This Privacy Notice was last updated February 22, 2021.
This privacy notice applies with regard to the processing of personal data by
European DataWarehouse GmbH (“European DataWarehouse“, “we“, “our“, “us“)
60594 Frankfurt am Main
Tel .: +49 69 50986 9300
II. Name and address of the data protection officer
60594 Frankfurt am Main
Tel: +49 69 50986 9304
III. Categories of personal data
1. Data collected automatically
The following data regarding the use of and the interactions with our services, your advertising preferences, and your communications with us is automatically collected when you use our website and services:
- information about the browser (type and version used, language)
- the Internet service provider of the user
- the IP address of the user
- date and time of access request
- time zone difference to Greenwich Mean Time (GMT)
- access status/HTTP status code
- the data volume transferred
- websites from which the system of the user comes to our website
- websites accessed by the user’s system through our website
- type of device and operating system
2. Data provided voluntarily
The provision of the following personal data is voluntary (however, if you do not provide the personal data it may be impossible to enter into a contractual relationship with us and the provision of services by us may be delayed or impossible):
- Data collected via the website contact form (first name, last name, organisation, telephone number, email address, message content)
- Registration, subscription and data relating to the contractual relationship with us
- type of registration (data owner, data provider, data user)
- company information (Legal Entity Identifier (LEI), company name)
- user details (first name, last name, email address, telephone number, password)
- websites/webpages visited, access time, frequency and duration of visits, links clicked, interaction with advertisements
- user segment or category
- IP address, model or device type, operating system and version, browser type and settings
- identifiers (device ID, advertisement ID, individual device token)
- cookie-related data (e.g. cookie ID
IV. Processing purposes, legal basis and recipients and categories of recipients
Below you can find a description of the purposes for which we process personal data, including the recipients or categories of recipients to whom we transfer personal data for the purposes mentioned in each case and the relevant legal basis.
Any access to personal data is restricted to those persons who need to know the respective personal data in order to perform their professional duties (“need-to-know principle”).
We may transfer your personal data for the respective purposes to the following recipients and categories of recipients:
- Private third parties – Affiliated or unaffiliated private bodies other than us.
- Data processors – Certain third parties, whether affiliated or unaffiliated, may receive your personal data to process such data on behalf of us under appropriate instructions as necessary for the respective processing purposes, including IT and other administrative services (e.g., billing services, hosting and/or maintenance of IT systems). The data processors will be subject to contractual obligations to implement appropriate technical and organizational security measures to safeguard the personal data, and to process the personal data only as instructed.
- Governmental authorities, courts, external advisors, and similar third parties that are public bodies as required or permitted by applicable law.
1. We process your personal data in order to fulfil our contract with you or in order to take steps at the request of the data subject prior to entering into a contract (Art. 6 (1) b) GDPR), including for the following purposes:
- Registration for our services and to provide the client subscription contract upon registration.
- Processing of data relating to you or your organization for the purpose of entering into a contract with you.
- Performance of contractual relationship you (including fulfilling the contractual obligations, provide our services, invoice processing, communication, customer support, enforcement of any contractual terms).
2. We process your personal data based on your consent (Art. 6 (1) a) GDPR) for the following purposes:
- Marketing communication by electronic mail (newsletter unless these communications are legally permitted without consent.
3. We process your personal data in order to comply with legal obligations (Art. 6 (1) c) GDPR) to which we are subject, including for the following purposes:
- Maintain information security
- Participation in investigations and proceedings (including judicial proceedings) conducted by public authorities or governmental authorities, in particular, for the purpose of detecting, investigating and prosecuting illegal acts.
- Complying with legal retention obligations (see VI. “Storage duration and deletion” below).
4. We process personal data to the extent necessary for the purposes of the legitimate interests pursued by us or by a third party (Art. 6 (1) f) GDPR), including for the following purposes:
- Communication and provision of our services to the extent it is not already necessary perform a contract with you or in order to take steps prior to entering into a contract (e.g., respond to general requests).
