PRIVACY POLICY

We take the protection of your personal data very seriously, and we particularly value high levels of data security and complying with regulations pertaining to data privacy. Unless we are obliged to pass on specific data on the basis of administrative or judicial orders, official or court orders, the data we collect is under no circumstances sold nor passed to third parties without the express prior permission of the persons affected.

In the following policy on data privacy, we shall inform you of which personal data we process, the purposes for which this happens, and how you can prohibit specific processing of your personal data.

We would like you to understand when we collect which data and how we use it. For any questions regarding data privacy, please write to the following e-mail address:


What rights do you have with us?


With respect to your personal data, you have the following rights against us:
  • The right to information
  • The right to correction or deletion
  • The right to restriction of processing
  • The right to data portability
  • The right to revoke processing
  • The right to complain to the supervisory authority responsible


What data do we collect from you?


In the following, we will explain to you which data we collect from you and for what purpose we do this.

1. When using our website

a) Access data
Upon using our website, if you do not log on, register or pass other information to us, the only data collected is that which your browser sends automatically to enable you to visit our website. From this, we collect the following access data:
  • IP address of the inquiring computer
  • Date and time of access
  • Name and URL of the retrieved file
  • Website from which access was made
  • Browser used and, if applicable, computer’s operating system.
For security reasons (e.g. to identify attacks), this access data is passed to us by your browser and saved for a limited period in a log file on secure servers (legal basis: art. 6 par. 1 f GDPR).

Our website contains links to the websites of other providers. We have no influence on whether these providers follow current regulations on data privacy. We therefore recommend that you read carefully the data privacy policies of these providers.

b) External service provider
Our website, including our software solution (KERNWERT Studio/Live) and customer database (CRM), is provided on our own server systems exclusively in Germany in a computer centre of mpex GmbH. mpex GmbH is certified to "ISO/IEC 27001" and "Trust in Cloud Infrastructure". "ISO 27001" is an internationally recognised standard of information security, which covers aspects such as data security, data privacy and failure safety.

Within the scope of this collaboration, we do not directly pass any personal data to our service providers. However, the service provider may at least potentially obtain access to personal data (e.g. through maintenance work). As in such cases, a so-called order processing is available according to Article 28 GDPR, we have concluded a contract on a data privacy with the service providers compliant with this. This also guarantees the protection of your personal data.

2. If you voluntarily provide us with data

a) Via a form on our website
In addition to the data stated above, we also process personal data if you voluntarily provide us with it via a form on our website, particularly regarding:
  • Contact details
  • Registering for a web seminar
  • Requesting test access
  • Requesting a presentation
  • Requesting a quote.
The following personal data is then processed:
  • Title (gender)
  • Surname, forename
  • Company
  • E-mail address
  • Telephone number
  • Address, if necessary
  • Message, if any
  • Date and time of the enquiry
  • Language choice used.
The processing of this data is based on our legitimate interest in the effective processing of enquiries addressed to us and the handling of business relationships with our B2B partners (art. 6 par. 1 f GDPR) or is necessary for the fulfilment of a legal obligation (art. 6 par. 1 c GDPR). We delete the accrued data after the storage is no longer required or we restrict the data processing if there are statutory retention requirements.

b) In another way, e.g. if you contact us by e-mail
You can also contact us in another way, e.g. by using the e-mail addresses stated on our website or the telephone numbers or address stated there.
Depending on the content of your message to us, we collect and process the following personal data, amongst other things, in these cases:
  • Title (gender), if necessary
  • Surname, forename, if necessary
  • Company, if any
  • E-mail address,
  • Telephone number, if necessary
  • Address, if necessary
  • Subject of message
  • Message text
  • Date and time of the enquiry.
The processing of this data is based on our legitimate interest in the effective processing of enquiries addressed to us and the handling of business relationships with our B2B partners (art. 6 par. 1 f GDPR) or is necessary for the fulfilment of a legal obligation (art. 6 par. 1 c GDPR). We delete the accrued data after the storage is no longer required or we restrict the data processing if there are statutory retention requirements.

3. When attending a web meeting or web seminar

a) As a participant in a presentation, training or seminar.
We offer you the participation in a web meeting or web seminar as an interested party in our software and digital qualitative research or as part of a training course.

