Privacy Information
In connection with the use of our websites, personal data are processed by us as the controller and stored for the period necessary to fulfil the defined purposes and to comply with statutory obligations.
This Data Protection Notice provides you with an overview of how your personal data are processed when you access the "Website" available at www.dqsglobal.com, use the integrated forms and communication tools, or make use of the services offered within the MyDQS Portal (the forms together with the MyDQS Portal collectively referred to as the "Services"). We also inform you of your rights under the EU General Data Protection Regulation ("GDPR") and the options available to you for managing and protecting your personal data.
Note: In connection with the provision of our Website and Services, we engage service providers in third countries or with a connection to third countries and, as a global group, we are ourselves also active in third countries in which the level of data protection is not identical to that under the GDPR. Further information on the measures we have taken to protect your personal data can likewise be found in this Data Protection Notice. We address businesses and therefore assume that these measures are sufficient. You are neither legally nor contractually obliged to provide us with the personal data specified in this Data Protection Notice via the Website. You may also contact us at any time by e-mail, telephone, or in writing.
For any questions regarding data protection at DQS or regarding your rights as a data subject, you may contact us directly or our Data Protection Officer at any time.
I. NAME AND CONTACT DETAILS OF THE CONTROLLER AND DATA PROTECTION OFFICER
The controller responsible for the Website and for the processing in connection with the use of the Services is:
DQS Holding GmbH
August-Schanz-Strasse 21
60433 Frankfurt am Main
Tel: +49 69 95427 0
Fax: +49 69 95427 111
E-mail: [email protected]
("we", "us", or "DQS").
If you have questions regarding the processing of your data by our Data Protection Officer, you may contact him by e-mail at [email protected].
II. CATEGORIES OF DATA PROCESSED, PURPOSES, AND LEGAL BASES OF PROCESSING
In connection with the provision of our Website and Services, we process personal data from different sources for various purposes.
On the one hand, these are data which we automatically process primarily for technical reasons when accessing the Website or Services for every visitor, irrespective of whether that visitor uses our Services, contacts us, or not.
On the other hand, we process certain data only when you decide to contact us or to use certain functions of the Website or to make use of services offered through it. Where applicable, we also process personal data that third parties provide to us about you.
Finally, we also process your data for marketing purposes in connection with our business relationship, or where you have expressly consented in advance. You have the right at any time to object to such processing or to withdraw consent once given. See Your Rights below.
1) Data We Automatically Process When You Visit Our Website or Use Our Services
When you visit our Website and use our Services, we automatically process connection and usage data.
The browser installed on your terminal device automatically transmits information to the server of our website, e.g. the date and time of access, the name and URL of the file accessed, the operating system/browser type and version used, the website from which access originates (referrer URL), as well as your IP address (collectively "connection data") and information about how you interact with our Website and Services ("usage data"). On the basis of these data alone, we are not able to identify you as an individual.
We process connection and usage data in order to ensure IT security and the operation of our systems, as well as to prevent or detect misuse, in particular fraud. In addition, we process pseudonymous usage data in order to analyse the performance of the Website and Services, to continuously improve them, to correct errors, and to personalise content for you.
We store connection and usage data temporarily in so-called log files and as a rule delete them automatically after 14 days.
We process connection and usage data on the basis of our legitimate interests in the secure, uninterrupted, and user-friendly provision and use of our Website and Services, Art. 6(1)(1)(f) GDPR.
Cookies and similar technologies: We also use cookies and similar technologies for the automatic processing of usage data for these purposes. Further information on cookies and their use on the Website can be found at the end of this Data Protection Notice in the section on Cookies and Similar Technologies.
2) Data We Process When You Use Our Services
In addition to usage data which we process for all Website visitors and users of our Services, we process personal data from you when you actively provide them to us in connection with our Services, e.g. when you use our contact, enquiry, registration, or order forms for general enquiries, complaints and reported violations, certification and assessment services, registration for webinars, workshops and events, downloading of white papers or information packages, or when you contact us via our chat.
In this context, we process your contact data (e.g. your name, e-mail address, telephone number), information relating to your professional activities, billing data where applicable, registration, contractual and order data, as well as content data otherwise provided by you via our Services (further details regarding your enquiries and your company, etc.).
We process this information in order to enable you to contact us and to make use of our Services, to handle any follow-up queries and to respond to your enquiry, as well as to verify the plausibility of the information provided.
Data processing is carried out at your request and is necessary pursuant to Art. 6(1)(1)(b) GDPR for the stated purposes in order to perform the contract and to take pre-contractual measures.
