When using our website, your personal data will be processed by us as the data controller and stored for the period of time required to fulfill the specified purposes and legal obligations.
This privacy information provides you with an overview of how your personal data is processed when you access the "Website" available at www.dqsglobal.com, use the embedded forms and communication tools, or make use of the services offered as part of the MyDQS portal (the forms together with the MyDQS portal collectively the "Services"). We also inform you about your rights under the EU General Data Protection Regulation ("GDPR") and the options you have to manage and protect your personal data.
If you have any questions about data protection at DQS or about your data subject rights, you can contact us directly or our data protection officer at any time.
You can download this data protection information here.
I.) NAME AND CONTACT DETAILS OF THE CONTROLLER AND DATA PROTECTION OFFICER
For the website as well as for the processing in the context of the use of the Services, the controller
DQS Holding GmbH
60433 Frankfurt am Main
Tel: +49 69 95427 0
Fax: +49 69 95427 111
"we", "us" or „DQS“).
If you have any questions about the processing of your data to our data protection officer, you can contact by mail to firstname.lastname@example.org.
II.) CATEGORIES OF DATA, PURPOSES AND LEGAL BASIS OF PROCESSING
When providing our Website and Services, we process personal data from different sources for different purposes.
For one, this is data that we process automatically, mainly for technical reasons, when accessing the website or services for each visitor regardless of whether that visitor uses our services, contacts us or not.
Secondly, we process certain data only if you decide to contact us or to use certain functions of the website, or to make use of services offered via it. Where applicable, we also process personal data that third parties provide to us from you.
Finally, we also process data from you for marketing purposes in connection with our business relationship, or if you have previously given your express consent. You have the right to object to these processing operations at any time, or to withdraw your consent once you have given it. Find our more about your data subject’s rights.
1. DATA WE AUTOMATICALLY PROCESS WHEN YOU VISIT OUR WEBSITE
When you visit our Website and use our Services, we automatically process connection and usage data.
The browser you use on your device automatically sends information to the server of our Website, e.g. date and time of access, name and URL of the accessed site, operating system/ browser type and version used, website from which the access is made (referrer URL), but also your IP address (together "connection data") and information about how you interact with our Website and our services ("usage data"). Based on this data alone, it is not possible for us to identify you as an individual.
We process connection and usage data to ensure IT security and the operation of our systems as well as to prevent or detect abuse, in particular fraud. In addition, we process pseudonymous usage data to analyze and continuously improve the performance of the website and services and to fix bugs as well as to personalize content for you.
We temporarily store connection and usage data in so-called log files and usually delete them automatically after 14 days.
We process connection and usage data on the basis of our legitimate interests in a secure, trouble-free and convenient delivery and use of our Website and Services, Article 6 (1) p. 1 lit. f of the GDPR.
2. DATA WE PROCESS WHEN YOU USE OUR SERVICES
Besides usage data that we process of all website visitors and users of our services, we process personal data of you if you provide it to us actively when using our Services, e.g., when you use our Contact- Inquiry- Registration- or Order forms for general inquiries, complaints and violations, requests related to our certification and audit services, registration for webinars, workshops and events, download of whitepapers or info packages, or you communicate with us via our chat.
We may process your contact details (e.g., your name, email address, phone number), information related to your professional activity, invoicing information if applicable, registration-, contract,- and order information, as well as content data otherwise provided by you through our services (e.g. more detailed information about your requests and about your business, etc.).
We process this information to enable you to contact us and make use of our Services, for possible queries and to answer your inquiry, as well as to check the information for plausibility.
The data processing is carried out in response to your request and is necessary for the aforementioned purposes for the fulfillment of the contract and pre-contractual measures in accordance with Article 6 (1) p. 1 lit. b) of the GDPR.
In addition, we also process this data for other purposes in individual cases. These include, for example, the transfer of your personal data to affiliated companies within the Group. For example, we will forward your inquiry to the responsible DQS company and your customer advisor if your company is already a customer of ours.
