eyeo User research - Privacy policy
Privacy notice
This is a short overview on how we use data you provided to us during user research activities. For more detailed information on how we use such data, please refer to our complete User Research - Privacy Policy below.
How and what personal data do we process?
We document any data you provide directly to us during surveys, user interviews, user testing, or follow-ups for future studies (if you consent to being contacted by eyeo GmbH in the future). This data may include personal identifiable data such as your name and contact data, demographic data, user behavior, audio & video recordings.
Why do we process your data?
The data you provide is collected and processed for research purposes. In the case where you are asked to provide personally identifiable data (e.g., contact details), this data may be used to identify you as a suitable research participant and to communicate with you.
What is the legal basis of data processing?
We process your data based on your consent (GDPR Arts. 6(1)(a), 7) and your consent can be withdrawn at any time.
What happens to your data?
All teams within eyeo GmbH may view the data as needed to evaluate our user research. Where feasible, any research data is anonymised and stored separately from any personal data (See ‘What happens to your data’ below). In addition, we may make use of some service providers in connection with the processing of your personal data (see ‘Subcontractors/ processors’ below).
How long do we store personal data?
Any personal data which we collect for the purposes of user research will be stored until it is no longer necessary (GDPR Art. 17(1)(a)) or consent is withdrawn (GDPR Art. 17(1)(b)), for a maximum period of up to 5 years.
What rights do you have?
- Receive and access information about the personal data stored by us about you.
- Rectify inaccurate personal data and restrictive details.
- Receive all your personal data in a structured, commonly used and machine-readable format, as well as having such data transmitted to another controller.
- Request erasure of your data, unless such data needs to be retained for legal purposes, or your data has been anonymised so that it can no longer be linked to you.
- Object to the processing of your data.
- Withdraw your consent at any time, when you have provided us with your consent to the processing of your personal data.
- Lodge a complaint with the respective supervisory authority.
Who do I contact?
To exercise your rights or to ask questions, please contact us via email (privacy@eyeo.com) or under the following address:
eyeo GmbH
Kunibertsgasse 10
50668 Cologne
Germany
Data Protection Officer - Carlo Piltz
Email: privacy@eyeo.com
User research - Privacy policy
Information on how we process your personal data and your information rights in accordance with Articles 13, 14, and 21 of the General Data Protection Regulation (“GDPR”).
We hereby inform you about the processing of your personal data by us and the claims and rights to which you are entitled under the data protection regulations.
1. General Information
Who is responsible for data processing and who can I contact?
Controller
The legal person responsible for the collection, processing and / or use of personal data in connection with our websites, products, and interviews ("Controller") is:
eyeo GmbH
Kunibertsgasse 10
50668 Cologne
Germany
Data Protection Officer - Carlo Piltz
Email: privacy@eyeo.com
Fax: +49 (0) 221 / 6430 6372
What sources and data categories do we use for processing your personal data?
Sources
- data you provided directly to us during user interviews;
- data you provided directly to us during user testing;
- data you provided directly to us during surveys;
The purposes for processing data
This data is collected and processed:
- to identify you as a suitable interviewee for our research;
- to inform our user research studies (you will be informed of each study’s individual purpose), and
- to communicate with you (if applicable).
Categories of data collected
- demographic data
- user behavior
- survey questions and responses
- audio recordings (if applicable)
- video recordings (if applicable)
- name and contact data (if applicable)
Legal Basis to Process Data
Processing is based on your consent (GDPR Arts. 6(1)(a), 7)
By giving us your consent to process personal data for specific purposes (e.g. to interview you for research purposes), our processing your personal data for those purposes is permitted. We will be asking for your explicit consent ahead of each study. Consent that has been given can be withdrawn at any time. Please note that withdrawing your consent will only affect processing of personal information that would have occurred after the time of the withdrawal. Processing that took place before your withdrawal will remain unaffected by such withdrawal.
What happens to your data?
Who may view your data and where is it stored?
Within eyeo GmbH, certain departments (e.g. the mobile browser team) may view the data as needed to evaluate our user research. In addition, we make use of some service providers.
Contractors that we use, which include but are not limited to service providers, may also store personal data for these purposes, for example, audio recordings from an interview (GDPR Art. 28). Such contractors include companies that provide IT services and telecommunications.
Please note, that where feasible, any research data is anonymised and stored separately from any personally identifiable data (e.g., contact details).
How long do we store personal data?
