PRIVACY POLICY

Information as of: 30.11.2024

1. About us

“We”, smartcon GmbH(“smartcon”, see contact details) are responsible for processing the personal data which we collect. We collect your personal data, for example during your participation in market research activities, within the context of a business relationship or when you visit our website or use our software applications. As we are based in the European Union, we process your personal data in accordance with the respective applicable European data protection laws, and other statutory regulations.

We are a market research company and a member of ESOMAR, an international organization dedicated to developing better market research methods. We adhere to the professional standards that ESOMAR sets for its members, while also protecting your privacy as a participant in our market research activities.

2. What are personal data?

Personal data is information that can be used to directly or indirectly identify a person; “indirectly” means the combination of several pieces of information; examples of personal data are name, postal address, email address, telephone number or a unique device identifier.

3. Use of personal data

We use your personal data for the purposes described below. We do not collect or process more or different types of personal data than are necessary to fulfill the respective purposes. We use personal data exclusively as described in this privacy policy, unless you have given your express consent to use your personal data for other purposes. If we intend to use your personal data, which we process with your consent, for purposes other than those described in the consent statement, we will inform you in advance and obtain the necessary consent.

3.1. Registration data and direct communication

For communication purposes (e.g. about our services or to inform you about our policies and conditions), we may collect personal data such as name, postal address, telephone number, and email address (“registration data”). We use your registration data as well as the content of our communication when we respond to your inquiries.

3.2. Participation in panels and surveys

When you participate in a panel, we collect relevant information in addition to the registration data, including personal data. For example, we collect such personal data:

As part of surveys conducted online, by phone, or in person, when you actively provide us with data during your participation (e.g., via applications or devices) (collectively referred to as 'Panel Data').
We analyze this panel data, aggregate it with the panel data of other participants, and use it for market research purposes. Please also read the respective consent declarations for individual market research projects. Under no circumstances do we send advertising to participants in market research projects.

3.3. Legal obligations and legal defense

We may be required to use and retain personal data for legal reasons, for example to prevent, detect, or investigate a crime, to prevent loss, fraud, or other misuse of our services and IT systems. We may also use your personal data to meet our internal and external audit requirements or data security purposes, or to protect our rights, data security, safety, property, or that of other persons.

3.4. Use of the smartcon homepages

This privacy policy also applies to your use of our websites, see above (“website”), with the following data protection-related functionalities and features.

Cookies and similar technologies

This website uses cookies and similar technologies, among other things, to improve the user experience and optimize performance.

Third-party websites

Our website may contain links to websites that are not affiliated with smartcon and are not operated, controlled, or managed by us. The policies and practices set forth herein do not apply to these websites. We are not responsible for the security or protection of data collected by third parties. We recommend that you contact the operators of these websites directly to obtain information about their data protection practices.

4. Collection of personal data from other sources

Under certain circumstances, we also collect personal data about you from sources other than yourself. If we collect personal data about you from other sources, you will have been informed in advance about the transmission, or we will inform you at the first contact that we have received your personal data and provide you with all legally required information. This may be the case, for example, if you have provided your contact details to a third party and we work with this third party to recruit participants for our market research projects. The third party then transmits your personal data to us in accordance with its data protection regulations and your consent so that we can contact you.

5. Disclosure of personal data

Without your express consent, we disclose your personal data exclusively for the purposes described below and to the third parties named below. smartcon takes appropriate steps to ensure that your personal data is processed, secured, and transmitted in accordance with applicable law.

5.1. External service providers

If necessary, we commission other companies and individuals to perform certain tasks that contribute to our services under contract processing agreements. For example, we may disclose personal data to service providers, contract partners, or providers who manage our databases and applications for the purpose of providing data processing services or transmitting the information requested by you or to call centers for the purpose of providing support services or conducting surveys as part of market research projects. We only disclose such data to external service providers or allow them to access it to the extent necessary for the respective purpose. These data may not be used by external service providers for other purposes, in particular not for their own purposes or the purposes of third parties. smartcon's external service providers are contractually obligated to maintain the confidentiality of your personal data.

5.2. Customer Relationship Management (CRM)

For the purposes of customer relationship management (CRM), the contact details (name, email address, telephone number, address) of our customers, service providers, or other contract partners are stored on the servers of our service partner Hetzner in Germany.

