Privacy Notice

This Privacy Notice was last updated February 22, 2021.

I. Introduction/Controller

This privacy notice applies with regard to the processing of personal data by

European DataWarehouse GmbH (“European DataWarehouse“, “we“, “our“, “us“)
Walther-von-Cronberg-Platz 2
60594 Frankfurt am Main
Germany
Tel .: +49 69 50986 9300

in connection with the provision of all European DataWarehouse websites (currently www.eurodw.eu, www.eurodw.co.uk), including the services provided via these websites.

II. Name and address of the data protection officer

Sascha Schimpfermann
Walther-von-Cronberg-Platz 2
60594 Frankfurt am Main
Germany
Tel: +49 69 50986 9304
E-Mail: gdpr@eurodw.eu

III. Categories of personal data

1. Data collected automatically

The following data regarding the use of and the interactions with our services, your advertising preferences, and your communications with us is automatically collected when you use our website and services:

  • information about the browser (type and version used, language)
  • the Internet service provider of the user
  • the IP address of the user
  • date and time of access request
  • time zone difference to Greenwich Mean Time (GMT)
  • access status/HTTP status code
  • the data volume transferred
  • websites from which the system of the user comes to our website
  • websites accessed by the user’s system through our website
  • type of device and operating system

2. Data provided voluntarily

The provision of the following personal data is voluntary (however, if you do not provide the personal data it may be impossible to enter into a contractual relationship with us and the provision of services by us may be delayed or impossible):

  • Data collected via the website contact form (first name, last name, organisation, telephone number, email address, message content)
  • Registration, subscription and data relating to the contractual relationship with us
  • type of registration (data owner, data provider, data user)
  • company information (Legal Entity Identifier (LEI), company name)
  • user details (first name, last name, email address, telephone number, password)

3. Personal data collected in connection with the use of cookies and similar technologies

We use cookies, web beacons and similar technologies to collect the following usage- and device-related personal data when you access our website and use our services from the devices used for this purpose:

  • websites/webpages visited, access time, frequency and duration of visits, links clicked, interaction with advertisements
  • user segment or category
  • IP address, model or device type, operating system and version, browser type and settings
  • identifiers (device ID, advertisement ID, individual device token)
  • cookie-related data (e.g. cookie ID

IV. Processing purposes, legal basis and recipients and categories of recipients

Below you can find a description of the purposes for which we process personal data, including the recipients or categories of recipients to whom we transfer personal data for the purposes mentioned in each case and the relevant legal basis.

Any access to personal data is restricted to those persons who need to know the respective personal data in order to perform their professional duties (“need-to-know principle”).

We may transfer your personal data for the respective purposes to the following recipients and categories of recipients:

  • Private third parties – Affiliated or unaffiliated private bodies other than us.
  • Data processors – Certain third parties, whether affiliated or unaffiliated, may receive your personal data to process such data on behalf of us under appropriate instructions as necessary for the respective processing purposes, including IT and other administrative services (e.g., billing services, hosting and/or maintenance of IT systems). The data processors will be subject to contractual obligations to implement appropriate technical and organizational security measures to safeguard the personal data, and to process the personal data only as instructed.
  • Governmental authorities, courts, external advisors, and similar third parties that are public bodies as required or permitted by applicable law.

1. We process your personal data in order to fulfil our contract with you or in order to take steps at the request of the data subject prior to entering into a contract (Art. 6 (1) b) GDPR), including for the following purposes:

  • Registration for our services and to provide the client subscription contract upon registration.
  • Processing of data relating to you or your organization for the purpose of entering into a contract with you.
  • Performance of contractual relationship you (including fulfilling the contractual obligations, provide our services, invoice processing, communication, customer support, enforcement of any contractual terms).

2. We process your personal data based on your consent (Art. 6 (1) a) GDPR) for the following purposes:

    • Marketing communication by electronic mail (newsletter unless these communications are legally permitted without consent.
    • Measurement and improving the performance of the website as well as personalization, measurement and improvement of our and third party advertisements (also see V. “Use of cookies and analytics” and our Cookie Notice).

3. We process your personal data in order to comply with legal obligations (Art. 6 (1) c) GDPR) to which we are subject, including for the following purposes:

  • Maintain information security
  • Participation in investigations and proceedings (including judicial proceedings) conducted by public authorities or governmental authorities, in particular, for the purpose of detecting, investigating and prosecuting illegal acts.
  • Complying with legal retention obligations (see VI. “Storage duration and deletion” below).

