We would like you to understand when we collect which data and how we use it. For any questions regarding data privacy, please write to the following e-mail address:

With respect to your personal data, you have the following rights against us:

• The right to information
• The right to correction or deletion
• The right to restriction of processing
• The right to data portability
• The right to revoke processing
• The right to complain to the supervisory authority responsible

What data do we collect from you?

In the following, we will explain to you which data we collect from you and for what purpose we do this.

1. When using our website

a) Access data
Upon using our website, if you do not log on, register or pass other information to us, the only data collected is that which your browser sends automatically to enable you to visit our website. From this, we collect the following access data:

• IP address of the requesting computer
• Date and time of access
• Name and URL of the retrieved file
• Website from which access was made
• Browser used and, if applicable, computer’s operating system.

For security reasons (e.g. to identify attacks), this access data is passed to us by your browser and saved for a limited period in a log file on secure servers (legal basis: art. 6 par. 1 f GDPR).

Our website contains links to the websites of other providers. We have no influence on whether these providers follow current regulations on data privacy. We therefore recommend that you read carefully the data privacy policies of these providers.

b) External service provider
Our website, including our software solution (KERNWERT Studio/Direct) and customer database (CRM), is provided on our own server systems exclusively in Germany in a computer centre of mpex GmbH. mpex GmbH is certified to "ISO/IEC 27001" and "Trust in Cloud Infrastructure". "ISO 27001" is an internationally recognised standard of information security, which covers aspects such as data security, data privacy and failure safety.

Within the scope of this collaboration, we do not directly pass any personal data to our service providers. However, the service provider may at least potentially obtain access to personal data (e.g. through maintenance work). As in such cases, a so-called order processing is available according to Article 28 GDPR, we have concluded a contract on a data privacy with the service providers compliant with this. This also guarantees the protection of your personal data.

2. If you voluntarily provide us with data

a) Via a form on our website
In addition to the data stated above, we also process personal data if you voluntarily provide us with it via a form on our website, particularly regarding:

• Contact details
• Registering for a web seminar
• Requesting test access
• Requesting a presentation
  
• Requesting a quote.

The following personal data is then processed:

• Title (gender)
• Surname, forename
• Company
• E-mail address
• Telephone number
• Address, if necessary
• Message, if any
• Date and time of the enquiry
• Language choice used.

The processing of this data is based on our legitimate interest in the effective processing of enquiries addressed to us and the handling of business relationships with our B2B partners (art. 6 par. 1 f GDPR) or is necessary for the fulfilment of a legal obligation (art. 6 par. 1 c GDPR). We delete the accrued data after the storage is no longer required or we restrict the data processing if there are statutory retention requirements.

b) In another way, e.g. if you contact us by e-mail
You can also contact us in another way, e.g. by using the e-mail addresses stated on our website or the telephone numbers or address stated there.
Depending on the content of your message to us, we collect and process the following personal data, amongst other things, in these cases:

• Title (gender), if necessary
• Surname, forename, if necessary
• Company, if any
• E-mail address,
• Telephone number, if necessary
• Address, if necessary
• Subject of message
• Message text
• Date and time of the enquiry.

Alternatively, we use the service provider Zoom Video Communications Inc. as a processor in accordance with Art. 28 GDPR and have concluded a contract for order processing. If third-country access (e.g. USA) is necessary, we base transfers on the EU-US Data Privacy Framework (DPF) – if applicable – and otherwise on the EU Standard Contractual Clauses (SCCs). In addition, we implement technical and organizational measures (including conducting web meetings in the EU region, encrypted data transmission). For more information, please refer to Zoom's Terms of Use (https://zoom.us/terms) and Privacy Policy (https://zoom.us/privacy).

4. On ordering our newsletter

a) Consent to the newsletter mailing service
To send you current information and offers by KERNWERT at regular intervals by e-mail, we offer a newsletter service. For e-mail registration, we use a so-called double opt-in procedure. We thus only send you a newsletter if you have expressly confirmed in advance that you want to receive it. To do this, we will send you a notification e-mail and ask you to confirm, by clicking on a link contained in the e-mail, that you wish to receive our newsletter.

