h. Additional privacy notice on our Facebook fan page 

Within the context of our Facebook fan page (available at: https://www.facebook.com/quantilope/ and https://www.facebook.com/quantilopeUS/ you also have the possibility to inform yourself about our services or to contact and interact with us. Our Facebook fan page is provided on the basis of the agreement concluded with Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) on the joint processing of personal data in accordance with Art. 26 GDPR ("Page Insights Controller Addendum "). According to this agreement, we ourselves cannot make and implement any decisions regarding the processing of Insights data. The primary responsibility pursuant to the GDPR for the processing of Insights data as well as the fulfilment of all obligations under the GDPR with regard to the processing of Insights data is held by Facebook.

We would like to point out that when you visit the Facebook fan page, your data as a user may be processed outside the EU. Facebook, Inc., which is involved in this process, has committed itself as a Privacy-Shield certified US provider to comply with the data protection standards of the EU: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active (Status: January 27, 2020).

Your data may be processed for market research and advertising purposes, for example by creating user profiles based on the interests arising from your usage behaviour and using them to place advertisements. For this purpose, cookies are usually stored on your computer.

The Page Insights feature allows us to access Facebook statistics from various categories related to the Facebook fan page usage, such as total number of page views, "Like" information, page activity, post interactions, video views, post reach, comments, shared content, responses, proportion of men and women, origin related to country and city, language, shop views and clicks, clicks on route planners, and clicks on phone numbers. We use this information to make our pages more attractive and more appropriate to your needs (e.g. by finding the right time to publish a content).

Within the context of the Facebook fan page, the processing of users' personal data is carried out in order to safeguard our legitimate interests in tailoring our information offerings and communications with users to meet their needs and target groups (legal basis: Art. 6 (1) (f) GDPR). If you are asked by Facebook (as the provider of the platform) to give your consent to  specific data processing, the processing will be carried out in this respect on the legal basis of Art. 6 (1) (a) GDPR.

With regard to the exercise of data subjects' rights and requests for information, we would like to point out that the most effective way to assert these rights is directly at Facebook (see https://www.facebook.com/legal/terms/information_about_page_insights_data). 

Further information on the processing and use of data, as well as on the rights and settings options for protecting your privacy, including the option to object (opt-out), can be found in Facebook's data policy at https://www.facebook.com/about/privacy/ and in the "Information about Page Insights Data" at https://www.facebook.com/legal/terms/information_about_page_insights_data 

Opt-Out: https://www.facebook.com/settings?tab=ads or http://www.youronlinechoices.com 

4. Privacy notice for survey participants

A survey participant is someone who  visits one of our subdomains (https://survey.quantilope.com/*) and takes part in a study or survey.

a. Information transmitted by your browser

When you visit our website, your browser automatically sends information to our server and temporarily stores it in a so-called log file. 

In this context, we collect and process the following information and personal data in particular:

• Date and time of access to the website
• Browser type and browser settings
• Language and version of the browser software
• Operating system 
• Content of the request (concrete page)
• the last page  visited by the user (referral) 
• the amount of data transferred
• Access status/HTTPS status code
• IP address 
• Device

The legal basis of the processing is Art. 6 (1) (f) GDPR, our legitimate interest. The information and personal data collected are required for the purpose of correctly delivering and optimizing the contents of the website, ensuring network and information security and protecting the website from attacks, disruptions and damage. In addition, the data is statistically evaluated for the purpose of increasing data protection and data security in order to ensure a level of protection for the personal data processed by us that is adequate to the risk.

Information about  the date and time of the website retrieval, browser type, version of the browser software as well as the operating system and device is stored together with the response data and used for the evaluation of the survey. The remaining log data (especially the IP) is processed separately from the response data. Therefore, retracing to your identity is not possible.

Beyond that, we do not use cookies and analysis services in surveys.

b. Local Storage

quantilope uses the so-called local storage. In this technique, data is stored locally in the cache of your browser. This data remains available and is accessible after closing the browser window (as long as you do not delete the local storage).

The local storage ensures that if you interrupt the survey, you will continue at the point where you interrupted it when you access it again. In addition, multiple participation can be prevented.

In addition, in cases where multiple participation in a survey is desired, we use the so-called session storage. The session storage  function corresponds to the described local storage, except that the corresponding data is automatically removed immediately after closing the browser.

The legal basis for the use of the local storage is the legitimate interest of us and our customers, Art. 6 (1) (f) GDPR. It allows us to make a fully functional offer.

If you do not want data to be stored in your local storage, you can prevent this in the settings of your browser. We would like to point out that this may lead to certain malfunctions.

c. Studies conducted by quantilope

If we conduct a study we may ask for various characteristics in the survey, such as your age or gender. Together with your answers to the study topic, a raw data set is formed. We will always carry out the surveys in such a way that no conclusions about your identity should be possible. However, depending on the combination of the characteristics being surveyed, traceability can never be completely excluded.

