PRIVACY POLICY

Data Privacy Policy - Kernwert GmbH

We take the protection of your personal data very seriously, and we particularly value high levels of data security and complying with regulations pertaining to data privacy. Unless we are obliged to pass on specific data on the basis of administrative or judicial orders, official or court orders, the data we collect is under no circumstances sold nor passed to third parties without the express prior permission of the persons affected.

In the following policy on data privacy, we shall inform you of which personal data we process, the purposes for which this happens, and how you can prohibit specific processing of your personal data.

We would like you to understand when we collect which data and how we use it. For any questions regarding data privacy, please write to the following e-mail address:


What rights do you have with us?
With respect to your personal data, you have the following rights against us:
  • The right to information
  • The right to correction or deletion
  • The right to restriction of processing
  • The right to data portability
  • The right to revoke processing
  • The right to complain to the supervisory authority responsible


What data do we collect from you?
In the following, we will explain to you which data we collect from you and for what purpose we do this.

1. When using our website

a) Access data
Upon using our website, if you do not log on, register or pass other information to us, the only data collected is that which your browser sends automatically to enable you to visit our website. From this, we collect the following access data:
  • IP address of the inquiring computer
  • Date and time of access
  • Name and URL of the retrieved file
  • Website from which access was made
  • Browser used and, if applicable, computer’s operating system.
For security reasons (e.g. to identify attacks), this access data is passed to us by your browser and saved for a limited period in a log file on secure servers (legal basis: art. 6 par. 1 f GDPR).

Our website contains links to the websites of other providers. We have no influence on whether these providers follow current regulations on data privacy. We therefore recommend that you read carefully the data privacy policies of these providers.

b) External service provider
Our website, including our software solution (QDC Studio) and customer database (CRM), is provided on our own server systems exclusively in Germany in a computer centre of mpex GmbH. mpex GmbH is certified to "ISO/IEC 27001" and "Trust in Cloud Infrastructure". "ISO 27001" is an internationally recognised standard of information security, which covers aspects such as data security, data privacy and failure safety.

Within the scope of this collaboration, we do not directly pass any personal data to our service providers. However, the service provider may at least potentially obtain access to personal data (e.g. through maintenance work). As in such cases, a so-called order processing is available according to Article 28 GDPR, we have concluded a contract on a data privacy with the service providers compliant with this. This also guarantees the protection of your personal data.

2. If you voluntarily provide us with data

a) Via a form on our website
In addition to the data stated above, we also process personal data if you voluntarily provide us with it via a form on our website, particularly regarding:
  • Contact details
  • Registering for a web seminar
  • Requesting test access
  • Requesting a presentation
  • Requesting a quote.
The following personal data is then processed:
  • Title (gender)
  • Surname, forename
  • Company
  • E-mail address
  • Telephone number
  • Address, if necessary
  • Message, if any
  • Date and time of the enquiry
  • Language choice used.
The processing of this data is based on our legitimate interest in the effective processing of enquiries addressed to us and the handling of business relationships with our B2B partners (art. 6 par. 1 f GDPR) or is necessary for the fulfilment of a legal obligation (art. 6 par. 1 c GDPR). We delete the accrued data after the storage is no longer required or we restrict the data processing if there are statutory retention requirements.

b) In another way, e.g. if you contact us by e-mail
You can also contact us in another way, e.g. by using the e-mail addresses stated on our website or the telephone numbers or address stated there.
Depending on the content of your message to us, we collect and process the following personal data, amongst other things, in these cases:
  • Title (gender), if necessary
  • Surname, forename, if necessary
  • Company, if any
  • E-mail address,
  • Telephone number, if necessary
  • Address, if necessary
  • Subject of message
  • Message text
  • Date and time of the enquiry.
The processing of this data is based on our legitimate interest in the effective processing of enquiries addressed to us and the handling of business relationships with our B2B partners (art. 6 par. 1 f GDPR) or is necessary for the fulfilment of a legal obligation (art. 6 par. 1 c GDPR). We delete the accrued data after the storage is no longer required or we restrict the data processing if there are statutory retention requirements.

3. When attending a web meeting or web seminar

a) As a participant in a presentation, training or seminar.
We offer you the participation in a web meeting or web seminar as an interested party in our software and digital qualitative research or as part of a training course.

