
kept only as long as necessary for the purposes we have told you about;
and kept securely.

8. Security

In accordance with legal requirements, TrueNorth has taken extensive technical and organizational measures to ensure a level of protection that is in line with, or in some cases exceeds, data privacy requirements. The measures taken protect not only Personal Data, but also other data processed on the same systems.

The security of your data is important to us, so all the areas of our websites where you can actively input data use encrypted data transmission such as TLS (Transport Layer Security) to protect your data from being accessed by unauthorized third parties.

If you register to use access-protected areas of TrueNorth's websites, you should keep the login details you receive in a safe place and protected from access by third parties. If you log in on a computer that is used by more than one person, please do not forget to log off properly at the end of each session and close the browser window you were using.

With help of the extensive technical and organizational security precautions TrueNorth protects your Personal Data from being manipulated, either accidentally or deliberately, or being lost, destroyed or accessed by unauthorized third parties. We are constantly improving these precautions as technology develops.

9. Changes to this Privacy Notice

This Privacy Notice was last modified on Nov 7th, 2024. We may occasionally modify or amend it from time to time. When we make changes to this Privacy Notice we will update the revision date at the top of this Privacy Notice. Where those changes are material, we will take steps to let you know. The new modified or amended Privacy Notice will apply as from that revision date. Please always verify whether you have consulted the latest version of the Privacy Notice.