Privacy policy

1. Responsible body

Responsible body within the meaning of the data protection acts:

empirica regio GmbH
Kurfürstendamm 234
D-10719 Berlin
Phone: +49 (0)30 884 795-0
E-Mail: info@empirica-regio.de
https://www.empirica-regio.de

2. Collection, storage and use of personal data

a) When visiting the website

When you access our website www.empirica-regio.de, the browser used on your terminal device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is recorded without any action on your part and stored until it is automatically deleted:

IP address of the requesting computer,
date and time of access,
name and URL of the retrieved file
website from which the access is made (referrer URL),
the browser used and, if applicable, the operating system of your computer as well as the name of your access provider.

We process the data mentioned above for the following purposes:

guarantee of a smooth connection of the website,
guarantee a comfortable use of our website,
evaluation of system security and stability and
for other administrative purposes.

The legal basis for the data processing is Art. 6 para. 1 sentence 1 lit. f DSGVO. Our legitimate interest follows from the above listed purposes for data collection. Under no circumstances do we use the data collected for the purpose of drawing conclusions about your person.

Furthermore, we only use technically necessary cookies when you visit our website. You will find more detailed information on this under point 5. We do not currently use any analysis tools.

b) When using empirica regio market studio and empirica regio API

For the purpose of providing the services empirica regio market studio and empirica regio API for access to the empirica regional database at https://studio.empirica-regio.de and for the fulfilment of the relevant user relationship, we process the following data of all users of the service:

Name and first name of the users,
username and password,
E-Mail addresses of the users,
name of the company,
postal address of the company,
user rights (access rights to the database),
IP address of the requesting computer,
date and time of access,
used browser and, if applicable, the operating system of your computer as well as the name of your access provider.

This data is stored to ensure access to the system. The processing is necessary for the execution or performance of the contract in accordance with Art. 6 para. 1 b DSGVO. The data will be deleted within 90 days of the end of the user relationship, provided that all mutual requirements have been met and the user has not expressly objected to the deletion of the data.

c) When using empirica regio go and empirica regio shop

For the purpose of providing the service empirica regio go at https://go.empirica-regio.de and empirica regio shop at https://shop.empirica-regio.de, information is automatically sent to the server of our website by the browser used on your terminal device. This information is temporarily stored in a so-called log file. The following information is recorded without your intervention and stored until it is automatically deleted:
.

IP address of the requesting computer,
date and time of access,
name and URL of the retrieved data,
website from which the access is made (referrer URL),
the browser used and, if applicable, the operating system of your computer as well as the name of your access provider.

We process the data mentioned above for the following purposes:

guarantee of a smooth connection of the website,
guarantee a comfortable use of our website,
evaluation of system security and stability and
for other administrative purposes.

d) Use of the contact form in the empirica regio Shop

We use the security service hCaptcha (hereinafter “hCaptcha”) on our website https://shop.empirica-regio.de. This service is provided by Intuition Machines, Inc., a US company based in Delaware (“IMI”). hCaptcha is used to check whether user actions on our online service (submitting a contact form) meet our security requirements. For this purpose, hCaptcha analyses the behaviour of the visitor to the website on the basis of various characteristics. This analysis begins automatically as soon as the visitor has agreed to use hCaptcha. For the analysis, hCaptcha evaluates various information (e.g. IP address, duration of the visitor’s stay on the website or app or mouse movements of the user). The data collected during the analysis is forwarded to IMI. The data processing is based on Art. 6 para. 1 DSGVO. Our legitimate interest follows from the purpose of only allowing humans and not bots to use the contact form. In no case do we use the collected data for the purpose of drawing conclusions about your person.

e) Use of the map service of Mapbox

The services empirica regio market studio and empirica regio go integrate functions of the map service Mapbox. empirica regio uses this map service for the visualisation of background maps. By using Mapbox, data is usually transferred to the servers of Mapbox Inc. in the USA and processed there. We would like to point out that we, as the provider of these pages, have no influence on the content of the transmitted data or its use by Mapbox.

The operating company of Mapbox is Mapbox, Inc., 1714 14th Street NW, Washington, DC 20009-4309 in the USA. For more information about privacy, please see the Mapbox privacy policy at https://www.mapbox.com/privacy/.

