1. Collection, processing and use of personal data on request
The use of our website is generally possible without providing personal data. You are neither obliged to visit this website nor to provide any personal data. If you do not provide us with personal information, you may not be able to use certain functionalities of this website. Otherwise there will be no consequences for you. As far as personal information (such as name, address or e-mail addresses) is collected on our site, this is done on a voluntary basis, except in the cases expressly described below. This data will not be passed on to third parties without your express consent. We would like to point out that data transmission over the Internet (e.g. communication by e-mail) can have security risks. A complete protection of data against access by third parties is not possible.
If the processing of your personal data is based on your consent, you have the right to revoke your consent at any time with the consequence that the processing of your personal data will become inadmissible for the future. However, this does not affect the legality of the processing carried out on the basis of the consent until revocation.
2. Data processing to enable the use of the website
When you visit our website, we collect the necessary information to enable you to use it. This includes your IP address and data about the start, end and subject of your use of the website as well as any identification data (e.g. your login data when you log into a secure area). This data is used to provide and design the service according to requirements. They are always deleted as soon as they are no longer required and there are no storage obligations. For the processing of pseudonymous user profiles for web analysis see section 5.
3. Consent to cookies and web analysis
When you visit our website, a so-called “cookie banner” appears, with which we ask you for your consent to set cookies to optimize the website (see paragraph 4) and for web analysis (see paragraph 5). If you agree, we will proceed as described in more detail in the following two sections. There you will also find information on how you can revoke your consent at any time and prevent the setting of cookies or web analysis.
If you visit our website and give your consent (see section 3), it may be that information in the form of a cookie is stored on your computer. Cookies are small text files that are sent from a web server to your browser and stored on your computer’s hard drive. This makes it possible to recognize you when you visit the website again. In this way we can guarantee a better functionality of the site and carry out e.g. web analyses (see paragraph 5). Most browsers are set to automatically accept cookies. You can deactivate the storage of cookies in your browser and have the possibility to delete them from your hard disk at any time. We would like to point out to you that a use of our offers on the website without cookies may only be possible to a limited extent. However, you can also use your browser only to prevent certain cookies from being set (e.g. cookies from third parties), for example if you want to prevent web tracking. Please refer to your browser’s help function for more information.
5. Web analysis (Google Analytics)
Further information on data protection at Google Analytics can be found at: https://policies.google.com/?hl=en
6. When using our newsletter
When you give your explicit consent pursuant to GDPR Article 6(1) point (a), we will use your email address to send our newsletter to you on a regular basis. You only need to provide your email address to receive the newsletter.
If you are one of our existing customers and have not objected to the use of your email address, we may also use your email address in order to send you information about similar products and services offered by our company. When advertising to existing customers, we base the processing on our legitimate interests pursuant to GDPR Article 6(1) point (f). The processing of your email address for direct advertising purposes is considered to be a legal interest recognized by the GDPR.
You can unsubscribe at any time by clicking the “Unsubscribe” link at the end of the newsletter. Alternatively, you can ask to be unsubscribed at any time by emailing firstname.lastname@example.org.
We employ the specialized service provider AThe Rocket Science Group LLC d/b/a Mailchimp (“Mailchimp”) to send our newsletter. Further information about the policies and processes of Mailchimp to ensure GDPR compliance is available here.
We have entered into a processing contract with Mailchiimp. Under the contract, Mailchimp agrees to process personal data in conformity with the GDPR and protect the rights of the data subject.
7. When registering for MyDQS
Under the domain https://www.mydqs.com DQS Group (DQS GmbH, DQS Holding GmbH, DQS CFS GmbH, DQS Medizinprodukte GmbH, DQS BIT GmbH) as joint controllers according to Article 26 GDPR offer our customers the possibility to register for a password protected area (hereinafter referred to as MyDQS) where certifications, order confirmations, reports and other relevant documents can be provided by us and accessed by you.
If you request from your customer advisor to register for MyDQS, the advisor will create a login for you, based on your relevant contact-data (name, email address) and your organization’s DQS-file number. Your name is required in order to know, who the request comes from. We need your e-mail address to send you an email with a link for your initial registration.
To complete the registration process, you will need to provide additional mandatory information about your company. If you have voluntarily given us your telephone number to be contacted by phone, this number will also be transferred to the account. After your first registration, you have to set a password of your own choice. Together with your e-mail address, this enables access to your account.
