GANTNER PRIVACY POLICY

Privacy Policy

On this page, you will find our comprehensive Privacy Policy. For specific privacy terms regarding our cloud software eLoxx 365 and the LockPal App, please click here: Privacy Policy for eLoxx 365 and LockPal 365

If you have any further questions, please feel free to contact us.

Privacy policy

This privacy notice explains the nature, scope and purpose for processing the personal data (hereinafter referred to as “data”) of our website visitors, interested parties, customers and suppliers, event participants, and applicants. With regard to the terms used, such as “processing” or “controller”, we refer to the definitions given in Art. 4 of the General Data Protection Regulation (GDPR).

In section A of this privacy policy, you will find information about the controller of your personal data and the contact details of the responsible data protection officer.
In section B we inform you in detail about the processing of your personal data.
In section C you will find information about the cookies used.
In section D, we inform you about your rights in connection with the processing of your personal data.

Note on the terms used

  • “Personal data” refers to any information relating to an identified or identifiable natural person (hereinafter “data subject”); a natural person is considered as identifiable if they can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, to an identification number, to location data, to an online identifier (e.g. cookie), or to one or more particular characteristics that are the expression of the physical, physiological, genetic, mental, economic, cultural, or social identity of this natural person.
  • “Processing” refers to any process carried out with our without the use of automated procedures or any such series of processes in connection with personal data. The term is applied broadly and includes practically any handling of data.

 

Valid as of July 2023

SECTION A

A Information about the Controller

The GANTNER Group company with which you maintain a business relationship or to which you transfer your data is responsible for processing your data. A list of GANTNER Group companies can be found on our website in the company / locations area.

GANTNER Electronic GmbH, named in the imprint, is responsible for data collection on this website. Should you have any questions regarding the processing of your data or wish to assert your rights and remedies with regard to data protection, please email privacy@gantner.com.

Data protection officer

Germany:
Riske IT GmbH
Pascal Riske
Keldenicher Straße 23
50389 Wesseling, Germany
Contact: datenschutz@riske-it.de

Austria:
Graf Consultings GmbH
Karwendelstr. 7
86949 Windach, Germany
Contact: datenschutz@gc-gmbh.com

SECTION B

B Processing of personal data, purpose of processing and legal base

In Chapter 1 of this section, we provide you with general information about the legal bases, cooperation with contracted data processors, data transfer to third-party countries and the deletion of data.

In Chapter 2 of this section, we provide information about the processing of personal data in connection with your visit to our website and the use of the functions offered on our website, such as contact forms, support requests, partner login, partner requests and newsletters.

We also provide information for
• Applicants (Chapter 3),
• Customers, suppliers and other interested parties (Chapter 4) as well as
• Participants of events and webinars (Chapter 5)
about the processing of your personal data.

1.1 Relevant legal basis

In accordance with Art. 13 GDPR, we would like to inform you about the legal basis for our data processing. If the legal basis is not specified in the privacy notice, the following applies: The legal basis for obtaining consent is Article 6 Para. 1 (a) and Art. 7 GDPR, the legal basis for processing in the performance of our services and the execution of contractual measures, as well as for responding to inquiries, is Art. 6 Para. 1 (b) GDPR, the legal basis for processing in order to fulfill our legal obligations is Art. 6 Para. 1 (c) GDPR, and the legal basis for processing in order to safeguard our legitimate interests is Article 6 Para. 1 (f) GDPR. In the event that crucial interests of the data subject or any other natural person require the processing of personal data, Art. 6 Para. 1 (d) GDPR serves as the legal basis.

1.2 Cooperation with contractual processors and third parties

If, as part of our processing, we disclose data to other persons and companies (order processors or third parties), transmit data to them, or otherwise grant access to the data, this is done only on the basis of a legal permission (e.g. if a transmission of the data to third parties, or to payment service providers, pursuant to Art. 6 Para. 1 (b) GDPR is necessary to fulfill a contract), which you have granted, a legal obligation requires this, or on the basis of our legitimate interests (e.g. when commissioning agents, web hosters, etc.). Provided that we commission third parties to process data on the basis of so-called “order processing agreements”, this is carried out on the basis of Art. 28 GDPR.

1.3 Transmissions to third countries

If we process data in a third country (meaning outside the European Union (EU) or the European Economic Area (EEA)) or in the context of using third party services or disclosing or transmitting data to third parties, this will only be done to fulfill our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation, or on the basis of our legitimate interests. Subject to legal or contractual allowances, we will process data in a third country only if the special conditions of Art. 44 (ff) GDPR exist. This means that processing will only occur on the basis of specific guarantees, such as the officially recognized level of EU data protection or in compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).

