This Privacy Statement applies to the processing of your data, namely your personal data, via the website “www.qdfaq.com”, including all ancillary and sub-pages (platform). Qualidates AG (“Operator”) is responsible for the data processing. The complete contact details can be found under company information. The platform serves the purpose of presenting the Operator's company online. You can access the content of this Privacy Statement at any time via the subpage of the same name on the platform and also save or print it via the corresponding function on your Internet browser.
1. Preliminary Remarks
The Operator takes the protection of your data seriously and adheres to the laws on data protection. These laws serve to protect natural persons and the processing of their personal data. Personal data is any information relating to an identified or identifiable natural person. Such data will only be processed to the extent necessary to provide and improve the platform. Processing for making improvements and providing services shall only take place if this is stated below or if it is stated where consent is required, or if it is ordered by governmental authorities or courts or otherwise provided for by law. The data is processed by the Operator, or by processors on behalf of the Operator, only in Member States of the European Union (EU). In particular, the Internet servers used by the Operator for data processing are located in the EU Member States. A transfer to a third country or an international organization will not generally occur.
In order to keep your loading times as short as possible, we use a Content Delivery Network (“CDN”), in which certain elements of our website are delivered via web servers of a CDN provider who works for us as part of order processing. Access data is therefore also collected on the CDN provider's web servers.
All access data is stored for a period of 7 days. This data is used exclusively to ensure trouble-free operation of the website, error analysis and to improve our services. The use of a CDN provider as well as the procedure described here serves to safeguard our predominantly legitimate interests in a correct presentation of our offer within the framework of a balancing of interests pursuant to Art. 6 Para. 1 lit. f of the GDPR.
2. Data Processing
Your data will only be processed in a type-independent manner, i.e. the data type that you leave without any specifications being entered in a form when you visit the platform. In particular, this may involve your IP address and statistical data. As far as technically possible, personal data is transmitted in encrypted form by the Operator.
b) Web analytics
If Google Analytics is integrated, you can also prevent the collection of your data by Google Analytics by clicking on the following link. In this case, no browser plugin is downloaded and installed, but an opt-out cookie is set, which prevents the collection of your data when you visit the platform:
Google Analytics deaktivieren
c) Access protocol
In order to guarantee the security and functionality of the platform (e.g. defence against attacks), an access protocol (log file) is created on the Operator's servers. The access protocol stores data regarding access to the platform. This is the data that is transferred to the platform when your browser establishes a connection. This includes your IP address, the time of access, which address (URL) was accessed, whether the access was successful and how large the data transmitted by the server was. If your browser transmits the respective data, the previous address (referrer) as well as information about your operating system and browser (e.g. version) will also be saved; you can prevent the transmission of this data using the settings of your browser if necessary. The log files are deleted at regular intervals, at the latest by the end of the next calendar month. The log files are evaluated statistically beforehand if necessary. The logged data is stored separately from other data that you leave on the platform and is not merged with the other data. The data will not be passed on to third parties and will not be used for any other purposes. The statistical evaluation of the log files does not allow any identification of your person.
d) Embedded content
(aa) Google Fonts
(bb) Static files at Amazon S3
(cc) Integration of social-media buttons
The Operator uses social plugins from the bookmarking service ShareThis Inc, 250 Cambridge Avenue, Palo Alto, CA 94306, USA. These plugins allow users to bookmark and post or share content on social networks (e.g. Twitter, Facebook or Google+).
3. Legal bases
The legal regulations for data protection are found, in particular, in the Federal Data Protection Act (BDSG) and the Telemedia Act (TMG). As of May 25, 2018, however, the General Data Protection Regulation (GDPR) has precedence. The legal basis for data processing is the protection of the legitimate interests of the Operator (Art. 6 Para. Letter f GDPR). This includes the economic interest in operating the platform, in particular the presentation of the Operator's company online. There is no automated decision-making or profiling within the meaning of Art. 22 GDPR.
4. Your rights
If you have been affected by your personal data being processed, you have enforceable rights vis-a-vis the party responsible for the data processing according to the data protection regulations. You can contact the Operator at any time to assert these rights, for example by e-mail to the address given at the beginning. The same applies to other questions regarding data protection by the Operator. In addition to the Operator, the Operator’s data protection officer is also available to you: Mr. Daniel Raimer, attorney-at-law, from the Daniel Raimer Law Firm in Düsseldorf, Germany; you can find the contact details of the data protection officer under the section on Company Information (German) at:
1. Right of Withdrawal
You have the right to revoke your consent to data processing at any time. The revocation of your consent does not affect the lawfulness of the processing carried out on the basis of your consent up to the time of revocation.
2. Right to Object
You have the right, for reasons arising from your particular situation, to object, at any time, to the processing of personal data concerning you that is necessary for the performance of a task in the public interest or for the safeguarding of the legitimate interests of the Operator. The Operator will then no longer process the personal data unless the Operator can prove compelling reasons for processing that are worthy of protection and that outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.
If your data is processed for the purposes of direct advertising, you have the right to object at any time to data processing for the purposes of such advertising. If you object to the processing of your data for purposes of direct marketing, your personal data will no longer be processed for these purposes.