If permissions are provided, you can add and activate additional members from within your organization. In order to create a login, you will have to provide
- First and last name
- Email address
- Professional contact details
of the person you’d like to register. The newly created user will receive an activation link with which the login can be activated as described above. The link is valid for 24 hours. If the account is not activated by the member of your organization, the details provide by you will be deleted automatically after 48 hours. The organization’s admin can delete additional accounts at any time within the portal itself.
The processing of data is carried out at your request and is required in accordance with Article 6 Para. 1 Subpar. 1 lit. b GDPR for the purposes mentioned above for the performance of a contract we have with you and pre-contractual measures as well as based on legitimate interests of DQS Group to jointly offer its customers additional services, based on Article 6 Para. 1 Subpar. 1 lit. f GDPR.
If you use MyDQS, you may activate users, who will receive access to the reports stored in MyDQS. We cannot verify where activated users have their permanent domiciles. As a result, activating these users may cause personal data to be transferred to countries outside the EEA (also see Section III. 3). If the European Commission has not made an adequacy decision regarding the level of personal data protection in these countries or if no other safeguards are in place, government organizations may possibly obtain access to personal data protected by the GDPR. We assume that you have the requisite permissions for these individuals to perform that kind of transfer. We base the transfer on the necessary performance of a contract between you and us pursuant to GDPR Article 49(1) point (b).
When you use MyDQS, DQS companies located in unsecure third countries may also see the data you have saved based on GDPR Article (49)(1) point (b) to perform the contract between you and DQS, for example, if you are working with a DQS company in an unsecure third country.
If you wish to deactivate your organization’s account as a whole, you can request deletion from DQS by e-mail at any time. The personal data processed by us within the context of MyDQS will then automatically be deleted after all contractual matters have been settled, unless you have consented to additional storage (in particular company details and user accounts) in accordance with Article 6 Para. 1 Subpar. 1 lit. a GDPR or legal storage obligations prevent deletion.
You can, in principle, exercise your data subject rights towards any member of the DQS group. Internally responsible, however, is first and foremost DQS GmbH.
8. Legal basis for processing
The legal basis for processing depends on the purpose for which the data are processed. We collect, as described under item 5, data for pseudonymised user profiles to improve the website on the basis of the applicable data protection law for media.
9. Transmission to third parties and in countries outside the EU
Your personal data will only be transmitted to third parties, if this is legally permitted or if you have given your prior consent. For example, we may transfer data to other companies of the DQS group, if this is necessary to respond to a request you have made. We will only disclose your data to government authorities within the framework of legal obligations or as a result of an official order or court decision. A transfer to recipients outside the EU only takes place if it is ensured that the recipient of the data guarantees an adequate level of data protection and that there are no other interests worthy of protection against the data transfer. Should you have any questions in this regard, please contact our data protection officer (see Section 14).
The data collected by Google Analytics in the form of pseudonymous user profiles (section 5) will be deleted no later than 26 months after the last new entry in the respective user profile. In all other respects we delete your personal data as soon as they are no longer needed for the purposes pursued with the collection and processing and as far as no legal storage obligations stand in the way.
11. Data security
DQS CFS GmbH has taken the necessary technical and organisational measures to protect the personal data you provide from loss, destruction, manipulation and unauthorised access. Our employees and all persons involved in data processing are obliged to comply with data protection laws and to treat personal data confidentially. Our employees are trained accordingly. Both internal and external tests ensure compliance with all data protection relevant processes at DQS CFS GmbH.
12. Your rights regarding personal data
The data protection law grants you a number of rights with regard to data concerning your person (so-called rights of data subjects). In general, these are the right to request information about your personal data stored by us, as well as the right to correct, delete or restrict the processing of these data and to object to the processing. Whether and to what extent these rights exist in individual cases and what conditions apply depends on the law (until 25 May 2018 from the Federal Data Protection Act, from 25 May 2018 also from the EU Basic Data Protection Ordinance). The basic EU data protection regulation also grants you the right to data transferability. If you have given your consent to the processing of your personal data, you can revoke this at any time with effect for the future. They also have a right of appeal to the competent data protection supervisory authority. However, if you have any questions or complaints regarding data protection at DQS CFS GmbH, we recommend that you first contact our data protection officer (see Section 14).
13. No automated single decision
As far as this is not exceptionally necessary for the conclusion of a contract or permitted by law (as in the case of age verification) we do not use your personal data for automated individual decisions.
14. How can you contact us?
You will find our contact details as the responsible body in the imprint.
If you wish to exercise the rights mentioned under item 12 or if you have any questions about data protection with us or this data protection declaration, you can also contact our data protection officer: