"Personal data" means all data that can be related to you personally, e.g. name, address, telephone number, email address, gender, online user behavior, etc. (hereinafter jointly referred to as"Data"). The protection of your privacy is very important to us. All your data will be collected, stored and used by us in accordance with the statutory provisions and will not be passed on to third parties without your consent.”Personal data” shall not include data which are anonymized, pseudonymized or aggregated and can no longer be used to identify a specific natural person, whether in combination with other data or otherwise.
1. Who is responsible for data processing and who can I contact?
"Responsible" according to Art. 4 para. 7 EU Data Protection Basic Regulation ("GDPR"):
Mrs Cornelia Kirschke
Mr Thomas Staller
each c/o ID37 Company GmbH
Kollwitzstrasse 40, D-10405 Berlin
Phone: +49 30 61743020
2. Which data is processed?
When you contact us by email or telephone, the information you provide (if by email, then your email address and name; if by telephone, then your telephone number and name or email address) will be stored by us to answer your questions. The data arising in this context will be deleted after storage is no longer necessary, we no longer have a legitimate interest in storage or we restrict processing if there are legal storage obligations.
2.1 Collection and storage of data communicated by us:
We collect and store the following data when you provide it to us:
Your information on school qualification, occupation, company, industry, telephone number are voluntary, all other data are required for the execution of the contract. Your name will always be stored separately on another database and can only be associated with your Test results via your user account.
2.2 Collection and storage of data when you visit our Website:
When you access our Website, the browser used on your terminal device (hereinafter"computer") automatically sends information to the server of our Website. The following information is automatically recorded and stored until automated deletion:
We also process and analyze the click-behaviour of our registered users after login in anonymized form in order to be able to continually further develop our Tests and our Website (see also Sec. 8.3).
When you visit our Website, we also receive some data about your use of our Website vias o-called "cookies". "Cookies" are text files which are stored on your computer and which enable an analysis of the use of our Website, as our Website can recognize your computer via cookies. The information collected through these automatic means enables us to optimize our Website for all visitors and to make continuous improvements so that the information on our Website is updated and is always relevant and useful to you.
Our Website uses so-called "session cookies". Session cookies store the images, scripts, etc. of the website in the cache of your computer, which would have to reload everything permanently without these cookies.
Our Website also uses so-called "tracking cookies". Tracking cookies give us information about the way you use our Website and help us to evaluate this data.
Cookies remain stored on your computer until you delete them. These cookies enable us to recognize your browser the next time you visit. You can set your browser so that you are informed when cookies are set and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or generally and activate their automatic deletion when closing the browser. If cookies are deactivated, the functionality of our Website may be restricted.
Further information about cookies in general and their administration can be found e.g. at www.aboutcookies.org.
3. For what purpose will the data be processed?
3.1 Purposes of data processing:
The aforementioned data will be processed by us for the following purposes:
The legal basis for data processing is Art. 6 Para. 1 S. 1 lit. f) GDPR. Our justified interest follows from the purposes listed above for the collection of data. In addition, we use analysis services when you visit our Website. You will find more information on this in Sec. 7 (Google Analytics).
The sharing of your name (possibly with your profile picture) is preset as "Opt-In" (consent to ID37-search, i.e. you will be found by registered users of our Website who have created their ID37 Personality Profile), so that all registered users of our Website, such as your work colleagues, business partners, friends and life partners, can find you via the ID37-search, contact you and exchange Test Results, Personality Profiles and the other data provided by you according to Sec. 2.1.
You can change these preferences from "Opt-In" to "Opt-Out" (no consent to ID37 search, i.e. you will not be found by users who have created their ID37 Personality Profile) in your user account on ID37 at any time, even directly after you have registered with ID37. This way, however, your work colleagues, business partners, friends and life partners will not be able to find or contact you for the ID37 internal network according to Sec. 5.2.
In case of sharing your name (possibly with your profile picture) under the default setting "Opt-In" you can send other registered users of our Website (and they can send you) contact requests, which may or may not be accepted by the other side. Without acceptance contact requests remain in place for seven days before they are automatically deleted.
4. How secure is your data? How is your data stored?
4.1 Data security:
When visiting our Website, we use the SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our Website is transmitted in encrypted form by the closed representation of the bowl or lock symbol in the lower status bar of your browser.
We also make use of suitable technical and organizational security measures, see Sec. 4.2, to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
4.2 Data storage:
Your data is stored and secured electronically and double encrypted using a combined encryption process based on asymmetric RSA and symmetric AES-256 encryption.
Access to our computer system only takes place after personal authentication of authorized persons. Our rooms are secured by an appropriate locking system within the usual limits. Our employees and such service providers, who have access to your data, are bound to secrecy in writing as required by the GDPR.
We operate a double encrypted data backup on several data carriers, one of which is not kept near the computer system. This also ensures data recovery after fire or water damage.
