Privacy Notice for EDW's Website and General Services

I. Introduction/Controller

This privacy notice applies with regard to the processing of personal data by

European DataWarehouse GmbH (“European DataWarehouse“, “we“, “our“, “us“)
Walther-von-Cronberg-Platz 2
60594 Frankfurt am Main
Germany
Tel .: +49 69 50986 9300

in connection with the provision of all European DataWarehouse websites (currently www.eurodw.eu, www.eurodw.co.uk), including the services provided via these websites.
With regard to the processing of personal data related to the management of the general newsletter (non UK specific) and the invitation to events and webinars of general interest (non-UK specific), European DataWarehouse GmbH acts as a joint controller with its subsidiary, EDW Ltd.

II. Name and address of the data protection officer

Susanne Klein
Beiten Burkhardt Services GmbH
Mainzer Landstrasse 36

60325 Frankfurt am Main
Germany
Tel: +49 69 756095-582
E-Mail: gdpr@eurodw.eu

III. Categories of personal data

1. Data collected automatically

The following data regarding the use of and the interactions with our services, your advertising preferences, and your communications with us is automatically collected when you use our website and services:

  • information about the browser (type and version used, language)
  • the Internet service provider of the user
  • the IP address of the user
  • date and time of access request
  • time zone difference to Greenwich Mean Time (GMT)
  • access status/HTTP status code
  • the data volume transferred
  • websites from which the system of the user comes to our website
  • websites accessed by the user’s system through our website
  • type of device and operating system

2. Data provided voluntarily

The provision of the following personal data is voluntary (however, if you do not provide the personal data it may be impossible to enter into a contractual relationship with us and the provision of services by us may be delayed or impossible):

  • Data collected via the website contact form (first name, last name, organisation, telephone number, email address, message content)
  • Data collected when subscribing for the newsletter via the website online form (email address, IP address, time of registration and confirmation, and – voluntarily – first name, surname, company, country) and when receiving our newsletter (user behaviour)
  • Registration, subscription and data relating to the contractual relationship with us
  • type of registration (data owner, data provider, data user)
  • company information (Legal Entity Identifier (LEI), company name)
  • user details (first name, last name, email address, telephone number, password)

3. Personal data collected in connection with the use of cookies and similar technologies

We use cookies, web beacons and similar technologies to collect the following usage- and device-related personal data when you access our website and use our services from the devices used for this purpose:

  • websites/webpages visited, access time, frequency and duration of visits, links clicked, interaction with advertisements
  • newsletter opening rate, links clicked in the newsletter
  • user segment or category
  • IP address, model or device type, operating system and version, browser type and settings
  • identifiers (device ID, advertisement ID, individual device token)
  • cookie-related data (e.g. cookie ID)

IV. Processing purposes, legal basis and categories of recipients

Below you can find a description of the purposes for which we process personal data, including the categories of recipients to whom we transfer personal data for the purposes mentioned in each case and the relevant legal basis.
Any access to personal data is restricted to those persons who need to know the respective personal data in order to perform their professional duties (“need-to-know principle”).
We may transfer your personal data for the respective purposes to the following categories of recipients:

  • Private third parties – Affiliated or unaffiliated private bodies other than us.
  • Third parties involved in hosting or organising events or seminars
  • Data processors – Certain third parties, whether affiliated or unaffiliated, may receive your personal data to process such data on behalf of us under appropriate instructions as necessary for the respective processing purposes, including IT and other administrative services (e.g., billing services, hosting and/or maintenance of IT systems). The data processors will be subject to contractual obligations to implement appropriate technical and organizational security measures to safeguard the personal data, and to process the personal data only as instructed.
  • Governmental authorities, courts, external advisors, and similar third parties that are public bodies as required or permitted by applicable law.

1. We process your personal data in order to fulfil our contract with you or in order to take steps at the request of the data subject prior to entering into a contract (Art. 6 (1) b) GDPR), including for the following purposes:

  • Registration for our services and to provide the client subscription contract upon registration.
  • Processing of data relating to you or your organization for the purpose of entering into a contract with you.
  • Performance of contractual relationship with you (including fulfilling the contractual obligations, provide our services, invoice processing, communication, customer support, enforcement of any contractual terms).

2. We process your personal data based on your consent (Art. 6 (1) a) GDPR) for the following purposes:

  • Marketing communication by electronic mail (newsletters, event announcements…). With regard to the general, monthly EDW group newsletter, we act as joint controllers with EDW Ltd. When subscribing for the newsletter, your use of the newsletter (e.g., opening rate, links clicked in the newsletter) will be evaluated to better tailor the marketing information to your personal interests based on your previous and predicted choices. This may include profile building. For this purpose, the emails contain so-called web beacons or tracking pixels.
  • Measurement and improving the performance of the website as well as personalization, measurement and improvement of our and third party advertisements (also see V. “Use of cookies and analytics” and our Cookie Notice).

3. We process your personal data in order to comply with legal obligations (Art. 6 (1) c) GDPR) to which we are subject, including for the following purposes:

  • Maintain information security
  • Participation in investigations and proceedings (including judicial proceedings) conducted by public authorities or governmental authorities, in particular, for the purpose of detecting, investigating and prosecuting illegal acts.
  • Complying with legal retention obligations (see VI. “Storage duration and deletion” below).

