Privacy Policy

We, the controller of this website, will process your personal data when you use our website and store it for as long as is necessary to fulfill the specified purposes and legal obligations. This document states what data we collect, how we process it and what your rights are in relation to your data. Pursuant to Article 4(1) of the General Data Protection Regulation (GDPR), ‘personal data’ means any information relating to an identified or identifiable natural person (hereinafter "data subject or user").
 

I.) CONTROLLER NAME AND CONTACT DETAILS

This privacy policy applies to the data processing operations performed by the controller:

DQS GmbH
Deutsche Gesellschaft zur Zertifizierung von Managementsystemen

August-Schanz-Straße 21
60433 Frankfurt am Main
Germany

(hereinafter referred to as „DQS“)

Email:         info(at)dqs.de
Phone:+49 (0)69 95427-0
Fax:+49 (0)69 95427-111

DQS’s data protection officer can be reached at the above address, Attn: Data Protection Officer or at
datenschutzbeauftragter@dqs.de

You can contact our data protection officer at any time with questions about data protection rights in general or your rights as a data subject in particular.
 

II.) PROCESSING OF PERSONAL DATA AND PURPOSES OF PROCESSING
 

1. WHEN VISITING THE WEBSITE

You can access our website without having to reveal information about your identity. The browser used on your device only sends information automatically to our website’s server. The information includes date and time of visit, name and URL of the accessed file, operating system / browser type and version used, and the website from which our website was accessed (referrer URL).

It also includes the IP address of your requesting device, which is temporarily stored in a log file and automatically deleted after 14 days.

We cannot directly infer your identity from processing your IP address in the log file. The IP address is processed for technical and administrative purposes relating to establishing and maintaining a stable connection in order to guarantee the security and functionality of our website and enable us to take legal action against anyone illegally attacking our website where necessary.

The legal basis for processing the IP address is GDPR Article 6(1) point (f). Our legitimate interest follows from the above security interest and the need to provide our website without any malfunctions.

We also use cookies and analytics services when you visit our website. Please see sections IV.), V.) and VI.) of this privacy policy to learn more.
 

2. WHEN USING THE CONTACT FORM FOR GENERAL INQUIRIES

We provide an online contact form so you can send us general inquiries. In the process, we collect the following mandatory information:

  • Salutation
  • First and last name
  • Function
  • Company
  • Address
  • Phone
  • Email address
  • Reason for contacting us, and your personal message

We need the information about you and your company so that we know who is sending the inquiry and so that we can direct your inquiry to the appropriate customer service team member if your company is already one of our customers. We need your email address and phone number so that we can respond to your inquiry and contact you should we have questions relating to the inquiry.

The data is processed following your inquiry as part of the response to your contact inquiry on the basis of our legitimate interest pursuant to GDPR Article 6(1) point (f).

We will delete the personal data we collect when you use the contact form as soon as your inquiry has been fully processed unless GDPR Article 6(1) point (c) requires us to store your data for longer periods due to retention and documentation obligations set out in tax and commercial law (German Commercial Code (Handelsgesetzbuch – HGB), German Criminal Code (Strafgesetzbuch – StGB) or the Fiscal Code of Germany (Abgabenordnung – AO)) or you have given consent to a longer storage period pursuant to GDPR Article 6(1) point (a).
 

3. RELATING TO OUR NEWSLETTER

When you give your explicit consent pursuant to GDPR Article 6(1) point (a), we will use your email address to send our newsletter to you on a regular basis. You only need to provide your email address to receive the newsletter.

If you are one of our existing customers and have not objected to the use of your email address, we may also use your email address without your explicit consent in order to send you information about similar products and services offered by our company. When advertising to existing customers, we base the processing on our legitimate interests pursuant to GDPR Article 6(1) point (f). The processing of your email address for direct advertising purposes is considered to be a legal interest recognized by the GDPR.

You can unsubscribe at any time by clicking the "Unsubscribe" link at the end of the newsletter. Alternatively, you can ask to be unsubscribed at any time by emailing kontakt@dqs.de.

We employ the specialized service provider Act-On Software, Inc., 121 SW Morrison St #1600, Portland, OR 97204 ("Act-On") to send our newsletter. Act-On abides by the data protection requirements of the US Privacy Shield and is registered with the US Commerce Department’s US Privacy Shield program. The program provides assurances that EU data privacy law will be followed.

