Privacy Policy

The Digital Top 50 Awards (the “Awards”) are organised by McKinsey & Company, Inc., Google Ireland Limited, Freshfields Bruckhaus Deringer LLP, Hering Schuppener and 468 Capital GmbH & Co. KG (together the “Organizers”, each an “Organizer”).

This Privacy Notice explains how

· the Organizers (“we” or “our” or “us”) process your personal data in connection with the application process for the Awards, and

· how McKinsey, as sole controller, processes your personal data in connection with your use of this website (“DT50-website”), with emails you sent to info@dt50.org, and with the newsletters you may subscribe to in order to receive further information with regard to the Awards.

We are committed to protecting your privacy and complying with the data protection laws applicable in Germany.

Each Organizer acts as independent controller in terms of the General Data Protection Regulation (“GDPR”) and will process the personal data in accordance with this Privacy Notice, as described below, and additionally in accordance with their own privacy notices, which are available

- Here for McKinsey & Company, Inc., Kennedydamm 24, 40027 Düsseldorf, Germany (“McKinsey”);

- Here for Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, D04 E5W5, Ireland;

- Here for Freshfields Bruckhaus Deringer LLP, Potsdamer Platz 1, 10785 Berlin;

- Here for Hering Schuppener Consulting Strategieberatung für Kommunikation GmbH , Berliner Allee 44, 40212 Düsseldorf;

- Here for 468 Capital GmbH & Co. KG, Rheinsberger Str. 76/77, 10115, Berlin.

It is a core element of our policy to respect the privacy of our applicants and each visitor of DT50-website. Therefore, we kindly request you to carefully read this Privacy Notice to understand how your personal data are processed when you use DT50-website and the application form for the Awards.

I. Categories of personal data collected

1. Application process and the Awards

If you apply for the Awards through our application form and/or or subscribe to receiving updates regarding the Award on this website or by e-mail to info@dt50.org, any personal data contained in your application/subscription will be collected. It may include for instance your full name, date of birth, telephone number(s), e-mail address as well as the company name and its location (city).

Under no circumstances we will ask you to submit business sensitive and/or highly confidential information.

We may also collect further personal data about you and your company from publicly available sources, in particular from business-related social media platforms (e.g. LinkedIn) or other online sources that contain information on your professional activities and career.

2. Subscription to email-updates

If you subscribe to receiving updates regarding the Awards on the DT50-website or by e-mail to info@dt50.org, any personal data contained in your subscription will be collected, in particular your e-mail address.

3. DT50-Website

McKinsey, which controls the hosting of the DT50-website, and its authorized third party service providers may automatically collect and record technical data in web server log files when you visit or interact with the DT50-website. This technical data may include browser type and version, device and device identification number, time spent on the website, URL of the website visited before and after visiting the website and the IP address. Although McKinsey does not normally use this technical data to identify you as an individual, you can sometimes (e.g. in certain technical support cases) be recognized from it, either alone or when combined or linked with other personal data. McKinsey will treat such technical data as personal data. Your browser automatically transfers this data to McKinsey when you visit the DT50-website.

II. Purpose and legal basis of the processing

Any personal data relating to you will be processed in accordance with current data protection legislation and this Privacy Notice.

1. Application process and the Awards

McKinsey collects the personal data you submit via the application form or by email to info@dt50.org in order to enable you to participate in the application process for the Awards. After collection of the data, McKinsey will transfer your data to each of the Organizers to the extent necessary for the further processing of your application, in particular in order to enable the Organizers to review the applications independently and to assess their quality in line with the criteria set forth in the terms and conditions of the Awards. Subsequently, each Organizer may collect further information from publicly available sources as described above to scrutinize the correctness of the submitted information as well as to gather further facts that are relevant for a holistic assessment of the respective company and to make applications more comparable. Together with these facts the Organizers may forward the application to external members of the jury (a list of the jury members can be found under www.dt50.org) who will finally select the shortlist participants and winners of the Awards. We also process your personal data to announce you as a shortlist participant or winner (if applicable), to deliver the prize you won (if applicable) and to communicate with you (e.g., if further information is needed from you to process your application).The legal basis for these processing activities is Art. 6(1)(b) GDPR.

We may also publish your name in connection with your company’s name and the result of your (successful) application in newspapers, magazines or on the Internet, to report on and to promote our activities. The legal basis for this processing is Art. 6(1)(f) GDPR. Our legitimate interest is to inform the public and to solicit potential customers.

We may also process your personal data to comply with our legal obligations such as regulatory requirements as well as retention obligations (e.g. for record keeping purposes). The relevant legal basis is Art. 6(1)(c) GDPR.

We may also anonymize your personal data and process them aggregated (anonymously) for market research purposes, to publish trends and/or to improve usefulness and content because we have a legitimate interest to improve our services and inform the public about our activities. The legal basis for this processing is Art. 6 (1)(f) GDPR.

Upon completion of the Awards, your personal data will be retained or deleted in accordance with the requirements of national law.

2. E-mail updates

McKinsey offers you the option to subscribe to email-updates around the Awards, in particular with respect to the application process, application deadlines, related activities of the Organizers, results of the Awards and the launch of new Awards. When you subscribe to these updates on the DT50-website or by sending a request via email to info@dt50.org, McKinsey will process the personal data submitted by you to include you in the lists of update-recipients and to send the email-updates.

