Last modified on April 12, 2023
Welcome to Privacy Notice of the Automotive Disruption Radar Platform (hereinafter: the Platform), operated by Roland Berger (“Privacy Notice”)
Protecting your Personal Data and complying with the General Data Protection Regulation (GDPR) and other relevant data protection legislation are matters that we take very seriously. This policy is intended to give you an overview of how we ensure this protection and compliance, what kinds of data we collect and why, and how we deal with it.
By “Personal Data” we mean, in accordance with the GDPR, any information relating to an identified or identifiable individual. This is broader than just information of a personal or private nature and also includes information such as your name, date of birth, and email address.
Responsibility for the data processing in connection with the Platform rests with Roland Berger GmbH, Sederanger 1, 80538 Munich, Germany, Phone: +49-89-9230-0, Fax: +49-89-9230-8202, email: email@example.com (“Roland Berger”, “we”, “us”), these are also the contact details of our Data Protection Officer, as well as the special email: firstname.lastname@example.org. Any data processing occurring on the Platform rests solely at the Roland Berger GmbH.
However, we also collect data for marketing purposes with your consent. This is generally done for all contributing entities (hereinafter: “the Members”) of the Platform as joint controllers (Art. 26 GDPR). The current Members of the Platform are:
|Member||Legal entity||Link||Country||European Economic Area(EEA)/Non-European Economic Area (Non-EEA)||Adequacy decision of the European Commission|
|carbometrix||carbometrix||Website – Legal – Privacy Notice||France||EEA||–|
|CoMotion||CoMotion LLC||Website – Legal – Privacy Notice||USA||Non-EEA||No|
|fka||fka GmbH||Website – Legal – Privacy Notice||Germany||EEA||–|
|Roland Berger||Roland Berger GmbH||Website – Legal – Privacy Notice||Germany||EEA||–|
|Springer Fachmedien||Springer Fachmedien Wiesbaden GmbH||Website – Legal – Privacy Notice||Germany||EEA||–|
More information regarding all members of the platform, also those who did not enter the Joint Controllership Agreement, can be found here.
We and the Members process your Data according to an explicit contract, the joint controllership agreement. Subject to this document is, how we and the Members process the data and how we work together in fulfilling any data protection request filed to us or one of the Members. The important part for you is, that we work together to fulfill any request by you and that we and the Members are contractually bound to provide reasonable cooperation, assistance and information in order to comply with your requests or complaints.
To provide the Platform, we must process information about you. We do not have any automated decision-making, including profiling on our Platform. Here is how and which data we collect and process about you:
1. Personal Data collected automatically in server logs
When you visit the Platform, we record the following information:
- your IP address;
- the data you requested from the website;
- how much and which data you download;
- the website from which your accessing system came to our website;
- the server reply code on the request from your browser;
- information about the browser you used;
- the date and time you visited, and for how long; and
- other similar data and information that serves to avert the risk of an attack on our information technology systems.
Roland Berger generally cannot attribute this data to any specific person.
This information is required in order to:
- properly deliver the contents of the Platform, Art. 6 para. 1 lit. b), f) GDPR;
- continually optimize our websites, Art. 6 para. 1 lit. f) GDPR;
- ensure the continued functioning of our information technology systems and the technology of our websites, Art. 6 para. 1 lit. f) GDPR; and
- provide law enforcement authorities with the necessary information for prosecution in the event of a cyber attack, Art. 6 para. 1 lit. f) GDPR.
2. Personal Data obtained from you directly
a) General Information about Data obtained from you
We record and process information you enter on our websites or send us otherwise. This includes data you enter in forms or contact fields (e.g. the registration form for the Platform) or select from lists or menus.
On our websites, you also have the possibility to contact us using the contact forms, email addresses, telephone and fax numbers provided there. When you contact us through the above channels, we will store and process the resulting personal data for the purposes of dealing with your request. Your information can be stored in our Customer Relationship Management (CRM) system. All data are used exclusively for the processing of your request.
There is no legal obligation to provide us your data, however the provision of your data is necessary to gain access to the Platform. The consequence of the non-provision of your data is, that you do not gain access to the Platform.
b) Data concerning the usage of the Platform itself
The legal basis for the processing of the data for the purpose of creating an account on the Platform and the usage of the Platform itself (i.e. creating an account, reading articles and contributions of the Members) is Art. 6 para. 1 lit. b), f) GDPR. Our legitimate interest in obtaining this data from you is to know our users and delivering the Platform to you.
c) Data concerning your consent to marketing (hereinafter: “your Consent”)
In order to deliver the Platform to you without any subscription fee, we collect your Consent to marketing purposes for us and the Members of the Platform. Therefore, your Consent is a mandatory contractual obligation to create an account and gaining access to the Platform. The consequence of the non-provision of your Consent is, that you do not gain access to the Platform.
We share the Consent and your personal master data (title, salutation/gender, first name, last name, company, position), as well as your contact details (telephone number(s), email address(es)) with our Members, since the Consent also covers marketing purposes of the Members. We share a list of all users of the Platform with the Members twice a year. The Members are allowed to use the data for the duration of their membership to the Platform. After the Termination of their membership, the further usage of your data is prohibited and they are contractually obliged to erase your data.
The data processing concerning your Consent is based on Art. 6 para. 1 lit. a), f) GDPR in conjunction with Art. 26 GDPR and the Joint Controllership Agreement between us and the Members.
The newsletters and other emails with information and marketing material from us or our Members may contain so-called web beacons for statistical analysis. We use these to optimize the content of the newsletters and adapt them better to user interests. By integrating these web beacons, we can identify when an email was opened by a data subject and which links in the email were opened. This will only be done with your consent when requesting such emails, Art. 6 para. 1 lit. a) GDPR.
d) Data concerning requests
The legal basis for the processing of the data is Art. 6 para. 1 lit. f) GDPR (general requests). Where the data are processed in order to take steps prior to entering into a contract at your request, the legal basis shall be Art. 6 para. 1 lit. b) GDPR. We process the personal data we collect solely for the purposes of effectively handling the requests addressed to us. These purposes also constitute our legitimate interest in processing personal data pursuant to Art. 6 para. 1 lit. f) GDPR.
We will retain the data you transfer to us in contact requests until you ask for their deletion, object to their storage, or the purpose for their storage no longer applies. The purpose for the storage of the data no longer applies when it becomes evident that the underlying issue has been conclusively settled. In any case we will store the data at least for the limitation period applicable of German Law, which regularly is 3 years starting at the end of the year you submitted us your data.
When you provide your Personal Data for marketing purposes, we will ask you to give your consent for processing that data. In that case, the legal basis for processing is Art. 6 para 1 lit. a) GDPR.
3. Information and marketing services
There may be points on the Platform where we offer the possibility to subscribe to newsletters and studies, participate in surveys, receive similar information and marketing materials, or register for events. If you would like to use these services, we will need a working email address for you and details to enable us to verify that this email address is really yours and whether you agree to receive the newsletters. For legal reasons, an email will be sent to the email address you provided asking for confirmation in a double-opt-in procedure after signing up for our newsletter. The legal basis for sending newsletters is Art. 6 para. 1 lit. a) GDPR.
When you register, we record the following data:
- Title (required)
- First name (required)
- Last name (required)
- Email (required)
- Company (required)
- Job title (required)
- Country (required)
- Telephone number (optional)
The Personal Data collected when ordering information and marketing material will be used exclusively for the following purposes:
- Sending the newsletter
- Consulting, marketing and advertising
- Composing the topics of the newsletter according to your interests
If you register for one of our events, we also use your Personal Data for the following purposes: to identify you as a registered participant of the event, to grant you access to the event, to send reminders and to inform you if there are any changes to the event (e.g. a change of date and time) and to contact you after the event to ask for your feedback in accordance with Art. 6 para. 1 lit. b) GDPR.
Our newsletters and other automatically sent emails with information and marketing material as well as emails in connection with events contain so-called web beacons for statistical analysis. We use these to optimize the content of the newsletters and adapt them better to user interests. By integrating these web beacons, we can identify when an email was opened by a data subject and which links in the email were opened. This will only be done with your consent when requesting such emails.
4. Data from public sources
We may search and use Personal Data from public sources (such as LinkedIn, Xing and other publicly available sources on the internet) to complete or correct your data (first name, company, country, etc.). We store this data in our CRM system. The legal basis for this is Art. 6 para. 1 lit. f) GDPR.
5. Objection and withdrawal of consent
If you have given us your consent to process your Personal Data (Art. 6 para 1 lit. a) GDPR), you can withdraw your consent at any time with future effect. If we process your Personal Data based on Art. 6 para 1 lit. f) GDPR (legitimate interest), you can object at any time to the processing of your Personal Data. If you object to the processing of data for marketing reasons, the objection is unconditional.
Please use either the link included in each newsletter email we send you or, alternatively, contact Roland Berger GmbH via mail, fax, email or using the following contact details:
Roland Berger GmbH
The contact details of our data protection officer are:
Roland Berger GmbH
6. Where does data go once it reaches Roland Berger?
Once you register on the Platform, we transmit it within Roland Berger to the recipients who need to know it. As we mentioned earlier, we share your Consent as well as your personal master data and your contact data with the Members. If the Member has its company headquarters in a country outside the European Union (EU) or the European Economic Area (EEA) that is not subject to a comparable level of data protection, we will ensure that the service providers have adequate guarantees by concluding EU standard contractual clauses.
7. External service providers
We may involve service providers who support us in the processing of Personal Data or otherwise and who may come into contact with your Personal Data. This will only happen after the prior conclusion of a Data Protection Agreement that obligates our service providers to process Personal Data only according to our instructions and to keep it confidential. Should your Personal Data be transferred to a country outside the European Union (EU) or the European Economic Area (EEA) that is not subject to a comparable level of data protection, we will ensure that the service providers have adequate guarantees (such as by concluding EU standard contractual clauses).
8. Intra-group sharing, Joint Controllers
Within the Roland Berger Group’s organization, there is a need to exchange Personal Data on an intra-group basis as Joint Controllers. For this reason, Roland Berger will transfer and share your Personal Data within the Roland Berger Group’s organization for the purposes set out in this Privacy Notice. Roland Berger entities might also be established outside the European Union or the European Economic Area. In such cases, we will ensure that there are adequate safeguards (i.e. EU standard contractual clauses) in place to protect your Personal Data. We at Roland Berger are responsible for informing you about your rights as a data subject under applicable data protection laws. You can address any requests or complaints you may have with regard to your Personal Data to Roland Berger. The other Roland Berger entities within the Roland Berger Group’s organization that might also keep your Personal Data will give us reasonable cooperation, assistance and information in order to comply with such requests or complaints.
9. Sending data to third parties
As a fundamental rule, we do not disclose, transfer, sell or otherwise market Personal Data to third parties, such as other companies or organizations, without your express consent except as required to meet our contractual obligations between Roland Berger and you, the Platform user.
11. What are your rights?
Data subjects have rights with respect to Roland Berger GmbH in relation to their Personal Data in accordance with Art. 15-21 GDPR. In particular, you have the right to:
- request a copy of the Personal Data we hold about you (right of access, Art. 15 GDPR);
- ask that we update the Personal Data we hold about you, or correct any Personal Data that you think is incorrect or incomplete (right to rectification, Art. 16 GDPR);
- ask that we delete Personal Data that we hold about you, or restrict the way in which we use your Personal Data (right to erasure, Art. 17 GDPR and right to restriction of processing, Art. 18 GDPR)
- object to our processing of your Personal Data (right to object, Art. 21 and 22 GDPR)
- request that your Personal Data be transferred to you or another data controller (right to data portability, Art. 20 GDPR).
- You always have the right to complain to the supervisory authority, the supervisory authority competent for us is the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), Promenade 18, 91522 Ansbach, Phone: +49 (0) 981 180093-0, Fax: +49 (0) 981 180093-800, Email: email@example.com.