Processing of (personal) data by the entity in charge of the online application process

We, EvidentIQ Group GmbH (“EvidentIQ/we“), are pleased about your visit to our website and your interest in our products and services. In the following provisions, we inform you about the type, scope and purpose of the collection and use of your personal data on our website. Personal data is any information relating to an identified or identifiable natural person. This includes in particular your name and e-mail address.

The use of our website is generally possible without providing personal data. You are neither obliged to call up this website nor to provide personal data. However, the active provision of personal data is required, for example, in the case of registration for a newsletter. If you do not provide us with personal data for the purposes listed below, you may not be able to use the functions of this website or some of its services.

1. Provider and data protection officer

Provider of the website and controller in the sense of data protection law is the

EvidentIQ Group GmbH
Rathausmarkt 5
20095 Hamburg

Managing directors: Dominique Manu, Manuel Neukum, Axel Jansen, Lars Kloppsteck, Helge Hofmeister

Phone: +49 (0) 89 4522775 000

E-mail: info@evidentiq.com

You can reach EvidentIQ’s data protection officer at

krupna LEGAL

Dr. Karsten Krupna

Phone: +49 (0) 40 31976927

E-mail: karsten.krupna@evidentiq.com

2. Data processing for enabling website use

Every time you access content on our website, connection data is transmitted to our webserver. This connection data includes:

• the IP address (Internet Protocol address) of the respective users,
• the date and time of the request,
• the referrer URL,
• device numbers such as UDID (Unique Device Identifier) and comparable device numbers, device information (e.g. device type) and
• the browser type / the browser version.

This connection data is not used to draw conclusions about the person of the user or merged with data from other data sources, but serves to provide the website. After 7 days at the latest, the data will be anonymized by shortening the IP address at domain level. The legal basis for the processing of your data is Art. 6 para. 1 sentence 1 lit. f GDPR.

3. Newsletter

3.1 General Information

If you have expressly consented, you will receive a newsletter on EvidentIQ products and services via e-mail. To receive our newsletter, only your e-mail address is required. This is marked accordingly (*).

In connection with your registration to receive the newsletter, we use the so-called double-opt-in procedure. This means that after your registration we will send you an e-mail to the e-mail address you provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 7 days, your information will be blocked and automatically deleted after one month.

The processing of your personal data in connection with the newsletter is based on your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR.

You can revoke your consent to receive newsletters at any time with effect for the future towards EvidentIQ. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. To exercise the revocation, you will find a corresponding link at the end of each e-mail newsletter. Alternatively, you can revoke your consent at any time, e.g. by sending an e-mail to info@evidentiq.com.

When you register for the newsletter, we also store your IP address and the time of registration in order to fulfill our legal documentation obligations. The legal basis for data processing in this case is Art. 6 para. 1 sentence 1 lit. c GDPR.

3.2 Newsletter-Tracking

In connection with your registration to receive the newsletter, we use the so-called double-opt-in procedure. This means that after your registration we will send you an e-mail to the e-mail address you provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 7 days, your information will be blocked and automatically deleted after one month.

The processing of your personal data in connection with the newsletter is based on your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR.

You can revoke your consent to receive newsletters at any time with effect for the future towards EvidentIQ. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. To exercise the revocation, you will find a corresponding link at the end of each e-mail newsletter. Alternatively, you can revoke your consent at any time, e.g. by sending an e-mail to info@evidentiq.com.

When you register for the newsletter, we also store your IP address and the time of registration in order to fulfill our legal documentation obligations. The legal basis for data processing in this case is Art. 6 para. 1 sentence 1 lit. c GDPR.

4. Contact Form

If you use the contact form, we provide to contact us, your details will be stored so that they can be used to process your query. Provision of your email address is sufficient for us to contact you. The additional voluntary information about your person serves only to personalize the address for you.

The legal basis for processing your data is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest then lies in responding to your query.

In the event that (pre)contractual measures are implemented, the legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR.

5. Data processing for the demand-oriented design of the website / tracking tools

The tracking tools and other services used by us are listed in sections 6 to 7.

In order to make the use of our website as pleasant as possible for you, we use for example so-called “cookies”, i.e. small text files that are sent to your browser by a web server and stored on the hard drive of your end device. This enables us to recognize the end device you are using when you use our website.

Please note that if you disable cookies, you may not be able to use all the features of this website to their full extent. Please also note that deactivation may have to be carried out for each browser and each end device.