The legal basis for this processing is your consent in accordance with Articles 6 (1)(a), 7 GDPR that you granted upon submission of your registration for the updates. You may withdraw you consent at any time with effect for the future or simply unsubscribe from the updates. McKinsey will then delete your data from the recipients-list and will no longer send you the updates.

Furthermore, McKinsey will process any personal data that you submit by sending emails to info@dt50.org to be able to adequately respond to your requests or to further process your application. The legal basis for this processing is Art. 6(1)(b) GDPR.

3. Website

The processing of your personal data which is recorded in the web server log files as described above is necessary for McKinsey to be able to provide the DT50-website technically, as well as for misuse detection and troubleshooting. McKinsey has a legitimate interest to operate the DT50-website to provide information on the Awards and to give interested company representatives a convenient option to participate in the application process. The legal basis for this processing is Art. 6(1)(f) GDPR.

4. Cookies

For the provision of the DT50-website McKinsey uses technically necessary cookies. Cookies are small files that are stored on your desktop, notebook or mobile device by a website that you visit. From this McKinsey can recognise, for example, whether there has already been a connection between your device and the DT50-website. Cookies can also contain personal data. You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for specific cases or in general and activate the automatic deletion of cookies when closing the browser. If you decide against the use of cookies, you may not be able to use the full functionality of the DT50-website.

The necessary session cookies are only used for the purpose of providing the DT50-website. They are absolutely necessary for the functions of the website and are deleted when you close your browser.

The setting of and access to the data stored in such necessary cookies and the processing of personal data associated with these cookies is necessary to safeguard McKinsey’s legitimate interest in enabling you to visit the DT50-website. The legal basis for this processing is Art. 6(1)(f) GDPR.

If, in providing the DT50-website, McKinsey wishes to use cookies that are not absolutely necessary for the operation of the website, such as functional or performance cookies, McKinsey will only do so if you have given your consent. In this case, when you visit the website, McKinsey will inform you in a pop-up window or by similar means about the intention to use cookies and the associated data processing and will ask you for your voluntary consent.

III. Data transfers

The personal data necessary for the performance of the Awards will be shared between the Organizers and the jury members and – if they choose to use the help of assistants – to elected staff assisting the jury members. The Organizers may use external service providers, that process your data on behalf of the respective Organizer and exclusively in accordance with its instructions.

The personal data will be stored on our servers and content management systems, which may be located in Germany or in other countries inside the EEA.

To the extent described in the separate privacy notices of the Organizers (mentioned above), your personal data may be transferred to selected entities of the respective Organizer’s groups of companies for administering the award, recruiting and marketing purposes, including entities that are located outside the EEA. Those countries outside the EEA may not have data protection laws and regulations comparable to the ones operating in your country. In case of such transfer of your personal data, the responsible Organizer will adopt appropriate measures to ensure that your personal data will be protected there on the terms and conditions of the applicable privacy notice and in accordance with applicable legal regulations.

We may also disclose your personal data to external service providers to the extent it is necessary to deliver to you the prizes or the services that you are entitled to as winner or shortlist participant of the Awards, if applicable.

Subject to the provisions set forth in this Privacy Notice and without your approval we will not disclose any information that relates to you, unless we are required or obligated to do so by law.

IV. Security

The security of your personal data is important to us. We have implemented technical and organizational measures aimed at protecting your personal data against unauthorized access, loss, alteration and misuse. We will reasonably ensure that these technical and organizational measures always comply with the latest technological standards.

However, no method of security or transmission is entirely secure. You should always use caution when transmitting personal data.

V. Your rights

If your personal data is processed, you are a data subject within the meaning of the GDPR and, if the legal requirements are met, you may be entitled to the following rights:

- the right to obtain information on data processing and a copy of the data processed (right of access by the data subject, Art. 15 GDPR)

- the right to obtain the rectification of inaccurate data or have incomplete data completed (right to rectification, Art. 16 GDPR),

- the right to obtain the erasure of personal data without undue delay (right to erasure, Art. 17 GDPR),

- the right to obtain restriction of processing personal data (right to restriction of processing, Art. 18 GDPR)

- the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided (right to data portability, Art. 20 GDPR)

- the right to revoke any granted consent at any time with effect for the future, Art. 7(3) GDPR. In the case of revocation, the Organizers will delete the respective data immediately, as far as further processing cannot be legally justified for processing without consent. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Where any Organizer processes your personal data for the purposes of the legitimate interests pursued by itself or a third party, you also have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you (right to object, Art. 21 GDPR). The processing of personal data will then be cancelled, unless the Organizer demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

You can object to the processing of your personal data for purposes of direct marketing at any time without any reason. You can inform us about your objection under the contact details of the respective Organizer listed above.

Regardless of this, you have the right to lodge a complaint with a competent supervisory authority pursuant to Art. 77 GDPR.

VI. Contact us

If you have any requests, questions, comments or suggestions about this Privacy Notice or our privacy practices, please contact the respective controller. You may find the contact data of the data protection officers of the Organizers in their privacy notices linked above.

If you have any questions about this Privacy Notice or if you would like to communicate with McKinsey’s EU Data Protection Officer or the Data Privacy Team, please contact McKinsey at:

McKinsey & Company

Legal Department

711 Third Avenue

New York, NY 10017

+1 212 446 7000

privacy@mckinsey.com