Privacy Policy

§ 1 Scope of Application

We would hereby like to provide you with information about the processing of personal data when you

• visit our website and/or make use of our online services available at https://www.kuppingercole.com/ (hereinafter referred to as "our website"), including for example signing up for a KuppingerCole Account
• register for and attend our KCLive or Hybrid events, webinars and/or webcasts;
• sign up for and attend our KuppingerCole events (https://www.kuppingercole.com/events);
• purchase our products and services.

§ 2 Details of the controller and the data protection officer

Our details as controller are:

KuppingerCole Analysts AG
Wilhelmstr. 20-22
65185 Wiesbaden
Germany
Email: service@kuppingercole.com
Contact controller: Data Subject Request

Contact details for our Data Protection Officer:

Oscar Hernandez
KuppingerCole Analysts AG
oscar.hernandez@kuppingercole.com

§ 3 Which personal data is collected/processed and used by us?

3.1 Website, Online Services and Purchase of products

You can use a large part of our website without disclosing your personal data. Access data is stored which is not personally identifiable, for example, the name of your internet service provider, the website from which you are visiting us, the names of the requested data files and the date that they are retrieved. This data is only analyzed in order to improve our website and does not allow us to deduce information concerning you as a person.

If you want to use specific services, purchase materials or become a KuppingerCole subscriber on our website, you will, however, need to disclose additional information. This involves data that is required for processing purposes, for example, your email address.

We use the personal data for providing the services offered by us, for answering your questions and for operating and improving our web pages and applications.

We only use your personal data so that we can offer you an extensive service via our website or if you use our contact form or our email service so that we can provide the requested service.

Transmission of your personal data to third parties or using your data for advertising purposes without your consent does not, except in the cases described below, happen unless we are obliged by law to release data (information to law enforcement authorities and courts; information to public bodies that receive data on the basis of statutory regulations, for example, social insurance institutions, tax offices, etc.) or if, for the purposes of enforcing our claims, we use the services of third parties who are bound by professional secrecy.

Personal data is in particular used as follows:

3.1.1 Sign up / personal profile

If you register with KuppingerCole, your email address is stored by us first of all so that we can send you new login data if you ever forget this. In addition, we store your user name, your company and password to enable you to log in conveniently and easily to your account. We also store your first and last name to be able to identify you as a registered user (mandatory fields are marked with a *; any additional data like your academic title is voluntary).

You may also create and edit your personal profile at any time. Your personal profile includes your first and last name, your phone number, your email address, and your company‘s name and address (street, postal code, city) as mandatory data. Additionally, you may input your academic title, your fax number, your twitter, your department, your position, your country and whether you are a journalist or blogger as voluntary data.

This data is used by us to provide our services offered via our website. The legal basis for processing the mandatory personal data is based on Art. 6 (1) (b) GDPR.[1]

3.1.2 Purchase of Materials and KuppingerCole subscription

When you order materials at KuppingerCole or buy a KuppingerCole subscribe, we store your first and last name and your company‘s name and address (street, postal code, city), your country, your email address and your payment method as mandatory data. Additionally, we may store your purchase order number, department and phone number as voluntary data. We use your personal data obtained during ordering products and services solely to process and execute your order.

If you choose to pay via Telecash, we pass on your email address, first and last name as well as the amount due to TeleCash GmbH & Co. KG. If you choose to pay via PayPal, we pass on your email address as well as the amount due to PayPal (Europe) S.à r.l. et Cie, S.C.A..

The legal basis is Art. 6 (1) (b) GDPR.

Moreover, your data may be transferred to external auditors and/or tax authorities for auditing purposes. The data will also be stored in accordance with statutory retention periods pursuant to § 146 of German Revenue Code (AO) and/or § 257 of German Commercial Code (HGB) and deleted upon expiry of the respective retention periods. The legal basis is Art. 6 (1) (c) GDPR.

3.1.3 Webinars / Webcasts & KCLive and Hybrid Events

As a registered KuppingerCole user you can also register for our Webinars, Webcasts and KCLive Events. For doing so, it is required that you create your personal profile as mentioned above under Sign up/personal profile.

We use the data from your personal profile to provide our webinars, webcasts and KCLive Events offered via our website. The legal basis for processing the personal data is based on Art. 6 (1) (b) GDPR.

