Last revised: Sep 11, 2019
GfK (“we”, “us”, our”) respects the privacy of users (“you”, “your”, “User”) of its online services and applications. As a data controller located in the European Union, we process personal data in compliance with applicable data protection law, in particular the General Data Protection Regulation (“GDPR”).
The Service is a web-based data exchange platform that serves to facilitate the execution and delivery of our client projects as it enables the efficient and secure exchange of relevant documents and data.
2.1 Personal data you provide through the Service
When you apply for a user account for the Service, GfK collects personal data concerning you, at least your name, office address, office telephone number and office e-mail address. You will also receive a user name and an initial password (together your “login credentials”) from us. We encourage you to change your password immediately upon receipt of your login credentials. Your password will be stored in an encrypted form. If you lose your password, GfK is able to reset it.
2.2 Cookies and similar technologies
Cookies are small text files placed on your computer or mobile device when you access websites. “First party” cookies are set by websites that you are visiting at the time. “Third party” cookies are set by domains other than those of the websites that you visit. Many cookies expire (are automatically erased) after a certain time-span which may vary between a few hours and several years.
Session cookies remain on your computer or mobile device while you use the Service. They expire when you close your web browser. Persistent cookies remain on your computer/device for a period of time specified in the cookie, if you have ticked the “This is a private computer” check box on login page of the Service. The Service uses mainly first party session cookies while you are connected to the Service. First party cookies are cookies originating from the domain pertaining to the website that you are currently viewing in the browser while the cookie is set. In the case of the Service, this means the domain gfkconnect.com.
Session cookies serve to keep a secure session alive until the browser is closed. They are necessary for data security purposes and the protection of the personal data of visitors to websites.
We also use first party persistent cookies to allow access to documents via Microsoft Windows SharePoint Server (GfK Connect) without the Users having to re-authenticate. That way, you can access documents stored for you in GfK Connect without additional login. In that case, the cookie contains the login name of the user. This can be the email address or the user account name (depending on by which identifier the user authenticated). In addition, the URL “www.gfkconnect.com” is stored and a cryptic ID like “293848390580” that is associated with the respective user.
These types of cookies are strictly necessary for the functioning of the Service requested by the User.
ETracker technology: Our Website uses etracker technology (www.etracker.de) to collect visitor behavior data. The data are collected anonymously to be used for understanding how GfK connect is being used and optimization. All visitor data are saved using an anonymous user ID to aggregate a usage profile. Cookies may be used for this purpose. By using such cookies, it is possible to recognize the visitor’s browser. The data collected via etracker technology will not be used to determine the personal identity of the website visitor or compiled with personal data pertaining to the user of the pseudonym unless agreed to separately by the person concerned. The collection, processing and use of your personal data may be refused at any time with respect to subsequent services by enabling the following opt-out link: Refuse data collection.
2.3 Can website users block cookies?
2.4 Log files
As is true of most websites, we gather certain information automatically and store it in log files. This information includes IP addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system and date/time stamp.
We use this information to administer the site and may link this automatically-collected data to personal information for legitimate purposes, such as to detect and prevent fraudulent activity.
If you are a GfK employee, we process your personal data in the context of the Service for purposes of the legitimate interest pursued by GfK, thus, in order to enable efficient project execution and delivery through secure and easy exchange of relevant documents and data with our clients.
If you are a client of GfK, we process your personal data in the context of the Service as requested by you for the performance of the underlying contract or service agreement to which you are party, pertaining to the project/s for which you wish to exchange documents and data with GfK.
We process the Users’ personal data for the following purposes:
· to enable their use of the Service which requires registration and authentication,
· to respond to their requests,
· to provide them with information regarding the Service, such as about any changes or scheduled downtimes
We also allow Users to notify other Users by email when documents are shared with them.
GfK is synchronizing user lists with your company at regular intervals to avoid the misuse of licenses.
We will disclose your personal data only for the purposes and to those third parties, as described below. GfK will take appropriate steps to ensure that your personal data are processed, secured, and transferred according to applicable law.
4.1 Within GfK Group
4.2 External service providers
Where necessary, we will commission other companies and individuals to perform certain tasks contributing to our services on our behalf within the framework of data processing agreements. We may, for example, provide personal data to agents, contractors or partners for hosting our databases and applications, for data processing services, or to send you information that you requested, or to call-centers for the purpose of provision of support services or interviewing in the course of market research projects. We will only share with or make accessible such data to external service providers to the extent required for the respective purpose. This data may not be used by them for any other purposes, in particular not for their own or third party purposes. GfK’s external service providers are contractually bound to respect the confidentiality of your personal data.
4.3 Business transfers
4.4 Public bodies
We will only disclose your personal data to public bodies where this is required by law. GfK will for example respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside your country of residence.
5.1 Legal entities of GfK Group
GfK Group’s legal entities outside the European Union have entered into intra-company data protection agreements using standard contractual clauses adopted by the European Commission to safeguard your privacy and legitimize international data transfers.
5.2 Other third parties outside the EU / EEA
Any transfers of personal data to third parties outside the GfK Group will be carried out with your prior knowledge and, where applicable, with your consent. Any transfers of personal data into countries other than those for whom an adequacy decision regarding the level of data protection was made by the European Commission, as listed on https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en, occur on the basis of contractual agreements using standard contractual clauses adopted by the European Commission or other appropriate safeguards in accordance with the applicable law.
