Data processing according to EU-GDPR
emphasis guarantees compliance with the applicable German data protection regulations according to BDSG and EU-GDPR. In accordance with § 5 sentence 2 BDSG (or §53 BDSG-new), the employees of emphasis have committed themselves in writing to maintain data confidentiality.
As far as emphasis processes personal data during the execution of projects, emphasis will act on behalf of the client as defined by § 11 BDSG / art. 28 EU-GDPR. emphasis will therefore only use the personal data within the framework of the agreements made or other written instructions of the client and in accordance with the data protection regulations.
As market research agency, we have the privilege of being able to contact the respondents EU-GDPR-conform without their prior consent based on the legal basis of “legitimate interest” (Art. 6 section 1 f). Market research is defined as legitimate interest in recital 47 of the EU-GDPR.
Furthermore, emphasis guarantees to indefinitely keep all received information confidential. This applies not only to operational organisational procedures but especially to all information that is designated as confidential or identifiable as trade and business secrets. As far as the projects do not require it, no records and notifications are transmitted to third parties.
We only pass on personal data to third parties in exceptional cases. This only happens if:
- Explicit consent of the person concerned is available
- Processing is necessary to process a contract with the data subject
- Processing is necessary to fulfil a legal obligation
- Processing is necessary to safeguard legitimate interests and there is no reason to believe that the data subject has an overriding interest worthy of protection in not disclosing his data.
According to § 40 BDSG and art. 5 EU-GDPR emphasis anonymizes personal data as early as possible considering the requirements of the respective research project. Until then, personal data will be stored separately from the survey data so that respondents’ information cannot be assigned to individual persons.
We take into account the principles of data minimization and storage limitation according to art. 5 EU-GDPR, i.e. personal data is only stored for as long as required by law or as required for the purposes mentioned. The personal data will then be blocked or deleted.
emphasis implements the security measures prescribed by art. 32 EU-GDPR and § 9 BDSG to protect the data stored on their systems against unauthorized access, modification, theft or destruction. This includes organizational and technical measures to restrict access to personal data to employees of emphasis (access control). Physical access to information technology systems that store personal data (access control) is also controlled and protected. The servers of emphasis are located in Germany.
Before starting a project, emphasis obtains a declaration of consent from the participants in accordance with the requirements of art. 6 and art. 7 EU-GDPR and informs the interviewee concerned according to the information requirements of art. 12 ff. EU-GDPR:
Before participating in projects, participants agree that emphasis stores and processes their contact data until further notice so that emphasis can contact the participants for current and/or future projects for purposes of market and opinion research by fax or e-mail. This consent is voluntary and can be revoked at any time. Our participants are entitled at any time to request comprehensive information on their personal data stored. They may at any time request correction, transfer, deletion, restriction and blocking of individual personal data. emphasis informs its participants of their right to complain to regulating authorities under the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/adresse_links-node.html.
emphasis receives the contact data of the participants from publicly accessible data sources.
We reserve the right to adapt our data protection declaration, e.g. to meet current legal requirements.
emphasis has appointed Mr Klaus-Peter Neumann and Mr Dorian Maier as data protection officers.
The data protection officers of emphasis are available at firstname.lastname@example.org.
Collection of general data on our website
When you access our websites, we automatically collect data of a general nature. The data (server log files) includes, for example, the type of your browser, your operating system, the domain name of your Internet provider and other similar general data. This data is absolutely independent of any person and is used to display the website correctly and is retrieved every time the Internet is used. The absolutely anonymous data is statistically evaluated to improve our service for you.
Our website uses “cookies”. Cookies are text files that are transferred from the server of a website to your computer. Certain data such as IP address, browser, operating system and internet connection are transmitted. The information collected by cookies is used to make navigation easier for you and to optimize the display of our websites. The cookie data is automatically deleted after each web session.
Data collected by us will never be passed on to third parties or linked to personal data without your consent.
To ensure a secure connection with our web server, we use state-of-the-art encryption methods (SSL encryption via HTTPS).