SPECIFIC INFORMATION ON PROCESSING IN CONNECTION WITH THE REGISTRATION AND USE OF MYDQS
Under the domain https://www.mydqs.com, the DQS Group , as joint controllers pursuant to Article 26 of the GDPR, enables you to register for a restricted password area (hereinafter referred to as MyDQS) where certificates, order confirmations, reports and other relevant documents can be provided to and accessed by you.
The Joint Controllers have entered into an agreement pursuant to Article 26 (1) of the GDPR, which provides binding rules on when which Controller must fulfill which obligations arising from the requirements of the GDPR.
Exercising the data subject rights within the meaning of Articles 15 et seq. GDPR, however, is possible with each of the Joint Controllers. This means that you can, for example, communicate and thus assert your right to access pursuant to Article 15 of the GDPR or a request for deletion pursuant to Article 17 of the GDPR vis-à-vis any company of the DQS Group. The entity addressed will handle the subsequent internal communication in order to fulfill your lawful requests.
With regard to the right of data subjects to lodge a complaint with a supervisory authority, the following is the lead authority: the Hessian Commissioner for Data Protection and Freedom of Information, Gustav-Stresemann-Ring 1, 65189 Wiesbaden, P.O. Box 31 63, 65021 Wiesbaden, telephone: 0611 1408-0, fax: 0611 1408-900, e-mail: email@example.com, Internet: http://www.datenschutz.hessen.de. However, you can also contact the supervisory authorities at your registered office.
In this context, we process access data, subsequent information in connection with your company, as well as information on your authorizations. To complete registration, it is necessary to select a personal password. In conjunction with your email address (collectively, "access data"), this allows you to login to your MyDQS user account.
Users of MyDQS can add other users whose access data we subsequently process. When you are added by a user from within your organization, you will receive an email with an activation link that you can use to activate your user account. The link has a validity of 24 hours. If you do not want to activate a user account and your organization does not send a new activation link, the temporarily created user account will be automatically deleted after 48 hours. After successful registration, users with write authorization can delete their user account themselves at any time.
The processing of personal data in connection with the provision of MyDQS by us is carried out at your or your organization's request and is necessary for the fulfillment of contractual obligations with you or your organization based on our legitimate economic interests, Article 6 para. 1 p. 1 lit. b) and lit. f) of the GDPR.
3. DATA WE PROCESS FOR MARKETING PURPOSES
If you have expressly consented in accordance with Article 6 (1) p. 1 lit. a of the GDPR, we will process the data you provided when registering for our newsletters in order to send you our newsletter on a regular basis. We only offer free webinar recordings, whitepapers or info packages after you have consented to receive newsletters from us. You can unsubscribe at any time by clicking the "Unsubscribe" link at the bottom of the newsletter. Alternatively, you may send your unsubscribe request at any time by e-mail to firstname.lastname@example.org.
We may also use your e-mail address without your express consent to send you information about similar products and services of our company, provided you are already a customer of ours and have not objected to the use of your e-mail address, so-called "existing customer mailings". In the case of existing customer mailings, we base the processing of your personal data on our legitimate interests pursuant to Article 6 (1) p. 1 lit. f of the GDPR. The processing of your e-mail address for the purpose of direct marketing is thereby considered a legitimate interest recognized by the GDPR. Unsubscribing is possible at any time by clicking on the "Unsubscribe" link at the end of the newsletter. Alternatively, you may send your unsubscribe request at any time by e-mail to email@example.com.
We only share your personal data with carefully selected service providers as well as with business partners and other DQS Group companies on the basis of agreements in which these service providers undertake to comply with strict contractual requirements for the protection of your data. In some cases, we may also share data with third parties if we are instructed to do so by you or your organization, or if we are required to do so by law.
