eye square is committed to protecting and respecting your privacy. As a global business, eye square is committed your privacy, and our obligations under the data protection laws which apply in your region (such as the General Data Protection Regulation (GDPR) or the California Consumer Protection Act (CCPA)).
The Professional Association of German Market and Social Researchers (Berufsverband Deutscher Markt- und Sozialforscher e. V.) (BVM) and the Working Group of German Market and Social Research Institutes (Arbeitskreis deutscher Markt- und Sozialforschungsinstitute e.V. (ADM) have joined forces with the Association of Social Science Institutes (Arbeitsgemeinschaft Sozialwissenschaftlicher Institute e. V.) (ASI), and the German Society for Online Research (Deutsche Gesellschaft für Online-Forschung e. V.) (DGOF) to issue guidelines that define our activities and which we consider to be mandatory for our work. They set out how the requirements of privacy and data protection should be translated into the practice of market and social research.
The professional standards include e.g. the ICC/ESOMAR “International Code on Market and Social Research” referred to in short as the ESOMAR code, and the ESOMAR guidelines issued by ESOMAR for various areas of market and social research. For details, please refer e.g. to:
The above-mentioned German institutes and professional associations have also issued a “Declaration for the territory of the Federal Republic of Germany concerning the ICC/ESOMAR International Code of Market and Social Research” which modifies some of the provisions of the ESOMAR Code.
Read our testing software specific privacy policies here: https://www.eye-square.com/en/software-privacy-policy/
The data controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the Member States of the EU as well as other data protection like the California Consumer Protection Act (CCPA) provisions is:
eye square GmbH
Schlesische Strasse 29-30
The data protection officer of the data controller is:
PSW GROUP Consulting GmbH & Co. KG
Flemingstr. 20-22 . 36041 Fulda . Hessen . Germany
In principle, we only process personal data of our users to the extent necessary to offer a working website and our content and services. We only routinely process personal data of our users with the user’s consent. This does not apply to cases where prior consent cannot be obtained for factual reasons and the processing of data is permitted by law.
The legal basis for data processing where we have obtained consent from the data subject is Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) or the law which applies in you region (such as CCPA).
Where the processing is necessary for the performance of a contract to which the data subject is a party, the legal basis will be Article 6 (1) (b) GDPR. This also applies to processing necessary to implement pre-contractual measures.
Where processing is necessary for compliance with a legal obligation to which our company is subject, the legal basis for processing will be Article 6 (1) (c) GDPR.
The legal basis for processing necessary to protect the vital interests of the data subject or of another natural person is Article 6 (1) (d) GDPR.
Where processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party and such interests are not overridden by the interests or fundamental rights and freedoms of the data subject, the legal basis for processing will be Article 6 (1) (f) GDPR.
The personal data of the data subject will be deleted or blocked as soon as the data is no longer required for the purpose for which it was originally stored. In addition, such storage may be provided for by Union or national laws, regulations or other provisions to which the controller is subject. The data will also be blocked or erased upon expiry of the storage period prescribed by the laws and regulations specified above, unless there is a need to continue storing the data for purposes of contract conclusion or performance.
Our carefully selected partners and service providers may process personal information about you on our behalf as described below:
Digital Marketing Service Providers
We periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information.
Our appointed data processors include:
Every time you visit our website, our system automatically collects data and information from the computer system of the calling computer.
The following data is collected:
The data is also stored in the log files of our system. This does not affect the IP address of the user or other data that allows the data to be linked to any particular user. This data is not stored together with other personal data of the user.
The legal basis for temporary storage of data is Article 6 (1) (f) GDPR.
In accordance with Article 6 (1) (f), our legitimate interest lies in the processing of data for the above purposes.
The data will be erased as soon as it is no longer required for the purpose for which it was originally collected. Where the data is collected for the purpose of providing the website, the data will be deleted at the end of the respective session.
The collection of data for website provisioning and storage of data in log files is necessary for the functioning of the website. Users can disable tracking by electing to “reject” the cookie when first accessing the website.
Our website includes tools from companies based in the United States. If these tools are active, your personal data may be transferred to the US company servers. We would like to inform you that the United States is not a safe third country in relation to EU data protection law. American companies are obliged to release personal data to security authorities without you, as the person concerned, being able to take legal action against this. Therefore, it cannot be avoided that US authorities (e.g. secret services) may process, evaluate, and permanently store your data on US servers for monitoring purposes. We have no influence on these processing activities.
