Privacy Policy

 

§ 1 Scope of Application

We would hereby like to provide you with information about the processing of personal data when

  • you visit our website and/or make use of our online services available at https://www.kuppingercole.com/ (hereinafter referred to as "our website"), including for example signing up as a KuppingerCole user and/or registering for and attending our webinars and/or webcasts;
  • you sign up for and attend our KuppingerCole events (https://www.kuppingercole.com/conferences)
  • you purchase our products and services.

§ 2 Details of the controller and the data protection officer

Our details as controller are:
KuppingeCole Analysts AG
Wilhelmstr. 20-22
65185 Wiesbaden
Germany
Email: service@kuppingercole.com
Contact controller: Data Subject Request

Our external data protection officer's details are:
Dr. Karsten Kinast, LLM
KINAST Rechtsanwaltsgesellschaft mbH
Hohenzollernring 54
D-50672 Köln
Telefon: +49 (0)221 – 222 183 – 0
Telefax: +49 (0)221 – 222 183 – 10
E-Mail: mail@kinast-partner.de

§ 3 Which personal data is collected/processed and used by us?

a) Website, Online Services and Purchase of products

You can use a large part of our website without disclosing your personal data. Access data is stored which is not personally identifiable, for example, the name of your internet service provider, the website from which you are visiting us, the names of the requested data files and the date that they are retrieved. This data is only analysed in order to improve our website and does not allow us to deduce information concerning you as a person.
If you want to use the services offered by us on our website, such as ordering a newsletter, you will however need to disclose additional information. This involves data that is required for processing purposes, for example, your email address when ordering a newsletter.

We use the data collected by us via yourself for providing the products and services offered by us, for answering your questions and for operating and improving our web pages and applications.

We only use your personal data so that we can offer you an extensive service via our website or, if you use our contact form or our email service, so that we can provide the requested service. No other use is made of your personal data.

Transmission of your personal data to third parties or using your data for advertising purposes without your consent does not, except in the cases described below, happen unless we are obliged by law to release data (information to law enforcement authorities and courts; information to public bodies that receive data on the basis of statutory regulations, for example, social insurance institutions, tax offices etc.) or if, for the purposes of enforcing our claims, we use the services of third parties who are bound by professional secrecy.

Personal data is in particular used as follows:

  • Sign up / personal profile
    If you register with KuppingerCole, your email address is stored by us first of all so that we can send you new login data if you ever forget this. In addition, we store your user name, your company and password to enable you to log in conveniently and easily to your account and we also store the mandatory data which includes your first and last name (mandatory fields are marked with a *; any additional data like your academic title is voluntary).

    You may also create and edit your personal profile at any time. Your personal profile includes your first and last name, your phone number, your email address and your company‘s name and address (street, postal code, city) as mandatory data. Additionally you may input your academic title, your fax number, your twitter, your department, your position, your country and whether you are a journalist or blogger as voluntary data.

    This data is used by us to provide our services offered via our website. The legal basis for processing the mandatory personal data is based on Art. 6 (1) (b) GDPR[1].
  • Purchase
    When you order products or services at KuppingerCole, we store your first and last name and your company‘s name and address (street, postal code, city), your country, your email address  and your payment method as mandatory data. Additionally we may store your purchase order number and department as voluntary data. We use your personal data obtained during ordering products and services solely to process and execute your order.

    If you choose to pay via Telecash, we pass on your email address, first and lastname as well as the amount due to TeleCash GmbH & Co. KG. If you choose to pay via PayPal, we pass on your email address as well as the amount due to PayPal (Europe) S.à r.l. et Cie, S.C.A..

    The legal basis is Art. 6 (1) (b) GDPR.