In addition, we process these data in individual cases for other purposes. These include, for example, the transfer of your personal data to affiliated companies within the group. For example, we forward your enquiry to the responsible DQS entity and your account manager if your company is already a customer of ours. This is in the interest of both your company and our own, Art. 6(1)(1)(f) GDPR.
We may also disclose your data to third parties where this is necessary to fulfil our contractual obligations, where you instruct us to do so, where we are legally required to do so, or in rare cases to assert legal claims on our part or to defend against legal disputes. The legal basis in these cases is either a statutory obligation (Art. 6(1)(c) GDPR) or our legitimate interests, Art. 6(1)(1)(f) GDPR.
3) Special Notes on Processing in Connection with Registration for and Use of MyDQS
Under the domain https://www.mydqs.com, the DQS Group as joint controllers pursuant to Art. 26 GDPR enables users to register for a password-protected area (hereinafter referred to as "MyDQS"), in which certificates, order confirmations, reports, and other relevant documents are made available and can be retrieved by you.
The joint controllers have entered into an agreement pursuant to Art. 26(1) GDPR which bindingly sets out which controller is to fulfil which obligations arising from the requirements of the GDPR at any given time.
The exercise of data subject rights within the meaning of Arts. 15 et seq. GDPR is, however, possible with each of the joint controllers. This means that you may, for example, assert your right of access pursuant to Art. 15 GDPR or a request for erasure pursuant to Art. 17 GDPR with each company of the DQS Group. The party addressed shall then take over further internal communication to fulfil your lawful requests.
With regard to the data subject's right to lodge a complaint with a supervisory authority: The Hessian Commissioner for Data Protection and Freedom of Information (Der Hessische Beauftragte für Datenschutz und Informationsfreiheit), Gustav-Stresemann-Ring 1, 65189 Wiesbaden, P.O. Box 31 63, 65021 Wiesbaden, Telephone: 0611 1408-0, Fax: 0611 1408-900, E-mail: [email protected], Website: http://www.datenschutz.hessen.de, has primary jurisdiction. You may, however, also contact the supervisory authority at your place of residence.
In this context, we process access data, further information in connection with your company, as well as information regarding your access permissions. To complete registration, it is necessary to select a personal password. In conjunction with your e-mail address (collectively "access data"), this enables you to access your user account.
Users of MyDQS have the option of activating further users, whose access data we will subsequently process. If you are activated by a user, you will receive an e-mail containing an activation link with which you can activate your user account. The link is valid for 24 hours. Should you not wish to activate a user account and your organisation does not send a new activation link, the temporarily created user account will be automatically deleted after 48 hours.
Following successful registration, users with write authorisation may delete their user account themselves at any time. The processing of personal data in connection with our provision of MyDQS is carried out at your or your company's request and is necessary for the performance of contractual obligations with you or your company on the basis of our legitimate economic interests, Art. 6(1)(1)(b) and (f) GDPR.
4) Data We Process to Market Our Offerings
Where you have expressly consented pursuant to Art. 6(1)(1)(a) GDPR, we process the data you have provided upon registration in order to send you our newsletter on a regular basis. Free webinar recordings, white papers, or information packages are offered only upon your consent to receive the newsletter. You may unsubscribe at any time by clicking the "Unsubscribe" link at the end of the newsletter. Alternatively, you may send us your request to unsubscribe at any time by e-mail to [email protected].
Under certain circumstances, we may also use your e-mail address, without your express consent, to send you information about similar products and services of our company, provided you are already a customer of ours and have not objected to the use of your e-mail address for this purpose — so-called "existing customer marketing". In the case of existing customer marketing, we base the processing on our legitimate interests pursuant to Art. 6(1)(1)(f) GDPR. The processing of your e-mail address for the purpose of direct marketing is thereby deemed a legitimate interest recognised by the GDPR. You may unsubscribe at any time by clicking the "Unsubscribe" link at the end of the newsletter. Alternatively, you may send your request to unsubscribe at any time by e-mail to [email protected].
Cookies and similar technologies: Where you have expressly consented upon accessing our Website, we also use cookies and similar technologies for the automatic processing of usage data for these purposes. Further information on cookies and their use on the Website can be found at the end of this Data Protection Notice in the section on Cookies and Similar Technologies, as well as in the consent management interface provided upon accessing our Website, which you can access at any time via the footer of our website to manage your settings.
