Privacy policy These explanations of our data protection concern the domain limesurvey.org and all its subdomains (hereinafter ‘websites’). Data protection is a top priority for us. We would like to inform you about how we process your data below. We therefore ask that you read the following information on data protection carefully. 1. Name and contact details of the controller responsible for processing and the company data protection officer This data protection notice applies to data processed by: Data controller: LimeSurvey GmbH, survey service & consultancyPapenreye 63, 22453 Hamburg Telephone: +49 40 22660066 (support not provided over the phone!) Email: info@limesurvey.org, support: support@limesurvey.orgWebsite: www.limesurvey.org The company data protection officer for LimeSurvey can be contacted via the above address, FAO: Herrn Jörg ter Beek, or at www.cortina-consult.com. 2. Collecting and storing personal data, as well as the type and purpose of data use When visiting our website When accessing our website, information is automatically sent to our website’s server by the browser used on your end device. This information is temporarily stored in a ‘log file’. The following information is collected without any action on your part and stored until it is automatically deleted: anonymised (= truncated) IP address of the accessing machine; date and time of access; name and URL of the file retrieved; size of transferred data; whether or not the download was successful; website from which access is made (referrer URL); and browser used and, if applicable, your machine’s operating system and the name of your access provider. The specified data is processed by us for the following purposes: to ensure that a smooth connection is established with the website; to guarantee the convenient use of our website; to evaluate system security and stability; and for other administrative purposes. The legal basis for data processing is Article 6 (1) (f) of the GDPR. Our legitimate interests are based on the above-mentioned purposes for collecting data. We never use the data collected to draw conclusions about you as a person. We also use cookies and analysis services when you visit our website. You can find more information about this in points 3 and 4 of this privacy policy. When subscribing to our newsletter If you have given your explicit consent pursuant to Article 6 (1) (a) of the GDPR, we use your email address to regularly send you our newsletter. If you have provided further information within the scope of our online presence (e.g. first name, last name, company name, line of business, job title, etc.), we may use this data to send you a personalised newsletter and therefore to be able to display content relevant to you more accurately. You can unsubscribe at any time, for example by clicking on the link at the bottom of each newsletter. Alternatively, you can send your unsubscribe request by email to info@limesurvey.org at any time. We use services provided by ZOHO CORPORATION B. V. to send our newsletter (see point 3). When using our contact form If you have any questions, you have the option of contacting us via the form on the website. A valid email address, and a first name and last name is required to do so, so that we know who the request has come from and are able to respond. Further information can be provided on a voluntary basis. Data processing for the purposes of you contacting us takes place on the basis of Article 6 (1) (a) of the GDPR if your voluntary consent has been given. The personal data we collect when you use the contact form is erased once your request has been resolved. We use services provided by ZOHO CORPORATION B. V. to save and respond to your request (see point 3). 3. Sharing data Your personal data is not shared with third parties for purposes other than those listed below. We only share your personal data with third parties if: you explicitly consent to this under Article 6 (1) (a) of the GDPR; data must be shared pursuant to Article 6 (1) (f) of the GDPR in order to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in your data not being shared with third parties; if there is a legal obligation to share it pursuant to Article 6 (1) (c) of the GDPR; and if this is legally permissible and required in order to process contractual relationships pursuant to Article 6 (1) (b) of the GDPR. 3.1 ZOHO CORPORATION B. V. We will process and maintain personal data you have provided to us by making a contact request (via the website, by email, phone, fax or in person), through a newsletter subscription or direct business relationships using a customer relationship management system (CRM system). We use ZOHO CORPORATION B. V. (Hoogoorddreef 15, 1101 BA, Amsterdam, The Netherlands) services for this purpose. Zoho Corporation Pvt. Ltd. (Estancia IT Park, Plot No. 140 & 151, GST Road, Vallancherry Village, Chengalpattu Taluk, Kanchipuram District 603 202, India) is involved in the provision of Zoho. Please note that there is not an appropriate level of data protection in India as a third country and there is no EU Commission adequacy decision, however Zoho Corporation Pvt. Ltd has provided sufficient assurances to ensure an adequate level of data protection. Specifically, we have concluded a commissioned processing contract with ZOHO CORPORATION B. V. and Zoho Corporation Pvt. Ltd based on the EU standard contractual clauses on commissioned processing in third countries. Details on data protection at Zoho and settings options to protect your personal data can be found in Zoho’s privacy policy: https://www.zoho.eu/privacy.html. We use the following ZOHO CORPORATION B. V. services: ZOHO CRM Purpose: Maintaining customer data Data transmission for: (1) Using our contact form, (2) using our registration form Data exchange: Data is exchanged with ZOHO SalesIQ, ZOHO Campaigns, ZOHO Flow and ZOHO Desk ZOHO Campaigns Purpose: Email marketingData transmission for: (1) Subscribing to our newsletterData exchange: Data is exchanged with ZOHO SalesIQ, ZOHO CRM, ZOHO Flow and ZOHO Desk ZOHO Flow Purpose: Further data processing serviceData transmission for: (1) Using our contact form, (2) using our registration form, (3) subscribing to our newsletterData exchange: Data is exchanged with ZOHO SalesIQ, ZOHO CRM, ZOHO Campaigns and ZOHO Desk ZOHO SalesIQ Purpose: Customer service chatData transmission for: (1) Using the chat feature on our websitesData exchange: Data is exchanged with ZOHO CRM, ZOHO