Simonkucher : Data Privacy

1. Who we are

This website is jointly controlled by all Simon-Kucher & Partners entities, including Simon, Kucher & Co. Holding GmbH and all associate Simon-Kucher & Partners entities, Simon-Kucher & Partners Strategy & Marketing Consultants LLC in the United States (“US”), Simon-Kucher & Partners Strategy & Marketing Consultants Ltd. In Canada, Simon-Kucher & Partners LLP (Singapore) or any other global entity of Simon-Kucher & Partners. (Referred to as Simon-Kucher & Partners or we)

If you have questions concerning data protection, it is best to contact our German headquarters:

Simon-Kucher & Partners GmbH
Willy-Brandt-Allee 13
53113 Bonn, Germany

email: dpt@simon-kucher.com

It is also possible to directly contact our Data Protection Officer(s):

Data Protection Officer of the Simon-Kucher & Partners Group

2B Advice GmbH
DPO - Simon-Kucher & Partners
Joseph-Schumpeter-Allee 25
53227 Bonn, Germany

email: simon-kucher@2b-advice.com

Data Protection Officer in Singapore:

Mrs. Birgitta von Dresky
email: dpo-singapore@simon-kucher.com
telephone: +65 6408 8000

You may also address one of our other offices directly. Keep in mind that they will probably have to forward your request to our central data protection team (DPT) in Germany.

You can find a list of our offices and contact details here:

https://www.simon-kucher.com/en/contact/offices

We are committed to protecting the personal data of our employees and customers and to complying with applicable data protection laws. As part of our ongoing efforts to strengthen the protection of personal data, this privacy notice explains how we process personal data and the principles that we uphold with respect to transfers of personal data from the European Economic Area (“EEA”) and Switzerland to the US and other non-european countries. We have structured our website so that you may visit our site without revealing your identity or providing personal data. Please read this Privacy Notice carefully.

2. Terms you should know before reading our privacy policy

There are some terms in this privacy policy that have a specific meaning, which we would like to explain at this point.

“Personal data” means any information relating to an identified or identifiable natural person ('data subject'); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.

“Sensitive personal data” means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of data concerning health or sex life.

“Activities Information” refers to information collected by so called “persistent identifiers” such as cookies. Unlike Personal data, Activities Information does not directly identify a particular person; the information, however, is or can be potentially linked to a particular computer or device.

3. If you are from California, US

If you are from California, the California Consumer Privacy Act (CCPA) is applicable. Simon-Kucher & Partners have been enforcing high privacy standards that are based on EU privacy principles throughout the group already for years, including purpose limitation and lawfulness of processing, choice (consent), security and transparency. The transparency standards include most of the information also required by the CCPA and you will find information on the purposes of processing, the data types, recipients etc. in the following chapters.

This chapter includes some specifics of the CCPA that we would like to inform you about:

a) Your rights

Your rights are listed in the section “What are my rights?”. For Californian consumers, we provide a toll free telephone line that you can use to exercise your rights in addition to the email addresses provided in this document. You will find that number in the “What are my rights” section, too.

b) Do we sell your data?

We do not sell your data.

Nevertheless, at this point we would like to highlight that we use web-analysis / web-tracking tools on our website, but only if you provide your opt-in to such web-analysis / web-tracking. If you provided your opt-in to such web analysis, our service providers will receive some information about you that may qualify as personal information, e.g. the IP-address. In addition they may also count how often you visited our website, which page you stayed on the longest etc. They regularly will also place a small text file (cookie) on your computer, including a unique user Identification Number (UUID), in order to check whether this is a first or recurring visit to our website.

We do not receive money from our service providers, in fact it is the other way around. The provider then produces anonymized statistics concerning the usage of our website. This helps us to improve our website, analyze trends and to understand the needs of our website audience.

Web analysis and web tracking requires us to obtain your valid opt-in. If you have already provided us with your opt-in, you can manage your opt-in settings by clicking on the following button:

4. What categories of personal data does Simon-Kucher & Partners process?

On our website www.simon-kucher.com (the “Site”) we may collect the following personal data:

  • Name;
  • Company;
  • Title;
  • Address;
  • Email; and
  • Phone number (collectively “user provided data.”)

