Data Protection

Content of Data Protection Statement

Valid from: 26.01.2023

  1. About us
  2. Responsible company
  3. Data Protection Officer
  4. Data security
  5. Personal data
  6. Protection of minors
  7. Data processing when visiting our website
  8. Data processing when registering for our newsletter
  9. Data processing when using our contact form
  10. Data processing of job applications
  11. Data processing of surveys with IfaD’s interview systems
  12. Data processing of contacts by letter
  13. Data processing of contacts by telephone
  14. Data processing when making personal contact
  15. Data processing of online surveys
  16. Data processing in connection with the use of social networks
  17. Data processing when using our webinar offer
  18. Data processing during video conferences with Microsoft Teams
  19. Deletion of data and storage period
  20. Legal basis for the processing of personal data
  21. Transmission of data
  22. Cookies
  23. Analysis tools
  24. Social media plug-ins
  25. Rights of the data subject
  26. Right of objection
  27. The data protection authority
  28. Updating this data protection declaration

1. About us

We are IfaD, the institute for applied data analysis. service and software for market researchers, marketing experts and business consultants. Our primary focus is on market research. For this purpose we principally process the data (personal and non-personal) of survey respondents under contract.

2. Responsible company

This data protection information applies to data processing by the responsible company:

IfaD Institut für angewandte Datenanalyse GmbH
Uhlandstraße 68
22087 Hamburg
Germany

E-Mail: info@ifad.de
Tel.: +49 (0) 40 25 17 13-0

3. Data Protection Officer

The company’s Data Protection Officer can be contacted at the above address or at

datenschutz@ifad.de

4. Data security

 Within the website visit we use the widely-used SSL procedure (Secure Socket Layer) in connection with the highest respective encryption level that your browser supports. As a rule this is 256-Bit encryption. If your browser does not support 256-Bit encryption, we fall back on 128-Bit v3 technology. You can recognise if an individual page of our internet presentation has been transmitted in encrypted form by means of the closed key or lock symbol in the lower status line of your browser.

Beyond this we employ suitable technical and organisational security measures to protect your data against accidental or deliberate manipulation, partial or complete loss, damage or the unauthorised access by third parties. Our security measures are constantly being improved in line with technological development.

5. Personal data

Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data or an online identifier.

6. Protection of minors

Persons under 16 years of age should not transmit any personal data to us without the agreement of their parent or legal guardian. If such data should be required for a visit to ifad.de, the data will not be further transmitted to any third party.

7. Data processing when visiting our website

When accessing our website https://www.ifad.de, information is automatically sent to the server of our website by the browser that is running on your end device. This information is temporarily stored in a so-called logfile. The following information is collected without any action on your part and is stored until its automatic deletion:

  • IP address of the accessing computer
  • Date and time of access
  • Name and URL of the accessed file
  • Website from which the access was referred (Referrer URL)
  • The browser used and if necessary the operating system your computer as well as the name of your access provider

The data listed above is processed by us for the following purposes:

  • To ensure the smooth establishment of a connection to our website,
  • To ensure the convenient use of our website,
  • To analyse system security and stability, as well as
  • For further administrative purposes.

The legal basis for data processing is Art. 6 Para. 1 Sentence 1 Letter (f) GDPR. Our legitimate interest follows from the purposes of data collection listed above. In no case do we use the data that is collected for the purpose of drawing conclusions about your person.

For visits to our website we employ analysis services. But no cookies. You can find further details of these in Sections 22 and 23 of this Data Protection State-ment.

8. Data processing when registering for our newsletter

On our internet site it is possible to register for a free newsletter. When you do this, your data (name, e-mail address) are transferred to us through the data entry mask.

Insofar as you have given us your consent according to Art. 6 Para. 1 Sentence 1 Letter (a) GDPR, we use your e-mail address to send you our regular newsletter. To receive the newsletter, the provision of an e-mail address suffices.

The registration can be cancelled at any time, for example through a link at the end of every newsletter. Alternatively you can send us your request for deregistration at any time by e-mail to datenschutz@ifad.de.

9. Data processing when using our contact form

For enquiries of all kinds we give you the possibility of contacting us through a contact form provided on our website. For this purpose, provision of a valid e-mail address is necessary so that we know from whom the enquiry comes and in order to be able to answer it. Further information can be provided on a voluntary basis (name, company, telephone number).