We have entered into a processing contract with Act-On. Under the contract, Act-On agrees to process personal data in conformity with the GDPR and protect the rights of the data subject.
 

4. FORM PAGES

We employ the specialized service provider Act-On Software, Inc., 121 SW Morrison St #1600, Portland, OR 97204 ("Act-On") to provide certain form pages on our domain.

We employ Act-On in conformity with GDPR Art. 6(1) point (f) on the basis of our legitimate economic interest in presenting our product and service range. The engagement of a specialized service provider is necessary in order to quickly provide forms that may change depending on our product and service range. Act-On uses servers in the US to process the data entered on the Act-On forms that are integrated in our website. Act-On abides by the data protection requirements of the US Privacy Shield and is registered with the US Commerce Department’s US Privacy Shield program. The program provides assurances that EU data privacy law will be followed.

We have entered into a processing contract with Act-On. Under the contract, the service provider agrees to process the data in conformity with the GDPR and protect the rights of the data subject.
 

 a.) In response to a request for a quote

You may request a quote for certification and auditing services.

We will regularly need the following information from you to respond to your request for a quote:

  • Salutation
  • First and last name
  • Function
  • Company
  • Address
  • Phone
  • Email address
  • Time when the certification or auditing services will be needed


We need the information about you and your company

  • so that we know who is sending the inquiry and
  • to direct your inquiry to the appropriate customer service team member. We need your email address and phone number
  • so that we can respond to your inquiry and contact you should we have questions relating to the inquiry.

The data is processed following your inquiry and is necessary for the performance of a contract and in order to take steps prior to entering into a contract pursuant to GDPR Art. 6(1) point (b).

We will store the personal data we collect from your inquiry until the statutory retention obligation expires and will then delete it unless GDPR Article 6(1) point (c) requires us to store your data for longer periods due to retention and documentation obligations set out in tax and commercial law (German Commercial Code (Handelsgesetzbuch – HGB), German Criminal Code (Strafgesetzbuch – StGB) or the Fiscal Code of Germany (Abgabenordnung – AO)) or you have given consent to a longer storage period pursuant to GDPR Article 6(1) point (a).
 

 b.) When registering for a webinar

We will regularly need the following information if you wish to register for a webinar on our website:

  • Salutation, title, first name, last name
  • Valid email address
  • Phone number
  • Company you work for


This data is collected in order to

  • identify you as a participant
  • check entered data for plausibility and
  • send advance and follow-up information about the webinar.

The data is processed following your inquiry and is necessary for the performance of a contract and in order to take steps prior to entering into a contract pursuant to GDPR Art. 6(1) point (b). We will store the personal data we collect for a webinar registration for a reasonable period after the webinar ends and will then automatically delete it unless GDPR Article 6(1) point (c) requires us to store your data for longer periods due to retention and documentation obligations set out in tax and commercial law (German Commercial Code (Handelsgesetzbuch – HGB), German Criminal Code (Strafgesetzbuch – StGB) or the Fiscal Code of Germany (Abgabenordnung – AO)) or you have given consent to a longer storage period pursuant to GDPR Article 6(1) point (a).


 c.) When registering for a workshop  

You can use our online form to register for a workshop. In the process, we regularly collect the following mandatory information:

  • Workshop time and place
  • Salutation
  • Lastname
  • Function
  • Email address
  • Phone
  • Company details
  • Billing address


The mandatory information is processed in order to

  • identify you as a workshop participant,
  • reserve a workshop slot for you,
  • establish and implement the participation contract with you and
  • supply you with information before, during and after the workshop so that you can get the most out of the workshop and so that we can plan and execute the workshop smoothly in a manner commensurate with your interests.

The data is processed following your inquiry and is necessary for the performance of a contract and in order to take steps prior to entering into a contract pursuant to GDPR Art. 6(1) point (b).

We will store the personal data we collect for a workshop registration until the workshop is completely over and will then automatically delete it unless GDPR Article 6(1) point (c) requires us to store your data for longer periods due to retention and documentation obligations set out in tax and commercial law (German Commercial Code (Handelsgesetzbuch – HGB), German Criminal Code (Strafgesetzbuch – StGB) or the Fiscal Code of Germany (Abgabenordnung – AO)) or you have given consent to a longer storage period pursuant to GDPR Article 6(1) point (a).
 

