Privacy Information

When using our website, your personal data will be processed by us as the data controller and stored for the period of time required to fulfill the specified purposes and legal obligations.

This privacy information provides you with an overview of how your personal data is processed when you access the "Website" available at www.dqsglobal.com, use the embedded forms and communication tools, or make use of the services offered as part of the MyDQS portal (the forms together with the MyDQS portal collectively the "Services"). We also inform you about your rights under the EU General Data Protection Regulation ("GDPR") and the options you have to manage and protect your personal data.

Note: We use providers in third countries or related to third countries in connection with the operation of our website and offering our Services and, as a global group, we are ourselves active in third countries where there is no level of data protection identical to the GDPR. You can find more detailed information about the measures we have taken to protect your personal data in this privacy policy. We are directing our Website and Services at businesses and therefore assume that these measures are sufficient. You are under no legal or contractual obligation to provide us with the personal data specified in this privacy information via the website. You may also contact us at any time by e-mail or telephone or in writing.

If you have any questions about data protection at DQS or about your data subject rights, you can contact us directly or our data protection officer at any time.

You can download this data protection information here.

I.) NAME AND CONTACT DETAILS OF THE CONTROLLER AND DATA PROTECTION OFFICER

For the website as well as for the processing in the context of the use of the Services, the controller

DQS Holding GmbH
August-Schanz-Strasse 21
60433 Frankfurt am Main
Tel: +49 69 95427 0
Fax: +49 69 95427 111
Email: info@dqsglobal.com

"we", "us" or „DQS“).

If you have any questions about the processing of your data to our data protection officer, you can contact by mail to dataprotection@dqsglobal.com.

II.) CATEGORIES OF DATA, PURPOSES AND LEGAL BASIS OF PROCESSING

When providing our Website and Services, we process personal data from different sources for different purposes.

For one, this is data that we process automatically, mainly for technical reasons, when accessing the website or services for each visitor regardless of whether that visitor uses our services, contacts us or not.
Secondly, we process certain data only if you decide to contact us or to use certain functions of the website, or to make use of services offered via it. Where applicable, we also process personal data that third parties provide to us from you.

Finally, we also process data from you for marketing purposes in connection with our business relationship, or if you have previously given your express consent. You have the right to object to these processing operations at any time, or to withdraw your consent once you have given it. Find our more about your data subject’s rights.

1. DATA WE AUTOMATICALLY PROCESS WHEN YOU VISIT OUR WEBSITE

When you visit our Website and use our Services, we automatically process connection and usage data.

The browser you use on your device automatically sends information to the server of our Website, e.g. date and time of access, name and URL of the accessed site, operating system/ browser type and version used, website from which the access is made (referrer URL), but also your IP address (together "connection data") and information about how you interact with our Website and our services ("usage data"). Based on this data alone, it is not possible for us to identify you as an individual.

We process connection and usage data to ensure IT security and the operation of our systems as well as to prevent or detect abuse, in particular fraud. In addition, we process pseudonymous usage data to analyze and continuously improve the performance of the website and services and to fix bugs as well as to personalize content for you.

We temporarily store connection and usage data in so-called log files and usually delete them automatically after 14 days.

We process connection and usage data on the basis of our legitimate interests in a secure, trouble-free and convenient delivery and use of our Website and Services, Article 6 (1) p. 1 lit. f of the GDPR.

Cookies and similar technologies: We also use cookies and similar technologies to process usage data automatically for these purposes. For more information about Cookies and their use on the Website, please see the information about Cookies and similar technologies at the end of this Privacy Information.

Beim Besuch unserer Website und bei der Nutzung unserer Dienste verarbeiten wir automatisch Verbindungs- und Nutzungsdaten.

2. DATA WE PROCESS WHEN YOU USE OUR SERVICES

Besides usage data that we process of all website visitors and users of our services, we process personal data of you if you provide it to us actively when using our Services, e.g., when you use our Contact- Inquiry- Registration- or Order forms for general inquiries, complaints and violations, requests related to our certification and audit services, registration for webinars, workshops and events, download of whitepapers or info packages, or you communicate with us via our chat.

