Data protection

1. About GfK and the Connect app

GfK SE (GfK) is a market research company based in Nuremberg, Germany and the main shareholder of market research companies in Germany and abroad that together form the "GfK Group".

The Connect App (hereinafter referred to as "App" for short) is an app developed by GfK to enable panel mambers to quickly connect to our internal community network and infrastructure.

The app is part of our panel platform and can therefore only be used in conjuction with a valid registration via:

2. Information collected by the app

The app collects the following information:

The app neither shares information about your internet usage in a wider sense, nor user names, passwords, electronic communication or financial transactions.

3. Use of the app and revocation of your consent

You may only use the app as long as you are a registered panel member. As soon as your participation ends, you will have to uninstall the app from your devices. You can also uninstall the app at any time and still remain a participant with us.

4. Data Retention Period

GfK stores the data it collects for a maximum of two years.

5. Your rights

You have legal rights:

If you have any questions about data protection, you are welcome to first contact the participant support of the panel to which you belong. However, you are free to contact our data protection officer directly. Contact options can be found in the "Contact" section.

6. Transfer of personal data

Within GfK: Your personal data can be passed on to one or more GfK companies if this is necessary for data processing and storage or in order to grant you access to our services, provide support, make decisions about service improvements or content development or for market and media research purposes. We do not disclose your personal data to third parties outside the GfK Group unless you have given your prior express consent for this specific purpose.

External serviceprovider: If necessary, we commission other companies and persons to carry out certain tasks that contribute to our services within the framework of order processing agreements. For example, we can pass on personal data to contractual partners or providers who manage our databases and applications for the purpose of providing data processing services. We only pass on such data to external service providers or allow them to access it to the extent necessary for the respective purpose. These data may not be used by the external service providers for other purposes, in particular not for their own purposes or the purposes of third parties. GfK's external service providers are contractually obliged to maintain the confidentiality of your personal data.

Business Transfers: In connection with a start-up, reorganization, merger or sale, or other transfer of assets (collectively, "Business Transfers"), we transfer data, including personal data, to an appropriate extent and to the extent necessary for the business transfer, provided the receiving party agrees To treat your personal data in a way that complies with applicable data protection laws. We continuously ensure the confidentiality of all personal data and inform data subjects by contacting GfK market research participants directly before personal data is subject to another data protection declaration.

Public bodies: We only disclose your personal data to public bodies if this is required by law. For example, GfK responds to inquiries from courts, law enforcement agencies, regulators, and other public and government agencies, including those outside your country of residence.

7. International transfers of personal data

Under certain circumstances, it is also necessary for GfK to transfer your personal data to countries outside the European Union (EU) or the European Economic Area (EEA), so-called "third countries". Such transfers to third countries can include all processing activities described in section 3 of this data protection declaration. This data protection declaration also applies if we transfer personal data to third countries in which a different level of data protection prevails than in the country of your residence. In particular, international data transmission affects the following scenarios:

Companies of the GfK Group: Internal data protection agreements exist with companies of the GfK Group outside the European Union on the basis of standard contractual clauses issued by the European Commission to protect your privacy and to legitimize international data transfers.

Other recipients outside the European Union (EU) and the European Economic Area (EEA): Any transfer of personal data to recipients outside the GfK Group will only take place with your knowledge and, where applicable, with your prior consent. Any transfer of personal data to countries for which there is no adequacy decision with regard to the level of data protection from the European Commission, such as at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension -data-protection / adequacy-decisions_en, is made on the basis of contractual agreements that contain the standard contractual clauses issued by the European Commission or other guarantees that comply with applicable law.

8. Security

GfK takes data security very seriously. We take all necessary physical, electronic and administrative security measures to protect the data, including personal data, that we collect from accidental or unlawful destruction, loss, alteration and unlawful disclosure, as well as unauthorized access to transferred, stored or otherwise processed personal data to prevent. Our guidelines and procedures for information security are based on commonly recognized international standards and are regularly reviewed and updated as necessary to meet our business requirements, technological changes and regulatory requirements.

In the event of a data security breach, which also affects personal data, GfK complies with all applicable laws with regard to the obligation to notify in the event of a personal data breach.

9. Changes to this data protection declaration

In the event of changes to our data protection declaration, we will inform you by e-mail and SMS so that you are always informed about what information we collect, how we use it and under what circumstances we may pass it on. If we intend to collect other types of information or to use the information collected in a different way than stated at the time the information was collected, we will obtain your express consent beforehand.

GfK routinely updates the app, but this option is not used to expand or change the type and scope of the data collected by the app without first obtaining your express consent.

10. Contact

If you have any questions, please contact the hotline under the menu item "Contact" or use the country-specific contact form:

Participant support Austria:

https://www.askgfk.at/kontakt

Data protection officer EMEA of the GfK Group

GfK SE
Sophie-Germain-Strasse 3-5
90443 Nürnberg
Germany
Email: dpo@gfk.com

12. Impressum

Responsible body Austria:

GfK Austria GmbH
Erdbergerlände 26a
A-1030 Wien
Austria

App developer and publisher:

GfK SE
Sophie-Germain-Strasse 3-5
90443 Nürnberg
Germany

Management:

Lars Nordmark (CEO)
Lars Nordmark (CFO)

T +49 911 395-0 (Switchboard), gfk@gfk.com
Chairman of the Supervisory Board: Thomas Ebeling
Registered office: Nuremberg
Entered in the Commercial Register at the District Court:
Nuremberg: HRB 25014
VAT no.: DE 133 500 719