1. Who is responsible for the data processing and whom can I contact?
Controller of your personal data within the meaning of Art. 4 (7) of the European General Data Protection Regulation (“GDPR”) is:
D — 10969 Berlin
Managing Directors: Dr. Sascha Mahlke, Lars Lehne
Tel.: +49 30 340 6005 0
Fax: +49 30 340 6005 49
You may contact our data protection officer at:
– Data Protection Officer –
D — 10969 Berlin
Tel.: +49 30 340 6005 0
Fax: +49 30 340 6005 49
2. What sources and data do we use?
2.1 Visiting our Website
When you visit our website, your browser automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is collected and stored until it is automatically deleted: IP address of the requesting computer; date and time of access; name and URL of the accessed file; website from which access is made («referrer URL»); if applicable, the search engine you used; the browser used; and, if applicable, the operating system of your computer as well as the name of your access provider.
This data will be processed by us for the following purposes:
ensuring a functioning connection of the website,
ensuring comfortable use of our website,
evaluation of system security and stability, and
for other administrative purposes.
Legal basis for the data processing is Art. 6 (1) (b) GDPR, insofar as the processing is required to provide access to our website or for billing purposes. Apart from this, the processing is based on Art. 6 (1) (f) GDPR. Our legitimate interests follow from the purposes for the data collection listed above. The log files are deleted after the end of the respective browser session, at the latest after seven days, unless their further storage is required for the above-mentioned purposes.
2.2 Using our services, contacting us
In addition, we process personal data that we receive from you in the course of our business relationship. The legal basis for this is Art. 6 (1) (b) GDPR.
For example, we process personal data if you provide it to us when contacting us by email or via our website, when subscribing for our newsletter (see point 5.1 below), when applying for a job (see point 6 below).
3. For what purpose and on what legal basis do we process your data?
We process personal data in accordance with the provisions of the GDPR and the German Federal Data Protection Act (Bundesdatenschutzgesetz – “BDSG”):
3.1 For the performance of contracts and pre-contractual measures (Art. 6 (1) (b) GDPR)
We process personal data (Art. 4 (2) GDPR) to provide the services offered on our website, to perform our contracts with you when you commission us e.g. to undertake a UX or other study for you, for billing purposes, pre-contractual measures and for answering your inquiries in connection with our business relationship.
Further details for the purpose of the data processing can be found in the respective contractual documents and terms and conditions.
3.2 For the purposes of legitimate interests (Art. 6 (1) (f) GDPR)
If necessary, we process your data beyond the actual fulfilment of the contract where necessary for the purposes of the legitimate interests pursued by us or third parties, for example in the following cases:
Answering your questions outside of a contract or pre-contractual measures;
advertising or market and opinion research, unless you have objected to the use of your data;
operation and optimization of the website;
enforcement of legal claims and defence in legal disputes;
ensuring our IT security and IT operations;
prevention and investigation of criminal offences.
3.3 On the basis of your consent (Art. 6 (1) (a) GDPR)
Where you have given us your consent to process personal data for specific purposes, this processing is lawful on the basis of your consent. You can withdraw your consent at any time. Please note that the withdrawal will only take effect for the future. The lawfulness of our processing based on your consent which took place before the withdrawal is not affected.
3.4 Due to legal obligations (Art. 6 (1) © GDPR)
In addition, we are subject to various legal obligations to process personal data. The purposes of the processing include, inter alia, the fulfilment of retention periods and documentation obligations under commercial and tax law.
On our website we may use technically necessary cookies (4.1), web analysis cookies (4.2), and tracking cookies for advertising purposes (4.2):
4.1 Technically necessary cookies
Most of the cookies we may use are technically necessary to enable you to use our website and the services offered on it (e.g. secure login, adding products to the shopping cart in the order process) (“session cookies”). Our legitimate interest in the data processing lies in these purposes; the legal basis is Art. 6 (1) (f) GDPR. We will not combine the data with other personal data and we will use it for advertising purposes. Session cookies are deleted after the end of the respective browser session, at the latest after seven days.