We may process your contact details (e.g., your name, email address, phone number), information related to your professional activity, invoicing information if applicable, registration-, contract,- and order information, as well as content data otherwise provided by you through our services (e.g. more detailed information about your requests and about your business, etc.).

We process this information to enable you to contact us and make use of our Services, for possible queries and to answer your inquiry, as well as to check the information for plausibility.

The data processing is carried out in response to your request and is necessary for the aforementioned purposes for the fulfillment of the contract and pre-contractual measures in accordance with Article 6 (1) p. 1 lit. b) of the GDPR.

In addition, we also process this data for other purposes in individual cases. These include, for example, the transfer of your personal data to affiliated companies within the Group. For example, we will forward your inquiry to the responsible DQS company and your customer advisor if your company is already a customer of ours.

SPECIFIC INFORMATION ON PROCESSING IN CONNECTION WITH THE REGISTRATION AND USE OF MYDQS

Under the domain https://www.mydqs.com, the DQS Group, as joint controllers pursuant to Article 26 of the GDPR, enables you to register for a restricted password area (hereinafter referred to as MyDQS) where certificates, order confirmations, reports and other relevant documents can be provided to and accessed by you.

The Joint Controllers have entered into an agreement pursuant to Article 26 (1) of the GDPR, which provides binding rules on when which Controller must fulfill which obligations arising from the requirements of the GDPR.

Exercising the data subject rights within the meaning of Articles 15 et seq. GDPR, however, is possible with each of the Joint Controllers. This means that you can, for example, communicate and thus assert your right to access pursuant to Article 15 of the GDPR or a request for deletion pursuant to Article 17 of the GDPR vis-à-vis any company of the DQS Group. The entity addressed will handle the subsequent internal communication in order to fulfill your lawful requests.

With regard to the right of data subjects to lodge a complaint with a supervisory authority, the following is the lead authority: the Hessian Commissioner for Data Protection and Freedom of Information, Gustav-Stresemann-Ring 1, 65189 Wiesbaden, P.O. Box 31 63, 65021 Wiesbaden, telephone: 0611 1408-0, fax: 0611 1408-900, e-mail: poststelle@datenschutz.hessen.de, Internet: http://www.datenschutz.hessen.de. However, you can also contact the supervisory authorities at your registered office.

In this context, we process access data, subsequent information in connection with your company, as well as information on your authorizations. To complete registration, it is necessary to select a personal password. In conjunction with your email address (collectively, "access data"), this allows you to login to your MyDQS user account.

Users of MyDQS can add other users whose access data we subsequently process. When you are added by a user from within your organization, you will receive an email with an activation link that you can use to activate your user account. The link has a validity of 24 hours. If you do not want to activate a user account and your organization does not send a new activation link, the temporarily created user account will be automatically deleted after 48 hours. After successful registration, users with write authorization can delete their user account themselves at any time.

The processing of personal data in connection with the provision of MyDQS by us is carried out at your or your organization's request and is necessary for the fulfillment of contractual obligations with you or your organization based on our legitimate economic interests, Article 6 para. 1 p. 1 lit. b) and lit. f) of the GDPR.

3. DATA WE PROCESS FOR MARKETING PURPOSES

If you have expressly consented in accordance with Article 6 (1) p. 1 lit. a of the GDPR, we will process the data you provided when registering for our newsletters in order to send you our newsletter on a regular basis. We only offer free webinar recordings, whitepapers or info packages after you have consented to receive newsletters from us. You can unsubscribe at any time by clicking the "Unsubscribe" link at the bottom of the newsletter. Alternatively, you may send your unsubscribe request at any time by e-mail to info@dqsglobal.com.

We may also use your e-mail address without your express consent to send you information about similar products and services of our company, provided you are already a customer of ours and have not objected to the use of your e-mail address, so-called "existing customer mailings". In the case of existing customer mailings, we base the processing of your personal data on our legitimate interests pursuant to Article 6 (1) p. 1 lit. f of the GDPR. The processing of your e-mail address for the purpose of direct marketing is thereby considered a legitimate interest recognized by the GDPR. Unsubscribing is possible at any time by clicking on the "Unsubscribe" link at the end of the newsletter. Alternatively, you may send your unsubscribe request at any time by e-mail to info@dqsglobal.com.