5. WHEN REGISTERING FOR MyDQS

Under the domain https://www.mydqs.com DQS Group (DQS GmbH, DQS Holding GmbH, DQS CFS GmbH, DQS Medizinprodukte GmbH, DQS BIT GmbH) as joint controllers according to Article 26 GDPR offer our customers the possibility to register for a password protected area (hereinafter referred to as MyDQS) where certifications, order confirmations, reports and other relevant documents can be provided by us and accessed by you.

If you request from your customer advisor to register for MyDQS, the advisor will create a login for you, based on your relevant contact-data (name, email address) and your organization’s DQS-file number. Your name is required in order to know, who the request comes from. We need your e-mail address to send you an email with a link for your initial registration.

To complete the registration process, you will need to provide additional mandatory information about your company. If you have voluntarily given us your telephone number to be contacted by phone, this number will also be transferred to the account. After your first registration, you have to set a password of your own choice. Together with your e-mail address, this enables access to your account.

If permissions are provided, you can add and activate additional members from within your organization. In order to create a login, you will have to provide

  • Salutation
  • First and last name
  • Position
  • Email address
  • Professional contact details

of the person you’d like to register. The newly created user will receive an activation link with which the login can be activated as described above. The link is valid for 24 hours. If the account is not activated by the member of your organization, the details provide by you will be deleted automatically after 48 hours. The organization’s admin can delete additional accounts at any time within the portal itself.

The processing of data is carried out at your request and is required in accordance with Article 6 Para. 1 Subpar. 1 lit. b GDPR for the purposes mentioned above for the performance of a contract we have with you and pre-contractual measures as well as based on legitimate interests of DQS Group to jointly offer its customers additional services, based on Article 6 Para. 1 Subpar. 1 lit. f GDPR.

If you wish to deactivate your organization’s account as a whole, you can request deletion from DQS by e-mail at any time. The personal data processed by us within the context of MyDQS will then automatically be deleted after all contractual matters have been settled, unless you have consented to additional storage (in particular company details and user accounts) in accordance with Article 6 Para. 1 Subpar. 1 lit. a GDPR or legal storage obligations prevent deletion.

You can, in principle, exercise your data subject rights towards any member of the DQS group. Internally responsible, however, is first and foremost DQS GmbH.

 

III.) SHARING OF DATA

Your personal data will not be shared for any purposes other than those listed below.
 

1. FOR CONTRACT PERFORMANCE

Your personal data will be shared with third parties to the extent permitted by law and required to perform contracts in accordance with GDPR Art. 6(1) point (b). This includes, without limitation, sharing data with self-employed auditors for the purpose of providing certification and auditing services. The third party may use the shared data solely for the stated purposes.


2. FOR OTHER PURPOSES

In addition, we will only share your personal data with third parties if

  • you have expressly given consent to it in accordance with GDPR Art. 6(1) point (a);
  • there is a legal obligation to share the data pursuant to GDPR Art. 6(1) point (c).


IV.) COOKIES AND PIXEL TAGS

We use cookies on our website. Cookies are small files that are automatically generated by your browser and stored on your device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies are not harmful to your device and contain no viruses, Trojan horses or other malware.

Cookies contain information relating to the device that you specifically use. However, that does not mean that we can immediately identify you from cookies.

We use pixel tags (also known as tracking pixels or beacon trackers) in our online content. Pixel tags are small graphics integrated using the HTML code of our website. By and of themselves, pixel tags do not store or modify information on your device and so are not harmful to your device and contain no viruses, Trojan horses or other malware.

Pixel tags send your IP address, the referrer URL, the website visited, the time the pixel was viewed, the browser used and previously set cookie information to a web server. That makes it possible to measure reach and perform other statistical analyses that serve to optimize our product and service range.

Some cookies are used to make your visit to our website more pleasant for you. For example, we employ session cookies to recognize when you have already visited certain pages of our website.

We also use temporary cookies, which are stored on your device for a certain defined period of time, to provide a more user-friendly experience. If you visit our website again to use our services, the website will automatically recognize that you have visited us before and will remember what information and settings (language, tracking and targeting settings, etc.) you have entered so you do not have to re-enter them.

The data processed using cookies is necessary for the above purposes to protect our legitimate interests pursuant to GDPR Art. 6(1) point (f).

We also employ cookies and pixel tags to statistically track the use of our website and to optimize our product and service range wherever you have expressly given consent to the use of cookies and pixel tags pursuant to GDPR Art. 6(1) point (a) (see section VI.). These cookies are automatically deleted after a defined period of time.
 