If you participate in a web meeting or web seminar, we process:
  • Pseudonym/ name of the user
  • Live audio and video data released by the user
  • Comments and media data entered by the user
  • Telephone number of the user when dialing in
  • IP address of the inquiring computer
  • Date and time of access
  • Name and URL of the retrieved file
  • Website from which access was made
  • Browser used and, if applicable, computer’s operating system.
The processing of this data is based on our legitimate interest in the initiation and handling of business relationships (art. 6 par. 1 f GDPR) or is necessary for the fulfilment of a legal obligation (art. 6 par. 1 c GDPR). We delete the accrued data after the storage is no longer required or we restrict the data processing if there are statutory retention requirements.

b) External service provider:
Our web meetings or web seminars are provided on web conferencing systems exclusively in Germany in a data center operated by minuskel screen partner GmbH. Within the scope of this collaboration, we do not directly pass any personal data to our service providers. However, the service provider may at least potentially obtain access to personal data (e.g. through maintenance work). As in such cases, a so-called order processing is available according to Article 28 GDPR, we have concluded a contract on a data privacy with the service providers compliant with this. This also guarantees the protection of your personal data.

We use alternatively, at the request of the participant, the service provider Zoom Video Communications Inc (https://zoom.us/). Your data stored during participation will be transferred to a server of the service provider and stored and processed there according to the applicable data protection regulations. The service provider processes the data on our behalf and according to our specifications. Such a case is a so-called order processing according to Article 28 GDPR. In accordance with this regulation, we have concluded a data privacy contract with the service provider (Basis for third country transfers: EU-US Data Privacy Framework).

Zoom also transfers personal data to the USA. An adequate level of data protection is guaranteed on the one hand by the conclusion of the so-called EU standard contractual clauses. As a supplementary protective measure, we have e.g. configured our system so that only data centers in the European Union are used for web meetings. More information can be found in the Terms of Use (https://zoom.us/terms) and Privacy Policy (https://zoom.us/privacy) by Zoom.

4. On ordering our newsletter

a) Consent to the newsletter mailing service

To send you current information and offers by KERNWERT at regular intervals by e-mail, we offer a newsletter service. For e-mail registration, we use a so-called double opt-in procedure. We thus only send you a newsletter if you have expressly confirmed in advance that you want to receive it. To do this, we will send you a notification e-mail and ask you to confirm, by clicking on a link contained in the e-mail, that you wish to receive our newsletter.

If you order our newsletter, we will save your consent pursuant to Article 6 Paragraph 1 a GDPR along with:
  • E-mail address
  • Surname, forename, if necessary
  • Date and time of the registration
  • Time registration was confirmed
  • IP address of the inquiring computer
  • Browser used and, if applicable, computer’s operating system
  • Language choice used.
This data is used exclusively for to distribute the newsletter and for safety reasons.

b) External service provider
To send our newsletter, we use the service provider CleverReach GmbH & Co. KG. For this, data saved when registering for the newsletter is transferred to a server of the service provider where it is saved and processed according to current data privacy regulations.

The service provider processes the data on our behalf and according to our specifications. Such a case is a so-called order processing according to Article 28 GDPR. In accordance with this regulation, we have concluded a data privacy contract with the service provider. This also guarantees the protection of your personal data.

c) Revocation of consent
If you no longer wish to receive a newsletter from us, you can end your subscription at any time, simultaneously revoking your consent to save and process your data. A message in a text form to info@kernwert.com is sufficient for this. There is also an Unsubscribe link in each of our newsletters. In the case you revoke your consent, we will delete your data in accordance with current regulations.

d) Newsletter tracking
Our newsletters contain so-called web beacons, which we use to identify whether and when an e-mail was opened and which links in the e-mail were followed by the recipient. The resulting data are collected exclusively pseudonymized.

5. On ordering our services

We collect and process personal data that are directly necessary for the initiation, substantiation and processing of an order for products and services (art. 6 par. 1 f GDPR) or for the fulfilment of a legal obligation (art. 6 par. 1 c GDPR), i.e. to
  • Create a user account
  • Check customer identities
  • Carry out the service
  • Process payment.
To be able to do this, it is necessary to save and process the following information, in particular:
  • Name of the company
  • Company address
  • Language of the point of contact
  • Point of contact’s title
  • Forename and surname of the point of contact
  • Point of contact’s position and department
  • E-mail address for the point of contact
  • Point of contact’s telephone number
  • Required scope of the service
  • Date and time of order
  • Message, if any.
We may transfer your personal data to recipients outside the company insofar as this is necessary to fulfil contractual and legal obligations. These may be, for example:
  • Public authorities and institutions (e.g. tax authorities),
  • auditors, tax consultants, appraisers,
  • bank of the customer.
We delete the accrued data after the storage is no longer required or we restrict the data processing if there are statutory retention requirements.

6. From public sources or suppliers

In addition, we process personal data that we obtain from publicly accessible sources (e.g. public registers, the press, the Internet) or that are transmitted by other third parties (e.g. a credit agency) or that we have received from you as our supplier/ service provider (e.g. in an invoice).

For this purpose, we collect professional contact information, e.g.:
  • Name of the company,
  • address of the company,
  • language of the contact person,
  • salutation of the contact person,
  • first and last name of the contact person,
  • contact person's position and department,
  • Contact e-mail address,
  • Contact person's telephone number,
  • SEPA payment details of the company.
The processing of this data is based on our legitimate interest in the initiation and handling of business relationships (art. 6 par. 1 f GDPR) or is necessary for the fulfilment of a legal obligation (art. 6 par. 1 c GDPR).

We may transfer your personal data to recipients outside the company insofar as this is necessary to fulfil contractual and legal obligations. These may be, for example:
  • Public authorities and institutions (e.g. tax authorities),
  • auditors, tax consultants, appraisers,
  • bank of the customer.
We delete the accrued data after the storage is no longer required or we restrict the data processing if there are statutory retention requirements.


What cookies or services do we use?


In the following, we will inform you about the data we collect from you for analysis and marketing purposes and which cookies are used in the process. Cookies are small files that contain a character string that is sent to your computer when you call up a website. Using the cookie, your browser can recognise if you call up an additional page of this website.

1. Necessary session cookies

When visiting our website or software solution, we use technically necessary session cookies (legal basis: § 25 par. 2 no. 2 german TTDSG in conjunction with art. 6 par. 1 f GDPR). If, for example, you use a protected area of our software solution, you will remain logged in for the entire user session with the help of the session cookie. The session cookies are discarded at the end of the user session.

2. Analytics and Marketing services

a) Piwik PRO Analytics Suite
When you visit our website (not in our software solutions), we use the Piwik PRO Analytics analysis service from Piwik PRO SA. The analysis service is used for the purpose of web analysis and range measurement. Through the analysis data, we learn how the website is used and can thus improve the quality of our website and its content. Piwik PRO analyses the use of our website anonymously and without cookies (legal basis without consent: art. 6 par. 1 f GDPR). The data collected for this purpose includes in particular:
  • IP address of the requesting computer,
  • Date, time and duration of access,
  • name and URL of the file accessed,
  • website from which the access was made
  • browser used
  • Operating system of the computer
If, on the other hand, you give us your consent for Piwik PRO "Analytics", the analysis of the use of our website is enriched pseudonymously (legal basis in case of consent: § 25 par. 1 german TTDSG in conjunction with art. 6 par. 1 a GDPR). This then allows, for example, recurring users to be recognised and more precise analyses to be carried out. In this case, persistent cookies (or comparable technologies) are used and pseudonymous usage profiles are created. The IP address is shortened immediately after collection and before it is stored. The collected data is processed within the EU and deleted after 14 months.

The service provider Piwik PRO SA processes the data on our behalf and according to our specifications. In such a case, it is a so-called commissioned processing pursuant to Art. 28 DSGVO. We have therefore concluded a data protection contract with this service provider in accordance with this provision. In this contract, we also ensure the protection of your personal data. Here you can find further information on the data processed (https://help.piwik.pro/support/privacy/what-data-does-piwik-pro-collect/), a list of possible cookies (https://help.piwik.pro/support/privacy/cookies-created-for-visitors-by-piwik-pro/) and the data protection declaration of Piwik PRO (https://piwik.pro/privacy-policy/).

