Name and address of the Controller
The Controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is:
NativeResearch drw GmbH
Rostocker Straße 1
External Data Protection Officer
General information on data processing
The responsible operator of this site takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.
Below we provide information about the collection of personal data when you use our website. Personal data is all data that can be related to you personally, e.g. name, address, email addresses, user behavior and also the IP address.
If we use service providers for individual functions of our offering or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. We also mention the defined storage period criteria.
Provision of the website and creation of log files
Every time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.
The following data is collected:
- Information about the browser type and version used
- The user’s operating system
- The user’s Internet service provider
- The user’s IP address
- Date and time of access
- Websites from which the user’s system accesses our website
- Websites that are accessed by the user’s system via our website
- The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
The temporary processing and storage of the IP address and the data provided by the system is necessary to enable delivery of the website to the user’s computer. We therefore have a legitimate interest in data processing in accordance with Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR. This data will be deleted when the respective session is ended, as the purpose of the collection has been achieved.
The data is stored in log files to ensure the functionality and stability of the website. The data also serves us to optimize the website and to ensure the security of our information technology systems. This results in our legitimate interest in accordance with Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR. The data will not be evaluated for marketing purposes in this context. This data will be deleted after seven days at the latest, the associated backups after 30 days. Any further storage will only take place in the event that your IP address is deleted or altered in such a way that it loses all personal reference and can no longer be assigned to you.
In addition to the data mentioned above, cookies are stored on your computer when you use our website. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. When a user accesses a website, a cookie can be stored on the user’s operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is accessed again. Cookies cannot run programs or transmit viruses to your computer. They serve to make the Internet offering more user-friendly and effective overall. This is our legitimate interest in accordance with Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR.
This website uses the following types of cookies, the scope and functionality of which are explained below:
Transient cookies are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the shared session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.
Persistent cookies are automatically deleted after a specified period of time, which may differ depending on the cookie. You can delete cookies at any time in your browser’s security settings.
You can configure your browser settings according to your wishes and e.g. refuse to accept third-party cookies or all cookies. We would like to point out that you may not be able to use all of the functions of this website. The following data can be transmitted in this way:
- Page views
- Use of website functions
Use of survey software providers in the context of surveys - consent to data processing in the USA
To carry out the surveys, we use software from different providers. Which of these providers we use can be found in the invitation or the intro text of the survey. As little personal data as possible is processed during the survey. In principle, in addition to the data that you provide in the survey, only the following personal data will be processed:
IP address: This is only collected for technical reasons when you access the website and to avoid double participation and misuse (Art. 6 Para. 1 Letter f GDPR). In most cases, NativeResearch does not have access to the IP addresses.
Email address: This is only used if an invitation is sent directly by NativeResearch and NativeResearch has received it from your clients as part of a data processing agreement. The replies are not linked to the email address.
Further data: If further personal data is processed, you will be expressly informed and asked for your consent.
When using the software from Quantilope (quantilope GmbH, Charlottenstraße 26, 20257 Hamburg), the data is processed on servers in Europe. If these servers belong to companies whose parent companies are based in the USA, it is ensured that the necessary contracts have been concluded. For these companies there is an adequacy decision from the EU Commission that confirms an adequate level of data protection.
B. Dynata, CMIX – consent to data processing in the USA
When using the Cmix software from Dynata (Dynata, LLC; 4 Research Drive; Shelton, Connecticut 06484 USA), the data is processed on servers in the USA. There is no adequacy decision from the European Commission for the USA that confirms an adequate level of data protection for Dynata. There is therefore a risk that there is no adequate level of data protection in the USA and no appropriate safeguards. As generally in all cases of data transfers to the USA, among other things, there might be the following risks: insufficient protection of data from government access, the information rights of those affected may not be adequately guaranteed or the enforcement of these rights may be more difficult, control and sanctions in the event of violations are often inadequate. That’s why we need to get your consent. By participating, you agree that the data you provide and the IP address will be processed in the USA.
We use hCaptcha (hereinafter “hCaptcha”) on this website. The provider is Intuition Machines Inc 2211 Selig Dr, Los Angeles, CA 90026, United States (hereinafter “IMI”).
hCaptcha is intended to check whether data entry on this website (e.g. in a contact form) is done by a human or by an automated program. To do this, hCaptcha analyzes the behavior of the website visitor based on various characteristics.
This analysis begins automatically as soon as the website visitor enters a website with hCaptcha activated. For analysis purposes, hCaptcha evaluates various information (e.g. IP address, how long the website visitor spends on the website or mouse movements made by the user). The data collected during the analysis is forwarded to IMI. If hCaptcha is used in “invisible mode”, the analyzes run completely in the background. Website visitors are not informed that an analysis is taking place.
The storage and analysis of the data is based on Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated spying and SPAM. If appropriate consent has been requested, processing is carried out exclusively on the basis of Art. 6 Para. 1 Letter a GDPR and § 25 Para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s end device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
Data processing is based on the Standard Contractual Clauses (SCC) contained in the Data Processing Addendum to the IMI General Terms and Conditions or the Data Processing Agreements. There is an adequacy decision from the EU Commission for data transfers to the USA to IMI, which confirms an adequate level of data protection.
Contact via email or contact form
If you contact us by e-mail or via our contact form, the personal data you provide or those transmitted using the contact form will be stored:
- First name
- email address
- Telephone number (optional)
- Content of the message (free text)
- IP address
The data entered via the contact form is transmitted to us in encrypted form (transport encryption). In this context, the data will not be passed on to third parties. The data is used exclusively to process the conversation in order to be able to answer your questions and inquiries. To enable us to do this, we have a legitimate interest in processing and storing data in accordance with Article 6 Paragraph 1 Sentence 1 Letter f of the GDPR. If your contact is aimed at concluding a contract, the additional legal basis for the processing is Article 6 Paragraph 1 Sentence 1 Letter b GDPR.
We delete the data arising in this context after storage is no longer necessary or restrict processing if there are statutory retention requirements. This is the case when the respective conversation with the user has ended. The conversation ends when it can be seen from the circumstances that the matter in question has been finally clarified.
The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
Rights of the data subjects
You can exercise the following rights against us as a Controller regarding your personal data without
- Right of access by the data subject (Art. 15 GDPR),
- Right to rectification (Art. 16 GDPR),
- Right of erasure (Art. 17 GDPR),
- Right to restriction of processing (Art. 18 GDPR),
- Right to data portability (Art. 20 GDPR),
- Right to object (Art. 21 GDPR),
- Right to complain to a data protection supervisory authority about NativeResearch’s processing of your personal data.
If you have given your consent to the processing of your data, you can revoke this at any time (NativeResearch drw GmbH, Rostocker Straße 1, 20099 Hamburg, email: firstname.lastname@example.org or external data protection officer Andrea Schweizer email email@example.com). Such a revocation affects the lawfulness of the processing of your personal data after you have given it to us for the future.
To the extent that we base the processing of your personal data on the legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR), you can object to the processing (NativeResearch drw GmbH, Rostocker Straße 1, 20099 Hamburg, email: firstname.lastname@example.org or external data protection officer Andrea Schweizer email: email@example.com). This is the case if the processing is not necessary to fulfill a contract with you, which is explained by us in the description of the functions.
Data security/technical-organizational measures
Current status and changes to this data protection declaration
We reserve the right to change this data protection declaration at any time in compliance with legal requirements. This data protection declaration is currently valid and is dated February 2024. You can access and print out the current data protection declaration at any time on the website at https://www.native-research.com/data-privacy/.