Privacy Policy

Information Version: 25.05.2018

1. About us

“We”, smartcon GmbH(“smartcon”, see contact details) are responsible for processing the personal data which we collect. We collect your personal data, for example during your participation in market research activities, within the context of a business relationship or when you visit our website or use our software applications. As we are based in the European Union, we process your personal data in accordance with the respective applicable European data protection laws, and other statutory regulations.

We are a market research company and a member of ESOMAR, an international organisation dedicated to developing better market research methods. We adhere to the professional standards which ESOMAR sets for its members, and simultaneously protect your privacy as a participant in our market research activities.

2. What are personal data?

“Personal data” means information through which a person can be identified either directly or indirectly; “indirectly” means a combination of several items of information. Examples of personal data are name, postal address, email address, telephone number or unambiguous identification of a device.

3. Use of personal data

We use your personal data for the purposes described below. We collect and process no more or any other kinds of personal data than required to fulfilthe respective purposes. We use personal data exclusively as described in this data protection declaration unless you have given your express consent to a different use of your personal data. If we intend to use your personal data which we are processing with your consent for purposes other than those described in the declaration of consent, we will inform you in advance and obtain the necessary consent from you.

3.1. Registration data and direct communication

For communication purposes (for instance about our services or to inform you of our guidelines and conditions) we may collect personal data such as name, postal address, email address and telephone number (“registration data”). We use your registration data and the content of our communication when we reply to your enquiries.

3.2. Participation in panels and surveys

If you take part in a panel, in addition to the registration data we also collect relevant information including personal data. We collectthe following kinds of personal data, for example:

  • as part of surveys which are carried out online, by telephone or in person,
  • if you actively transmit the data to us within the context of your participation (e.g. via Apps or devices)

(jointly referred to as “panel data”).

We evaluate these panel data, combine them with the panel data of other participants and use them for market research purposes. Please also read the respective declarations of consent for individual market research projects.

Under no circumstances will we send advertising to participants in market research projects.

3.3. Legal obligations and legal defence

Under certain circumstances we are obliged to use and store personal data for legal reasons, for instance forthe prevention, identification or investigation of a criminal activity, for the prevention of loss, fraud or other improper use of our services and IT systems. We may also use your personal data to fulfil our internal and external inspection requirements or for data security purposes or to protect our rights, our data security, our safety, our property or that of any other person.

3.4. Use of smartcon website homepages

www.smartcon.de
www.smartcon-survey.com
www.smartcon-research.com
www.feedback-partner-programm.de

This data protection declaration also applies to use of our website (see above), with the following data protection-related methods of functioning and characteristics.

Cookies and similar technologies

These websites use cookies and similar technologies to improve user experience and optimise performance, amongst other reasons.

Websites belonging to third parties

Our website may include links to websites which are not associated with smartcon and are not operated, monitored or administered by ourselves. The guidelines and practices detailed here do not apply to these websites. We do not accept any liability for the security or protection of data collected by third parties. We recommend that you contact the operators of these websites directly to obtain information on their data protection practices.

4. Collection of personal data from other sources

Under certain circumstances we also collect personal data about you from sources other than yourself. If we collect personal data about you from other sources, we will have informed you in advance about this transfer, or we will inform you at the time of the first contact that we have received your personal data, and will present you with all the information required by law. This may be the case, for instance, if you have provided a third party with your contact data and we are working with this third party to acquire participants for our market research projects. The third party in this case discloses your personal data to us within the framework of their own data protection conditions and your consent, so that we can contact you

Google Analytics

This website uses functions of the web analysis service Google Analytics. Provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses “cookies”. These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States.

Google Analytics cookies are stored on the basis of Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising.

IP anonymization

We have activated the IP anonymization function on this website. This will cause Google to shorten your IP address within member states of the European Union or other signatory states to the Agreement on the European Economic Area before it is transmitted to the United States. Only in exceptional cases the full IP address is transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google.

Browser Plugin

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting data generated by the cookie and related to your use of the website (including your IP address) as well as processing this data by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

Contradiction against data collection

You can prevent the collection of your data by Google Analytics:

An opt-out cookie is set to prevent your information from being collected on future visits of this website: Deactivate Google Analytics.

For more information on how Google Analytics uses user data, please see Google’s privacy policy:https://support.google.com/analytics/answer/6004245?hl=de.

Order data processing

We have concluded a contract with Google for order data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

5. Sharing of personal data

Without your express consent, we will disclose your personal data exclusively for the purposes described below and to the third parties named below. smartcon takes all reasonable steps to ensure that your personal data are processed, secured and transferred in accordance with applicable law.

5.1. External service-providers

If necessary we may place orders on other companies and persons within the context of data processing contracts to perform specific tasks which contribute to providing our services. We may, for instance, disclose personal data to service-providers, contractual partners or suppliers who manage our databases and applications for the purpose of providing data processing services or sending information which you have requested, or to call centres for the purposeof providing support services or carrying out surveys as part of market research projects. We only pass such data on to external service providers or permit the latter to have access to these to the extent necessary for the respective purpose. The external service-providers are not permitted to use these data for other purposes, in particular not for their own purposes orthe purposes of third parties. smartcon’s external service-providers have a contractual obligation to preserve the confidentiality of your personal data.