Details of the tools used on the website can be found in the cookie banner and in the following provisions. The legal basis for the processing of your data follows from Art. 6 para. 1 sentence 1 lit. f GDPR, unless otherwise stated in sections 6 and 7. Our legitimate interest then consists in the demand-oriented design of the website

6. Cookie consent with Didomi

This website uses the cookie consent technology of Didomi to obtain your consent to the storage of certain cookies on your end device and to document this in a data protection compliant manner. The provider of this technology is Didomi SAS, 137 Bd de Sébastopol, 75002 Paris, France, website: https://www.didomi.io/consent-management-platform (“Didomi“).

Didomi processes the date and time of the visit, device information, browser information, CookieID and DeviceID, consent profile “consent” or “refusal” as a processor for the purpose of storing and retrieving the user’s consent profile. Furthermore, Didomi stores a cookie in your browser in order to be able to attribute the given consents or their revocation to you. For further information can be found in the cookie banner.

Didomi is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 sentence 1 lit. c GDPR.

You can find more information on data protection at Didomi at: https://privacy.didomi.io/en/

7. Tracking tools / other services

7.1. Google Analytics

Our website uses the “Google Analytics 4 (GA4) tracking tool. This is a service provided by Google Ireland Limited, a company registered and operated in accordance with Irish law, headquartered at Gordon House, 4 Barrow Street, Dublin, Ireland (“Google”). This tracking tool helps us to make our online offers more interesting for you and to improve the user experience. Data on the use of our website is stored in pseudonymized user profiles. In addition to JavaScript and pixels, cookies can also be used for this purpose. Further information on the use of cookies can be found at: https://support.google.com/analytics/answer/11397207?hl=de. The types of personal data processed include Online identifiers (including cookie identifiers), internet protocol addresses and device identifiers, identifiers assigned by the customer.

Data from different devices, sessions, and interactions can additionally be linked to a user ID. This information is generally transferred to a Google server in the USA and stored there.

As part of the evaluation, Google also uses artificial intelligence (AI) to automatically analyze, classifies, and enrich data. This is done in particular for predictive metrics on future user behavior based on structured event data, such as purchase probability, churn probability and predicted revenue. The forecast measurement values can also be used for forecast target groups. You can find out more about this at: https://support.google.com/analytics/answer/9846734.

Google uses modeling techniques to estimate online conversions that cannot be captured directly. This enables more realistic statements to be made in reports, advertising campaigns to be optimized and automatic bidding to be improved. You can find more information on this at: https://support.google.com/analytics/answer/10710245.

Finally, the data is analyzed using Analytics statistics. Google provides automatic and user-defined statistics. You can find out more about this at: https://support.google.com/analytics/answer/9443595.

By default, Google already automatically anonymizes user IP addresses when collecting user data. Google also does not log or store the IP addresses. The truncating of IP addresses does not mean that data is processed entirely in anonymized form. Thus, when Google Analytics is used, usage data is collected that is to be evaluated as personal data, such as identification features of the individual users, which also allow a link to an existing Google account, for example. On our behalf, Google will use this information to evaluate your usage of our website, to compile reports on website activity, and to provide other services related to website and Internet usage to us. The pseudonymized user profiles are not combined with personal data about the bearer of the pseudonym unless separate consent has been obtained for this.

For more information on Google Analytics, see: https://support.google.com/analytics/answer/12017362.

Please note that Google also has independent access to your data collected via Google Analytics and may also use this data for its own purposes. Google may, for example, link this data to other information about you, such as search history, personal account, usage data from other devices, and all other data that Google has about you.

The legal basis for the use of Google Analytics is based on your consent, based on § 25 para. 1 sentence 1 TDDDG for the storage and access to information in terminal equipment and Art. 6 para. 1 sentence 1 lit. a GDPR for our further processing of your data. You give your consent to this via our cookie banner. Please note that Google is a company from the USA. Information about Google’s data centers locations can be found at www.google.com/about/datacenters/locations/. The new EU standard data protection clauses were agreed as appropriate safeguards to ensure an adequate level of protection for the transfer of data. In addition, Google LLC is an active participant in the EU-U.S. Data Privacy Framework, which ensures the secure transfer of personal data to the USA. You can find further information here: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active

7.2. Google Ads Conversion

We use the “Google Ads Conversion” service to advertise our products on external websites with the help of advertising material and to determine success of our advertising measures. These advertising materials are delivered by Google via so-called “ad servers”. If you access our website via a Google ad, Google Ads will store a cookie on your end device. These cookies generally lose their validity after 30 days and are not used to identify you personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values for this cookie.