b) Piwik PRO Conversion Tracking 
We also use the Piwik PRO tag manager. Through this service, conversion tags can be managed. The service triggers tags, which in turn may collect data. A tag is only triggered if consent has been given in advance for this purpose (legal basis: § 25 par. 1 german TTDSG in conjunction with art. 6 par. 1 a GDPR). In particular, we use this to measure the success of ads on external websites (e.g. in Google search results), i.e. whether you interact with the ads and use the advertised offers. We only receive anonymous or pseudonymised, not personal information about individual users. In this case, persistent cookies (or comparable technologies) may be stored with information about this interaction as well as a unique identifier for the user or the ad click. These cookies are deleted after 90 days to max. one year and are not used for personal identification.

c) Piwik PRO Consent Manager
We also use the consent management of Piwik PRO, in the context of which your consent to the use of cookies and the aforementioned processing and providers is obtained (legal basis: art. 6 par. 1 f GDPR). This also allows you to manage and revoke your data protection settings at any time. The declaration of consent is stored in order not to have to repeat it and to be able to prove the consent. The storage takes place on the server side as well as with an opt-in cookie (or with comparable technologies) in order to be able to assign the consent to a user or browser and is deleted after a maximum of one year. You can revoke your consent at any time with effect for the future by changing your data protection settings here:

d) Google Ads
When using our website (not in our software solutions), we use the online marketing service Google Ads from Google Ireland Limited (legal basis: art. 6 par. 1 f GDPR). The online marketing service is used for the purpose of placing content and advertisements within the service provider's advertising network (e.g. in Google search results). 

If you give us your consent for "conversion tracking", we measure the success of these ads in connection with Google Ads and Piwik PRO Conversion Tracking, i.e. whether you interact with the ads and make use of the advertised offers (legal basis: § 25 par. 1 german TTDSG in conjunction with art. 6 par. 1 a GDPR). We only receive pseudonymised, not personal information about individual users. After a user has clicked on an ad, Google Ads adds a parameter with additional information to the target URL of the ad. Persistent cookies (or comparable technologies) with information about this interaction as well as a unique identifier for the user or the ad click are also stored. These cookies are deleted after 90 days and do not serve us for personal identification.

The service provider Google Ireland Limited processes the data on our behalf and according to our specifications. In such a case, it is a so-called commissioned processing pursuant to Art. 28 GDPR. We have therefore concluded a data protection agreement with this service provider in accordance with the GDPR. The legal basis for the so-called third country transfer to the USA is the adequacy decision of the European Commission (EU-US Data Privacy Framework) according to Art. 45 GDPR. Google also transfers personal data to the USA. The USA is assessed by the European Court of Justice as a country with an insufficient level of data protection according to EU standards. In particular, there is a risk that your data may be processed by US authorities, for control and monitoring purposes, possibly also without any legal remedy. Here you can find a list of possible cookies (https://business.safety.google/adscookies/) and Google's data protection information (https://policies.google.com/privacy).


What rights do I have as a participant in a study?


We provide software solutions to conduct studies on market and opinion research (KERNWERT Studio/Live). We are generally commissioned to provide these services, and they are exclusively carried out on the instruction of our customers.  As a participant in a study, please also read the respective data privacy declaration of our customers. Our customers will provide you with this data privacy declaration in the protected area of the respective study.

If, on the orders and instructions of our customers, we process any data, it is processed in accordance with Article 28 GDPR. In these cases, and in accordance with this regulation, we will sign a data privacy contract with the customer. This also guarantees the protection of your personal data.

As a software provider and IT service provider, we have no influence on the content of the study. Should you have any questions, please contact directly the point of contact for your study.


Who can I complain to about unwanted e-mails?


All customers of our software solutions are obliged to adhere to the respective applicable laws. Thanks to our security measures and anti-spam rules, unwanted e-mails occur very rarely. However, should you have reason to complain, please send an e-mail to abuse@kernwert.com. Please send the complete unwanted e-mail as an attachment to your message.


Status 1 October 2023
Name and contact details of the person responsible:
Kernwert GmbH
Esmarchstraße 9, 10407 Berlin
Germany
Tel. +49 (0)30-53 01 23-60
Fax +49 (0)30-53 01 23-61
info@kernwert.com

Management:
Dirk Wieseke, Christoph Gehricke

Register of companies:
AG Berlin-Charlottenburg, registration no. 167811 B

VAT ID no. DE300354671

Data protection officer:
You can reach our data protection officer at the postal address with the addition "the data protection officer" or by e-mail at