Please note that this content has been automatically translated. The original German version can be found here.
We are very pleased that you are interested in our company and the services we offer. The website for the pretest tool kvest.com is operated by EARSandEYES GmbH (hereafter referred to as “EARSandEYES”, “we” and “us”).
Our business success is based on the responsible handling of the data from our relationship with customers, business partners and respondents. In order to ensure the highest possible level of transparency and security, the following Data Privacy Notice will explain what data we collect on this website and for what purposes, how we protect this data and what rights and possibilities you have of protecting your data.
1. Basic information on the protection of your data by kvest (EARSandEYES)
We adhere strictly to the legal requirements concerning the protection of personal data and as a market research agency we undertake to comply with the quality standards of the professional bodies (BVM, ADM, ESOMAR).
We use all the latest technical and a wide range of organisational security measures in order to protect your data.
Nature and scope of data processing:
On principle, we only process the personal data of our users to the extent that this is necessary in order to provide an operational website and to offer our content and services. Personal data is any data that could be used to identify you as an individual.
Other data is collected when you provide it to us voluntarily. Individual services offered on this website, e.g. opening an account in order to use our pretest tool, using contact forms and subscribing to our newsletter, require you to supply specific personal data so that we can provide the respective service to you.
All the data collected is explained individually within this Data Privacy Notice.
We will never knowingly collect the personal data of individuals below the age of 16 without the consent of their legal guardians. We ask individuals below the age of 16 not to transmit any personal data to us without the consent of their legal guardians.
Use and sharing of data:
Personal data is stored and processed exclusively for the stated purpose.
We will only share your personal data with third parties if this is necessary for the performance of the contract (e.g. sharing data with the bank transacting payments) or if we are obliged to do so by the law or by a court order. In such cases, the scope of the data shared is however limited to the necessary minimum. The data will not be shared more extensively unless you have specifically consented to the transmission of your data. Your data will not be passed on to any third parties, for example for advertising purposes.
We retain the right to share your personal data with authorities who are entitled to receive that information even without your consent provided this is necessary in order to protect ourselves against attacks that constitute a criminal offence or that have the potential to impair or eliminate the functionality of our web offer.
Erasure of data:
We will only store your personal data for as long as is necessary. If the purpose for which the information has been collected ceases to exist, or if you so request, we will erase your personal data stored by us, or else restrict its further processing.
If the erasure of the data is prevented by statutory retention periods (e.g. duties under commercial or tax laws), the data will be stored as required but made unavailable for other purposes. Once the retention period has ended, the data will be erased unless the continued storage of the data is necessary in order to conclude or fulfil a contract.
2. Controllers and data protection officers
If you have any questions, we will be happy to help.
The controller responsible for collecting and processing your personal data on this website is EARSandEYES GmbH, represented by Susanne Maisch and Frank Lüttschwager, Haus am Fleet, Steinhöft 5-7, 20459 Hamburg, Tel.: +49 40 822 240 0, e-mail: email@example.com.
The controller is the natural or legal person who determines, alone or jointly with others, the purposes and means of the processing of personal data.
External data protection officer:
We have appointed a data protection officer for our company, as required by the law.
Shared IT Professional
3. Your rights as a user
If personal data is processed by you, you are the person concerned within the meaning of the GDPR and you are entitled to the following rights vis-à-vis the person responsible.
To exercise your rights or if you have any questions, you can contact the responsible person at any time. Simply send an e-mail to firstname.lastname@example.org . Or use our other contact channels; you can find them directly here above under 2. and in the imprint.
Right to information (Art. 15 GDPR):
You have the right to free information about your stored personal data, their origin and recipient and the purpose of the data processing at any time within the scope of the valid legal regulations.
Right to rectification (Art. 16 GDPR):
You have the right to have incorrect personal data corrected.
Right to deletion (Art. 17 GDPR):
You have the right to delete your data in particular after expiry of the legally prescribed retention periods.
Right to limitation of processing (Art. 18 GDPR):
You have the right to request the restriction of the processing of your personal data if the data processing is unlawful, if you dispute the accuracy of the data collected or if you have lodged an objection to the processing. You may also request a limitation of the processing if the data are subject to a deletion obligation due to the purpose for which they were collected, but you need them to assert legal claims.
Right of revocation (Art. 7 GDPR):
If you give us your consent, you can revoke it at any time. For this purpose, an informal e-mail notification to us is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Right of objection (Art. 21 GDPR):
You have the right to object to the future processing of your personal data if such processing is carried out on the basis of Art. 6 para. 1 lit. e or f GDPR. If you file an objection, we will no longer process your affected personal data unless we can prove compelling reasons for the processing worthy of protection which outweigh your interests, rights and freedoms or the processing serves the assertion, exercise or defence of legal claims.
Right to data transferability (Art. 20 GDPR):
You have the right to have data which we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another responsible person, this will only be done as far as it is technically feasible.
Right of appeal (Art. 77 GDPR):
In the event of infringements of data protection law, the data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, workplace or the place where the alleged infringement is suspected.
4. Collection and use of data
Automatic recording of access data:
When you access this website, the provider hosting the site will collect and store information that is automatically transmitted by your browser in so-called server log files. This includes:
The log files are stored in order to ensure the functionality of the website. Furthermore, this data is only ever used by us in an aggregate form for the statistical analysis and optimisation of our website. The data is not linked to any other data sources and can therefore not be assigned to a specific individual.
The basis for data processing is Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the technically error-free presentation and optimisation of our website – for this purpose, the server log files must be recorded.
Customer details and details of contract for the performance of a service:
We collect, process and use personal data only to the extent that this is necessary for the creation, development or modification of a legal relationship (inventory data). We only collect, process and use personal data on the utilisation of our web pages (usage data) to the extent that this is necessary in order to offer you the service or to charge you for it.
When you open an account (which is necessary in order to use the kvest pretest tool) and when drawing up your invoice in the event of a contract being concluded, we store the following data:
Without your consent, we will not share your account details with anyone else. We will only share your account details with third parties if this is necessary for the performance of the contract, e.g. sharing data with the bank transacting payments. In such cases, the scope of the data shared is however limited to the necessary minimum. Your personal data will not be shared more extensively, unless you have specifically consented to the transmission of your data.
The data will remain in our keeping until you demand its erasure, withdraw your consent to its storage, or until the purpose for which the data is stored ceases to exist. If the data is necessary for the performance of a contract or in order to take steps prior to entering into a contract, the premature erasure of the data is only possible if no contractual or statutory obligations prevent its erasure. The customer data collected will be erased once the business relationship has been terminated. Compulsory statutory requirements – in particular retention periods – shall not be affected by this.
The collection and processing of the data is based on Article 6(1)(a) GDPR (consent given when opening an account) and Article 6(1)(b) GDPR, which permits data to be processed if this is necessary for the performance of a contract or in order to take steps prior to entering into a contract. You can withdraw your consent at any time with effect for the future. To do so, simply notify us informally by e-mail.
Payment transactions on this website:
If after concluding a contract for a paid service you are obliged to transmit your payment details to us (e.g. credit card number), this data is required in order to collect the payment. Payment transactions are carried out exclusively by means of an encrypted SSL or TLS connection.
We integrate payment services of third-party companies on our website. When you make a purchase from us, your payment data (e.g. name, payment amount, bank account details, credit card number) are processed by the payment service provider for the purpose of payment processing. For these transactions the respective contractual and data protection provisions of the respective providers apply.
PayPal: In order to conduct certain financial transactions (payment by credit card, PayPal) we use Paypal. This payment service is provided by PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.
If you select PayPal as your payment method, the payment details you provide will be sent to PayPal. The provider of this service reserves the rights to conduct a credit screening of users for certain types of payment. Details about how user data is handled can be found in PayPal’s data privacy declaration: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
The payment service providers are used on the basis of Art. 6 para. 1 lit. b GDPR (contract processing) and in the interest of a payment transaction that is as smooth, convenient and secure as possible (Art. 6 para. 1 lit. f GDPR). Insofar as your consent is required for certain actions, Art. 6 para. 1 lit. a GDPR is the legal basis for data processing; consent may be revoked at any time in the future.
Contact via contact form, e-mail, phone, mail:
You have the possibility to get in touch with us via a contact form on our website as well as via our contact data (e-mail, phone, mail). Unless otherwise agreed, we will store and use the data you provide in these ways (e.g. name, e-mail address) exclusively for processing your inquiry and in case of follow-up questions. Without your consent, we will not share this data with anyone else.
The data will remain with us until you request us to delete it, revoke your consent for storage or the purpose for which the data was stored ceases to apply. Mandatory legal provisions - in particular retention periods - remain unaffected. Contractual obligations also remain unaffected if the data is required to fulfill a contract or to carry out pre-contractual measures.
The processing of the data transmitted when you contact us is based on Art. 6 para. 1 lit. b GDPR, if your inquiry is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR). Consent can be revoked at any time.
You can download documents (e.g. study results, white papers or guidelines) from our website. As a rule, it is necessary to register for our e-mail newsletter in order to obtain such materials. Our free newsletter will inform your at least once a month about our activities, current studies and other topics pertaining to market research. You can also register for the newsletter via the corresponding forms without requesting a download.
In order to register for our newsletter, you will need to provide a valid e-mail address as well as information that allows us to confirm that you are the owner of the given e-mail address and that you consent to receiving our e-mails (“double opt-in procedure”). At the same time, we will store your current IP address together with the date and time at which you registered, in case of the misuse of your data or unauthorised access. No further data is collected, or else only on a voluntary basis. This data is used exclusively for the stated purpose, i.e. for sending you the newsletter and any downloadable documents you have requested, and will not be shared with any third party without your consent.
Use of the distribution service CleverReach:
We use CleverReach for the subscription to and distribution of newsletters and downloadable documents. CleverReach is a service that allows the distribution of newsletters to be organised and analysed. The service is provided by CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede.
The data transmitted by you (e.g. e-mail address) when requesting a download or subscribing to the newsletter is stored on the servers of CleverReach in Germany or Ireland.
Your data is stored by us until you unsubscribe from our newsletter, and after unsubscribing it will be erased both from our servers and from the servers of CleverReach. For further information, please consult the data privacy statement of CleverReach at:
Note: In certain situations, e.g. when the newsletter is opened in a browser, we will redirect the recipients of the newsletter to web pages operated by CleverReach. In this connection, we would like to point out that the web pages of CleverReach may use web analysis tools over whose data collection we have no control.
Receiving personalised content:
When you register for the newsletter, you have the option of additionally consenting to receiving personalised content. By giving your consent, you allow us to collect and analyse certain data concerning our newsletter offer. This data includes:
The data collected allows us to tailor the contents of our newsletter to your individual interests. This information is largely processed automatically. It is not passed on to any third parties.
Note: Even if you have not given your consent to receiving personalised content, CleverReach may be technically able to determine certain features of your usage behaviour concerning the receipt of the newsletter. We have no influence on this.
Additional information on the analysis of your data through the CleverReach newsletter is available at:
Unsubscribing from newsletter (withdrawing consent):
If you want to prevent any data analysis whatsoever by CleverReach, you must unsubscribe from our e-mail newsletter. Each newsletter from us contains a suitable link that allows you to do this. Alternatively, you can withdraw your consent to receive the newsletter or for data to be collected for the provision of personalised contents at any time free of charge by sending an informal e-mail to us or by sending us a message via our contact form.
The data entered in the newsletter registration form will be processed on the basis of your consent (Art. 6 para. 1 lit. a GDPR). The processing of your data for sending personalised content is based on your additional consent (Art. 6 para. 1 lit. a GDPR). The use of the newsletter service provider CleverReach, the performance of statistical surveys and analyses as well as the logging of the registration procedure are based on Art. 6 para. 1 lit. f GDPR. Our legitimate interests are to use a user-friendly and secure newsletter and e-mail system that serves our business interests as well as the users’ expectations.
If you purchase services on our website, your e-mail address may be used by us to send you a newsletter. In such cases, the newsletter is used exclusively for the direct marketing of our own, similar services. The legal basis for distributing the newsletter after selling you goods or services is § 7(3) UWG (Law against Unfair Competition). You can object to receiving direct marketing at any time by sending us an informal e-mail.
External processing of data: We have entered into a contract with CleverReach to process personal data on our behalf, and we comply fully with the strict requirements made by the German data protection authorities in using the services of CleverReach.
This website uses what the industry refers to as “cookies.” Cookies are small text files that do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or they are permanently archived on your device (permanent cookies). Session cookies are automatically deleted once you terminate your visit. Permanent cookies remain archived on your device until you actively delete them or they are automatically eradicated by your web browser.
In some cases, it is possible that third-party cookies are stored on your device once you enter our site (third-party cookies). These cookies enable you or us to take advantage of certain services offered by the third party (e.g. cookies for the processing of payment services).
