Data Protection Declaration
Status: October 2018
1. Name of the party responsible
The responsible party in the context of the data protection laws, in particular the EU General Data Protection Regulation (GDPR), is:
Entered in the Nuremberg Association Register
(No. VR 200665)
2. Executive board, managing directors or other management personnel appointed by law or in accordance with the constitution of the association and members of staff tasked with managing data processing are:
GfK Verein Executive Board:
President: Manfred Scheske
Vice Presidents: Ralf Klein-Bölting, Prof. Dr. Nicole Koschate-Fischer, Dr. Andreas Neus, Prof. Dr. Raimund Wildner
Managing Director, GfK-Nürnberg e.V.:
Dr. Andreas Neus
3. Address of the party responsible
Tel. +49 (0) 911 9 51 51 983
Fax +49 (0) 911 37677 872
4. Definition of the purpose of data capture, processing and use
The collection, processing and use of data relating to our members shall be for the sole purpose of administration and communication with members.
The collection, processing and use of data for our Compact information service shall be for the sole purpose of administration and communication with interested parties and newsletter subscribers (with double opt-in when registering for the newsletter).
The collection, processing and use of data for the invitation to attend the GfK Conference and other events organized by the GfK Verein shall be for the sole purpose of inviting participants and communicating with them, such as for invoicing purposes.
Other personal data shall be retained solely for ancillary purposes (see below), otherwise such information shall not be retained.
Our studies are carried out under contract and in this regard, we do not obtain any personal data.
Management of supplier and service provider data (contact details and relevant business issues)
Management of applicant data
Management of data relating to press contacts
Management of user data relating to the closed members’ area (login data)
5. Description of the parties and groups of parties affected and associated data and data categories
In line with the defined purposes indicated above, the personal data relating to the parties or groups of parties below are collected, processed and used:
- Interested parties, suppliers, press representatives, service providers (contact details and relevant business issues)
- Visitors to our website (communication and login data)
Under the terms of the GDPR, the parties affected shall be entitled to request details on the collection, processing or use of their personal data free of charge from us. This includes also – where applicable, justifiable and providing there are no contradictory statutory duties of retention or other rights pertaining to this entitlement – the right to correction, data transferability, deletion, limitation or revoking of consent granted. The affected parties shall also be entitled to lodge complaints to the supervisory authority. The competent supervisory authority shall be determined by the German Federal State (Bundesland) place of residence, work or of the alleged infringement. A list of supervisory authorities (for the non-public sector) with addresses is indicated under: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links....
Affected parties wishing to exercise their rights are requested to email: firstname.lastname@example.org
6. Recipients or categories of recipients who may receive data
Personal data relating to ancillary purposes may be used by internal technical departments and on occasion, by departments of GfK SE, however, solely for the performance of corresponding ancillary purposes.
Additional recipients of personal data may constitute external contractors (e.g. for the purposes of invitations to events and for website hosting). Such contractors shall be contractually obliged not to pass on personal data to third parties and to use the data solely for the intended purpose and to delete it immediately afterwards, unless there is a statutory period of retention (e.g. for accounting purposes).
7. Data deletion deadlines
Personal data shall be deleted when the purpose for which it was retained no longer applies and on expiry of the statutory data deletion deadlines.
8. Scheduled data transfer to third countries
No data transfers of personal data to third countries have been scheduled.
9. “FocusTopic” newsletters from Compact, the GfK Verein’s information service
Pursuant to your express consent, we shall send you our “FocusTopic” newsletter and other comparable information on a regular basis by email to the email address you have provided.
We need only your email address for the purposes of sending you our newsletter. When you register for our newsletters, any data you provide shall be used solely for this purpose. Subscribers may also be advised by email of certain circumstances that are relevant for this service or for registering for the service (for example, in the event of changes to the newsletter or for technical reasons).
A valid email address is required to successfully complete the registration process. We are using a double opt-in system to verify that registration has actually been made by the owner of the email address. Therefore, we log the ordering of the newsletter, verify that a confirmation email has been sent and record receipt of the reply requested. No further data is required. The data is used solely to send the newsletter and shall not be passed on to any third parties.
You are entitled to revoke your consent for retention of your personal data and its use for the newsletter at any time. At the end of every newsletter you will find the corresponding link: “UNSUBSCRIBE FROM NEWSLETTER“.