1.4 Erasure of data

We erase the data we process, or limit the processing of such, in accordance with Art. 17 and 18 GDPR. Unless explicitly stated in this privacy statement, the data we store will be deleted as soon as it is no longer necessary for its intended purpose and this deletion does not conflict with any statutory storage requirements. If this data is not deleted because it is required for other and legally-permitted purposes, its processing will be limited. This means that the data will be locked and not used for other purposes. This also applies to data that must be stored for commercial or tax reasons. According to legal requirements in Germany, this storage period is 6 years in particular according to § 257 Para. 1 HGB (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and 10 years according to § 147 Abs. 1 AO (books, records, management reports, accounting documents, commercial and business letters, tax documents, etc.). According to legal requirements in Austria, this storage is 7 years in particular according to § 132 Para. 1 BAO (accounting documents, receipts/invoices, accounts, documents, business papers, statement of income and expenses, etc.), 22 years in connection with real estate, and 10 years in the case of documents related to electronically supplied services, telecommunications, broadcasting and television services provided to non-EU companies in EU Member States for which the Mini-One-Stop-Shop (MOSS) is used.

GANTNER Electronic GmbH, listed in the contact section, is responsible for the collection of data on this website.

When you use our website for information purposes, we process usage data (e.g. websites visited, interest in content, access times) as well as meta/communication data (e.g. device information, IP addresses). If you use certain functions offered on our website (e.g. contact forms, partner logins), we will also process your contact details (e.g. name, email, telephone numbers). The sections that follow will provide detailed information about the data processed when using the functions offered on our website.

2.1.1 Hosting
The hosting services we utilize serve to provide the following services: Infrastructure and platform services, computing capacity, storage space, and database services, security services, as well as technical maintenance services that we utilize for the purpose of administering this online content. Here, we, or our hosting providers, process inventory data, contact data, content data, contract data, usage data, and meta and communication data of customers, interested parties, and visitors to this online content on the basis of our legitimate interests in the efficient and secure provision of this online content pursuant to Art. 6 Para. 1 (f) GDPR in connection with Art. 28 GDPR (closing of order processing agreement).

2.1.2 Collection of access data and log files
We, or our hosting provider, collects data on every access to the server on which this service is located (so-called server log files) on the basis of our legitimate interests in the sense of Art. 6 Para. 1 (f) GDPR. This access data includes the name of the web page retrieved, file, date, and time of retrieval, amount of data transferred, notification of successful retrieval, browser type and version, the user's operating system, referrer URL (the page previously visited), IP address, and the requesting provider. Log file information is stored for security purposes (e.g. to investigate abusive or fraudulent activities) for a maximum of 7 days and then deleted. Data whose further storage is required for evidence purposes is excluded from erasure until the incident is finally resolved.

2.1.3 Links to other websites
This privacy notice applies only to our own internet presence. The web pages of this presence may contain links to third-party websites. Our privacy notice does not apply to these websites. When you leave our website, we recommend carefully reading the privacy policy of each individual website that collects personal data.

2.1.4 Online presences in social media
We maintain online presences on social networks and platforms in order to communicate there with active customers, interested parties, and users, and to inform them there of our services. When calling up the respective networks and platforms, the terms and conditions and data processing guidelines of the respective operators apply. Unless otherwise specified in our privacy notice, we process user data if they communicate with us on social networks and platforms, e.g. if they submit posts on our online presence or send us messages.

2.1.5 Use of cookies, web analysis and tracking technologies
Provided you have given consent, we use cookies and web analysis technologies to record and analyze your usage behavior on our website. Data is processed in order to optimize the design of our website and advertising campaigns. In Section C you will find detailed information about the cookies, web analysis and tracking technologies used.

2.1.6 YouTube
We have integrated YouTube videos into the functions offered on our website; these are stored on www.YouTube.com and can be played directly from our website.
When you visit a subpage on our website that is equipped with a YouTube plugin, YouTube receives the information that you have accessed the corresponding subpage on our website. This happens regardless of whether YouTube provides a user account that you are logged in to or whether there is no user account. If you are logged in to Google, your data will be assigned directly to your account. You must log out of your YouTube account if you do not want the data to be assigned to your YouTube profile. YouTube stores your data as a usage profile and uses it for advertising, market research and/or designing its website to meet specific needs. Such evaluation takes place (even for users who are not logged in) to provide advertising based on specific needs and to inform other users within the social network about your activities on our website. You have the right to object to the creation of these user profiles; you must, however, contact YouTube in order to exercise this right. For more information on the purpose and scope of data collection and its processing by YouTube, please refer to their data privacy policy. There you will also find additional information on your rights and optional settings for protecting your privacy: https://policies.google.com/privacy?hl=en-US. Transfers to third-party countries are possible. Provisions in the form of standard contractual clauses in accordance with Article 46 of the GDPR have been concluded as suitable guarantees. Additional information is available here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_de. Note! YouTube also processes your personal data in the United States, and this possibility cannot be excluded. The European Court of Justice has not certified the United States as having an adequate level of data protection. In particular, there is a risk that your data will be subject to access by authorities in the United States for control and monitoring purposes and that no effective legal remedies will be available.