The data processing for the purpose of contacting us takes place according to Art. 6 Para. 1 Sentence 1 Letter (a) GDPR on the basis of your freely expressed consent. You have the right to withdraw this consent at any time with effect for the future. Should you wish to make use of this right of withdrawal, an email to datenschutz@ifad.de will suffice.

The personal data collected by us when you use the contact form is automatically deleted after your enquiry has been dealt with.

10. Data processing of job applications

IfaD collects and processes the personal data of applicants for the purpose of handling the application process.

If you apply by letter, in addition to the number 10, also note the number 12 of this declaration.

The processing may also take place electronically. This is the case when an applicant transmits the relevant application documents to us by electronic means, for example by email or through a web form available on the internet site.

In the event that IfaD concludes an employment contract with an applicant, the transmitted data is stored in compliance with statutory regulations for the purpose of processing the employment relationship.

In the event that IfaD does not conclude an employment contract with the applicant, the application documents are deleted four months after notification of the rejection decision, providing that the deletion does not contradict any other legitimate interests of IfaD. Other legitimate interests in this context could be for example a burden of proof in proceedings under the General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz, AGG).

11. Data processing of surveys with IfaD’s interview systems

For participants in surveys who are invited to participate in these surveys by IfaD under contract to our clients, we have separate data protection statements that you can find in Section 15.

12. Data processing of contacts by letter

If you send a letter to IfaD, the data that you transmit to us (e.g. name, first name, address) and the information contained in the letter (which may include personal data provided by you) is stored for the purpose of establishing contact and dealing with your concern in accordance with the retention periods applicable for the retention of documents.

We draw your attention to the fact that the processing of data is carried out on the basis of Art. 6 Para. 1 Letter (f) GDPR. The processing of the personal data transmitted by you is necessary for the purpose of dealing with your concern.

13. Data processing of contacts by telephone

If you contact a member of IfaD’s staff by telephone, your personal data will be processed insofar as it is necessary for dealing with your concern.

14. Data processing when making personal contact

If you contact an IfaD employee personally and you give us your business card, your personal data will be recorded in our CRM to the extent necessary and pro-cessed to process your request.

15. Data processing of online surveys

Your personal data is provided to us by our clients. IfaD is a processor according to Art. 28 DSGVO and has concluded contract processing contracts (AVV) with its clients.

15.1 Purposes of processing

The purposes of processing are the facilitation of participation in an online survey and the analysis of survey data.

15.2 Description of the categories of data subject and the categories of personal data

Data subjects are participants in surveys. Categories of personal data are address data, communication data and survey data.

15.3 Legal basis

Admissibility is given by the consent of the data subject to participate in the online survey.

Besides this, the data processing takes place on the basis of our legitimate interest according to Art. 6 Para. 1 Letter (f) GDPR.

15.4 Transmission of data

No transmission of your personal data takes place. Furthermore, no transmission takes place or is planned to any place in a so-called third country which is located neither in an EU or EEA state. If IfaD sends or passes on personal data to a third country, this is done on the basis of and in compliance with the provisions of Art. 44 to 50 GDPR.

For sending invitations to online surveys we use a mailing service: Mailjet SAS, 13-13, rue de lÁubrac, 75012 Paris, France. IfaD has concluded a data processing agreement with Mailjet.

15.5 Duration of storage

Your personal data is stored until the completion of the survey project.

15.6 Place of data storage

The storage of your responses and data takes place on servers in Germany.

15.7 Use of Referrer Technique

In online surveys that we carry out for our clients, our survey software can use an analysis method, the so-called referrer technique. This makes it possible to determine from which website the interviewee starts an online interview. The IP address of this website is personal data for which our clients are responsible.

