Last modified on July 17, 2023
Welcome to Privacy Notice of the Automotive Disruption Radar Platform (hereinafter: the Platform), operated by Roland Berger (“Privacy Notice”)
Protecting your Personal Data and complying with the General Data Protection Regulation (GDPR) and other relevant data protection legislation are matters that we take very seriously. This policy is intended to give you an overview of how we ensure this protection and compliance, what kinds of data we collect and why, and how we deal with it.
By “Personal Data” we mean, in accordance with the GDPR, any information relating to an identified or identifiable individual. This is broader than just information of a personal or private nature and also includes information such as your name, date of birth, and email address.
Responsibility for the data processing in connection with the Platform rests with Roland Berger GmbH, Sederanger 1, 80538 Munich, Germany, Phone: +49-89-9230-0, Fax: +49-89-9230-8202, email: [email protected] (“Roland Berger”, “we”, “us”), these are also the contact details of our Data Protection Officer, as well as the special email: [email protected]. Any data processing occurring on the Platform rests solely at the Roland Berger GmbH.
However, we also collect data for marketing purposes with your consent. This is generally done for all contributing entities (hereinafter: “the Members”) of the Platform as joint controllers (Art. 26 GDPR). The current Members of the Platform are:
|Member||Legal entity||Link||Country||European Economic Area(EEA)/Non-European Economic Area (Non-EEA)||Adequacy decision of the European Commission|
|carbometrix||carbometrix||Website – Legal – Privacy Notice||France||EEA||–|
|CoMotion||CoMotion LLC||Website – Legal – Privacy Notice||USA||Non-EEA||No|
|fka||fka GmbH||Website – Legal – Privacy Notice||Germany||EEA||–|
|Roland Berger||Roland Berger GmbH||Website – Legal – Privacy Notice||Germany||EEA||–|
|Springer Fachmedien||Springer Fachmedien Wiesbaden GmbH||Website – Legal – Privacy Notice||Germany||EEA||–|
More information regarding all members of the platform, also those who did not enter the Joint Controllership Agreement, can be found here.
We and the Members process your Data according to an explicit contract, the joint controllership agreement. Subject to this document is, how we and the Members process the data and how we work together in fulfilling any data protection request filed to us or one of the Members. The important part for you is, that we work together to fulfill any request by you and that we and the Members are contractually bound to provide reasonable cooperation, assistance and information in order to comply with your requests or complaints.
To provide the Platform, we must process information about you. We do not have any automated decision-making, including profiling on our Platform. Here is how and which data we collect and process about you:
1. Personal Data collected automatically in server logs
When you visit the Platform, we record the following information:
- your IP address;
- the data you requested from the website;
- how much and which data you download;
- the website from which your accessing system came to our website;
- the server reply code on the request from your browser;
- information about the browser you used;
- the date and time you visited, and for how long; and
- other similar data and information that serves to avert the risk of an attack on our information technology systems.
Roland Berger generally cannot attribute this data to any specific person.
This information is required in order to:
- properly deliver the contents of the Platform, Art. 6 para. 1 lit. b), f) GDPR;
- continually optimize our websites, Art. 6 para. 1 lit. f) GDPR;
- ensure the continued functioning of our information technology systems and the technology of our websites, Art. 6 para. 1 lit. f) GDPR; and
- provide law enforcement authorities with the necessary information for prosecution in the event of a cyber attack, Art. 6 para. 1 lit. f) GDPR.
2. Personal Data obtained from you directly
a) General Information about Data obtained from you
We record and process information you enter on our websites or send us otherwise. This includes data you enter in forms or contact fields (e.g. the registration form for the Platform) or select from lists or menus.
On our websites, you also have the possibility to contact us using the contact forms, email addresses, telephone and fax numbers provided there. When you contact us through the above channels, we will store and process the resulting personal data for the purposes of dealing with your request. Your information can be stored in our Customer Relationship Management (CRM) system. All data are used exclusively for the processing of your request.
There is no legal obligation to provide us your data, however the provision of your data is necessary to gain access to the Platform. The consequence of the non-provision of your data is, that you do not gain access to the Platform.
b) Data concerning the usage of the Platform itself
The legal basis for the processing of the data for the purpose of creating an account on the Platform and the usage of the Platform itself (i.e. creating an account, reading articles and contributions of the Members) is Art. 6 para. 1 lit. b), f) GDPR. Our legitimate interest in obtaining this data from you is to know our users and delivering the Platform to you.
c) Data concerning your consent to marketing (hereinafter: “your Consent”)
In order to deliver the Platform to you without any subscription fee, we collect your Consent to marketing purposes for us and the Members of the Platform. Therefore, your Consent is a mandatory contractual obligation to create an account and gaining access to the Platform. The consequence of the non-provision of your Consent is, that you do not gain access to the Platform.