ALL COOKIES AT A GLANCE:
 

NECESSARY COOKIES

We use necessary cookies on our website to make the use of our website more pleasant and to optimize its use. The data is not shared with, or accessible by, third parties. The cookies are stored temporarily. The data is deleted automatically. See the description of the services for more precise information.

This is a system for managing JavaScript and HTML tags used to implement tracking and analysis tools. 

Processing company

Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Purposes of processing:

Management of Google LLC website tags

Data collected:

No personal data is processed. Google Tag Manager is a cookie-free domain and does not collect any personal data. However, it can trigger other tags, which may collect and process personal data. This refers to the use of Google Analytics. See GOOGLE ANALYTICS for more information about data processing by Google Analytics.

Retention period:

Google Tag Manager does not store the data.

Data recipient:

Google LLC in the US. Google LLC is Privacy Shield certified.

This is a consent management service that enables us to obtain and manage user consent to the use of cookies and other technologies. See section V.) for more information on the Usercentrics Consent Management Platform.

Processing company:

Usercentrics GmbH, Rosental 4, 80331 Munich, Germany

Purposes of processing:

Compliance with legal obligations, storage of consent

Technologies used:

Local storage, cookies

Data collected:

This list contains all the (personal) data collected by the service itself or as a result of using it.

Device information, browser information, anonymized IP address, opt-in and opt-out data, date and time of visit

Retention period

The consent data (consent granted and withdrawal of consent) is stored for three years. The data is exported after the contract ends.

Data recipient

Usercentrics GmbH, domiciled in the EU.

This is a content management service that enables us to create, edit and publish digital content on our website.

Processing company:

TYPO3 Association, Sihlbruggstrasse 105, CH 6340 Baar, Switzerland

Purposes of processing:

Website security, optimization, analytics

Technologies used:

Cookies

Data collected:

This list contains all the (personal) data collected by the service itself or as a result of using it.

Browser information, device operating system, referrer URL, host name of accessing computer, date and time of visit, IP address

Data recipient:

The data is not combined with other data sources.

This is a content management service that enables us to create, edit and publish digital content on our website.

Processing company:

DQS; Deutsche Gesellschaft zur Zertifizierung von Managementsystemen

Purposes of processing:

Website rendering in session

Technologies used:

Cookies

Data collected:

This list contains all the (personal) data collected by the service itself or as a result of using it.

Browser information, device operating system, referrer URL, host name of accessing computer, date and time of visit, IP address

Data recipient:

The data is not combined with other data sources.

STATISTICAL COOKIES

We use cookies on our website to analyze the use of our website and measure and improve our website’s performance. We use the services named in this category for that purpose. The data is transferred to and stored by the service provider. The data is deleted automatically. The storage period and recipients of the data transfers are indicated in the descriptions of the individual services. You can object to the use of the services at any time.

This is a web analytics service. Pseudonymized user profiles are generated that we use to analyze our website and further optimize its use.  See section VI.) for more information.

Processing company:

Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Purposes of processing:

Creation of pseudonymized user profiles for analytical and optimization purposes on the website.

Technologies used:

Cookies, pixel tags

Data collected:

This list contains all the (personal) data collected by the service itself or as a result of using it.

  • IP address (anonymized)
  • Date and time of the visit
  • Usage data
  • Click path
  • App updates
  • Browser information
  • Device information
  • JavaScript support
  • Pages visited
  • Referrer URL
  • Downloads
  • Flash version
  • Location information
  • Purchase activity
  • Widget interactions

Retention period:

The stored data is automatically deleted after 14 months.

Data recipient:

Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google, LLC is  Privacy Shield certified.

This is a web analytics service. Pseudonymized user profiles are generated that we use to analyze our website and further optimize its use.  See section VI.) for more information.

Processing company:

Act-On Software, Inc., 121 SW Morrison St #1600, Portland, OR 97204

Purposes of processing:

Creation of pseudonymized user profiles for analytical and optimization purposes on the website.

Technologies used:

Beacon Tracker

Data collected:

IP address, Date and time of the visit, Referrer URL, Browser information, device operating system.

Retention period:

The stored data is automatically deleted after 26 months.

Data recipient:

Act-On Software, Inc., 121 SW Morrison St #1600, Portland, OR 97204, USA. Die Act-On, Inc. ist PrivacyShield zertifiziert.


