Privacy Policy

GDPR-Compliant Data Processing

explidata is a GDPR-compliant service provider. We process your data with the utmost care and according to the strictest security standards.

1. Controller Information

The controller as defined by the General Data Protection Regulation, other data protection laws in force in the Member States of the European Union, and other provisions of a data protection nature is:

explidata
Christian Knaut
Pannierstr. 2
12043 Berlin
Germany

+49-30-21970531

cknaut@explidata.de

www.explidata.de

Controller registered with:
Berlin Commissioner for Data Protection and Freedom of Information
Friedrichstr. 219
10969 Berlin

2. Subject Matter and Duration of Processing

2.1 Subject Matter

The subject matter of this agreement is the processing of personal data by explidata on behalf of the client. This includes in particular:

The transcription of audio and/or video recordings of qualitative interviews and focus groups
The coding and thematic assignment of the transcribed content
The storage and provision of data via our web-based analysis platform
If applicable, the translation of content into other languages
AI-supported processing of content (if this option is selected)
The pseudonymization of identifying characteristics (upon request)

2.2 Duration

The duration of this agreement corresponds to the term of the main contract for the provision of transcription and coding services. Data processing begins with the transmission of the data to be processed to explidata and ends with the complete return or deletion of all processed data after the project is completed or upon explicit instruction from the client.

3. Type and Purpose of Data Processing

3.1 Types of Processed Data

Within the scope of our services, the following types of personal data may be processed:

Audio and video recordings of interviews and focus groups
Transcriptions of these recordings with verbal and, if applicable, non-verbal expressions
Names, contact details, and demographic characteristics of research participants (if mentioned in the recordings)
Professional and personal experiences, opinions, and attitudes of participants
Information about third parties mentioned by the participants
Metadata such as date, location, and duration of recordings

3.2 Purpose of Processing

The processing is carried out exclusively for the purpose of:

Creating precise transcriptions of research conversations
Systematic coding and thematic assignment of statements
Providing the processed data for qualitative analysis by the client
Supporting the client in interpreting and evaluating research results

3.3 Categories of Data Subjects

The following groups of persons may be affected by the data processing:

Participants in qualitative research studies (interview partners, focus group participants)
Moderators and interviewers
Third parties mentioned in the conversations

4. Obligations of explidata

Instruction-Bound Processing

explidata processes all personal data exclusively within the framework of the contractually agreed terms and in accordance with the documented instructions of the client.

Confidentiality

All persons entrusted with the processing of personal data are obligated to maintain confidentiality and have been instructed accordingly.

4.3 Technical and Organizational Measures

explidata implements comprehensive technical and organizational measures (TOMs) to ensure an appropriate level of protection for the processed personal data. These measures are continuously evaluated and adapted if necessary.

The implemented measures include in particular:

Physical Access Control

Access-protected premises with electronic access systems
Documented key issuance
Alarm system and monitoring of operating rooms

Electronic Access Control

Encrypted data transmission via SSL/TLS (minimum 256-bit)
Personalized access data with complex password policies
Multi-factor authentication for administrative access

Access Control

Differentiated authorization concept (need-to-know principle)
Regular review of access rights
Logging of database access

Availability Control

Regular backups in separate fire zones
Tested emergency plans and recovery procedures
Uninterruptible power supply

A detailed description of the TOMs can be provided upon request.

4.4 Notification of Data Breaches

In the event of a personal data breach, explidata will notify the client without undue delay, at the latest within 24 hours after becoming aware of the incident.

4.5 Deletion and Return of Data

After the completion of the processing activities or upon instruction from the client, explidata will, at the client's choice, either return all personal data and delete any existing copies or completely and irretrievably delete the data. The deletion will be confirmed in writing upon request.

5. Use of AI Technologies

AI Usage at explidata

Our AI technologies have been specifically developed for the requirements of qualitative research and offer the highest precision while ensuring data protection.

5.1 General Principles of AI Usage

The following principles apply to the optional use of AI technologies for transcription and translation:

AI processing primarily takes place on European servers
GDPR-compatible AI solutions are used
Access to the data is strictly limited and monitored
AI-generated results are verified by specialists

5.2 AI Technologies Used

explidata uses the following technologies for AI-supported processing:

Modern NLP models (Natural Language Processing) for transcription
Specialized translation models for technical language and context-sensitive translation
Analysis models for topic recognition and sentiment analysis

5.3 Use of Google Services

Recently, we have also started using selected Google services for certain applications, with the following measures taken to protect your data:

Strict selection of Google services based on data protection criteria
Conclusion of Standard Contractual Clauses (SCCs) with Google in accordance with GDPR
Pseudonymization or anonymization of data where technically possible
Limitation of data transfer to the necessary minimum
Regular review of data protection measures

5.4 Transparency and Control

The client is always informed about which data is processed with AI support. The AI-supported processes are documented and are accessible for audits. The client can decide at any time to restrict or terminate the use of AI.

6. Sub-processors

6.1 Approval of Sub-processors

explidata may engage sub-processors only with the prior written consent of the client.

6.2 Requirements for Sub-processors

explidata carefully selects sub-processors and contractually obliges them to comply with at least equivalent data protection standards as set out in this agreement.

7. Rights and Obligations of the Client

7.1 Right of Instruction

The client has the right to issue instructions to explidata regarding the processing of personal data. Instructions can be given in writing, by email, or in documented electronic form.

7.2 Rights of Control

The client has the right to verify compliance with the technical and organizational measures as well as the obligations set out in this agreement by explidata or to have them verified by third parties.

8. Liability and Compensation

The principles of Art. 82 GDPR apply to liability. In the internal relationship between the client and explidata, each party is liable for the damage caused by a violation of the GDPR for which it is responsible.

9. Term and Termination

This agreement enters into force upon using our services and is valid for the duration of explidata's processing activities for the client.

10. Contact Persons and Communication

Managing Director:
Christian Knaut

cknaut@explidata.de

+49-30-21970531

Your Data in Safe Hands

Transparency and data protection are central values of our working methods. If you have any questions about the processing of your data, we are available to you at any time.

cknaut@explidata.de | +49-30-21970531