Data Protection Notice

Protecting your informational self-determination and privacy is an important concern for us, EQS Group AG, Karlstr. 47, 80333 Munich, Germany. That is why we collect, process and use personal data exclusively in accordance with the applicable laws on data protection and data security. The following disclosures are provided for your information. Please note that the website of the EQS Group may contain links to other providers’ websites to which this Data protection Notice does not extend.

This Data protection Notice does not apply to data or other content that we process, store or host in EQS Group systems as part of the provision of EQS Group offers to our customers. This is subject to the respective privacy notice of our customers.

1. Websites and cookies

Our websites use so-called “cookies,” text files that are stored on your computer and, among other things, ensure optimal use of the website. You can find a list of the cookies we use and their purpose, as well as more detailed information on how you can make individual cookie settings, in our Cookie Policy.

a) The following data are always collected and processed when you visit our website, as these are necessary for the operation of our website:

  • Operating system and version
  • Browser type, version and plug-in types
  • Set browser language
  • End device used
  • Display resolution
  • Time-zone setting
  • Location data: country, timezone
  • Date and time of the server request
  • http response code
  • Cookie consent
  • Info on cookie consent status
  • IP address (will be anonymized after 24 hours)
  • Login information

 

When you visit our websites, we collect and process your personal data on the basis of our legitimate interest for the following purposes:

  • For the efficient operation of our online offer and web presence.
  • To ensure the operation of IT systems. Ensuring operation includes, inter alia, the following activities:
  • Backup and recovery of data processed in IT systems
  • Incident and problem management for troubleshooting IT systems
  • IT Security as well as detection and defense against unauthorized access
  • Logging and monitoring of transactions to check the correct functioning of IT systems

You can always visit our websites without notifying us of who you are, and without your personal data being processed. To do this, please make the settings as described in our Cookie Policy.

b) The following data will be collected and processed during your visit to our website, should you have consented to the use of Marketing cookies:

  • Contact details, if you have made these available to us
  • Referral URL
  • The Marketing activity through which you became aware of us
  • Cookie ID
  • Pixel ID
  • IP address
  • Login information
  • Information about how you use the website (for retargeting activities):
     
  • Time of the visit
  • Number of sessions
  • Retention time
  • Location information
  • Click path
  • Visited pages
  • Number of visits
  • Interaction with advertisements, services and products
  • Conversion activities (downloads, requests etc.)
  • Whether you open or forward messages from us

If you consent to the use of Marketing cookies, we collect and process your personal data when you visit our website for the following purposes:

  • To ensure product quality, research and development of new products
  • For the optimization and efficient operation of our online services, our web presence and email communications
  • To determine the effectiveness of marketing campaigns
  • For the creation of user profiles and retargeting measures

 

You can revoke your consent with effect for the future at any time. Further details are described in our Cookie Policy.

 c) The following data will be collected and processed during your visit to our website, should you have consented to the use of statistical cookies:

  • Information about how you use the website:
  • Retention time
  • Number of sessions
  • Referrer URL
  • Click path
  • Click depth
  • IP address (anonymized)
  • Cookie ID
  • Browser information
  • Device information
  • Conversion activities (downloads, requests etc.)

If you consent to the use of statistical cookies, we collect and process your personal data when you visit our website for the following purposes:

  • To ensure product quality, research and development of new products
  • For the optimization and efficient operation of our online services, our web presence and email communications
  • To determine the effectiveness of marketing campaigns

You can revoke your consent with effect for the future at any time. Further details are described in our Cookie Policy.

2. Contact forms / newsletter / marketing

We collect and process personal data whenever you submit a request to us or otherwise contact us, for example in the context of white papers, newsletters, email marketing, news service, event reminders or webinars. The data you provide us includes:

  • Name
  • Address
  • Company
  • Telephone number
  • Country
  • E-mail address
  • Job title

We collect and process these data for the purposes for which you provide them to us.

Subject to your consent or as permitted by law, we may also collect the above personal information from third party sources. These sources may include the following:

  • your employer in the context of its business relationship with EQS Group
  • third parties that you have instructed to share your personal data with EQS Group,
  • third-party sources and publicly available sources such as business-oriented social networks or information brokers.

When collecting personal data from third party sources, we use internal controls to ensure that the third party provider is authorized to share the information with EQS Group and that we may use the information for this purpose. EQS Group will treat such personal data in accordance with this Privacy Policy and any additional restrictions imposed on EQS Group by the third party that provided the data to EQS Group or by applicable national laws.