16. Data processing in connection with the use of social networks

We provide online offerings on various social media platforms in order to provide information there and to be able to come into contact with you. We have no influence on the processing of personal data by the respective platform opera-tors. As a rule, when visiting our social media offerings, cookies from the plat-form operator are stored in your browser in which your usage behaviour or in-terests are stored for the purposes of market research and advertising. The us-age profiles obtained in this way – usually across all devices – are used by the platform operators in order to display personalised advertising to you. The pro-cessing of the data can also affect persons who are not registered as users of the respective social media platform. In some circumstances your data is pro-cessed outside the territory of the European Union, which can make it harder for you to assert your rights. However, in our choice of social media platforms, we take care to ensure that the operators commit themselves to complying with the data protection standards of the EU.
The processing of your personal data when visiting one of our social media offer-ings takes place on the basis of our legitimate interest in a diverse external presentation of our company and the utilisation of effective means of infor-mation and communication with you. The legal basis for this is Art. 6 Para. 1 Let-ter (f) GDPR. It may be that you have given your consent to a platform operator to process the data, in which case the legal basis is Art. 6 Para. 1 Letter (a) GDPR.

You can find detailed information about data processing in connection with the use of our social media offerings, opt-out possibilities and the assertion of your disclosure rights in the data protection statements of the relevant platform op-erators.

Twitter: Provider: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA
Data protection statement: https://twitter.com/de/privacy
Opt-Out: https://twitter.com/personalization

LinkedIn: Provider: LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Irland
Data protection statement: https://www.linkedin.com/legal/privacy-policy
Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Xing: Provider: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany
Data protection statement: https://privacy.xing.com/de/datenschutzerklaerung
Opt-Out:
https://privacy.xing.com/de/datenschutzerklaerung

17. Data processing when using our webinar offer

On our website you can register for webinars from IfaD. We inform you in accordance with Article 13 GDPR that we at IfaD process the following per-sonal data:

  • First name
  • Surname
  • E-mail address
  • company

IfaD is solely responsible for the content of the webinars. Technically, the webinars take place on the webinar platform https://webinaris.com. IfaD has concluded an order processing contract (AVV) with the provider of this platform, Webinaris GmbH, in accordance with Art. 28 GDPR. Webinaris works as a processor for IfaD. The above data will be passed on to Webi-naris when you use the webinar offer for the exclusive purpose of using the webinar – as a processor, Webinaris is not a third party within the meaning of data protection laws. The company’s privacy policy can be found here. https://www.webinaris.com/datenschutzerklaerung/. Your personal data will not be transmitted to third parties.

After the webinar has been completed, your data will be deleted from the Webinaris platform. If you register in accordance with Art. 6 Para. 1 S. 1 lit. a DSGVO have expressly consented to it, we will also save your email ad-dress at IfaD and use it to invite you to webinars at irregular intervals. An e-mail address is sufficient to receive these invitations.

You can unsubscribe at any time, for example via a link at the end of an invitation. Alternatively, you can send your unsubscribe request at any time to datenschutz@ifad.de by email.

18. Data processing during video conferences with Microsoft Teams

IfaD uses the Microsoft Teams (MS Teams) platform, a product of the Office software from Microsoft 365, to conduct video conferences. The provider of this platform is: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. We have concluded an order processing agreement with Microsoft in accordance with Art. 28 GDPR.

On July 10, 2023, the EU Commission issued an implementing decision on the adequacy of the level of protection for personal data under the EU-US data protection framework (pursuant to Art. 45 GDPR). On this basis, controllers and processors can transfer personal data to certified companies and organizations in the USA.

The certification mechanism known from the former EU-US Privacy Shield will be retained. The US Department of Commerce has published a list of US companies that have self-certified to the department and committed to complying with the principles of the EU-US data protection framework). Companies that choose to extend the benefits of the EU-US data protection framework to employee data transferred from the EU for use in the context of an employment relationship must declare this in their self-certification and meet additional requirements. Microsoft is one of these self-certified companies. See also these links: US-Angemessenheitsbeschluss, FAQ-Papier der EU-Kommission zum Datenschutzrahmen EU-USA

19. Deletion of data and storage period

The personal data of the data subject will be deleted or locked as soon as the purpose of storage ceases to apply. Further storage can take place when this is provided for by European Union or Member State laws, statutes or other regula-tions to which the responsible entity is subject. The locking or deletion of the data also takes place on expiry of a retention period under the above-mentioned rules, unless there is a requirement for the further storage of the data for the conclusion or performance of a contact.

20. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 Para. 1 letter (a) of the EU General Data Protection Regulation (German: DSGVO) serves as the legal basis for the processing of personal data.

For the processing of personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 Para. 1 letter (b) GDPR serves as the legal basis. This also applies to processing that is necessary for the implementation of steps prior to entering into a contract.