Aforementioned cookies enable Google to recognize your internet browser. Therefore, if you have visited certain websites of an Ads customer and the cookie stored on your computer has not yet expired, Google and the Ads customer can recognize that you clicked on the ad and were redirected to this page. Cookies cannot be tracked via the websites of Ads customers. We ourselves do not collect and process any personal data in aforementioned advertising measures. We only receive statistical evaluations from Google. Based on these evaluations, we can recognize which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising material; in particular, we cannot identify you based on this information.

The legal basis for the use of Google Ads Conversion is your consent, based on § 25 para. 1 sentence 1 TDDDG for the storage and access to information in terminal equipment and Art. 6 para. 1 sentence 1 lit. a GDPR for our further processing of your data. You give your consent to this via our cookie banner. Please note that the provider is a company from the USA. Information about Google’s data center’s locations can be found at www.google.com/about/datacenters/locations/ The new EU standard data protection clauses have been agreed as suitable guarantees to ensure an appropriate level of protection when transferring data. In addition, Google LLC is an active participant in the EU-U.S. Data Privacy Framework, which guarantees the secure transfer of personal data to the USA.

You can find more information here:

https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active.

Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on scope and further use of data collected by Google through use of this tool and therefore inform you according to our level of knowledge as follows: By integrating Ads Conversion, Google receives information that you have accessed the relevant part of our website or clicked on one of our ads. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that the provider will find out your IP address and store it.

You can find more information on data protection at Google here: https://support.google.com/google-ads/answer/93148 https://ads.google.com/intl/de_de/home/faq/gdpr/

7.3. HubSpot

For our online marketing activities, we use the service of HubSpot Inc, a software company from the USA, 25 First Street, Cambridge, MA 02141 USA, with a branch in Ireland, Ground Floor, Two Dockland Central, Guild St, North Dock, Dublin, D01 K2C5, Ireland (“HubSpot”).

HubSpot is an integrated software solution that we use to cover various aspects of our online marketing. These include, among others: Email marketing, contact management (e.g. user segmentation & CRM) and data processing via contact forms.

The legal basis for the use of HubSpot is your consent, based on § 25 para. 1 sentence 1 TDDDG for the storage and access to information in terminal equipment and Art. 6 para. 1 sentence 1 lit. a GDPR for our further processing of your data. You give your consent to this via our cookie banner.

Please note that the provider is a company from the USA. The new EU standard data protection clauses have been agreed as appropriate safeguards to ensure an adequate level of protection for data transfers. In addition, HubSpot is an active participant in the EU-U.S. Data Privacy Framework, which guarantees the secure transfer of personal data to the USA. Further information can be found here: https://www.dataprivacyframework.gov/list.

7.4. LinkedIn Insight-Tag

We use the “LinkedIn Insight Tag” conversion tool from LinkedIn Ireland Unlimited Company (hereinafter “LinkedIn Ireland”) on our website. This tool creates a cookie in your web browser, which enables the collection of the following data, among others: IP address, device and browser properties and page events (e.g. page views). LinkedIn Ireland does not transmit any personal data to us, but offers anonymized reports on the website target group and display performance. In addition, LinkedIn Ireland offers the possibility of retargeting via the Insight tag. With the help of this data, we can display targeted advertising outside our website without identifying you as a user of the website. The legal basis for the use of the LinkedIn Insight tag is your consent, based on § 25 para. 1 sentence 1 TDDDG for the storage and access to information in terminal equipment and Art. 6 para. 1 sentence 1 lit. a GDPR for our further processing of your data. You give your consent via our cookie banner. Please note that LinkedIn Ireland may also process your data outside the EU/EEA. The new EU standard data protection clauses have been agreed as appropriate safeguards to ensure an adequate level of protection when transferring data. In addition, LinkedIn Corporation is an active participant in the EU-U.S. Data Privacy Framework, which ensures the secure transfer of personal data to the USA. Further information can be found here: https://www.dataprivacyframework.gov/list. Further information on the LinkedIn Insight Tag can be found at the following link. For more information on data protection at LinkedIn Ireland, please refer to the LinkedIn Ireland privacy policy

7.5. Google reCAPTCHA

We use Google reCAPTCHA (hereinafter “reCAPTCHA”) on our website. This is a service provided by Google. The purpose of reCAPTCHA is to check whether the data input on our website (e.g. when registering for a newsletter) is made by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor accesses or enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent on the website by the website visitor or mouse movements made by the user). The data collected during the analysis is forwarded to Google. The reCAPTCHA analyses run completely in the background. You will not be informed separately that an analysis is taking place.