MARKETING COOKIES

We use the services in this category to display advertising that is relevant to your interests. We use the services to measure the efficiency of marketing campaigns in order to improve and optimize our activities. The services enable us to track user behavior on our website and on other websites and services and to recognize visitors to our website who have visited other offerings of ours in the past. The data is transferred to and stored by the service provider. The data is deleted automatically. The storage period and recipients of the data transfers are indicated in the descriptions of the individual services. You can object to the use of the services at any time.

This is a tracking technology provided by Facebook and used by other Facebook services such as Facebook Custom Audiences to enable the retargeting of users between Facebook services and our website. See section VI.) for more information.

Processing company:

Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin, D02, Ireland

Purposes of processing:

Advertising, marketing, retargeting, tracking ID, analysis, technologies used, cookies

Data collected:

This list contains all the (personal) data collected by the service itself or as a result of using it.

Facebook user ID, browser information, usage data, device information, non-sensitive user-defined data, referrer URL, pixel ID, location information, pixel-specific data, user behavior, advertisements viewed, interactions with advertising, services and products, marketing information, content viewed, IP address

Retention period:

The data is deleted as soon as it is no longer needed for the processing purposes.

Data recipient:

Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, USA. Facebook, Inc. is Privacy Shield certified.

This is a tracking technology provided and used by LinkedIn. We use LinkedIn Insight Tag to recognize visitors to our website who have previously used our LinkedIn offering. See section VI.) for more information.  

Processing company:

LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

Purposes of processing:

Analysis, retargeting, marketing

Technologies used:

Cookies, pixel tags

Data collected:

This list contains all the (personal) data collected by the service itself or as a result of using it.

Referrer URL, IP address, device information, browser information, time stamp

Retention period:

The data is deleted after 90 days.

Data recipient:

LinkedIn Corp., 1000 W. Maude Ave., Sunnyvale, California 94085, USA. LinkedIn Corp. is Privacy Shield certified.


V.) CONSENT MANAGEMENT WITH USERCENTRICSs

Our website uses the Usercentrics consent management service from Usercentrics GmbH, Rosental 4, 80331 Munich, Germany. This involves the processing of the date and time of the visit, browser information, consent information, device information and the anonymized IP address of the requesting device. The legal basis for this processing is GDPR Art. 6(1) point (f) (legitimate interest). The procurement and management of legally required consent is deemed to be a legitimate interest as defined in the aforementioned law since it interferes very little with the users’ rights due to the use of anonymized IP addresses and the employment of a service provider based in Germany. Any withdrawal of previously granted consent is stored for three years. The legal basis for storage is GDPR Art. 6(1) point (f). The ability to provide accountability pursuant to GDPR Art. 5(2) is a legitimate interest. More information about data protection at Usercentrics is available here.
 

VI.) TRACKING AND TARGETING

We will only employ the following analytics, tracking and targeting measures if you have granted your consent to do so pursuant to GDPR Art. 6(1) point (a).
 

1. GOOGLE ANALYTICS

Our website uses Google Analytics, a web analytics service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as "Google"). It requires pseudonymous usage profiles to be generated and cookies to be used.

The information generated by the cookie about the use of our website (e.g. IP address of the accessing computer, time of visit, referrer URL and information about the browser and operating system) is generally transmitted to and stored by Google on servers in the United States. Google abides by the data protection requirements of the US Privacy Shield and is registered with the US Commerce Department’s US Privacy Shield program. The program provides assurances that EU data privacy law will be followed. We have entered into a processing contract with Google regarding the use of Google Analytics. Under the contract, Google agrees to process the data in conformity with the GDPR and protect the rights of the data subject.

Google Analytics is used to analyze and optimize our online content and efficiently operate this website. Google therefore processes the information on our behalf in order to evaluate how the website is used, to compile reports on website activity and to provide us with other services related to website activity and internet usage for the purposes of conducting market research and aligning this website with user needs.

We only use Google Analytics with activated IP anonymization. That means Google truncates the users’ IP address in member states of the European Union or in other states that are parties to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the United States and truncated there.

We have activated the advertising functions of Google Analytics. This allows reports to be generated on target groups, on demographic characteristics such as age, gender and visitor interests and on our marketing campaigns. The data comes from campaigns conducted using Google services, interest-based Google advertising, the Google Display Network and visitor data from third-party providers. This process does not directly disclose your identity to us. These reports enable us to evaluate user behavior in connection with our online content even better and optimize how we address target groups.