5.3. Corporate transfers

In connection with start-ups, restructurings, mergers or acquisitions, or other transfers of assets (“corporate transfers”), we transmit data, including personal data, to an appropriate extent and to the extent necessary for the corporate transfer, provided that the receiving party agrees to treat your personal data in a manner that complies with applicable data protection laws. We continuously ensure the confidentiality of personal data and inform affected persons before personal data is subject to other data protection regulations.

5.4. Public authorities

We only disclose your personal data to public authorities if required by law. For example, smartcon responds to requests from courts, law enforcement agencies, regulatory authorities, and other public and government authorities, which may include authorities outside your country of residence.

7. Processing of personal data of children

smartcon does not collect or process personal data of children under 16 years of age – or younger – without the prior consent of the parents. If we become aware that personal data of a child has been collected unintentionally, we will delete this data immediately.

8. Processing of sensitive data

In particular cases we may process special categories of personal data on you (“sensitive data”). “Sensitive data” are personal data on the racial and ethnic origins of a natural person, their political opinions, religions or philosophical beliefs, their membership of trade unions or genetic data, biometric data for the unambiguous identification of a natural person, health data or data on their sex life or sexual orientation. We may, for instance, process sensitive data which you have made publicly available. We may also process sensitive data if you have voluntarily given your prior, express and separate consent in a particular context for a specific purpose, for instance as part of your participation in a market research project.

9. Security

smartcon takes data security very seriously. We take all necessary physical, electronic, and administrative measures to protect the data we collect, including personal data, from accidental or unlawful destruction, loss, alteration, and unauthorized disclosure and to prevent unauthorized access to transmitted, stored, or otherwise processed personal data. Our information security policies and procedures are closely aligned with commonly accepted international standards and are regularly reviewed and updated as necessary to meet our business requirements, technological changes, and regulatory requirements. Access to your personal data is granted only to those smartcon employees, service providers who need to know this data to fulfill a business purpose or to perform their duties. In the event of a data security breach that also affects personal data, smartcon complies with all applicable laws regarding the obligation to notify in the event of a breach of the protection of personal data.

10. Your rights

As a data subject, you have certain rights with respect to your personal data that we process. This applies to all processing activities governed by Section 3 of this privacy policy. smartcon respects your individual rights and will respond appropriately to your concerns. Below you will find information about the rights to which you are entitled under applicable data protection laws:

Right to withdraw consent: If the processing of personal data is based on your consent, you are entitled to withdraw this consent at any time in accordance with the procedure described in the respective consent form. We ensure that consent can be withdrawn in the same way it was given, e.g. electronically. Please note that as a participant in a market research project, revoking your consent will generally also end your participation in the respective project and may result in no longer being entitled to remuneration, participation incentives, expense allowances, or premiums.
Right to rectification: You can request us to correct personal data concerning you. We make reasonable efforts to keep personal data in our possession or under our control that is continuously used based on the most up-to-date information available to us correct, complete, current, and relevant. In some cases, we provide internet portals through which users have the opportunity to review and correct their personal data themselves.
Right to restriction of processing: You can request us to restrict the processing of your personal data if
- You contest the accuracy of your personal data while we verify the accuracy,
- the processing is unlawful and you request the restriction of processing instead of erasure of your personal data.
- we no longer need your personal data, but you need it to establish, exercise or defend a legal claim; or
- You object to processing while we verify whether our legitimate grounds override yours.
Right to information: You can request information from us about your personal data that we process, including information about the categories of personal data we have in our possession or under our control, the purpose of use, from which source, if not directly from you, we collected the personal data, and to whom they have been disclosed, if applicable. You are entitled to request a free copy of the personal data we hold about you. We reserve the right to charge a reasonable fee for any additional copy you request.
Right to data portability: Upon your request, we will transfer your personal data to another controller, if technically feasible and provided that the processing is based on your consent or is necessary for the performance of a contract. Instead of receiving a copy of your personal data, you may request that we transfer the data directly to another controller of your choice.
Right to erasure: You can request us to delete your personal data if
- the personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
- you have the right to object to further processing of your personal data (see below) and exercise this right to object to processing.
- the processing is based on your consent, you have withdrawn your consent and there is no other legal basis for the processing.
- the personal data have been processed unlawfully
- to fulfill a legal obligation which requires us to process the data.
- to comply with legal data retention obligations.
- to assert, exercise or defend legal claims.

Right to object: You are entitled at any time to object to the processing of your personal data based on a specific situation, provided that the processing is not based on your consent but on our legitimate interests or the legitimate interests of third parties. In such a case, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds and a compelling interest in processing or in asserting, exercising, or defending legal claims. If you object to the processing, please indicate whether you wish to have your personal data deleted or the processing restricted by us.