If you order our newsletter, we will save your consent pursuant to Article 6 Paragraph 1 a GDPR along with:

• E-mail address
• Surname, forename, if necessary
• Date and time of the registration
• Time registration was confirmed
• IP address of the requesting computer
• Browser used and, if applicable, computer’s operating system
• Language choice used.

This data is used exclusively for to distribute the newsletter and for safety reasons.

b) External service provider
To send our newsletter, we use the service provider CleverReach GmbH & Co. KG. For this, data saved when registering for the newsletter is transferred to a server of the service provider where it is saved and processed according to current data privacy regulations.

c) Revocation of consent
If you no longer wish to receive a newsletter from us, you can end your subscription at any time, simultaneously revoking your consent to save and process your data. A message in a text form to info@kernwert.com is sufficient for this. There is also an Unsubscribe link in each of our newsletters. In the case you revoke your consent, we will delete your data in accordance with current regulations.

d) Newsletter tracking
Our newsletters contain so-called web beacons, which we use to identify whether and when an e-mail was opened and which links in the e-mail were followed by the recipient. The resulting data are collected exclusively pseudonymized.

5. On ordering and using our services

We collect and process personal data that are directly necessary for the initiation, substantiation and processing of an order for products and services (art. 6 par. 1 f GDPR) or for the fulfilment of a legal obligation (art. 6 par. 1 c GDPR), i.e. to

• Create a user account
• Check customer identities
• Carry out the service
• Process payment.

To be able to do this, it is necessary to save and process the following information, in particular:

• Name of the company
• Company address
• Language of the point of contact
• Point of contact’s title
• Forename and surname of the point of contact
• Point of contact’s position and department
• E-mail address for the point of contact
• Point of contact’s telephone number
• Required scope of the service
• Date and time of order
• Usage data
• Messages, if any.

Audit data is collected for security or data protection-related processes in the software solution, such as logging in and out, registering new users, configuration changes or deletion processes. The processing of audit data is based on our legitimate interest (art. 6 par. 1 f GDPR) in ensuring and demonstrating the required protection goals of confidentiality, integrity and availability. For this purpose, we process in particular:

We may transfer your personal data to recipients outside the company insofar as this is necessary to fulfil contractual and legal obligations. These may be, for example:

• Public authorities and institutions (e.g. tax authorities),
• auditors, tax consultants, appraisers,
• bank of the customer.

What cookies or services do we use?

When using our website (not in our software solutions), we use the online marketing service Google Ads from Google Ireland Limited. The display of ads and the associated data processing (e.g. when displaying and clicking on ads) are carried out by Google on its own responsibility. For more information about data processing by Google, please refer to Google's privacy policy: https://policies.google.com/privacy.

When using Google Ads, personal data may be transferred by Google to servers of Google LLC in the USA. For such data transfers, Google relies on the adequacy decision of the European Commission for the EU-US Data Privacy Framework in accordance with Art. 45 GDPR.

No cookies or comparable tracking technologies are used on our website in connection with Google Ads.

We provide software solutions to conduct studies on market and opinion research (KERNWERT Studio/Direct). We are generally commissioned to provide these services, and they are exclusively carried out on the instruction of our customers.  As a participant in a study, please also read the respective data privacy declaration of our customers. Our customers will provide you with this data privacy declaration in the protected area of the respective study.

If, on the orders and instructions of our customers, we process any data, it is processed in accordance with Article 28 GDPR. In these cases, and in accordance with this regulation, we will sign a data privacy contract with the customer. This also guarantees the protection of your personal data.

As a software provider and IT service provider, we have no influence on the content of the study. Should you have any questions, please contact directly the point of contact for your study.

Who can I complain to about unwanted e-mails?