GfK Demand Forecast Overview Dashboard Privacy Policy

Last revised: Mar 14, 2019

1. About GfK Demand Forecast Overview Dashboard

GfK (“we”, “us”, our”) respects the privacy of users (“you”, “your”, “User”) of its online services and applications. As a data controller located in the European Union, we process personal data in compliance with applicable data protection law, in particular the General Data Protection Regulation (“GDPR”).

This document (the "Privacy Policy") explains how we collect, use, disclose and protect personal data (“Personal Data”) submitted through GfK Demand Forecast Overview Dashboard (the “Service”).

The Service is an online dashboard that serves to deliver, display and allow filtering of forecasts.

2. Personal data concerning you that we process when you use the Service

2.1. Personal data you provide through the Service

When you apply for a user account for the Service, GfK collects personal data concerning you, principally your e-mail address. Your email address will also be used as your user name. You will also receive an inital password from us. The user name and password together are your login credentials. We encourage you to change your password immediately upon receipt of your login credentials. Your password will be stored in an encrypted form. If you lose your password you will be able to reset it through the login interface using the forgotten password option. You can also contact GfK to reset your password.

2.2. Invisible processing by cookies and similar technologies

We use “Persistent cookies” with the Service.

Persistent cookies remain on your computer/device for a period of time specified in the cookie.

Session cookies serve to keep a secure session alive until the browser is closed. They are necessary for data security purposes and the protection of the personal data of visitors to websites.

We use cookies as part of using the AWS cognito user management system. When you log into the service a persistant cookie will be downloaded to your computer so that you do not need to log in each time you refresh or use the service. In this case the cookie contains a non-human readable ID (like WP.272f70) associated to the respective user and specifying that they have access to the service.

These types of cookies are strictly necessary for the functioning of the Service requested by the User.

We also use Google Analytics which are used widely by websites to collect information about how website visitors use a site. We use Google Analytics cookies to collect information about how users use Our website and to improve Our website. Google Analytics collect information in an anonymous form and will not allow Us to identify you or collect any personal information about you. Google Analytics do not track your internet activity after leaving Our website.

Can website users block cookies?

Yes, you can adjust the privacy settings in your browser to block all cookies; however, this could severely affect your browsing experience as the service may not function properly. Your browser may allow you to delete all cookies upon closing your browser. This option, though, results in persistent cookies getting deleted that may store your preferences and personalized settings on websites that you visit regularly. It is possible to keep desired cookies, though, as your browser may allow you to specify which websites are always or never allowed to use cookies.

Log files

As is true of most websites, we gather certain information automatically and store it in log files. This information includes IP addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system and date/time stamp.

We use this information to administer the site and may link this automatically-collected data to personal information for legitimate purposes, such as to detect and prevent fraudulent activity.

3. How we use personal data in the context of the Service

We will only use personal data concerning you as set forth in this privacy policy, unless you have specifically consented to or opted-in to another use of your personal data.

If you are a GfK employee, we process your personal data in the context of the Service for purposes of the legitimate interest pursued by GfK, thus, in order to enable efficient project execution and delivery through secure and easy exchange of relevant documents and data with our clients.

If you are a client of GfK, we process your personal data in the context of the Service as requested by you for the performance of the underlying contract or service agreement to which you are party, pertaining to the project/s for which you wish to exchange documents and data with GfK.

We process the Users’ personal data for the following purposes:

  • to enable their use of the Service which requires registration and authentification,
  • to respond to their requests,
  • to provide them with information regarding the Service, such as about any changes or scheduled downtimes

4. Personal data of third persons

There should be no personal data of third parties accessible through the service.

5. How we share personal data

We will disclose your personal data only for the purposes and to those third parties, as described below. GfK will take appropriate steps to ensure that your personal data are processed, secured, and transferred according to applicable law.

  1. Within GfK Group

    GfK is part of a global organization (the “GfK Group”), consisting of several companies in and outside the European Union, all primarily owned by GfK SE in Germany. Your personal data may be transferred to one or more GfK Group affiliated companies as needed for data processing and storage, providing you with access to our services, providing customer support, making decisions about service improvements, content development and for other purposes as described in Section 3 of this Privacy Policy. We do not disclose personal data of participants in market research projects to third parties outside the GfK Group unless the participants have declared their prior explicit consent for the specific purpose.

