Privacy Notice

This privacy notice informs you how Netquest collects and processes your personal data. Other privacy notices apply to you, for example if you participate in one of our panels or special market research studies. We will inform you about these separately.

 Where we refer to personal data below, we mean any information relating to an identified or identifiable living person. Personal data that has been anonymized in such a way that the data subject cannot be identified or can no longer be identified (anonymous data) is no longer considered personal data.

 We may need to amend or update this privacy notice from time to time. Therefore, please read this privacy notice at regular intervals.

Who are we?

Netquest is an independent online field supplier for social and market researchers. With the cooperation of our consumer community, our customers can gain reliable knowledge of the opinions and behaviour of citizens around the world.

Netquest belongs to the GfK group which together form the "GfK Group". "Netquest", "we", "us", "our" means the Netquest company identified in this privacy notice as the controller for processing your personal data.

 For the purposes of this privacy notice, the controller is:

Soluciones Netquest de Investigación, S.L.U.
Gran Capitán Street 2-4, Floor 4;

08034 Barcelona, Spain

Netquest has appointed William Hammond as data protection officer (who can be reached at compliance@netquest.com).

Our commitment to protecting your data

Netquest is firmly committed to protecting all citizens' right to privacy. When you share your personal information with us, we believe that it is our duty to ensure that it is adequately protected. This privacy notice will tell you what information we collect about you, with what purpose, and how we protect it.

This privacy notice applies to customers, people interested in our business, and candidates who participate in any of our recruitment selection processes.

All services provided by Netquest, including providing information about us or about market research topics, via newsletter or by any other means, are aimed at people over 16 years of age.

 
In this privacy notice, we inform you about the following:

  • which personal data we process in the context of your visit to our website;
  • the purposes and legal basis of the processing;
  • to whom we transfer your personal data to;
  • whether the provision of your personal data is mandatory and the consequences of not providing it;
  • your rights regarding your personal data and how you can exercise these;
  • the duration of the processing;
  • our security measures; and
  • cookies and similar technologies we use.

What personal data do we collect?

When you visit our website, we process the following personal data:

When you access our website

Each time you access our website, your internet browser automatically sends certain information to our website server and temporarily stores it in so-called log files.

We use Internet log data to improve the user experience, performance, and security of our surveys and other solutions, and for quality assurance purposes. The following internet protocol data is automatically transmitted:

  • IP address of your device;
  • name of the accessed files and contents;
  • date and time and duration of your website visit;
  • volume of personal data transferred;
  • operating system and internet browser including installed add-ons and other technologies of the your device;
  • internet address of the website from where you accessed our website (so-called origin or referrer URL);
  • Name of the service provider that provides access to our website;

When you provide your personal data

We process personal data that you provide to us when you:

  • fill in contact forms or otherwise communicate with us, whether by email, post or telephone;
  • create a user account;
  • wish to make use of our products or services,
  • enter into a professional or sales contract with us;
  • apply for a job position;
  • register to receive our services or other information;
  • request marketing materials. our blog entries or news related to Netquest and the market research industry;
  • request information on events or training courses;
  • participate in a competition, promotion or customer satisfaction survey; or give us feedback.

This concerns the following personal data, if provided by you:

  • contact and identification data (title, gender, name, address, birth date, name and place, nationality, telephone numbers, other contact details and email address, job information, employer, postal / billing / delivery address), curriculum vitae;
  • applicant data when you use our online application function.
  • data from different social networks;
  • financial transaction data (bank account and credit card details, payment information, for products or services purchased from us);
  • contract data (contract identifier, contract history, contract content);
  • user data (e.g. email, password, username or similar identifier, preferred settings, feedback);
  • data from the contact form (data provided by you in the form as well as your contact data provided to process your enquiry);
  • data that you provide as part of a feedback.

Marketing and newsletters

If you register to receive newsletters, invitations to free webinars and events, thought leadership articles or product announcement emails, in addition to the aforementioned personal data we also process:

  • your email address and contact and identification details;
  • marketing communication data such as your chosen preferences for receiving marketing materials and preferred communication channels;
  • the date and time of registration and confirmation;
  • internet protocol data;
  • web beacons, tracking pixels and your individual user ID.

 Purpose and legal basis of the processing

We process your personal data on the following legal bases:

  • Consent: You have given your consent to the processing of your personal data for one or more specific purposes (Art. 6 para. 1 lit. a GDPR);
  • Performance of contract or pre-contractual measures: The processing is necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering into a contract (Art. 6 para. 1 lit. b GDPR);
  • Legal obligation: The processing is necessary for the compliance with a legal obligation to which we are subject (Art. 6 para. 1 lit. c GDPR);
  • Legitimate interest: The processing is necessary for the purposes of our or a third party’s legitimate interests, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of your personal data (Art. 6 para. 1 lit. f GDPR).