    Moreover, your data may be transferred to external auditors and/or tax authorities for auditing purposes. The data will also be stored in accordance with statutory retention periods pursuant to § 146 of German Revenue Code (AO) and/or § 257 of German Commercial Code (HGB) and deleted upon expiry of the respective retention periods.The legal basis is Art. 6 (1) (c) GDPR.
  • Webinars / Webcasts
    As a registered KuppingerCole user you can also register for our Webinars and Webcasts. For doing so, it is required that you create your personal profile as mentioned above under Sign up/personal profile.
    We use the data from your personal profile to provide our webinars and webcasts offered via our website. The legal basis for processing the personal data is based on Art. 6 (1) (b) GDPR.

    We also submit this data to the sponsors of the particular webinar or webcast to enable them to contact you and to do follow-up marketing as well as research. The legal basis for processing your personal data this way is our legitimate interest according to Art. 6 (1) (f) GDPR, which would be the participation of our sponsors, which contribute large portions of the costs of the Webinars / Webcasts.

    We will share the aforementioned subset of your personal data with other participants of the particular Webinar / Webcast only if and in as far as you consented. The legal basis for processing your personal data this way is Art. 6 (1) (a) GDPR.
  • Forum / social platform
    The user has the opportunity to post voluntary impressions, statements, photos and videos in the forum or on the notice board. Each user decides independently, at his/her own discretion, what data he/she would like to disclose about himself/herself and which data should not be disclosed.

    KuppingerCole reserves the right to delete a publication at any time without stating reasons. There is no entitlement to publication. The legal basis for processing your personal data is based on Art. 6 (1) (a) GDPR.
  • Contact form
    If you opt to send enquiries to us using our contact form, we will ask you for your first names and surname and your email address. In addition you can submit your individual message to us using the message box.

    You have the choice of whether or not to disclose this data to us. However without this data we cannot comply with your contact request. The legal basis for processing your personal data is Art. 6 (1) (a) GDPR.
  • Use of cookies
    In conjunction with the retrieval of information requested by you, data is only stored on our servers in anonymised form in order to provide our various services or for evaluation purposes. In this connection general information is recorded, for example, when and which contents are retrieved from our website or which web pages are visited the most frequently.

    We use so-called "cookies" (small text files with configuration information).

    Cookies are small text files which, when you visit our web pages, are sent from our web server or – as mentioned below – from a third party web server to your browser and are temporarily stored on your computer for retrieval at a later date. Apart from the use with services mentioned below. We only use so-called session cookies (also referred to as temporary cookies), that is, cookies that are only stored temporarily whilst you are using our web pages.

    The cookies used serve in particular to determine the frequency of use and the number of users of our websites. They also serve to identify your computer when visiting our website and switching from one of our web pages to another of our web pages and to determine the end of your visit. Thus we learn which area of our websites and which other websites our users have visited. This usage data does not however allow conclusions to be drawn about the user. All of this usage data that has been collected in anonymised form is not merged with your personal data in accordance with § 3 of this data privacy statement and is deleted immediately once the statistical analysis has been completed. Cookies sent from our web server are deleted, once the session has ended and as soon as you have completed your browser session, whereas cookies sent from third party web servers may be stored as mentioned below.

    The legal basis for processing your personal data is Art. 6 (1) (f) GDPR.
  • Integration of social plug-ins
    Our websites also contain plug-ins of various social networks. "Facebook" (Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA), "Google+" "YouTube" (Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) and "Twitter" (Twitter, Inc. 1355 Market St, Suite 900, San Francisco, CA 94103, USA).

    These are operated exclusively by the respective provider. The plug-ins are, within the context of our online presence, identified by the respective button belonging to the service. When visiting a subpage on our websites that contains such a plug-in, your browser establishes a link to the servers of the respective service, whereby the content of the plug-in is transmitted once again to your browser and is integrated by this into the displayed web page. Thus the information about the visit to our website is passed on to the respective service. If, whilst visiting our website, you are at the same time registered with the respective service via your personal user account (for example, via another browser session), this can allocate the visit to our website to your account.

