Data protection statement pursuant to the GDPR
This statement aims to explain data collection and processing procedures when visiting our website as well as during our telephone interviews and online surveys. Personal data means all data that refers to you as an individual, e.g. name, address, email addresses, user behaviour or IP address.
I. Name and address of the responsible party
The responsible party pursuant to art. 4(7) of the General Data Protection Regulation (GDPR) and other national data protection laws of the Member States as well as other statutory data protection provisions is:
IFF Research Services GmbH
60594 Frankfurt am Main
Tel.: +49 (0) 69 247 563 900
II. Name and address of the data protection officer
III. General information about data processing
1. Scope of processing personal data
We generally collect and use personal data from our users only as required to provide a functioning website and to deliver our content and services. We collect and use personal data on a regular basis only with the user’s consent. There is an exception where prior consent cannot be obtained for factual reasons, and there are legal provisions that permit the processing of data.
During the course of our telephone interviews and online surveys we collect and process personal data for which we either have received written consent from former respondents or that has been transferred to us by our client within an order processing contract for the duration of the market research study. Additionally, we receive personal data from third-party suppliers, who have in advance confirmed in writing the legal and lawful processing and forwarding of personal data. Lastly we use numbers that are systematically generated. During this procedure the last two digits of an existing telephone number are removed and randomly replaced by two new digits in our system.
During the course of every market research study all your answers are either anonymised or pseudonymised, guaranteeing that no conclusions by which you could be identified can be drawn.
2. Legal basis for processing personal data
Insofar as we have obtained an individual’s consent for the processing of their data, art. 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.
When processing personal data required for the fulfilment of a contract where the signatory to the contract is the individual concerned, art. 6(1)(b) of the GDPR serves as the legal basis thereof. This also applies to the processing of data which is required for the implementation of pre-contractual measures. Where the processing of personal data is required to comply with a legal obligation to which our company is subject, art. 6(1)(c) of the GDPR serves as the legal basis therefor.
Where the processing of personal data is required to protect the vital interests of the individual concerned or of another natural person, art. 6(1)(d) of the GDPR serves as the legal basis therefor.
If the processing of data is required to safeguard a legitimate interest of our company or that of a third party, and this interest is not overridden by the individual’s interests or fundamental rights and freedoms, art. 6(1(f) of the GDPR serves as the legal basis for the processing.
3. Deletion of data and retention period
An individual’s personal data is deleted or blocked as soon as the purpose for saving it expires. Data may also be saved when this is prescribed by European or national legislators in Union law decrees, laws, or other regulations to which the responsible party is subject. Data will also be blocked or deleted when the retention period prescribed in the standards specified has expired, unless there is a requirement to further save the data for the conclusion or fulfilment of a contract.
4. Use of third-party website services
We sometimes use external service providers to process your data. We are careful when selecting and appointing these service providers. They are required to follow our instructions and are subject to regular inspection. Data will not be transferred to countries outside the EU or the EEA (so-called third-party States).
IV. Rights of the data subject
Each data subject has the right of Access pursuant to article 15 of the GDPR, the right to rectification pursuant to article 16 of the GDPR, the right to erasure pursuant to article 17 of the GDPR, the right to restriction of processing pursuant to article 18 of the GDPR, the right to object pursuant to article 21 of the GDPR and the right to data portability pursuant to article 20 of the GDPR. The right of access and right to erasure are subject to the restrictions pursuant to Sections 34 and 35 of the German Federal Data Protection Act (BDSG), if applicable. The individual also has the right to make a complaint to a data protection supervisory authority – article 77 of the GDPR (in conjunction with Section 19 of the BDSG).
You may withdraw your consent to the processing of your personal data with us at any time. This also applies to the withdrawal of statements of consent provided to us prior to the EU General Data Protection Regulation coming into effect, i.e. prior to 25 May 2018. Please note that withdrawal is only effective for the future. Any data processed prior to withdrawal of consent will not be affected. Withdrawal has no form requirement and should, where possible, be addressed to the responsible body (see Point I).
V. Provision of the website and the creation of log files
1. Description and scope of data processing
Each time our website is accessed, our system automatically records data and information from the accessing computer’s system. If the website is used for information purposes only, we only collect the personal data that your browser transfers to our server.
This data is also saved in our system’s log files. This does not concern the user’s IP addresses, or other data which would allow this information to be assigned to an individual user. This data is not saved with the user’s other personal data.