5.2. Customer Relationship Management (CRM)

For the purposes of Customer Relationship Management (CRM), the contact data (name, email address, telephone number, address) of our customers, service-providers or other contractual partners are stored on the servers of our service partner Hetzner in Germany.

5.3. Business transfers

In connection with the formation of new companies, re-structuring, mergers or disposals, or other transfers of business assets (“business transfers”), we transfer data, including personal data, to the extent appropriate and if this is necessary for the business transfer, provided the party receiving the data agrees to treat your personal data in a way which corresponds to the applicable data protection laws. We continuously guarantee the confidentiality of your personal data and will inform data subjects before personal data become subject to other data protection regulations.

5.4. Public authorities

We will disclose your personal data to public authorities only if this is required by law. smartcon will, for instance, respond to requests from courts of law, law enforcement authorities, regulatory authorities and other public bodies and government agencies, even if such authorities include those outside your country of residence.

7. Processing of personal data on children

smartcon does not collect or process any personal data on children under the age of 16 – or younger –without the prior consent of the parent or legal guardian. If we become aware that personal data on a child have been collected unintentionally, we will erase these data immediately.

8. Processing of sensitive data

In particular cases we may process special categories of personal data on you (“sensitive data”). “Sensitive data” are personal data on the racial and ethnic origins of a natural person, their political opinions, religions or philosophical beliefs, their membership of trade unions or genetic data, biometric data for the unambiguous identification of a natural person, health data or data on their sex life or sexual orientation. We may, for instance, process sensitive data which you have made publicly available. We may also process sensitive data if you have voluntarily given your prior, express and separate consent in a particular context for a specific purpose, for instance as part of your participation in a market research project.

9. Security

smartcon takes the topic of data security very seriously. We take all the necessary physical, electronic and administrative measures to protect the data we collect, including personal data, from unintentional or unlawful destruction, loss, alteration or unlawful disclosure, and to prevent unlawful access to personal data transferred, stored or processed in any other way.Our guidelines and procedureson data security are closely aligned with generally accepted international standards and are regularly reviewed and updated, if this is necessary to meet our business needs and technological changes, and to fulfil regulatory conditions. Access to your personal data is granted solely to the employees and service-providers of smartcon who need to have access to these data to fulfil a business purpose or to exercise their duties. In the event of a breach of data security which also affects personal data, smartcon will comply with all applicable laws relative to the duty of notification in the event of a breach in the protection of personal data

10. Your rights

As a data subject you have defined rights relative to your personal data which we process. This applies to all processing activities which are regulated in section 3 of this data protection declaration. smartcon respects your individual rights and will deal appropriately with your concerns. Information on your rights under applicable data protection laws is set out below

  • Right to revoke consent: if the processing of personal data is based on your consent, you are entitled at any time to revoke this consent using the procedure described on the respective consent form. We guarantee that the consent can be revoked in the same way as it was granted, for instance electronically. Please note that as participant in a market research project you generally also end your participation in the respective project when you revoke your consent and, if applicable, may no longer have a claim to payments, incentivesto participate, compensation for expenses or premiums.
  • Right to correction: you may request us to correct your personal data. We make reasonable efforts to keep personal data which is in our possession or under our control and is used on an ongoing basis complete, up-to-date and relevant, based on the latest information available to us. In some cases we make internet portals available where users have the opportunity to check and correct their personal data themselves.
  • Right to restrict processing: you may require us to restrict the processing of your personal data if
    • you dispute the correctness of your personal data, whilst we are checking its correctness,
    • processing is unlawful and you require the processing of your personal data to be restricted rather than have your personal data erased,
    • we no longer need your personal data, but you need these to pursue, exercise or defend a legal claim or
    • you object to the processing whilst we are verifying that our justifiable reasons take precedence over yours.
  • Right to information: you may demand information from us about your personal data which we are processing, including information on the categories of personal data which we have in our possession or under our control, the purpose for which they will be used, the source of the data, if not obtained from yourself directly if we have collected the personal data, and the question of to whom they may have been disclosed. You are entitled to demand a free copy of the personal data which we keep on you. We reserve the right to charge a reasonable fee for every further copy which you request.
  • Right to transferability: at your request we will transfer your personal data to another data controller if this is technically possible, subject to the proviso that the processing is based on your consent or is necessary to fulfil a contract. Instead of receiving a copy of your personal data, you may request us to transfer the data directly to another data controller of your choice.
  • Right to erasure: you may request us to erase your personal data if
    • the personal data are no longer required for the purpose for which they were collected or otherwise processed;
    • you are entitled to object to further processing of your personal data (see below) and are exercising this right to object to processing;
    • processing is based on your consent, you have revoked your consent and there are no other legal grounds for processing your personal data;
    • the personal data were unlawfully processed;

unless processing your personal data is necessary

    • to fulfil a statutory obligation under which we have to process the data;
    • to fulfil statutory data storage obligations;
    • to pursue, exercise or defend legal claims.