Many data processing operations are only possible with your expressed consent. You can revoke any consent already given at any time. The legality of the data processing carried out up to the time of revocation remains unaffected by the revocation.
This can result in the transmission of the following data:
The following is a list of the data collected, which can include e.g.:
The user data collected in this way are pseudonymised using technical measures. As a result, the data can no longer be used to identify the accessing user. The data is not stored together with users’ other personal data.
The following applies where we use technically necessary and unnecessary cookies with the prior user consent:
The legal basis for the processing of personal data using technically necessary cookies is Article 6 (1) (f) GDPR.
The legal basis for the processing of personal data using cookies for analytical purposes with the prior user consent to the processing of data is Article 6 (1) (a) GDPR.
The analysis cookies are used to improve the quality of our website and its content. The analysis cookies tell us how the website is used and enable us to constantly improve the content of our website.
Teleservice providers are required to notify users when they refer them to third-party service providers. When we refer (link) the user to another service provider on our website, we notify the user by opening the website of the third-party service provider in a new browser tab/window.
You can change our cookie preferences here: Change cookie preferences
Our e-mail newsletters are sent via the technical service provider Sendinblue SAS – Politique de confidentialité, 7 rue de Madrid, 75008 Paris, France. to whom we share the information you provide when you register for our newsletter. Sendinblue attaches particular importance to the respect for the privacy of the Users and of the confidentiality of their personal data, and is thus committed to processing the data in compliance with the applicable laws and regulations, and in particular Law No. 78-17 of 6 January 1978 relating to Information Technology, Data Files and Civil Liberties (hereafter referred to as the “Data Protection Act”), and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereafter referred to as the “GDPR”).
The personal data collected is intended for Sendinblue’s commercial and accounting departments. It may be transmitted to Sendinblue’s subsidiaries, or to third-party data processors which Sendinblue is authorized to use within the context of the performance of its Services.
In this context, personal data may be transferred to an EU or non-EU country. Sendinblue implements guarantees ensuring the protection and security of this data, in compliance with applicable rules and regulations.
Sendinblue does not transfer or rent personal data to third parties for marketing purposes without the express consent of the Users of Sendinblue.
In addition, personal data may only be disclosed to third parties for purposes other than marketing in the following cases:
If you wish to object to the data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.
In accordance with applicable rules, the Users have the right to access and rectify their personal data, which enables them to rectify, complete, update, or delete data that is inaccurate, incomplete, ambiguous, or outdated, or whose collection, use, communication, or storage is prohibited.
The Users also have the right to request the limitation of the processing, and to oppose on legitimate grounds the processing of their personal data. The User may also communicate instructions on the fate of their personal data in the event of their death.
Where applicable, the User may request the portability of their personal data or, where the legal basis for the processing is consent, withdraw their consent at any time.
The Users may exercise their rights by sending an email to email@example.com or a letter to:
Sendinblue SAS – Politique de confidentialité
7 rue de Madrid, 75008 Paris, France
Sendinblue has taken all necessary precautions to preserve the security of personal data and, in particular, to prevent it from being accessed by unauthorized third parties, distorted, or damaged.
These measures include the following:
In addition, access to processing data on behalf of Sendinblue by the receiving third-party services requires authentication of the persons accessing the data, by means of an individual access code and password, that is sufficiently robust and regularly renewed.
Data transmitted over unsecured communication channels is subject to technical measures designed to make such data incomprehensible to any unauthorized person.
Any questions about the security of the Sendinblue website can be directed to firstname.lastname@example.org.
We are pleased that you’re interested in contributing your strengths to our team. We kindly ask you to send applications only to the e-mail address below.
If you would like us to consider you for other vacancies in our company and keep your application for the maximum retention period of 6 months, please let us know.
We assume that we may also answer unencrypted application e-mails without encryption. If you do not wish this, please give us a note in your application e-mail.
On our website, we offer users the option to register by providing personal data, e.g. to receive a document or white paper or to register for an event. The data is entered into a contact form, transmitted to us, and stored. We do not disclose this information to third parties. The following data is collected during the registration process:
At the time of registration, we also store the following types of data:
We obtain the user’s consent to processing of this data during the registration process.
The legal basis for the processing of data where the user has given consent to the processing is Article 6 (1) (a) GDPR.
The purpose of registration is not to conclude a contract with the user:
The user’s registration is necessary for the provision of certain content and services on our website.
To send users the requested information materials, e.g. white papers or to register for an event, we require at least basic contact data (name and email address).
The data will be erased as soon as it is no longer required for the purpose for which it was originally collected.
As a user you have the option of cancelling the registration at any time. Or rectification of the data we store on you at any time.
On our website, we offer a contact form, which can be used to contact us online. Where users take advantage of this option, the data they enter into the form will be transmitted to us and stored. These data include:
The following is a list of data collected through the entry form
At the time of sending the message, the following data is also stored:
The following is a list of the relevant data.
Alternatively, you can use the email address provided to contact us. In this case, the user’s personal data transmitted by email will be stored.
We do not pass this data on to third parties. Such data will only be used to process the communication.
The legal basis for the processing of data where the user has given consent to the processing is Article 6 (1) (a) GDPR.
The legal basis for the processing of data transmitted when an email is sent is Article 6 (1) (f) GDPR. If the purpose of the email is to conclude a contract, then the additional basis for the processing of data will be Article 6 (1) (b) GDPR.
We process the data entered into the contact form solely to process the communication. In the event of contact by email, this also constitutes the necessary legitimate interest in processing the data.
The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.
The data will be erased as soon as it is no longer required for the purpose for which it was originally collected. For personal data from the input mask of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation ends when the circumstances indicate that the matter in question has been definitely resolved.
The additional personal data collected during the sending process will be deleted at the latest after seven days.
Users are entitled to withdraw their consent to the processing of personal data at any time. Users who contact us by email can object to the storage of their personal data at any time. In this case, the parties will no longer be able to engage in further communications.
Below, we describe under what circumstances is it possible to withdraw consent and/or object to storage.
All personal data stored when communicating with us will be erased as a result.
Below, we provide information about the rights of data subjects under GDPR. As there is no need to mention rights that are not relevant to our website, the list can be reduced.
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights in relation to the data controller:
You have the right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed.
Where that is the case, you may request the following information from the data controller:
(1) the purposes of the processing of personal data;
(2) the categories of personal data processed;
(3) the recipients or categories of recipient to whom the personal data have been or will be disclosed;
(4) the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
(5) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the user or to object to such processing;
(6) the right to lodge a complaint with a supervisory authority;
(7) where the personal data are not collected from the data subject, any available information as to their source;
(8) the existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to request information as to whether the personal data concerning you are transferred to a third country or to an international organisation. In this regard, you have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.
You have the right to have inaccurate and or incomplete personal data rectified and/or completed without undue delay.
You have the right to obtain from the controller restriction of processing of personal data where one of the following applies:
(1) you contest the accuracy of the personal data for a period enabling the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
(3) the controller no longer needs the personal data for the purposes of the processing, but you require the data for the establishment, exercise or defence of legal claims, or
(4) you have objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override your interests.
Where processing of your personal data has been restricted, such personal data shall, with the exception of storage, only be processed with the user’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the processing has been restricted under the above conditions, you shall be notified by the controller before the restriction is lifted.
You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase this data without undue delay where one of the following grounds applies:
(1) The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed
(2) You withdraw consent on which the processing is based according to Article 6 (1) (a), or Article 9 (2) (a) GDPR, and where there is no other legal ground for the processing.
(3) You object to the processing pursuant to Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21 (2) GDPR.
(4) The personal data have been unlawfully processed.
(5) The personal data concerning you have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
(6) The personal data have been collected in relation to the offer of information society services referred to in Article 8 (1) GDPR.
Where the controller has made the personal data public and is obliged pursuant to Article 17 (1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
The right to erasure does not apply to the extent that processing is necessary
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health in accordance with Article 9 (2) (h) and (i) as well as Article 9 (3) GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 (1) GDPR in so far as the right referred to in paragraph (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) for the establishment, exercise or defence of legal claims.
If you have exercised your rights with respect to rectification or erasure of personal data or restriction of processing, the controller shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.
You are entitled to receive information about those recipients from the controller.
You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where
(1) the processing is based on consent pursuant to Article 6 (1) (a), or Article 9 (2) (a) GDPR or on a contract pursuant to Article 6 (1) (b) GDPR, and
(2) the processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data transmitted directly from one controller to another, where technically feasible. These rights shall not adversely affect the rights and freedoms of others.
The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6 (1) (e) or (f) GDPR, including profiling based on those provisions.
The controller shall no longer process your personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, you will have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data will no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
(1) is necessary for entering into, or performance of, a contract between you and the data controller,
(2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or
(3) is based on your explicit consent.
However, these decisions may not be based on special categories of personal data referred to in Article 9 (1) GDPR, unless point (a) or (g) of Article 9 (2) applies and suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests are in place.
In the cases referred to in points (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.