We process data you provide to us in surveys only on the basis of your consent in accordance with Art. 6 (1) (a) GDPR, for the purpose of market and opinion research.

The data will be stored and deleted after reaching the above-mentioned purposes. In some cases we may remove possible personal references by aggregating the data The erasure time limits are based on the principle of necessity.

d. Studies conducted by our customers

In most cases, studies are not conducted by ourselves, but by companies that are our customers.

In these cases, the respective customer is the controller of the processing of personal data. The privacy notice of that company applies to the processing of the data collected in the study.

e. Surveys in which you participate via a panel provider

If you take part in a survey conducted with the quantilope platform via a panel provider, we will collect the User-ID assigned to you by the panel provider at the beginning of the survey. At the end of the survey the User-ID is reported back to the panel provider. The purpose of this collection and feedback is to inform the panel provider whether you participated in the survey or whether you were excluded from participation, e.g. because the quota to which you belong has already been fulfilled. This feedback is necessary so that the panel provider can subsequently credit you with your incentive. The legal basis for the processing is the fulfilment of a contract, Art. 6 (1) (b) GDPR.

5. Privacy notice for applicants

You can find the privacy notice for applicants here https://quantilope-gmbh-jobs.personio.de/privacy-policy?language=en

6. Privacy notice for customers and other contact persons

The following privacy notice is relevant for you if your company has a contractual or pre-contractual relationship with us and you are a contact person of this company or you are in any other form a contact person for quantilope (e.g. press representatives).

a. Data categories and processing purposes

Relevant categories of processed personal data in these cases may include:

• Personal identifiable information (form of address, title, full name and professional title)

• Contact data (employer’s address, business email address, business telephone number, business fax number and similar data)

• Project data (projects with quantilope in which you are involved and the position(s) you hold in these projects)

• Usage data (i.e. where you found out about us or whether we are providing you with further material)

• Payment data (business payment methods, invoicing details and similar data)

• Other data (i.e. statements or sound and video recordings) which you provide to us on a voluntary basis and with consent

• Survey data on customer satisfaction surveys that you voluntarily provide to us

In addition to the  data that we collect directly from you, we process personal data rightfully obtained from other companies or other third parties (e.g. credit agencies, directory publishers) insofar as it is necessary for us to carry out our services. We also process personal data that we have rightfully taken, obtained or acquired from publicly accessible sources (e.g. phone directories, trade and association registries, resident registries, lists of debtors, press, career networks, the Internet and other media).

The purpose of processing is to implement pre-contractual measures and to fulfill our contracts, including the services, measures and activities required for this purpose. The legal basis for this processing is Art. 6 (1) (b) GDPR

This data includes, in particular,

• pre-contractual and contractual communication with you, 

• access to our Help Center, 

• the traceability of transactions, orders and other agreements, as well as quality control through appropriate documentation, 

• goodwill procedures, 

• measures to control and optimize business processes, and for the fulfillment of general obligations of due diligence, 

• governance and control by affiliated companies (e.g. parent company); 

• statistical analysis for management control, cost accounting and controlling,

• reporting, 

• internal and external communication, 

• emergency management,

• invoicing and tax assessments relating to operational services, 

• risk management,

• the assertion of legal claims and defense in litigation;

• guarantee of IT security (including system and plausibility tests) and general safety, including building and plant safety, safeguarding and exercising the right to grant or deny access (e.g. via access controls);

• guaranteeing the integrity, authenticity and availability of data,

• prevention and solving of crimes;

• monitoring by supervisory committees or control bodies (e.g. audits).

Furthermore, like everyone involved in economic activity, quantilope too is subject to a number of legal obligations. For this reason, it may be necessary to process personal data in accordance with Art. 6 (1) (c) GDPR (to fulfill statutory requirements) or Art. 6 (1) (e) GDPR (on grounds of public interest). Primarily, these are statutory requirements (e.g. commercial and tax law), but there may also be obligations imposed by supervisory and other public authorities. 

The purposes of processing may include, in certain cases, identity and age verification, fraud and money-laundering prevention, the prevention, fighting and clearing up of terrorism financing and crimes endangering property, comparisons of European and international anti-terror lists, fulfilling tax law control and reporting obligations and the archiving of data for the purpose of data protection and data security, and for the purpose of auditing by tax and other public authorities. It may also be necessary to disclose personal data for purposes of collecting evidence, prosecuting or enforcing civil claims in the event of any official or judicial measures.

In addition to the actual fulfillment of the contract or pre-contract, we may process your data as necessary to safeguard our legitimate interests or the legitimate interests of third parties based on Art. 6 (1) (f) GDPR, especially in regards to:

• Advertising,market research, or opinion polling in connection to the services used by you (product update newsletter, etc.);

• Obtaining information and for the exchange of data with credit agencies insofar as this exceeds our economic risk;

• Reviewing and optimizing procedures for assessing needs;

• Improving services and products as well as existing systems and processes;

• Disclosing personal data as part of a due diligence review in corporate sales negotiations;

• Enriching our data, including through the use or searches of publicly accessible data;

• Statistical analyses or market analyses;

• Benchmarking;

• Asserting legal claims and defending against litigation that is not directly attributable to the contractual relationship

• Limiting the storage of data if the erasure of data is not possible or possible only with disproportionate effort due to the unique kind of data storage;

• Developing scoring systems or automated decision-making processes;

• Preventing and solving crimes, provided this is not exclusively to fulfill statutory requirements;

• Building and facility safety (e.g. access controls and video monitoring) insofar as it exceeds the general duties of care;

• Internal and external inspections, security checks;

• After consent is given, possibly listening in on or recording telephone conversations for quality control and training purposes;

• Receiving and maintaining certifications of a private or official nature;

• Publishing information on our website or our social media channels after consent is given or after prior notification.

Finally, processing is also possible on the basis of your consent pursuant to Art. 6 (1) (a) GDPR. The purposes of processing are, for example, the performance of customer satisfaction surveys or advertising with statements or images. You will be informed about the specific purposes at the time you give your consent.

b. Use and disclosure of personal data

Inside our company, your data is disclosed only to those internal offices or organizational units that require this data to fulfill our (pre-)contractual or statutory obligations or as part of the processing and enforcement of our legitimate interest. Your data will be disclosed to external parties only:

• in relation to the contract performance;

• for the purposes of complying with statutory requirements according to which we are obliged to provide information, ensure registration or disclose data;

• Insofar as external service providers process data on our behalf as data processors or they have been commissioned with a function (e.g. CRM provider, Help Center, external computer centers, support/maintenance of EDP/IT applications, archiving, invoice processing, call center services, compliance services, controlling, data screening for anti-money-laundering purposes, data validation or plausibility tests, data destruction, purchasing/procurement, customer care, letter shops, marketing, media technology, research, risk controlling, invoicing, telephone services, website management, audit services, banking institutions, print shops or companies providing data disposal, courier services, logistics);

• due to our legitimate interest or the legitimate interest of the third party for the specified purposes (e.g. to authorities, credit agencies, collection agencies, lawyers, courts, surveyors, affiliated companies and committees and supervisory bodies);

• if you have given your consent to disclose  to third parties.

Who receives what data is largely dependent on the respective role defined in the contractual relationship and the purpose of the processing. 

The data will be stored and deleted after reaching the above-mentioned purposes. The erasure time limits are based on the principle of necessity.

c. Additional information on Zoom

Zoom is used to conduct telephone conferences, online meetings, video conferences and/or webinars.

Zoom is a product of Zoom Video Communications, Inc. (https://zoom.us/docs/de-de/privacy-and-legal.html) which has its headquarters in the USA. Zoom is Privacy Shield certified (https://www.privacyshield.gov/list).

An adequate level of data protection is ensured by the conclusion of an agreement for order processing which complies with the requirements of Art. 28 GDPR.

In the context of a contractual relationship, the legal basis for data processing when conducting "online meetings" is  Art. 6 (1) (b) GDPR

The following personal data are processed, if specified:

• Information on the user
• Meeting metadata
• For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of online meeting chat.
• When dialing in by phone: information on incoming and outgoing phone number, country name, start and end time. If necessary, further connection data, such as the IP address of the device, can be saved.
• Text, audio and video data: The microphone and video camera can be deactivated at any time.

d. Additional information quantilope Academy [powered by WorkRamp]

WorkRamp is used to provide a learning platform for customers of quantilope. This learning platform (the “quantilope Academy”) enables quantilope to offer a range of specific, quantilope-related courses, and tests for its customers.

The quantilope Academy is powered by WorkRamp (https://www.workramp.com/about/privacy-policy/) which has its headquarters in the USA.

An adequate level of data protection is ensured by the conclusion of an agreement on the processing of personal data which complies with the requirements of Art. 28 GDPR, as well as the conclusion of respective standard contractual clauses.

In the context of a contractual relationship, the legal basis for data processing when offering access to the “quantilope Academy” is Art. 6 (1) (b) GDPR.

The following personal data are processed, if specified:

• Name
• E-mail address
• Survey data
• Test results

7. Further processing activities and further erasure periods

Due to the legal obligations to which quantilope is also subject, it may become necessary to process personal data in accordance with Art. 6 (1) (c) GDPR (to fulfill statutory requirements) or Art. 6 (1) (e) GDPR (on grounds of public interest). Primarily, these are statutory requirements (e.g. commercial and tax law), but there may also be obligations imposed by supervisory and other public authorities. The purposes of processing may include, in certain cases, identity and age verification, fraud and money-laundering prevention, the prevention, fighting and clearing up of terrorism financing and crimes endangering property, comparisons of European and international anti-terror lists, fulfilling tax law control and reporting obligations and the archiving of data for the purpose of data protection and data security, and for the purpose of auditing by tax and other public authorities. It may also be necessary to disclose personal data for purposes of collecting evidence, prosecuting or enforcing civil claims in the event of any official or judicial measures.

Unless otherwise specified for the individual processing activities, personal data is generally erasured based on the principle of necessity.

Like everyone involved in economic activity, we too are subject to a number of different legal obligations concerning storage and documentation. The deadlines specified in the applicable laws stipulate storage and documentation for up to ten years after the business relationship or the pre-contractual legal relationship has terminated.

In addition, special statutory provisions may require a longer storage period, such as the preservation of evidence in connection with statutes of limitations. 

Data is regularly erased once it is no longer required for contractual or legal obligations and rights unless said data is – for a limited period – required for processing to fulfill the respective purposes specified due to an overriding legitimate interest. An overriding legitimate interest also exists, for example, if the erasure of data is not possible or possible only with disproportionate effort due to the special kind of data storage, and processing of this data for other purposes is prevented by appropriate technical and organizational measures.

8. Processing of your data outside of EU/EAA

Data is transmitted to parties in countries outside the European Union (EU) or European Economic Area (EEA), otherwise known as third countries, whenever such is necessary to meet an order/contractual obligation towards or with you, such is required by law (e.g. reporting obligations under tax law), or where such is in our legitimate interest or the legitimate interest of a third party, or if you have issued us with consent.

Your data may be simultaneously processed in a third country, including the involvement of service providers for the processing of an order. If no decision has been issued by the EU Commission regarding the presence of an appropriate level of data protection for the respective country, we warrant that your rights and freedoms will be reasonably protected and guaranteed in accordance with EU data protection requirements through contractual agreements to this effect. Upon request, we can provide you with relevant detailed information.

9. Automated decision-making in individual cases

We do not make use of a purely automated decision-making process as referred to in Art. 22 GDPR. If we should in the future use such a process in individual cases, we will inform you separately, provided that it is required by law.

10. Rights as  data subject

You may assert data protection rights against us in certain circumstances:

• You have the right to obtain information from us about your stored data in accordance with the provisions set forth in Art. 15 GDPR (possibly subject to restrictions in accordance with Section 34 BDSG or other applicable laws).

• At your request, we will rectify your stored data in accordance with Art. 16 GDPR if it is inaccurate or incorrect.

• At your request, we will erase your data in accordance with Art. 17 GDPR if doing so does not conflict with other statutory regulations (e.g. statutory storage obligations or restrictions in accordance with Section 35 BDSG) or an overriding interest on our part (e.g. to defend our rights and claims).

• Based on the requirements set forth in Art. 18 GDPR, you can request that we restrict the processing of your data.

• In addition, you may object to the processing of your data according to Art. 21 GDPR, on the basis of which we must end the processing of your data. However, this right to object applies only if special circumstances exist with regard to your personal situation, whereby rights of our company may outweigh your right of objection.

• You also have the right to receive your data in a structured, common and machine-readable format under the provisions stipulated in Art. 20 GDPR, or to transmit them to a third party.

• Furthermore, you have the right to withdraw the consent you have given to the processing of personal data at any time with effect for the future. Should you object, we shall no longer process your personal data unless we can establish compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or unless the processing is for the purposes of asserting, exercising or defending legal claims.

• In addition, you have the right to file a complaint with the data protection supervisory authority (Art. 77 GDPR). However, we recommend that any complaint be directed to our data protection officer first.

Please address all inquiries regarding data protection at the quantilope Group to:

quantilope GmbH

Charlottenstraße 26 

D-20257 Hamburg

E-Mail: privacy (at) quantilope.com

quantilope Inc.

40 Exchange Place, Suite 410

New York, NY 10005-2761

E-Mail: privacy (at) quantilope.com

UAB quantilope

Užupio g. 30

01203 Vilnius

E-Mail: privacy (at) quantilope.com

quantilope Limited
New Penderel House, 4th Floor
283 - 288 High Holborn
London WC1V 7HP

E-Mail: privacy (at) quantilope.com