QUACERT Gesellschaft zur Zertifizierung von Qualitätsmanagement-Systemen mbH welcomes you to our website, which you have accessed at www.quacert.de. Please take some time to familiarise yourself with the measures that we have taken to protect your personal data. To give you a better understanding, we have explained the most important terms relating to data protection in simpler words. We would also like to clarify your rights as the “data subject”. We are indicating to you our contact person who deals with data protection and the data that we collect and process. The rapidly developing technology also makes it necessary to inform you about the technical processing of your personal data by third-party providers.
It is initially possible to use our website without providing personal data.
As the controller, we have implemented a variety of technical and organisational measures to ensure the most complete protection possible for the personal data processed via this website. Nevertheless, security threats can appear when data is transferred via the internet, meaning absolute protection cannot be guaranteed. For this reason, you are also free to submit personal data to us in alternative ways, such as by phone. However, if you as the user would like to make use of particular services provided by our company via our website, it could be necessary to process personal data.
Should you have further queries regarding data protection after studying this comprehensive data protection statement, please feel free to contact our data protection officer (mentioned below) as the first point of contact.
Data protection terminology
Personal data refers to any information that relates to an identified or identifiable natural person (hereinafter referred to as the “data subject”).
Processing refers to any operation carried out with or without the help of automated processes. This includes the collection, recording, organisation, sorting, storage, adjustment or modification, selection, retrieval, use, disclosure by transmission, distribution or other form of supply, comparison or linking, reduction as well as erasure or destruction.
Consent refers to any declaration given voluntarily by the data subject in a specific case that he or she has agreed to the processing of the personal data relating to him or her.
Recipient refers to a natural or legal person, authority, agency or other body to which the personal data is disclosed, whether or not this is a third party.
Processor refers to a natural or legal person, authority, agency or other body which processes personal data on behalf of the controller.
Third party refers to a natural or legal person, authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Profiling refers to any form of automated processing of personal data, consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, (e.g. aspects concerning work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements). Profiling is not carried out by us.
Pseudonymisation refers to the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without using further information, provided that this additional information is stored separately.
Controller, within the meaning of the GDPR or for processing, refers to the natural or legal person, authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Name and address of the controller
The controller, within the meaning of the GDPR, other data protection laws and other provisions of a data protection law nature that are applicable in the Member States of the European Union, is:
QUACERT Gesellschaft zur Zertifizierung von Qualitätsmanagement-Systemen mbH
Eutighofer Straße 137
73525 Schwäbisch Gmünd
Tel.: 0049 7171 99791640
Managing Directors: Marie-Luise Muth, Dominik Hauser
Name and address of the data protection officer
The data protection officer of the controller responsible for processing is:
Mr Gerald Saur
Tel. 0049 7961 53171
Any data subject can address questions and suggestions relating to data protection directly to our data protection officer. In case of complaints you have a right to lodge a complaint, which you can assert to the
Supervisory authority for Baden-Württemberg
State representative for data protection and freedom of information Baden-Württemberg
P.O.Box 10 29 32, 70025 Stuttgart
Königstraße 10a, 70173 Stuttgart
Tel.: 0711/61 55 41 – 0
Fax: 0711/61 55 41 – 15
Some cookies contain a so-called cookie ID. A cookie ID is a unique identifier for the cookie. Websites and servers can thus be attributed to the individual Internet browser on which the cookie was stored. In this way, your Internet browser can be clearly recognised (again).
The use of our Internet service can be traced with cookies. It can be discerned which sites have been accessed or which sites are of particular interest. This enables continual improvement of our Internet service.
You can prevent cookies from our website at any time by adjusting the appropriate Internet browser setting and thereby permanently blocking the setting of cookies. In addition, cookies already set can be deleted at any time via an Internet browser or other software programs. This is possible in all common Internet browsers. However, we point out the following: If you deactivate cookies in your browser, it is possible that not all functions of our website will be fully usable.
Collection of general data and information
Our website collects a range of general data and information every time the web page is accessed by a data subject or automated system. This general data and information is saved in the server log files. The following may be collected
- the operating system used by the accessing system,
- browser types and versions used,
- the website from which an accessing system arrives at our website (known as the referrer),
- an Internet protocol address (IP address),
- the sub-web pages which are directed via an accessing system to our website,
- the date and time of access to the website, transcribed 24 hours, 7 days a week
- the Internet service provider of the accessing system and
- other similar data and information used for security in the event of attacks on our information technology systems.
QUACERT Gesellschaft zur Zertifizierung von Qualitätsmanagement-Systemen mbH does not trace this general data and information back to the data subject when using it. This information is required rather
- to optimise the content of our website as well as advertising for it,
- to display the content of the website correctly,
- to guarantee the functionality of our IT systems and website technology and
- to provide law enforcement authorities with the necessary information for prosecution in the event of an attack.
This anonymously collected data and information is evaluated by QUACERT Gesellschaft zur Zertifizierung von Qualitätsmanagement-Systemen mbH on the one hand for statistical purposes but also with the aim of increasing data protection and data security in our company, so that we can ultimately ensure an optimal level of protection for the personal data which we process.
The anonymous data in server log files are stored separately from all personal data provided by a data subject.
Registration on the website
You have the option to register on the website of the controller responsible for processing by entering personal data. The personal data transmitted to us in this process are evident from the respective input screen used for the registration. The personal data entered by you will be collected and stored exclusively for internal use by the controller responsible for processing and for its own purposes.
By registering on the website, the IP address assigned by the Internet service provider (ISP) of the data subject, the date and the time of the registration are stored. The purpose of the storage is for the prosecution of criminal offences which are committed in the course of the use of our website (e.g. violations of copyright, setting links with prohibited content etc.). The storage of this data is necessary in this regard to protect the controller responsible for processing. No disclosure of this data is made to third parties in principle, unless there is a legal obligation to pass this on or the disclosure of this data serves the purposes of criminal or law enforcement.