While a visitor uses the Site, we may also collect the following information that may in certain circumstances constitute personal data:

  • Name of the file accessed and the URL;
  • The http response code;
  • The date and time of access;
  • Volume of data transferred;
  • Notification of whether the data access was successful; and
  • IP address (collectively “automatically collected data”)
  • Number of clicks on social plugins linked to our services
  • Information about the date you first visited our website and the date when you visited our website the last time
  • The region derived from your IP address – this is not a precise location but enables us to determine the broad region from where you accessed our site

We may place a “cookie” on the hard drive of the device that you use to access the Site.  Cookies are text files that are saved on the hard drive of your device by your browser, enabling us to recognize your browser for purposes such as saving your preferences and directing relevant content to you.  Most of the currently available browsers give you the option of managing cookies by, for example, disabling them entirely, accepting them individually, and deleting saved cookies from your hard drive.  We would like to remind you that if you completely disable cookies on your browser, you might not be able to use some features of the Site.

We may collect information about your operating system and browser we may require to operate with your computer or device.

We may send Email-messages that use a “click-through URL” linked to content of our Website. When you click one of these URLs, you pass through our web server before arriving at the destination web page. If you prefer not to be tracked simply do not click text or graphic links in the Email.

We may also collect personal data when we engage in research projects for our clients. We encourage our clients to provide as little personal data as possible but personal data are nevertheless often necessary for conducting the research assignments given to us. We make use of anonymization and pseudonymization techniques whenever possible. However, it may be necessary to process personal data for the purposes of a specific research project. In the context of these research assignments we may receive the following categories of information, which may constitute personal data in certain circumstances:

  • Contact details of participants in market research projects

5. What is the purpose of processing and the respective legal basis?

In this section we would like to inform you about the purposes we use the data for. The General Data Protection Regulation (GDPR) of the EU requires us to inform you about the legal basis for each purpose. To make the text more readable for you, we list the applicable legal basis here and refer to the bold terms in the list.

  • Based on your valid consent (Opt-In) – Article 6 para. 1 lit. a GDPR
  • Necessary to fulfill a contract with you – Article 6 para. 1 lit. b GDPR
  • Necessary to fulfill legal requirements – Article 6 para. 1 lit. c GDPR
  • Legitimate Interests without conflicting interests of yours – Article 6 para. 1 lit. f GDPR

a) User provided data

We use the user provided data for the following purposes:

  • To communicate with users of the Site (Opt-In, Contract);
  • To invite persons to workshops and to conduct the workshops (Contract);
  • To prevent and investigate fraud and other misuses (Legitimate Interests, legal requirements);
  • To protect our rights and/or our property (Legitimate Interests);

b) Automatically collected data

We use the automatically collected data on our website for the following purposes:

  • To manage the Site (Legitimate Interests);
  • To provide features available on the Site (Contract);
  • To personalize the Site (Opt-In);
  • To develop, improve, and protect the Site (Opt-In; legitimate Interests depending on the technical implementation);
  • For market research (Opt-In);
  • To audit and analyze the Site (Legitimate Interests, legal requirements);
  • To ensure the technical functionality and security of the Site (Legitimate Interests, legal requirements); and
  • To initiate professional business contacts based on the individual interests and fields of business of our website visitors (Opt-In, legitimate interests depending on the technical implementation).

c) Activity Information

We and service providers on our behalf use Activities Information about your activity with respect to our Services. The following summarizes how the Activities Information is used.

We may use cookies to recognize you when you return to our Website. You may set your browser so that it does not accept cookies. Cookies must be enabled on your web-browser, however, if you wish to access certain personalized features of our products and services.

We may use “pixel-tags” – small graphic images (also known as “web beacons” or single-pixel GIFS”) – to tell us what part of our website has been visited or to measure the effectiveness of searches customers perform on our Site. Pixel tags also enable us to send email messages in a format customers can read, and inform us whether Emails have been opened, to help ensure that our messages are of interest to our registered users.

To manage your cookie-consent / web-analysis opt-in settings, please go to:

i. ClickDimensions

This website uses “ClickDimensions” web tracking features. Web Tracking will give us insight on how our website is being used and records the traffic that accesses it.

We can see which pages have been clicked on, how long a user remained on a certain page, and how they got to our website, among other information.

Using ClickDimension enables us to track anonymous page visits as well as page visits originating from specific organizations that identify by their IP-Address.

The table below lists the cookies that are placed in a visitor’s browser when the ClickDimensions tracking script is being used on the visited web page, their use and expiration.

Name

Description

Expiration

cuvid

This cookie is typically written to the browser upon the first visit to the site from that web browser. If the cookie has been deleted by the browser operator, and the browser subsequently visits the site, a new __cuid cookie is written with a different visitor unique ID. This cookie is used to determine unique visitors to the site and it is updated with each page view. Additionally, this cookie is provided with a unique ID that the application uses to ensure both the validity and accessibility of the cookie as an extra security measure.

