This privacy notice informs you how Netquest collects and processes your personal data. Other privacy notices apply to you, for example if you participate in one of our panels or special market research studies. We will inform you about these separately.
Where we refer to personal data below, we mean any information relating to an identified or identifiable living person. Personal data that has been anonymized in such a way that the data subject cannot be identified or can no longer be identified (anonymous data) is no longer considered personal data.
We may need to amend or update this privacy notice from time to time. Therefore, please read this privacy notice at regular intervals.
Netquest is an independent online field supplier for social and market researchers. With the cooperation of our consumer community, our customers can gain reliable knowledge of the opinions and behaviour of citizens around the world.
Netquest belongs to the GfK group which together form the "GfK Group". "Netquest", "we", "us", "our" means the Netquest company identified in this privacy notice as the controller for processing your personal data.
For the purposes of this privacy notice, the controller is:
Soluciones Netquest de Investigación, S.L.U.
Calle Gran Capitán 2-4, Piso 4;
08034 Barcelona, España
Netquest has appointed William Hammond as data protection officer (who can be reached at firstname.lastname@example.org).
Netquest is firmly committed to protecting all citizens' right to privacy. When you share your personal information with us, we believe that it is our duty to ensure that it is adequately protected. This privacy notice will tell you what information we collect about you, with what purpose, and how we protect it.
This privacy notice applies to customers, people interested in our business, and candidates who participate in any of our recruitment selection processes.
All services provided by Netquest, including providing information about us or about market research topics, via newsletter or by any other means, are aimed at people over 16 years of age.
When you visit our website, we process the following personal data:
Each time you access our website, your internet browser automatically sends certain information to our website server and temporarily stores it in so-called log files.
We use Internet log data to improve the user experience, performance, and security of our surveys and other solutions, and for quality assurance purposes. The following internet protocol data is automatically transmitted:
We process personal data that you provide to us when you:
This concerns the following personal data, if provided by you:
If you register to receive newsletters, invitations to free webinars and events, thought leadership articles or product announcement emails, in addition to the aforementioned personal data we also process:
We process your personal data on the following legal bases:
In the following, we inform you in detail about the processing purposes and the associated legal basis:
Provision of our website for the public and for the purpose of contacting customers and interested parties
Performance of a contract or legitimate interest (Netquest's interest in providing a functioning website)
Collection of statistical information about the use of our website (so-called web analysis)
Consent or legitimate interest (Netquest's interest in receiving information about the use of our website, e.g. to improve our website).
Investigating malfunctions and ensuring system security, including detecting and tracking unauthorised access attempts and access to our web servers.
Compliance of legal obligations (for data security); legitimate interest (Netquest's interest in system security, in particular troubleshooting and elimination of unauthorised access).
Communicating with you as a business partner (e.g. on Netquest products and services, policies and terms and conditions, feedback and other enquiries).
Performance of a contract or pre-contractual measures, legitimate interest (Netquest's interest in processing your feedback and other requests)
Processing of payment transactions
Performance of a contract.
Collection of statistical information for planning in the company
Legitimate interest (Netquest's interest in organising internal company processes based on an evaluation of order history, transaction data, etc.).
Provision and management of your user accounts
Performance of a contract, legitimate interest (Netquest’s interest in setting up user accounts)
Nota: You will only receive these messages if you have previously stated your wish to receive them. You will find
a button on all messages to cancel your registration if you no longer wish to receive them.
Performance of contract
Performance of a contract (for employment purposes)
Assertion of legal claims and defence in legal disputes
Legitimate interest (Netquest's interest in asserting, enforcing claims or defending itself in legal disputes).
Purposes of prevention, investigation, reporting of criminal offences, for example fraud, credit card misuse, identity deception
Weighing up interests (Netquest's interest in criminal investigation and prosecution).
Legitimate interest (Netquest’s interest in ensuring compliance throughout the company)
We may share your personal data with other companies in the GfK Group. Within the GfK Group, only employees and departments with a “need to know” basis have access to your personal data and only to the extent necessary. Regarding the transfer of your personal data within the GfK Group, the companies of the GfK Group are either independent controllers, joint controllers or processors, depending on the processing activity.
We may transfer your personal data to recipients, who are usually processors, outside the GfK Group. These third parties generally belong to the following categories of recipients:
Where we use third party service providers (including processors), these third parties are subject to contractual obligations (e.g. a data processing agreement). These processors will only process your personal data in accordance with our prior written instructions and must take measures to protect the confidentiality and security of your personal data.
