Get in touch

Privacy Notice

Last updated: 18th of December, 2023

This privacy notice informs you how Wakoopa collects and processes your personal data in connection with your visit to our website and other activities/interactions with the company. Other privacy notices may apply to you, for example if you participate in one of our panels or special market research studies. In case you use our technology directly from a third-party provider (licensee), you will be subject to an exter-nal policy (i.e., the policy applied by the licensee). You will be informed of this situation separately by the applicable controller. In case of doubt, please contact the company who is providing you with the service that contains our technology.

Wakoopa is a registered brand of Soluciones Netquest de Investigación, S.L.U. (Netquest), which is en-tered in the Barcelona Companies Registry (Spain) in volume 33486, folio 110, sheet B-228142, entry 1, and has Fiscal Identification Code number B-62470489. Netquest belongs to the NIQ-GfK group which together form the "GfK Group". "Netquest", "we", "us", "our" means the Netquest company identified in this privacy notice as the controller for processing your personal data.

Where we refer to personal data below, we mean any information relating to an identified or identifiable living person. Personal data that has been anonymized in such a way that the data subject cannot be iden-tified or can no longer be identified (anonymous data) is no longer considered personal data.

We may need to amend or update this privacy notice from time to time. Therefore, please read this priva-cy notice at regular intervals.

Controller, data protection officer

For the purposes of this privacy notice, the controller is:

Soluciones Netquest de Investigación, S.L.U.

Gran Capitán Street 2-4, Floor 4;

08034 Barcelona, Spain

 

Netquest has appointed William Hammond as data protection officer (who can be reached at [email protected] for general matters).

 

If you have any doubts regarding this policy, want to receive more information on the topic or to exercise your rights, please contact us at [email protected]

Personal data categories

When you visit our website, we process the following personal data:

  1. When you acces our website

    Each time you access our website, your internet browser automatically sends certain information to our website server and temporarily stores it in so-called log files.

    We use Internet log data to improve the user experience, performance of the website, and security of our surveys and other solutions, and for quality assurance purposes. The following internet protocol data is automatically transmitted:

    • IP address of your device;
    • name of the accessed files and contents;
    • date and time and duration of your website visit;
    • volume of personal data transferred;
    • operating system and internet browser including installed add-ons and other technologies of your device;
    • internet address of the website from where you accessed our website (so-called origin or referrer URL);
    • Name of the service provider that provides access to our website;
  2. When you provide your personal data

    We process personal data that you provide to us when you:

    • fill in contact forms or otherwise communicate with us, whether by email, post or telephone;
    • wish to make use of our products or services,
    • enter into a contract with us;
    • apply for a job position;
    • register to receive our services or other information;
    • request marketing materials;
    • participate in a competition, promotion or customer satisfaction survey;
    • give us feedback or contact us.

    This concerns the following personal data, if provided by you:

    • contact and identification data (title, gender, name and surname, address, birth date, , nationality, telephone numbers, other contact details and email address, job information, employer, postal / billing / delivery address);
    • other data on personal/professional circumstances & characteristics (e.g. marital status, children);
    • applicant data when you use our online application function. You can read about how we process your applicant data in the privacy notice for applicants;
    • financial transaction data (bank account and credit card details, payment information, for products or services purchased from us);
    • contract data (contract identifier, contract history, contract content);
    • user data (e.g. email, password, username or similar identifier, preferred settings, feedback);
    • data from the contact form (data provided by you in the form as well as your contact Data provided to process your enquiry);
    • Data that you provide as part of feedback.
  3. If you participate in our market research activities

    We may also collect and process your personal data if you participate in our market research activities, for example by answering surveys or registering for our market research panels. For those scenarios, the applicable Privacy Notice is our general Nicequest privacy notice, available here: https://www.nicequest.com/gb/privacy. You will be requested to read and consent such prior to data collection.

  4. Marketing and newsletters

    If you register to receive newsletters, invitations to free webinars and events, thought leadership articles or product announcement emails, in addition to the aforementioned personal data we also process:

    • your email address and contact and identification details;
    • marketing communication data such as your chosen preferences for receiving marketing materials and preferred communication channels;
    • the date and time of registration and confirmation;
    • internet protocol data;
    • web beacons, tracking pixels and your individual user ID.

Purpose and legal basis of the processing

We process your personal data on the following legal bases:

  • Consent: You have given your consent to the processing of your personal data for one or more specific purposes (Art. 6 para. 1 lit. a GDPR);
  • Performance of contract or pre-contractual measures: The processing is necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering into a contract (Art. 6 para. 1 lit. b GDPR);
  • Legal obligation: The processing is necessary for the compliance with a legal obligation to which we are subject (Art. 6 para. 1 lit. c GDPR);
  • Legitimate interest: The processing is necessary for the purposes of our or a third party’s legitimate interests, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of your personal data (Art. 6 para. 1 lit. f GDPR).