Insofar as the processing of personal data is required for compliance with a legal obligation to which our company is subject, Art. 6 Para. 1 Letter (c) GDPR serves as the legal basis. In the event that the vital interests of the data subject or of another natural person make the processing of personal data necessary, Art. 6 Para. 1 Letter (d) GDPR serves as the legal basis.

If the processing is necessary for the protection of a legitimate interest by our company or a third party and the interests and fundamental rights and freedoms of the data subject do not override the first-named interest, Art. 6 Para. 1 Letter (f) GDPR serves as the legal basis for the processing.

21. Transmission of data

No transmission of your personal data to third parties takes place other than for the purposes listed below.

We only give your personal data to third parties when:

  • You have given your express consent according to Art. 6 Para. 1 Sentence 1 Letter (a) GDPR
  • The transmission is required according to Art. 6 Para. 1 Sentence 1 Letter (f) GDPR for the establishment, exercise or defence of legal claims and there is no reason to believe that you have an overriding protected interest in the non-transmission of your data
  • In the event that a legal obligation exists for the transmission according to Art. 6 Para. 1 Sentence 1 Letter (c) GDPR, as well as
  • When this is necessary and permissible under statute according to Art. 6 Para. 1 Sentence 1 Letter (b) GDPR for the pursuance of contractual relations with you.

22. Cookies

IfaD does not use cookies on ifad.de.

23. Analysis tools

We use the open-source software Matomo to analyze and statistically evaluate the use of the website. We do not use cookies for this. Information about web-site usage is summarized in pseudonymous usage profiles.

24. Social media plug-ins

We do not use any social media plug-ins (e.g. Facebook, Twitter, Instagram) on our website.

25. Rights of the data subject

You have the right:

  • According to Art. 15 GDPR, to obtain information about your personal data that is stored by us. In particular you can obtain information about the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipient to whom the personal data has been or will be disclosed, the envisaged storage period, the existence of a right to rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing, the right to lodge a complaint, the source of your data insofar as it was not collected by us, as well as the existence of automated decision-making including profiling, and where relevant meaningful information about the processes involved;
  • According to Art. 16 GDPR, to obtain without undue delay the rectification of inaccurate personal data or the completion of incomplete personal data that is stored by us;
  • According to Art. 17 GDPR, to obtain the erasure of your personal data that is stored by us, insofar as the processing is not required for the exercise of the right to free expression of opinion and Information, for the fulfilment of a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
  • According to Art. 18 GDPR, to obtain the restriction of the processing of your personal data, insofar as the correctness of the data is disputed by you, the processing is unlawful and you oppose its erasure, and we no longer require the data but you require it for the establishment, exercise or defence of legal claims or you have lodged an objection against its processing in accordance with Art. 21 GDPR;
  • According to Art. 20 GDPR, to receive or to transfer to another responsible controller your personal data that you have made available to us in a structured, commonly-used and machine-readable format;
  • According to Art. 7 Para. 3 GDPR, to withdraw your previously expressed consent to us at any time. This has the consequence that in the future we can no longer continue the data processing to which this consent referred, and
  • According to Art. 77 GDPR, to lodge a complaint to a supervisory authority. For this purpose, as a rule you can approach the data protection authority (see number 27) responsible for your usual place of work or residence, or our company office.

26. Right of objection

 Insofar as your personal data is processed on the basis of legitimate interests according to Art. 6 Para. 1 Sentence 1 Letter (f) GDPR, you have the right in accordance with Art. 21 GDPR to lodge an objection against the processing of your personal data, when grounds for this can be shown to arise out of your special situation or if your objection is directed against direct advertising. In the latter case you have a general right of objection, which will be implemented by us without showing a special situation.

If you wish to make use of your or right of withdrawal or objection, an e-mail to datenschutz@ifad.de will suffice.

27. The data protection authority

Should you have a complaint about the manner in which we process your data, you have the possibility of lodging a complaint with any data protection authority. For us this is:

Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Ludwig-Erhard-Str 22, 7. OG
20459 Hamburg

Tel.: +49 (0) 40 / 428 54 – 4040
Fax: +49 (0) 40 / 428 54 – 4000
E-Mail: mailbox@datenschutz.hamburg.de

28. Updating this data protection declaration

This data protection declaration is currently valid and has the status of December 2023.