We also submit this data to the sponsors of the particular webinar, webcast or KCLive Events to enable them to contact you and to do follow-up marketing as well as research. The legal basis for processing your personal data this way is our legitimate interest according to Art. 6 (1) (f) GDPR, which would be the participation of our sponsors, which contribute large portions of the costs of the Webinars / Webcasts and KCLive Events.

We will share the aforementioned subset of your personal data with other participants of the particular Webinar / Webcast or KCLive Event only if and in as far as you consented. The legal basis for processing your personal data this way is Art. 6 (1) (a) GDPR.

3.1.4 Forum / social platform

The user has the opportunity to post voluntary impressions, statements, photos and videos in the forum or on the notice board. Each user decides independently, at his/her own discretion, what data he/she would like to disclose about himself/herself and which data should not be disclosed.

KuppingerCole reserves the right to delete a publication at any time without stating reasons. There is no entitlement to publication. The legal basis for processing your personal data is based on Art. 6 (1) (a) GDPR.

3.1.5 Contact form

If you opt to send inquiries to us using our contact form, we will ask you for your first names and surname and your email address. In addition, you can submit your individual message to us using the message box.

You have the choice of whether or not to disclose this data to us. However, without this data we cannot comply with your contact request. The legal basis for processing your personal data is Art. 6 (1) (a) GDPR.

3.1.6 Use of cookies

In conjunction with the retrieval of information requested by you, data is only stored on our servers in anonymized form in order to provide our various services or for evaluation purposes. In this connection general information is recorded, for example, when and which contents are retrieved from our website or which web pages are visited the most frequently.

We use so-called "cookies" (small text files with configuration information).

Cookies are small text files which, when you visit our web pages, are sent from our web server or – as mentioned below – from a third-party web server to your browser and are temporarily stored on your computer for retrieval at a later date. Apart from the use of services mentioned below. We only use so-called session cookies (also referred to as temporary cookies), that is, cookies that are only stored temporarily whilst you are using our web pages.

The cookies used serve in particular to determine the frequency of use and the number of users of our websites. They also serve to identify your computer when visiting our website and switching from one of our web pages to another of our web pages and to determine the end of your visit. Thus we learn which area of our websites and which other websites our users have visited. This usage data does not, however, allow conclusions to be drawn about the user. All of this usage data that has been collected in the anonymized form is not merged with your personal data in accordance with § 3 of this data privacy statement and is deleted immediately once the statistical analysis has been completed. Cookies sent from our web server are deleted, once the session has ended and as soon as you have completed your browser session, whereas cookies sent from third-party web servers may be stored as mentioned below.

The legal basis for processing your personal data is Art. 6 (1) (f) GDPR.

3.2 KuppingerCole Events (KCLive and Hybrid Events)

Additionally to processing your personal data according to the purchase of any other service of KuppingerCole, as detailed above under „Purchase“, we process your personal data as follows, if you attend a KuppingerCole (online) event (for example our yearly European Identity & Cloud Conference):

A subset of your personal data, namely

• your first and last name,
• your firm or employer‘s name,
• your job title,
• your business email address,
• your given phone number
• the country you or your firm or employer is located and
• the event you attended,

will be printed on a badge handed out to you, which may contain a QR-code with your data. This badge will serve as an admission document and may be checked at the entrances or on the premises of the event. Furthermore, the aforementioned subset of your personal data will be submitted to and processed by the sponsors of the (online) event in order to enable them to contact you and to do follow-up marketing as well as research. The legal basis for processing your personal data this way is our legitimate interest according to Art. 6 (1) (f) GDPR, which would be:

• security of our events and admission control;
• participation of our sponsors, which contribute large portions of the costs of the events.

We will share the aforementioned subset of your personal data with other participants of the particular event only if and in as far as you consented. The legal basis for processing your personal data this way is Art. 6 (1) (a) GDPR.

3.3 Processing for marketing purposes

3.3.1 Newsletter

In order to be able to register for our email newsletter service, in addition to your consent we need, as a minimum, your email address to which the newsletter should be sent. Any other data is given voluntarily and will be used so that you can be contacted personally, the content of the newsletter can be personalized and any queries about the email address can be clarified. You have the choice of whether or not to disclose this data to us. However, without your email address, we cannot send our newsletter to you.