5. Who gets your data?
5.1 A transfer of your personal data to third parties for purposes other than those listed below does not take place in principle, i.e. we only pass on your personal data to third parties if:
5.2 If you as a user accept the contact request of another registered user of our Website (such as your work colleagues, business partners, friends and life partners), your Test Results, Personality Profiles and the other data provided by you according to Sec. 2.1 will be made accessible to each other via the ID37 internal network until one of you removes the other user from his ID37 internal network.
5.3 If you have registered with us via a Master, e.g. if a Master has entered you in our system and invited you to register with us, this Master will have access to your data, including your Test results, so that the Master can evaluate your Test results together with you. After you have taken your Test, we will inform the Master by email that your Test results are now available.
5.4 The same applies if you have registered with us on your own, but then wish to evaluate your test results together with a Master and activate the relevant Master in your user account for this purpose.
5.5 Nevertheless, the data sovereignty remains with you, i.e. you can revoke the access of a Master to your data at any time via your user account. In this case, we will never send your data and Test results by email, not even to a Master, and they will only be available via our Website and your user account, even for a Master.
6. Transfer of data to a third country
We will not transfer your data abroad without your further consent.
7. Use of Google Analytics
7.1 We use Google Analytics, a web analytics service for the purpose of tailoring our Website to your needs and continually optimising it (the legal basis for the use of Google Analytics is Art. 6 Para. 1 S. 1 lit. f) GDPR), provided by Google LLC,1600 Amphitheatre Parkway, Mountain View, CA 94043, USA,
https://www.google.de/contact/impressum.html (hereinafter referred to as "Google"). In this context, pseudonymized user profiles are created and tracking cookies are used (see Sec. 2.3). The information generated by a tracking cookie about your use of our Website such as
are shortened by Google within member states of the EU or in other signatory states to the Agreement on the European Economic Area and generally transmitted to and stored on a Google server that may not necessarily be located in the EU but also in the USA.
7.2 The information is used to evaluate the use of our Website, to compile reports on our Website activities and to provide further services related to our Website use and internet use for purposes of market research and needs-based design of our Website. The IP address transmitted by your browser as part of Google Analytics is not merged with other data from Google. Google will use this information on our behalf in order to evaluate the use of our online offer, to compile reports on the activities within this online offer and to provide us with further services associated with the use of this online offer and Internet use. Pseudonymous user profiles of the users can be created from the processed data. We only use Google Analytics with IP anonymization enabled. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.
7.4 Google has adopted the EU-US Privacy Shield for the exceptional cases in which personal data is transferred to the USA, https://www.privacyshield.gov/EU-US-Framework
7.5 You can consent to or at anytime revoke the use of Google Analytics through our consent tool which you can – as legally necessary – use actively to declare whether or not you consent to the data processing and storage with respect to cookies (see Sec. 2.3).
as well as in the settings for the display of advertisements by Google
8. How long will your data be stored?
8.1 We only store your data for as long as required by legal obligations or our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR exists.
8.2 As already mentioned in Sec. 5.4, you retain data sovereignty, i.e. you can delete not only your user account but also your data at any time via your user account. In such a case, and also if you request us to delete your data in any other form, we will delete all your personal data and continue to store only parts of it as so-called "aggregated data" - i.e. data that is anonymised, pseudonymized or summarised - for statistical reasons, i.e. in order to be able to create anonymous profiles, and to continuously develop our Test.
8.3 In addition to the Test results, we only store the information on year of birth, sex, nationality, country of residence and, if available, education in anonymised or pseudonymized form, and in such a way that they can no longer be used to identify a specific natural person, whether in combination with other data or in any other way, as well as the click-behaviour of our registered users after login in order to be able to continually further develop our Tests and our Website (see Sec. 2.2).
9. What data protection and revocation rights do you have?
9.1 You as the “person concerned” have the following data protection rights:
9.2 You as the "person concerned" have the following rights of objection and revocation:
If your data are processed on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR, you have the right, pursuant to Art. 21 GDPR, to object to the processing of your personal data if there are reasons for doing so which arise from your particular situation or if your objection is directed against direct advertising. In the latter case you have a general right of objection, which is implemented by us without you having to state a particular situation.
9.3 Opt-Out for ID37-search
You can change the Opt-In preferences mentioned in Sec. 3.2 from "Opt-In" to "Opt-Out" (no consent to ID37-search, i.e. you will not be found by users who have created their ID37 Personality Profile) in your user account on ID37 at any time, even directly after your registration with ID37. However, your work colleagues, business partners, friends and life partners will not be able to find or contact you for the ID37 internal network according to Sec. 5.2.
If you wish to exercise your right to data protection, revocation or objection, i.e. your rights as the “person concerned”, simply send an email to email@example.com.