When using the contact form on our website, the user’s information is used to process the contact request and resolving it in accordance with Article 6(1)(a) of the GDPR. You can revoke this consent at any time by sending an email to privacy@gantner.com. The legality of the data processing carried out until such revocation is executed remains unaffected by the revocation. The user’s information may be saved in a customer relationship management system (“CRM-System”) or similar inquiry organization system. We delete these requests if they are no longer needed in order to fulfill the purpose of the processing. We review the necessity of these requests every two years. In addition, statutory archiving obligations apply.

On our website, we offer simple, direct online contact and advice via live chat. For further information on the processing of personal date by the live chat service see https://www.letsconnect.at/data-privacy.

2.3.1 Categories of data processed
When using the live chat service, the following data is processed: used device, browser language, browser type/version, page URL, geographical location, date and time of access, referrer URL, duration of access as well as contact details and information entered by the website visitor.

2.3.2 Purpose of processing and legal basis for processing
The processing of the data described is necessary for the operation of the live chat service and to answer your questions.

The legal basis for data processing in connection with the live chat services is our legitimate interest (Art. 6 Para. 1 lit. f GDPR) in providing efficient and secure online communication for interested website visitors.

2.3.3 Recipient of data
We rely on an external service provider (Let’s Connect of PATHADVICE International GmbH, c/o CHG Czernich Haidlen Gast & Partner Rechtsanwälte GmbH, Bozner Platz 4, 6020 Innsbruck, Austria ) for the operation of the live chat service. We have obligated this service provider to comply with the applicable data protection regulation by concluding a data processing agreement in accordance with Art. 28 GDPR.

2.3.4 Retention period
After the termination of the customer communication, the data is deleted as soon as it is no longer needed for the specified processing purposes. The maximum storage period is 3 years.

You can submit your request to our support department using the support form on our website.

2.4.1 Categories of data processed
When submitting the support form, all the data you have entered will be stored. This includes:

• Name
• Email
• Telephone
• Company
• Message

2.4.2 Purpose of processing and legal basis for processing
The data is processed in a service management system in order to handle your support request and to contact you in this regard. If you do not provide us with all the necessary information, we may not be able to process your request.

The legal basis for data processing in connection with your support request is our legitimate interest (Art. 6 Para. 1 lit. f GDPR) in the processing of support requests and in the maintenance of the business relationship with you.

2.4.3 Recipient of data
In order to satisfy the purpose of processing described above, your data may also be transferred to GANTNER Group companies. If data processing tasks are carried out by GANTNER Group companies outside the EU or the EEA, the appropriate level of data protection results from an adequacy decision by the European Commission pursuant to Art. 45 GDPR or from measures pursuant to Art. 44 ff. GDPR.

2.4.4 Retention period
Your personal data will be deleted insofar as it is no longer required to fulfill the purpose of storage and no statutory retention obligations (e.g. commercial and tax retention obligations) or the assertion of legal claims prevent this deletion.

GANTNER partners can register for the partner login on our website in order to gain access to all information related to the technical and marketing details of our products.

2.5.1 Categories of data processed:
As part of the registration process, all the data you have entered (mandatory fields) will be saved. This includes:

• Email
• Password
• Form of address
• First and last name
• Company
• Address (street, town, state, postcode)
• Country
• Telephone
• GANTNER contact person

2.5.2 Purpose of processing and legal basis for processing
The data is used to manage your partner account and give you access to the information provided. For important changes, for example to the scope of the offer or for technically necessary changes, we use the email address provided during registration in order to inform you of such. If you do not provide us with all the necessary information (mandatory fields), we may not be able to check whether you are authorized to register for the partner login.

The legal basis for data processing with regard to handling your partner request is our overriding legitimate interest in accordance with Art. 6 Para. 1. lit. f) in maintaining the business relationship with you.

2.5.3 Retention period
The personal data collected in connection with registering for the partner login is stored for the duration of the registration and then deleted. In addition, only data that is absolutely necessary due to applicable legal provisions or retention obligations is stored.

Companies wishing to become GANTNER partners can send us their request using the corresponding form on the website.

2.6.1 Categories of data processed
When submitting the form for the partner request, all the data you have entered will be stored. This includes:

• Company
• Form of address
• Contact details
• Company profile
• Number of employees in various departments
• References
• Geographic market
• Represented companies
• Revenue
• Reasons for integrating GANTNER products and solutions

2.6.2 Purpose of processing and legal basis for processing
The data is processed in order to process your partner request and to contact you in this regard. If you do not provide us with all the necessary information, we may not be able to process your request.

The legal basis for data processing with regard to handling your partner request is our overriding legitimate interest in accordance with Art. 6 Para. 1. lit. f) in maintaining the business relationship with you.

2.6.3 Retention period
The personal data collected in connection with the partner request is stored for the duration of the business relationship and then deleted. In addition, only data that is absolutely necessary due to applicable legal provisions or retention obligations is stored.

By subscribing to our newsletter, you provide your agreement to receive such and your agreement with the processes described. We send out newsletters, emails, and other electronic messages with advertising information (hereinafter “newsletter”) only with the consent of the recipient or legal permission to do such. If the content of a newsletter is concretely described when subscribing to the newsletter, this content is decisive for the consent of the user. Apart from that, our newsletters contain information on us and our services.

Interested parties register for our newsletter via a so-called double out-in procedure. This means that, after registration, they receive an email requesting confirmation of their registration. This confirmation is necessary to prevent anyone from registering with email addresses that are not their own.

2.7.1 Categories of data processed
When registering for the newsletter, all you need to provide is your email address. We will also request that you optionally provide your name for the purpose of personally addressing the newsletter.

Registrations to the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes saving the time of registration and confirmation as well as the IP address. Similarly, changes to your data stored with the dispatch provider will be recorded.

In addition, we analyse our newsletter campaigns with the help of a newsletter management system. For example, we can determine whether and when a newsletter was opened and how often a link in a newsletter was clicked. We use these analyses to be able to optimise the newsletter dispatch and the content of the newsletter. If you do not want any analysis, you must unsubscribe from the newsletter. You can unsubscribe by clicking on the “unsubscribe link” in the newsletter or by sending a corresponding message to privacy(@)gantner.com

2.7.2 Purpose of processing and legal basis for data processing
The dispatch of the newsletter and related data analysis is based on the recipient’s consent according to Art. 6 Para. 1 (a), Art. 7 GDPR. The registration process is recorded on the basis of our legitimate interests according to Art. 6 Para. 1 (f) GDPR. Our interest is based on the use of a user-friendly and secure newsletter system that both serves our commercial interests and meets the expectations of the user, as well as allowing us to prove consent.

Cancellation/ Revocation
You can cancel the receipt, or revoke your consent, of our newsletter at any time. You can unsubscribe by clicking on the “unsubscribe link” in the newsletter or by sending a corresponding message to privacy(@)gantner.com.

2.7.3 Recipient of data
For the distribution of the newsletter and the associated analyses we use an external service provider. We have obligated this service provider to comply with the applicable data protection regulation by concluding a data processing agreement in accordance with Art. 28 GDPR.

2.7.4 Retention period
We may save the email addresses provided for up to three years on the basis of our legitimate interests, before we erase them for the purpose of sending out the newsletter, in order to provide evidence of prior consent. The processing of this data is limited to the purpose of potential defense against claims. You may request an individual erasure at any time, provided the former existence of consent is confirmed at the same time.

The data protection information for applications applies both to the application form on our website and to unsolicited applications or applications to us via another method. The GANTNER Group company named in the job advertisement is responsible for data processing.

3.1 Categories of data processed

We process the data of applicants who enter such in the application form or make such available to us in another way (e.g. by email) in the course of the application process. In particular, this includes master data, contact data, and data from application documents such as CVs, photos, or certificates.

The provision of data marked as mandatory fields in the application form is required to process an application. This data is required to complete the application process.

3.2 Purpose of processing and legal basis for data processing

The data is used to conduct the application process, in particular to check applications, to contact the applicant, and to conduct interviews in order to select persons appropriate for the positions open at our company.

The lawfulness of data processing results from the pre-contractual measure associated with the applicant’s request pursuant to Art. 6 Para. 1 lit. f GDPR.

In addition, your data will be stored with your explicit consent in accordance with Art. 6 Para. 1 lit. a GDPR, for the purpose of further consideration and communication in case of suitable job offers in the future. You can revoke this consent at any time by sending an email to privacy@gantner.com. Withdrawal of consent will result in your application being taken off record from that point on.

3.3 Recipient of data

Some of the GANTNER Group companies mentioned above are located outside the EU or the EEA and process personal data there. However, we only transfer the applicant’s personal data to countries which the EU Commission has decided have an adequate level of data protection. Alternatively, we implement measures pursuant to Art. 44 ff. GDPR in order to ensure that all recipients guarantee an adequate level of data protection.

The controller may decide to transfer the data to one or more processors (e.g., IT service providers) in the EU who process the personal data according to our instructions. The engagement of processors is based on Art. 28 Para. 1 GDPR.