In the following, we inform you in detail about the processing purposes and the associated legal basis:
 

Purpose

Legal basis

Provision of our website for the public and for the purpose of contacting customers and interested parties

Performance of a contract or legitimate interest (Netquest's interest in providing a functioning website)

Collection of statistical information about the use of our website (so-called web analysis)

Consent or legitimate interest (Netquest's interest in receiving information about the use of our website, e.g. to improve our website).

Investigating malfunctions and ensuring system security, including detecting and tracking unauthorised access attempts and access to our web servers.

Compliance of legal obligations (for data security); legitimate interest (Netquest's interest in system security, in particular troubleshooting and elimination of unauthorised access).

Communicating with you as a business partner (e.g. on Netquest products and services, policies and terms and conditions, feedback and other enquiries).

Performance of a contract or pre-contractual measures, legitimate interest (Netquest's interest in processing your feedback and other requests)

Processing of payment transactions

Performance of a contract

Collection of statistical information for planning in the company

Legitimate interest (Netquest's interest in organising internal company processes based on an evaluation of order history, transaction data, etc.).

Provision and management of your user accounts

Performance of a contract, legitimate interest (Netquest’s interest in setting up user accounts)

Newsletter mailing

Consent

Note: You will only receive these messages if you have previously stated your wish to receive them. You will find
a button on all messages to cancel your registration if you no longer wish to receive them.  

Event organisation

Performance of a contract

Applicant Data

Performance of a contract (for employment purposes)

Assertion of legal claims and defence in legal disputes

Legitimate interest (Netquest's interest in asserting, enforcing claims or defending itself in legal disputes)

Purposes of prevention, investigation, reporting of criminal offences, for example fraud, credit card misuse, identity deception

Weighing up interests (Netquest's interest in criminal investigation and prosecution)

Compliance audits

Legitimate interest (Netquest’s interest in ensuring compliance throughout the company)

 

Recipients

We may share your personal data with other companies in the GfK Group. Within the GfK Group, only employees and departments with a “need to know” basis have access to your personal data and only to the extent necessary. Regarding the transfer of your personal data within the GfK Group, the companies of the GfK Group are either independent controllers, joint controllers or processors, depending on the processing activity.

 We may transfer your personal data to recipients, who are usually processors, outside the GfK Group. These third parties generally belong to the following categories of recipients:

  • service providers for the operation of our website and the processing of personal data stored or transmitted by the systems (e.g. hosting or service providers for data centre services, payment processing or IT security);
  • consultants and service providers as independent controllers or joint controllers (e.g. insurance companies or accounting service providers);
  • persons who are subject to professional secrecy or are obliged to maintain confidentiality, for example lawyers, tax consultants and auditors;
  • government agencies/authorities, insofar as this is necessary to comply with legal obligations;
  • persons involved in carrying out our business operations (e.g. auditors, banks, insurance companies, legal advisors, regulatory authorities, parties involved in company acquisitions or the establishment of joint ventures);
  • recipients in the course of any reorganisations, mergers, disposals or other transfers of assets. We will then ensure that the recipient of your personal data agrees to handle it in a manner that complies with applicable data protection law and is compatible with the original purposes of the processing. We continue to ensure the confidentiality of your personal data and inform you about the transfer to another controller.

Where we use third party service providers (including processors), these third parties are subject to contractual obligations (e.g. a data processing agreement). These processors will only process your personal data in accordance with our prior written instructions and must take measures to protect the confidentiality and security of your personal data.

 Transfers of Data outside the EU/EEA

Due to the international nature of our business, it may be necessary for us to transfer your personal data to other companies within the GfK Group and to third parties outside the European Union (EU) and/or the European Economic Area (EEA) (“Third Countries”). For this reason, we may transfer your personal data to Third Countries that have different laws and data protection compliance requirements than the country in which you are located. The third countries concerned, e.g. the USA, may not have the level of data protection that you enjoy under the GDPR. This can mean disadvantages such as an impeded enforcement of data subjects’ rights, a lack of control over further processing and access by state authorities. You may only have very limited legal remedies against this.

We have concluded an intra-group data transfer agreement with the relevant transfer mechanisms (standard contractual clauses of the European Commission) to ensure an adequate level of protection for your personal data when it is transferred within the GfK Group from the EU/EEA to third countries.