5) Data We Process in the Context of the Customer Relationship
When you use our Services as a customer, we process your personal data as this is necessary for the performance of the contract (Art. 6(1)(b) GDPR) and we have a legitimate interest in efficient customer management (Art. 6(1)(f) GDPR). Accordingly, we process your data to handle your enquiry and to prepare an offer, and, in the event of conclusion of a contract, for subsequent contract performance, customer communication, and invoicing. For these purposes we process master data such as the contact details of the contact person, contract data such as services, order details, and contract contents, billing data, and communication data (e-mails, telephone notes, correspondence). These data are processed and stored by the relevant specialist departments. We delete the data once they are no longer required for the purpose of processing or, in the case of contract data, for as long as statutory retention periods continue to apply.
III. RECIPIENTS TO WHOM WE DISCLOSE YOUR PERSONAL DATA
We disclose your personal data only to carefully selected service providers and to business partners and other companies within the DQS Group on the basis of contracts under which these service providers undertake to comply with strict contractual requirements for the protection of your data. In individual cases, we also disclose data to third parties where we are instructed to do so by you or your company, or where we are legally required to do so.
1) Information on the Transfer of Personal Data to Third Countries
We also transfer your personal data to countries outside the European Economic Area (so-called "third countries") for which no adequacy decision by the Commission exists (so-called "unsafe third countries"). In such unsafe third countries, you are not afforded a level of data protection identical to that in the EU. We transfer your personal data only where:
• the recipient provides appropriate safeguards pursuant to Art. 46 GDPR for the protection of personal data (including any additionally required supplementary measures),
• you have expressly consented to the transfer after being informed of the risks, pursuant to Art. 49(1)(a) GDPR,
• the transfer is necessary for the performance of contractual obligations between you and us, or
• another exception under Art. 49 GDPR applies.
Appropriate safeguards within the meaning of Art. 46 GDPR may include so-called standard contractual clauses, by which a recipient in an unsafe third country undertakes to protect the data sufficiently so as to ensure a level of protection comparable to that under the GDPR. Standard contractual clauses are, however, only binding on our contractual partners. There therefore remains a residual risk that governmental authorities may obtain access to your personal data without effective legal remedies being available to you in that regard.
Where we transfer data to the United States, we also base the transfer on the EU-US Data Privacy Framework Programme, where the service providers are registered under this programme, so as to ensure that an adequate level of data protection is maintained for your personal data at all times. A copy of the Privacy Framework certificate can be viewed at any time via the text search at: https://www.privacyshield.gov.
Please note: Users activated by your organisation may also have access to the reports stored in MyDQS. DQS does not verify from which countries the activated users access the information stored in MyDQS. This may result in personal data being transferred to countries outside the EEA. We base such transfers on the necessity for the performance of the contractual relationship in connection with the use of MyDQS.
Where you use MyDQS, DQS entities in unsafe third countries may also, on the basis of Art. 49(1)(b) GDPR for the performance of the contract between you and DQS, view the data stored by you, for example where you are collaborating with a DQS entity in an unsafe third country.
2) Service Providers Engaged
For the provision of our Website and Services, we use the services of IBEXA Content Management System Ibexa GmbH, Kaiser-Wilhelm-Ring 30–32, 50672 Cologne, as well as HubSpot, a service of HubSpot, Inc., 25 First Street, Cambridge, MA 02141, USA. We also use HubSpot for our newsletters. For conducting surveys, we use the service of SurveyMonkey, a service of Momentive Europe UC. Further information on the processing of your personal data by our partners can be found at:
• https://www.surveymonkey.com/mp/legal/privacy/
• https://legal.hubspot.com/de/privacy-policy
• https://www.ibexa.co/about-ibexa/privacy-policy
Our Website uses the consent management service Usercentrics, provided by Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany. When you grant consent for the setting of cookies upon accessing our Website, Usercentrics processes the date and time of the visit, browser information, information regarding consents, and information about the requesting device.
We also use Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA, and Cloudflare Germany GmbH, Rosental 7, c/o Mindspace, 80331 Munich, Germany, as a content delivery and security service for the provision of this Website. Cloudflare processes technical data (e.g. IP addresses, request metadata) to deliver content and to defend against attacks. Processing is carried out on the basis of our legitimate interest (Art. 6(1)(f) GDPR) in the secure and efficient provision of our online services.
We integrate third-party content, e.g. videos, into our Website on the basis of your consent pursuant to Art. 6(1)(1)(a) GDPR and on the basis of our legitimate interests pursuant to Art. 6(1)(1)(f) GDPR, in order to enhance the range of functions available on our pages for our users with services offered by other providers. The underlying purpose is to be regarded as a legitimate interest within the meaning of the GDPR.
We incorporate on our websites components (videos) of YouTube, LLC, 901 Cherry Ave., 94066 San Bruno, CA, USA (hereinafter "YouTube"), a company of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter "Google"). In doing so, we generally make use of the "extended data protection mode" option provided by YouTube. According to YouTube's representations, in "extended data protection mode" no cookies are set to analyse user behaviour.