  2. External service providers

    Where necessary, we will commission other companies and individuals to perform certain tasks contributing to our services on our behalf within the framework of data processing agreements. We may, for example, provide personal data to agents, contractors or partners for hosting our databases and applications, for data processing services, or to send you information that you requested, or to call-centers for the purpose of provision of support services or interviewing in the course of market research projects. We will only share with or make accessible such data to external service providers to the extent required for the respective purpose. This data may not be used by them for any other purposes, in particular not for their own or third party purposes. GfK’s external service providers are contractually bound to respect the confidentiality of your personal data.

  3. Business transfers

    In connection with any reorganization, restructuring, merger or sale, or other transfer of assets (collectively "Business Transfer"), we will transfer data, including personal data, in a reasonable scale and as necessary for the Business Transfer, and provided that the receiving party agrees to respect your personal data in a manner that is consistent with applicable data protection laws. We will continue to ensure the confidentiality of any personal data and give affected users notice before personal data become subject to a different privacy policy.

  4. Public bodies

    We will only disclose your personal data to public bodies where this is required by law. GfK will for example respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside your country of residence.

6. International transfers of personal data

Under specific circumstances, it will also be necessary for GfK to transfer your personal data to countries outside the European Union/ European Economic Area (EEA), so called "third countries". Such third country transfers may refer to all processing activities describes under Sec. 3 of this Privacy Policy. This Privacy Policy shall apply even if we transfer personal data to third countries, in which a different level of data protection applies than in your country of residence. In particular, an international data transfer may apply in the following scenarios:

  1. Legal entities of GfK Group

    GfK Group’s legal entities outside the European Union have entered into intra-company data protection agreements using standard contractual clauses adopted by the European Commission to safeguard your privacy and legitimize international data transfers.

  2. Other third parties outside the EU / EEA

    Any transfers of personal data to third parties outside the GfK Group will be carried out with your prior knowledge and, where applicable, with your consent. Any transfers of personal data into countries other than those for whom an adequacy decision regarding the level of data protection was made by the European Commission, as listed on https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en, occur on the basis of contractual agreements using standard contractual clauses adopted by the European Commission or other appropriate safeguards in accordance with the applicable law.

7. Personal data of children

The Service is not directed to individuals under the age of 16 (children). If we become aware that personal data from a child has been inadvertently collected without the consent of such child's parent or guardian, we will use all reasonable efforts to delete such information.

8. Your legal rights

As a data subject you have specific legal rights relating to the personal data we collect from you. This applies to all processing activities stipulated under Section. 3 of this Privacy Policy. GfK will respect your individual rights and will deal with your concerns adequately.

The following list contains information on your legal rights which arise from applicable data protection laws:

  • Right to withdraw consent: Where the processing of personal data is based on your consent you may withdraw this consent at any moment by contacting the individuals indicated at the end of this document.
  • Right to rectification: You may obtain from us rectification of personal data concerning you. We make reasonable efforts to keep personal data in our possession or control which are used on an ongoing basis, accurate, complete, current and relevant, based on the most recent information available to us.
  • Right to restriction of processing: You may obtain from us restriction of processing of your personal data, if
    • you contest the accuracy of your personal data for the period we need to verify the accuracy,
    • the processing is unlawful and you request the restriction of processing rather than erasure of your personal data,
    • we do no longer need your personal data but you require them for the establishment, exercise or defense of legal claims, or
    • you object to the processing while we verify whether our legitimate grounds override yours.
  • Right to access: You may ask from us information regarding personal data that we hold about you, including information as to which categories of personal data we have in our possession or control, what they are being used for, where we collected them, if not from you directly, and to whom they have been disclosed, if applicable. You may obtain from us one copy, free of charge, of personal data we hold about you. We reserve the right to charge a reasonable fee for each further copy you may request.
  • Right to portability: At your request, we will transfer your personal data to another controller, where technical feasible, provided that the processing is based on your consent or necessary for the performance of a contract. Rather than receiving a copy of your personal data you may request that we transfer the data to another controller, specified by you, directly.
  • Right to erasure: You may obtain from us erasure of your personal data, where
    • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
    • you have a right to object further processing of your personal data (see below) and execute this right object to the processing;
    • the processing is based on your consent, you withdraw your consent and there is no other legal ground for the processing;
    • the personal data have been unlawfully processed;
    • unless the processing is necessary
    • for compliance with a legal obligation which requires processing from us;
    • in particular for statutory data retention requirements;
    • for the establishment, exercise or defence of legal claims.
  • Right to object: You may object – at any time – to the processing of your personal data due to your particular situation, provided that the processing is not based on your consent but on our legitimate interests or those of a third party. In this event we shall no longer process your personal data, unless we can demonstrate compelling legitimate grounds and an overriding interest for the processing or for the establishment, exercise or defense of legal claims. If you object to the processing, please specify whether you wish the erasure of your personal data or the restriction of its processing by us.
  • Right to lodge a complaint: In case of an alleged infringement of applicable privacy laws, you may lodge a complaint with the data protection supervisory authority in the country you live in or where the alleged infringement occurred.

