Table of Contents
1. Who we are
This website is jointly controlled by all Simon-Kucher & Partners entities, including Simon, Kucher & Co. Holding GmbH and all associate Simon-Kucher & Partners entities, Simon-Kucher & Partners Strategy & Marketing Consultants LLC in the United States (“US”), Simon-Kucher & Partners Strategy & Marketing Consultants Ltd. In Canada, Simon-Kucher & Partners LLP (Singapore) or any other global entity of Simon-Kucher & Partners. (Referred to as Simon-Kucher & Partners or we)
If you have questions concerning data protection, it is best to contact our German headquarters:
Simon-Kucher & Partners GmbH
53113 Bonn, Germany
It is also possible to directly contact our Data Protection Officer(s):
Data Protection Officer of the Simon-Kucher & Partners Group
2B Advice GmbH
DPO - Simon-Kucher & Partners
53227 Bonn, Germany
Data Protection Officer in Singapore:
Mrs. Birgitta von Dresky
telephone: +65 6408 8000
You may also address one of our other offices directly. Keep in mind that they will probably have to forward your request to our central data protection team (DPT) in Germany.
You can find a list of our offices and contact details here:
We are committed to protecting the personal data of our employees and customers and to complying with applicable data protection laws. As part of our ongoing efforts to strengthen the protection of personal data, this privacy notice explains how we process personal data and the principles that we uphold with respect to transfers of personal data from the European Economic Area (“EEA”) and Switzerland to the US and other non-european countries. We have structured our website so that you may visit our site without revealing your identity or providing personal data. Please read this Privacy Notice carefully.
“Personal data” means any information relating to an identified or identifiable natural person ('data subject'); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.
“Sensitive personal data” means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of data concerning health or sex life.
“Activities Information” refers to information collected by so called “persistent identifiers” such as cookies. Unlike Personal data, Activities Information does not directly identify a particular person; the information, however, is or can be potentially linked to a particular computer or device.
3. If you are from California, US
If you are from California, the California Consumer Privacy Act (CCPA) is applicable. Simon-Kucher & Partners have been enforcing high privacy standards that are based on EU privacy principles throughout the group already for years, including purpose limitation and lawfulness of processing, choice (consent), security and transparency. The transparency standards include most of the information also required by the CCPA and you will find information on the purposes of processing, the data types, recipients etc. in the following chapters.
This chapter includes some specifics of the CCPA that we would like to inform you about:
a) Your rights
Your rights are listed in the section “What are my rights?”. For Californian consumers, we provide a toll free telephone line that you can use to exercise your rights in addition to the email addresses provided in this document. You will find that number in the “What are my rights” section, too.
b) Do we sell your data?
We do not sell your data.
Nevertheless, at this point we would like to highlight that we use web-analysis / web-tracking tools on our website, but only if you provide your opt-in to such web-analysis / web-tracking. If you provided your opt-in to such web analysis, our service providers will receive some information about you that may qualify as personal information, e.g. the IP-address. In addition they may also count how often you visited our website, which page you stayed on the longest etc. They regularly will also place a small text file (cookie) on your computer, including a unique user Identification Number (UUID), in order to check whether this is a first or recurring visit to our website.
We do not receive money from our service providers, in fact it is the other way around. The provider then produces anonymized statistics concerning the usage of our website. This helps us to improve our website, analyze trends and to understand the needs of our website audience.
Web analysis and web tracking requires us to obtain your valid opt-in. If you have already provided us with your opt-in, you can manage your opt-in settings by clicking on the following button:
4. What categories of personal data does Simon-Kucher & Partners process?
On our website www.simon-kucher.com (the “Site”) we may collect the following personal data:
- Email; and
- Phone number (collectively “user provided data.”)