We use the so-called double opt-in process for sending the newsletter, that is, we will only send you the newsletter if you confirm your registration beforehand via a confirmation email sent to you for this purpose using the link contained therein. Thus we can ensure that only you yourself, as the owner of the email address, can register for the newsletter. Your confirmation relating to this must follow promptly after receiving the email confirmation as otherwise your newsletter registration is automatically deleted from our database.

When registering for the newsletter, your email address is used for in-house advertising purposes until you unsubscribe from the newsletter. In order to unsubscribe, you can either submit a Data Subject Request via this form or cancel the registration via the link at the end of the newsletter. The legal basis for processing your personal data is Art. 6 (1) (a) GDPR.

3.3.2 Promotion of similar own products

We use the mandatory data provided in connection with the purchase of our products or the use of our services (for example Webinars / Webcasts; visit of our Events) as well as voluntary information provided in order to provide you with offers tailored to your interests. We process the data collected in connection with the use of our services only to provide you with the best possible support regarding your interests and to point out interesting options for you regarding our products and services. In particular, we will use your email address to promote similar own products and services. The legal basis for processing your personal data this way is our legitimate interest according to Art. 6 (1) (f) GDPR (in conjunction with recital 47 of the GDPR) and Art. 13 (2) Directive 2002/58/EC respectively.

§ 4 How do we process your personal data within the KuppingerCole group of companies?

We are part of a group of undertakings affiliated to a central body.

As a group of undertakings affiliated to a central body, we have a legitimate interest in transmitting personal data within the group for internal administrative purposes, including the processing of our customers’ or suppliers’ personal data. In particular, those purposes are the following: Like with other corporations our event production sites, service centers and administration departments at KuppingerCole group are distributed across our member companies. We collaborate with other member companies of the KuppingerCole group in order to provide our products and services to you or your employer if you or your employer are our customers, or – if you or your employer are our suppliers – in order to receive your products and services from you or your employer.

To enable you to exercise your rights regarding your personal data all members of the KuppingerCole group mutually agreed to honor such rights directly from and towards you, even if you should not have a contractual relationship with that particular member company. This enables you to exercise your rights regarding your personal data, in particular, those mentioned under §§ 6-9 of this Privacy Policy, directly against any member of the KuppingerCole group in concern. The essence of this arrangement is available to you at service@kuppingercole.com.

Processing your personal data in the KuppingerCole group is based upon Art. 6 para. 1 (f) GDPR, additionally to the legal basis mentioned above under § 3. 

§ 5 Information on your personal data stored by us/duration of storage/deletion

We store your personal data for as long as we are obligated to do so by applicable laws and regulations, or, in lack of the foregoing, until the purpose of processing your personal data has been reached.

In event we enter into a contract with you, we will store your personal data until the ending of this contract and beyond, in as far as we are obligated to do so by applicable laws and regulations, or in event we need this data to fulfill our post-contractual duties under the business relationship, or to rebut claims raised against us.

Where processing your personal data is based purely on your consent, we store your personal data until the purpose of processing your personal data has been reached or you should withdraw your consent, whichever will occur first unless we are obligated to store your personal data for a longer period by applicable laws and regulations.

You can at any time check, amend or delete the personal data made available to us by logging in to your user account and processing the data yourself or by submitting a Data Subject Request via this form. If you delete your user account once and for all, the data stored in the user's user account is automatically totally deleted. A request for deletion is not required. If you want the stored data to be deleted, following your request this will also be deleted immediately. If, for legal reasons, deletion is not possible, the respective data will be blocked instead. Please note however that, if your data is deleted, we are no longer able to offer you the services described here.

If the user deletes his/her user account once and for all, the data record stored in the user's user account is automatically totally deleted.

§ 6 Revocation of consent

We would like to point out to you that where data processing is based on Art. 6 (1) (a) GDPR („consent“) you can revoke your consent at any time with effect for the future. To do so please submit a Data Subject Request via this form.

§ 7 Social Media Platforms, Social Media Plug-ins

On our website you will find links to social media platforms from Facebook, YouTube, Instagram, Twitter, LinkedIn and Xing where we are present and offer content.