We also use your data, solicited directly from you or collected from third party organizations for direct marketing purposes, based on

  • your separately given consent for this purpose,
  • an existing contractual relationship or the initiation of such a relationship, or
  • our legitimate interest to market our products and services.
  •  

You can object to the direct marketing measures at any time.

3. Events

We collect and process personal data whenever you take part in any of our events. The data you provide us includes

  • Name
  • Address
  • Company
  • Telephone number
  • Country
  • e-mail address
  • Job title
  • If applicable, any photographs and video recordings made of you at the event
  •      

 We collect and process your data in order to initiate and fulfill contractual obligations to carry out the event and to enable you to participate. We will share your data with cooperating institutions, as far as this is necessary for the realization of the event and to enable your participation, e.g. external guest management, event locations. This also includes that, if applicable, we make your data (name, company/institution details) available to the event moderators and agencies for the purpose of conducting the event as well as to the following premium partners that enable us to conduct the event: KPMG Law Rechtsanwaltsgesellschaft mbH, StoneTurn Group LLP, EYGS LLP, INFORMA D&B, S.A.U. (S.M.E.), INFORMA D&B, LDA. In addition, we use this data to provide you with materials relevant to the event after the event.

In addition, photos and/or videos are regularly taken at our events, some of which are published on our homepage, in our social media channels, as part of external and internal reporting or in our newsletters, possibly also together with your names. In addition to the photo and video recordings, metadata such as the place and time of recording and location are also automatically stored in the digital cameras. The legal basis for taking and storing photos and video recordings is our legitimate interest in reporting on the event. The legal basis for publishing the photo and video recordings are §§ 22, 23 of the German Art Copyright Act (KUG) and/or your consent.

You are free to decide whether photographs are taken and/or videos are made from you. Provided that you participate in the event and do not declare any conflicting interest to us, we assume that you agree to the taking and publication of the photographs and/or videos.

You have the right to object to the production and storage of your photos and video recordings with future effect at any time by letting the photographer know or sending an email to dataprotection@eqs.com.

We expressly point out that external reporters might be present at the events who also take photos and videos. However, since we have no influence on the photos and videos taken by the external reporters and their use, we cannot provide any information on the purpose and scope of the processing of your data by these external reporters.

We also use the data for direct marketing, provided that you have given us separate consent for this purpose, or the authorization stems from an existing contractual relationship or the initiation of such a relationship. You can object to the direct marketing measures at any time.

4. Services or other performance by the EQS Group

We collect and process such personal data provided as are necessary when initiating, or as part of, providing you with a service or other performance. The data you provide us includes:

  • Name
  • Address
  • Company
  • Telephone number
  • e-mail address
  • Login information
  • Master data

Your personal data are collected and processed in order to initiate and fulfill contractual obligations, and in the event we have a legitimate interest in the use of your personal data, such as

  • to ensure product quality, research and development of new products,
  • to fulfill sales, service and administration processes,
  • for improvement and economical operation our online offerings, our website and our e-mail communication,
  • to furnish you with advertising relative to similar products to those already purchased, unless you have objected to this,
  • to determine the effectiveness of marketing campaigns.

5. Web beacons and tracking

a) We use web beacons (also referred to as “tracking pixels”) in our email correspondence in relation to Webinars, events, newsletters, and resources only with your express consent.

For example, we may place web beacons in marketing newsletters/e-mails to provide us with an idea of when you open our e-mail or click a link in the e-mail that redirects you to one of our websites.

The collected data is aggregated and analyzed due to a legitimate interest for the purpose of optimizing our email communication and determining the effectiveness and reach of marketing campaigns by individual measuring, storing and evaluating open and click rates in recipient profiles.

You can revoke your consent to the use of this technology with future effect at any time. You have the possibility to prevent our use of this technology by prohibiting HTML emails in the settings of your email client.

b) On our websites we use web beacons (also called tracking pixels) only with your express consent.

Through the tracking used on our websites, contacts you have with advertisements displayed on other websites (visual contacts and clicks on advertising banners) or with our emails are put in relation to interactions on our website.

The data collected is merged and evaluated for the purpose of optimizing and operating our online services, our website, and email communication, as well as for determining the effectiveness of marketing campaigns.

You can revoke your consent to the use of this technology with future effect at any time. Further details are described in our Cookie Policy.

c) For technical implementation we work with the following service providers

(1) In relation to Email and Websites, HubSpot, Inc. 25 First Street, 2nd Floor, Cambridge, MA 02141 USA. The Hubspot Tracking Code uses cookies to track website traffic, create user profiles and improve the presentation of content on our websites. By concluded Standard Contractual Clauses approved by the EU Commission with Hubspot, HubSpot agrees to comply with EU data protection requirements even when data is processed in the USA.