If you do not want your user behavior to be included in these reports, you can deactivate this option in the display settings in your Google account or use the method described below to opt out of the acquisition of data by Google Analytics. You can also limit data acquisition by not logging in to your Google account when visiting our website.

We do not use Google’s Universal Analytics with User-ID.

Captured data may be transmitted to third parties wherever required by law or wherever third parties process the data on our behalf.

The user data collected using cookies is automatically deleted after 26 months.

You can withdraw your consent at any time with future effect.

[WITHDRAW CONSENT]

To learn more about data protection in connection with Google Analytics, see the Google Analytics help page. To find out how Google uses data, look up its Privacy policy.

 

2. GOOGLE ADS

We use Google Ads from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as "Google"). This service enables us to appropriately structure, statistically track, optimize and present advertising content.

Google Ads places a cookie on your computer when you access our website by clicking on a Google advertisement. These cookies expire after 30 days. If you visit certain pages on our website and the cookie has not yet expired, we and Google can recognize that you have clicked on the advertisement and been directed to this page.

We also use a remarketing pixel that connects and evaluates information about your use of this website. This enables us to show you content that is relevant to you on other websites. Google has stated that it does not combine data collected through remarketing with personal data that Google may have stored. Google also pseudonymizes the data. Remarketing data based on tags is stored for 30 days.

The information generated by the cookie about your use of this website, including clicking behavior on text and products or interactions with videos, is stored by Google on its servers in the United States. Google abides by the data protection requirements of the US Privacy Shield and is registered with the US Commerce Department’s US Privacy Shield program.

Every Google Ads customer receives a different cookie. Cookies can therefore not be tracked across the websites of Google Ads customers. The information obtained using the conversion cookie is used to generate conversion statistics for Google Ads customers who use conversion tracking. As a Google Ads customer, we are told the total number of users who have clicked on an advertisement and were redirected to a page with a conversion tracking tag. However, we do not obtain any information that enables us to personally identify you.

If you do not want to participate in the tracking process, you can refuse to set the necessary cookie, for example, by generally disabling the automatic setting of cookies in your browser settings. You can also disabler conversion tracking cookies by setting your browser to block cookies from the domain "www.googleadservices.com". 

Data is processed using the remarketing pixel on the basis of your express consent, GDPR Art. 6(1) point (a). You can withdraw your consent at any time with future effect.

Google’s privacy policy is available here.

 

3. ACT-ON TRACKING

We use the Act-on Beacon Tracker from Act-On Software, Inc., 121 SW Morrison St #1600, Portland, OR 97204 (hereinafter referred to as "Act-On"). In this context, data on visitors' user behavior is collected using pixels integrated in our website consolidated into pseudonymous user profiles.

The information about the use of our website (e.g. IP address of the accessing computer, time of visit, referrer URL and information about the browser and operating system) is generally transmitted to and stored by Act-On on servers in the United States. Act-On abides by the data protection requirements of the US Privacy Shield and is registered with the US Commerce Department’s US Privacy Shield program. The program provides assurances that EU data privacy law will be followed.

We have entered into a processing contract  with Act-On to use the Act-On Beacon Tracker. Under the contract, Act-On agrees to process the data in conformity with the GDPR and protect the rights of the data subject.

Data stored by the Act-On Beacon Tracker is automatically deleted once the purpose of processing has been attained.  

You can withdraw your consent to our using the Act-On Beacon Tracker at any time with future effect.

[WITHDRAW CONSENT]

More information about data protection while using the Act-On Beacon Tracker is available here.

 

4. FACEBOOK PIXEL

Our website integrates the Facebook pixel from social network Facebook, Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, and/or Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter referred to as "Facebook") that is used to process personally identifiable information about the use of this website. That information includes your IP address, browser, linking page and target page

We can use the Facebook pixel to track how you respond to our advertisements on Facebook, such as when you click a link in the advertisement that redirects you to our website. This gives us a better idea of how successful our Facebook campaigns are and enables us to improve them constantly. In addition, the pixel enables us to recognize you as a visitor to our website. We can use this information to only show advertisements to those Facebook users who will likely be interested in our products and services, either because they have already visited our website or because they possess certain characteristics (e.g. interest in certain issues or products based on the websites they have visited).

The pixel is loaded when you visit our website or respond to an advertisement we have published on Facebook, such as by clicking a link that takes you to our page. A pixel ID is then generated and stored in a cookie so that we can obtain reports on your user behavior. We do not use the pixel to personally identify you.