In the following, we inform you in detail about the processing purposes and the associated legal basis:

Purpose

Legal basis

Provision of our website for the public and for the purpose of contacting customers and interested parties

Performance of a contract or legitimate interest (Netquest's interest in providing a functioning website)

Collection of statistical information about the use of our website (so-called web analysis)

Consent or legitimate interest (Netquest's interest in receiving information about the use of our website, e.g. to improve our website).

Investigating malfunctions and ensuring system security, including detecting and tracking unauthorised access attempts and access to our web servers.

Compliance of legal obligations (for data security); legitimate interest (Netquest's interest in system security, in particular troubleshooting and elimination of unauthorised access).

Communicating with you as a business partner (e.g. on Wakoopa’s products and services, policies and terms and conditions, feedback and other enquiries).

Performance of a contract or pre-contractual measures, legitimate interest (Netquest's interest in processing your feedback and other requests)

Processing of payment transactions

Performance of a contract

Collection of statistical information for planning in the company

Legitimate interest (Netquest's interest in organising internal company processes based on an evaluation of order history, transaction data, etc.).

Provision and management of your user accounts

Performance of a contract, legitimate interest (Netquest's interest in setting up user accounts)

Market research and customer survey

Consent

Personalised advertising

Consent, legitimate interest (Netquest's interest in advertising to existing clients pursuant to § 7 para. 3 UWG)

Note: We process marketing and newsletter data to evaluate your user behaviour and to individualise the marketing content for you. For this, the emails sent contain so-called web beacons or tracking pixels, which are single-pixel image files stored on our website. For the evaluations, we link the aforementioned information and the web beacons with your e-mail address and an individual ID. Links contained in the newsletter also contain this ID.

Newsletter mailing

Consent

Event organisation

Performance of a contract

Applicant data

Performance of a contract (for employment purposes)

Assertion of legal claims and defence in legal disputes

Legitimate interest (Netquest's interest in asserting, enforcing claims or defending itself in legal disputes)

Purposes of prevention, investigation, reporting of criminal offences, for example fraud, e.g. credit card misuse, identity deception

Weighing up interests (Netquest's interest in criminal investigation and prosecution)

Compliance audits

Legitimate interest (Netquest's interest in ensuring compliance throughout the company)

Recipients

We may share your personal data with other companies in the NIQ-GfK Group. Within the NIQ-GfK Group, only employees and departments with a “need to know” have access to your personal data and only to the extent necessary. Regarding the transfer of your personal data within the NIQ-GfK Group, the companies of the NIQ-GfK Group are either independent controllers, joint controllers or processors, depending on the processing activity.

 

We may transfer your personal data to recipients, who are usually processors, outside the NIQ-GfK Group. These third parties generally belong to the following categories of recipients:

 

  • service providers for the operation of our website and the processing of personal data stored or transmitted by the systems (e.g. hosting or service providers for data centre services, payment processing or IT security);
  • consultants and service providers as independent controllers or joint controllers (e.g. insurance companies or accounting service providers);
  • persons who are subject to professional secrecy or are obliged to maintain confidentiality, for example lawyers, tax consultants and auditors;
  • government agencies/authorities, insofar as this is necessary to comply with legal obligations;
  • persons involved in carrying out our business operations (e.g. auditors, banks, insurance companies, legal advisors, regulatory authorities, parties involved in company acquisitions or the establishment of joint ventures);
  • recipients in the course of any reorganisations, mergers, disposals or other transfers of assets. We will then ensure that the recipient of your personal data agrees to handle it in a manner that complies with applicable data protection law and is compatible with the original purposes of the processing. We continue to ensure the confidentiality of your personal data and inform you about the transfer to another controller.

Where we use third party service providers (including processors), these third parties are subject to contractual obligations (e.g. a data processing agreement). These processors will only process your personal data in accordance with our prior written instructions and must take measures to protect the confidentiality and security of your personal data.

Transfers of Data outside the EU/EEA

Due to the international nature of our business, it may be necessary for us to transfer your personal data to other companies within the Netquest and NIQ-GfK Group and to third parties outside the European Union (EU) and/or the European Economic Area (EEA) (“Third Countries”). For this reason, we may transfer your personal data to Third Countries that have different laws and data protection compliance requirements than the country in which you are located. The third countries concerned, e.g. the USA, may not have the level of data protection that you enjoy under the GDPR. This can mean disadvantages such as an impeded enforcement of data subjects’ rights, a lack of control over further processing and access by state authorities. You may only have very limited legal remedies against this.