Due to the international nature of our business, it may be necessary for us to transfer your personal data to other companies within the GfK Group and to third parties outside the European Union (EU) and/or the European Economic Area (EEA) (“Third Countries”). For this reason, we may transfer your personal data to Third Countries that have different laws and data protection compliance requirements than the country in which you are located. The third countries concerned, e.g. the USA, may not have the level of data protection that you enjoy under the GDPR. This can mean disadvantages such as an impeded enforcement of data subjects’ rights, a lack of control over further processing and access by state authorities. You may only have very limited legal remedies against this.
We have concluded an intra-group data transfer agreement with the relevant transfer mechanisms (standard contractual clauses of the European Commission) to ensure an adequate level of protection for your personal data when it is transferred within the GfK Group from the EU/EEA to third countries.
Insofar as we transfer your personal data from the EU/EEA to recipients in third countries that are not covered by an adequacy decision of the EU Commission, we achieve an adequate level of data protection by concluding standard contractual clauses of the European Commission or by means of binding corporate rules of our business partners and supplement these transfer mechanisms with further contractual, technical and organisational measures if necessary. Please contact Netquest under the above contact details to obtain a copy of transfer mechanisms.
In certain circumstances, we may also collect personal data about you from sources other than yourself. In these cases, we will inform you accordingly within one month of receiving the personal data or, if the personal data is to be used for communication with you, at the latest at the time of the first communication with you. We will then provide you with all information required by law, such as which personal data we have obtained from which sources and how we intend to use it. In appropriate cases, we will obtain your consent before collecting your personal data from other sources.
We process personal data that we have permissibly obtained from publicly accessible sources and are allowed to process. Such sources include e.g. public access directories, professional social networks such as LinkedIn and XING, but also your respective company websites and, where applicable, other websites.
In principle, you are not obliged to provide your personal data. However, if you do not provide your personal data, we may only be able to provide you with limited services or not answer your enquiries. If the processing of your personal data is necessary for the fulfilment of a contract between you and us and you do not provide the required information, we may discontinue our contractual services. In this case, we will notify you in advance.
You have the following rights in relation to your personal data:
Right to object, Art. 21 GDPR: You have a general right to object, on grounds relating to his or her particular situation, if we process your personal data on the basis of our legitimate interest. This means that you must always give reasons for your objection and the reasons for the objection must not result from the processing situation as such but must be justified in your person. We will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Right to withdraw consent: You can withdraw consent at any time with effect for the future by contacting us at email@example.com or using the contact information informed at the top.
Right to lodge a complaint: In the event of a (suspected) breach of applicable data protection laws, you may lodge a complaint with the supervisory authority.
We do not make decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you (Art. 22 GDPR).
Processing Time: We will comply with your request within 30 days. This period may be extended by a further two months if necessary, considering the complexity and number of requests. Netquest will inform you of any such extension, together with the reasons for the delay, within one month of receipt of the request. This does not apply to the right to withdraw consent, which we implement without delay within our statutory obligation.
We will only process your personal data for as long as is necessary to achieve the above purposes. Third parties engaged by us will store your personal data on their systems for as long as is necessary in connection with the provision of services to us in accordance with the relevant contract. We will delete or anonymise your personal data as soon as it is no longer required for the purposes described in this privacy notice and if we have no legal basis to further store your personal data.
In addition, the retention period may be extended if we are subject to statutory retention and documentation obligations (for Germany these are up to ten years). The retention period may also be based on the statutory limitation periods (for Germany this is up to thirty years, with the regular limitation period being three years). In certain circumstances, we may also need to store your personal data for longer, e.g. in connection with authority or legal proceedings.
With regard to the use and retention period of cookies, please note the cookie section below.
We protect your personal data from loss, misuse, disclosure, alteration, unavailability, unauthorised access and destruction and maintain the confidentiality of your personal data. This is also ensured using appropriate technical and organisational measures. We choose our security measures taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons and continuously improve them. Technical measures include, for example, the use of encryption (e.g. TSL encryption for personal data in transit), access control to our systems, monitoring of critical IT system resources and system messages, ensuring the availability and resilience of systems and services.
Organizational measures include, for example, defining roles and responsibilities, ensuring the correct and secure operation of information processing systems, regular training and awareness-raising of employees, as well as evaluating and assessing the effectiveness of the aforementioned measures. Access to your personal data is only granted to employees, service providers or GfK Group companies who require such access for the fulfilment of a business purpose or for the performance of their duties.
Please find information on cookies and other technologies we use in our Cookie Notice.
If you have any questions or complaints about the collection, use or retention of your personal data, or if you wish to exercise any of your rights in relation to your personal data, you can contact our data protection officer by emailing firstname.lastname@example.org.
We will investigate and attempt to remedy any complaint or dispute regarding the processing of your personal data. You can also lodge a complaint with the competent data protection authority.