Privacy policy

1. Responsible body

Responsible body within the meaning of the data protection acts:

empirica regio GmbH
Kurfürstendamm 234
D-10719 Berlin
Phone: +49 (0)30 884 795-0
E-Mail: info@empirica-regio.de
https://www.empirica-regio.de

2. Collection, storage and use of personal data

a) When visiting the website

When you access our website www.empirica-regio.de, the browser used on your terminal device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is recorded without any action on your part and stored until it is automatically deleted:

  • IP address of the requesting computer,
  • date and time of access,
  • name and URL of the retrieved file
  • website from which the access is made (referrer URL),
  • the browser used and, if applicable, the operating system of your computer as well as the name of your access provider.

We process the data mentioned above for the following purposes:

  • guarantee of a smooth connection of the website,
  • guarantee a comfortable use of our website,
  • evaluation of system security and stability and
  • for other administrative purposes.

The legal basis for the data processing is Art. 6 para. 1 sentence 1 lit. f DSGVO. Our legitimate interest follows from the above listed purposes for data collection. Under no circumstances do we use the data collected for the purpose of drawing conclusions about your person.

Furthermore, we use cookies when you visit our website. You will find more detailed information on this under point 5.

b) When using empirica regio market studio and empirica regio API

For the purpose of providing the services empirica regio market studio and empirica regio API for access to the empirica regional database at https://studio.empirica-regio.de and for the fulfilment of the relevant user relationship, we process the following data of all users of the service:

  • Name and first name of the users,
  • username and password,
  • E-Mail addresses of the users,
  • name of the company,
  • postal address of the company,
  • user rights (access rights to the database),
  • IP address of the requesting computer,
  • date and time of access,
  • used browser and, if applicable, the operating system of your computer as well as the name of your access provider.

This data is stored to ensure access to the system. The processing is necessary for the execution or performance of the contract in accordance with Art. 6 para. 1 b DSGVO. The data will be deleted within 90 days of the end of the user relationship, provided that all mutual requirements have been met and the user has not expressly objected to the deletion of the data.

c) When using empirica regio go and empirica regio shop

For the purpose of providing the service empirica regio go at https://go.empirica-regio.de and empirica regio shop at https://shop.empirica-regio.de, information is automatically sent to the server of our website by the browser used on your terminal device. This information is temporarily stored in a so-called log file. The following information is recorded without your intervention and stored until it is automatically deleted:
.

  • IP address of the requesting computer,
  • date and time of access,
  • name and URL of the retrieved data,
  • website from which the access is made (referrer URL),
  • the browser used and, if applicable, the operating system of your computer as well as the name of your access provider.

We process the data mentioned above for the following purposes:

  • guarantee of a smooth connection of the website,
  • guarantee a comfortable use of our website,
  • evaluation of system security and stability and
  • for other administrative purposes.

The legal basis for the data processing is Art. 6 para. 1 sentence 1 lit. f DSGVO. Our legitimate interest follows from the above listed purposes for data collection. Under no circumstances do we use the data collected for the purpose of drawing conclusions about your person.

d) Use of the contact form in the empirica regio Shop

We use the security service hCaptcha (hereinafter “hCaptcha”) on our website https://shop.empirica-regio.de. This service is provided by Intuition Machines, Inc., a US company based in Delaware (“IMI”). hCaptcha is used to check whether user actions on our online service (submitting a contact form) meet our security requirements. For this purpose, hCaptcha analyses the behaviour of the visitor to the website on the basis of various characteristics. This analysis begins automatically as soon as the visitor has agreed to use hCaptcha. For the analysis, hCaptcha evaluates various information (e.g. IP address, duration of the visitor’s stay on the website or app or mouse movements of the user). The data collected during the analysis is forwarded to IMI. The data processing is based on Art. 6 para. 1 DSGVO. Our legitimate interest follows from the purpose of only allowing humans and not bots to use the contact form. In no case do we use the collected data for the purpose of drawing conclusions about your person.

e) Use of the map service of Mapbox

The services empirica regio market studio and empirica regio go integrate functions of the map service Mapbox. empirica regio uses this map service for the visualisation of background maps. By using Mapbox, data is usually transferred to the servers of Mapbox Inc. in the USA and processed there. We would like to point out that we, as the provider of these pages, have no influence on the content of the transmitted data or its use by Mapbox.

The operating company of Mapbox is Mapbox, Inc., 1714 14th Street NW, Washington, DC 20009-4309 in the USA. For more information about privacy, please see the Mapbox privacy policy at https://www.mapbox.com/privacy/.

f) Sharing buttons for social media

On selected pages, we offer so-called sharing buttons for the social media Twitter, LinkedIn and Xing. These buttons are provided without embedded JavaScript, in which only a static link to the sharing function of the respective platforms is stored.

g) Accounting purposes

For billing purposes (invoicing) we process the surname, first name, postal address, customer number, e-mail address, outstanding payment amount, services used and service periods. We transmit the complete invoices with the mentioned personal data for the purpose of bookkeeping, preparation of business management evaluations and commercial books, as well as for book and tax auditing to the tax consultant Bauer - Zeyner - Hülße, Blumenstraße 72, 04155 Leipzig, Germany, who is commissioned by us. This transmission and processing is necessary to fulfil legal obligations (Art. 6 para. 1 c DSGVO). In the event of default or non-payment, we will transfer all usage and billing data to a legal representative for further legal enforcement of claims. The processing is necessary for the execution or fulfilment of the contract (Art. 6 para. 1 b DSGVO). The processing of the mentioned data will be restricted to the fulfilment of legal, in particular commercial and tax law obligations to retain data immediately after all mutual claims have been met, and the data will be automatically deleted after the end of the last retention period.

h) Information about product updates and new products

In order to advertise our company’s products by telephone, letter post and e-mail, we process the surname, first name, position in the company, postal address, e-mail address, telephone number, data on the previous use of our products and services, and data on the interests (if communicated) of our existing customers. We inform existing customers at irregular intervals about innovations in our products, about our company, and general developments with relevance to our products. The processing is necessary in order to safeguard our predominantly legitimate interest (Art. 6 Para. 1 f DSGVO) in providing our customers with direct advertising for our products and thus to increase sales of our products. Data processing for direct advertising will only take place if the customer has given his consent and only to the extent that the customer can expect within the scope of the contractual relationship, without unreasonable harassment being assumed. The data will be blocked for processing for direct advertising after the enquirer has declared his objection to receiving direct advertising for our products.

i) New customer acquisition

In order to advertise our company’s products by telephone, letter post, e-mail and electronic messages via the Xing, LinkedIn and Twitter platforms, we process the surname, first name, postal address, e-mail address, telephone number, electronic identifier on the platform used in each case, the position in the company and the available information on the specific interest of the company in our products and services. Insofar as we have not received this data from the (representative of a) potential customer ourselves (e.g. as a contact at a trade fair or event, via e-mail or in the context of a phone call), we collect the data via the platform used in each case (Xing, LinkedIn or Twitter), insofar as it is generally visible there or has been released, as well as from public directories. The processing is necessary in order to safeguard our overriding legitimate interest (Art. 6 Para. 1 f DSGVO) in providing our customers with direct advertising for our products and thus to increase sales of our products. Data processing for direct advertising will only take place if this has not been objected to and only to the extent that the potential customer can expect within the scope of the contractual relationship, without unreasonable harassment being assumed. The data will be deleted or the connection on the Xing, LinkedIn or Twitter platforms terminated if the employee objects to our approach for advertising purposes. The data will also be deleted manually if during the course of the conversation it is either finally clarified that there is neither present nor future interest in the products and services of our company, or if so much time has elapsed after the potential customer has not responded that a reaction can definitely no longer be expected.

j) When contacting us by e-mail

For questions of any kind we offer you the possibility to contact us via e-mail. This requires a valid e-mail address so that we know who the enquiry comes from and can answer it. Further information within the e-mail can be given voluntarily.

Data processing for the purpose of contacting us is carried out in accordance with Art. 6 para. 1 sentence 1 lit. a DSGVO on the basis of your voluntarily given consent.

The personal data collected by us on the basis of your e-mail will be deleted after completion of your request.

k) When subscribing to the newsletter or a webinar

If you subscribe to our company’s newsletter and/or register for a webinar, the data from the input mask (e-mail address and consent) are transmitted to the Sendinblue dispatch service. The registration for our newsletter and/or a webinar is carried out in a so-called double opt-in procedure. This means that after registration you will receive an e-mail in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with other people’s e-mail addresses. When registering, the user’s IP address and the date and time of registration are stored. This serves to prevent misuse of the services or the e-mail address of the person concerned. The data is not passed on to third parties. An exception exists if there is a legal obligation to pass on the data. The data is used exclusively for sending the newsletter. The subscription to the newsletter can be cancelled by the data subject at any time. Likewise, consent to the storage of personal data can be revoked at any time. For this purpose, a corresponding link can be found in each newsletter. The legal basis for the processing of the data after the user has registered for the newsletter is Art. 6 para. 1 lit. a DSGVO if the user has given his consent. The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 (3) UWG.

3. Information disclosure

We will not transfer your personal data to third parties for any other purposes than those listed below and will only transfer your personal data to third parties if:

  • you have given your express consent in accordance with Art. 6 Para. 1 sentence 1 lit. a DSGVO,
  • the disclosure pursuant to Art. 6 Para. 1 S. 1 lit. f DSGVO is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
  • in the event that there is a legal obligation for disclosure under Art. 6 para. 1 sentence 1 lit. c DSGVO, and
  • this is legally permissible and, in accordance with Art. 6 Para. 1 S. 1 lit. b DSGVO, necessary for the processing of contractual relationships with you.

4. Contract data processing

For all of the processing activities listed in paragraph 2 a-c), we use the services of Hetzner Online GmbH, Industriestrasse 25, 91710 Gunzenhausen, Germany, as the processor (Art. 28 DSGVO). All personal data which is processed for these activities is transferred to the processor. The location of the servers used is in Germany (Nuremberg).

For all of the processing activities listed in section 2 a-c), we make use of the services of Variomedia AG, August-Bebel-Straße 68, 14482 Potsdam, Germany, as the processor (Art. 28 DSGVO). All personal data which is processed for these activities is transferred to the processor.

We offer payment via PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, within the framework of the transaction processing activities described in clause 2 c). If you choose to pay via PayPal, the payment data you enter will be transmitted to PayPal. The transmission of your data to PayPal is based on art. 6 para. 1 lit. a DSGVO (consent) and art. 6 para. 1 lit. b DSGVO (processing for the performance of a contract). You have the possibility to revoke your consent to data processing at any time. Revocation does not affect the effectiveness of data processing operations carried out in the past.

We use Sendinblue to send newsletters in accordance with point 2 j). The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany. Sendinblue is used to organise and analyse the dispatch of the newsletter. The data you enter for the purpose of receiving the newsletter is stored on Sendinblue’s servers in Germany. A transfer of data to third countries does not take place. If you do not want Sendinblue to analyse your data, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. For the purpose of analysis, the emails sent with Sendinblue contain a very small image (approx. 1x1 pixel) that connects to Sendinblue’s servers when the email is opened. In this way, it can be determined whether a newsletter has been opened. Furthermore, with the help of Sendinblue we can determine whether and which links are clicked on in the newsletter message. All links in the email are so-called tracking links, with which your clicks can be counted. The legal basis for data processing is art. 6 para. 1 lit. a DSGVO.

5. Cookies

We only use cookies on our applications (shop.empirica-regio.de, studio.empirica-regio.de) that are functionally necessary to provide the respective website. In addition to functional cookies, we also use tracking technologies on our website www.empirica-regio.de. Cookies are used to make the use of our website more pleasant for you. For example, we use session cookies to recognize that you have already visited individual pages of our applications. These are automatically deleted after you leave our site.

Cookies are small files that your browser automatically creates and stores on your device (laptop, tablet, smartphone, etc.) when you visit a page. Cookies do not harm your device, do not contain viruses, Trojans or other malware. Information is stored in the cookie that is related to the specific device used. However, this does not mean that we gain direct knowledge of your identity from this.

The data processed by cookies is required for the aforementioned purposes to protect our legitimate interests and those of third parties in accordance with Art. 6 Para. 1 S. 1 lit. f DSGVO.

You can configure your browser so that no cookies are stored on your computer. However, completely disabling cookies may mean that you cannot use all of the features of our website.

On our website www.empirica-regio.de we use performance cookies to enable you to make the best possible use of our website and to make our communication with you relevant. We take into account your preferences and only process data for analysis and marketing purposes if you give us your voluntary consent by clicking on “Accept”. The cookies are stored for 30 days and then automatically deleted. You will then need to give your consent again. The tracking technologies are integrated using the Google Tag Manager (see section 6).

6. Analysis Tools and Tracking

a) Google Tag Manager

The Google Tag Manager (GTM) is a tool for managing website tags. These tags can be used to integrate tracking codes for analysis and marketing tools. The GTM itself does not set cookies or process personal data. It only serves as an interface for triggering other tags, which in turn may set cookies or process personal data. If a deactivation has been carried out at domain or cookie level, this will remain effective for all tracking tags that are implemented with Google Tag Manager.

The use of the GTM on our website only takes place with your consent to the use of performance cookies (see section 5). You can revoke your consent at any time by calling up the cookie settings in your browser or by clicking on “Cookie settings” in the footer of the website. We would like to point out that in this case you may not be able to fully use all functions of our website.

The Google Tag Manager is used to display cookies, but only processes technical information and therefore does not require consent under the TTDSG. The legal basis for the use of the Google Tag Manager is therefore Art. 6 Para. 1 lit. f DSGVO. Our legitimate interest lies in the uniform and proper integration of cookies across different devices. The cookies used are described in the following sections b), c) and d).

b) Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “Google”). Google Analytics uses cookies.

Google will use this information on behalf of the operator of this website to evaluate your use of the website and to create reports on website activity. Google will also use this information to provide the website operator with other services related to the use of the website and the internet. We only use Google Analytics with activated IP anonymization. This means that your IP address will only be processed by Google in a shortened form. The IP address sent by your browser as part of Google Analytics will not be combined with other data from Google. The processing takes place in accordance with Art. 6 Para. 1 lit. a DSGVO on the basis of the consent you have given.

We have concluded a contract for order processing with the service provider in which we oblige it to protect our customers' data and not to pass it on to third parties.

Since a transfer of personal data by Google to affiliated companies and subcontractors in countries outside the EU and the EEA is possible, further protective mechanisms are required to ensure the level of data protection of the DSGVO. For the USA, there is an adequacy decision of the EU Commission according to Art. 45 Para. 1 DSGVO for companies with certification according to the EU-U.S. Data Privacy Framework. Google LLC is certified according to the EU-U.S. Data Privacy Framework and therefore undertakes to comply with appropriate data protection standards, which can be viewed under the following link: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/eu-us-data-transfers_en

For potential transfers to other third countries outside the EU and the EEA, for which there is no adequacy decision of the EU Commission, we have also agreed with the provider on standard data protection clauses in accordance with Art. 46 Para. 2 lit. c DSGVO. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe.

The terms of use of Google Analytics and information on data protection can be accessed via the following links: http://www.google.com/analytics/terms/de.html
https://www.google.de/intl/de/policies/

c) Google Adds

We use “Google Ads” on our website, a service provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as “Google”). We use Google Ads for marketing and optimisation purposes, in particular to display ads that are relevant and interesting to you.

If you have given us your consent in accordance with Art. 6 para. 1 sentence 1 lit. a DSGVO, we can use Google Ads to draw attention to our attractive offers with the help of advertising material on external websites. This allows us to determine how successful individual advertising measures are.

These adverts are delivered by Google via so-called “AdServers”. We use so-called ad server cookies for this purpose, which can be used to measure certain parameters for measuring success, such as the display of adverts or clicks by users.

If you access our website via a Google advert, Google Ads will store a cookie on your PC. These cookies generally lose their validity after 30 days. They are not intended to identify you personally. The following information is usually stored as analysis values for this cookie: unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), opt-out information (marking that the user no longer wishes to be addressed). These cookies enable Google to recognise your web browser. If a user visits certain pages of an Ads customer’s website and the cookie stored on their computer has not yet expired, Google and the customer can recognise that the user clicked on the ad and was redirected to this page. A different cookie is assigned to each Ads customer. Cookies can therefore not be tracked via the websites of Ads customers. We ourselves do not collect and process any personal data in the aforementioned advertising measures. We only receive statistical analyses from Google. These analyses enable us to recognise which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising material; in particular, we cannot identify users on the basis of this information. Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of Google Ads. To the best of our knowledge, Google receives the information that you have accessed the relevant part of our website or clicked on one of our adverts. If you have a user account with Google and are registered, Google can assign the visit to your user account. Even if you are not registered with Google or have not logged in, it is possible that Google will find out your IP address and store it.