2 years from   set/update.

cusid

This cookie is used to establish and continue a user session with the site. When a user views a page on the site, the script code attempts to update this cookie. If it does not find the cookie, a new one is written and a new session is established. Each time a user visits a different page on the site, this cookie is updated to expire in 30 minutes, thus continuing a single session for as long as user activity continues within 30-minute intervals. This cookie expires when a user pauses on a page on the site for longer than 30 minutes.

30 minutes   from set/update.

cuvon

Used to signal the last time a visitor viewed a page.

30 minutes   from set/update

 

ClickDimensions will gather information in “entities” which are:

  • IP Organizations
  • Anonymous Visitors
  • Visits
  • Page Views
  • Posted Forms
  • Posted Fields
  • Posted Surveys
  • Survey Answers

ii. Hubspot

We use HubSpot for our online marketing activities. We contracted with HubSpot Ireland, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland. Hubspot Inc. as the mother of Hubspot Ireland has a valid privacy shield certification. We use Hubspot for the following purposes:

  • Content management
  • Creation and management of landing pages and contact forms
  • Email marketing, like newsletters and automated mailings, e.g. for supply of downloads you explicitly requested (legal basis: Article 6 para. 1 lit. a GDPR)
  • Social media publishing and reporting, e.g. traffic sources, number of accesses (legal basis: Article 6 para. 1 lit f GDPR, with our legitimate interest of making our services as comfortable, relevant and usable as possible.)
  • Contact management, like user segmentation and Customer Relationship Management (CRM) (legal basis: Article 6 para. 1 lit. a and lit. f GDPR, with our legitimate interest of making and keeping contact with you for business purposes.)
  • You may use or sign-up to services to learn more about our company, download relevant content and to provide your contact details and other demographic information to us. In this case you will actively provide us with information about you, such as your name and your email address. In this case, your provided data is stored on the servers of HubSpot.

When you are using our sign-up services, you provide us with your consent to use your personal data in order to inform you about services you may be interested in.

When you are visiting our website and especially landing pages hosted on HubSpot, we will ask you to consent to the placement of cookies on your computer. Cookies are small files that include a unique user identifier and may contain other information, such as the duration of your visit on our website, date of last visit to our website, information about the website you were coming from and your sign-in status. Please refer to the following list of cookies that we use with Hubspot:

Basic/necessary cookies for Hubspot

__hs_opt_out
This cookie is used to request cookie consent. It is valid vor 13 months.

__hs_d_not_track
This cookie can be set to a value that blocks sending tracking information to HubSpot. Still anonymized data may be sent to HubSpot. It is valid for 13 months.

hs_ab_test
This cookies is used to always display the same A/B-testpage to website visitors. It is a session cookie.

_key
We set this cookie for password-protected websites, so that the user does not have to reenter their password when revisiting the website. The name of the cookies is unique for each password-protected website.

hs-messages-is-open
This cookie is used to determine if the chat widget shall be active for future visits. It resets to the default value after 30 minutes of inactivity so that the widget closes. The cookie is valid for 30 minutes.

hs-messages-hide-welcome-message
This cookie ensures that the welcome message will not reappear once it was closed for one day.
It is valid for one day. 

__hsmem
This cookie is placed when a user signs in to a website hosted by HubSpot. It is valid for one year.

Cookies for cookie consent banner

__hstc
This is the main cookie for user tracking. It includes the domain, the user token (utk), the first time stamp of the first visit, the last time stamp (of the last visit), the current time stamp (for the current visit) and the session counter (which is increased with every following session). It is valid for 13 months.

hubspotutk
This cookie is used to track the identity of a user. It is transferred to the HubSpot software when sending a form and is used when removing duplicates from the contacts database. It is valid for 13 months.

__hssc
This cookie keeps track of sessions. It is used to determine whether or not HubSpot has to increase the amount of sessions and the time stamp in the __hstc-cookie. It includes the domain, the amount of website visits (view count) and the time stamp for the start of the session. It is valid for 30 minutes.

__hssrc
Every time HubSpot changes a session cookie this cookie is placed additionally. It detects if the user has restarted their browser. If this cookie is not present at the time of performing the cookie check the visit qualifies as new visit. It is valid until the end of the session.

messagesUtk
This cookie is used to recognize visitors that are chatting with us via the message tool. If the user leaves the website before they have been added as a contact, the cookie stays on the computer of the user. If the user returns to the website having a previous chat history, the chat history will be displayed in the message tool. It is valid for 13 months.