1. INFORMATION ON THIRD COUNTRY DATA TRANSFERS
We also transfer your personal data to countries outside the EEA (so-called "third countries") for which there is no adequacy decision by the EU Commission (so-called "restricted third countries"). Restricted third countries do not offer a level of data protection identical to that in the EU. We only transfer your personal data if
Appropriate safeguards under Article 46 of the GDPR can be so-called standard contractual clauses, with which a recipient in a restricted third country assures to protect the data sufficiently and thus to ensure a level of protection comparable to the GDPR. However, standard contractual clauses are only binding for our contractual partners. Therefore, there is a residual risk that government authorities may gain access to your personal data without providing you with effective legal remedies against this.
Please note: Other users activated by your organization may also have access to reports stored in MyDQS. DQS does not check from which countries the activated users access information stored in MyDQS. Personal data may be transferred to countries outside the EEA as a result. We base such transfers on the necessary fulfillment of the contractual relationship in the context of providing our services in MyDQS.
If you use MyDQS, DQS companies in restricted third countries may also access the data stored about you on the basis of Article 49 (1) (b) of the GDPR in order to fulfill the contract between you and DQS, for example if you work with a DQS company in a restricted third country.
2. SERVICES PROVIDORS
To offer our Website and Services, we use the services of IBEXA Content Management System Ibexa GmbH, Kaiser-Wilhelm-Ring 30-32, 50672 Cologne, Germany, as well as Hubspot, a service of HubSpot, Inc, 25 First Street, Cambridge, MA 02141 United States. We also use Hubspot for our newsletters.
Our website uses the consent management service Usercentrics of Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany. If you give us consent to set cookies when you visit our website, Usercentrcis processes the date and time of the visit, browser information, consent information and information of the requesting device.
We provide our chat with the help of Userlike of Userlike UG, Probsteigasse 44-46, 50670 Cologne (hereinafter "Userlike").
We integrate third-party content, e.g. videos, into our website on the basis of your consent pursuant to Article 6 (1) p. 1 lit. a) of the GDPR and on the basis of our legitimate interests pursuant to Article 6 (1) p. 1 it. f) of the GDPR in order to enhance the functionality of our web sites for our users with services offered by other providers. The underlying purpose is to be considered a legitimate interest within the meaning of the GDPR. We use components (videos) from YouTube, LLC. 901 Cherry Ave, 94066 San Bruno, CA, USA (hereinafter: "YouTube"), a company of Google. We generally activate the "extended data protection mode" option provided by YouTube. According to the information provided by YouTube, no cookies are set in "extended data protection mode" to analyze user behavior.
We have entered into strict contractual agreements with these service providers to process data exclusively within the scope of our instructions (so-called data processing agreements).
3. TRANSFER OF PERSONAL DATA TO THIRD PARTIES
Insofar as this is legally permissible and required in accordance with Article 6 (1) p. 1 lit. b) or f) of the GDPR for the initiation or execution of contractual relationships with you or your company we transfer personal data to third parties. For example, we transfer personal data to independent auditors for the purpose of carrying out certification and auditing services. The data passed on may only be used by the third party for these purposes.
In addition, we will only disclose your personal data to third parties if:
IV.) RETENTION AND DELITION
We process and store your personal data as long as this is necessary in order to complete our response to your inquiry or to fulfill our contractual and tax and commercial law or other legal obligations to retain and document data (in particular from the German Commercial Code (HGB), the German Criminal Code (StGB) or the German Tax Code (AO)).
Contact data that we have received in connection with the offer of our Services, our webinars, workshops and congresses, or other contractual ties with you, we may process longer in order to be able to stay in contact with you. You can object to this storage at any time.
We store usage data within the scope of our services for a maximum period of one month.
We process personal data in connection with MyDQS until your access is deleted and beyond that, provided that further storage is necessary in the interest of your organization in accordance with Article 6, para. 1 p. 1 lit. f) of the GDPR, or if we are legally obliged to store data for a longer period due to tax and commercial law retention and documentation obligations.