Right to lodge a complaint: In the event of a suspected breach of applicable data protection laws, you may lodge a complaint with the data protection supervisory authority responsible for smartcon (State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate in Mainz).

Note:

Processing time: We will endeavor to respond to your request within 30 days. However, the processing time may be extended for certain reasons related to the specific right or the complexity of your request.
Access restriction: In certain situations, we may not be able to grant you access to your personal data or may only be able to grant you restricted access due to legal requirements. If we reject your access request, we will inform you of the reason for the rejection.
No identification: In some cases, we may not be able to identify your personal data based on the information in your request. In cases where we cannot identify you as a data subject, we may not be able to exercise your rights described in this section unless you provide us with additional information that allows us to identify you.
Exercising your rights: To exercise your rights, please contact us, for example by email or post. You can also contact our data protection officer directly. The contact details can be found at the end of this privacy policy.

11. Storage of your personal data

In principle, we delete the personal data we process from you or about you as soon as it is no longer needed for the purpose for which it was originally collected. However, we may be required by law to store your personal data for a longer period of time.

We do not delete all of your personal data when you ask us to refrain from contacting you again in the future. For this purpose, smartcon maintains records that include information about individuals who do not wish to be contacted again in the future (e.g. in the form of newsletters or recruitment campaigns for market research projects). We consider your request as consent to store your personal data for the purpose of maintaining such records, unless you give us different instructions.

12. Information on data protection in our surveys

Your privacy is important to us. For this reason, we act according to the following guidelines:

We collect, use, and store personal data exclusively in accordance with the provisions of the European General Data Protection Regulation (EU-DSGVO) and the Federal Data Protection Act (BDSG (new)) of the Federal Republic of Germany. Below, we inform you about the nature, scope, and purpose of data collection and use.

We collect data about every access to the online offer (so-called server log files). Access data includes the name of the accessed website, file, date and time of access, amount of data transferred, message about successful access, browser type and version, the operating system of the page visitor, referrer URL (the previously visited page), and the requesting provider.

We use the log data without assignment to the person of the page visitor or other profiling in accordance with legal regulations only for statistical evaluations for the purpose of operation, security, and optimization of the online offer. However, we reserve the right to subsequently check the log data if there is a justified suspicion of illegal use based on specific indications.

We store IP addresses for a limited period in the log files if this is necessary for security purposes or for the provision of services and if there is a specific suspicion of a criminal offense in connection with the use of the website.

We do not link this data to other data. The data is also deleted regularly within four weeks after a statistical evaluation.

Participation in our surveys is purely voluntary. We treat the integrity of your privacy and your integrity with the utmost care.

If you received the link to participate in a survey by email or through a partner panel, the email address/subsid (UserID from the partner) is not stored in the system by answering – the email address/subsid is only stored in pseudonymized form and is anonymized when the study is completed. With this measure, we only record whether someone has already participated in this survey. At no time are email address/subsid and survey data processed together.

In the case of a completely anonymous survey via an external link, no information is stored that allows conclusions to be drawn about the participants in the survey.

Any personal information you provide during the completion of our survey is considered to be voluntary and stored exclusively in accordance with the legal provisions of the European General Data Protection Regulation (EU-DSGVO) and the Federal Data Protection Act (BDSG (new)). Personal data is not disclosed by us to third parties unless this has been explicitly stated in the survey description or you have given your express permission.

13. Changes to this privacy policy

We reserve the right to change our privacy practices at our discretion and to make updates and changes to this privacy policy at any time. This privacy policy is valid in the version of the last revision, which is displayed at the top of this page. We treat your personal data in accordance with the privacy policy under which it was collected, unless we have your consent to handle your personal data differently.

14. Contact details

Responsible office:

smartcon GmbH
Kaiserstr. 39
D-55116 Mainz
Tel.: 06131 94519-0 (Empfang)
info@smartcon.de

Authorized representative managing director:

Philipp Möllers

Registered office:

Sprendlingen/Rhh.
Geschäftsanschrift: Gertrudenstrasse 42, 55576 Sprendlingen/Rhh.

Register court:

Amtsgericht Mainz

Register number:

HRB 23358

Data protection officer:

If you have any questions about data protection or if you wish to exercise your rights, please contact our data protection officer:
E-Mail: datenschutz@smartcon.de