3.4 Retention period

If an employment contract is concluded, your personal data for the performance of the employment relationship will be stored in compliance with statutory provisions.

Otherwise, the data will be stored by us for evidence purposes for the establishment, exercise or defense of any legal claims for a period of 7 months from the date of the refusal letter. The data will then be deleted, unless further storage would be necessary to defend against claims or if the applicant explicitly consents to further storage. The legal basis for retention for evidence purposes is our legitimate interest, pursuant to Art. 6 Para. 1 lit. f GDPR, in the exercise or defense of legal claims.

In the following explanations, we inform our interested parties, customers and suppliers about the processing of personal data as part of the business relationship.

4.1 Categories of data processed

Depending on our business relationship with you, we may process the following data:

• Master data of the company (e.g. company, industry)
• Bank details
• Contract data
• Invoice data
• Payment data, such as details required to process payment transactions or to prevent fraud
• Data related to tax liability and tax calculation
• Credit rating data
• Your contact person’s data: professional contact details (e.g. name, professional contact address, professional telephone number and email address), function, powers of representation, business cases handled, image data from indicated video surveillance
• Other personal data whose processing is necessary for initiating, processing and managing (contractual) business relationships as well as for the maintenance of business relationships, or data that is provided voluntarily by you (e.g. orders placed, order details, requests made or project details, communication data, other data about the cooperation)

4.2 Purpose of processing and legal basis for data processing

Depending on your business relationship with us, we process your data for different purposes and on different legal bases:

a. Interested parties
We process your data for the implementation of pre-contractual measures, including pre-contractual communication and the transmission of information about our product portfolio. The legal basis is our legitimate interest (Art. 6 Para. 1. lit. f GDPR) in the implementation of pre-contractual measures upon your request or maintaining the business relationship initiated by your expressed interest in our products.

b. Customers / suppliers
We process your data for the fulfillment of contracts concluded with you, including contractual communication, exchanges of services, and payment processing in this context. Processing takes place on the basis of our legitimate interest (Art. 6 Para. 1 lit. f GDPR) in the fulfillment of these contracts.

The purpose of processing image data from video surveillance is to monitor locations subject to our authority. The legal basis for processing this image data arises from our overriding interest in the protection of property, responsibility, and prevention as well as in the fulfillment of general security standards.

c. Customer
In addition to processing data to handle requests and orders, we also use the data to carry out marketing measures in connection with products and services you have purchased, such as marketing campaigns with recommendations on products and services, customer surveys, market analyses and events, by email or by post. The purpose of processing personal data in this context is for us to inform you about current product-related developments. The legal basis for the processing arises from our overriding legitimate interest (pursuant to Art. 6 Para. 1. lit. f) to achieve the described purpose.

You may object to the use of personal data for advertising purposes at any time by emailing privacy(@)gantner.com. Withdrawal of consent shall not affect the lawfulness of the processing carried out on the basis of consent until revocation.

4.3 Recipient of data

a. Interested parties
Your data may be transferred to GANTNER Group companies if this is necessary for the fulfillment of the purposes described above.

b. Customer
In the event of the conclusion of a contract, data may be transmitted to the following recipients as necessary:

• GANTNER Group companies, insofar as this is necessary to fulfill the purposes described above
• Tax consultants and auditors, insofar as this is necessary for the fulfillment of their duties
• Subcontractors / suppliers involved in the provision of our service insofar as this is necessary for the fulfillment of their respective duty
• Administrative and financial authorities
• Legal representatives in matters related to default and collection, insofar as this is necessary for the performance of their duties
• Courts
• IT service providers

c. Suppliers
We may share supplier data with the following recipients:

• GANTNER Group companies, insofar as this is necessary to fulfill the purposes described above
• Banks for processing payment transactions
• Tax consultants and auditors, insofar as this is necessary for the fulfillment of their duties
• Customers, as recipients of your services
• Administrative and financial authorities
• Legal representatives in matters related to default and collection, insofar as this is necessary for the performance of their duties
• Courts
• IT service providers

4.4 Retention period

Data that we process on the basis of your consent will be retained until we receive your withdrawal of consent and beyond this for as long as statutory periods stipulate.

Insofar as no explicit storage period is specified during collection, your personal data will be deleted, provided that it is no longer required to fulfill the purpose of storage and no statutory retention obligations (e.g. commercial and tax retention obligations) or the assertion of legal claims prevent erasure.

We do not store image data from video surveillance for longer than 72 hours, unless longer storage is necessary and proportionate (for example, criminal behavior has been recorded, which must be reported accordingly, cf. § 13 Para. 3 DSG).

GANTNER organizes events (e.g. technical training courses, webinars) to convey information as well as comprehensive, detailed and professional know-how about GANTNER solutions and products. In order to carry out the events, the processing activity described below takes place in addition to the data processing described under point 8.