While a visitor uses the Site, we may also collect the following information that may in certain circumstances constitute personal data:
- Name of the file accessed and the URL;
- The http response code;
- The date and time of access;
- Volume of data transferred;
- Notification of whether the data access was successful; and
- IP address (collectively “automatically collected data”)
- Number of clicks on social plugins linked to our services
- Information about the date you first visited our website and the date when you visited our website the last time
- The region derived from your IP address – this is not a precise location but enables us to determine the broad region from where you accessed our site
We may place a “cookie” on the hard drive of the device that you use to access the Site. Cookies are text files that are saved on the hard drive of your device by your browser, enabling us to recognize your browser for purposes such as saving your preferences and directing relevant content to you. Most of the currently available browsers give you the option of managing cookies by, for example, disabling them entirely, accepting them individually, and deleting saved cookies from your hard drive. We would like to remind you that if you completely disable cookies on your browser, you might not be able to use some features of the Site.
We may collect information about your operating system and browser we may require to operate with your computer or device.
We may send Email-messages that use a “click-through URL” linked to content of our Website. When you click one of these URLs, you pass through our web server before arriving at the destination web page. If you prefer not to be tracked simply do not click text or graphic links in the Email.
We may also collect personal data when we engage in research projects for our clients. We encourage our clients to provide as little personal data as possible but personal data are nevertheless often necessary for conducting the research assignments given to us. We make use of anonymization and pseudonymization techniques whenever possible. However, it may be necessary to process personal data for the purposes of a specific research project. In the context of these research assignments we may receive the following categories of information, which may constitute personal data in certain circumstances:
- Contact details of participants in market research projects
5. What is the purpose of processing and the respective legal basis?
In this section we would like to inform you about the purposes we use the data for. The General Data Protection Regulation (GDPR) of the EU requires us to inform you about the legal basis for each purpose. To make the text more readable for you, we list the applicable legal basis here and refer to the bold terms in the list.
- Based on your valid consent (Opt-In) – Article 6 para. 1 lit. a GDPR
- Necessary to fulfill a contract with you – Article 6 para. 1 lit. b GDPR
- Necessary to fulfill legal requirements – Article 6 para. 1 lit. c GDPR
- Legitimate Interests without conflicting interests of yours – Article 6 para. 1 lit. f GDPR
a) User provided data
We use the user provided data for the following purposes:
- To communicate with users of the Site (Opt-In, Contract);
- To invite persons to workshops and to conduct the workshops (Contract);
- To prevent and investigate fraud and other misuses (Legitimate Interests, legal requirements);
- To protect our rights and/or our property (Legitimate Interests);
b) Automatically collected data
We use the automatically collected data on our website for the following purposes:
- To manage the Site (Legitimate Interests);
- To provide features available on the Site (Contract);
- To personalize the Site (Opt-In);
- To develop, improve, and protect the Site (Opt-In; legitimate Interests depending on the technical implementation);
- For market research (Opt-In);
- To audit and analyze the Site (Legitimate Interests, legal requirements);
- To ensure the technical functionality and security of the Site (Legitimate Interests, legal requirements); and
- To initiate professional business contacts based on the individual interests and fields of business of our website visitors (Opt-In, legitimate interests depending on the technical implementation).
c) Activity Information
We and service providers on our behalf use Activities Information about your activity with respect to our Services. The following summarizes how the Activities Information is used.
We may use “pixel-tags” – small graphic images (also known as “web beacons” or single-pixel GIFS”) – to tell us what part of our website has been visited or to measure the effectiveness of searches customers perform on our Site. Pixel tags also enable us to send email messages in a format customers can read, and inform us whether Emails have been opened, to help ensure that our messages are of interest to our registered users.
To manage your cookie-consent / web-analysis opt-in settings, please go to:
This website uses “ClickDimensions” web tracking features. Web Tracking will give us insight on how our website is being used and records the traffic that accesses it.
We can see which pages have been clicked on, how long a user remained on a certain page, and how they got to our website, among other information.
Using ClickDimension enables us to track anonymous page visits as well as page visits originating from specific organizations that identify by their IP-Address.