The legal basis for the use of reCAPTCHA is your consent, based on § 25 para. 1 sentence 1 TDDDG for the storage and access to information in terminal equipment and Art. 6 para. 1 sentence 1 lit. a GDPR for our further processing of your data. You give your consent to this via our cookie banner. Please note that the provider is a company from the USA. Information about the locations of Google’s data centers can be found at www.google.com/about/datacenters/locations/. The new EU standard data protection clauses have been agreed as suitable guarantees to ensure an appropriate level of protection when transferring data. In addition, Google LLC is an active participant in the EU-U.S. Data Privacy Framework, which guarantees the secure transfer of personal data to the USA. Further information can be found here: https://www.dataprivacyframework.gov/list.

Further information on reCAPTCHA and Google’s privacy policy can be found at the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.

7.6. Gravity Forms

We use the Gravity Forms service provided by Rocketgenius Inc, 1620 Centerville Turnpike, Suite 102, Virginia Beach, USA, in connection with our inquiry and contact forms (for more information on this and the legal basis for data processing, see section 4). Gravity Forms is a form management solution from WordPress. Your data is transmitted to us to process the requests and stored on the Word-Press content management system at our hosting provider. Rocketgenius, Inc. does not store or pass on the data, see: https://docs.gravityforms.com/wordpress-gravity-forms-and-gdpr-compliance/. Further information on Gravity Forms’ data protection can be found here: https://www.gravityforms.com/privacy/.

We use Google Tag Manager “GTM”. This Google service allows website tags to be managed via an interface. However, GTM only implements tags. In this respect, no cookies are used. GTM only triggers other tags, which in turn may collect data, but GTM does not access this data. Data is only analyzed in the respective tool (see the tools listed in section 7 for details). However, the GTM records your IP
address and online identifiers (including cookie identifiers), which may also be transmitted to Google in the USA.

You can find additional information on GTM at https://support.google.com/tagmanager/answer/6102821?hl=de

The legal basis for the use of GTM is your consent, based on § 25 para. 1 sentence 1 TDDDG for the storage and access to information in terminal equipment and Art. 6 para. 1 sentence 1 lit. a GDPR for our further processing of your data. You give your consent to this via our cookie banner. Please note that the provider is a company from the USA. Information about Google’s data center’s locations can be found at www.google.com/about/datacenters/locations/. The new EU standard data protection clauses have been agreed as suitable guarantees to ensure an appropriate level of protection when transferring data. In addition, Google LLC is an active participant in the EU-U.S. Data Privacy Framework, which guarantees the secure transfer of personal data to the USA. Further information can be found here: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active.

7.8. Capterra

On our website we use the conversion tracking tool of Capterra Inc., a company from the USA with headquarters at 1201 Wilson Blvd, 9th Floor, Arlington, VA 22209, USA and a subsidiary of Gartner Inc. (“Capterra”). Capterra is a platform for software selection based on the ratings of other users.

When you trigger a so-called conversion event on our website (e.g. filling out a form to receive a demo version), a cookie is set by Capterra to recognize if and when you have triggered a conversion event. The generated information is transferred to Capterra’s servers and processed there. We receive an evaluation from Capterra about the number of conversion events in order to analyze the success of our advertising campaigns.

You can find more information about Capterra’s data processing in the privacy policy at https://www.capterra.com/legal/privacy-policy.

The legal basis for the use of Capterra is your consent, based on § 25 para. 1 sentence 1 TDDDG for the storage and access to information in terminal equipment and Art. 6 para. 1 sentence 1 lit. a GDPR for our further processing of your data. You give your consent to this via our cookie banner.

Please note that the provider is a company from the USA. Gartner Inc. an active participant in the EU-U.S. Data Privacy Framework, which guarantees the secure transfer of personal data to the USA. Further information can be found here: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active and here: https://www.gartner.com/en/about/policies/privacy-framework-notice

8. Social media presence

8.1. Links to social networks

Our website contains links to social networks (LinkedIn and YouTube). These websites are operated exclusively by third parties. If you follow the links, the respective provider may process personal data about you. Please note the data protection information of the provider in this regard.