We have entered into an agreement with Facebook regarding its processing of this data on our behalf. In the agreement, Facebook agrees to process the data in conformity with the GDPR and respect data subjects’ rights.

Facebook abides by the data protection requirements of the US Privacy Shield and is registered with the US Commerce Department’s US Privacy Shield program. The program provides assurances that EU data privacy law will be followed.

You can withdraw your consent at any time with future effect.

[WITHDRAW CONSENT]

 

5. LINKEDIN INSIGHTS

Our website uses the LinkedIn Insight Tag from LinkedIn Co., 2029 Stierlin Court, Mountain View, Ca 94943, USA (hereinafter referred to as "LinkedIn").

The LinkedIn Insight Tag enables us to collect information, including personal data, about visitors to our website. This lets us assess the effectiveness of our advertising and display interest-based advertisements. The collected data includes the URL, referrer URL, IP address, device and browser properties (user agent) and time stamp.

This information is transmitted to LinkedIn in the United States. LinkedIn abides by the data protection requirements of the US Privacy Shield and is s registered. with the US Commerce Department’s US Privacy Shield program. The program provides assurances that EU data privacy law will be followed.

IP addresses are only stored or hashed in truncated form. If you visit our website while being logged in to LinkedIn, this information will be collected as well. Collected data is pseudonymized within seven days, i.e. all personal identifiers are removed. The remaining pseudonymized data is then deleted within 180 days.

You can withdraw your consent at any time with future effect.

[WITHDRAW CONSENT]

 

6. OKTOPOST

We use the social media management tool from Oktopost Technologies, Inc., 3423 Piedmont Rd NE, Atlanta, GA 30305 (hereinafter referred to as "Oktopost"). We use Oktopost in order to manage the publication of posts and measure and optimize the reach and effectiveness of marketing campaigns on our social media channels. This is done by setting an Oktopost cookie. The Oktopost cookie is used to identify links in social media posts that an end user has clicked.

The information generated by the tool about the reach and effectiveness of our social media channels (e.g. IP address of the accessing computer, time of visit, referrer URL and information about the browser and operating system, user behavior) is generally transmitted to and stored by Oktopost on servers in the United States. Oktopost abides by the data protection requirements of the US Privacy Shield and is registered with the US Commerce Department’s US Privacy Shield program. The program provides assurances that EU data privacy law will be followed.

Oktopost is used on the basis of consent granted under GDPR Art. 6(1) point (a).

We have entered into a processing contract with Oktopost to use the tool. Under the contract, Oktopost agrees to process the data in conformity with the GDPR and protect the rights of the data subject.

Data stored bythe tool is automatically deleted once the purpose of processing has been attained.  

You can withdraw your consent at any time.

CONSENT CAN BE WITHDRAWN HERE

More information about data protection when using Oktopost is available here.

 

VII.) EMBEDDED THIRD-PARTY CONTENT  

Our website contains third-party content such as videos to expand the functionality of our website for our users in order to add services provided by other vendors. This is done on the basis of your consent pursuant to GDPR Art. 6(1) point (a) and our legitimate interests pursuant to GDPR Art. 6(1) point (f). The underlying purpose of processing is a legitimate interest within the meaning of the GDPR.


1. EMBEDDED YOUTUBE VIDEOS

Our website uses components (videos) from YouTube, LLC, 901 Cherry Ave., 94066 San Bruno, CA, USA (hereinafter referred to as "YouTube"), a company of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as "Google").

We use the privacy-enhanced mode provided by YouTube when embedding videos.

If you pull up a page containing an embedded video and give your consent pursuant to GDPR Art. 6(1) point (a), a connection will be established to the YouTube servers and the content will be displayed on the webpage by communicating with your browser. The consent request may not be shown if you have blocked JavaScript. We embed these YouTube videos on the basis of GDPR Art. 6(1) point (f). Our legitimate interest lies in the smooth integration of the videos and the resulting attractive design of our website.

According to YouTube, cookies are not set to analyze user behavior in privacy-enhanced mode. Instead, data – including which of our websites you have visited as well as device-specific information, including your IP address – is only transmitted to YouTube servers in the United States when you actually watch the video. You consent to this transmission when you click on the video

If you are also logged in to YouTube, this information will be associated with your YouTube user account. You can prevent this from happening by logging out of your YouTube account before visiting our website

Google abides by the data protection requirements of the US Privacy Shield and is registered with the US Commerce Department’s US Privacy Shield program.