We are present on social media to get in touch with our customers, with interested parties and with other users and to inform about products, events, etc.. Please note that personal data is collected and processed by the respective provider when you visit the corresponding pages. The legal basis for the processing of the users' personal data is Art. 6 (1) f) DS-GVO. The legitimate interest of KuppingerCole Analysts AG is the optimal design and improvement of the company presentation.

If you use our offers in the respective social network as a logged-in member, you give your consent to data processing pursuant to Art. 6 (1) a) DS-GVO vis-à-vis the social media platform. In order to understand and improve our activities, we use corresponding evaluations in the form of statistics provided to us by the respective provider.

7.1 Facebook

We use the technical platform of Facebook Ireland Ltd, 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland for the aforementioned information service.

Please note that you use this Facebook page including its functions under your own responsibility. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating).

When you visit our Facebook page, Facebook records your IP address, among other things. This and other information is used to provide us, as operators of the Facebook pages, with statistical data about the use of our Facebook page. Facebook provides more detailed information on this under the following link:

https://www.facebook.com/help/pages/insights

The data collected about you may be stored and processed by Facebook Ltd. outside the European Union. We cannot provide any information about whether and how Facebook uses data from visitors to our Facebook page for its own purposes. Likewise, we have no information on whether your data is passed on to third parties, merged with data from other Facebook offers, how long Facebook stores data and whether page visits are assigned to individual users. You can read about what information Facebook actually receives and how Facebook uses it in Facebook's Data Use Policy. In the data usage guidelines, you will also find further contact options for Facebook as well as the setting options for advertisements. You can find the data usage guidelines here:

https://www.facebook.com/about/privacy

Facebook's complete data policy can be found here:

https://www.facebook.com/full_data_use_policy

We ourselves do not collect and process any further data from your direct use of Facebook.

According to Facebook, Facebook stores your IP address when you visit our Facebook page. According to Facebook, this is anonymized and deleted after a storage period of 90 days (German IP addresses). In addition, Facebook stores information of the end devices that you use for the visit. Through the assignment of IP addresses, it is possible that individual users can be identified here.

Facebook stores cookies with your Facebook ID on your terminal device when you are logged into Facebook. Through this cookie, Facebook can track your page views within Facebook. This also applies to the Facebook page. If you use a Facebook button that is embedded in a website, Facebook can associate this usage with your profile. This enables Facebook to offer you advertising that results from your user behavior.

You can avoid this by logging out of Facebook before visiting our Facebook page and deactivating the "stay logged in" function. In addition, you must delete all cookies from your end device and restart your browser. You will then be able to use our Facebook page without your Facebook identification being processed.

https://www.facebook.com/about/privacy

If you would like to avoid Facebook placing cookies and prevent the associated processing of your data, set your browser so that no cookies from third-party providers or from Facebook are permitted.

7.2 YouTube

Selected videos are displayed on our website. The videos are made available on the video portal of YouTube LLC., 901 Cherry Ave., 94066 San Bruno, CA, USA, (YouTube) by the brands. In addition, we maintain our own YouTube channel.

YouTube is a subsidiary of Google LLC, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as "Google".

Videos are used by us exclusively within the framework of the "Extended Data Protection Mode". According to YouTube, this function only transmits user data to YouTube when a video is actually started.

If you start a video as a logged-in YouTube member, the call-up of the video is linked to your YouTube account. You can prevent the linking of this information if you log out of your YouTube account before visiting our website. Alternatively, you can also make the necessary settings in your YouTube user account.

YouTube stores permanent cookies on your terminal device in order to ensure functionality, according to its own statement, and to analyze user behavior. You can prevent cookies from being stored on your end device by making the appropriate settings in your browser.

Under the following link you will find more information about data collection by Google and about your rights against Google:

https://policies.google.com/privacy  data protection notices available for download

7.3 Instagram

We use the technical platform of Instagram (Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland or Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) for the aforementioned service. Instagram stores personal data about you when you visit this page.

It is likely that the data collected about you by Facebook Ltd. will be stored and processed outside the European Union.

As an Instagram user, you can influence the storage of data and the collection of user behavior by Instagram in your profile settings by making the appropriate settings. 