We share the Consent and your personal master data (title, salutation/gender, first name, last name, company, position), as well as your contact details (telephone number(s), email address(es)) with our Members, since the Consent also covers marketing purposes of the Members. We share a list of all users of the Platform with the Members twice a year. The Members are allowed to use the data for the duration of their membership to the Platform. After the Termination of their membership, the further usage of your data is prohibited and they are contractually obliged to erase your data.
The data processing concerning your Consent is based on Art. 6 para. 1 lit. a), f) GDPR in conjunction with Art. 26 GDPR and the Joint Controllership Agreement between us and the Members.
The newsletters and other emails with information and marketing material from us or our Members may contain so-called web beacons for statistical analysis. We use these to optimize the content of the newsletters and adapt them better to user interests. By integrating these web beacons, we can identify when an email was opened by a data subject and which links in the email were opened. This will only be done with your consent when requesting such emails, Art. 6 para. 1 lit. a) GDPR.
d) Data concerning requests
The legal basis for the processing of the data is Art. 6 para. 1 lit. f) GDPR (general requests). Where the data are processed in order to take steps prior to entering into a contract at your request, the legal basis shall be Art. 6 para. 1 lit. b) GDPR. We process the personal data we collect solely for the purposes of effectively handling the requests addressed to us. These purposes also constitute our legitimate interest in processing personal data pursuant to Art. 6 para. 1 lit. f) GDPR.
We will retain the data you transfer to us in contact requests until you ask for their deletion, object to their storage, or the purpose for their storage no longer applies. The purpose for the storage of the data no longer applies when it becomes evident that the underlying issue has been conclusively settled. In any case we will store the data at least for the limitation period applicable of German Law, which regularly is 3 years starting at the end of the year you submitted us your data.
When you provide your Personal Data for marketing purposes, we will ask you to give your consent for processing that data. In that case, the legal basis for processing is Art. 6 para 1 lit. a) GDPR.
3. Information and marketing services
There may be points on the Platform where we offer the possibility to subscribe to newsletters and studies, participate in surveys, receive similar information and marketing materials, or register for events. If you would like to use these services, we will need a working email address for you and details to enable us to verify that this email address is really yours and whether you agree to receive the newsletters. For legal reasons, an email will be sent to the email address you provided asking for confirmation in a double-opt-in procedure after signing up for our newsletter. The legal basis for sending newsletters is Art. 6 para. 1 lit. a) GDPR.
When you register, we record the following data:
- Title (required)
- First name (required)
- Last name (required)
- Email (required)
- Company (required)
- Job title (required)
- Country (required)
- Telephone number (optional)
The Personal Data collected when ordering information and marketing material will be used exclusively for the following purposes:
- Sending the newsletter
- Consulting, marketing and advertising
- Composing the topics of the newsletter according to your interests
If you register for one of our events, we also use your Personal Data for the following purposes: to identify you as a registered participant of the event, to grant you access to the event, to send reminders and to inform you if there are any changes to the event (e.g. a change of date and time) and to contact you after the event to ask for your feedback in accordance with Art. 6 para. 1 lit. b) GDPR.
Our newsletters and other automatically sent emails with information and marketing material as well as emails in connection with events contain so-called web beacons for statistical analysis. We use these to optimize the content of the newsletters and adapt them better to user interests. By integrating these web beacons, we can identify when an email was opened by a data subject and which links in the email were opened. This will only be done with your consent when requesting such emails.
4. Data from public sources
We may search and use Personal Data from public sources (such as LinkedIn, Xing and other publicly available sources on the internet) to complete or correct your data (first name, company, country, etc.). We store this data in our CRM system. The legal basis for this is Art. 6 para. 1 lit. f) GDPR.
5. Objection and withdrawal of consent
If you have given us your consent to process your Personal Data (Art. 6 para 1 lit. a) GDPR), you can withdraw your consent at any time with future effect. If we process your Personal Data based on Art. 6 para 1 lit. f) GDPR (legitimate interest), you can object at any time to the processing of your Personal Data. If you object to the processing of data for marketing reasons, the objection is unconditional.
Please use either the link included in each newsletter email we send you or, alternatively, contact Roland Berger GmbH via mail, fax, email or using the following contact details:
Roland Berger GmbH
Email: [email protected]
The contact details of our data protection officer are:
Roland Berger GmbH
Email: [email protected]
6. Where does data go once it reaches Roland Berger?
Once you register on the Platform, we transmit it within Roland Berger to the recipients who need to know it. As we mentioned earlier, we share your Consent as well as your personal master data and your contact data with the Members. If the Member has its company headquarters in a country outside the European Union (EU) or the European Economic Area (EEA) that is not subject to a comparable level of data protection, we will ensure that the service providers have adequate guarantees by concluding EU standard contractual clauses.