To learn more about data protection in connection with YouTube, see the Google Privacy Policy.
 


2. EMBEDDED GOOGLE MAPS

Our website uses Google Maps from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as "Google") to show an interactive map on our website. The implementation enables Google to capture device information, protocol data, including the IP address, and location information. Data is not transmitted to Google solely as a result of accessing our website. You do not activate the interactive Google Maps map until you click on the map and thus consent to transmitting the data to Google. The personal data collected by Google is sent to and stored on a Google server in the United States. Google abides by the data protection requirements of the US Privacy Shield and is registered with the US Commerce Department’s US Privacy Shield program.

Google uses the personal data in order to evaluate how the website is used, to compile reports on website activity and to provide other services related to website activity and internet usage for the purposes of market research and aligning this website with user needs. Google may also transmit this information to third parties wherever required by law or wherever third parties process the data on its behalf. You can prevent any data transfer to the Google servers in association with the use of Google Maps by deactivating JavaScript in your browser. However, you will not be able to use the map screen in that case. To learn more about data protection in connection with Google Maps, see the Google Privacy Policy.

 

VIII.) DATA SUBJECTS’ RIGHTS

You have the right:

  • pursuant to GDPR Art. 7(3) to withdraw the consent you have given us at any time pursuant. If you do so, we will no longer be permitted to process the data based on this consent in the future;;
  • pursuant to GDPR Art. 15 to obtain information about your personal data that we are processing. In particular, you may obtain information about the purposes of the processing, the categories of personal data, the categories of recipients to whom the personal data has been or will be disclosed, the envisaged period for which the personal data will be stored, the existence of the right to request rectification, erasure, restriction of processing, the existence of the right to lodge a complaint, the source of your data if it was not collected on our website, and the existence of automated decision-making, including profiling, and meaningful information on the related particulars if applicable;
  • pursuant to GDPR Art. 16 to obtain without undue delay the rectification of inaccurate personal data or the completion of incomplete personal data stored in our systems;
  • pursuant to GDPR Art. 17 to obtain the erasure of your personal data stored on our systems without undue delay as long as the processing is not necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
  • pursuant to GDPR Art. 18 to obtain restriction of processing of your data wherever you contest the accuracy of the personal data, the processing is unlawful and you oppose the erasure of the personal data and we no longer need the personal data but you require it for the establishment, exercise or defense of legal claims or you have objected to processing pursuant to GDPR Art. 21;
  • pursuant to GDPR Art. 20 to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and to obtain transmission of the data to another controller; and
  • pursuant to GDPR Art. 77 to lodge a complaint with a supervisory authority. You can generally contact the supervisory authority for your habitual residence, place of work or our corporate domicile.

 

INFORMATION ABOUT YOUR RIGHT TO OBJECT PURSUANT TO GDPR ART. 21

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on GDPR Article 6(1) point (e) (processing in the public interest) and GDPR Article 6(1) point (f) (processing based on a balancing of interests), including profiling based on those provisions and defined in GDPR Art. 4(4).

If you object, we will no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

If you object to the processing of data for direct marketing purposes, we will stop the processing without undue delay. It is not necessary to demonstrate a special situation in this case. This also applies to profiling to the extent that it is related to such direct marketing.

To exercise your right to object, simply send an email to datenschutzbeauftragter@dqs.de.
 

IX.) DATA SECURITY

All the data that you personally transmit will be encrypted prior to transfer using the customary, secure TLS (Transport Layer Security) standard. TLS is a secure, proven standard that is used for applications such as online banking. You can recognize secure TLS connections by the "s" suffix attached to the "http" (i.e. ..) in your browser’s address bar or by the lock icon in your browser's bottom bar.

We also use appropriate technical and organizational security measures in order to protect your data from deliberate or accidental tampering, partial or complete loss or destruction and unauthorized third-party access. Our security measures are constantly updated to reflect technological progress.
 

X.) TIMELINESS AND MODIFICATION OF THIS PRIVACY POLICY

This Privacy Policy is currently valid and was issued in April 2020.

It may be necessary to modify this Privacy Policy as our website and its content changes and/or as laws and regulations change. You can look up and print out our latest Privacy Policy at any time on our website at 

https://www.dqs.de/en/privacy-policy