insidery Privacy Statement
Last updated: 11th August 2020
For further information about cookie collection and processing, please consult our Cookie Notice.
It is insidery’s utmost concern to constantly improve its services in order to best meet the needs of its Clients. To this end, insidery may collect and store certain information, including personal data of people like you. insidery takes the protection of your personal data very seriously in all of its business processes. This Data Protection Statement is meant to help you understand how data are collected, processed and stored to meet legal requirements and insidery’s data protection standards.
It will be very difficult and, in most cases, even impossible for insidery to provide you services if you refuse to allow insidery to process your data. For this reason, by providing personal data to insidery, you agree to be legally bound by and explicitly consent to this Data Protection Statement, as it may be amended from time to time. If you do not agree to this Data Protection Statement or cannot form a legally binding contract, insidery would not be able to process your personal data.
1. Scope of this Data Protection Statement
This Data Protection Statement applies to all services offered by insidery.
This Data Protection Statement does not apply to services offered by other companies or individuals. This Data Protection Statement does not cover the information practices of other companies and organizations who advertise insidery services or any third party operating any website to which the insidery website or other digital asset may contain a link.
2. Data collected and method of collection
insidery processes personal data in accordance with the EU General Data Protection Regulation (GDPR).
2.1 In general
insidery collects general and personal data concerning you from:
- you when you provide your details to insidery, e.g. as a Client or an interested person;
- participants at Client’s meetings and events or visitors of Client’s exhibition stands, their clients or their third parties (in such cases, Client must ensure that it is entitled to disclose such data and that you are aware of the various matters detailed in this Data Protection Statement).
Following the reception of the data, an electronic profile is created for each person or entity (the “Contact Profile”). The Contact Profile may contain but is not limited to:
- personal master data (e.g. first name, surname, gender, country);
- communication data (e.g. email address, address, phone numbers);
- organization or company of employment;
- customer status
- field of activity and/or interest in products / services.
In some cases, the Contact Profile may contain also self-declared information (i.e. data from a registration / a lead form / a survey) in addition to above mentioned aspects (e.g. as part of lead management services performed on behalf of Clients).
2.2 Personal data processed on behalf of Clients, e.g. within market research or lead management projects
When insidery is conducting market research studies for its Clients this sometimes involves transmission of relevant personal data to insidery (e.g. to send out survey invitations for customer experience or employee engagement surveys).
When insidery is providing lead management services to its Clients this always involves transmission of relevant personal data to insidery (e.g. to digitalize business card details).
In any of these cases, insidery will be the Processor (i.e. acting on behalf of its Client) and may only process these personal data in accordance with the instructions agreed with or received from the Client. Such instructions are documented in writing and agreed before any relevant contractual arrangements are accepted by insidery, to ensure that insidery is actually able to comply with any Client specific restrictions or requirements. Irrespective of any Client requirements, any personal data may only be:
a) Processed for the purpose they were provided for;
b) Not be kept for longer than is required for the purpose;
c) Are subject to the same security measures as applicable to insidery’s own personal data.
3. Purpose of data collection
insidery uses the data collected to provide, maintain, protect and improve the overall quality of its services. Data collection is also meant to protect insidery and its users. insidery does not collect more data than is necessary to fulfil such purposes.
In addition to creating Contact Profiles, insidery uses your data for the following purposes and for which you give your consent:
a) Promotion and marketing:
insidery may use your data to personalize your experience on our website by presenting advertisements that are more relevant to you. insidery may use the data to analyze trends in order to propose other or new services to its Clients. insidery may use your data to send you marketing communications that may be of interest to you, including information about insidery’s or its Client’s services. For example, insidery uses third party service providers to present services and offers tailored to the preferences and interests indicated by you at its Client’s events or trade shows during a conversation with a staff member. If your data is processed as part of a market research study on behalf of a Client, insidery will not use it for marketing and promotion purposes.
b) Technical data:
insidery, or third parties instructed by insidery, evaluate this data purely for statistical purposes and only in an anonymized form, in order to optimize insidery’s website and increase user-friendliness, efficiency and safety. insidery may in particular use technical data to measure the success of insidery marketing campaigns, compile statistics about insidery website usage and response rates.
c) Other purposes:
insidery may use your data as insidery believes to be necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (d) to enforce insidery’s terms and conditions; (e) to protect insidery’s operations; (f) to protect insidery’s rights, privacy, safety or property, you or others; (g) to allow insidery to pursue available remedies or limit the damages that insidery may sustain; and (h) to allow you to apply for an insidery job offer.
insidery will ask your consent before using data for a purpose other than those that are set out in this Statement subject to mandatory laws.
4. Duration of storage
General and personal data will be kept by insidery only as long as reasonably necessary taking into consideration its need to answer queries or resolve problems, to provide improved and new services and to comply with legal requirements under applicable laws or with inquiries from Clients on past projects. insidery will retain general and personal data during a maximum period of five years if no specific legal requirement. You may cancel/delete your insidery account by sending an email to: email@example.com
5. Location of storage
The Contact Profiles that insidery maintains on behalf of its Clients (e.g. when conducting market research studies or when providing lead management services) are stored in cloud-based databases at third party providers’ location in the EU.
The Contact Profiles that insidery maintains as insidery’s own personal data (e.g. from its Clients or interested persons) are stored in cloud-based central databases at third-party providers’ location in the EU and the United States.
Third-party providers have signed our dedicated data protection clauses. Any transfer of your Data outside the EU shall only take place with appropriate safeguards in place, such as contractual terms in compliance with applicable data protection laws and regulations.