Cookies and similar technologies: If and to the extent you have expressly consented when accessing up our website, we also use cookies and similar technologies for the automatic processing of usage data for these purposes. You can find more information about cookies and their use on the website at the end of this privacy information in the section on cookies and similar technologies as well as in the consent mask provided, which you can access at any time via the footer of our website and manage your settings.

III.) RECIPIENTS

We only share your personal data with carefully selected service providers as well as with business partners and other DQS Group companies on the basis of agreements in which these service providers undertake to comply with strict contractual requirements for the protection of your data. In some cases, we may also share data with third parties if we are instructed to do so by you or your organization, or if we are required to do so by law.

1. INFORMATION ON THIRD COUNTRY DATA TRANSFERS

We also transfer your personal data to countries outside the EEA (so-called "third countries") for which there is no adequacy decision by the EU Commission (so-called "restricted third countries"). Restricted third countries do not offer a level of data protection identical to that in the EU. We only transfer your personal data if

  • appropriate safeguards are provided by the recipient in accordance with Article 46 of the GDPR for the protection of personal data (including any additional measures required),
  • you have expressly consented to the transfer, after we have informed you about the risks, in accordance with Article 49 (1) lit. a) of the GDPR,
  • the transfer is necessary for the performance of contractual obligations between you and us
  • or another exception from Article 49 of the GDPR applies.

Appropriate safeguards under Article 46 of the GDPR can be so-called standard contractual clauses, with which a recipient in a restricted third country assures to protect the data sufficiently and thus to ensure a level of protection comparable to the GDPR. However, standard contractual clauses are only binding for our contractual partners. Therefore, there is a residual risk that government authorities may gain access to your personal data without providing you with effective legal remedies against this.

Please note: Other users activated by your organization may also have access to reports stored in MyDQS. DQS does not check from which countries the activated users access information stored in MyDQS. Personal data may be transferred to countries outside the EEA as a result. We base such transfers on the necessary fulfillment of the contractual relationship in the context of providing our services in MyDQS.

If you use MyDQS, DQS companies in restricted third countries may also access the data stored about you on the basis of Article 49 (1) (b) of the GDPR in order to fulfill the contract between you and DQS, for example if you work with a DQS company in a restricted third country.

2. SERVICES PROVIDORS

To offer our Website and Services, we use the services of IBEXA Content Management System Ibexa GmbH, Kaiser-Wilhelm-Ring 30-32, 50672 Cologne, Germany, as well as Hubspot, a service of HubSpot, Inc, 25 First Street, Cambridge, MA 02141 United States. We also use Hubspot for our newsletters.

Our website uses the consent management service Usercentrics of Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany. If you give us consent to set cookies when you visit our website, Usercentrcis processes the date and time of the visit, browser information, consent information and information of the requesting device.

We provide our chat with the help of Userlike of Userlike UG, Probsteigasse 44-46, 50670 Cologne (hereinafter "Userlike").

We integrate third-party content, e.g. videos, into our website on the basis of your consent pursuant to Article 6 (1) p. 1 lit. a) of the GDPR and on the basis of our legitimate interests pursuant to Article 6 (1) p. 1 it. f) of the GDPR in order to enhance the functionality of our web sites for our users with services offered by other providers. The underlying purpose is to be considered a legitimate interest within the meaning of the GDPR. We use components (videos) from YouTube, LLC. 901 Cherry Ave, 94066 San Bruno, CA, USA (hereinafter: "YouTube"), a company of Google. We generally activate the "extended data protection mode" option provided by YouTube. According to the information provided by YouTube, no cookies are set in "extended data protection mode" to analyze user behavior.

