Data protection declaration for the website of the KOSTAL customer survey

Name and address of responsible party

The responsible party in the sense of the General Data Protection Regulation (GDPR) and other national data protection legislation applicable in member states as well as other data protection regulations is:

ServiceBarometer AG
Gottfried-Keller-Str. 35
81245 Munich, Germany

Contact details of the data protection officer

Data protection officer
ServiceBarometer AG
Gottfried-Keller-Str. 35
81245 Munich, Germany


We use personal data to contact/invite respondents to our market surveys and opinion polls and to authenticate respondents (check that they are genuine). Instances may arise in which we also process the personal data within the survey itself, e.g. should respondents independently enter data in response to open-ended questions. Completion of surveys and provision of data is always voluntary. Survey data are only analysed and shared with third parties in a manner that does not lead back to individual respondents (anonymisation). Personal data and survey data are kept strictly separate.

All survey respondents are assigned an ID for this purpose. General data about a person’s response behaviour (e.g. completion of entire survey, stopping the survey, continuation at a later date, deletion of interview) can be assigned using this ID. These data are stored and used to methodically analyse the study. The ID can be used to add pseudonymous individual details about the respondents (e.g. region) to the survey data without leading back to the participant.

If personal data are collected via the survey website, these are separated from the survey data as quickly as possible and pseudonymised or anonymised as soon as the purpose of the research project permits.

We only ever collect and use personal data relating to users of our survey if this is necessary to provide a fully functional website, content and surveys.

Personal data relating to users of our survey website are collected and used in line with regulations and only with the consent of the user. One exception applies in cases where we are not able to obtain consent in advance for practical reasons and where the processing of data is permitted by law.

If we obtain consent to process personal data from the person in question, Article 6 paragraph 1 point a of the EU General Data Protection Regulation (GDPR) is regarded as the general legal basis.

Article 6 paragraph 1 point b of the GDPR serves as the general legal basis for processing personal data which are needed for fulfilment of a contractual obligation to which the person in question is party. This also applies to processing required to carry out pre-contractual measures.

If personal data need to be processed in order to fulfil a legal obligation to which our company is subject, Article 6 paragraph 1 point c of the GDPR serves as the general legal basis.

In cases where personal data have to be processed in the vital interest of the person in question or other individual persons, Article 6 paragraph 1 point d of the GDPR serves as the general legal basis.

If processing of data is required to safeguard a justified interest of our company or a third party and if the interests, basic rights and basic freedoms of the person in question do not outweigh the aforementioned interest, Article 6 paragraph 1 point f of the GDPR serves as the general legal basis for processing.

The personal data of the person in question are deleted or blocked as soon as the purpose for which they were originally stored ceases to exist. Such data may also be stored if this has been provided for by European or national legislation in ordinances, legislation or other requirements relating to union law and to which the responsible party is subject. The data are also blocked or deleted if a storage period stipulated by the aforementioned legislation expires, unless the data need to be stored for longer in order to complete or fulfil a contract.

Collecting and processing usage data and personal data

Without you actively and voluntarily entering personal data within the course of completing the survey, we only collect the personal data provided to our server by your browser. When you use our survey website, we collect the following data:

  • IP address of the PC requesting access
  • Date and time of the request
  • Content of the request (means of access and URL)
  • Success status of access (HTTP status code)
  • The amount of data transferred in each instance
  • Website from which the request originates
  • ID details of the browser used

We need these data for technical reasons in order to display our website to you and ensure its stability and security (Article 6 paragraph 1 point f of the GDPR serves as the general legal basis).

These data are stored in our system's log files. The data are not analysed for the purpose of marketing. These data are not stored together with other personal data relating to the user. We regularly delete the log files after 14 days.

Options for opting out and removal: The collection of data in order to provide the website and the storage of data in log files is absolutely essential to operating the web page. No options for removal are made available to the user.

Personal data from the log files are not linked with the responses you provide in the survey.

Please do not provide personal data, such as names, phone numbers or e-mail addresses, in the open-ended questions. Only do so on the contact form for the prize draw at the end of the survey if you want to be included in the draw.

If the customer provides us with personal data while processing the order, we delete these in agreement with the customer as soon as the purpose of the contract has been fulfilled and provided this does not infringe any legal archiving periods.

Your rights

Do you have any questions about your personal data? If so, contact our data protection officer (see above), who will help you to assert your rights.

You have the following rights with respect to us in terms of your personal data:

  • Right of access to information (Article 15 GDPR)
  • Right to rectification (Article 16 GDPR)
  • Right to deletion (Article 17 GDPR)
  • Right to restriction of processing (Article 18 GDPR)
  • Right to data portability (Article 20 GDPR)
  • Right to object to processing (Article 21 GDPR)

If the processing of data is based on Article 6 paragraph 1 point a (consent by the person in question) or Article 9 paragraph 2 point a, you are entitled to withdraw this consent at any time without affecting the legality of any processing undertaken on the basis of consent up to the point at which you withdrew it.

You are entitled to complain to a supervisory body if you believe that the processing of personal data relating to you infringes the GDPR.

Changes to data protection provisions

We reserve the right to change the security and data protection measures and to adapt this data protection declaration. This data protection declaration does not cover external links taking you to the websites of third parties.

Contact for further questions

Please contact our data protection officer if you have any further questions about data protection on this survey website.

Munich, 3 January 2021