This data protection declaration is intended to inform visitors to our website and users of our QUESTIONSTAR online tool about the type, scope and purpose of the collection and use of personal data by us as website operators, our cooperation partners and our customers who carry out their online surveys with the help of our tool.
We take your data protection very seriously and treat your personal data confidentially and according to the legal regulations. As new technologies and the constant development of this website may result in changes to this data protection declaration, we recommend that you read the data protection declaration again at regular intervals.
Definitions of the terms used (e.g. “personal data” or “processing”) can be found in Art. 4 GDPR.
Name and address of the person in charge
The person responsible within the meaning of the Basic Data Protection Regulation and other national data protection laws of the Member States as well as other provisions of data protection law is the Data Protection Supervisor:
General information about data processing
Scope of personal data processing
We process the personal data of our users only to the extent necessary to provide a functioning website as well as our content and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies in those cases in which it is not possible to obtain prior consent for actual reasons and the processing of the data is permitted by statutory provisions.
Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for processing personal data, Art. 6 Para. 1 lit. a EU Data Protection Basic Regulation (GDPR) serves as the legal basis.
Art. 6 para. 1 lit. b GDPR serves as the legal basis for the processing of personal data required for the performance of a contract to which the data subject is a party. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
Art. 6 para. 1 lit. d GDPR serves as a legal basis in the event that vital interests of the data subject or another natural person necessitate the processing of personal data.
If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.
Data erasure and storage duration
The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage no longer applies. In addition, the data may be stored if the European or national legislator has provided for this in Union regulations, laws or other provisions to which the person responsible is subject. The data shall also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless it is necessary for further storage of the data for the conclusion or performance of a contract.
SSL or TLS encryption
For security reasons and to protect the transmission of confidential content that you send to us as the site operator, our website uses SSL or TLS encryption. This means that data that you transmit via this website cannot be read by third parties. You can recognize an encrypted connection by the “https://” address line of your browser and by the lock symbol in the browser line.
Provision of the website and creation of log files
We, the website operator or page provider, collect data on access to the website on the basis of our legitimate interest (see Art. 6 Para. 1 lit. f. GDPR) and store these as “server log files” on the server of the website. The following data is logged in this way:
- Web site visited or file requested
- Time at which access was made
- amount of data sent in bytes
- source/reference from which you came to the page (referrer
- Used Browser
- Operating system used
- Used IP address
The server log files are stored for a maximum of 7 days and then deleted. The data is stored for security reasons, e.g. to clarify cases of misuse. An evaluation of the data for marketing purposes does not take place in this context. If data have to be cancelled for reasons of proof, they are excluded from deletion until the incident has been finally clarified.
Registration on this website
To use the QUESTIONSTAR online tool, you must register on our website. This creates a contractual relationship between you and the website operator, which is governed by our General Terms and Conditions. The data transmitted is used exclusively for the purpose of using our service and fulfilling the above-mentioned contract. Mandatory data requested during registration must be provided in full. Otherwise we will refuse the registration.
In case of important changes, for example for technical reasons, we will inform you by e-mail. The e-mail will be sent to the address provided during registration.
The processing of the data entered during registration is based on your consent (Art. 6 Para. 1 lit. a GDPR) as well as on the contractual relationship by using our service (Art. 6 Para. 1 lit. b GDPR). A revocation of your already given consent is possible at any time. An informal notification by e-mail is sufficient for the revocation. The legality of the data processing already carried out remains unaffected by the revocation.
We store the data collected during registration for the period that you are registered on our website. Your data will be deleted if you cancel your registration. Legal retention periods remain unaffected.
Contact data handling
If you contact us as a website operator through the contact options offered, your details will be stored so that they can be used to process and respond to your enquiry. These data will not be passed on to third parties without your consent.
The processing of the data transmitted during the establishment of contact takes place on the basis of your consent (Art. 6 Para. 1 lit. a GDPR) as well as in the case of an e-mail contact on the basis of Art. 6 Para. 1 lit. f GDPR. If the e-mail contact aims at the conclusion of a contract, Art. 6 Para. 1 lit. b GDPR applies additionally. A revocation of your already given consent is possible at any time. An informal notification by e-mail is sufficient for the revocation. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.
The data transmitted during the establishment of contact will remain with us until you request deletion, revoke your consent to storage or until there is no longer any need for data storage. Mandatory legal provisions – in particular retention periods – remain unaffected.
The website operator offers you a newsletter in which he informs you about current events and offers. If you would like to subscribe to the newsletter, you must provide a valid e-mail address. In addition, if you purchase services on our website and enter your e-mail address, we may subsequently use this to send you a newsletter. If you subscribe to the newsletter or purchase our services (also free of charge), you agree to receive the newsletter and to the procedures described above. The legal basis for the processing of data is with the registration for the newsletter art. 6 Abs. 1 lit. a GDPR and with the acquisition of services § 7 Abs. 3 UWG.
The newsletter is sent either directly by the website operator or by the dispatch service provider CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. More detailed information about this service provider, its services and the data protection regulations can be found further below in the text of this data protection declaration.
Revocation and termination: You can revoke your consent to receive the newsletter at any time and thus cancel your newsletter subscription. After your cancellation, your personal data will be deleted. Your consent to receive the newsletter will expire at the same time. At the end of each newsletter you will find the link to the cancellation.
For sending newsletters we use CleverReach. The provider is CleverReach GmbH & Co KG, Mühlenstr. 43, 26180 Rastede. With this service we can organize and analyze the newsletter dispatch. The data you enter to receive the newsletter, such as your e-mail address, is stored on CleverReach’s servers. The servers are located in Germany and Ireland.
The newsletter dispatch with CleverReach allows us to analyse the behaviour of the newsletter recipient. The analysis shows, among other things, how many recipients have opened their newsletter and with what frequency links were clicked in the newsletter. CleverReach supports conversion tracking in order to analyse whether a previously defined action, such as a product purchase, has taken place after clicking on a link. Details on CleverReach’s data analysis can be found below: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/ .
The data processing takes place on the basis of your consent (Art. 6 Para. 1 lit. a GDPR). A revocation of your already given consent is possible at any time. To revoke your consent, simply send an informal e-mail or use the “Unsubscribe” link in the newsletter to unsubscribe. The legality of the data processing operations that have already taken place remains unaffected by the revocation.
If you do not wish an analysis by CleverReach, you must unsubscribe from the newsletter. To unsubscribe, simply send us an informal e-mail or use the “unsubscribe” link in the newsletter.
Data entered to set up the subscription will be deleted from our servers and the CleverReach servers if you unsubscribe. If this data has been transmitted to us for other purposes and elsewhere, it will remain with us.
We have concluded an order processing agreement with CleverReach in order to fully comply with the statutory data protection requirements.
Range measurement & Cookies
If you do not want cookies to be stored on your end device for range measurement, you can object to the use of these files here:
- Cookie deactivation page of the network advertising initiative:
- Cookie deactivation page of the US website:
- Cookie deactivation page of the European website:
The legal basis for the processing of personal data using technically necessary cookies is Art. 6 Para. 1 lit. f GDPR. The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 Para. 1 lit. a GDPR if the user has given his consent.
On the basis of our legitimate interests, this website uses the following data to optimise and analyse our online offering in the sense of Art. 6 Para. 1 lit. f. GDPR uses the service “Google Analytics”, which is provided by Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). The service (Google Analytics) uses “cookies” – text files which are stored on your terminal device. The information collected by the cookies is usually sent to a Google server in the USA and stored there.
Google LLC complies with European privacy laws and is certified under the Privacy Shield Agreement: https://www.privacyshield.gov/participant?id=a2zt0000001L5AAI&status=Active
On this website IP anonymization is used. The IP address of the users is shortened within the member states of the EU and the European Economic Area and in the other contracting states of the agreement. Only in individual cases is the IP address initially transmitted unabbreviated to a Google server in the USA and then shortened there. By this shortening the personal reference of your IP address is omitted. The IP address of the user transmitted by the browser is not combined with other data stored by Google.