The recipients of your personal data also include, subject to your prior consent, the service providers described in our consent form for the use of cookies and similar technologies (such as Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Meta Platforms, Inc. (formerly Facebook), One Hacker Way, Menlo Park, CA 94025, USA; LinkedIn Co, 2029 Stierlin Court, Mountain View, Ca 94943, USA; and Hotjar Ltd Dragonara business center 5th floor, Dragonara road, Paceville St. Julians, STJ 3141) that analyze connection and usage data for us. Detailed information about these providers can be found in the information about cookies, web analytics and other tracking technologies at the end of this privacy policy, as well as in the consent form provided when you access our website. You can withdraw your consent at any time by accessing our consent mask again via the footer of our site and manage your settings.

We have entered into strict contractual agreements with these service providers to process data exclusively within the scope of our instructions (so-called data processing agreements).

3. TRANSFER OF PERSONAL DATA TO THIRD PARTIES

Insofar as this is legally permissible and required in accordance with Article 6 (1) p. 1 lit. b) or f) of the GDPR for the initiation or execution of contractual relationships with you or your company we transfer personal data to third parties. For example, we transfer personal data to independent auditors for the purpose of carrying out certification and auditing services. The data passed on may only be used by the third party for these purposes.

In addition, we will only disclose your personal data to third parties if:

  • you have given your express consent to this in accordance with Article 6 (1) p. 1 lit. a of the GDPR;
  • in the event that there is a legal obligation for the disclosure pursuant to Article 6 (1) p. 1 lit. c of the GDPR that we are subject to;
  • in the event of a corporate transfer or transformation, such as a merger, an acquisition or when selling all or part of assets to which this Privacy information relates. In that event, you will be notified in advance by email and/or similar prominent notice on our websites of any such change and use of your personal data and of any options you have with respect to your personal information (including, where applicable, your right to object to such transfer).

IV.) RETENTION AND DELITION

We process and store your personal data as long as this is necessary in order to complete our response to your inquiry or to fulfill our contractual and tax and commercial law or other legal obligations to retain and document data (in particular from the German Commercial Code (HGB), the German Criminal Code (StGB) or the German Tax Code (AO)).

Contact data that we have received in connection with the offer of our Services, our webinars, workshops and congresses, or other contractual ties with you, we may process longer in order to be able to stay in contact with you. You can object to this storage at any time.

We store usage data within the scope of our services for a maximum period of one month.

We process personal data in connection with MyDQS until your access is deleted and beyond that, provided that further storage is necessary in the interest of your organization in accordance with Article 6, para. 1 p. 1 lit. f) of the GDPR, or if we are legally obliged to store data for a longer period due to tax and commercial law retention and documentation obligations.

We generally store data that we have received on the basis of your express consent until you withdraw your consent, but we may also delete it if we no longer need the data for the purposes for which you gave your consent or remain inactive for a longer period of time.

V.) YOUR DATA SUBJECTS RIGHTS

You have the right

  • in accordance with Article 7 (3) of the GDPR, to revoke your consent given to us at any time. This has the consequence that we may no longer continue the data processing based on this consent in the future;
  • to request access to your personal data processed by us in accordance with Article 15 of the GDPR. In particular, you may request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the scheduled retention period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, and the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details;
  • pursuant to Article 16 of the GDPR, to request without undue delay the correction of inaccurate or incomplete personal data stored by us;
  • pursuant to Article 17 of the GDPR, to request the deletion of your personal data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to comply with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
  • pursuant to Article 18 of the GDPR, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing pursuant to Article 21 of the GDPR;
  • pursuant to Article 20 of the GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller; and
  • to lodge a complaint with a supervisory authority in accordance with Article 77 of the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose. The supervisory authority responsible for us is the Hessian Commissioner for Data Protection and Freedom of Information, Gustav-Stresemann-Ring 1, 65189 Wiesbaden.

INFORMATION ABOUT YOUR RIGHT TO OBJECT ACCORDING TO ARTICLE. 21 GDPR

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you carried out on the basis of Article 6(1)(e) of the GDPR (data processing in the public interest) and Article 6(1)(f) of the GDPR (data processing on the basis of a balance of interests); this also applies to Article 4(4) of the GDPR profiling based on this provision.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate reasons for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

If your objection is directed against processing of data for the purpose of direct marketing, we will immediately stop the processing. In this case, it is not necessary to specify a particular legal situation. This also applies to profiling, insofar as it is related to such direct marketing.