5.1 Categories of data processed

In order to organize and hold events, we process the following personal data:
• Contact details of the event participant (e.g. name, email address)
• Information on the event participant’s employment relationship (company, position)
• Voluntarily disclosed information (e.g. allergies, food intolerances) of the event participant
• identification and usage data if the event is held online (webinar)
• If necessary, data for the organization of an overnight stay (e.g. arrival and departure dates, possible preferences and payment information, if applicable)
• Other personal data provided or arising in connection with the organization of and participation in the event (e.g. type of event, arrival and departure, correspondence)
• Image data from attendance at events, if applicable

5.2 Purpose of processing and legal basis for data processing

Data is processed based on our legitimate interest (Art. 6 Para. 1. lit. f) in the organization and implementation of events. GANTNER may send notifications regarding the organization of events to the email address you provided when you registered for the event. The disclosure of special categories of personal data (e.g. allergies) is optional. We process this data exclusively on the basis of your consent (Art. 6 Para. 1 lit. a).

With regard to image data from attendance at events, the purpose of the processing is public relations and publication on our website or social media channels or through our communications (e.g. newsletters). The processing of image data from participation in events is done on the basis of our legitimate interest in providing reports with images, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail (Art. 6 Para. 1 lit. f GDPR).

5.3 Recipient of data

In order to fulfill the processing purpose described above, your data may also be transferred to companies of the GANTNER Group. When organizing and holding events, we may also engage external service providers. We have obligated these service providers to comply with the applicable data protection regulation by concluding data processing agreements in accordance with Art. 28 GDPR.

If companies of the GANTNER Group or external service providers carry out data processing activities outside the EU or the European Economic Area (EEA), the adequate level of data protection results from an adequacy decision of the European Commission pursuant to Art. 45 GDPR or from measures pursuant to Art. 44 (ff) GDPR, such as the signing of the standard contractual clauses. You can obtain a copy of the guarantees of the existence of an adequate level of data protection or an indication of availability of a copy of the guarantees, by contacting the address listed in section A above.

5.4 Retention period

Insofar as no explicit storage period is specified during collection (e.g. as part of a declaration of consent), your personal data will be deleted or anonymized, provided that it is no longer required to fulfill the purpose of storage and no statutory retention obligations (e.g. commercial and tax retention obligations) or the assertion of legal claims prevent erasure.

Section C

C Use of cookies, web analysis and tracking technologies

Cookies are small files that are saved to a user’s computer. Various pieces of information can be stored in cookies. A cookie primarily serves to save information on a user (or the device on which the cookie is stored) during or after a user makes use of online content.

Temporary cookies, or session cookies or transient cookies, are cookies that are erased after a user leaves a website and closes their browser. Such a cookie may contain, for example, the contents of a shopping cart on an online shop or a login status. “Permanent” or “persistent” cookies remain saved even after the browser is closed. This allows the login status to be saved if the user visits again after several days. These cookies can also contain the user’s interests, which are used to measure reach or for marketing purposes. Third-party cookies are cookies that are provided by parties other than the data controller administering the online content (otherwise, when speaking of just the controller’s cookies, the term “first-party cookie” is used).

We use temporary and permanent cookies and provide an explanation of such as part of our privacy notice. If the user does not want their cookies to be saved to their device, we request that they deactivate the corresponding option in their browser settings. Saved cookies can be deleted in your browser’s settings. Preventing the use of cookies can lead to limited functionality with respect to this online content. Various services provide information on how to make a general objection to the use of cookies used for online marketing purposes, especially in the case of tracking: via the US website https://optout.aboutads.info/ or the EU site https://www.youronlinechoices.com/. In addition, you can turn off the saving of cookies in your browser settings. Please note that this may prevent you from making full use of this online content.

Description of Service

This is a consent management service. Usercentrics GmbH is used on the website as a processor for the purpose of consent management.

Processing Company

Usercentrics GmbH

Sendlinger Str. 7, 80331 Munich, Germany

Data Protection Officer of Processing Company

Below you can find the email address of the data protection officer of the processing company.

datenschutz@usercentrics.com

Data Purposes

This list represents the purposes of the data collection and processing.

  • Compliance with legal obligations
  • Consent storage

Technologies Used

This list represents all technologies this service uses to collect data. Typical technologies are Cookies and Pixels that are placed in the browser.

  • Local storage
  • Pixel

Data Collected

This list represents all (personal) data that is collected by or through the use of this service.

  • Opt-in and opt-out data
  • Referrer URL
  • User agent
  • User settings
  • Consent ID
  • Time of consent
  • Consent type
  • Template version
  • Banner language
  • IP address
  • Geographic location

Legal Basis

In the following the required legal basis for the processing of data is listed.