If you participate in a web meeting or web seminar, we process:
  • Pseudonym/ name of the user
  • Live audio and video data released by the user
  • Comments and media data entered by the user
  • Telephone number of the user when dialing in
  • IP address of the inquiring computer
  • Date and time of access
  • Name and URL of the retrieved file
  • Website from which access was made
  • Browser used and, if applicable, computer’s operating system.
The processing of this data is based on our legitimate interest in the initiation and handling of business relationships (art. 6 par. 1 f GDPR) or is necessary for the fulfilment of a legal obligation (art. 6 par. 1 c GDPR). We delete the accrued data after the storage is no longer required or we restrict the data processing if there are statutory retention requirements.

b) External service provider:
Our webmeetings or web seminar are provided on server systems exclusively in Germany in a computer centre of rackSPEED GmbH. Within the scope of this collaboration, we do not directly pass any personal data to our service providers. However, the service provider may at least potentially obtain access to personal data (e.g. through maintenance work). As in such cases, a so-called order processing is available according to Article 28 GDPR, we have concluded a contract on a data privacy with the service providers compliant with this. This also guarantees the protection of your personal data.

We use alternatively, at the request of the participant, the service provider Zoom Video Communications Inc (https://zoom.us/). Your data stored during participation will be transferred to a server of the service provider and stored and processed there according to the applicable data protection regulations. The service provider processes the data on our behalf and according to our specifications. Such a case is a so-called order processing according to Article 28 GDPR. In accordance with this regulation, we have concluded a data privacy contract with the service provider.

Zoom also transfers personal data to the USA. The USA is assessed by the European Court of Justice as a country with an insufficient level of data protection according to EU standards. In particular, there is a risk that your data may be processed by US authorities, for control and for monitoring purposes, possibly also without any legal remedy. An adequate level of data protection is guaranteed on the one hand by the conclusion of the so-called EU standard contractual clauses. As a supplementary protective measure, we have e.g. configured our system so that only data centers in the European Union are used for web meetings. More information can be found in the Terms of Use (https://zoom.us/terms) and Privacy Policy (https://zoom.us/privacy) by Zoom.

4. On ordering our newsletter

a) Consent to the newsletter mailing service

To send you current information and offers by KERNWERT at regular intervals by e-mail, we offer a newsletter service. For e-mail registration, we use a so-called double opt-in procedure. We thus only send you a newsletter if you have expressly confirmed in advance that you want to receive it. To do this, we will send you a notification e-mail and ask you to confirm, by clicking on a link contained in the e-mail, that you wish to receive our newsletter.

If you order our newsletter, we will save your consent pursuant to Article 6 Paragraph 1 a GDPR along with:
  • E-mail address
  • Surname, forename, if necessary
  • Date and time of the registration
  • Time registration was confirmed
  • IP address of the inquiring computer
  • Browser used and, if applicable, computer’s operating system
  • Language choice used.
This data is used exclusively for to distribute the newsletter and for safety reasons.

b) External service provider
To send our newsletter, we use the service provider CleverReach GmbH & Co. KG. For this, data saved when registering for the newsletter is transferred to a server of the service provider where it is saved and processed according to current data privacy regulations.

The service provider processes the data on our behalf and according to our specifications. Such a case is a so-called order processing according to Article 28 GDPR. In accordance with this regulation, we have concluded a data privacy contract with the service provider. This also guarantees the protection of your personal data.

c) Revocation of consent
If you no longer wish to receive a newsletter from us, you can end your subscription at any time, simultaneously revoking your consent to save and process your data. A message in a text form to info@kernwert.com is sufficient for this. There is also an Unsubscribe link in each of our newsletters. In the case you revoke your consent, we will delete your data in accordance with current regulations.

d) Newsletter tracking
Our newsletters contain so-called web beacons, which we use to identify whether and when an e-mail was opened and which links in the e-mail were followed by the recipient. The resulting data are collected exclusively pseudonymized.