As personal data may be transferred by Google to affiliated companies and subcontractors in federal states outside the EU and the EEA, further safeguards are required to ensure the level of data protection required by the DSGVO. For the USA, there is an adequacy decision by the EU Commission pursuant to Art. 45 para. 1 DSGVO with regard to companies with certification under the EU-U.S. Data Privacy Framework. Google LLC is certified in accordance with the EU-U.S. Data Privacy Framework and is therefore committed to complying with appropriate data protection standards, which can be viewed at the following link https://www.dataprivacyframework.gov/s/participant-search

For potential transfers to other third countries outside the EU and the EEA for which there is no adequacy decision by the EU Commission, we have also agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c DSGVO. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe.

Further information on the use of data by Google, on setting and objection options and on data protection can be found on the following Google websites: http://www.google.com/analytics/terms/de.html
https://www.google.de/intl/de/policies/

d) LinkedIn Ads

We use the conversion tracking technology and the retargeting function of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (hereinafter referred to as “LinkedIn”) on our website. This enables us to display personalised advertisements on LinkedIn to visitors to our website. For this purpose, a cookie, LinkedIn Insight Tag, is set in your browser with a validity of 30 days, which enables LinkedIn to recognise you if you visit this website and are logged into your LinkedIn account at the same time. LinkedIn uses this data to create anonymous reports on the performance of adverts and information on website interaction. The information generated by the cookie is usually transferred to a server in the USA and stored there

The legal basis for the processing is your consent in accordance with Art. 6 para. 1 lit. a DSGVO.

As personal data is transferred to the USA, further protective mechanisms are required to ensure the level of data protection required by the DSGVO. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 para. 2 lit. c DSGVO. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even by this contractual extension, we endeavour to obtain additional regulations and assurances from the recipient in the USA.

You can deactivate LinkedIn Insight conversion tracking and interest-based personalised advertising by opting out at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Further information on data protection at LinkedIn can be found at https://www.linkedin.com/legal/privacy-policy.

7. Rights of persons concerned

You have the right:

  • in accordance with Art. 15 DSGVO to request information about your personal data processed by us. In particular, you may request information on the purposes of processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right of rectification, cancellation, restriction of processing or opposition, the existence of a right of appeal, the origin of your data, if not collected by us, as well as the existence of automated decision making including profiling and, if applicable, meaningful information on the details thereof;
  • to demand the correction of incorrect or incomplete personal data stored by us without delay in accordance with Art. 16 DSGVO;
  • in accordance with Art. 17 DSGVO to demand the deletion of your personal data stored with us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
  • in accordance with Art. 18 DSGVO, to demand the restriction of the processing of your personal data, if the accuracy of the data is disputed by you, if the processing is unlawful but you refuse to delete it and we no longer require the data, but you require it for the assertion, exercise or defence of legal claims or you have lodged an objection to the processing in accordance with Art. 21 DSGVO;
  • in accordance with Art. 20 DSGVO to receive your personal data that you have provided us with in a structured, common and machine-readable format or to request that it be transferred to another person responsible;
  • in accordance with Art. 7 Para. 3 DSGVO to revoke your once given consent to us at any time. As a result, we are no longer allowed to continue the data processing based on this consent in the future and
  • in accordance with Art. 77 DSGVO to lodge a complaint with a supervisory authority. As a rule, you can turn to the supervisory authority of your usual place of residence or workplace or to our office for this purpose.

7. Right of objection

If your personal data are processed on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 letter f DSGVO, you have the right to object to the processing of your personal data in accordance with Art. 21 DSGVO if there are reasons for doing so arising from your particular situation or if the objection is directed against direct marketing. In the latter case, you have a general right of objection, which will be implemented by us without indicating any special situation.

If you wish to make use of your right of revocation or objection, simply send an e-mail to info@empirica-regio.de

8. Data security

We use the common SSL (Secure Socket Layer) procedure within the website visit in connection with the highest encryption level supported by your browser. As a rule, this is a 256 bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technologies instead. You can tell whether an individual page of our website is being transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.

We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

9. Actuality and change of this privacy policy

This privacy policy is currently valid and has the status July 2024.

Due to the further development of our website and offers above or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access and print out the current data protection declaration at any time on the website at https://www.empirica-regio.de/en/privacy/.