4.2 Web analysis cookies (Google Analytics)
For this web analysis we use the service Google Analytics, which is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
On our behalf, Google uses this information as a processor within the meaning of Art. 28 GDPR to evaluate your use of the website, to compile reports on website activities and to provide the website operator with further services associated with website use and Internet use. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.
You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google for all websites by downloading and installing the browser plug-in available at https://tools.google.com/dlpage/gaoptout?hl=en.
You can also – especially with browsers on mobile devices – prevent Google Analytics from collecting and processing your data by clicking here. An opt-out cookie will be set to prevent future collection of your data by Google Analytics when you visit this website. Please note that this opt-out cookie only applies to this browser and this website and will be deleted if you delete all cookies in your browser.
4.3 Tracking cookies for advertising purposes
If you have given your consent on our website, we also use tracking cookies for the purpose of targeted and interest-based online advertising (“advertising cookies”). These cookies collect and store information about your use of our website in pseudonymous form. The legal basis for data processing is Art. 6 (1) (a) GDPR. You give your consent to this tracking on our website by clicking on “I Agree” in our cookie banner; no advertising cookies are set or other tracking technologies (e.g. tracking pixels) are activated before this happens. You may withdraw your consent at any time by clicking here. The lawfulness of the processing on the basis of your consent carried out before your withdrawal remains unaffected. We do not combine the information with other personal data that you voluntarily provide to us when you use our website or our services. We use the information to place advertisements on our website and on the websites of third parties (insofar as these are part of our advertising network) that correspond to your interests. You also benefit from this because you will be confronted with less advertising that is not tailored to your interests. We also use the information to measure and optimize the success of our advertising campaigns.
Advertising cookies are deleted after expiry of the storage period specified by the third party provider.
If you have given your consent on our website, we use the following tracking cookies (and tracking pixels) for advertising purposes:
4.3.1 Google AdWords with conversion tracking
This website uses the online advertising service Google Adwords with conversion tracking operated by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”).
We use the service to place ads on the results page of a Google search or a Google advertising network website using Google (so-called AdWords). Our purpose is to draw your attention to our offers. Conversion tracking enables us to measure how successful our individual advertising measures are by means of certain parameters (e.g. insertion of advertisements or clicks by the user).
When you click on an ad placed by Google, Google stores a conversion tracking cookie on your computer. These cookies usually expire after 30 days and are not intended to identify you personally. For this cookie, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (mark that the user no longer wishes to be addressed) are usually stored as analysis values.
These cookies help Google recognize your browser. If you visit certain websites on an AdWords customer’s website and the cookie has not yet expired, Google and the customer may recognize that you clicked on the ad and were redirected to the website. A different cookie is assigned to each AdWords customer. Cookies therefore cannot be traced through the websites of AdWords customers. We do not collect and process any personal data when using Google AdWords. We only receive statistical evaluations from Google with the total number of users who clicked on an ad and were redirected to a website with a conversion tracking tag. On the basis of these evaluations we can recognize which of the used advertising measures are particularly effective. We do not receive any further data from the use of advertising material; in particular, we cannot identify users on the basis of this information.
Due to the technologies used, your browser automatically establishes a direct connection to a Google server in the USA. The transfer of your information to a third country outside the EU is covered by an adequacy decision of the Commission within the meaning of Art. 45 GDPR, as Google has self-certified its adherence to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework). By integrating AdWords with conversion tracking, Google receives the information that you have called up the corresponding website of our web presence or clicked on an advertisement from us. If you are registered with a Google service, Google may associate the data with your account. Even if you are not registered or logged in to Google, it is possible that Google may obtain and store your IP address.
You can prevent participation in this tracking procedure by choosing the appropriate cookie settings in your browser (see above) or by setting your browser so that cookies are blocked by the domain www.googleadservices.com (https://www.google.com/settings/ads). This setting is deleted if you delete your cookies. You can also deactivate personalized ads from providers that are part of the “About Ads” self-regulation campaign (http://www.aboutads.info/choices), which will also be deleted if you delete your cookies. You can also permanently deactivate personalized advertising in your browsers (Firefox, Internet Explorer, Google Chrome) at http://www.google.com/settings/ads/plugin. Please note that in this case you may not be able to use all functions of our website.