On selected pages, we offer so-called sharing buttons for the social media Twitter, LinkedIn and Xing. These buttons are provided without embedded JavaScript, in which only a static link to the sharing function of the respective platforms is stored.

g) Accounting purposes

For billing purposes (invoicing) we process the surname, first name, postal address, customer number, e-mail address, outstanding payment amount, services used and service periods. We transmit the complete invoices with the mentioned personal data for the purpose of bookkeeping, preparation of business management evaluations and commercial books, as well as for book and tax auditing to the tax consultant Bauer - Zeyner - Hülße, Blumenstraße 72, 04155 Leipzig, Germany, who is commissioned by us. This transmission and processing is necessary to fulfil legal obligations (Art. 6 para. 1 c DSGVO). In the event of default or non-payment, we will transfer all usage and billing data to a legal representative for further legal enforcement of claims. The processing is necessary for the execution or fulfilment of the contract (Art. 6 para. 1 b DSGVO). The processing of the mentioned data will be restricted to the fulfilment of legal, in particular commercial and tax law obligations to retain data immediately after all mutual claims have been met, and the data will be automatically deleted after the end of the last retention period.

h) Information about product updates and new products

In order to advertise our company’s products by telephone, letter post and e-mail, we process the surname, first name, position in the company, postal address, e-mail address, telephone number, data on the previous use of our products and services, and data on the interests (if communicated) of our existing customers. We inform existing customers at irregular intervals about innovations in our products, about our company, and general developments with relevance to our products. The processing is necessary in order to safeguard our predominantly legitimate interest (Art. 6 Para. 1 f DSGVO) in providing our customers with direct advertising for our products and thus to increase sales of our products. Data processing for direct advertising will only take place if the customer has given his consent and only to the extent that the customer can expect within the scope of the contractual relationship, without unreasonable harassment being assumed. The data will be blocked for processing for direct advertising after the enquirer has declared his objection to receiving direct advertising for our products.

i) New customer acquisition

In order to advertise our company’s products by telephone, letter post, e-mail and electronic messages via the Xing, LinkedIn and Twitter platforms, we process the surname, first name, postal address, e-mail address, telephone number, electronic identifier on the platform used in each case, the position in the company and the available information on the specific interest of the company in our products and services. Insofar as we have not received this data from the (representative of a) potential customer ourselves (e.g. as a contact at a trade fair or event, via e-mail or in the context of a phone call), we collect the data via the platform used in each case (Xing, LinkedIn or Twitter), insofar as it is generally visible there or has been released, as well as from public directories. The processing is necessary in order to safeguard our overriding legitimate interest (Art. 6 Para. 1 f DSGVO) in providing our customers with direct advertising for our products and thus to increase sales of our products. Data processing for direct advertising will only take place if this has not been objected to and only to the extent that the potential customer can expect within the scope of the contractual relationship, without unreasonable harassment being assumed. The data will be deleted or the connection on the Xing, LinkedIn or Twitter platforms terminated if the employee objects to our approach for advertising purposes. The data will also be deleted manually if during the course of the conversation it is either finally clarified that there is neither present nor future interest in the products and services of our company, or if so much time has elapsed after the potential customer has not responded that a reaction can definitely no longer be expected.

j) When contacting us by e-mail

For questions of any kind we offer you the possibility to contact us via e-mail. This requires a valid e-mail address so that we know who the enquiry comes from and can answer it. Further information within the e-mail can be given voluntarily.

Data processing for the purpose of contacting us is carried out in accordance with Art. 6 para. 1 sentence 1 lit. a DSGVO on the basis of your voluntarily given consent.

The personal data collected by us on the basis of your e-mail will be deleted after completion of your request.

If you subscribe to our company’s newsletter and/or register for a webinar, the data from the input mask (e-mail address and consent) are transmitted to the Sendinblue dispatch service. The registration for our newsletter and/or a webinar is carried out in a so-called double opt-in procedure. This means that after registration you will receive an e-mail in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with other people’s e-mail addresses. When registering, the user’s IP address and the date and time of registration are stored. This serves to prevent misuse of the services or the e-mail address of the person concerned. The data is not passed on to third parties. An exception exists if there is a legal obligation to pass on the data. The data is used exclusively for sending the newsletter. The subscription to the newsletter can be cancelled by the data subject at any time. Likewise, consent to the storage of personal data can be revoked at any time. For this purpose, a corresponding link can be found in each newsletter. The legal basis for the processing of the data after the user has registered for the newsletter is Art. 6 para. 1 lit. a DSGVO if the user has given his consent. The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 (3) UWG.

3. Information disclosure

We will not transfer your personal data to third parties for any other purposes than those listed below and will only transfer your personal data to third parties if:

you have given your express consent in accordance with Art. 6 Para. 1 sentence 1 lit. a DSGVO,
the disclosure pursuant to Art. 6 Para. 1 S. 1 lit. f DSGVO is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
in the event that there is a legal obligation for disclosure under Art. 6 para. 1 sentence 1 lit. c DSGVO, and
this is legally permissible and, in accordance with Art. 6 Para. 1 S. 1 lit. b DSGVO, necessary for the processing of contractual relationships with you.

4. Contract data processing

For all of the processing activities listed in paragraph 2 a-c), we use the services of Hetzner Online GmbH, Industriestrasse 25, 91710 Gunzenhausen, Germany, as the processor (Art. 28 DSGVO). All personal data which is processed for these activities is transferred to the processor. The location of the servers used is in Germany (Nuremberg).