6. Your duties
You must ensure that the data you provide us with are:
• truthful; and
• compliant with any applicable laws.
In particular, since insidery will mainly use email communications with you, you are required to notify us of any modification of your email address.
insidery is committed to protecting the privacy needs of children and we encourage parents and guardians to take an active role in their children’s online activities. insidery does not target the digital asset to children less than sixteen (16) years of age or knowingly collect information from children for the purpose of selling products or services.
7. Transfer and communication of data
7.1 In general
insidery is based in Germany and part of the MCI group which is a worldwide company based in Switzerland and offices in over 30 countries across Europe, the Americas, Asia and the Middle East. Your personal data may therefore be transferred to and outside of Switzerland, including in countries whose data protection laws may be different from, and less stringent than, those in your country of residence. You hereby agree and give your consent to insidery to transfer and communicate your data as follows:
a. Transfers within the MCI group:
Transfers are made throughout MCI and its subsidiaries to support its activities and/or services.
b. Transfer to third parties:
insidery works with certain third parties to obtain support services in connection with insidery’s internal processes, such as CRM tool providers, or in connection with insidery’s services to its Clients, such as online survey tool providers or lead management tool providers and, in some cases, personal data will be shared with these third parties in order to pursue insidery’s mission and goals. When processing data on behalf of our Client, insidery may also transfer personal data to third parties at the request of its Client, for example, for data consolidation services. insidery may transfer your data to third parties for promotion and marketing purposes as outlined under 3a) above. insidery may also transfer your data to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of insidery or MCI business, assets or stock (including in connection with any bankruptcy or similar proceedings). Prior to a transfer, third parties (except for travel suppliers and authorized transfers such as within the EU) are required to sign a data transfer agreement that requires them to follow the applicable data protection laws.
c. Regulatory transfers:
insidery may be required by law to transfer data to governments and regulatory and/or supervisory authorities.
7.2. Electronic transfer of data
If you visit insidery’s website your data will be transported via an open publicly accessible network. The data might therefore be transmitted across national borders. This involves notably the risk that your data may be intercepted and read by third parties, allowing such third parties to infer an already existing or future business relationship between you and insidery.
Furthermore, you are notified that information you transmit or allow to be transmitted to you by insidery via an electronic medium, in particular via email, SMS, contact forms, etc. are usually unencrypted and therefore neither confidential nor secure. Even in the event of an encrypted transmission, sender and recipient remain unencrypted in each case. Third parties may therefore be able to infer an existing or future business relationship between you and insidery.
If you provide insidery with personal information, your personal data may be transferred by insidery to countries whose data protection laws may be different from, and less stringent than, those in your country of residence as set forth above. Your personal data may in particular be transferred to the United States. You are hereby notified that your personal data might be accessed by governmental authorities in such countries (in particular by US authorities).
8. Security and organizational measures
To ensure the safety of your data on insidery’s website and systems, insidery has implemented appropriate technical, contractual, administrative, physical and organizational measures to protect your personal data from loss, destruction, unauthorized access, accidental or unlawful disclosure and manipulation. These measures are subject to continuous development in accordance with technological progress and are periodically reviewed to comply with all applicable privacy laws. However, we cannot and do not guarantee the security of your personal data and therefore cannot assume any liability in this respect.
Only authorized insidery staff, third party companies’ (e.g. service providers) staff or Clients’ authorized staff (who have contractually agreed to keep such data secure) have access to your personal data. All insidery staff who have access to your personal data are required to adhere to the staff confidentiality regulations and all third party employees who have access to your personal data have signed non-disclosure agreements. In addition, data transfer agreements are in place with third party companies that have access to your personal data to make sure these data remain secure.
9. Your rights
In accordance with applicable data protection laws and regulations, you have a right to request access to, rectification of your Data, or restriction of processing, and to object to said processing or to withdraw your consent to said processing as well as the right to data portability to the extent applicable. Moreover, you have a right to lodge a complaint with a supervisory authority.
Under certain conditions you also have the right to have your personal data that is stored by insidery blocked and deleted, unless insidery has to keep these data for legitimate business or legal purposes. For more information, you should contact the Data Protection Officer at the below-mentioned email address.
In case of questions or issues about insidery’s data processing, please contact the Data Protection Officer at the following email address: firstname.lastname@example.org
By contacting the Data Protection Officer at the above-mentioned email address, you may opt-out from receiving future invitations for market research studies. insidery gives you many choices regarding insidery’s use and disclosure of your personal data for marketing purposes. By contacting the Data Protection Officer at the above-mentioned email address, you may opt-out from receiving future electronic marketing messages from insidery, and request that we not share your personal data with unaffiliated third parties for their marketing purposes. insidery will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt-out as described above, insidery will not be able to remove your personal data from the databases of unaffiliated third parties with which insidery has already shared your personal data (i.e., to which we have already provided your personal data as of the date that we implement your opt-out request). Please also note that if you do opt-out of receiving marketing-related messages from insidery, we may still send you important administrative messages, and you cannot opt-out from receiving administrative messages.
This Statement may be revised and updated by insidery from time to time to comply with statutory data protection and privacy laws. insidery will post any statement changes on its website.
If you need further assistance, please contact our Data Protection Officer via:
Address: insidery GmbH, Data Protection Officer, Bussardstrasse 5, D-82166 Graefeling, Germany
For US residents and requests under CCPA (California Consumer Privacy Act): +18337910490