Please note

  • Time period: We will try to fulfill your request within 30 days. However, the period may be extended due to specific reasons relating to the specific legal right or the complexity of your request.
  • Restriction of access: In certain situations we may not be able to give you access to all or some of your personal data due to statutory provisions. If we deny your request for access, we will advise you of the reason for the refusal.
  • Exercise your legal rights: In order to exercise your legal rights, please contact the GfK Demand Forecast Overview Dashboard client service by email: dfo-dashboard-support@gfk.com. You may also turn directly to our Data Protection Officer. For contact information please refer to the end of this Privacy Policy.

9. Retention of your personal data

In general, we will delete the personal data we collected from you if they are no longer necessary to achieve the purposes for which they were originally collected. However, we may be required to store your personal data for a longer period due to statutory provisions. We delete log files, including IP addresses, on a weekly basis. We store personal data of users in their user accounts for the duration of the employment relationship, or the business relationship, respectively, but delete them on request if access to the Service is no longer needed.

In addition, we will not delete all of your personal data if you requested from us to refrain from re-contacting you in the future. For this purpose, GfK keeps records which contain information on people who do not want to be re-contacted in the future (e.g. by means of bulk emailing or recruiting campaigns for market research projects). We qualify your request as consent to store your personal data for the purpose of such record keeping unless you instruct us otherwise.

10. Security

GfK takes data security seriously. We apply an appropriate level of security and have therefore implemented reasonable physical, electronic, and administrative procedures to safeguard the data we collect from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed. Our information security policies and procedures are closely aligned with widely accepted international standards and are reviewed regularly and updated as necessary to meet our business needs, changes in technology, and regulatory requirements. Access to your personal data is granted only to those personnel, service providers or GfK affiliates with a business need-to-know or who require it in order to perform their duties.

The security of your Personal Data is very important to us. We have put in place reasonable physical, electronic, and administrative procedures to safeguard the information we collect. Access to your Personal Data is granted only to those employees who require it in order to perform their duties. We cannot guarantee, however, that all communications between us or information stored on our servers will be free from unauthorized access by third parties such as hackers. Your use of our services demonstrates your assumption of this risk.

11. Changes to this privacy policy

We reserve the right, at our discretion, to modify our privacy practices and update and make changes to this Privacy Policy at any time. For this reason, we encourage you to refer to this Privacy Policy on an ongoing basis. This Privacy Policy is current as of the "Last Revised" date which appears at the top of this page. We will treat Personal Data in a manner consistent with the Privacy Policy under which it was collected, unless we have your consent to treat it differently. By using this website following any Privacy Policy change, you freely and specifically give us your consent to collect, use, transfer and disclose your Personal Data in the manner specified in such then-current Privacy Policy.

12. Contact information

Please direct your questions regarding the subject matter of data protection and any requests in the exercise of your legal rights to the GfK Demand Forecast Overview Dashboard client service:

dfo-dashboard-support@gfk.com

You may also contact the Headquarter Data Protection Officer, Mr. Roy Walsh, directly by writing an email to dpo_germany@gfk.com or a letter to the postal address below.

Legal information:

GfK SE
Nordwestring 101
90419 Nuremberg
Germany

Management:

Peter Feld (CEO)

T +49 911 395-0 (Switchboard), gfk@gfk.com

Chairman of the Supervisory Board: Ralf Klein-Bölting

Registered office: Nuremberg
Entered in the Commercial Register at the District Court:
Nuremberg: HRB 25014