The Service is not directed to individuals under the age of 16 (children).. If we become aware that personal data from a child has been inadvertently collected without the consent of such child's parent or guardian, we will use all reasonable efforts to delete such information.
As a convenience to our visitors, this website may contain links to websites that we believe offer useful information. The policies and procedures we describe here do not apply to those websites. We suggest contacting those websites directly for information on their privacy policies.
In particular, GfK is not responsible for data protection practices of third party websites to which Users may place hyperlinks as part of user content that they upload to the Service.
The following list contains information on your legal rights which arise from applicable data protection laws:
· Right to withdraw consent: Where the processing of personal data is based on your consent you may withdraw this consent at any moment by following the procedures described in the respective consent form. We ensure that consent can be withdrawn by the same means as it was given – e.g., electronically. As a participant in a market research project please note that by withdrawing consent you typically end your participation in the respective project and will no longer be eligible for any rewards or incentives that GfK may eventually offer to participants.
· Right to rectification: You may obtain from us rectification of personal data concerning you. We make reasonable efforts to keep personal data in our possession or control which are used on an ongoing basis, accurate, complete, current and relevant, based on the most recent information available to us. In appropriate cases, we provide self-service internet portals where users have the possibility to review and rectify their personal data.
· Right to restriction of processing: You may obtain from us restriction of processing of your personal data, if
· you contest the accuracy of your personal data for the period we need to verify the accuracy,
· the processing is unlawful and you request the restriction of processing rather than erasure of your personal data,
· we do no longer need your personal data but you require them for the establishment, exercise or defense of legal claims, or
· you object to the processing while we verify whether our legitimate grounds override yours.
· Right to access: You may ask us from us information regarding personal data that we hold about you, including information as to which categories of personal data we have in our possession or control, what they are being used for, where we collected them, if not from you directly, and to whom they have been disclosed, if applicable. You may obtain from us one copy, free of charge, of personal data we hold about you. We reserve the right to charge a reasonable fee for each further copy you may request.
· Right to portability: At your request, we will transfer your personal data to another controller, where technical feasible, provided that the processing is based on your consent or necessary for the performance of a contract. Rather than receiving a copy of your personal data you may request that we transfer the data to another controller, specified by you, directly.
· Right to erasure: You may obtain from us erasure of your personal data, where
· he personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
· you have a right to object further processing of your personal data (see below) and execute this right object to the processing;
· the processing is based on your consent, you withdraw your consent and there is no other legal ground for the processing;
· the personal data have been unlawfully processed;
· unless the processing is necessary
· for compliance with a legal obligation which requires processing from us;
· in particular for statutory data retention requirements;
· for the establishment, exercise or defence of legal claims.
· Right to object: You may object – at any time – to the processing of your personal data due to your particular situation, provided that the processing is not based on your consent but on our legitimate interests or those of a third party. In this event we shall no longer process your personal data, unless we can demonstrate compelling legitimate grounds and an overriding interest for the processing or for the establishment, exercise or defense of legal claims. If you object to the processing, please specify whether you wish the erasure of your personal data or the restriction of its processing by us.
· Right to lodge a complaint: In case of an alleged infringement of applicable privacy laws, you may lodge a complaint with the data protection supervisory authority in the country you live in or where the alleged infringement occurred.
· Time period: We will try to fulfill your request within 30 days. However, the period may be extended due to specific reasons relating to the specific legal right or the complexity of your request.
· Restriction of access: In certain situations we may not be able to give you access to all or some of your personal data due to statutory provisions. If we deny your request for access, we will advise you of the reason for the refusal.
In general, we will delete the personal data we collected from you if they are no longer necessary to achieve the purposes for which they were originally collected. However, we may be required to store your personal data for a longer period due to statutory provisions. We delete log files, including IP addresses, on a weekly basis. We store personal data of users in their user accounts for the duration of the employment relationship, or the business relationship, respectively, but delete them on request if access to the Service is no longer needed.
In addition, we will not delete all of your personal data if you requested from us to refrain from re-contacting you in the future. For this purpose, GfK keeps records which contain information on people who do not want to be re-contacted in the future (e.g. by means of bulk emailing or recruiting campaigns for market research projects). We qualify your request as consent to store your personal data for the purpose of such record keeping unless you instruct us otherwise.
GfK takes data security seriously. We apply an appropriate level of security and have therefore implemented reasonable physical, electronic, and administrative procedures to safeguard the data we collect from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed. Our information security policies and procedures are closely aligned with widely accepted international standards and are reviewed regularly and updated as necessary to meet our business needs, changes in technology, and regulatory requirements. Access to your personal data is granted only to those personnel, service providers or GfK affiliates with a business need-to-know or who require it in order to perform their duties.
The security of your Personal Data is very important to us. We have put in place reasonable physical, electronic, and administrative procedures to safeguard the information we collect. Access to your Personal Data is granted only to those employees who require it in order to perform their duties. We cannot guarantee, however, that all communications between us or information stored on our servers will be free from unauthorized access by third parties such as hackers. Your use of our services demonstrates your assumption of this risk.
direct your questions regarding the subject matter of data protection and any
requests in the exercise of your legal rights to the GfK Connect client service
You may also contact the Data Protection Officer directly by writing an email to email@example.com or a letter to the postal address below.
Peter Feld (CEO)
Lars Nordmark (CFO)
T +49 911 395-0 (Switchboard), firstname.lastname@example.org
Chairman of the Supervisory Board: Ralf Klein-Bölting
Entered in the Commercial Register at the District Court:
Nuremberg: HRB 25014