For all of the processing activities listed in section 2 a-c), we make use of the services of Variomedia AG, August-Bebel-Straße 68, 14482 Potsdam, Germany, as the processor (Art. 28 DSGVO). All personal data which is processed for these activities is transferred to the processor.

We offer payment via PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, within the framework of the transaction processing activities described in clause 2 c). If you choose to pay via PayPal, the payment data you enter will be transmitted to PayPal. The transmission of your data to PayPal is based on art. 6 para. 1 lit. a DSGVO (consent) and art. 6 para. 1 lit. b DSGVO (processing for the performance of a contract). You have the possibility to revoke your consent to data processing at any time. Revocation does not affect the effectiveness of data processing operations carried out in the past.

We use Sendinblue to send newsletters in accordance with point 2 j). The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany. Sendinblue is used to organise and analyse the dispatch of the newsletter. The data you enter for the purpose of receiving the newsletter is stored on Sendinblue’s servers in Germany. A transfer of data to third countries does not take place. If you do not want Sendinblue to analyse your data, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. For the purpose of analysis, the emails sent with Sendinblue contain a very small image (approx. 1x1 pixel) that connects to Sendinblue’s servers when the email is opened. In this way, it can be determined whether a newsletter has been opened. Furthermore, with the help of Sendinblue we can determine whether and which links are clicked on in the newsletter message. All links in the email are so-called tracking links, with which your clicks can be counted. The legal basis for data processing is art. 6 para. 1 lit. a DSGVO.

5. Cookies

We only use cookies for our applications (go.empirica-regio.de, studio.empirica-regio.de) and on our website www.empirica-regio.de that are functionally necessary to provide the respective website. Cookies are small files that are automatically created by your browser and stored on your device (laptop, tablet, smartphone or similar) when you visit a site. Cookies do not cause any damage on your terminal device, do not contain viruses, trojans or other malware.

Information is stored in the cookie, which results in each case in connection with the specifically used terminal device. This does not mean, however, that we obtain direct knowledge of your identity.

The use of cookies serves to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our applications. These are automatically deleted when you leave our site.

The data processed by cookies is required for the above-mentioned purposes in order to safeguard our legitimate interests and those of third parties in accordance with Art. 6 para. 1 sentence 1 lit. f DSGVO.

Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or so that a message always appears before a new cookie is created. However, disabling cookies completely may mean that you will not be able to use all the features of our website.

6. Rights of persons concerned

You have the right:

in accordance with Art. 15 DSGVO to request information about your personal data processed by us. In particular, you may request information on the purposes of processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right of rectification, cancellation, restriction of processing or opposition, the existence of a right of appeal, the origin of your data, if not collected by us, as well as the existence of automated decision making including profiling and, if applicable, meaningful information on the details thereof;
to demand the correction of incorrect or incomplete personal data stored by us without delay in accordance with Art. 16 DSGVO;
in accordance with Art. 17 DSGVO to demand the deletion of your personal data stored with us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
in accordance with Art. 18 DSGVO, to demand the restriction of the processing of your personal data, if the accuracy of the data is disputed by you, if the processing is unlawful but you refuse to delete it and we no longer require the data, but you require it for the assertion, exercise or defence of legal claims or you have lodged an objection to the processing in accordance with Art. 21 DSGVO;
in accordance with Art. 20 DSGVO to receive your personal data that you have provided us with in a structured, common and machine-readable format or to request that it be transferred to another person responsible;
in accordance with Art. 7 Para. 3 DSGVO to revoke your once given consent to us at any time. As a result, we are no longer allowed to continue the data processing based on this consent in the future and
in accordance with Art. 77 DSGVO to lodge a complaint with a supervisory authority. As a rule, you can turn to the supervisory authority of your usual place of residence or workplace or to our office for this purpose.

7. Right of objection

If your personal data are processed on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 letter f DSGVO, you have the right to object to the processing of your personal data in accordance with Art. 21 DSGVO if there are reasons for doing so arising from your particular situation or if the objection is directed against direct marketing. In the latter case, you have a general right of objection, which will be implemented by us without indicating any special situation.

If you wish to make use of your right of revocation or objection, simply send an e-mail to info@empirica-regio.de

8. Data security

We use the common SSL (Secure Socket Layer) procedure within the website visit in connection with the highest encryption level supported by your browser. As a rule, this is a 256 bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technologies instead. You can tell whether an individual page of our website is being transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.

We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

9. Actuality and change of this privacy policy

This privacy policy is currently valid and has the status September 2023.

Due to the further development of our website and offers above or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access and print out the current data protection declaration at any time on the website at https://www.empirica-regio.de/en/privacy/.