Further information on data processing in the context of Google AdWords can be found at http://www.google.com/intl/gb/policies/privacy.
4.3.2 LinkedIn Insight Tag
This website uses conversion tracking and retargeting technologies operated by social media provider LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn”) to measure the results of our advertising campaigns on LinkedIn, optimize them, and re-target visitors of our website with personalized ads on LinkedIn or other websites.
When you visit our website, your browser uses a tracking pixel (LinkedIn Insight Tag) to establish a direct connection to the LinkedIn servers. LinkedIn stores a third party cookie in your browser and collects and stores your IP address and usage patterns on our website (and other websites that contain a LinkedIn tracking pixel) – even if you are not a member or not logged in. If you are (or become) a member of LinkedIn, LinkedIn may combine and analyze this tracking data with your account and use it for targeted advertising – on behalf of us or other advertisers – on LinkedIn or other websites (unless you have objected to such targeted and interest-based advertising in your LinkedIn account’s privacy settings).
The information may also be transferred to LinkedIn’s servers in the United States (LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA). This transfer to a third country is based on an adequacy decision of the European Commission within the meaning of Art. 45 DSGVO, as LinkedIn Corporation has self-certified its adherence to the principles of the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework).
We do not receive access to this tracking data (except in aggregated form) and you remain anonymous to us.
5. Email marketing
If you have given us your consent (Art. 6 (1) (a) GDPR), we use your email address to send you our email newsletter with information about our company, and, in particular, our offers, case studies, and new developments regarding UX studies.
To sign up for our newsletter, it is sufficient to provide your email address.
You can unsubscribe at any time, for example by using the link at the end of each marketing email. Alternatively, you may unsubscribe by email to email@example.com. In this case your email address will be deleted from our email distribution list and added to our blacklist. The withdrawal of your consent will only take effect for the future. The lawfulness of any processing based on your consent carried out before your withdrawal is not affected.
5.2 Existing customers
If you have already used our fee-based services (e.g. commissioned us to conduct a UX or other study for you), we may inform you from time to time by email or letter about similar services from USEEDS! if you have not objected to this.
The legal basis for such data processing is Art. 6 (1) (f) GDPR. Our legitimate interest lies in direct advertising (Recital 47 GDPR).
You can object to the use of your email and postal address for advertising purposes at any time without additional costs, for example via the link at the end of each marketing email or by email to firstname.lastname@example.org
You can refuse the use of Google Analytics by clicking on the following link. An opt-out cookie will be set on the computer, which prevents the future collection of your data when visiting this website:
Disable Google Analytics
Further information concerning the terms and conditions of use and data privacy can be found at http://www.google.com/analytics/terms/gb.html or at https://www.google.de/intl/en_uk/policies/. Please note that on this website, Google Analytics code is supplemented by “anonymizeIp” to ensure an anonymized collection of IP addresses (so called IP-masking).
(Source of Google Analytics Privacy: www.datenschutzbeauftragter-info.de)
6. Job applications
When you send us a job application, we process this application data exclusively for the purpose of the recruiting process. The legal basis for data processing is Sec. 26 (1) sentence 1 BDSG, insofar as data processing is necessary for the decision on the establishment of an employment relationship. If you also provide us with data that is not necessary for the application, the processing of this voluntary data is based on your consent; the legal basis is Sec. 26 (2) BDSG or Sec. 26 (3) BDSG (if, in the individual case, special categories of personal data within the meaning of Art. 9 (1) GDPR are concerned).
In our organization, those persons and bodies who prepare the hiring decision for us (personnel department, relevant decision-makers in the individual case) have access to your data. We treat your data strictly confidential and only share it with third parties if this is required by law (Art. 6 (1) © GDPR) or if you have given your separate consent (Art. 6 (1) (a) DSGVO).
We will delete the data as soon as it is no longer required for the recruiting process. Accordingly, we delete your application data six months after completion of the recruiting process (i.e. after the position has been filled or the application process has been terminated in another way). There are the following exceptions to this:
We will not delete your application data if you have separately consented to the further storage of your data for future job offers by us. You can withdraw your consent to the further storage of your data at any time; we will then delete your data accordingly.