Insofar as we transfer your personal data from the EU/EEA to recipients in third countries that are not covered by an adequacy decision of the EU Commission, we achieve an adequate level of data protection by concluding standard contractual clauses of the European Commission or by means of binding corporate rules of our business partners and supplement these transfer mechanisms with further contractual, technical and organisational measures if necessary. Please contact Netquest under the above contact details to obtain a copy of transfer mechanisms.

Publicly available sources, source from which the Data originate

In certain circumstances, we may also collect personal data about you from sources other than yourself. In these cases, we will inform you accordingly within one month of receiving the personal data or, if the personal data is to be used for communication with you, at the latest at the time of the first communication with you. We will then provide you with all information required by law, such as which personal data we have obtained from which sources and how we intend to use it. In appropriate cases, we will obtain your consent before collecting your personal data from other sources.

We process personal data that we have permissibly obtained from publicly accessible sources and are allowed to process. Such sources include e.g. public access directories, professional social networks such as LinkedIn and XING, but also your respective company websites and, where applicable, other websites.

Are you obliged to provide your personal data?

In principle, you are not obliged to provide your personal data. However, if you do not provide your personal data, we may only be able to provide you with limited services or not answer your enquiries. If the processing of your personal data is necessary for the fulfilment of a contract between you and us and you do not provide the required information, we may discontinue our contractual services. In this case, we will notify you in advance.

Your data subject rights

You have the following rights in relation to your personal data:

  • right of access and right to receive a copy of your personal data, Art. 15 GDPR
  • right of rectification, Art. 16 GDPR
  • right to erasure (“right to be forgotten”), Art. 17 GDPR
  • right to restriction of processing, Art. 18 GDPR
  • right to data portability, Art. 20 GDPR

Right to object, Art. 21 GDPR: You have a general right to object, on grounds relating to his or her particular situation, if we process your personal data on the basis of our legitimate interest. This means that you must always give reasons for your objection and the reasons for the objection must not result from the processing situation as such but must be justified in your person. We will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Right to withdraw consent: You can withdraw consent at any time with effect for the future by contacting us at compliance@netquest.com or using the contact information informed at the top.

Right to lodge a complaint: In the event of a (suspected) breach of applicable data protection laws, you may lodge a complaint with the supervisory authority.

We do not make decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you (Art. 22 GDPR).

Processing Time: We will comply with your request within 30 days. This period may be extended by a further two months if necessary, considering the complexity and number of requests. Netquest will inform you of any such extension, together with the reasons for the delay, within one month of receipt of the request. This does not apply to the right to withdraw consent, which we implement without delay within our statutory obligation.

Duration of the processing

We will only process your personal data for as long as is necessary to achieve the above purposes. Third parties engaged by us will store your personal data on their systems for as long as is necessary in connection with the provision of services to us in accordance with the relevant contract. We will delete or anonymise your personal data as soon as it is no longer required for the purposes described in this privacy notice and if we have no legal basis to further store your personal data.

In addition, the retention period may be extended if we are subject to statutory retention and documentation obligations (for Germany these are up to ten years). The retention period may also be based on the statutory limitation periods (for Germany this is up to thirty years, with the regular limitation period being three years). In certain circumstances, we may also need to store your personal data for longer, e.g. in connection with authority or legal proceedings.

With regard to the use and retention period of cookies, please note the cookie section below.

Security

We protect your personal data from loss, misuse, disclosure, alteration, unavailability, unauthorised access and destruction and maintain the confidentiality of your personal data. This is also ensured using appropriate technical and organisational measures. We choose our security measures taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons and continuously improve them. Technical measures include, for example, the use of encryption (e.g. TSL encryption for personal data in transit), access control to our systems, monitoring of critical IT system resources and system messages, ensuring the availability and resilience of systems and services.

Organizational measures include, for example, defining roles and responsibilities, ensuring the correct and secure operation of information processing systems, regular training and awareness-raising of employees, as well as evaluating and assessing the effectiveness of the aforementioned measures. Access to your personal data is only granted to employees, service providers or GfK Group companies who require such access for the fulfilment of a business purpose or for the performance of their duties.

Cookies and other technologies

Please find information on cookies and other technologies we use in our Cookie Notice.

Questions, exercising your data protection rights, complaints

If you have any questions or complaints about the collection, use or retention of your personal data, or if you wish to exercise any of your rights in relation to your personal data, you can contact our data protection officer by emailing compliance@netquest.com.

We will investigate and attempt to remedy any complaint or dispute regarding the processing of your personal data. You can also lodge a complaint with the competent data protection authority.