(2) In relation to Websites, Google Analytics, a web analysis service and Google Optimize that is provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, United States). As far as you have your habitual residence in the European Union or Switzerland, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is the responsible party for your data. We use Google Analytics to analyze website usage. The resulting data is used to optimize our website and advertising measures. This data is transferred und saved to a Google server in the USA. Google as well as governmental authorities have access to this data and it is also used by Google for its own purposes, such as profiling and merging it with other data about you. For this purpose, your data such as search history, personal accounts, usage data of other devices and all other data that Google has about you will be linked. In addition, we use the data collected by Google Analytics as part of the Google tool Optimize. Together with an additional cookie, Optimize allows us to test different versions of a website and how users react to these different versions. For example, we can test at which point within the website a particular piece of information is most attractive (A/B testing). The additional cookie is used to determine whether you are participating in a test and sets the end of the test. Further information and Google's applicable privacy policy can be found at https://www.google.de/intl/de/policies/privacy/ and https://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail under this link https://www.google.com/intl/de_de/analytics/

6. Re-targeting

We work with some advertising partners on the use of what is referred to as “re-targeting technology.” Under this technology, cookies from these partner companies (also known as “third-party cookies”) are also stored on your hard drive when you visit our website, if you have consented to the use of Marketing cookies.

The service provider collects and processes your usage behavior on websites operated by us. These data are used to address users again after visiting our websites with targeted advertising based on their usage behavior. These advertisements are shown outside of our websites. Your interactions with these features are governed by the privacy policy of the companies that provide them. Please see our Cookie Policy for further details.

You can revoke your consent to the use of this technology on our website with future effect at any time. Further details are described in our Cookie Policy.

For more information on how to opt out of further use by the partner company, please see the partner company’s data privacy policy. We use the following third-party cookies, provided you have expressly consented:

a) LinkedIn InsightTag of LinkedIn Corp., 2029 Stierlin Ct, Mountain View, CA 94043, USA (“LinkedIn”). For privacy matters outside the United States, LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible. The LinkedIn InsightTag puts a cookie in the browser that is matched against the LinkedIn database to create anonymous user segments and enable retargeting. You can opt out of LinkedIn retargeting in your LinkedIn settings. You can find the LinkedIn Privacy Statement here: https://www.linkedin.com/legal/privacy-policy

b) Remarketing or “Affinity Audience” function and the “Google Ads” advertising program and, in this context, conversion tracking (visitor activity analysis) of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; (“Google”). If you are habitually resident in the European Economic Area or Switzerland, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is the data controller.

(1) The Remarketing or “Affinity Audience” feature is designed to analyze visitor behavior and interests. Google uses cookies to perform the analysis of website usage, which forms the basis for the creation of interest-related advertisements. Cookies are used to record visits to the website as well as anonymous data on the use of the website. As part of this technical process, Google obtains knowledge of personal data, such as the IP address or surfing behavior. When you visit another website in the Google Display Network, you will see ads that most likely reflect the product and information areas you have previously viewed. Your data may be transferred to the USA and possible forwarded to third parties. You can revoke your consent at any time with effect for the future. The use of cookies can be disabled on the Google Marketing Platform opt-out page or the Network Advertising Initiative opt-out page.

(2) The “Google Ads” advertising program and, in this context, conversion tracking (visitor activity analysis) is used to compile conversion statistics. These statistics tell us the total number of users who have clicked on one of our ads and been redirected to a page with a conversion tracking tag. When you click on an ad served by Google, a conversion tracking cookie is placed on your computer. These cookies are of limited validity, do not contain any personally identifiable information, and are therefore not used to personally identify you. If you visit certain pages on our site and the cookie hasn’t expired, Google and we can tell that you clicked on the ad and were redirected to that page. Each Google Ads customer receives a different cookie. As a result, there is no way that cookies can be tracked across the sites of ads customers. Google receives personal data, including your IP address. However, we do not receive any information that personally identifies users. Your information may be transferred to the USA. You can revoke your consent for the future at any time. To do so, go to www.google.de/settings/ads from each of your internet browser that you use and make the desired settings there. You can find further information and the Google data protection declaration at https://www.google.de/policies/privacy/.