- Participation in proceedings (including judicial proceedings) conducted by courts, law enforcement agencies, government agencies or public authorities, intergovernmental or supranational bodies, in particular for the purpose of detecting, investigating and prosecuting illegal acts, unless there is a statutory obligation.
- Prevention, detection, investigation, mitigation and remediation of fraud, security breaches and other prohibited or unlawful activities,including the assessment of corresponding risks (including through the use of captchas).
- Registration data is transferred to the legal entity indicated in the course of the registration to enable it to manage access rights, to accounts registered under its name and to prevent fraud, misuse and related consequences.
To obtain further information regarding the balancing of interest test carried out for the above purposes please contact us.
Cookie preferences can be managed in the management tool, which you can find here.
The cookies and similar technologies have the following functions:
- enable provision of our website/services (technically necessary)
- improvement of user experience (e.g. saving font size and form data entered)
- optimization of website/services (e.g. monitoring of error messages and loading times)
VI. Storage duration and deletion
We store personal data as long as it is necessary to fulfill the respective purposes. When we no longer need personal data to comply with contractual or legal obligations, it is deleted from our systems or anonymized. Something else only applies if we have to fulfill legal or official obligations, e.g., statutory retention obligations. In Germany such retention obligations may arise, in particular, arise under the German Commercial Code (Handelsgesetzbuch, “HGB“) or the German Fiscal Code (Abgabenordnung, “AO“), and may generally be 6 to 10 years (e.g. for contracts and business letters).
VII. Cross-border data transfer
Some of the recipients of your personal data will be located or may have relevant operations outside of your country and the European Economic Area, such as in the USA, where the data protection laws may provide a different level of protection compared to the laws in your jurisdiction and with regard to which an adequacy decision by the European Commission does not exist. The countries which provide an adequate level of data protection from a European data protection law perspective include Andorra, Argentina, Canada, Faeroe Islands, Guernsey, the State of Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland and the Eastern Republic of Uruguay. With regard to data transfers to such recipients outside of the European Economic Area we provide appropriate safeguards, in particular, by way of entering into data transfer agreements adopted by the European Commission (e.g. Standard Contractual Clauses (2010/87/EU and/or 2004/915/EC)) with the recipients or taking other measures to provide an adequate level of data protection, where this is required under applicable law. We will provide you with a copy of the respective measure we have taken upon request
VIII. Rights of the data subject
Under applicable data protection law you have the right, in addition to the right to withdraw your consent at any time (the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal) to make a complaint to a data protection supervisory authority. In addition, you may be entitled to the following rights (though these rights may be restricted by national law). To exercise your rights, please contact us using the contact details provided under II. above.
1. Right of access: You may have the right to obtain from us confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, to request access to the personal data. The right of access includes, among other things, the purposes of the processing, the categories of the personal data to be processed, and the recipients or categories of recipient to whom the personal data will be disclosed. However, this right is not unrestricted as the rights of other persons may limit your right of access.
In certain circumstances you have the right to receive a copy of the personal data processed by us. For further copies requested by you, we charge a reasonable fee, where relevant calculated on the basis of administrative costs.
2. Right to rectification: You have the right, where relevant, to request the rectification of inaccurate personal data concerning you. Depending on the purposes of the processing, you may have the right to have incomplete personal data completed, including through the provision of a supplementary statement.
3. Right to erasure (right to be forgotten): Subject to certain preconditions, you have the right to request us to erase personal data concerning you and we may be obliged to erase such personal data.
4. Right to restriction of processing: Subject to certain preconditions, you have the right to request that we restrict the processing of your personal data. In that case, the data concerned will be marked and only processed by us for certain purposes.
5. Right to data portability: Subject to certain preconditions, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and the right to transmit that data to a different controller without hindrance from us.
6. Right to object: Subject to certain preconditions, you have the right to object at any time to the processing of your personal data by us on grounds arising from your particular situation, and we can be required not to process your personal data any longer.If personal data is processed for direct marketing purposes, you have an additional right to object at any time to the processing of personal data in relation to you for the purpose of such marketing. This also applies to profiling where this is connected to direct marketing. In that case, the personal data will no longer be processed by us for these purposes.