  • Art. 6 para. 1 s. 1 lit. c GDPR

Location of Processing

This is the primary location where the collected data is being processed. If the data is also processed in other countries, you are informed separately.

European Union

Retention Period

The retention period is the time span the collected data is saved for the processing purposes. The data needs to be deleted as soon as it is no longer needed for the stated processing purposes.

The consent data (given consent and revocation of consent) are stored for one year. The data will then be deleted immediately.

Data Recipients

In the following the recipients of the data collected are listed.

  • Usercentrics GmbH

Click here to read the privacy policy of the data processor

https://usercentrics.com/privacy-policy/

Stored Information

  • Name: uc_settings; This holds the ControllerID and SettingsID, the language, settings version and services with their consent history.; Type: web; Domain: usercentrics.com;
  • Name: uc_user_interaction; This is used to signal whether a user has already given consent.; Type: web;

This website uses the service “Google Analytics”, which is offered by Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) to analyse website usage by users. The service uses “cookies” – text files that are stored on your device. The information collected by the cookies is usually sent to a Google server in the USA and stored there.

IP anonymisation is used on this website. The IP address of the user is shortened within the member states of the EU and the European Economic Area. This shortening eliminates the personal reference of your IP address. Under the terms of the data processing agreement between the website operators and Google Inc., Google Inc. uses the information collected to evaluate website usage and activity and to provide services relating to internet usage.

You have the option of preventing the cookie from being stored on your device by making the appropriate settings in your browser. It is not guaranteed that you will be able to access all functions of this website without restrictions if your browser does not allow cookies.

Furthermore, you can use a browser plug-in to prevent the information collected by cookies (including your IP address) from being sent to and used by Google Inc. The following link will take you to the corresponding plugin: https://tools.google.com/dlpage/gaoptout?hl=en
Here you will find further information on the use of data by Google Inc.: https://support.google.com/analytics/answer/6004245?hl=en

Alternatively, you can prevent Google Analytics from collecting data about you within this website by clicking on <a onclick=”alert(‘Google Analytics has been disabled’);” href=”javascript:gaOptout()”> this link</a>. By clicking on the above link, you will download an “opt-out cookie”. Your browser must therefore generally allow cookies to be stored for this purpose. If you delete your cookies regularly, you will need to click on the link again each time you visit this website.

Our website uses the LinkedIn Insight Tag conversion tool from LinkedIn Ireland Unlimited Company. This tool generates a cookie in your web browser, which makes it possible to collect the following data: IP address, device and browser properties and page events (e.g. page views). This data is encrypted and anonymized within seven days and then the anonymized data is deleted within 90 days. LinkedIn does not share personal data with Gantner, but offers anonymized reports about the website target group and the performance of advertisements. LinkedIn also offers the option of retargeting via the Insight Tag. With the help of this data, Gantner can display targeted advertising outside of its website without you being identified as a website visitor. Additional information about data protection on LinkedIn can be found in the LinkedIn data privacy policy. LinkedIn members can control the use of their personal data for advertising purposes in their account settings.

Note! LinkedIn also processes your personal data in the United States, and this possibility cannot be excluded. The European Court of Justice has not certified the United States as having an adequate level of data protection. In particular, there is a risk that your data will be subject to access by authorities in the United States for control and monitoring purposes and that no effective legal remedies will be available.

This website uses a feature called “Facebook Pixel” from the “Facebook” social network from Meta Platforms Inc. (“Facebook”) for the following purposes:

a. Facebook (Website) Custom Audiences
We use Facebook Pixel for follow-up marketing purposes to enable us to contact you again within 180 days. As a result, users of the website can be shown advertisements based on their interests (“Facebook ads”) when visiting the “Facebook” social network or other websites that also use this feature. We have an interest in showing you advertisements that are of interest to you in order to make our website and related offers more interesting to you as well.

b. Facebook Conversion
We also use Facebook Pixel as we would like to make sure that our Facebook ads correspond well with users’ potential interests and that they are not burdensome. Facebook Pixel enables us to track the effectiveness of the Facebook ads for statistical and market research purposes as it allows us to see whether users were forwarded to our website after clicking on a Facebook ad (a process called “conversion“).

Based on the marketing tool used (Facebook Pixel), your browser automatically establishes a direct connection with the Facebook server as soon as you have consented to the use of cookies that require your consent. By integrating Facebook Pixel, Facebook receives information indicating that you have visited our website or that you have clicked on one of our ads. If you are registered with a Facebook service, Facebook can assign the visit to your account. Facebook processes the data as part of Facebook’s data use policy. Special information and details about Facebook Pixel and how it works can also be found in the help section of the Facebook website.