The recipients of your personal data also include, subject to your prior consent, the service providers described in our consent management interface for the use of cookies and similar technologies — such as Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Meta Platforms, Inc. (formerly Facebook), One Hacker Way, Menlo Park, CA 94025, USA; LinkedIn Co., 2029 Stierlin Court, Mountain View, CA 94943, USA; and Hotjar Ltd., Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St. Julians, STJ 3141 — which analyse connection and usage data on our behalf. Detailed information on these providers can be found in the information on cookies, web analytics, and other tracking technologies at the end of this Data Protection Notice, as well as in the consent management interface provided upon accessing our Website. You may withdraw your consent at any time by accessing our consent management interface via the footer of our website and managing your settings.
We have entered into strict contractual arrangements with these service providers requiring them to process data exclusively in accordance with our instructions (so-called data processing agreements).
3) Disclosure of Personal Data to Other Third Parties
Where this is legally permissible and necessary pursuant to Art. 6(1)(1)(b) or (f) GDPR for the initiation or performance of contractual relationships with you or your company, we also transfer personal data to other third parties. For example, we disclose personal data to independent auditors for the purpose of carrying out certification and assessment services. The data so disclosed may be used by the third party exclusively for the stated purposes.
Beyond this, we disclose your personal data to third parties only where:
• you have expressly consented thereto pursuant to Art. 6(1)(1)(a) GDPR;
• disclosure is subject to a statutory obligation pursuant to Art. 6(1)(1)(c) GDPR; or
• in the event that we carry out a corporate transfer or reorganisation — such as a merger, an acquisition by another company, or a sale of all or a portion of our assets to which this Data Protection Notice relates — your data may form part of the transferred assets that we transfer. In such a case, you will be informed in advance by e-mail and/or by means of a prominent notice on our websites of any such change of ownership or change in the use of your personal data, as well as of all options available to you in respect of your personal data (including, where applicable, your right to object to such a transfer).
IV. RETENTION PERIODS AND ERASURE
We process and store your personal data for as long as this is necessary for the complete handling of your enquiry or for the fulfilment of our contractual and statutory obligations under tax and commercial law or other statutory retention and documentation obligations (in particular under the German Commercial Code (HGB), the German Criminal Code (StGB), or the German Fiscal Code (AO)).
Contact data which we have received in connection with the provision of our Services, our webinars, workshops and conferences, or other contractual relationships with you, may be processed for a longer period in order to maintain contact with you. You may object to such retention at any time.
Usage data in connection with our Services are stored for a maximum period of one month.
Personal data in connection with MyDQS are processed until your access is deleted and, beyond that, where further retention is required in the interest of your company pursuant to Art. 6(1)(1)(f) GDPR, or where we are obliged to retain data for a longer period on account of statutory retention and documentation obligations under commercial and tax law (HGB, StGB, or AO).
Data which we have received on the basis of your express consent are generally stored until you withdraw your consent, but may also be deleted without withdrawal where we no longer need the data for the purposes for which you consented.
V. RIGHTS OF DATA SUBJECTS
You have the right:
• pursuant to Art. 7(3) GDPR, to withdraw any consent you have given to us at any time. This has the consequence that we may no longer continue the data processing based on such consent for the future;
• pursuant to Art. 15 GDPR, to request information about your personal data processed by us. In particular, you may request information about the purposes of processing, the categories of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing, or objection, the existence of a right to lodge a complaint, the origin of your data where they were not collected from you, and the existence of any automated decision-making including profiling and, where applicable, meaningful information about the details thereof;
• pursuant to Art. 16 GDPR, to demand the immediate rectification of inaccurate personal data or the completion of incomplete personal data stored by us;
• pursuant to Art. 17 GDPR, to demand the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest, or for the establishment, exercise, or defence of legal claims;
• pursuant to Art. 18 GDPR, to demand the restriction of the processing of your personal data where the accuracy of the data is contested by you, the processing is unlawful but you refuse its erasure, and we no longer need the data but you require them for the establishment, exercise, or defence of legal claims, or you have lodged an objection to processing pursuant to Art. 21 GDPR;
• pursuant to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format or to demand the transmission thereof to another controller; and
• pursuant to Art. 77 GDPR, to lodge a complaint with a supervisory authority. As a rule, you may contact the supervisory authority at your habitual place of residence, your place of work, or the place of our registered office. The supervisory authority with primary jurisdiction over us is the Hessian Commissioner for Data Protection and Freedom of Information (Der Hessische Beauftragte für Datenschutz und Informationsfreiheit), Gustav-Stresemann-Ring 1, 65189 Wiesbaden.