Campaigns, ZOHO Flow and ZOHO Desk 3.2 Web analysis/tracking providers for which consent is required If you have given your consent to the use of cookies for statistical purposes, the following essential services are used to optimise our website, thus ensuring the best possible user experience. To do so, anonymised user data is collected via the respective service when visiting our website. The services specified below use ‘cookies’ which allow your user behaviour to be analysed. You can prevent this ‘tracking’ by changing your browser settings or by rejecting consent to cookies. We exclusively store this data for the specified purposes. IP addresses have been truncated by removing the last few digits to guarantee anonymity. Google Ireland Limited services Google Analytics Purpose: Google Analytics allows us to collect statistics concerning website visitors. https://policies.google.com/privacy Google Optimize Purpose: Google Optimize allows us to dynamically display content (e.g. for A/B tests) based on visitors’ IP addresses and the website’s user behaviour. https://policies.google.com/privacy ZOHO CORPORATION B. V. servicesPageSensePurpose: PageSense allows us to check the general use of our website through a heat map and to display important content to you in the right place on individual websites as a result. We can also anonymously record the progression of individual sessions to get an understanding of how visitors use our website. PageSense also allows us to dynamically display content (e.g. for A/B tests) based on visitors’ IP addresses and the website’s user behaviour. https://www.zoho.com/pagesense/terms.html, https://www.zoho.com/privacy/cookie-policy.html SalesIQ Purpose: SalesIQ allows us to integrate a chat feature into our website. SalesIQ records user behaviour on our websites in order to provide our customer service representatives with precise information about your concerns when using the chat feature. https://www.zoho.com/pagesense/terms.html, https://www.zoho.com/salesiq/terms.html 3.3 Marketing providers for which consent is required We do not currently integrate any external marketing providers. The Google Analytics ‘Target audience for remarketing’ feature is disabled. 3.4 Google Tag Manager Our websites use Google Tag Manager. Google Tag Manager is a solution that can be used to manage, control and download any type of website content (HTML, CSS, Javascript). Google Tag Manager itself is loaded via a cookie-free domain and does not collect any personal data. If content is downloaded via Google Tag Manager which collects data, Tag Manager does not access this data. 4. Cookies 5. Data subject rights You have the right: to request information about your personal data that is processed by us, pursuant to Article 15 of the GDPR. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom the data has been or is being disclosed, the intended storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and meaningful information about the details of this, where applicable; to request that incorrect or incomplete personal data stored by us is immediately rectified pursuant to Article 16 of the GDPR; to request that your personal data stored by us is erased pursuant to Article 17 of the GDPR, provided that processing is not required to exercise the right to free expression of opinion and information, to fulfil a legal obligation, for reasons in the public interest or to assert, exercise or defend legal claims; to request that the processing of your personal data is restricted pursuant to Article 18 of the GDPR, if the accuracy of the data is disputed by you or processing is unlawful, and you have objected to such data being erased and we no longer require the data, but you require it to assert, exercise or defend legal claims, or you have objected to processing pursuant to Article 21 of the GDPR; to request that you receive the personal data concerning you, which you have provided us, in a structured, commonly used and machine-readable format or is transmitted to another controller, pursuant to Article 20 of the GDPR; and to withdraw the consent you have previously given at any time pursuant to Article 7 (3) of the GDPR. This results in us no longer being able to process data on which this consent is based in the future; and to complain to a supervisory authority in accordance with Article 77 of the GDPR. Generally, you can contact the supervisory authority where you have your usual place of residence or place of work or where our law firm’s office is based. 6. Right to object If your personal data is processed on the basis of legitimate interests pursuant to Article 6 (1) (f) of the GDPR, you have the right to object against your personal data being processed pursuant to Article 21 of the GDPR, provided that there are reasons that relate to your particular situation or provided that the objection is against direct marketing. If the latter applies, you have the general right to object, which is processed by us without having received details concerning a particular situation. If you would like to assert your right of withdrawal or your right to object, please simply send an email to info@limesurvey.org. 7. Data security Within the scope of you visiting our website, we use the commonly-used SSL process (secure socket layer) together with the respective maximum level of encryption supported by your browser. This is generally 256-bit encryption. If your browser does not support 256-bit encryption, we will use 128-bit v3 technology instead. You can tell whether individual pages of our website are being transmitted in an encrypted way if a key or padlock symbol is shown in your browser’s lower status bar. We also take appropriate technical and organisational security measures to protect your data from any accidental or intentional manipulation, partial or total loss, destruction or unauthorised access by third parties. If personal data is collected and processed, information is transferred in an encrypted way in order to prevent data being misused by third parties. Our security measures are continually improved in line with technological developments. 8. Updating and changing this privacy policy This privacy policy is currently valid and is dated 07 August 2020. If we further develop our website and services, or if there is a change in legal or official guidelines, it may be necessary to change this privacy policy. You can access and print out the latest privacy policy from the website at any time.