    With the help of the plugin, users can share or post links to corresponding web pages in social networks such as Twitter, Facebook or Google +1 and can recommend the contents there. As a result of your active interaction with these plug-ins, for example by clicking on the respective button or by leaving a comment, the corresponding information is transmitted directly to the service and is stored there.

    If you want to prevent such a data transmission, before visiting our web pages you must unsubscribe from your user account with the respective service. For information regarding the extent and purpose of the data collection by the respective service as well as the additional processing and use of your data there, please refer directly to the data protection notices on the website of the service (https://www.facebook.com/about/privacy/, https://www.google.com/intl/en/policies/privacy/, http://twitter.com/privacy). You will also receive further information there about your corresponding data pro-tection rights and configuration options to protect your privacy.

    Please note that in this context data processing outside the European Union / the European Economic Area may occur. Google and Facebook have accepted the provisions of the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

    The legal basis for processing your data is based on Art. 6 (1) (f) GDPR.
  • Google Analytics / Google Remarketing / Act-On Beacon Tracker
    This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses “cookies” (as defined above). The information generated by the cookie about your use of this website will usually be transmitted to a Google server in the USA and stored there. If need be, Google will also transfer this information to third par-ties if this is required by law or if third parties are processing this data on behalf of Google. If IP anonymization is activated on this website, your IP address will however be truncated by Google within the area of Member States of the European Union or in other countries which are party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. We must point out that on this website Google Analytics was expanded by the code "{ anonymizeIp: true }" in order to guarantee an anonymised collection of IP addresses (so-called IP Masking).

    Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing them with other services relating to website use and Internet usage. The IP address transferred by your browser during the use of Google Analytics will not be associated with any other data held by Google. You may prevent the storage of cookies by selecting the appropriate settings in your browser software, however, please note that if you do this, you may not be able to use the full functionality of this website.

    Furthermore, you can prevent the collection of data generated by the cookie which relates to your usage of the website data by Google by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout

    More detailed information on this can be found at http://tools.google.com/dlpage/gaoptout or at http://www.google.com/intl/en/analytics/privacyoverview.html (general information about Google Analytics and data protection).

    Furthermore this website uses Google AdWords Remarketing, another web analysis service provided by Google. Google AdWords Remarketing uses cookies (as defined above) in order to serve you with tailored advertisement on websites of the Google Content Network based on past visits to this website. This allows us to market our services to those who have shown interest in them. You can prevent the collection of data generated by the cookie by Google regarding Google AdWords Remarketing on www.google.de/settings/ads. Alternatively you will find detailed information on how to deactivate the usage of cookies on http://www.networkadvertising.org/choices.

    An other third party service this website uses is called Act-On Beacon Tracker. This service enable us to analyze the usage of our web service and also ensures a high quality of customer service. This tool also uses “cookies”, but only with an opt-in permission. You will be asked for permission by a pop up message of your browser in order to generate such a text file. Our service on the webpage will be provided even if you decline to create such a tracking cookie. A permission is not essential to access your service.

    The information generated by the Act-On Beacon Tracker will be exclusively stored at Amazon Web Services’ (AWS) data centers within the Amazon cloud in Ireland (Dublin) and Germany (Frankfurt) located within the European Union. Even if you have accepted to create a tracking cookie you may delete it pursuant the opportunities of your web browser.

    Please note that in this context data processing outside the European Union / the European Economic Area may occur. Google has accepted the provisions of the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

    The legal basis for processing your data is based on Art. 6 (1) (f) GDPR.

b) KuppingerCole Events

Additionally to processing your personal data according to the purchase of any other service of KuppingerCole, as detailed above under „Purchase“, we process your personal data as follows, if you attend a KuppingerCole event (for example our yearly European Identity & Cloud Conference):
A subset of your personal data, namely

  • your first and last name,
  • your firm or employer‘s name,
  • your business email address,
  • the country you or your firm or employer is located and
  • the event you attended,

will be printed on a badge handed out to to you, which may contain a QR-code with your data. This badge will serve as admission document and may be checked at the entrances or on the premises of the event. Furthermore, the aforementioned subset of your personal data will be submitted to and processed by the sponsors of the event in order to enable them to contact you and to do follow-up marketing as well as research. The legal basis for processing your personal data this way is our legitimate interest according to Art. 6 (1) (f) GDPR, which would be:

• security of our events and admission control;
• participation of our sponsors, which contribute large portions of the costs of the events.