Your registration is used to provide you with additional content or services.
On specific request, we will provide you with information at any time as to what personal data is stored about you. In addition, we will erase or rectify personal data at your request or instruction, provided that statutory retention obligations do not prevent this. The data protection officer along with all of the employees of the controller responsible for processing are available to you as contacts in this regard.
Erasure and blocking of personal data
We only process and store your personal data for the period necessary to fulfil the purpose of the storage or for as long as officially or statutorily necessary.
If the purpose of processing ceases to apply or a storage period prescribed by the legislator lapses, the personal data will be blocked or erased routinely and in accordance with legal requirements.
Right to confirmation
We are obliged to issue you with a confirmation about whether the personal data in question is processed. If you make use of this right, you can contact our above mentioned data protection officer concerning this.
Right to information
As the data subject you have the right to obtain information free of charge concerning the personal data stored about your person as well as to receive a copy of this information. You also have rights of information to:
- the purpose of processing
- the categories of personal data which are processed
- the recipients or categories of recipients to whom the personal data has been or will be disclosed, especially recipients in third countries or international organisations
- if possible the planned period for which the personal data will be stored, or if this is not possible, the criteria for determining this period
- the existence of a right to rectification or erasure of the personal data pertaining to the data subject, or to restriction of processing by the controller, or the right to object to this processing
- the existence of a right to lodge a complaint with a supervisory authority
- where the personal data has not been obtained from the data subject: All available information about the origin of the data
In addition, you have a right to information about whether we have transferred personal data to a third country or international organisation. If this is the case, the data subject also has the right to receive information on the appropriate safeguards in connection with the transfer.
Should you wish to make use of this right to information, you can contact our data protection officer or another employee of the controller responsible for processing.
Right to rectification, erasure or blocking
You have the right to request rectification, erasure or blocking of the personal data stored about you. Should statutory provisions not allow erasure, your data shall instead be blocked so that it is only accessible for the purposes of the mandatory statutory provisions.
To make use of your rights to withdrawal, information, rectification, erasure or blocking of your personal data mentioned above, please contact our data protection officer via the contact details given above. You can assert these rights at no cost to you.
Right to restriction of processing
You have the right to restriction of processing if,
- you contest the accuracy of your personal data for a period enabling us to verify the accuracy of your personal data.
- the processing is unlawful and you oppose the erasure of the personal data and request the restriction of use of the personal data instead.
- we no longer need the personal data for the purposes of processing, but you need it for the establishment, exercise or defence of legal claims.
- you have objected to the processing in accordance with Article 21(1) GDPR and verification of whether our legitimate grounds for processing override your grounds is still pending.
Right to data portability
You have the right to receive personal data concerning you which you have provided to us, in a structured, commonly used and machine-readable format.
Right to object
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you that is based on Article 6(1)(e) or (f) GDPR. If you object, we will no longer process this personal data unless there are compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms or the processing serves to establish, exercise or defend legal claims.
To assert the right to object, you can contact our data protection officer directly.
Right to withdraw consent in relation to data protection
Each data subject affected by the processing of personal data has the right, granted by EU directives and regulations, to withdraw consent to the processing of personal data at any time.
If you wish to exercise your right to withdraw consent, you can contact our data protection officer at any time.
Contact via email
Emails, including their content, shall be forwarded internally to the processing department and processed. Since the content of most emails within the meaning of the Fiscal Code (Abgabeordnung - AO) must be archived, the email must be archived by us in accordance with the statutory requirements (up to 10 years).
A storage system is in use for this, which stores the email content in a compressed format. Since emails cannot be treated differently on the basis of their content, we would like to point out expressly that email applications and private emails may also be affected by the sustained storage and archiving. We therefore request you to refrain from sending private emails. Applications see “Application by email”.
Should you use our contact form, or write to us directly by email, the data transmitted by you, generally your email address as well as your name and if necessary your phone number, are stored on our mail server.
Applications and application procedures
We collect and process personal data from applicants in order to handle the application process. Processing can also occur electronically. This applies in particular if you as the applicant send the corresponding application documents to us electronically, e.g. via email. If we conclude an employment contract with you, the data submitted will be stored in our system for the purposes of developing the employment relationship, under consideration of legal provisions. If no employment contract is concluded with you, the application documents will be automatically deleted three months after the rejection decision has been conveyed, provided that no other legitimate interests prevent us from deleting them. This could for example be a burden of proof in a procedure in accordance with the General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz - AGG) or similar.
Application by email
In the case of an electronic application procedure by email the data will be passed on internally to the heads of department (co-)responsible for the decision about your application. Our employees who are involved in the application procedure are specially trained and explicitly obliged to confidentiality and instructed not to copy your application.
Application via paper documents
In the case of an application procedure via paper documents (hard copy) the data will be passed on internally to the heads of department (co-)responsible for the decision about your application. For this it may be necessary for your documents or parts of your documents to be copied. Our employees who are involved in the application procedure are specially trained and explicitly obliged to confidentiality and instructed not to copy your application. Within the meaning of the burden of proof, we shall retain your application for the aforementioned period. Afterwards any copies of your application documents will be destroyed securely (by shredder). You shall receive your original documents back at our cost.
Collecting and using data
Unless otherwise outlined in the following paragraphs, in principle no personal data will be collected, processed or used when using our websites. The analysis of the frequency of your visits is not done by the provider or by QUACERT. Likewise, we shall refrain from any research regarding the allocation of an IP address to a specific natural person.