7. External service providers
We may involve service providers who support us in the processing of Personal Data or otherwise and who may come into contact with your Personal Data. This will only happen after the prior conclusion of a Data Protection Agreement that obligates our service providers to process Personal Data only according to our instructions and to keep it confidential. Should your Personal Data be transferred to a country outside the European Union (EU) or the European Economic Area (EEA) that is not subject to a comparable level of data protection, we will ensure that the service providers have adequate guarantees (such as by concluding EU standard contractual clauses).
8. Intra-group sharing, Joint Controllers
Within the Roland Berger Group’s organization, there is a need to exchange Personal Data on an intra-group basis as Joint Controllers. For this reason, Roland Berger will transfer and share your Personal Data within the Roland Berger Group’s organization for the purposes set out in this Privacy Notice. Roland Berger entities might also be established outside the European Union or the European Economic Area. In such cases, we will ensure that there are adequate safeguards (i.e. EU standard contractual clauses) in place to protect your Personal Data. We at Roland Berger are responsible for informing you about your rights as a data subject under applicable data protection laws. You can address any requests or complaints you may have with regard to your Personal Data to Roland Berger. The other Roland Berger entities within the Roland Berger Group’s organization that might also keep your Personal Data will give us reasonable cooperation, assistance and information in order to comply with such requests or complaints.
9. Sending data to third parties
As a fundamental rule, we do not disclose, transfer, sell or otherwise market Personal Data to third parties, such as other companies or organizations, without your express consent except as required to meet our contractual obligations between Roland Berger and you, the Platform user.
11. Integration of third-party services and content
Within our website, we use content or service offers from third parties in order to integrate their content and services. In case of technically necessary cookies we do this on the legal basis of our legitimate interests according to Art. 6 para. 1 lit. f) GDPR, in case of technically non-necessary cookies on the legal basis of your consent according to Art. 6 para. 1 lit. a) GDPR.
Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website.
The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, visiting times and other details about the use of our online offering, and may also be linked to such information from other sources.
If you have given your consent, this website uses Google Analytics 4, a web analytics service provided by Google LLC. The responsible party for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).
Scope of processing
We use the User ID function. User ID allows us to assign a unique, persistent ID to one or more sessions (and the activities within those sessions) and to analyze user behavior across devices.
We use Google Signals. This allows Google Analytics to collect additional information about users who have personalized ads enabled (interests and demographics) and ads can be delivered to these users in cross-device remarketing campaigns.
Google Analytics 4 has IP address anonymization enabled by default. Due to IP anonymization, your IP address will be shortened by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
During your website visit, your user behavior is recorded in the form of “events”. Events can be:
- Page views
- First visit to the website
- Start of session
- Your “click path”, interaction with the website
- Scrolls (whenever a user scrolls to the bottom of the page (90%))
- clicks on external links
- internal search queries
- interaction with videos
- file downloads
- seen / clicked ads
- language settings
- Your approximate location (region)
- your IP address (in shortened form)
- technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
- your internet service provider
- the referrer URL (via which website/advertising medium you came to this website)
Purposes of processing
On our behalf, Google will use this information to evaluate your use of the website and to compile reports on website activity. The reports provided by Google Analytics serve to analyze the performance of our website and the success of our marketing campaigns.
Recipients of the data are/may be:
- Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor under Art. 28 DSGVO).
- Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
- Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
It cannot be ruled out that US authorities may access the data stored by Google.
Third country transfer
Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.
Duration of storage
The data sent by us and linked to cookies are automatically deleted after 14 months. The deletion of data whose retention period has been reached occurs automatically once a month.
The legal basis for this data processing is your consent pursuant to Art.6 para.1 p.1 lit. a GDPR.
You can revoke your consent at any time with effect for the future by accessing the cookie settings and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected.
You can also prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you configure your browser to reject all cookies, this may result in a restriction of functionalities on this and other websites. In addition, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google, by
a. not giving your consent to the setting of the cookie or
b. downloading and installing the browser add-on to disable Google Analytics HERE .
12. What are your rights?
Data subjects have rights with respect to Roland Berger GmbH in relation to their Personal Data in accordance with Art. 15-21 GDPR. In particular, you have the right to:
- request a copy of the Personal Data we hold about you (right of access, Art. 15 GDPR);
- ask that we update the Personal Data we hold about you, or correct any Personal Data that you think is incorrect or incomplete (right to rectification, Art. 16 GDPR);
- ask that we delete Personal Data that we hold about you, or restrict the way in which we use your Personal Data (right to erasure, Art. 17 GDPR and right to restriction of processing, Art. 18 GDPR)
- object to our processing of your Personal Data (right to object, Art. 21 and 22 GDPR)
- request that your Personal Data be transferred to you or another data controller (right to data portability, Art. 20 GDPR).
- You always have the right to complain to the supervisory authority, the supervisory authority competent for us is the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), Promenade 18, 91522 Ansbach, Phone: +49 (0) 981 180093-0, Fax: +49 (0) 981 180093-800, Email: [email protected].