For more information, see the Facebook and Instagram settings:

https://www.facebook.com/login.php?next

https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen

https://www.instagram.com/accounts/login/?next=/accounts/privacy_and_security/

or the form for the right of objection at:

https://www.facebook.com/help/contact/1994830130782319

For more information about Facebook's handling of personal data on Instagram, please see their privacy policy at.

https://help.instagram.com/519522125107875 or under http://instagram.com/about/legal/privacy/

7.4 Twitter

We use the technical platform and services of Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA for the short message service offered here.

Please note that you use Twitter including its functions on your own responsibility. This applies especially to the use of interactive functions (e.g. commenting, sharing, rating).

When you use Twitter, data about you will be stored and processed outside the European Union. The data that may be transferred includes your IP address, the application used and information about the terminal device you are using. Data regarding your location and web pages accessed may also be affected.

Twitter links this collected data to your Twitter account and may thus be able to create a behavioral profile. We cannot influence the type and scope of the data collected by Twitter. We also have no influence on whether Twitter passes on your data to third parties or for what purposes Twitter uses the stored data beyond this.

Under the following link you will find relevant information about what data Twitter says it collects and processes:

https://twitter.com/privacy?lang=de

If you have a Twitter account and would like to view information about the data we hold about you on Twitter, you can do so by following the link below:

https://support.twitter.com/articles/20172711#

Furthermore, you have the option of directing your questions about data protection to Twitter via the Twitter data protection form. In addition, you have the option of downloading your Twitter archive:

https://support.twitter.com/forms/privacy

https://support.twitter.com/articles/20170320#

We do not collect or process any other personal data from your direct use of Twitter. We use Twitter Analytics for a statistical evaluation of our activities on Twitter. This function enables us to optimize our presence on Twitter and does not allow any conclusions to be drawn about the data of individual users.

In the settings of your Twitter account, you have the option to restrict the processing of your data by Twitter ("Privacy and security"). Here you also have the option to restrict Twitter's access to your contact and calendar data, photos and location data on your end device. Information in this regard can be found on Twitter under the following links:

https://support.twitter.com/articles/105576#

https://twitter.com/de/privacy

7.5 LinkedIn

We have integrated components of the LinkedIn Corporation on this website.

The operating company of LinkedIn is LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. For data protection matters outside the USA is LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, responsible. Further information on the LinkedIn plug-ins can be found at.

https://developer.linkedin.com/plugins.

In this case, only the LinkedIn button is embedded on the website as a graphic, which contains a link to the corresponding website of the provider. By clicking the graphic, you will be redirected to the services of the provider. Only then will your data be sent to the provider. If you do not click on the graphic, there will be no exchange of any kind takes place between you and the provider of the social media button.

The applicable data protection provisions of LinkedIn are available at https://www.linkedin.com/legal/privacy-policy.

7.6 LinkedIn (Insight-Tag)

We also use conversion tracking on our website with LinkedIn Insights Tag, a tool from LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland. For this purpose, the LinkedIn Insight tag is integrated on our website and a cookie is set on your device by LinkedIn. LinkedIn is informed that you have visited our website and your IP address is collected. Timestamps and events such as page views are also stored. This enables us to statistically evaluate the use of our website in order to constantly optimize it.

We learn, for example, which LinkedIn ad or interaction on LinkedIn brought you to our website. This allows us to better control how our ads are displayed.

For more information on Conversion Tracking, see https://www.linkedin.com/help/linkedin/answer/67595/linkedin-conversion-trackingubersicht.

Please be aware that LinkedIn's data can be stored and processed so that a connection to the respective user profile is possible and LinkedIn can use the data for its own advertising purposes. For more information, please see LinkedIn's privacy policy at https://www.linkedin.com/legal/privacy-policy. You can prevent LinkedIn from analyzing your usage behavior and from displaying interest-based recommendations at https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

7.7 Xing

We have integrated components of Xing on this website. The operating company of

Xing is XING SE, Dammtorstraße 30, 20354 Hamburg, Germany. Further information about the Xing plug-ins can be found at https://dev.xing.com/plugins   

In this case, only the Xing button is integrated on the website as a graphic, which contains a link to the corresponding website of the provider. By clicking on the graphic, you are thus redirected to the services of the provider. Only then will your data be sent to the provider. Unless you click on the graphic, no exchange takes place between you and the provider of the social media button.