If we conclude an employment relationship with you after completing the recruiting process, your application data will be transferred to your personnel file in our personnel administration system and processed there for the purpose of carrying out the employment relationship.
Apart from this, the general principles for storing your data (see point 9 below) apply.
7. Who gets access to my data?
Within our organization, those departments or individuals get access to your data that need it in order to fulfil our contractual and legal obligations.
Processors (Art. 28 GDPR) may also receive data for the aforementioned purposes. These are companies in the categories IT services, logistics, printing services, telecommunications, consulting and sales and marketing.
We share your personal data with third parties where necessary for the performance of a contract between us or pre-contractual measures (Art. 6 (1) (b) GDPR) or for the purposes of legitimate interests (Art. 6 (1) (f) GDPR). We only share such information that is required by the respective service provider to perform the task assigned to him.
In addition, we disclose or transmit your personal data where required by law (Art. 6 (1) © GDPR) or with your consent (Art. 6 (1) (a) GDPR).
Under these conditions, recipients of personal data may be, for example:
Subcontractors used by us to provide our services (e.g. Freelancers, Market Research Institutes, electronic signatures service providers)
Banks for the collection of payments
Public authorities and institutions in the event of a legal obligation or official order
8. How long will my data be stored?
If necessary, we process and store your personal data for the duration of our business relationship, which also includes, for example, the initiation and processing of a contract.
In addition, we are subject to various storage and documentation obligations arising, inter alia, from the German Commercial Code (Handelsgesetzbuch – “HGB”) and the German Fiscal Code (Abgabenordung – “AO”). The retention and documentation periods specified there are, e.g., 6 years for correspondence in connection with the conclusion of a contract and 10 years for accounting documents (Sec. 238, 257 (1) and (4) HGB, Sec. 147 (1) and (3) AO). Such storage and documentation obligations apply in particular if you conclude a contract with us (e.g. regarding a UX or other study).
Moreover, the storage period also depends on the statutory limitation periods, which, for example, according to Sec. 195 et seq. of the German Civil Code (“BGB”), are generally three years long, but can, in certain cases, also be up to thirty years.
After expiry of the storage and documentation obligations and the relevant limitation periods, we delete the data.
Log files and cookies are deleted after the above-mentioned storage periods.
9. Is data transferred to a third country or to an international organization?
10. What data protection rights do I have?
You have the right of access (Art. 15 GDPR), the right to rectification (Art. 16 GDPR), the right to erasure (Art. 17 GDPR), the right to limitation of processing (Art. 18 GDPR) and the right to data portability (Art. 20 GDPR). The restrictions according to Sec. 34 and 35 BDSG apply to the right of access and the right of cancellation. You also have the right to object to data processing by us (Art. 21 GDPR). If our processing of your personal data is based on consent (Art. 6 (1) (a) GDPR), you can withdraw this at any time; the legality of data processing based on the consent until withdrawal remains unaffected by this.
To assert these rights and for further questions on our processing of personal data, you may contact our data protection officer at email@example.com or use our general contact data (see point 1 above) at any time.
Regardless of this, you have the right to file a complaint with a supervisory authority – in particular in the EU Member State where you are staying, working or allegedly infringed – if you believe that the processing of personal data concerning you violates the GDPR or other applicable data protection laws (Art. 77 GDPR, Sec. 19 BDSG).
11. Is there an obligation to provide data?
In the context of our business relationship you only have to provide the personal data which is necessary for the establishment, execution and termination of a business relationship or which we are legally obliged to collect. Without this data we will usually have to refuse the conclusion of the contract or the execution of the order or we will no longer be able to execute an existing contract and may have to terminate it.
Mandatory information is marked as such on our website.
12. To what extent is there automated decision making in individual cases?
We do not use fully automated decision making according to Art. 22 GDPR for the establishment and implementation of a business relationship. Should we use these procedures in individual cases, we will inform you separately, where required by law.
Last updated: May 25, 2018