Recipient:
Joint responsibility:
We are jointly responsible with Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland (Facebook) for the collection and transmission of data as part of this process. This applies for the following purposes:
The creation of customized or suitable advertisements, as well as optimization of the same
Delivery of commercial messages and messages related to transactions (e.g. via Messenger)

The following processing operations are not included in joint processing:
Processing of data after its collection and transmission is the sole responsibility of Facebook.
Reports and analyses in aggregated and anonymized form are generated within the framework of order processing and are therefore our responsibility.

We have entered into an agreement with Facebook regarding joint responsibility; it is available here: https://www.facebook.com/legal/controller_addendum. It sets out the respective responsibilities for the fulfillment of the obligation in accordance with the GDPR in relation to joint responsibility. The contact details for the website owner and the Facebook data protection officer are available at https://www.facebook.com/about/privacy.

Additional information about how Facebook processes personal data, including the legal basis and additional information on the rights of data subjects, is available here: https://www.facebook.com/about/privacy. We transmit the data within the framework of joint responsibility on the basis of the legitimate interest in accordance with Article 6(1)(f) of the GDPR.

Note! Facebook also processes your personal data in the United States, and this possibility cannot be excluded. The European Court of Justice has not certified the United States as having an adequate level of data protection. In particular, there is a risk that your data will be subject to access by authorities in the United States for control and monitoring purposes and that no effective legal remedies will be available.

Information about the conditions for data security is available here. https://www.facebook.com/legal/terms/data_security_terms and information about data processing based on standard contractual clauses is available here: https://www.facebook.com/legal/EU_data_transfer_addendum.

We also use the Leadfeeder service from Liidio Oy (Mikonkatu 17 C, Helsinki, Finland). Leadfeeder uses our Google Analytics data. The IP addresses provided by Google are used to link the collected data to companies that can be found on the Internet under these IP addresses. The IP addresses are abbreviated by Google Analytics, which makes it impossible to directly link the data to any individual person. However, reviewing the linked information may result in establishing a reference to an individual. Data that we receive from Leadfeeder includes the company name, the pages visited, the time of the visit, the reverse domain of the IP address, the referring page, application or service, including the corresponding search queries that you conducted on our website as well as browser data and the operating system used.


More information about Leadfeeder’s data protection is available here.
You can prevent Leadfeeder from storing a user profile or data about your use of our site by executing an “opt-out”. This option, and related information, is available at: https://yourdata.leadfeeder.com/

PATHADVICE

Description of Service

PATHADVICE connects website visitors with website owners via text, audio and video chat. At the same time, both parties are on the same website and can navigate through it together. Control can be transferred and fields can be filled together.

Processing Company

PATHADVICE AG

Industriering 3, 9491 Ruggell, Liechtenstein

Data Protection Officer of Processing Company

Below you can find the email address of the data protection officer of the processing company.

dsb-kunden@ibs-data-protection.de

Data Purposes

This list represents the purposes of the data collection and processing.

  • Analytics
  • Optimization

Technologies Used

This list represents all technologies this service uses to collect data. Typical technologies are Cookies and Pixels that are placed in the browser.

  • Cookies

Data Collected

This list represents all (personal) data that is collected by or through the use of this service.

  • Device information
  • IP address
  • Browser information
  • ISP
  • Number of visits
  • location on the site

Legal Basis

In the following the required legal basis for the processing of data is listed.

  • Art. 6 para. 1 s. 1 lit. f GDPR

Location of Processing

This is the primary location where the collected data is being processed. If the data is also processed in other countries, you are informed separately.

European Union

Retention Period

The retention period is the time span the collected data is saved for the processing purposes. The data needs to be deleted as soon as it is no longer needed for the stated processing purposes.

The data will be deleted as soon as they are no longer needed for the processing purposes.

Click here to read the privacy policy of the data processor

https://www.pathadvice.ai/index.html

section D

D Rights of data subjects

You have the right to request confirmation on whether related data is processed as well as information on this data and further information on copies of the data in accordance with Art. 15 GDPR.

According to Art. 16 GDPR, you have the right to request completion of data that pertains to you or correction of incorrect data that pertains to you.

According to Art. 17 GDPR, you have the right to request the immediate erasure of data that pertains to you, or, according to Art. 18 GDPR, request a limitation on processing this data.

You have the right to demand that data pertaining to you, which you have provided to us, be obtained in accordance with Art. 20 GDPR and request its transmission to other responsible parties.

You can refuse the future processing of data pertaining to you at any time according to Art. 21 GDPR. In particular, you may object to processing for purposes of direct advertising.

You have the right, according to Art. 7 Para 3. GDPR, to revoke consent given with effect for the future.

You also have the right, according to Art. 77 GDPR, to submit a complaint to relevant regulatory authorities.

You can exercise your rights at any time by emailing the following address: privacy@gantner.com or datenschutz@riske-it.de.

Downloads