3. Right to Appeal
You have the right to file a complaint with a supervisory authority if you are of the opinion that the processing of your personal data violates statutory provisions. The State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia (LDI), Kavalleriestr. 2-4, 40213 Düsseldorf, Germany, e-mail: firstname.lastname@example.org, is responsible for the territory in which the Operator’s registered office is located. The complete contact details of the LDI can be found on the corresponding Internet page at www.ldi.nrw.de . This is without prejudice to your right to file a complaint with any other supervisory authority, in particular in the Member State in which you are staying, your place of work or the place where the alleged infringement was committed. Furthermore, the right of appeal does not prejudice any other administrative or judicial remedies.
4. Right to Information
You have the right to ask the Operator to certify whether personal data concerning you is being processed; if so, you have the right to access such data and the following information: (a) the purposes for which it is being processed; (b) the categories of personal data being processed; (c) the recipients or categories of recipients to whom the data has been or will be disclosed; (d) the intended duration for which the data will be retained or, if that is not possible, the criteria for determining that duration; (e) your rights under data protection legislation; (f) if the data is not collected from you, any available information about the origin of the data; (g) the existence of automated decision-making including profiling and meaningful information about it. Most of the information can already be found in this Privacy Statement. In addition, you can of course contact the Operator at any time, for example by e-mail to the address given at the beginning. Upon request, the Operator shall provide you with a copy of the personal data that is the subject of the processing. This will take place, however, only insofar as the rights and freedoms of other persons are not affected. If you submit the application electronically, the information will be made available to you in a common electronic format, unless you indicate otherwise.
5. Right to Rectification
You have the right to demand that the Operator immediately rectify any incorrect personal data concerning you. In addition, taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data - also by means of a supplementary declaration.
6. Right to Erasure
You have the right to request that the Operator delete any personal data concerning you immediately, and the Operator is obliged to delete this data immediately if one of the following reasons applies: (a) the data is no longer necessary for the purposes for which it was collected or otherwise processed; (b) you revoke the consent on which the processing was based and there is no other legal basis for the processing; (c) you object to the processing and there are no overriding legitimate interests for the processing or your objection concerns direct marketing; (d) your personal data has been processed unlawfully; (e) the deletion is necessary to comply with a legal obligation to which the Operator is subject; or (f) the data has been collected on the basis of the consent of a child when an information society service was offered directly to that child.
However, the right to erasure shall not apply where processing is necessary: (a) to exercise the right to freedom of expression and information; (b) to fulfil a legal obligation; (c) to perform a task which is in the public interest; or (d) to assert, exercise or defend legal claims. In this respect, you can request that your data be blocked if necessary.
7. Right to Block
You have the right to request that the Operator restrict (block) the processing of your personal data if one of the following conditions is met: (a) the accuracy of your personal data is contested by you for a period of time which enables the Operator to verify the accuracy of this data; (b) the processing is unlawful and you refuse to delete your data and instead request the restriction of the use of your data; (c) the Operator no longer needs the personal data for the purposes of the processing, but you need it for the assertion, exercise or defence of legal claims; or (d) you have objected to the processing of your data, but it is not yet clear whether the legitimate reasons of the Operator outweigh yours; there is no need to weigh legitimate reasons in the case of an objection to the processing for direct marketing purposes.
If processing has been restricted, your personal data - apart from storage - may only be processed with your consent or to assert, exercise or defend legal claims or to protect the rights of another person or for reasons of an important public interest. If the processing of your data has been restricted, you will be informed by the Operator before the restriction is lifted.
8. Right to Data Portability
You have the right to receive the personal data that you have provided to the Operator in a structured, common and machine-readable format and you have the right to transfer this data to another controller without interference by the Operator, provided that the processing is based on your consent or on a contract between you and the Operator and the processing is carried out using automated procedures. In this respect, you have the right to have your personal data transmitted directly by the Operator to another controller, as far as this is technically feasible and the rights and freedoms of other persons are not impaired. Your right to erasure remains unaffected. This right shall not apply to processing necessary for the performance of a task carried out in the public interest.
The Operator informs all recipients, to whom your data has been disclosed, of any rectification or erasure of your personal data or a restriction of the processing of your data, unless this proves to be impossible or involves disproportionate effort. The Operator shall inform you of these recipients if you so request.
If the Operator has made the personal data public and is obliged to delete it, the Operator shall take appropriate measures, taking into account the available technology and implementation costs, to inform third parties processing your personal data that you have requested the deletion of all links to this data or copies of the data.
5. Concluding Remarks
Taking into account the nature, scope, circumstances and purposes of the processing, as well as the different likelihood and severity of the risks to your rights and freedoms, the Operator uses appropriate technical and organizational measures to ensure that the data processing is carried out in accordance with legal provisions. The measures are taken under consideration of the current state of technology and include, in particular, an encryption of your data. In addition, your data will be organizationally separated from other data. The equipment and systems on which the data is processed are protected against unauthorized access both physically and digitally. In particular, the Operator's servers are password protected. Through regularly testing and updating of the software used, the Operator prevents security gaps that could allow misuse of your data. Only the persons subordinate to the Operator (employees), who need this for the fulfilment of their tasks, receive access to personal data, and only to the extent necessary in each case. The Operator's employees are instructed in data processing in advance and are obliged to maintain confidentiality. Regular backups protect the data from loss and can be restored at any time. The presetting of the systems ensures that, in principle, only personal data the processing of which is necessary for the respective processing purposes is processed. This implements data protection principles such as data minimization. In addition, the Operator ensures the confidentiality, integrity, availability and resilience of the systems through technical and organizational measures. Compliance with data protection regulations is checked regularly and the measures updated if necessary.