Cookies have a variety of functions. Many cookies are technically essential since certain website functions would not work in the absence of the cookies (e.g. the shopping cart function or the display of videos). The purpose of other cookies may be the analysis of user patterns or the display of promotional messages.
For the purpose of providing these functions, we store three cookies on the user's terminal device:
You can set your browser to inform you when cookies are saved, so that you can permit cookies on a case-by-case basis, you can stop cookies from being accepted altogether, or you can activate the automatic deletion of cookies when you close the browser. However, if you do this our website may no longer offer you its full functionality. For information about the cookie settings of your browser, please consult the help or information pages of your browser.
Telecommunications Telemedia Data Protection Act (TTDPA): The legal basis for the storage and retrieval of information in the end user’s terminal equipment is consent, according to § 25 para. 1 p. 1 TTDPA. This consent is requested when the website is called up. According to § 25 para. 2 no. 2 TTDPA, consent is not required if the storage of information in the end user’s terminal equipment or access to information already stored in the end user’s terminal equipment is absolutely necessary in order for the provider of a telemedia service to provide a telemedia service expressly requested by the user. You can see from the cookie settings which cookies are to be classified as absolutely necessary (often also referred to as “technically necessary cookies”) and therefore fall under the exemption of § 25 para. 2 TTDPA and thus do not require consent. Please note that the legal basis for the downstream processing of personal data then results from the GDPR. You will find the relevant legal basis for the processing of personal data on this website in the further course of this data protection notice.
Cookies that are required to carry out the electronic communication process or to provide certain functions that you wish to use are based on Art. 6 para. 1 lit. f GDPR saved. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of its services. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.
Insofar as cookies are used by third-party companies or for analysis purposes, we will inform you separately about this within the scope of this data protection declaration and, if necessary, request your consent.
5. Organisational and technical safety precautions
We treat your personal data with strict confidentiality and in accordance with the current data protection regulations, as well as this Data Privacy Notice. All our employees have committed themselves to confidentiality. Permissions to access internal applications are restricted to the immediate needs of the individual departments; access requires individual authentication.
Our safety precautions are state-of-the-art and comply with high, recognised industry standards. Our servers are located in Germany and are subject to the strict German standards for data protection and security.
To prevent the data you wish to transmit to us (e.g. via the contact form) from being intercepted by third parties, we have activated TLS encryption on our website. You can recognise an encrypted connection by the “https://” and the padlock symbol in your browser’s address field. Nevertheless, we would like to point out that transmitting data over the Internet (e.g. when communicating by e-mail) can be subject to security vulnerabilities. It is not possible to protect your data entirely from being accessed by third parties.
This website is hosted by an external service provider (hoster). Personal data collected on this website is stored on the host’s servers. This may include IP addresses, contact requests, meta and communication information, contract information, contact information, names, web page views, and other information generated by a website.
In order to guarantee processing in compliance with data protection regulations, we have concluded an order processing contract with our hoster. Our hoster will only process your data to the extent that this is necessary to fulfil its performance obligations and to follow our instructions with regard to this data.
6. Links to other websites
Our website contains links to other websites, to which this Data Privacy Notice does not extend. The linked external sites have their own data privacy guidelines and procedures, and we have no control over these.
Our website contains links to the services of the social networks, LinkedIn, Twitter, Facebook and Xing. We have not embedded the social plug-ins of these service providers, which means that no data is sent to the social media providers when you visit our website. Only when you click on the links or linked images will your data be transmitted to the service provider in question and stored there. If you do not want a social media provider with whom you are registered to collect data about you and link it to your membership data, please log out of your social media account before clicking on the social media link. Further information on the collection, processing and use of your data, as well as your rights and the means of protecting your data, may be found in the data privacy statements of the respective social media providers under 9. Online Presence in Social Media.
7. Use of third-party cookies and functionality
Web analytics by Google Analytics:
This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyse the behaviour of website visitors. In doing so, the website operator receives various usage data, such as page impressions, length of stay, operating systems used and the origin of the user. This data may be summarized by Google in a profile which is assigned to the respective user or his terminal device.
Google Analytics uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google on the use of this website is usually transferred anonymised to a Google server in the USA and stored there.
For the purpose of providing these functions, Google Analytics stores three cookies on the user’s device:
We have activated the IP anonymization function on this website. This means that your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before it is transmitted to the USA. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on the website activities and to provide further services to the website operator in connection with the use of the website and the Internet. According to Google, the IP address transmitted by your browser within the scope of Google Analytics is not combined with other data from Google.