8.2. Data processing by EvidentIQ and legal basis

Our social media presences (LinkedIn and YouTube) serve the purpose of informing you about EvidentIQ as well as new developments, services and products of EvidentIQ. Depending on the offer of the respective providers, you have the possibility of different interaction (comments, recommendations etc.) e.g. in connection with our social media presence. The interaction of the users is an important criterion for us in order to carry out targeted marketing. For example, we can determine which articles are read preferentially. We therefore also use the statistics determined by the providers in this regard for our own purposes. Insofar as we process personal data of users in this context, the legal basis for this is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest then consists in particular in targeted information / advertising. The providers will inform you separately about the legal basis on which they process your data for their own purposes.

8.3. Joint responsibility

In some cases, we are jointly responsible with the social media providers for processing your personal data. In this case you can assert your rights (see section 14) generally either against us or against the social media provider. However, the social media provider is the first point of contact.

We have concluded a joint responsibility agreement with LinkedIn Ireland for the processing of personal data. This applies in relation to so-called “page insights”. These are aggregated page statistics, whereby LinkedIn does not provide us with any personal data from you. Details on the insights data and our agreement with LinkedIn can be found at the following link.

Please note that LinkedIn also process your data outside the EU/EEA. LinkedIn Corporation is an active participant in the EU-U.S. Data Privacy Framework, which ensures the secure transfer of personal data to the USA when data is transferred to LinkedIn Corporation.

Further information can be found here: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000GnywAAC&status=Active

With regard to the storage period of the data we process from you for our own purposes, please refer to our explanations under section 12. Otherwise, please observe the data protection provisions of the social media provider.

9. Telephone and video conferences via Teams

We use the online platform teams (“teams“) for interactive communication. Teams is a service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, based in the USA (“Microsoft“). For more information from Microsoft about team’s privacy practices, please click here.

9.1. Microsoft’s own responsibility

If you access Microsoft’s website for the use of teams, Microsoft is responsible for the data processing. However, you only need to access the website to download the software for the use of teams. You can also use teams if you enter the respective meeting ID and, if necessary, other access data for the meeting directly in the teams app. If you do not wish to use the teams app, the basic functions can also be used via a browser version.

To the extent that Microsoft processes personal data in connection with its own legitimate business operations, Microsoft is an independent data controller for such processing, whose legal basis, according to its own declaration, is “legitimate interests”. “Microsoft’s legitimate business transactions” in this context are, as evidenced by Microsoft’s statement, the following, each as an incident involving the provision of teams to us (1) billing and account management; (2) compensation (e.g., calculation of employee commissions and partner incentives); (3) internal reporting and modeling (e.g., forecasts, revenue, capacity planning, product strategy); (4) combating fraud, cybercrime or cyber attacks that may affect Microsoft or Microsoft products; (5) improving core accessibility, privacy, or energy efficiency functionality; and (6) financial reporting and compliance with legal obligations.

Microsoft’s statement on the storage of personal data can be found here.

.

9.2. Purpose of processing and types of personal data

We use teams to conduct telephone conferences and/or video conferences, particularly in connection with online seminars for prospects and professionals and/or employment relationships (“online meetings”).

When using teams, various types of personal data are processed by us. The type and scope of the data depends in particular on the information you provide before or during participation in an online meeting. However, in order to identify you as an authorized participant, you must at least provide your name. You can deactivate the video or microphone function at any time via the teams application.

Personal data processed in connection with teams include:

• Profile data: First name, surname, telephone number (optional), e-mail address, password (if “Single-Sign-On” is not used), profile picture (optional), department (optional)
• Meeting metadata: Subject, description (optional), participant IP addresses, device/hardware information
• Call history data: Information on incoming and outgoing telephone number, country name, start and end time. If necessary, other connection data such as the IP address of the device can be saved.
• Content data: You may be able to use chat, question or survey functions during an online meeting. Your text entries and other approved data are processed to display them in the online meeting.

For further details on data processing by Microsoft, please refer to Microsoft’s explanations von Microsoft.

9.3. Data processing by EvidentIQ and legal basis

To the extent that personal data of employees is processed by us, the legal basis for data processing is generally § 26 para. 1 BDSG. If special categories of personal data are involved, the processing is governed by § 26 para. 3 BDSG.