The data protection provisions published by Xing, which can be accessed at https://www.xing.com/privacy , provide information about the collection, processing and use of personal data by Xing. Furthermore, Xing has published a privacy policy at PUBLIC https://dev.xing.com/plugins/terms_and_conditions data protection information for the XING share button.

Further indications

If you wish to assert your rights against the aforementioned social media platforms, it is advisable that you contact the respective platform directly with your request for information. Even if a joint responsibility arises from the cooperation, the platforms alone have the possibility to provide you with full information about your data stored there. However, if our support is required, you can contact us at any time. If you have any questions about data protection, please contact our data protection officer

§ 8 Marketing und Analysis Tools

8.1 Matomo

We use Matomo as a web analytics platform in order to measure, collect, analyse and report visitors data for purposes of understanding and optimizing our website.

8.2 Purpose of the processing

Matomo is used to analyse the behaviour of the website visitors to identify potential pitfalls; not found pages, search engine indexing issues, which contents are the most appreciated… Once the data is processed (number of visitors reaching a not found pages, viewing only one page…), Matomo is generating reports for website owners to take action, for example changing the layout of the pages, publishing some fresh content… etc.

Matomo is processing the following personal data:

• IP address (which is, however, anonymized before further processing)
• User ID (anonymized)
• Location of the user (anonymized IP)

And also:

• Date and time
• Title of the page being viewed
• URL of the page being viewed
• URL of the page that was viewed prior to the current page
• Screen resolution
• Time in local timezone
• Country, region, city

We use Matomo in an anonymised form, in order to exclude the direct individualization of persons, the collected data is stored on our servers in Germany only for the indicated use and for the strictly necessary period of time (at least 30 minutes and no longer than 13 Months)

8.3 Pardot

We use the Salesforce Pardot marketing automation tool to distribute our marketing newsletter. Pardot is marketing automation software by Salesforce.com EMEA Limited (Salesforce), village 9, floor 26 Salesforce Tower, 110 Bishopsgate, London, UK, EC2N 4AY. The personal data you share with us when subscribing to our marketing newsletter is also processed in the U.S. for the purposes of mailing the marketing newsletter and for marketing activities. We transmit that information to Salesforce.com EMEA Limited (Salesforce). We also use Salesforce Pardot software for the purposes stated above with regard to customer data. Thus, in cooperation with Salesforce.com we are better able to customize our communications by evaluating the specific interests of our customers. We believe that communications that specifically address our customers' interests also benefit the customers. Please note that we will analyse your user behaviour when we mail the marketing newsletter. For the purpose of this analysis, the emails that are sent contain web beacons or tracking pixels. For the analyses, we link the data transmitted via these tracking pixels with your e-mail address and a personalized ID. We use the information thus obtained to create a user profile so that we can tailor the marketing newsletter to your particular interests. We record when you read our marketing newsletters and which links you click on in order to infer your personal interests. We link this data to actions that you carry out on our website. If you do not want us to do this, you should cancel your subscription. Tracking of this nature will also not be possible if your email application default settings have disabled the display of images. In this case, you will not see the full content of the newsletter and may not be able to use all its features. If you display the images manually, the tracking referred to above will take place. If you have subscribed to our marketing newsletter and we, as described above, analyse your user behaviour, we will share the information collected in the process for internal marketing purposes only.

The legal basis for processing your data is based on Art. 6 (1) (f) GDPR.

8.4 Salesforce

We use Salesforce Inc's cloud platform to manage our customer and potential customer portfolio. In order to do so, we must collect and process certain Personal Data from you. Such Personal Data can include your contact details (e.g. name, email), account creation details (e.g. username, password, security questions) as well as details about your relationship with us (interest in products and services, previous purchase history). The legal basis for the processing are Article 6 (1)(b) of the GDPR, Article 6 (1)(f) of the GDPR under which it is within our legitimate interests to maintain an efficient method of managing our customers as well as with consent, under Art 6 (1)(a) of the GDPR.