The table below lists the cookies that are placed in a visitor’s browser when the ClickDimensions tracking script is being used on the visited web page, their use and expiration.
|This cookie is typically written to the browser upon the first visit to the site from that web browser. If the cookie has been deleted by the browser operator, and the browser subsequently visits the site, a new __cuid cookie is written with a different visitor unique ID. This cookie is used to determine unique visitors to the site and it is updated with each page view. Additionally, this cookie is provided with a unique ID that the application uses to ensure both the validity and accessibility of the cookie as an extra security measure.
|2 years from set/update.
|This cookie is used to establish and continue a user session with the site. When a user views a page on the site, the script code attempts to update this cookie. If it does not find the cookie, a new one is written and a new session is established. Each time a user visits a different page on the site, this cookie is updated to expire in 30 minutes, thus continuing a single session for as long as user activity continues within 30-minute intervals. This cookie expires when a user pauses on a page on the site for longer than 30 minutes.
|30 minutes from set/update.
|Used to signal the last time a visitor viewed a page.
|30 minutes from set/update
ClickDimensions will gather information in “entities” which are:
- IP Organizations
- Anonymous Visitors
- Page Views
- Posted Forms
- Posted Fields
- Posted Surveys
- Survey Answers
We use HubSpot for our online marketing activities. We contracted with HubSpot Ireland, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland. Hubspot Inc. as the mother of Hubspot Ireland has a valid privacy shield certification. We use Hubspot for the following purposes:
- Content management
- Creation and management of landing pages and contact forms
- Email marketing, like newsletters and automated mailings, e.g. for supply of downloads you explicitly requested (legal basis: Article 6 para. 1 lit. a GDPR)
- Social media publishing and reporting, e.g. traffic sources, number of accesses (legal basis: Article 6 para. 1 lit f GDPR, with our legitimate interest of making our services as comfortable, relevant and usable as possible.)
- Contact management, like user segmentation and Customer Relationship Management (CRM) (legal basis: Article 6 para. 1 lit. a and lit. f GDPR, with our legitimate interest of making and keeping contact with you for business purposes.)
- You may use or sign-up to services to learn more about our company, download relevant content and to provide your contact details and other demographic information to us. In this case you will actively provide us with information about you, such as your name and your email address. In this case, your provided data is stored on the servers of HubSpot.
When you are using our sign-up services, you provide us with your consent to use your personal data in order to inform you about services you may be interested in.
When you are visiting our website and especially landing pages hosted on HubSpot, we will ask you to consent to the placement of cookies on your computer. Cookies are small files that include a unique user identifier and may contain other information, such as the duration of your visit on our website, date of last visit to our website, information about the website you were coming from and your sign-in status. Please refer to the following list of cookies that we use with Hubspot:
Basic/necessary cookies for Hubspot
This cookie is used to request cookie consent. It is valid vor 13 months.
This cookie can be set to a value that blocks sending tracking information to HubSpot. Still anonymized data may be sent to HubSpot. It is valid for 13 months.
This cookies is used to always display the same A/B-testpage to website visitors. It is a session cookie.
We set this cookie for password-protected websites, so that the user does not have to reenter their password when revisiting the website. The name of the cookies is unique for each password-protected website.
This cookie is used to determine if the chat widget shall be active for future visits. It resets to the default value after 30 minutes of inactivity so that the widget closes. The cookie is valid for 30 minutes.
This cookie ensures that the welcome message will not reappear once it was closed for one day.
It is valid for one day.
This cookie is placed when a user signs in to a website hosted by HubSpot. It is valid for one year.
Cookies for cookie consent banner
This is the main cookie for user tracking. It includes the domain, the user token (utk), the first time stamp of the first visit, the last time stamp (of the last visit), the current time stamp (for the current visit) and the session counter (which is increased with every following session). It is valid for 13 months.
This cookie is used to track the identity of a user. It is transferred to the HubSpot software when sending a form and is used when removing duplicates from the contacts database. It is valid for 13 months.
This cookie keeps track of sessions. It is used to determine whether or not HubSpot has to increase the amount of sessions and the time stamp in the __hstc-cookie. It includes the domain, the amount of website visits (view count) and the time stamp for the start of the session. It is valid for 30 minutes.
Every time HubSpot changes a session cookie this cookie is placed additionally. It detects if the user has restarted their browser. If this cookie is not present at the time of performing the cookie check the visit qualifies as new visit. It is valid until the end of the session.
This cookie is used to recognize visitors that are chatting with us via the message tool. If the user leaves the website before they have been added as a contact, the cookie stays on the computer of the user. If the user returns to the website having a previous chat history, the chat history will be displayed in the message tool. It is valid for 13 months.
Hubspot collects publicly available business information about companies, such as revenue, number of employees and industry. If you register for the sign-up services this company information can be linked with your e-mail address, as we may identify the company you are working for by looking at the domain of your email address (the part that follows the @ in an email address). Also we are going to link the information that we collect using Hubspot cookies to your e-mail address in order to provide you with the content that is most relevant for you. If you withdraw your consent for the sign-in service, your e-mail address will be deleted and no data can be linked it any more. If you do not want us to link any cookie or tracking data to your email address, you may want to withdraw your cookie consent. You will learn how to do this in the following paragraph.
We are using Google Tag Manager to manage which cookies we place or read (if it was already on your computer). Google Tag Manager itself does not process any personal data other than those to check your cookie consent settings.
You may withdraw this consent at any time by clicking Deactivate Hubspot Tracking
Withdrawing your consent ensures that already placed cookies are no longer evaluated. Nevertheless, the cookie stays on your computer as it is technically not possible for us to delete the cookie on your computer. If you want to delete the cookie from your computer, you can do this using the built-in options of your web-browser. In most cases you will find these settings or options in the extras and/or options menu of your browser.
d) Research data
We use the research data we collect in projects for our customers for the following purposes:
- Developing new products and services;
- Customer loyalty strategies and programs;
- Digital marketing (online, mobile, social media);
- Monetizing strategies and new revenue models;
- Product and brand strategies;
- Market entry and defense strategies;
- Pricing strategies for products, business units and companies;
- Launch and post-launch pricing;
- Price negotiations and key account pricing;
- Pricing organization and processes;
- Multi-channel strategies;
- New sales channels/partnering;
- Sales organization and efficiency;
- Sales force effectiveness; and
- Key Account Management.
For market research, we will ask participants for their Opt-In for taking part in the study. If the data is provided by our customer and contains personal data, our customer will obtain the necessary Opt-In. In some cases it is possible to collect personal data for studies from public sources without your consent. In such cases the processing is based on our legitimate interests or the legitimate interests of our customers.
6. When do we disclose your data and to whom?
a) User provided data
We may disclose user provided data to:
- Service providers, such as payment processors;
- Public authorities, such as law enforcement, if we are legally required to so or if we need to protect our rights or the rights of third parties; and
b) Automatically collected data
We use data collected for ClickDimensions Web Tracking, Hubspot and Leadmagnet to enhance our communication with individual users and to provide them with information that is meaningful to them. We also use this data to improve our service by analyzing the way our website and online services are used.
We may disclose automatically collected data to:
- Service providers, such as data analysis companies;
- Public authorities, such as law enforcement, if we are legally required to do so or if we need to protect our rights or the rights of third parties; and
7. Transfer to third countries and guarantees (Art. 14 para. 1 lit. f GDPR)
A “third country transfer” is a case in which we transfer personal data from the EU to countries outside of the EU. In such cases, we have to ensure that there is an adequate level of data protection on the receiver’s side.
We have enacted Binding Corporate Rules which ensure an adequate level of data protection throughout our group worldwide, if we exchange your data within the group.
Binding Corporate Rules or "BCRs" were developed by the European Union to allow multinational corporations, international organizations, and groups of companies to make intra-organizational transfers of personal data across borders in compliance with EU Data Protection Laws. They are considered to be a "Gold Standard" in privacy.
Our Binding Corporate Rules have been evaluated and approved by the Data Protection Authorities in Europe.
The Binding Corporate Rules also include regulations on your rights toward data protection concerning the way we handle your data. You can find our Binding Corporate Rules here:
8. Retention / Deletion Periods (Art. 14 para. 2 lit. a GDPR)
Generally we store the data only as long as we need it in order to fulfill the processing purposes. We are going to delete the data for the different purposes as follows:
- Entering into, fulfilling and terminating a contract: 3 years after termination of contract
- Legitimate interests (web analysis, marketing): immediately after your opt-out; for cookie retention periods see above
- Legitimate interests (other purposes): immediately after we achieved the purpose
- Security of our website and services: generally 7 days after end of connection; in rare cases up to 3 months.