Hubspot collects publicly available business information about companies, such as revenue, number of employees and industry. If you register for the sign-up services this company information can be linked with your e-mail address, as we may identify the company you are working for by looking at the domain of your email address (the part that follows the @ in an email address). Also we are going to link the information that we collect using Hubspot cookies to your e-mail address in order to provide you with the content that is most relevant for you. If you withdraw your consent for the sign-in service, your e-mail address will be deleted and no data can be linked it any more. If you do not want us to link any cookie or tracking data to your email address, you may want to withdraw your cookie consent. You will learn how to do this in the following paragraph.

We are using Google Tag Manager to manage which cookies we place or read (if it was already on your computer). Google Tag Manager itself does not process any personal data other than those to check your cookie consent settings.

You may withdraw this consent at any time by clicking Deactivate Hubspot Tracking

Withdrawing your consent ensures that already placed cookies are no longer evaluated. Nevertheless, the cookie stays on your computer as it is technically not possible for us to delete the cookie on your computer. If you want to delete the cookie from your computer, you can do this using the built-in options of your web-browser. In most cases you will find these settings or options in the extras and/or options menu of your browser.

iii. LeadMagnet

We are using LeadMagnet on our website. LeadMagnet allows us to identify which companies have an interest in our website. LeadMagnet does not require the use of cookies. The LeadMagnet script on our website sends IP-addresses to the service provider WiredMinds. They only keep static IP addresses that are associated with companies. We will receive an overview of company names who visited our website as well as the countries from which they visited our website. We do not evaluate personal data with LeadMagnet as we only collect information about legal persons.

d) Research data

We use the research data we collect in projects for our customers for the following purposes:

  • Developing new products and services;
  • Customer loyalty strategies and programs;
  • Digital marketing (online, mobile, social media);
  • Monetizing strategies and new revenue models;
  • Product and brand strategies;
  • Market entry and defense strategies;
  • Pricing strategies for products, business units and companies;
  • Launch and post-launch pricing;
  • Price negotiations and key account pricing;
  • Pricing organization and processes;
  • Multi-channel strategies;
  • New sales channels/partnering;
  • Sales organization and efficiency;
  • Sales force effectiveness; and
  • Key Account Management.

For market research, we will ask participants for their Opt-In for taking part in the study. If the data is provided by our customer and contains personal data, our customer will obtain the necessary Opt-In. In some cases it is possible to collect personal data for studies from public sources without your consent. In such cases the processing is based on our legitimate interests or the legitimate interests of our customers.

6. When do we disclose your data and to whom?

a) User provided data

We may disclose user provided data to:

  • Service providers, such as payment processors;
  • Public authorities, such as law enforcement, if we are legally required to so or if we need to protect our rights or the rights of third parties; and
  • Our subsidiaries and affiliates; or a subsequent owner, co-owner or operator and their advisors in connection with a corporate merger, consolidation, restructuring, or the sale of substantially all of our stock and/or assets or other corporate reorganization, in accordance with this Privacy Policy.

b) Automatically collected data

We use data collected for ClickDimensions Web Tracking, Hubspot and Leadmagnet to enhance our communication with individual users and to provide them with information that is meaningful to them. We also use this data to improve our service by analyzing the way our website and online services are used.

We may disclose automatically collected data to:

  • Service providers, such as data analysis companies;
  • Public authorities, such as law enforcement, if we are legally required to do so or if we need to protect our rights or the rights of third parties; and
  • Our subsidiaries and affiliates; or a subsequent owner, co-owner or operator and their advisors in connection with a corporate merger, consolidation, restructuring, or the sale of substantially all of our stock and/or assets or other corporate reorganization, in accordance with this Privacy Policy.

7. Transfer to third countries and guarantees (Art. 14 para. 1 lit. f GDPR)

A “third country transfer” is a case in which we transfer personal data from the EU to countries outside of the EU. In such cases, we have to ensure that there is an adequate level of data protection on the receiver’s side.

We have enacted Binding Corporate Rules which ensure an adequate level of data protection throughout our group worldwide, if we exchange your data within the group.

Binding Corporate Rules or "BCRs" were developed by the European Union to allow multinational corporations, international organizations, and groups of companies to make intra-organizational transfers of personal data across borders in compliance with EU Data Protection Laws. They are considered to be a "Gold Standard" in privacy.

Our Binding Corporate Rules have been evaluated and approved by the Data Protection Authorities in Europe.