7. YouTube Videos

We integrate videos from the “YouTube” platform of provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. If you are habitually resident in the European Economic Area or Switzerland, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is the data controller. Your interactions with this function are governed by Google’s privacy policy: https://policies.google.com/privacy

8. Fulfillment of legal obligations

We will also process personal data if there is a legal obligation to do so. We are subject to a variety of legal obligations. In order to comply with these obligations, we process your data to the extent necessary and, where indicated, pass these along to the responsible authorities within the framework of statutory reporting obligations. If necessary, we also process your data in the event of a legal dispute, if the legal dispute requires the processing of your data.

9. We protect your personal data

The EQS Group uses technical and organizational security measures to protect your data against manipulation, loss, destruction or access by unauthorized persons. These security measures are continuously improved in keeping with technological progress. This includes, for example, access authorizations, authentications, audits, controls, alarm messages, data storage and backups, transmission standards and environmental integrity. For EQS Group employees, there is a Code of Conduct that obliges them to comply with the principles of data protection and data security.

10. How long we keep your information

We will only retain your data for as long as necessary for the purposes for which we process your data,

  • to provide you with the products and services requested by you or your employer,
  • to comply with our legal obligations to retain personal data, including those arising from applicable export, financial, tax or commercial laws,
  • to fulfill EQS Group's legitimate business purposes as set out in this privacy notice, unless you have opted out of EQS Group's use of your personal data for these purposes,
  • until you withdraw the consent you have previously given to EQS Group to process your personal data.

If we process data for multiple purposes, they will automatically be deleted or stored in a format that does not permit direct conclusions to be drawn about you once the last specific purpose has been fulfilled.

EQS Group may retain your personal data for a longer period of time if this is necessary to comply with legal requirements for the processing of your personal data or if EQS Group needs the personal data to assert legal claims or to defend against such claims. In this case, EQS Group will retain your personal data until the relevant retention period has expired or the claims have been settled.

11. Whom do we provide with international access to your data, and how do we protect these data in the process?

The EQS Group is a global company. Personal data are processed by employees, by Group companies and by service providers commissioned by us, preferably within the EU. Should data be processed in countries outside the EU, we use suitable measures (e.g. EU standard contractual clauses including appropriate technical and organizational measures) to ensure that your personal data are processed in accordance with European-level data protections.

12. Privacy Notice for Shareholders

Our Privacy Notice for Shareholders provides a clear summary of all of the information around the processing of the personal data of our shareholders.  This information is available here for download.

13. Conference Platform European Compliance & Ethics Conference

For providing the virtual European Compliance & Ethics Conference, we use Hubilo Technologies Inc, having its office at 505 Montgomery Street, 10th Floor, San Francisco, CA 94111, USA (“Hubilo”).

What data do we need from you to operate the online conferencing solution? What data is collected and stored in the process of use?

a) Registration and Ticketing

Users who are attendees in an event might be buying tickets for that event or registering for the same. Information that you provide while creating an attendee account or registering for that event or using any of its services i.e. buying tickets or attending certain sessions will ask for your personal information including name, e-mail address, contact number, country. We will treat this information as set out in Section 2 above.

While registering and buying tickets of an event, the user might be asked to enter the transaction and financial information (credit card details, debit card details etc). For these financial transactions third-party providers are used i.e. Stripe (see below). This third-party is responsible for any financial information being collected of the user and their terms and conditions and privacy policies apply. We DO NOT store any payment related, financial or transactional details of any user.

b) Creating and editing a profile

A user profile is created for you based on the information you provide during registration. You have the option of adjusting, changing or deleting the information in your profile. The information in your profile is generally visible to other users. However, you can use a switch within your profile, in order to set your details to be hidden and thus not shown to other users.

You also have the option to set a profile picture. You can either create a picture with your camera or use a picture from your photo gallery. If you want to create a picture with your camera, it is necessary to allow the application access to this function. If you want to use a picture from your photo gallery, it is necessary to allow the app access to it.

The data processing carried out in this context is necessary to provide our service in accordance with Art. 6 (1) sentence 1 lit. b GDPR, as requested by you. It should be noted, that the majority of the data is provided from your side and on a voluntary basis.

c) Chatting & meetings with other users

You can contact other users. The information you share in the chat is transmitted to the other users for this purpose. This exchange of information constitutes  the basic functionality of a chat. The data processing is therefore based on our legitimate interest, as our interest in enabling users to exchange information outweighs the interests and rights of users who do not wish to exchange data. It should be noted that this processing of personal data is based precisely on an action of the data subject. Furthermore, this processing is necessary for the performance of the contract between you and us according to Art. 6 (1) sentence 1 lit. b GDPR. Of course, we do not take access to the messages exchanged by users.