If you wish to exercise your right to object, an e-mail to dataprotection@dqsglobal.com is sufficient.

VI.) DATA SECURITY

All data you personally submit is encrypted using the generally accepted and secure standard TLS (Transport Layer Security). TLS is a secure and proven standard that is also used, for example, in online banking. You can recognize a secure TLS connection, among other things, by the appended s at the http (i.e.https.) in the address bar of your browser or by the lock symbol in the lower area of your browser.

We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

INFORMATION ON COOKIES AND SIMILAR TECHNOLOGIES

When using our services, usage data is collected in the context of so-called "web tracking". This means that the behavior of certain users can be tracked pseudonymously in order to improve and personalize our Services and to optimize advertising. We also use cookies and comparable technologies for this purpose.

What are cookies? Cookies are small text files containing information that are stored on your device used to access the site. They are usually used to assign a specific action or preference on a website to a user, but without identifying the user as a person or revealing his identity.

Cookies are not automatically good or bad, but it is worth understanding what you can do about them and making your own decisions about your data.

We use the following types of cookies, the scope and functionality of which are explained below: Session cookies and persistent cookies.

Session cookies are automatically deleted when you close your browser. This applies in particular to session cookies. They store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.

Persistent cookies are also retained when you close your browser and then automatically deleted after a certain period of time, which may vary depending on the cookie. You can also delete the cookies at any time in the security settings of your browser.

You can set your browser before or after your visit to our website so that all cookies are rejected or to indicate when a cookie is sent. Usually these settings can be managed in the settings of your browser, including in such a way that no cookies can be set at all or that cookies are deleted again. Your browser may also have an anonymous browsing feature. You can use these functions of your browser yourself at any time. However, if you have disabled the setting of cookies in your browser by default, our Website or Services may not function properly.

In addition to cookies, we use other technologies for tracking users. These include, for example, so-called pixel tags (also known as "web beacons", "GIFs" or "bugs").

What are pixel tags? Pixel tags are transparent one-pixel images that are displayed on the website. They track, for example, whether a particular area of the website has been clicked on. When triggered, the pixel tag logs a user interaction and can read or set cookies. Since pixels often rely on cookies to function, turning cookies off can interfere with them. But even if you turn off cookies, pixels can still detect a website visit.

Pixels send your IP address, the referrer URL of the website visited, the time the pixel was viewed, the browser used, and previously set cookie information to a web server. This makes it possible to carry out range measurements and other statistical evaluations, which serve to optimize our services.

Purposes and legal basis

We use cookies and similar technologies on the one hand to improve your experience when using our website. For example, we use session cookies to recognize that you have already visited individual sites of our Services, you have already logged into your user account or for shopping cart display. These are automatically deleted after you leave our site.

In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your terminal device for a certain specified period of time. If you visit our site again to use our Services, we automatically recognize that you have already been with us and which entries and settings you have made so that you do not have to enter them again. The data processed by these cookies are necessary for the aforementioned purposes to protect our legitimate interests as well as those of third parties in accordance with Article 6 (1) lit. f) of the GDPR.

On the other hand, we use these technologies - provided you have given your consent, Article 6 (1) p.1 .lit. a) of the GDPR - to statistically record the use of our website and to evaluate it for the purpose of optimizing our services, as well as to show you advertisements on third-party sites.

You can withdraw your consent at any time for the future via the cookie management tool. You can call up the tool again at any time via the "Cookie settings" button at the bottom of the website to check and adjust your consent settings.

ALL COOKIES AND TOOLS AT A GLANCE AND MANAGE SETTINGS

This privacy information is currently valid and was updated in March 2022.

Due to the further development of our website and offers on it or due to changed legal or regulatory requirements, it may become necessary to change this privacy information. The current privacy information can be accessed at any time on the website at www.dqsglobal.com/de/datenschutz and can be printed out by you.