Data privacy notice
This policy is intended for all visitors to our website, our employees, applicants, customers and partners and is always important if we receive data about you. Therefore, it doesn’t matter whether you have become a customer or even if a contractual arrangement exists between us. In each case, this policy should make it to transparent for you how we deal with data.
In the following, we explain which information is collected during your visit to our website, how we use this information and for what purpose and who we share it with. In addition, we explain your rights in relation to the processing of your personal data, such as right to information, rectification, objection and erasure.
1. Data controller
Within the legal meaning of Data, the Data Controller is the company named in our ‘Imprint’ on our website. You can also contact our management representatives mentioned there or contact our Data Protection Officer. A Data Protection Officer is not bound to the instructions given by management. You can contact them by email at email@example.com or by post at the address stated in the ‘Imprint’ with the note ‘for the attention of the Data Protection Officer’.
2. Procedure and purpose of storage
When you visit our website, your computer transmits your IP address to us, and depending on the nature of your visit to our website and your computer’s settings, we save small text files on your hard drive (‘Cookies’) as part of this process. We create these files so that our website functions better for you. It is a form of short-term memory of your browser. You can switch off this short-term memory by making the appropriate adjustments within your browser.
We also place text files on our system, which could contain the following information about you: type of browser and browser version, operating system used, the URL of the website which you came from, the name of your computer and the time of your visit (‘Log files’). The Log files are not assignable to a specific person by us.
We do not combine this Data with Cookies or IP addresses. We do, however, reserve the right to subsequently assess this Data in individual cases if there are specific reasons that indicate unlawful use. The Log files help us to understand on which kind of computers our web pages must function and when a particularly large (or small) number of people are using our web pages. In this way, website structure, servers and database systems can be adjusted accordingly.
When you create a user account with us or enter into a contract with us as a customer (e.g. by ordering goods, having a newsletter sent to you, etc.), we create a customer account for you in our system. This account contains the master data that you have provided to us, your order and, where applicable, your billing data (‘Customer data’). We store and process this Data because otherwise we cannot fulfil our contract with you. If you enter into a contract with us as a customer, we also use your Customer data in order to inform you about current campaigns and attractions that we are promoting, provided that you have not objected to the use of your Data in this way.
If you send us an application, we will use all of the information provided therein in order to process your application. If you receive a rejection, your Data will be deleted six months after the rejection unless you authorise us in advance to contact you again in the future.
If you are our employee, we will store your application documents, master data, billing data and your insurance data for the execution of the contract of employment, insofar as this is necessary for simpler administration and execution of the contract. This is managed with the help of the partner companies listed below.
3. Basis for the storage
In most cases, the most important basis for the storage is your agreement with us, irrespective of whether you register for a newsletter on our website or if you have negotiated a contract with Statista for your employer. The following bases are possible:
- Your consent in accordance with Article 6 (1) (1) (a), Article 7 General Data Protection Regulation (GDPR) (e.g. for product information or advice by means of our newsletter)
- Fulfilment of the contract, which you or your employer are parties to, or to fulfil pre-contractual obligations to you in accordance with Article 6 (1) (1) (b) GDPR
- Legitimate interests of Statista in accordance with Article 6 (1) (1) (f) GDPR (e.g. for the preparation, maintenance, protection and improvement of our services, for the development of new services and for our own protection and for the protection of our users, to further improve the security of our IT systems or to communicate with you)
In addition, legal obligations in accordance with Article 6 (1) (1) (c) GDPR can be a basis, for example, to fulfil and comply with applicable laws, provisions or legal procedures or an enforceable official directive.
4. Location of the storage and disclosure of Data to third parties
We don’t process your Data entirely by ourselves. In processing your Data, we also use programmes and services from other companies (‘Tools’). We will occasionally change the Tools we use if this seems reasonable to us on the basis of legal, technical or economic considerations.
To ensure global access by our customers to our offering (if, for example, you want to access Statista while on a business trip abroad or if your company has multiple branches), we store Customer data globally. The storage locations are:
- United States of America
- United Kingdom
We currently use the following Tools for the administration and preparation of Data (in particular Customer data, IP address, Cookies and Log files):
- Google Analytics (measurement of traffic on the website)
- Amazon Web Services (website operation, server space)
- Datev (administration of master data, accounting)
- Personio (personnel management)
- Hrworks (travel expense accounting)
- Microsoft Exchange Server (contact data, emails)
- Mailchimp (contact data, emails to large groups)
- Contact Monkey (email tracking)
- Pendo (use analysis and user communication)
- Userlike (provision of service chat windows on the website)
- Salesviewer (lead generation and analysis)
- Stripe (processing of payments)
- Nfon (internal and external calls)
- Limesurvey (expert surveys)
- Keyingress (opinion research and market research)
If you prohibit the use of these Tools, we may not be able to fulfil existing contracts between us or may need to switch to solutions that are less convenient for you.
Additional information about data processing using Google Analytics can be found at the following link: www.google.com/policies/privacy/partners/
5. Procedure and deletion periods
We use the standard procedure to secure the Data, and thus create rights and roles in applications, ensure backups and upgrades are carried out in our systems if this is advisable in accordance with the state of technology.
We store your Data until the completion of the task for which you provided the Data to us or until the expiry of the legal retention periods. These are derived mainly from section 257 HGB (German Commercial Code), where the storage of business documents is regulated. In the case of applications and employment contracts, we may also have a legitimate interest in the continued retention of such Data as a result of questions with respect to the execution of the application process or in relation to the issue of billing.
You have the legal right to obtain information about the Data we have stored about you at any time. If, despite our efforts to ensure data is correct and up to date, incorrection information is stored about you, we will rectify such data as quickly as possible upon your request. If processing of the Data is based on your consent, you can withdraw your consent to this processing of your Data at any time in the future.
7. Supervisory authority
If you feel that we are not fulfilling our information obligations towards you, you have the right to lodge a complaint with a supervisory authority (e.g. the Data Protection Officer of the Federal States in Germany) at any time.
8. Voluntarily provided Data
In order to conclude and execute contracts between you and us, the processing of your Data to the extent described above is necessary. Withdrawal of your consent to data processing thus only affects such Data that we do not require in order to execute the contract, rather information that you have also voluntarily provided to us.
If we intend to continue to process such Data for a purpose other than the purpose for which you have provided us with the Data, we will provide you with specific information about this other purpose and the reason behind our intentions prior to processing this Data.