d) Use of the camera and/or photo gallery

Among others, when creating a profile, scanning the QR code of your ticket and posting your company logo or header, you have the option of creating a picture directly via the camera of your device or using a picture from the photo gallery of your device. The data processing is hereby based on Art. 6 (1) sentence 1 lit. a GDPR, as you can freely choose to upload a photo and Art. 6 (1) sentence 1 lit. b GDPR, as data processing in this context is necessary to enable this function. In this context, we would like to inform you that you are only entitled to post pictures which you are permitted to use and post in our service.

e) Contacting the support

You have the possibility to contact our support via the corresponding button and to send us questions and suggestions. Contacting our support takes place by sending an e-mail via the relevant app on your device. When sending an e-mail, your e-mail and the content of your message will be communicated inevitably to us and your e-mail will be stored on our servers. This data processing is necessary to make contacting us by e-mail technically possible at all and to make the e-mail retrievable for us. The data processing in this context is necessary to enable this function, so the data processing is based on Art. 6 (1) sentence 1 lit. b GDPR.

f) Which other services are used to provide the event platform?

Depending on the feature used in the application, the following additional suppliers may be used.

The legal basis for the aforementioned data processing is Art. 6 (1) f) GDPR based on our legitimate interest. We want to provide you with the technical infrastructure to be able to offer our products and services.

Twilio SendGrid
US
1801 California Street Suite 500 Boulder, CO 80202 United States
Customer communication platform for transactional and marketing emails
https://sendgrid.com/resource/general-data-protection-regulation-2/; https://sendgrid.com/policies/security/; https://sendgrid.com/files/SendGrid-FAQ.pdf
Zoom
Global
55 Almaden Boulevard, Suite 600, San Jose, CA 95113
Video Conferencing/Web Conferencing Platform
https://zoom.us/privacy#_Toc44414845; https://zoom.us/trust/legal-compliance
AWS
EU (Frankfurt)
410 Terry Avenue North, Seattle, WA 98109-5210
Application Hosting and Data Storage
https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf; https://aws.amazon.com/compliance/programs/
AWS
EU (Frankfurt)
410 Terry Avenue North, Seattle, WA 98109-5210
Static / Image Asset Storage
https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf; https://aws.amazon.com/compliance/programs/
Stripe Inc.
EU
505 Montgomery Street 10th floor San Francisco CA 94111 US
Payment Processing
https://stripe.com/en-in/privacy
MUX
US
1182 Market St., Suite 425, San Francisco, CA 94102
A/V Ingestion, Transcoding & Distribution
https://mux.com/files/mux-dpa.pdf
Agora
Global
2804 Mission College Blvd., Santa Clara, CA, USA 95054
Video & Audio SDK Provider
https://www.agora.io/en/compliance/
Chargebee
EU, US
Inc :- 02-177 & 02-180, 44, Montgomery ST, San Francisco, CA 94104, USA; Chargebee Technologies :- Unit No.301, 3rd Floor, Indiqube Brigade Vantage, Old Mahabalipuram Road, Kandanchavadi, Chennai, India
Subscription Management
https://www.chargebee.com/privacy/dpa/; https://www.chargebee.com/security/
Google Workspace
Global
1600 Amphitheatre Parkway, Mountain View, CA 94043
Email Communication plus Internal collaboration and Storage
https://workspace.google.com/terms/dpa_terms.html; https://cloud.google.com/security/compliance/offerings
Amplitude
US
Amplitude, Inc., 631 Howard Street, Floor 5, San Francisco, CA 94105
Analytics
https://amplitude.com/privacy
Google Firebase
Global
1600 Amphitheatre Parkway Mountain View, CA 94043
Mobile & Web Applications
https://cloud.google.com/security/compliance/offerings
Beamer
US
3500 S DuPont Hwy, Dover, Delaware, 19901 USA
Push Notifications
https://www.getbeamer.com/blog/how-beamer-is-complying-with-gdpr

14. Contacting us, your privacy rights and your right to lodge a complaint with the data protection authority

If you have granted consent to our processing of your personal data, you have the right to withdraw your consent at any time. The lawfulness of the processing of your personal data up until this withdrawal is not affected by the withdrawal. Further processing of this data under a different basis in law, for example to fulfill legal obligations, remains unaffected as well.

Do you have any further questions or comments on the subject of data protection, particularly as concerns information on the data stored about you? Do you want information about your data, the data we have stored, or to check, amend or delete your data? You want to limit our processing of your data or object to it? Then contact the EQS Group Data Protection Officer at dataprotection@eqs.com

We take your concerns and rights very seriously. However, if you believe that we have not adequately addressed your complaints or concerns, you have the right to file a complaint with a competent data protection authority.