4. We process personal data to the extent necessary for the purposes of the legitimate interests pursued by us or by a third party (Art. 6 (1) f) GDPR), including for the following purposes:

  • Communication and provision of our services to the extent it is not already necessary perform a contract with you or in order to take steps prior to entering into a contract (e.g., respond to general requests).
  • Participation in proceedings (including judicial proceedings) conducted by courts, law enforcement agencies, government agencies or public authorities, intergovernmental or supranational bodies, in particular for the purpose of detecting, investigating and prosecuting illegal acts, unless there is a statutory obligation.
  • Prevention, detection, investigation, mitigation and remediation of fraud, security breaches and other prohibited or unlawful activities,including the assessment of corresponding risks (including through the use of captchas).
  • Registration data is transferred to the legal entity indicated in the course of the registration to enable it to manage access rights, to accounts registered under its name and to prevent fraud, misuse and related consequences.

To obtain further information regarding the balancing of interest test carried out for the above purposes please contact us.

V. Use of cookies and similar technologies and analytics

Cookie preferences can be managed in the management tool, which you can find here.

When you use our website and/or services, we and selected third parties may use cookies and similar technologies in order to provide you with a better, faster and safer user experience. Cookies are small text files that are automatically created by your browser and stored on your device. We use cookies and similar technologies that remain on your device only as long as your browser is active (session cookies), as well as cookies and similar technologies that remain on your device longer (persistent cookies). Detailed information can be found in our Cookie Notice.

The cookies and similar technologies have the following functions:

  • enable provision of our website/services (technically necessary)
  • improvement of user experience (e.g. saving font size and form data entered)
  • optimization of website/services (e.g. monitoring of error messages and loading times)

VI. Storage duration and deletion

We store personal data as long as it is necessary to fulfill the respective purposes. When we no longer need personal data to comply with contractual or legal obligations, it is deleted from our systems or anonymized. Something else only applies if we have to fulfill legal or official obligations, e.g., statutory retention obligations. In Germany such retention obligations may arise, in particular, arise under the German Commercial Code (Handelsgesetzbuch, “HGB“) or the German Fiscal Code (Abgabenordnung, “AO“), and may generally be 6 to 10 years (e.g. for contracts and business letters).

VII. Cross-border data transfer

Some of the recipients of your personal data will be located or may have relevant operations outside of your country and the European Economic Area, such as in the USA, where the data protection laws may provide a different level of protection compared to the laws in your jurisdiction and with regard to which an adequacy decision by the European Commission does not exist. The countries which provide an adequate level of data protection from a European data protection law perspective include Andorra, Argentina, Canada, Faeroe Islands, Guernsey, the State of Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland and the Eastern Republic of Uruguay. With regard to data transfers to such recipients outside of the European Economic Area we provide appropriate safeguards, in particular, by way of entering into data transfer agreements adopted by the European Commission (e.g. Standard Contractual Clauses (2010/87/EU and/or 2004/915/EC)) with the recipients or taking other measures to provide an adequate level of data protection, where this is required under applicable law. We will provide you with a copy of the respective measure we have taken upon request

VIII. Rights of the data subject

Under applicable data protection law you have the right, in addition to the right to withdraw your consent at any time (the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal) to make a complaint to a data protection supervisory authority. In addition, you may be entitled to the following rights (though these rights may be restricted by national law). To exercise your rights, please contact us using the contact details provided under II. above.

1. Right of access: You may have the right to obtain from us confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, to request access to the personal data. The right of access includes, among other things, the purposes of the processing, the categories of the personal data to be processed, and the recipients or categories of recipient to whom the personal data will be disclosed. However, this right is not unrestricted as the rights of other persons may limit your right of access.

In certain circumstances you have the right to receive a copy of the personal data processed by us. For further copies requested by you, we charge a reasonable fee, where relevant calculated on the basis of administrative costs.

2. Right to rectification: You have the right, where relevant, to request the rectification of inaccurate personal data concerning you. Depending on the purposes of the processing, you may have the right to have incomplete personal data completed, including through the provision of a supplementary statement.

3. Right to erasure (right to be forgotten): Subject to certain preconditions, you have the right to request us to erase personal data concerning you and we may be obliged to erase such personal data.

4. Right to restriction of processing: Subject to certain preconditions, you have the right to request that we restrict the processing of your personal data. In that case, the data concerned will be marked and only processed by us for certain purposes.

5. Right to data portability: Subject to certain preconditions, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and the right to transmit that data to a different controller without hindrance from us.

6.  Right to object: Subject to certain preconditions, you have the right to object at any time to the processing of your personal data by us on grounds arising from your particular situation, and we can be required not to process your personal data any longer.If personal data is processed for direct marketing purposes, you have an additional right to object at any time to the processing of personal data in relation to you for the purpose of such marketing. This also applies to profiling where this is connected to direct marketing. In that case, the personal data will no longer be processed by us for these purposes.