If, however, in connection with the use of teams, personal data is not required for the establishment, implementation or termination of the employment relationship, the legal basis for data processing is generally Art. 6 para. 1 sentence 1 lit. f GDPR. In these cases, our interest lies in the effective implementation of online meetings. In addition, the legal basis for data processing when conducting online meetings is Art. 6 para. 1 sentence 1 lit. b GDPR, insofar as the meetings are conducted in the context of contractual relationships. In special cases (e.g. a recording of online meetings) in which you are asked in advance for a declaration of consent, the legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR

9.4. Data transfer to countries outside the EU

Teams is a service provided by a provider from the USA. A processing of personal data therefore also takes place in a third country. We have concluded a data processing agreement with Microsoft in accordance with Art. 28 GDPR. An adequate level of data protection is ensured by the conclusion of the so-called EU standard model clauses. In addition, Microsoft is an active participant in the EU-U.S. Data Privacy Framework, which guarantees the secure transfer of personal data to the USA. Further information can be found here: https://www.dataprivacyframework.gov/list. If law enforcement authorities contact Microsoft with a request, Microsoft, according to its own statement, tries to redirect law enforcement authorities to request the personal data directly from us. If Microsoft is required to disclose personal information to law enforcement authorities, Microsoft will (also at Microsoft’s own statement) notify us immediately and provide a copy of the request unless prohibited by law. For more information about the data that Microsoft discloses in response to requests from law enforcement and other government agencies, please refer to Microsoft’s Law Enforcement Requests Report.

10. Data transfer

We only transfer your personal data to third parties or other recipients if this is necessary for the provision of services, if you have given your consent, if there is a legal obligation or if the transfer of data is permitted by another legal basis. Where necessary, we have concluded data processing agreements with the recipients of your data, such as Google or other service providers, in accordance with Art. 28 GDPR. We will only transfer your data to government bodies within the scope of legal obligations or on the basis of an official order or court decision.

11. Data transfer to countries outside the EU

Insofar as necessary for our purposes, we will only transfer personal data to recipients outside the EU if you have given your consent, if there is a legal obligation to do so, or if the transfer of data is permitted on another legal basis. Your data will also be transferred to recipients based in the USA within the scope of processing data. An appropriate level of data protection is ensured by the conclusion of the new so-called EU standard contractual clauses and/or the participation of the service provider in the USA in the EU-U.S. Data Privacy Framework. An overview of the participants in the EU-U.S. Data Privacy Framework can be found here: https://www.dataprivacyframework.gov/s/participant-search

12. Duration for which personal data is stored / criteria for determining the duration

Your personal data will be stored by EvidentIQ for as long as it is necessary for the aforementioned purposes of processing, in the event of an objection no compelling reasons worthy of protection oppose EvidentIQ or in the event of a revocation no other legal basis for data processing exists. In certain cases, e.g. if there is a legal obligation to retain data, your personal data will not be deleted immediately, but blocked initially.

If, in connection with the eCOA application, the data protection responsibility lies with the institute or the sponsor, please refer to the information provided by the respective controller.

13. Data security

To protect your personal data on this website, we use a secure online transmission procedure, the so-called “Secure Socket Layer” (SSL) transmission. You can recognize this by the fact that a closed padlock symbol is displayed on the address https://. By clicking on the symbol, you will receive information about the SSL certificate used. The display of the symbol depends on the browser version you are using. The SSL encryption guarantees the encrypted and complete transmission of your data.

14. Your rights

• confirmation as to whether personal data concerning you is processed by EvidentIQ,
• information about these data and the circumstances of processing,
• correction, if this data is incorrect,
• deletion, unless the processing is not justified and there is no (longer an) obligation to keep the data,
• restriction of processing in special cases determined by law,
• objection in case of data processing on the basis of Art. 6 para 1 sentence 1 lit. f GDPR and
• transmission of your personal data – if you have provided it – to you or a third party in a structured, common and machine-readable format.

Insofar as the processing of your personal data is based on your consent, you have the right to revoke this consent at any time, with the consequence that the processing of your personal data will become inadmissible for the future. However, this does not affect the lawfulness of the processing carried out on the basis of the consent up to the point of revocation.

Please address your specific request in writing or by e-mail to our data protection officer (see section 1), clearly identifying yourself.

Insofar as we process your data in joint controllership with third parties within the meaning of Art. 26 GDPR (see section 8.3), the third party is centrally responsible for the exercise of all rights of the persons concerned. However, you are free to assert your rights against us as well.

If the institute or the sponsor is responsible for data protection in connection with the eCOA application, please refer to the information provided by the respective controller.

Finally, we would like to draw your attention to your right of appeal to the supervisory authority.

15. No automated individual decision

We do not use your personal data for automated individual decisions.

16. Amendment of the privacy policy

New legal requirements, business decisions or technical developments may require changes to our privacy policy. The privacy policy will then be adjusted accordingly. You will always find the latest version on our website.