Right to object: you are entitled to object to the processing of your personal data at any time on the basis of a particular situation, provided that the processing is not based on your consent, but on our justifiable interests or the justifiable interests of third parties. In such a case we will no longer process your personal data, unless we can demonstrate convincing justifiable grounds for doing so and an overriding interest in processing the data, or with reference to the pursuit, exercise or defence of legal claims. If you object to the processing of your personal data, please state whether you wish us to erase your personal data or to restrict the processing of it.

Right to complain: in the event of a suspected infringement of applicable data protection laws, you may submit a complaint to the data protection supervisory authority responsible for smartcon (Officer for Data Protection and Freedom of Information for the state of Rhineland-Palatinate in Mainz).

  • NB:
    • Processing time: we will endeavour to meet your request within 30 days. The processing time may, however, be extended for specific reasons associated with the respective law or the complexity of your request.
    • Limitation on access: in certain situations we may not be able to grant you access to your personal data for legal reasons, or may only be able to grant access to a limited extent. If we refuse your request for access, we will inform you of the reasons for therefusal.
    • No identification: in some cases we may not be in a position to identify your personal data using the details in your request. In such cases in which we cannot identify you as the data subject, we will not be able to fulfil the exercise of your right as described in this section unless you present us with further details which make it possible to identify you.
    • Exercise of your rights: to exercise your rights, please contact us, for example by email or post. You may also contact our data protection officer directly. You will find the contact details at the end of this data protection declaration.

11. Storage of your personal data

We basically erase the personal data which we process from you or about you as soon as it is no longer needed for the purpose for which it was originally collected. However, under certain circumstances we are obliged for legal reasons to store your personal data for a longer period.

We do not erase all your personal data if you ask us not to contact you again in future. smartcon keeps lists for this purpose,which include information on people who do not wish to be contacted again (e.g. in the form or newsletters or recruitment campaigns for market research projects). We regard your request as consent to store your personal data for the purposes of keeping such lists unless you instruct us to the contrary.

12. Information on data protection in our surveys

Your privacy is important to us. For this reason we act in accordance with the following guidelines:

We collect, use and store personal data exclusively within the framework of the European General Data Protection Regulation (EU-GDPR) and the Data Protection Act (BDSG (new)) of the Federal Republic of Germany. We provide information below on the type, scope and purpose of the collection and use of data.

We collect data on every access to the online offer (“server log files”). The access data collected include the name of the website called up, the file, date and time of the retrieval, the quantity of data transferred, the report of a successful call-up, the browser type plus version, the operating system of the website visitor, the referrerURL (the website visited previously) and the requesting provider.

In accordance with legal requirements, we use the log data only for statistical evaluations for the purpose of operating, securing and optimising the online offer without assigning these to the person visiting the website or creating any other profile. We do, however, reserve the right to review the log data at a later date, if there are specific indications leading to a justifiable suspicion of unlawful use.

We store IP addresses in the log files for a limited period if this is necessary for security purposes or for providing the service and if there is a specific suspicion of criminal activity in connection with the use of the website.

We do not link these data with other data. Furthermore, after statistical evaluation these data are regularly erased within four weeks.

Participation in our surveys is entirely on a voluntary basis. We treat your privacy and integrity with the greatest care.

If you have received the link for participation in a survey by email, or via a partner panel, your response does not cause the email address/subsid (partner’s User ID) to be stored in the system –the email address/subsid is saved only inpseudonymised form and is anonymised when the study is completed. This measure enables us solely to establish whether someone has already taken partin this survey. At no time are the email address/subsid and survey data processed together.

In the event of a fully anonymous survey via an external link, no information is stored which permits any identifying information on participants in the survey to be revealed.

Any personal information which you disclose during the response to our survey will be regarded as voluntarily given and stored exclusively in accordance with the guidelines of the European General Data Protection Regulation (EU-GDPR) and the German Federal Data Protection Act (BDSG (new)). No personal data are transferred by us to any third party, unless this was explicitly stated in the description of the survey or you have given your express consent to this.

13. Amendments to this data protection declaration

We reserve the right to change our data protection practices at our discretion and to update and amend this data protection declaration at any time. This data protection declaration is valid in the version of its latest revision, which is displayed at the top of this page in each case. We handle your personal data in accordance with the data protection declaration under which they were collected, unless you have given us your consent to handling your personal data in a different way.

14. Contact details

Responsible authority:
smartcon GmbH
Hauptstr. 17-19
Altes Panzerwerk, Geb. 6320
D-55120 Mainz

Tel.: 06131 94519-0 (Reception)
Fax: 06131 94519-29
info@smartcon.de

Managing Director authorised to represent the company:
Anne Birgit Liebs

Company’s registered office:
Sprendlingen/Rhh.
Business adress: Gertrudenstrasse 42, 55576 Sprendlingen/Rhh.

Court of registration:
Administrative court of Mainz

Registration number:
HRB (Register of trades and companies) 23358

Data protection officer:
Please contact our data protection officer for all questions on the subject of data protection and to exercise your rights in this respect:
E-Mail: datenschutz@smartcon.de