2. Legal basis for data processing
The legal basis for temporarily saving data is art. 6(1)(f) of the GDPR.
3. Purpose of data processing
The system needs to temporarily save the IP address in order to provide the website to the user’s computer. This means that the user’s IP address must be saved for the duration of the session.
These purposes also cover our legitimate interest in data processing pursuant to art. 6(1)(f) of the GDPR.
4. Retention period
Data is deleted as soon as it is no longer required for the purpose for which it was captured. Where data is collected to allow us to provide the website, it is deleted at the end of each session.
5. Option of objection and elimination
Collecting data in order to provide the website, and saving this data in log files, is crucial for the operation of the Internet site. Consequently, the user has no option of objection.
VI. Data collection on our website – cookies
The websites partially use so-called cookies. Cookies do not damage your computer in any way and do not contain any malware. The purpose of these is to make our services more user-friendly, more effective and more secure. Cookies are small textfiles stored on your computer and saved in your browser.
Most cookies we use are session cookies which are automatically deleted from your hard drive at the end of your browser. Other cookies are persistent cookies that remain stored on your computer until deleted. These cookies allow us to recognise your browser upon your next visit.
You can configure your browser so as to be informed about the placement of cookies to decide to accept these on a case-by-case, to refuse to accept cookies in general or in certain cases as well as to activate the automatic deletion of cookies when closing your browser. The deactivation or rejection of cookies may restrict the functionality of our web offer.
Cookies necessary for the performance of electronical communication processes or the provision of specific functions requested by you (e.g. shopping cart functions) are saved based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the storage of cookies for a technically sound and optimised supply of its services. Provided that other cookies (e.g. cookies for the analysis of your surfing behaviour) are stored, these will be handled separately in the data protection declaration. The person concerned may impede the placement of cookies through our website at any point in time by means of an appropriate setting of the internet browser used and thereby permanently object to the setting of cookies. Furthermore, set cookies may be deleted through an internet browser or another software program anytime. This is possible in all common internet browsers. If the person concerned deactivates the setting of cookies in the used internet browser, it is possible that not all functions on our website are fully utilisable.
VII. Contact form and email contact
1. Description and scope of data processing
There is a contact form on our website which can be used to make contact electronically. If a visitor uses this option, the data entered in the input screen will be transmitted to us and saved.
So that we can process this data, your consent will be obtained as part of the submission process, and you will be referred to this data protection statement.
Alternatively, we can be contacted via the email address provided. In this event, the user’s personal details contained in the email will be saved.
This data will not be forwarded to third parties. This data will only be used to process the conversation.
2. Legal basis for data processing
The legal basis for processing data where the user has granted consent is art. 6(1)(a) of the GDPR.
The legal basis for processing data transmitted in the course of sending an email is art. 6(1)(f) of the GDPR. If the aim of the email contact is the execution of a contract, a further legal basis for processing the data is art. 6( 1)(b) of the GDPR.
3. Purpose of data processing
We will process personal data from the input screen only to respond to the enquiry. If we are contacted by email, we also have a necessary legitimate interest in processing the data.
Other personal data processed during the submission process serves to prevent misuse of the contact form and ensure the security of our technical information systems.
4. Retention period
Data is deleted as soon as it is no longer required for the purpose for which it was recorded. For personal data from the contact form input screen and data submitted via email, this occurs when the particular conversation with the user has ended. The conversation ends when circumstances indicate that the specific issue has been definitively dealt with.
Other personal data recorded during the submission process will be deleted at the latest after a period of seven days.
5. Option of objection and elimination
The user has the option to withdraw their consent to their personal data being processed at any time. If the user contacts us via email, they may object at any time to their personal data being processed. In this event, the conversation cannot be progressed. Withdrawal has no form requirement and should be addressed to the responsible party.
All personal data saved in the course of contact with us will then be deleted.
VIII. Integration of Google Maps
We use the services of Google Maps on this website. This enables us to show you interactive maps directly on the website, and makes it easy for you to use the maps function.