The Binding Corporate Rules also include regulations on your rights toward data protection concerning the way we handle your data. You can find our Binding Corporate Rules here:

Simon-Kucher & Partners’ Binding Corporate Rules

8. Retention / Deletion Periods (Art. 14 para. 2 lit. a GDPR)

Generally we store the data only as long as we need it in order to fulfill the processing purposes. We are going to delete the data for the different purposes as follows:

  • Entering into, fulfilling and terminating a contract: 3 years after termination of contract
  • Legitimate interests (web analysis, marketing): immediately after your opt-out; for cookie retention periods see above
  • Legitimate interests (other purposes): immediately after we achieved the purpose
  • Security of our website and services: generally 7 days after end of connection; in rare cases up to 3 months.
  • Processing based on your consent (opt-in): immediately after you withdraw your consent (opt-out)

We are allowed to and may keep the data longer than listed above if it is necessary for

  • exercising the right of freedom of expression and information;
  • compliance with a legal obligation which requires processing by applicable law to which Simon-Kucher & Partners is subject
  • archiving purposes in the public interest, scientific or historical research purposes or statistical purposes
  • the establishment, exercise or defense of legal claims.

9. What are the legitimate interests of Simon-Kucher & Partners?

We indicated that some of the processing is based on Simon-Kucher & Partners’ legitimate interests in the section about purposes and legal basis. Before implementing such data processing, we perform a balancing of interests. This means that we compare our legitimate interests in processing the data with your interests of not having your data processed by us for the given purpose. This includes taking into account possible negative effects the processing may have on you.

Our legitimate interests are:

  • Optimizing our services
  • Ensuring IT security and data protection
  • Protecting our rights
  • Expansion of business by making contact for marketing purposes

10. Do I have to provide my personal data to Simon-Kucher & Partners?

Generally you are not obliged to provide any personal data to us when using the website. However, if you want to register for services such as newsletters or want to participate in a market research project or an event, we will your need personal data in order to enter into a contract with you or to send you the requested information. There will be mandatory data and optional data in most cases. Without the mandatory information we will not be able to enter into a contract with you or provide you with the requested information.

11. What are my rights?

According to the GDPR and the CCPA, you have the right to know which data we have stored about you for which purposes (access). You may have incorrect data corrected (rectification). You also have the right to request the deletion of data if, for example, the data is not required to achieve the purposes for which it was stored or if we are not permitted to store the data for other reasons (deletion).

Please keep in mind that deletion requests must take place in accordance with legal regulations and there might be circumstances in which we would not be able to follow through with your request. However, your request will be analyzed individually and we will inform you about the proceedings and the outcomes.

You have the right to have data blocked if, for example, the correctness of data has not been determined and still needs to be checked (restriction of processing). You can object to the processing (objection/Opt-out). This objection must contain an explanation of the particular situation based on which further processing is unacceptable to you.

The objection will be carefully examined and the data will be blocked for the duration of the examination. You have the right to request data which you have made available to us and which is processed automatically in a common, machine-readable format from us (data portability).

If you wish to exercise one or more of these rights, please use the following e-mail address of our Data Protection Team:

email: dpt@simon-kucher.com

12. Do I have the right to withdraw my consent / my opt-in?

If you declared your valid consent by opting in to processing of your personal data, you have the right to withdraw your consent / opt-out at any time. This will not affect the lawfulness of processing based on your consent before its withdrawal.

13. Will there negative effects if I object to the processing, opt-out or withdraw my consent?

You will not be discriminated because you exercised any of your rights under the GDPR, the CCPA or any other applicable data protection law. We will especially not:

  • Deny goods or services to you – unless the only legal basis would be your valid consent / opt-in
  • Charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties
  • Providing a different level or quality of goods or services to you
  • Suggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services.

We may offer financial incentives, including payments to you, for the collection of personal information, the sale of personal information, or the deletion of personal information.

We will enter you into a financial incentive program only if you give us prior opt-in consent that clearly describes the material terms of the financial incentive program and which may be revoked by you at any time.

14. Complaint with a supervisory authority

You have the right to file a complaint with the responsible data protection supervisory authority.

15. Do we collect your data from other sources?

When using this website, we do not collect additional data from other sources.

For research projects we may also use sources provided by third parties in order to create a relevant panel. Generally that will be third parties you have already registered with and given them your consent to transfer your data for these purposes. In general the third party provider you are registered with as a panelist will inform you when they provide the data to us. If that is not the case, we will inform you about the source as soon as we have recieved your data or, if it is contact data, when we first contact you at the latest.

16. Automated decision making and profiling

We do not perform any automated decision making or profiling on our website. For research projects, we will not use your data to create an individual profile. Research projects regularly are based on anonymized data in the aggregate, which means that we avoid personal data whenever possible or –render the data anonymous as soon as possible.