- Processing based on your consent (opt-in): immediately after you withdraw your consent (opt-out)
We are allowed to and may keep the data longer than listed above if it is necessary for
- exercising the right of freedom of expression and information;
- compliance with a legal obligation which requires processing by applicable law to which Simon-Kucher & Partners is subject
- archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
- the establishment, exercise or defense of legal claims.
9. What are the legitimate interests of Simon-Kucher & Partners?
We indicated that some of the processing is based on Simon-Kucher & Partners’ legitimate interests in the section about purposes and legal basis. Before implementing such data processing, we perform a balancing of interests. This means that we compare our legitimate interests in processing the data with your interests of not having your data processed by us for the given purpose. This includes taking into account possible negative effects the processing may have on you.
Our legitimate interests are:
- Optimizing our services
- Ensuring IT security and data protection
- Protecting our rights
- Expansion of business by making contact for marketing purposes
10. Do I have to provide my personal data to Simon-Kucher & Partners?
Generally you are not obliged to provide any personal data to us when using the website. However, if you want to register for services such as newsletters or want to participate in a market research project or an event, we will your need personal data in order to enter into a contract with you or to send you the requested information. There will be mandatory data and optional data in most cases. Without the mandatory information we will not be able to enter into a contract with you or provide you with the requested information.
11. What are my rights?
According to the GDPR and the CCPA, you have the right to know which data we have stored about you for which purposes (access). You may have incorrect data corrected (rectification). You also have the right to request the deletion of data if, for example, the data is not required to achieve the purposes for which it was stored or if we are not permitted to store the data for other reasons (deletion).
Please keep in mind that deletion requests must take place in accordance with legal regulations and there might be circumstances in which we would not be able to follow through with your request. However, your request will be analyzed individually and we will inform you about the proceedings and the outcomes.
You have the right to have data blocked if, for example, the correctness of data has not been determined and still needs to be checked (restriction of processing). You can object to the processing (objection/Opt-out). This objection must contain an explanation of the particular situation based on which further processing is unacceptable to you.
The objection will be carefully examined and the data will be blocked for the duration of the examination. You have the right to request data which you have made available to us and which is processed automatically in a common, machine-readable format from us (data portability).
If you wish to exercise one or more of these rights, please use the following e-mail address of our Data Protection Team:
12. Do I have the right to withdraw my consent / my opt-in?
If you declared your valid consent by opting in to processing of your personal data, you have the right to withdraw your consent / opt-out at any time. This will not affect the lawfulness of processing based on your consent before its withdrawal.
13. Will there negative effects if I object to the processing, opt-out or withdraw my consent?
You will not be discriminated because you exercised any of your rights under the GDPR, the CCPA or any other applicable data protection law. We will especially not:
- Deny goods or services to you – unless the only legal basis would be your valid consent / opt-in
- Charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties
- Providing a different level or quality of goods or services to you
- Suggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services.
We may offer financial incentives, including payments to you, for the collection of personal information, the sale of personal information, or the deletion of personal information.
We will enter you into a financial incentive program only if you give us prior opt-in consent that clearly describes the material terms of the financial incentive program and which may be revoked by you at any time.
14. Complaint with a supervisory authority
You have the right to file a complaint with the responsible data protection supervisory authority.
15. Do we collect your data from other sources?
When using this website, we do not collect additional data from other sources.
For research projects we may also use sources provided by third parties in order to create a relevant panel. Generally that will be third parties you have already registered with and given them your consent to transfer your data for these purposes. In general the third party provider you are registered with as a panelist will inform you when they provide the data to us. If that is not the case, we will inform you about the source as soon as we have recieved your data or, if it is contact data, when we first contact you at the latest.
16. Automated decision making and profiling
We do not perform any automated decision making or profiling on our website. For research projects, we will not use your data to create an individual profile. Research projects regularly are based on anonymized data in the aggregate, which means that we avoid personal data whenever possible or –render the data anonymous as soon as possible.
Website Applicant Policy
As part of the recruitment process, Simon-Kucher & Partners collects and processes personal data from applicants. Simon-Kucher & Partners is committed to transparency about how we collect, use and protect your data when you apply for a job with us. Below you will find the answers to some frequently asked questions as well as important legal information about your rights.
II. Who is responsible for my personal data and who can I contact if I have questions?
If you have any questions about the processing of your data or about data protection in general, or if you would like to exercise one of your rights listed below, you can contact our data protection team at any time: firstname.lastname@example.org.
Alternatively, you can contact our data protection officer directly:
2B Advice GmbH
DPO - Simon-Kucher & Partners
+49 228 926165-120
What personal data do we collect?
If you apply for a vacant position at Simon-Kucher & Partners, we process only the personal data that is necessary to carry out the application process, in accordance with the principle of data minimization. The data we collect includes:
- contact information in your candidate profile (e.g. first and last name, country, address, email address, phone number).
- information from the application form (this includes e.g. salary requirements, your motivation, etc.).
- application documents (including CV, cover letter, career development information, qualifications and language skills).
- results of online procedures, assessments and video interviews, if applicable.
- references, if any, that you provide to us.
- we may also obtain personal information about you from third parties, such as references from previous employers. We will only obtain information from third parties with your consent.
- any other personal data that you voluntarily choose to provide for your application that is not strictly necessary to complete the application process.
IV. What happens if you do not provide personal data?
You are under no legal or contractual obligation to provide us with data as part of the recruitment process. However, if you do not provide the required information, we may not be able to process your application properly and your application will be rejected.
V. Who has access to your data?
Your information may be shared internally for the purposes of the hiring process. This includes sharing information with members of Human Resources and the hiring team, interviewers involved in the hiring process, managers in the business unit where a position is to be filled, and IT staff when access to the data is necessary for them to perform their administrative duties.
For certain parts of the application process, such as assessments and questionnaires, we may use service providers who process the data collected in these processes to provide the relevant technical service.
We have entered into data protection agreements with all third-party service providers that contain strict terms and conditions for the adequate protection of your data in accordance with the General Data Protection Regulation. These service providers may only process the data to the extent necessary to provide the technical functionality and not beyond that or for their own purposes.
If you choose to exercise one or more of your rights as explained below, this also applies to our service providers.
VI. How long will we keep your data?
We will only store your personal data for as long as is necessary to complete the application process and/or to comply with legal retention requirements.
If you are not selected for the position for which you applied or withdraw your application, your data will be automatically anonymized six (6) months after the withdrawal of your application or, if your application was rejected, after six months from the date of rejection. In the event that an employment contract is concluded, your application documents will be included in the personnel file and stored at least for the duration of the employment relationship.
VII. Third country transfers
In general, your data will only be processed in the country in which the Simon-Kucher & Partners Office is located where you apply for a job. If you apply via our online portal, your data will also be processed on our servers in Germany. If you apply from within the European Union for a position in one of our offices that is located outside the European Union (in a "third country"), your data will be forwarded by us as the data controller to the respective office on the basis of Binding Corporate Rules, which are intended to ensure an adequate level of protection for your data and guarantee the enforcement of your rights.
VIII. Your rights
With respect to your personal data, you have the right to:
- Access to your personal data and, in particular, information about the purposes of the processing and the categories, recipients, retention periods and sources of data (if the data have not been collected directly from you),
- the rectification of your personal data if it is inaccurate or incomplete
- the deletion of your personal data (if applicable)
- the restriction of the processing of your personal data
You also have the right to:
- object to the processing of your personal data
- data portability
- lodge a complaint with the competent supervisory authority.
If the processing of your data is based on your consent, you have the right to withdraw your consent at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
If you wish to exercise any of the above rights, you can contact our data protection team at email@example.com at any time.
IX. Legal basis for the processing of your personal data
If you are a natural person from the European Economic Area and Switzerland ("EEA"), our legal basis for collecting and processing your personal data is as follows:
- Your consent (Art. 6 para. 1 lit. a GDPR).
- Our legitimate interests (Art. 6 para. 1 lit. f GDPR), namely the recruitment, selection, evaluation and appointment of new employees, as well as the management and administration of the recruitment and HR process, to the extent that these activities do not affect or infringe your rights and freedoms. In addition, we may process your personal data to the extent necessary to assert or defend legal claims arising from the application process.
- Compliance with our legal obligations (Art. 6 para. 1 lit. c GDPR), where employment or other laws require us to process your personal data (for example, to the extent that the law requires equal opportunity and diversity monitoring).