4. We process personal data to the extent necessary for the purposes of the legitimate interests pursued by us or by a third party (Art. 6 (1) f) GDPR), including for the following purposes:

  • Communication and provision of our services to the extent it is not already necessary to perform a contract with you or in order to take steps prior to entering into a contract (e.g., respond to general requests).
  • Participation in proceedings (including judicial proceedings) conducted by courts, law enforcement agencies, government agencies or public authorities, intergovernmental or supranational bodies, in particular for the purpose of detecting, investigating and prosecuting illegal acts, unless there is a statutory obligation.
  • Prevention, detection, investigation, mitigation and remediation of fraud, security breaches and other prohibited or unlawful activities, including the assessment of corresponding risks (including through the use of captchas).
  • Registration data is transferred to the legal entity indicated in the course of the registration to enable it to manage access rights, to accounts registered under its name and to prevent fraud, misuse and related consequences.
  • We will collect and process personal information about you in relation to your attendance at an event or seminar organised by EDW. EDW may share your information with third parties involved in hosting or organising the relevant event. With regard to events and seminars of general interest (non-UK specific), we act as joint controllers with EDW Ltd.
  • We may take pictures that serve to depict the events that we organize and publish these in EDW websites and social media channels. EDW may share the photos with third parties involved in hosting or organising the relevant event. With regard to events and seminars of general interest (non-UK specific), we act as joint controllers with EDW Ltd.

To obtain further information regarding the balancing of interest test carried out for the above purposes please contact us.

V. Use of cookies and similar technologies and analytics

Cookie preferences can be managed in the management tool, which you can find here.

When you use our website and/or services, we and selected third parties may use cookies and similar technologies in order to provide you with a better, faster and safer user experience. Cookies are small text files that are automatically created by your browser and stored on your device. We use cookies and similar technologies that remain on your device only as long as your browser is active (session cookies), as well as cookies and similar technologies that remain on your device longer (persistent cookies). Detailed information can be found in our Cookie Notice.

The cookies and similar technologies have the following functions:

  • enable provision of our website/services (technically necessary)
  • improvement of user experience (e.g. saving font size and form data entered)
  • optimization of website/services (e.g. monitoring of error messages and loading times)

VI. Storage duration and deletion

We store personal data as long as it is necessary to fulfill the respective purposes. When we no longer need personal data to comply with contractual or legal obligations, it is deleted from our systems or anonymized. Something else only applies if we have to fulfill legal or official obligations, e.g., statutory retention obligations. In Germany such retention obligations may arise, in particular, under the German Commercial Code (Handelsgesetzbuch, “HGB“) or the German Fiscal Code (Abgabenordnung, “AO“), and may generally be 6 to 10 years (e.g. for contracts and business letters).

VII. Cross-border data transfer

Some of the recipients of the personal data will be located or may have relevant operations outside of the data subject’s country and the European Economic Area, such as in the USA, where the data protection laws may provide a different level of protection compared to the laws in the EU/EEA and with regard to which an adequacy decision by the European Commission does not exist. The countries which provide an adequate level of data protection from a European data protection law perspective include Andorra, Argentina, Canada, Faeroe Islands, Guernsey, the State of Israel, Isle of Man, Japan, Jersey, New Zealand, the Republic of Korea, Switzerland, the Eastern Republic of Uruguay and the United Kingdom. With regard to data transfers to such recipients outside of the European Economic Area we provide appropriate safeguards, in particular, by way of entering into data transfer agreements adopted by the European Commission (e.g. Standard Contractual Clauses (2021/914/EU)) with the recipients or taking other measures to provide an adequate level of data protection, where this is required under applicable law. We will provide the data subject with a copy of the respective measure we have taken upon request.

VIII. Rights of the data subject

Under applicable data protection law the data subject has the right, in addition to the right to withdraw consents at any time (the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal) to make a complaint to a data protection supervisory authority. In addition, the data subject may be entitled to the following rights (though these rights may be restricted by national law). To exercise these rights, please contact us using the contact details provided under II. above.

1. Right of access: The data subject may have the right to obtain from us confirmation as to whether or not personal data concerning the data subject is being processed, and, where that is the case, to request access to the personal data. The right of access includes, among other things, the purposes of the processing, the categories of the personal data to be processed, and the recipients or categories of recipient to whom the personal data will be disclosed. However, this right is not unrestricted as the rights of other persons may limit the data subject’s right of access.
In certain circumstances the data subject has the right to receive a copy of the personal data processed by us. For further copies requested by the data subject, we charge a reasonable fee, where relevant calculated on the basis of administrative costs.

2. Right to rectification: The data subject has the right, where relevant, to request the rectification of inaccurate personal data. Depending on the purposes of the processing, the data subject may have the right to have incomplete personal data completed, including through the provision of a supplementary statement.

3. Right to erasure (right to be forgotten): Subject to certain preconditions, the data subject has the right to request us to erase personal data concerning the data subject and we may be obliged to erase such personal data.

4. Right to restriction of processing: Subject to certain preconditions, the data subject has the right to request that we restrict the processing of his/her personal data. In that case, the data concerned will be marked and only processed by us for certain purposes.

5. Right to data portability: Subject to certain preconditions, the data subject has the right to receive the personal data, which the data subject has provided to us, in a structured, commonly used and machine-readable format and the right to transmit that data to a different controller without hindrance from us.

6. Right to object: Subject to certain preconditions, the data subject has the right to object at any time to the processing of his/her personal data by us on grounds arising from his/her particular situation, and we can be required not to process the personal data any longer. If personal data is processed for direct marketing purposes, the data subject has an additional right to object at any time to the processing of personal data in relation to him/her for the purpose of such marketing. This also applies to profiling where this is connected to direct marketing. In that case, the personal data will no longer be processed by us for these purposes.