Any personal data which we collect for the purposes of user research will be stored until it is no longer necessary (GDPR Art. 17(1)(a)). Data which is stored based on a declaration of consent will be deleted after five (5) years if you do not consent again or earlier if consent is withdrawn (GDPR Art. 17(1)(b)).
Do we store personal data with a third party seated in a non-EU/EEA country?
Online communication and the storage of files makes it necessary for us to use service suppliers. If these service suppliers are based outside of the EU/EEA, we are obliged to inform you that your data is stored in countries outside of the EU.
Your personal data is stored with the following companies based in the United States and we have entered into a Data Processing Agreement including the EU Standard Contractual Clauses (Processors). You can get access to the copy of agreements by sending an email to privacy@eyeo.com:
- Dovetail Research Pty. Ltd. Google, Inc. Hubspot, Inc. Tremendous, LLC.
Rights of Data Subjects
What rights do you have?
In compliance with the GDPR and applicable EU and German national data protection laws, and to the extent legally permitted, you have the following rights to protect your personal data collected and processed by us:
Information, access, rectification and restriction rights
Upon request, you have the right to receive information about the personal data stored by us about you and information describing how we collect, process, and store your personal data. Further, you have the right to gain access to any of your personal data stored by us. You have the right to request from us the rectification of inaccurate personal data about you that we store. Taking into account the purposes of collecting and processing your data, you have the right to have incomplete personal data completed. You have the right to request restrictions on the processing of your personal data.
Right to data portability
You also have the right (1) to receive in a structured, commonly used, and machine-readable format all personal data about you that you have provided to us, and (2) to transmit that data to another controller.
Right to erasure of your data
You have the right to demand from us the erasure of your personal data, where – inter alia – one of the following grounds applies:
- If we no longer need your personal data for any of the aforementioned purposes;
- If you withdraw your consent on which the collection and processing of your personal data is based on and where there are no other legal grounds for the collection and processing of your personal data; or
- If you object to the collection and processing and there are no overriding legitimate grounds for continuing collection and processing of your personal data.
Please note, if data needs to be retained pursuant to the erasure exemptions provided in Article 17(3) of the GDPR, we will restrict the use of the respective data.
Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a supervisory authority in the Member State of your habitual residence, your place of work, or the place of the alleged infringement if you believe that the collection and processing of your personal data infringes the protections provided by the GDPR.
Right to object to the processing of your data
You have the right to object at any time to the collection and processing of your personal data on grounds relating to your particular situation when collection and processing of such data was based on our pursuing legitimate business interests (GDPR Art. 6(1)(f)).
Right to withdraw your consent at any time
You have the right to withdraw your consent at any time, when you have provided us with your consent for the collection and processing of your personal data for one or more specific purposes.
How to exercise your rights
To exercise your rights, please contact us via email (privacy@eyeo.com) or mail to:
eyeo GmbH
Kunibertsgasse 10
50668 Cologne
Germany
Are you obliged to provide personal data to us?
You are only obligated to provide us with personal data that is necessary for the performance of our contract or in order to take those steps that are necessary for you voluntarily entering into a contract, e.g. contact data, contact person, and bank details.
2. Your right to object
You have the right to object at any time to the collection and processing of your personal data on grounds relating to your particular situation when collection and processing of such data was based on our legitimate business interests (GDPR Art. 6(1)(f)). This also applies to any profiling (GDPR Art. 4) that was based on our legitimate business interests (GDPR Art. 6(1)(f) GDPR).
If you object, we will no longer process your personal data, unless:
(1) we can prove compelling reasons to continue processing your personal data that outweigh your interests, rights, and freedoms; or
(2) the processing serves to assert, exercise, or defend legal claims.
To object, please contact us via email (privacy@eyeo.com) or mail to:
eyeo GmbH
Kunibertsgasse 10
50668 Cologne
Germany
3. Subcontractors / processors
eyeo GmbH is currently using the following categories of subcontractors in connection with the processing of your personal data. These subcontractors have entered into data processing agreements with us and will only process your personal data under our instructions:
Category of subcontractors - Main subject of subcontracted services
Software service provider - Tools for data collection, management and analysis (Alchemer LLC, Dovetail Research Pty. Ltd., Google Inc., RealtimeBoard, Inc. dba Miro, UserZoom Technologies, Inc); Tools for online communication and video calls (HubSpot, Inc., Google Inc.); Tool for managing participant compensation (Tremendous, LLC, Prolific Academic Ltd.).
November 2024