- Where applicable, other legal reasons, such as your vital interests (e.g. health and safety reasons if you are attending an interview at our site).
Simon-Kucher & Partners (hereinafter “Simon-Kucher” or "we"), like its clients, is obliged to document projects and meetings appropriately. This has contractual, regulatory and other legal bases. For this purpose, we use the application HeyMarvin from the provider Equafin Corp's. d/b/a Marvin, Oakland, California, USA.
HeyMarvin is an application for recording and transcribing conversations during online meetings using applications such as Zoom or Microsoft Teams. The application transcribes conversations and creates summaries. Furthermore, the data can be indexed and analyzed contextually and / or weighted. Evaluations can be carried out during the entire project. As HeyMarvin also uses artificial intelligence, we carried out a data protection impact assessment (DPIA).
Before the recording of a call starts, we communicate the use of HeyMarvin and offer to not start the recording by HeyMarvin or also ending the recording anytime during the call.
The Simon-Kucher partner company engaged for this project is generally responsible for data processing. If you are unsure, please contact the person responsible for the project or contact Simon, Kucher & Co. Holding GmbH, Willy-Brandt-Allee 13, 53113 Bonn, +49 228 9843 0.
Insofar as we transfer data generated with HeyMarvin to our customers, they themselves are responsible for the processing; in this respect, please contact our respective client.
We use HeyMarvin as part of the fulfillment of our obligations to our customers and thus for the purpose of project documentation and evaluation, both in our own interest and on behalf of our customers. The following personal data is collected:
Content of the conversation
The content of the conversation, insofar as this is necessary for the execution, processing and documentation of the consulting and associated actions (e.g. sharing of documents) within the scope of the conversation
Summaries, protocols, context-related evaluations
Topic, date and duration of the meeting
User name, e-mail address
IP address, Log files, timestamp
The legal basis for recording and evaluation by HeyMarvin is regularly Art. 6 para. 1 lit. b GDPR or Art. 6 para. 1 lit. f GDPR, as these are services that Simon-Kucher provides to fulfill a contract or in the legitimate interest of documentation and accountability, provided that your interests or fundamental rights and freedoms do not prevail. In individual cases, the processing may also be based on consent, Art. 6 para. 1 lit. a GDPR; you will be asked for your consent in individual cases. Insofar as Simon-Kucher processes data on behalf of the customer, the data processing is based on Art. 28 GDPR.
The transfer to HeyMarvin takes place on the basis of an data processing agreement. As the provider is based in the USA, we have also carried out a data transfer impact assessment and concluded standard contractual clauses.
You always have the option of objecting to the recording and having it terminated.
Third parties do not receive the data collected with HeyMarvin. The transfer of personal data to the provider of HeyMarvin takes place within the framework of the existing data processing agreement. The same applies to the exchange of personal data between Simon-Kucher and its customers. Within Simon-Kucher, data may also be transferred by partner companies if this is necessary for the project.
Under the GDPR, you have various rights with regard to your personal data:
This includes the right to information about their processing (Art. 15), the right to rectification of inaccurate data (Art. 16), as well as the right to erasure of your data if they are no longer required and there is no obligation to retain them (Art. 17). You also have the right to restrict the processing of your data (Art. 18) and the right to data portability in a structured format (Art. 20). In addition, you can object to the processing of your data at any time (Art. 21).
You can complain any time to a data protection supervisory authority.
With regard to data deletion and storage duration, personal data is deleted as soon as it is no longer required for its purpose. The necessity of data retention is reviewed regularly. However, there are exceptions to the deletion of data for which there are statutory retention obligations (e.g. for accounting purposes). These are deleted after this period has expired.
You can also ask our data protection officer questions about data processing:
2B Advice GmbH, DPO - Simon-Kucher & Partners, Joseph-Schumpeter-Allee 25, 53227 Bonn, Germany, +49 228 926165-100; firstname.lastname@example.org
If the data is processed under the responsibility of our customer, please contact them if you have any questions about its processing or if you wish to assert your rights in this respect.
Our experts are always happy to discuss your issue. Reach out, and we’ll connect you with a member of our team.