10. General contact form
By contacting us with any type of query by email or using the contact form, you are granting us your voluntary consent for the purposes of making contact with you. This requires you to give a valid email address which serves for assignment of your query and the reply accordingly. Giving further details is optional. The details you give for the purposes of processing your query and any potential supplementary queries shall be retained. When the query you raise has been resolved, any personal data shall be automatically deleted.
11. Contact form for membership applications
By contacting us for the purposes of applying for membership using the contact form, you are granting us your voluntary consent for the purposes of making contact with you. This requires you to give a valid email address, your first name(s), surname, company name where applicable and your address or the company address. This information is required in order to examine the application and make a decision. The details you give for the purposes of processing your enquiry shall be retained for potential supplementary queries. If your application for membership is accepted, the data shall be retained for the period of your membership and in line with the specified periods of retention. In cases where the application is rejected, the data shall be deleted on expiry of 90 days.
12. Use of Google Analytics
However, in cases where member states of the European Union or other states party to the EEA agreement are concerned, IP anonymization is activated on the website, meaning that Google will first abbreviate the IP address before transferring it. Solely in exceptional cases will the full IP address be transferred to a Google server in the USA, for abbreviation there.
Google will use this information on behalf of the website operator in order to analyze website use, prepare reports on website activities and to provide the website operator with services relating to website use and online use of associated services. The IP address supplied by your browser in the context of Google Analytics will not be merged with other Google data. You may prevent retention of cookies by adjusting the settings of your browser software: however, we point out that in this case, it may not be possible to make full use of all the functions offered by the website.
Furthermore, you may prevent the transfer of data obtained by cookies and relating to your use of website (incl. your IP address) to Google and the processing of such data by Google, by downloading and installing the browser plug in available by clicking on the following link: (http://tools.google.com/dlpage/gaoptout?hl=de).
For more information, please visit: visit http://tools.google.com/dlpage/gaoptout?hl=de or https://support.google.com/analytics/answer/6004245?hl=de (general information on Google Analytics and data protection). We refer you to the fact that on this website, Google Analytics have added the code “gat. _anonymizeIp();“ in order to ensure that IP addresses are captured in anonymized form (i.e. IP masks).
13. Embedded YouTube videos
Our website features embedded YouTube videos. The operator of the corresponding plugins is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit a page with a YouTube plugin, a connection to YouTube servers will be activated and YouTube will be advised which page you are visiting. When you are logged into your YouTube account, YouTube can identify your personal surfing habits. You may also prevent this by logging out of your YouTube account beforehand.
Anyone deactivating the cookie options for the Google-Ad program is unlikely to have cookies popping up when watching YouTube videos. However, Youtube also captures non-personal information on website use using other cookies. If you would like to prevent this, you need to block your browser from retaining cookies.
For more information on data protection relating to YouTube, check out the data protection declaration of the service provider under: https://www.google.de/intl/de/policies/privacy/
14. Links to Facebook and Twitter
Our website carries the logo (no plug-Ins) of the social network, Facebook (Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA). By clicking on the logo, you will be transferred to our Facebook account. Since this is just a link and not a plug-in, unlike the case of the latter, no data can be lifted from it.
Our website carries the logo (no plug-Ins) of the micro-blogging service, Twitter (Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA). By clicking on the logo, you will be transferred to our Twitter account. Since this is just a link and not a plug-in, unlike the case of the latter, no data can be lifted from it.
Cookies cannot be used to launch a program or to transfer a virus to a computer. The information contained in cookies enables us to facilitate navigation and show you how to find your way around our website pages.
In no case will data we have obtained be passed on to any third party or a connection made to any personal data without your consent.
16. SSL encryption
To protect the security of your data during transfer, we use state-of-the-art HTTPS encryption methods (e.g. SSL) via HTTPS.
Amendment of our data protection regulations
We reserve the right to adapt the present data protection declaration so that it conforms to current legal prescription or to reflect any changes in the performance of our data protection declaration, for example, when new services are introduced. In these cases, the new data protection declaration will apply to your website visits.
Queries pertaining to data protection
If you have any queries on data protection, please contact us by email or get in touch with the data protection officer of our organization directly at: