PRIVACY POLICY – USE OF YOUR DATA
GENERAL INFORMATION
The legal provisions underlying the processing are, in particular, the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).
Personal data is any information relating to a person who is either already identified or who can be identified from this information. Identifiability can be achieved either by combining the available information or by taking additional measures, for example, assigning a name identifier, an identification number, location data, an online identifier, or by searching generally accessible information pools such as databases, libraries, or the Internet.
RESPONSIBLE FOR DATA PROCESSING
com.X Institute
Ehrenfeldstraße 34
44795 Bochum
Data Protection Officer: Ricarda Delasauce (ricarda.delasauce@comx-forschung.de)
TYPE OF DATA COLLECTED
When you participate, we collect the data you provide when completing the online questionnaire. For panel surveys, we also collect the code assigned to you by your panel service. This is used exclusively for billing purposes.
RECIPIENTS OF THE DATA COLLECTED
The data collected is generally only available to com.X. If it is necessary to pass on personal data to the client commissioning the study for research purposes, the study participants will be informed of this before they take part in the study. Our clients are also obliged to comply with the com.X data protection policy, which means that the data they transmit may only be processed for limited and precisely defined purposes that are in accordance with the consent you have given.
The survey is conducted using Limesurvey. Limesurvey has the ability to access the collected data in the event of technical emergencies. In this case, there is a data processing agreement between Limesurvey and com.X.
PURPOSE OF DATA PROCESSING
Personal data is used exclusively for study purposes. For methodological reasons, we can often only state the purpose of the specific study at the end of the survey. If we collect data in a survey that identifies individual participants, we store this data separately from the rest of the survey data. The results of the study are exclusively anonymous, statistical data in which no individuals can be identified.
LEGAL BASIS FOR PROCESSING
The legal basis is the consent of the survey participants (Art. 6(1)(a) GDPR) for the questionnaire information provided by the participants. The legal basis for the collection of technically necessary access log files by the web host is Art. 6(1)(e) and (2) GDPR in conjunction with Section 5 of the German Federal Office for Information Security Act (BSI-Gesetz).
STORAGE PERIOD
The web host data (access log files) collected for technical reasons will be automatically deleted three days after the survey has been completed or terminated. Any personal data relating to survey participants will be irrevocably deleted at the latest after the study has been completed.
RIGHTS OF DATA SUBJECTS
Study participants have the right to withdraw their consent to participate at any time without giving a reason.
Insofar as your personal data is processed, you are a data subject within the meaning of the GDPR. In this respect, you have the following rights vis-à-vis com.X as the controller within the meaning of the GDPR:
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
These rights do not apply to completely anonymous surveys, as the data set belonging to you cannot be identified.
In any case, data subjects have the right to lodge a complaint with a data protection supervisory authority in accordance with Art. 77 GDPR.
Please contact our data protection department to exercise your rights. You can contact us by email at: ricarda.delasauce@comx-forschung.de
or by letter to:
com.X Institute for Communication Analysis & Evaluation
Data Protection
Ehrenfeldstr. 34
44789 Bochum
COM.X
com.X Institut is registered in the Federal Data Protection Register. In addition, as a member of the BVM Professional Association of German Market and Social Researchers, we are not only bound by the legal provisions of the EU General Data Protection Regulation (GDPR) in conjunction with the Federal Data Protection Act (BDSG – new), but also by the professional rules of market and social research.
The collection, processing and use of personal data by com.X is carried out in accordance with the legal provisions of data protection and the joint guidelines of the Working Group of German Market and Social Research Institutes (ADM), the Working Group of Social Science Institutes (ASI) and the BVM.
All com.X employees have undertaken to maintain confidentiality and observe data protection regulations. com.X Institut has taken appropriate technical and organisational security measures (Art. 32 GDPR) to ensure compliance with the legal requirements for data processing security (Section 64 BDSG – new, requirements for data processing security). In the event that partial services are outsourced to processors, com.X remains responsible for compliance with the provisions of the GDPR and other data protection regulations.