When you visit the website, Google receives the information that you have accessed the corresponding sub-page of our website. The data specified under point IV of this statement is also transferred. This takes place regardless of whether Google provides a user account via which you have logged in, or there is no user account. If you are logged into Google, your data will be assigned directly to your account. If you do not want your data to be assigned to your profile in Google, you will need to log out before enabling the button. Google saves your data as usage profiles for the purposes of advertising, market research, and/or where necessary for the design of its website. Such evaluation is performed in particular (even for users who are not logged in) to provide needs-based advertising and to inform other social network users about your activities on our website. You have the right to object to this user profile being created by contacting Google to exercise this right.
Further information concerning the purpose and scope of data capture and its processing by the plug-in provider can be found in the provider’s privacy statements. This site also provides further information about your rights in this respect and the optional settings to protect your private domain: www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA, and complies with the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.
IX. Google Web Fonts
For unified display of fonts this website uses so-called web fonts that are provided by Google. When uploading a website your browser needs the web fonts in your browser cache to correctly display texts and fonts. For this purpose the browser you use has to establish a connection with the the Google servers. Thereby Google acquires knowledge that the our website has been called up through your IP address. The usage of Google web fonts is in the interest of a consistent and appealing display of our online services. This serves as a legitimate interest according to Art. 6(1)(f) GDPR. If your browser does not support web fonts your computer uses a standard font.
X. SSL encryption
To protect the transmitted data in the best possible way the website providers use an SSL encryption. You can identify these encrypted connections with the prefix "https://" in the URL of your browser. Unencrypted websites are marked with an "http://". All data which you transmit to a website - e.g. in case of requests or logins – may not be read by third parties thanks to SSL encryption.
XI. Social Media Plug-ins
On the basis of Art. 6 (1) (f) GDPR our website uses social media plug-ins of the social networks Facebook and Instagram to advertise for our company, among other things. This marks a legitimate interest according to GDPR. An operation compliant with data protection requirements has to be ensured by the respective providers.The plug-ins are implemented using a double-click method to protect visitors of our website in the best possible way.
We use social media plug-ins from Facebook on our website to provide personal configuration. We use the „LIKE“ or „SHARE“ button for this. It constitutes an offer from Facebook. If one of the websites on our web performance includes such a plug-in, your browser establishes a direct connection to Facebook servers. Facebook directly transmits the content of the plug ins to your browser and integrates the content in this website. If the plug-in is integrated, Facebook will be informed that your browser has called up the relevant site of our web presence. This also holds true for the case that you do not have a Facebook profile or are not currently logged onto Facebook. Your browser directly transmits this information together with your IP address to a Facebook server in the USA where these are stored. When logging into Facebook, Facebook may directly associate your visit to our website. Should you use the plug-ins, e.g. click on the "LIKE" or "SHARE" button, Facebook also directly transmits this information to an internal server. Facebook also discloses this information on your Facebook account and shows this to your Facebook friends. This information is used by Facebook for the purpose of market research, advertisement and needs-oriented design of the Facebook sites. Facebook produces user-, interest- and relation-profiles, e.g. informing other Facebook users on your activities on our website, analysing your usage of the Facebook website with regards to the advertisement ads shown to you on Facebook and providing further services linked to the usage of Facebook. You may prevent Facebook from connecting the collected data through our web performance directly to your Facebook account. For this you have to log out of Facebook before visiting our website. You will find further information on the purpose and scope of data collection and further processing and usage of the data by Facebook as well as your rights in this area and the configuration options to protect your privacy in the data protection declaration of Facebook (https://www.facebook.com/about/privacy/).
On our website we also use so-called social plug-ins („plug-ins“) by Instagram (Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA; hereinafter „Instagram“). You may identify the plug-ins by the Instagram logo for example in the form of an "Instagram camera". Your browser establishes a direct connection to the Instagram servers when visiting one of our web presences with such a plug-in. Instagram directly transmits the content of the plug-in to your browser where it is embedded in the website. This way Instagram will be informed that your browser has called up the relevant site of our web presence. This also holds true for the case that you do not have an Instagram profile or are not currently logged onto Instagram. Your browser directly transmits this information together with your IP address to an Instagram server in the USA where these are stored. When logging into Instagram, Instagram may directly associate your visit to our website. Should you use the plug-ins, e.g. click on the Instagram button, Instagram also directly transmits this information to an internal server. Instagram also discloses this information on your Instagram account and shows this to your contacts. You may prevent Instagram from connecting the collected data through our web performance directly to your Instagram account. For this you have to log out of Instagram before visiting our website. You will find further information in the data protection declaration of Instagram (https://help.instagram.com/