The data collected by Google on our behalf is used to evaluate the use of our online services by individual users, e.g. to create reports on website activity in order to improve our online services.
You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en .
As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from capturing data by clicking on this link. An opt-out cookie is set to prevent your data from being collected in the future when you visit this website. The opt-out cookie applies only to this browser and only to our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.
We also use Google Analytics to evaluate data from double-click cookies and AdWords for statistical purposes. If you do not wish this, you can deactivate it via the ad preferences manager ( http://www.google.com/settings/ads/onweb/?hl=de ).
Google AdWords and Google Conversion Tracking
Our website uses Google AdWords. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States.
AdWords is an online advertising program. As part of the online advertising program, we use conversion tracking. After clicking on an ad placed by Google, a conversion tracking cookie is set. Cookies are small text files that your web browser stores on your device. Google AdWords cookies expire after 30 days and do not personally identify users. The cookie tells Google and us that you have clicked on an ad and been directed to our website.
Each Google AdWords customer receives a different cookie. The cookies are not traceable through AdWords customer websites. Conversion cookies are used to generate conversion statistics for AdWords customers who use conversion tracking. Adwords customers learn how many users clicked on their ad and were redirected to pages with conversion tracking tags. However, AdWords customers do not receive information that personally identifies them. If you do not wish to participate in tracking, you may opt out. The conversion cookie must be deactivated in the browser’s user settings. This also prevents the cookie from being included in the conversion tracking statistics.
The storage of “Conversion-Cookies” takes place on basis of art. 6 Abs. 1 lit. f GDPR. As website operators, we have a justified interest in analysing user behaviour in order to optimise our website and our advertising.
With a modern web browser you can monitor, restrict or prevent the setting of cookies. The deactivation of cookies can result in a limited functionality of our website.
Google Remarketing or “similar target groups” function
We use the remarketing or “similar target group” function of Google Inc. on our website. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). This function is used to analyze visitor behavior and interests.
Your data may also be transferred to the USA. The European Commission has issued an adequacy decision for data transfers to the USA.
Processing is based on Art. 6 (1) lit. f GDPR for the legitimate interest of targeting website visitors with advertising by placing personalised, interest-related advertisements for visitors to the provider’s website when they visit other websites in the Google Display Network.
You have the right, for reasons arising from your particular situation, to object at any time to this processing of your personal data based on Art. 6 (1) f GDPR.
You can find more information about Google Remarketing and the corresponding data protection declaration at: https://www.google.com/privacy/ads/ .
Google Web Fonts
Our website uses web fonts from Google. Provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
By using these web fonts it will be possible for us to present you with the desired display of our website, regardless of which fonts are available to you locally. This is done by retrieving the Google Web Fonts from a Google server in the USA and the associated transfer of your data to Google. This is your IP address and which page you have visited on our website. The use of Google Web Fonts is based on Art. 6 Para. 1 lit. f GDPR. As the operator of this website, we have a legitimate interest in the optimal presentation and transmission of our website.
The company Google is certified for the us European data protection agreement “Privacy Shield”. This data protection agreement is intended to ensure compliance with the data protection level applicable in the EU.
Our website uses plugins from YouTube to integrate and display video content. The provider of the video portal is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.
When a page with an integrated YouTube plugin is opened, a connection to the YouTube servers is established. This will tell YouTube which of our pages you have accessed.
YouTube can assign your surfing behavior directly to your personal profile if you are logged into your YouTube account. You can prevent this by logging out beforehand.
YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR.
You can find details on the handling of user data in YouTube’s data protection declaration: https://www.google.de/intl/de/policies/privacy .
