Privacy Policy and the General Data Protection Regulation (GDPR)
We have updated our Privacy Policy to make it clearer and to address the new General Data Protection Regulation (GDPR) privacy laws coming into effect in Europe on May 25, 2018. Put simply, we are changing the way we collect and use information from you, such as the email you provided to subscribe to our newsletter, or the contact details we stored on our customer management system after you gave us your business card. The new legislation aims to make data safer and strengthen people's rights to their own private information, and we support the changes as a step towards a more fair and transparent digital environment.
The personal data are processed by both Reppublika Research and Analytics Austria and Reppublika Research and Analytics Germany (hereafter collectively referred to as the 'Company') for the purpose of sending newsletters or information about current and new products, services and tools in the field of opinion and market research or information about events our Company might carry out or support by e-mail. The legal basis for processing for this purpose is the consent given.
Personal data, including the declaration of consent, will be stored for a further three years after a revocation has taken place in order to prove to the data subject and authorities that the requested information has been duly sent and the personal data has been lawfully processed. However, communications will be no longer sent. The legal basis of the processing is the legitimate interest of the person responsible, namely the proof of the proper sending of marketing and the lawful processing of the personal data.
The personal data will be stored until the expiration of three years after the revocation of the consent, but no more than three years from the last contact with the person concerned and then deleted.
The data subjects have the following rights:
-
to ask [the company] for confirmation of the processing of personal data concerning them and, if necessary, information on such personal data (right of access);
-
to demand the immediate rectification of inaccurate data and the completion of the personal data concerning them (right to rectification)
-
to demand the immediate deletion of the personal data concerning them in compliance with the right to be forgotten
Furthermore as of the 25th of May 2018 the data subjects shall also have the following rights always according to the specific conditions for their exercise provided in the General Data Protection Regulation:
-
the right to require restriction of processing
-
the right to data portability
-
the right to object at any time to the processing of their personal data; the data subject has the right to object to the data processing for the purpose of direct marketing at any time with an effect for the future.
Personal data might be stored in servers of our service providers that are located outside of the EU, such as in the USA. We guarantee that the same level of data protection as required by the applicable legislation applies also there and we have put in place all the legally required transfer mechanisms.
As of the 25th of May 2018, the responsible authority for any complaints regarding infringement of the above right of access, right to rectification, right to be forgotten etc will be the Data Protection Authority of Austria or Germany respectively.
IAB Europe Transparency & Consent Framework
We participate in the IAB Europe Transparency & Consent Framework with Vendor ID 703 and comply with the relevant Transparency & Consent Framework Policies and Specifications.
The TCF is an accountability tool that relies on standardisation to facilitate compliance with certain provisions of the ePrivacy Directive and the GDPR. It applies principles and requirements derived from these two legislative instruments to the specific context of the online industry, taking account of relevant EU-level guidance from the European Data Protection Board and national level guidance from Data Protection Authorities.