5. On ordering our services

We collect and process personal data that are directly necessary for the initiation, substantiation and processing of an order for products and services (art. 6 par. 1 f GDPR) or for the fulfilment of a legal obligation (art. 6 par. 1 c GDPR), i.e. to
  • Create a user account
  • Check customer identities
  • Carry out the service
  • Process payment.
To be able to do this, it is necessary to save and process the following information, in particular:
  • Name of the company
  • Company address
  • Language of the point of contact
  • Point of contact’s title
  • Forename and surname of the point of contact
  • Point of contact’s position and department
  • E-mail address for the point of contact
  • Point of contact’s telephone number
  • Required scope of the service
  • Date and time of order
  • Message, if any.
We may transfer your personal data to recipients outside the company insofar as this is necessary to fulfil contractual and legal obligations. These may be, for example:
  • Public authorities and institutions (e.g. tax authorities),
  • auditors, tax consultants, appraisers,
  • bank of the customer.
We delete the accrued data after the storage is no longer required or we restrict the data processing if there are statutory retention requirements.

6. From public sources or suppliers

In addition, we process personal data that we obtain from publicly accessible sources (e.g. public registers, the press, the Internet) or that are transmitted by other third parties (e.g. a credit agency) or that we have received from you as our supplier/ service provider (e.g. in an invoice).

For this purpose, we collect professional contact information, e.g.:
  • Name of the company,
  • address of the company,
  • language of the contact person,
  • salutation of the contact person,
  • first and last name of the contact person,
  • contact person's position and department,
  • Contact e-mail address,
  • Contact person's telephone number,
  • SEPA payment details of the company.
The processing of this data is based on our legitimate interest in the initiation and handling of business relationships (art. 6 par. 1 f GDPR) or is necessary for the fulfilment of a legal obligation (art. 6 par. 1 c GDPR).

We may transfer your personal data to recipients outside the company insofar as this is necessary to fulfil contractual and legal obligations. These may be, for example:
  • Public authorities and institutions (e.g. tax authorities),
  • auditors, tax consultants, appraisers,
  • bank of the customer.
We delete the accrued data after the storage is no longer required or we restrict the data processing if there are statutory retention requirements.


What cookies or services do we use?
When visiting our website or software solution, we only use technically necessary session cookies (legal basis: art. 6 par. 1 f GDPR). Cookies are small files that contain a character string that is sent to your computer when you call up a website. Using the cookie, your browser can recognise if you call up an additional page of this website.

Using the session cookie, then you will remain logged on for the entire user session when using a protected area of our software solution. The session cookies are discarded at the end of the user session.

You can deactivate cookies in your browser settings. Via your browser, you can at any time delete cookies that are already saved. However, we would like to point out that in this case it may not be possible to use all functions of this website to their full extent.


What rights do I have as a participant in a study?
We provide software solutions to conduct studies on market and opinion research. We are generally commissioned to provide these services, and they are exclusively carried out on the instruction of our customers.  As a participant in a study, please also read the respective data privacy declaration of our customers. Our customers will provide you with this data privacy declaration in the protected area of the respective study.

If, on the orders and instructions of our customers, we process any data, it is processed in accordance with Article 28 GDPR. In these cases, and in accordance with this regulation, we will sign a data privacy contract with the customer. This also guarantees the protection of your personal data.

As a software provider and IT service provider, we have no influence on the content of the study. Should you have any questions, please contact directly the point of contact for your study.


Who can I complain to about unwanted e-mails?
All customers of our software solutions are obliged to adhere to the respective applicable laws. Thanks to our security measures and anti-spam rules, unwanted e-mails occur very rarely. However, should you have reason to complain, please send an e-mail to abuse@kernwert.com. Please send the complete unwanted e-mail as an attachment to your message.


Status 12 April 2021
Name and contact details of the person responsible:
Kernwert GmbH
Esmarchstraße 9, 10407 Berlin
Germany
Tel. +49 (0)30-53 01 23-60
Fax +49 (0)30-53 01 23-61
info@kernwert.com

Management:
Dirk Wieseke, Christoph Gehricke

Register of companies:
AG Berlin-Charlottenburg, registration no. 167811 B

VAT ID no. DE300354671

External data-protection officer:
Marco Tessendorf
procado Consulting, IT- & Medienservice GmbH
Warschauer Str. 58a, D-10243 Berlin