We will share the aforementioned subset of your personal data with other participants of the particular event only if and in as far as you consented. The legal basis for processing your personal data this way is Art. 6 (1) (a) GDPR.

c) Processing for marketing purposes

  • Newsletter
    In order to be able to register for our email newsletter service, in addition to your consent we need, as a minimum, your email address to which the newsletter should be sent. Any other data is given voluntarily and will be used so that you can be contacted personally, the content of the newsletter can be personalised and any queries about the email address can be clarified. You have the choice of whether or not to disclose this data to us. However without your email-address we cannot send our newsletter to you.

    We use the so-called double opt-in process for sending the newsletter, that is, we will only send you the newsletter if you confirm your registration beforehand via a confirmation email sent to you for this purpose using the link contained therein. Thus we can ensure that only you yourself, as the owner of the email address, can register for the newsletter. Your confirmation relating to this must follow promptly after receiving the email confirmation as otherwise your newsletter registration is automatically deleted from our database.

    When registering for the newsletter, your email address is used for in-house advertising purposes until you unsubscribe from the newsletter. In order to unsubscribe you can either submit a Data Subject Request via this form or cancel the registration via the link at the end of the newsletter. The legal basis for processing your personal data is Art. 6 (1) (a) GDPR.
  • Promotion of similar own products
    We use the mandatory data provided in connection with the purchase of our products or the use of our services (for example: Webinars / Webcasts; visit of our Events) as well as voluntary information provided in order to provide you with offers tailored to your interests. We process the data collected in connection with the use of our services only to provide you with the best possible support regarding your interests and to point out interesting options for you regarding our products and services. In particular, we will use your email address to promote similar own products and services. The legal basis for processing your personal data this way is our legitimate interest according to Art. 6 (1) (f) GDPR (in conjunction with recital 47 of the GDPR) and Art. 13 (2) Directive 2002/58/EC respectively.

§ 4 How do we process your personal data within the KuppingerCole group of companies?

We are part of a group of undertakings affiliated to a central body.

As a group of undertakings affiliated to a central body we have a legitimate interest in transmitting personal data within the group for internal administrative purposes, including the processing of our customers’ or suppliers’ personal data. In particular, those purposes are the following: Like with other corporations our event production sites, service centers and administration departments at KuppingerCole group are distributed across our member companies. We collaborate with other member companies of the KuppingerCole group in order to provide our products and services to you or your employer, if you or your employer are our customer, or – if you or your employer are our supplier – in order to receive your products and services from you or your employer.

To enable you to exercise your rights regarding your personal data all members of the KuppingerCole group mutually agreed to honour such rights directly from and towards you, even if you should not have a contractual relationship with that particular member company. This enables you to exercise your rights regarding your personal data, in particular those mentioned under §§ 6-9 of this Privacy Policy, directly against any member of the KuppingerCole group in concern. The essence of this arrangement is available to you at: service@kuppingercole.com.

Processing your personal data in the KuppingerCole group is based upon Art. 6 para. 1 (f) GDPR, additionally to the legal basis mentioned above under § 3.

§ 5 Information on your personal data stored by us/duration of storage/deletion

We store your personal data for as long as we are obligated to do so by applicable laws and regulations, or, in lack of the foregoing, until the purpose of processing your personal data has been reached.
In event we enter into a contract with you, we will store your personal data until the ending of this contract and beyond, in as far as we are obligated to do so by applicable laws and regulations, or in event we need this data to fulfil our post contractual duties under the business relationship, or to rebut claims raised against us.