Disable/object to data collection by Google Analytics:
You can generally prevent the storage of cookies by adjusting your browser software accordingly.
You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en
You can prevent the collection by Google Analytics by accessing the following link, unchecking "Usage analysis with Google Analytics" and saving the selection.
View/change privacy settings
You can find more information about the cookies and how Google Analytics uses user data at https://support.google.com/analytics/answer/6004245?hl=de and https://policies.google.com/privacy?hl=de and https://support.google.com/analytics/answer/7667196?hl=de.
The storage of Google Analytics cookies is based on your consent in the sense of Art. 6 para. 1 lit. a DSGVO. You can revoke your consent for the future at any time. Here under “View/change privacy settings” you can make appropriate settings, i.e. deactivate tracking cookies.
We’ve signed a data processing agreement with Google and, as appropriate safeguards, EU standard contractual clauses (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en) and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
We use Cloudinary to store and optimize the display of videos in real time. The service provider is Cloudinary Ltd. 111 W Evelyn Ave, Suite 206 Sunnyvale, CA 94086, USA.
If you would like to conduct a kvest test with videos and upload a video file to our website, it will be stored on Cloudinary's servers. Cloudinary only grants us access to this data, which we use to display it on our pages. We’ve signed a data processing agreement with Cloudinary and EU standard contractual clauses (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en) as appropriate safeguards and fully implement the strict requirements of the German data protection authorities when using Cloudinary.
Cloudinary offers a content delivery network using DNS. Each time you access one of our sites that provide content via Cloudinary, a connection is established to Cloudinary's servers and a Java Script is executed. This enables Cloudinary to analyze the traffic between your browser and our website and act as a filter between our servers and potentially malicious traffic from the Internet. Cloudinary may also use technology to recognize Internet users, but only for the purpose described here. The information collected by Cloudinary is typically transferred to and stored on a Cloudinary server in the United States. We have no influence on this data transfer.
The use of Cloudinary is based on our legitimate interest in offering users an upload function for video files, as well as the most error-free and secure provision of our website (Art. 6 para. 1 lit. f GDPR).
Our data privacy notice may change as a result of legal requirements or the ongoing development of our website and new services, technical procedures and data protection measures that may result from this. We therefore reserve the right to adapt our Data Privacy Notice at any time to reflect those changes. The current version reflects the status of July 2021.
9. Online presence in Social Media
We maintain publicly accessible profiles on social networks. The social networks we use in detail can be found below.
Social networks such as Facebook, Google+ etc. can usually analyze your user behavior comprehensively when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). When you visit our social media sites, numerous data protection-relevant processing processes are triggered. In detail:
If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your terminal device or by recording your IP address.
With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-related advertising can be displayed inside and outside the respective social media presence. If you have an account with the respective social network, interest-related advertising can be displayed on all devices on which you are logged in or were logged in.
Person responsible and assertion of rights
If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing processes triggered during this visit. You can assert your rights (information, correction, deletion, restriction of processing, data transferability and complaint) both against us and against the operator of the respective social media portal (e.g. against Facebook).
Please note that despite our joint responsibility with the social media portal operators, we do not have full influence on the data processing procedures of the social media portals. Our options are largely based on the corporate policy of the respective provider.
The data collected directly by us via the social media presence is deleted from our systems as soon as the purpose for its storage no longer applies, you request us to delete, your consent to storage revoke or the purpose for data storage no longer applies. Stored cookies remain on your end device until you delete them. Mandatory legal provisions – in particular retention periods – remain unaffected.
Social networks in detail
We use the short message service Twitter. The provider is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.
You can customize your Twitter privacy settings in your user account. Click on the following link and log in: https://twitter.com/personalization
We have a profile at LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
LinkedIn uses advertising cookies. If you would like to disable LinkedIn advertising cookies, please use the following link: : https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
We have a profile at Facebook. This service is provided by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. According to Facebook, the collected data is also transferred to the USA and other third countries.
We have entered into a Controller Addendum agreement with Facebook. This agreement defines the data processing operations for which we or Facebook are responsible when you visit our Facebook fan page. You can view this agreement under the following link: https://www.facebook.com/legal/terms/page_controller_addendum
You can adjust your advertising settings independently in your user account. To do so, click on the following link and log in: https://www.facebook.com/settings?tab=ads