§ 9 Google re-CAPTCHA

We use the service "Google reCAPTCHA" on this website. Provider is Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Ireland. We use Google reCAPTCHA to prevent misuse through automated data entry. This applies in particular to pages on which users enter certain form data and transmit it to our servers. Google reCAPTCHA makes it possible to distinguish between data input by humans and automatic data input.

The service analyses the behaviour of the user on the website in the background. Google reCAPTCHA uses certain characteristics to determine whether the website is naturally operated. Google reCAPTCHA transmits your IP address and possibly other data (e.g. about the device you are using) to Google.

Article 6 (1) f) GDPR is the legal basis for this data processing. The essential justified interest lies in in the prevention of abuse and/or spying on our web page as well as in the prevention of SPAM.

You can find more information about Google reCAPTCHA and Google's privacy statement at: https://www.google.com/intl/en/policies/privacy

§ 10 GoToWebinar / GoToMeeting

We use GoToMeeting and GoToWebinar. The provider is LogMeIn, Inc., 320 Summer Street Boston, MA 02210, USA.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://logmeincdn.azureedge.net/legal/lmi-customer-dpa-2020v1-de.pdf.

For details on data processing, please see LogMeIn’s Privacy Policy: https://www.logmeininc.com/legal/privacy.

Execution of a contract data processing agreement

We have entered into a contract data processing agreement with LogMeIn and implement the strict provisions of the German data protection agencies to the fullest when using GoToMeeting or GoToWebinar.

§ 11 Data protection rights, your rights as a User

You shall have the right to

• obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, obtain access to the personal data (Art. 15 GDPR, „right of access“)
• obtain from us the rectification of inaccurate personal data concerning you and to have incomplete personal data completed (Art. 16 GDPR, „right to rectification“)
• obtain from us the erasure of personal data concerning you, unless processing is necessary for exercising the right of freedom of expression and information; For compliance with a legal obligation; for reasons of public interest or for the establishment, exercise or defense of legal claims (Art. 17 GDPR, „right to be forgotten“)
• obtain from us restriction of processing where the accuracy of the personal data is contested by you; the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; we no longer need the personal data for the purposes of the processing but they are required by you for the establishment, exercise or defense of legal claims; or you have objected to processing according to Art. 21 GDPR (Art. 18 GDPR, „right to restriction of processing“)
• receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller (Art. 20 GDPR, „right to data portability“).

In order to exercise your aforementioned rights, please submit a Data Subject Request via this form.

§ 12 Right to object

Where data processing is based on Art. 6 (1) (e) or (f) GDPR, we hereby inform you on your right to object at any time to processing of your personal data for aforementioned legitimate interests, based on grounds relating to your particular situation. In this event, we shall no longer process your personal data, unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise or defense of legal claims. Where personal data is processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

In order to object, please submit a Data Subject Request via this form.

§ 13 Right to lodge a complaint

We shall hereby inform you about your right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR (Art. 77 GDPR, “right to lodge a complaint”).

§ 14 Security measures to protect the personal data stored by us

We undertake to protect your personal data. To prevent a loss or unauthorized use of the personal data stored by us, we take extensive technical and organizational security precautions that are checked regularly and are adapted to technological progress. For example, we make use of firewalls, data encryption as well as access control and even physical measures to protect your personal data.

§ 15 Transfer of data to companies outside the EU / EEA

In some cases, we transfer personal data according to this Privacy Policy to our sponsors or to other entities within the KuppingerCole group that are based in countries outside the EU / EEA. Where data is being transferred outside the EU / EEA, we will provide for an adequate level of data protection by concluding EU Standard Contractual Clauses, unless the recipient of the data is validly registered with the US Data Privacy Shield or other Data Privacy Shields, the exemptions of Art. 49 GDPR applies, or the EU Commission has decided that the recipient country provides for an adequate level of data protection. You shall be entitled to receive a copy of those guarantees safeguarding the protection of your personal data at any time at please submit a Data Subject Request via this form.

§ 16 Changes and Amendments

As changes in legislation or our internal processes may render it necessary to modify this Privacy Policy, we must reserve the right to do so from time to time. The current Privacy Policy can be retrieved, saved and printed out at any time by accessing our website at https://www.kuppingercole.com/. Please check regularly.

As of September 2022

[1]  General Data Protection Regulation; REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016, repealing Directive 95/46/EC