Within the NIQ-GfK Group, we have concluded an intra-group data transfer agreement with the relevant transfer mechanisms (standard contractual clauses of the European Commission) to ensure an adequate level of protection for your personal data when it is transferred from the EU/EEA to third countries.

Insofar as we transfer your personal data from the EU/EEA to recipients in third countries that are not covered by an adequacy decision of the EU Commission, we achieve an adequate level of data protection by concluding standard contractual clauses of the European Commission or by means of binding corporate rules of our business partners and supplement these transfer mechanisms with further contractual, technical and organisational measures if necessary.

Publicly available sources, source from which the data originate

In certain circumstances, we may also collect personal data about you from sources other than yourself. In these cases, we will inform you accordingly within one month of receiving the personal data or, if the personal data is to be used for communication with you, at the latest at the time of the first communication with you. We will then provide you with all information required by law, such as which personal data we have obtained from which sources and how we intend to use it. In appropriate cases, we will obtain your consent before collecting your personal data from other sources.

We process personal data that we have permissibly obtained from publicly accessible sources and are allowed to process. Such sources include e.g. professional social networks such as LinkedIn and XING, but also your respective company websites and, where applicable, other websites.

Are you obliged to provide your personal data?

In principle, you are not obliged to provide your personal data. However, if you do not provide your personal data, we may only be able to provide you with limited services or not answer your enquiries. If the processing of your personal data is necessary for the fulfilment of a contract between you and us and you do not provide the required information, we may discontinue our contractual services. In this case, we will notify you in advance.

Your data subject rights

You have the following rights in relation to your personal data:

  • right of access and right to receive a copy of your personal data, Art. 15 GDPR
  • right of rectification, Art. 16 GDPR
  • right to erasure (“right to be forgotten”), Art. 17 GDPR
  • right to restriction of processing, Art. 18 GDPR
  • right to data portability, Art. 20 GDPR

Right to object, Art. 21 GDPR: You have a general right to object, on grounds relating to your particular situation, if we process your personal data on the basis of our legitimate interest. This means that you must always give reasons for your objection and the reasons for the objection must not result from the processing situation as such but must be justified in your person. We will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Further, you have the right to object to the processing of your personal data for direct marketing purposes at any time.

Withdrawal of consent: You can withdraw consent at any time with effect for the future by contacting us at [email protected] or using the contact information in section 1.

Right to lodge a complaint: In the event of a (suspected) breach of applicable data protection laws, you may lodge a complaint with the supervisory authority.

We do not make decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you (Art. 22 GDPR).

Processing Time: We will comply with your request within 30 days. This period may be extended by a further two months if necessary, considering the complexity and number of requests. Netquest will inform you of any such extension, together with the reasons for the delay, within one month of receipt of the request. This does not apply to right to withdraw consent, which we implement without delay within our statutory obligation.

Duration of the processing

We will only process your personal data for as long as is necessary to achieve the above purposes. Third parties engaged by us will store your personal data on their systems for as long as is necessary in connection with the provision of services to us in accordance with the relevant contract. We will delete or anonymise your personal data as soon as it is no longer required for the purposes described in this privacy notice and if we have no legal basis to further store your personal data.

In addition, the retention period may be extended if we are subject to statutory retention and documentation obligations (for Germany these are up to ten years). The retention period may also be based on the statutory limitation periods (for Germany this is up to thirty years, with the regular limitation period being three years). In certain circumstances, we may also need to store your personal data for longer, e.g. in connection with authority or legal proceedings.

With regard to the use and retention period of cookies, please note section XII.

Security

We protect your personal data from loss, misuse, disclosure, alteration, unavailability, unauthorised access and destruction and maintain the confidentiality of your personal data. This is also ensured using appropriate technical and organisational measures. We choose our security measures taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons and continuously improve them. Technical measures include, for example, the use of encryption (e.g. TSL encryption for personal data in transit), access control to our systems, monitoring of critical IT system resources and system messages, ensuring the availability and resilience of systems and services.

Organizational measures include, for example, defining roles and responsibilities, ensuring the correct and secure operation of information processing systems, regular training and awareness-raising of employees, as well as evaluating and assessing the effectiveness of the aforementioned measures. Access to your personal data is only granted to employees, service providers or Netquest and GfK Group companies who require such access for the fulfilment of a business purpose or for the performance of their duties.

Cookies and other technologies

Please find information on cookies and other technologies we use in our Cookie Notice: https://www.wakoopa.com/cookie-policy.

Questions, exercising your data protection rights, complaints

If you have any questions or complaints about the collection, use or retention of your personal data, or if you wish to exercise any of your rights in relation to your personal data, you can contact our data protection officer by emailing [email protected].

 

We will investigate and attempt to remedy any complaint or dispute regarding the processing of your personal data. You can also lodge a complaint with the competent data protection authority.