We generally store data that we have received on the basis of your express consent until you withdraw your consent, but we may also delete it if we no longer need the data for the purposes for which you gave your consent or remain inactive for a longer period of time.
V.) YOUR DATA SUBJECTS RIGHTS
You have the right
INFORMATION ABOUT YOUR RIGHT TO OBJECT ACCORDING TO ARTICLE. 21 GDPR
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you carried out on the basis of Article 6(1)(e) of the GDPR (data processing in the public interest) and Article 6(1)(f) of the GDPR (data processing on the basis of a balance of interests); this also applies to Article 4(4) of the GDPR profiling based on this provision.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate reasons for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
If your objection is directed against processing of data for the purpose of direct marketing, we will immediately stop the processing. In this case, it is not necessary to specify a particular legal situation. This also applies to profiling, insofar as it is related to such direct marketing.
If you wish to exercise your right to object, an e-mail to firstname.lastname@example.org is sufficient.
VI.) DATA SECURITY
All data you personally submit is encrypted using the generally accepted and secure standard TLS (Transport Layer Security). TLS is a secure and proven standard that is also used, for example, in online banking. You can recognize a secure TLS connection, among other things, by the appended s at the http (i.e.https.) in the address bar of your browser or by the lock symbol in the lower area of your browser.
We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
INFORMATION ON COOKIES AND SIMILAR TECHNOLOGIES
What are cookies? Cookies are small text files containing information that are stored on your device used to access the site. They are usually used to assign a specific action or preference on a website to a user, but without identifying the user as a person or revealing his identity.
Cookies are not automatically good or bad, but it is worth understanding what you can do about them and making your own decisions about your data.
We use the following types of cookies, the scope and functionality of which are explained below: Session cookies and persistent cookies.
Session cookies are automatically deleted when you close your browser. This applies in particular to session cookies. They store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.
Persistent cookies are also retained when you close your browser and then automatically deleted after a certain period of time, which may vary depending on the cookie. You can also delete the cookies at any time in the security settings of your browser.
You can set your browser before or after your visit to our website so that all cookies are rejected or to indicate when a cookie is sent. Usually these settings can be managed in the settings of your browser, including in such a way that no cookies can be set at all or that cookies are deleted again. Your browser may also have an anonymous browsing feature. You can use these functions of your browser yourself at any time. However, if you have disabled the setting of cookies in your browser by default, our Website or Services may not function properly.
In addition to cookies, we use other technologies for tracking users. These include, for example, so-called pixel tags (also known as "web beacons", "GIFs" or "bugs").
What are pixel tags? Pixel tags are transparent one-pixel images that are displayed on the website. They track, for example, whether a particular area of the website has been clicked on. When triggered, the pixel tag logs a user interaction and can read or set cookies. Since pixels often rely on cookies to function, turning cookies off can interfere with them. But even if you turn off cookies, pixels can still detect a website visit.
Pixels send your IP address, the referrer URL of the website visited, the time the pixel was viewed, the browser used, and previously set cookie information to a web server. This makes it possible to carry out range measurements and other statistical evaluations, which serve to optimize our services.
Purposes and legal basis
In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your terminal device for a certain specified period of time. If you visit our site again to use our Services, we automatically recognize that you have already been with us and which entries and settings you have made so that you do not have to enter them again. The data processed by these cookies are necessary for the aforementioned purposes to protect our legitimate interests as well as those of third parties in accordance with Article 6 (1) lit. f) of the GDPR.
On the other hand, we use these technologies - provided you have given your consent, Article 6 (1) p.1 .lit. a) of the GDPR - to statistically record the use of our website and to evaluate it for the purpose of optimizing our services, as well as to show you advertisements on third-party sites.
You can withdraw your consent at any time for the future via the cookie management tool. You can call up the tool again at any time via the "Cookie settings" button at the bottom of the website to check and adjust your consent settings.
ALL COOKIES AND TOOLS AT A GLANCE AND MANAGE SETTINGS
This privacy information is currently valid and was updated in March 2022.