Use social media plugins from Facebook
Due to our legitimate interest in the analysis, optimization and operation of our online services (within the meaning of Art. 6 Para. 1 lit. f. GDPR), this website uses the Facebook Social Plugin, which is provided by Facebook Inc. (1 Hacker Way, Menlo Park, California 94025, USA). You can recognize the embeddings by the Facebook logo or by the terms “like”, “like”, “share” in the colors Facebooks (blue and white). Information about all Facebook plugins can be found via the following link: https://developers.facebook.com/docs/plugins/
Facebook Inc. complies with European privacy laws and is certified under the Privacy Shield Agreement: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
The plugin establishes a direct connection between your browser and the Facebook servers. The website operator has no influence whatsoever on the nature and extent of the data that the plugin transmits to the Facebook Inc. servers. You can find more information here: https://www.facebook.com/help/186325668085084
The plugin informs Facebook Inc. that you have visited this website as a user. It is possible that your IP address will be saved. If you are logged into your Facebook account during your visit to this website, this information is linked to this account.
If you use the functions of the plugin – for example by sharing or “linking” a post – the corresponding information is also transmitted to Facebook Inc.
Would you like to prevent Facebook. Inc. links this data to your Facebook account, please log out of Facebook before visiting this website and delete the stored cookies. You can use your Facebook profile to make further settings for data processing for advertising purposes or to object to the use of your data for advertising purposes. You can access the settings here:
- Profile settings for Facebook:
- Cookie deactivation page of the US website: http://optout.aboutads.info/?c=2#!/
- Cookie deactivation page of the European website: http://optout.networkadvertising.org/?c=1#!/
Which data, for what purpose and to what extent Facebook collects, uses and processes data and which rights and setting options you have to protect your privacy can be read in Facebook’s data protection guidelines. You can find them here: https://www.facebook.com/about/privacy/
Use of Facebook Remarketing
On our website we use the remarketing function “Custom Audiences” of Facebook Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA; “Facebook”).
This function serves the purpose of targeting the visitors of the website with interest-related advertising in the social network Facebook.
For this purpose, the remarketing tag of Facebook was implemented on the website. A direct connection to the Facebook servers is established via this tag when visiting the website. This transmits to the Facebook server which of our pages you have visited. Facebook associates this information with your personal Facebook user account. When you visit the social network Facebook, you will be shown personalized, interest-based Facebook ads. The processing is based on Art. 6 (1) lit. f GDPR for the legitimate interest in the above-mentioned purpose.
For reasons arising from your particular situation, you have the right at any time to object to this processing of your personal data based on Art. 6 (1) f GDPR.
You can deactivate the remarketing function “Custom Audiences” here. Further information on the collection and use of the data by Facebook, on your rights in this regard and on ways of protecting your privacy can be found in Facebook’s data protection information at https://www.facebook.com/about/privacy/ .
Publication of surveys in social networks
The QUESTIONSTAR web service provides its customers with the function to publish or share customer surveys on social networks. When this function is activated, a connection to the server of the respective social network is called, whereby data is transferred to the server of the respective social network. To publish the survey in the social network it is necessary that the customer logs into his user account at this social network or is already logged into the social network before activating the function. This allows the social network to assign the visit to our website or the use of our web service to this user account. Without transmitting data to the servers of social networks, it is not possible to publish the survey in social networks. By using the social network sharing feature, you consent to the transfer of data to that social network. The data protection relevant details of the interactions with the supported social networks are listed below.
Provider is Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA.
The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany.
The provider is Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
You can change your privacy settings on Twitter: https://twitter.com/account/settings
The provider is Pinterest Inc, 808 Brannan Street, San Francisco, CA 94103-490, USA.
When sharing a survey in Pinterest, your browser connects directly to the Pinterest servers. Log data is transmitted to the Pinterest servers. The servers are located in the USA. The log information may include your IP address, websites visited, browser type and settings, date and time of the request, your use of Pinterest, and cookies.
The provider is Mail.Ru LLC, Leningradsky Pr. 39, Bldg. 79, 125167 Moscow, Russian Federation.
The provider is V Kontakte LLC, Khersonskaya st., bld. 12-14, Lit. A, of 1-N, 191024 St. Petersburg, Russian Federation.
If you share your survey in the social network VKontakte from the QUESTIONSTAR tool, a direct connection will be established between your browser and the VKontakte. VKontakte receives the information that you have visited our site with your IP address. We would like to point out that, as a website provider, we are not aware of the content of the transmitted data or its use by VKontakte. Further information on this can be found in VKontakte’s data protection declaration at https://vk.com/privacy .
We do not know the provider of the popular Messenger Telegram.
Google+1 (Google Plus)
Provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
When a survey is shared in Google+ (Google Plus), a connection to Google servers is established. Google will then know that you have visited our site with your IP address and may associate your visit to our site with your user account. We would like to point out that, as the provider of these pages, we do not have any knowledge of the content of the transmitted data or its use by Google+. Further information on this can be found in the Google+ data protection declaration under https://policies.google.com/privacy?hl=de.
The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
Our website allows payment via PayPal. The payment service provider is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.
If you pay with PayPal, the payment data you entered will be transmitted to PayPal.
The transfer of your data to PayPal is based on Art. 6 Para. 1 lit. a GDPR (consent) and Art. 6 Para. 1 lit. b GDPR (processing to fulfil a contract). A revocation of your already given consent is possible at any time. Data processing operations in the past remain effective in the event of revocation.
As a user, you have the right to request free information about which personal data about you has been stored. You also have the right to correct incorrect data and to limit or delete the processing of your personal data. If applicable, you may also exercise your right to data portability. If you believe that your data has been processed unlawfully, you can lodge a complaint with the competent supervisory authority.
Deletion of data
Unless your request conflicts with a legal obligation to store data (e.g. data retention), you have a right to delete your data. Data stored by us will be deleted if they are no longer needed for their intended purpose and there are no legal retention periods. If deletion cannot be carried out because the data is required for permissible legal purposes, data processing will be restricted. In this case, the data will be blocked and not processed for other purposes.
Right of objection
Users of this website may exercise their right of objection and object to the processing of their personal data at any time.
If you wish a correction, blocking, deletion or information about the personal data stored about your person or if you have questions regarding the collection, processing or use of your personal data or if you wish to revoke your consent, please contact the following e-mail address: firstname.lastname@example.org
Right to lodge a complaint with the competent supervisory authority
In the event of a breach of data protection law, you as the party concerned have the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority with regard to data protection issues is the data protection officer of the federal state in which our company has its registered office. The following link provides a list of data protection officers and their contact details: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html .
Information for survey participants
QUESTIONSTAR is an online tool with which our customers (e.g. universities, research institutes, market research companies, etc.) can create their online questionnaires, carry out online surveys and evaluate the data collected.
Due to the nature of our service, the data entered by survey participants in the questionnaires is passed on to the respective customer of our service and can be processed by him. This data transfer takes place on the basis of Art. 6 Para. 1 lit. f GDPR due to our legitimate interest – otherwise our service could not fulfil its purpose. Since the fields of application of our tool are versatile and we have only very limited control over the activities of our customers, unfortunately we cannot give any information about the purpose of a concrete data collection or survey. This obligation to provide information is therefore the responsibility of the respective customer.
In order to protect you from the misuse of your personal data nevertheless, we obligate our customers contractually by the acceptance of our AGB (general trading conditions) to the adherence to the data security guidelines of GDPR. Furthermore, we provide our customers with a tool that helps them to comply with the GDPR guidelines. This allows the respondent to specify which questions personal data is to be collected and whether this data is to be exported in a separate pseudonymised file. These settings cannot be reversed, so that a subsequent linkage of personal data with remaining answers of a survey participant is not possible in this case. Nevertheless, the correct handling of these settings is the responsibility of the customer.
Please therefore observe the data protection declaration of the respective surveyor and contact him directly in matters of data protection.
Most of our customers adhere to GDPR and require us to comply with data protection guidelines. Nevertheless, misuse is theoretically possible. Should you become aware of the case of misuse of our service, please let us know as soon as possible. We will check the case immediately. Should the abuse be confirmed, we will block the account of the causer and his access to the data.