Where processing your personal data is based purely on your consent, we store your personal data until the purpose of processing your personal data has been reached or you should withdraw your consent, whichever will occur first, unless we are obligated to store your personal data for a longer period by applicable laws and regulations.

You can at any time check, amend or delete the personal data made available to us by logging in to your user account and processing the data yourself or by submitting a Data Subject Request via this form. If you delete your user account once and for all, the data stored in the user's user account is automatically totally deleted. A request for deletion is not required. If you want the stored data to be deleted, following your request this will also be deleted immediately. If, for legal reasons, deletion is not possible, the respective data will be blocked instead. Please note however that, if your data is deleted, we are no longer able to offer you the services described here.

If the user deletes his/her user account once and for all, the data record stored in the user's user account is automatically totally deleted.

§ 6 Revocation of consent

We would like to point out to you that where data processing is based on Art. 6 (1) (a) GDPR („consent“) you can revoke your consent at any time with effect for the future. To do so please submit a Data Subject Request via this form.

§ 7 Data protection rights

You shall have the right to

  • obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, obtain access to the personal data (Art. 15 GDPR, „right of access“)
  • obtain from us the rectification of inaccurate personal data concerning you and to have incomplete personal data completed (Art. 16 GDPR, „right to rectification“)
  • obtain from us the erasure of personal data concerning you, unless processing is necessary for exercising the right of freedom of expression and information; for compliance with a legal obligation; for reasons of public interest or for the establishment, exercise or defence of legal claims (Art. 17 GDPR, „right to be forgotten“)
  • obtain from us restriction of processing where the accuracy of the personal data is contested by you; the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; we no longer need the personal data for the purposes of the processing but they are required by you for the establishment, exercise or defence of legal claims; or you have objected to processing according to Art. 21 GDPR (Art. 18 GDPR, „right to restriction of processing“)
  • receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller (Art. 20 GDPR, „right to data portability“).

In order to exercise your aforementioned rights, please submit a Data Subject Request via this form.

§ 8 Right to object

Where data processing is based on Art. 6 (1) (e) or (f) GDPR, we hereby inform you on your right to object at any time to processing of your personal data for aforementioned legitimate interests, based on grounds relating to your particular situation. In this event, we shall no longer process your personal data, unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. Where personal data is processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

In order to object, please submit a Data Subject Request via this form.

§ 9 Right to lodge a complaint

We shall hereby inform you about your right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR (Art. 77 GDPR, “right to lodge a complaint”).

§ 10 Security measures to protect the personal data stored by us

We undertake to protect your personal data. To prevent a loss or unauthorised use of the personal data stored by us, we take extensive technical and organisational security precautions that are checked regularly and are adapted to technological progress. For example, we make use of firewalls, data encryption as well as access control and even physical measures to protect your personal data.

§ 11 Transfer of data to companies outside the EU / EEA

In some cases we transfer personal data according to this Privacy Policy to our sponsors or to other entities within the KuppingerCole group that are based in countries outside the EU / EEA. Where data is being transferred outside the EU / EEA, we will provide for an adequate level of data protection by concluding EU Standard Contractual Clauses, unless the recipient of the data is validly registered with the US Data Privacy Shield or other Data Privacy Shields, the exemptions of Art. 49 GDPR apply, or the EU Commission has decided that the recipient country provides for an adequate level of data protection. You shall be entitled to receive a copy of those guaranties safeguarding protection of your personal data at any time at: please submit a Data Subject Request via this form.

§ 12 Changes and Amendments

As changes in legislation or our internal processes may render it necessary to modify this Privacy Policy, we must reserve the right to do so from time to time. The current Privacy Policy can be retrieved, saved and printed out at any time by accessing our website at https://www.kuppingercole.com/. Please check regularly.

As of August 2018


[1]  General Data Protection Regulation; REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016, repealing Directive 95/46/EC

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00