NOTICE REGARDING YOUR RIGHT TO OBJECT PURSUANT TO ART. 21 GDPR
You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you which is carried out on the basis of Art. 6(1)(e) GDPR (processing in the public interest) and Art. 6(1)(f) GDPR (processing on the basis of a balancing of interests); this also applies to profiling based on these provisions within the meaning of Art. 4(4) GDPR.
If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defence of legal claims.
Where your objection is directed against the processing of data for the purposes of direct marketing, we will cease processing without delay. In this case, it is not necessary to state a particular situation. This also applies to profiling insofar as it is associated with such direct marketing. Should you wish to exercise your right to object, an e-mail to [email protected] will suffice.
VI. DATA SECURITY
All personal data transmitted to us are encrypted using the generally accepted and secure TLS (Transport Layer Security) standard. TLS is a secure and established standard which is used, for example, in online banking. You can recognise a secure TLS connection, inter alia, by the appended "s" after http (i.e. https://) in the address bar of your browser, or by the padlock symbol in the lower area of your browser.
We also employ appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorised access by third parties. Our security measures are continuously updated in line with technological developments.
VII. INFORMATION ON COOKIES AND SIMILAR TECHNOLOGIES
When using our Services, usage data are generated in the context of so-called "web tracking". This refers to the practice of tracing the behaviour of certain users on a pseudonymous basis in order to improve and personalise our Services and to optimise the delivery of advertising. For this purpose we also use cookies and comparable technologies.
What are cookies? Cookies are small text files containing information that are stored on your terminal device. They are normally used to assign a particular action or preference on a website to a user, without, however, identifying the user as an individual or disclosing their identity. Cookies are not inherently good or bad, but it is worthwhile to understand what you can do about them and to make your own decision about your data.
We use the following types of cookies, the scope and functionality of which are described below: session cookies and persistent cookies.
Session cookies are automatically deleted when you close your browser. This applies in particular to session cookies. They store a so-called session ID, by means of which various requests from your browser can be assigned to the shared session, thus enabling your computer to be recognised when you return to our Website. Session cookies are deleted when you log out or close your browser.
Persistent cookies are likewise initially stored when you close your browser and are then automatically deleted after a specified period of time, which may vary depending on the cookie. You may also delete cookies at any time in the security settings of your browser.
You may reset your browser before or after visiting our Website so that all cookies are rejected, or to receive notification when a cookie is sent. By default, the setting of cookies can be managed via your browser, including to prevent any cookies from being set at all or to delete cookies. Your browser may also feature a private browsing mode. You may make use of these browser functions at any time. However, if you have disabled the setting of cookies in your browser by default, it is possible that our Website or our Services may not function properly.
In addition to cookies, we also use other technologies for tracking users. These include so-called pixel tags (also known as "web beacons", "GIFs", or "bugs").
What are pixel tags? Pixel tags are transparent single-pixel images embedded on a website. They track, for example, whether a particular area of the website has been clicked. When triggered, the pixel tag records a user interaction and can read or set cookies. As pixels often rely on cookies in order to function, disabling cookies may affect them. However, even if cookies are disabled, pixels can still detect a website visit.
Pixels transmit your IP address, the referrer URL of the web page visited, the time at which the pixel was viewed, the browser used, and previously set cookie information to a web server. This enables reach measurements and other statistical analyses to be carried out for the purpose of optimising our offering.
1) Purposes and Legal Bases
The use of these technologies serves, on the one hand, to make the use of our offering more convenient for you. For example, we use session cookies to recognise that you have already visited individual pages of our Services, that you have already logged into your user account, or for the display of the shopping basket. These are automatically deleted when you leave our website.
In addition, we also use temporary cookies to improve user-friendliness; these are stored on your terminal device for a specific, defined period. When you visit our website again to use our Services, it is automatically recognised that you have been with us before and what inputs and settings you made, so that you do not have to enter them again. The data processed by these cookies are required for the stated purposes in order to safeguard our legitimate interests and those of third parties pursuant to Art. 6(1)(f) GDPR.
On the other hand — subject to your consent pursuant to Art. 6(1)(1)(a) GDPR — we also use these technologies to statistically record the use of our Website and to evaluate it for the purpose of optimising our offering, as well as to serve you with advertising on third-party websites.
You may withdraw your consent at any time for the future via the cookie management tool. You may access the tool at any time via the "Cookie Settings" button at the bottom of the Website in order to review and adjust your consent settings.
This Data Protection Notice is currently valid and is dated March 2026.
All cookies and tools at a glance and manage Privacy Settings: