1. Collection, processing and use of personal data on request
The use of our website is generally possible without providing personal data. You are neither obliged to visit this website nor to provide any personal data. If you do not provide us with personal information, you may not be able to use certain functionalities of this website. Otherwise there will be no consequences for you. As far as personal information (such as name, address or e-mail addresses) is collected on our site, this is done on a voluntary basis, except in the cases expressly described below. This data will not be passed on to third parties without your express consent. We would like to point out that data transmission over the Internet (e.g. communication by e-mail) can have security risks. A complete protection of data against access by third parties is not possible.
If the processing of your personal data is based on your consent, you have the right to revoke your consent at any time with the consequence that the processing of your personal data will become inadmissible for the future. However, this does not affect the legality of the processing carried out on the basis of the consent until revocation.
2. Data processing to enable the use of the website
When you visit our website, we collect the necessary information to enable you to use it. This includes your IP address and data about the start, end and subject of your use of the website as well as any identification data (e.g. your login data when you log into a secure area). This data is used to provide and design the service according to requirements. They are always deleted as soon as they are no longer required and there are no storage obligations.
When you visit our website, a so-called "cookie banner" appears, with which we ask you for your consent to set cookies to optimize the website. If you agree, we will proceed as described in more detail in the following two sections. There you will also find information on how you can revoke your consent at any time and prevent the setting of cookies.
If you visit our website and give your consent, it may be that information in the form of a cookie is stored on your computer. Cookies are small text files that are sent from a web server to your browser and stored on your computer's hard drive. This makes it possible to recognize you when you visit the website again. In this way we can guarantee a better functionality of the site. Most browsers are set to automatically accept cookies. You can deactivate the storage of cookies in your browser and have the possibility to delete them from your hard disk at any time. We would like to point out to you that a use of our offers on the website without cookies may only be possible to a limited extent. However, you can also use your browser only to prevent certain cookies from being set (e.g. cookies from third parties), for example if you want to prevent web tracking. Please refer to your browser's help function for more information.
4. When registration for MyDQS
Under the domain www.mydqs.com DQS Group (DQS GmbH, DQS Holding GmbH, DQS CFS GmbH, DQS Medizinprodukte GmbH) as joint controllers according to Article 26 GDPR offer our customers the possibility to register for a password protected area (hereinafter referred to as MyDQS) where certifications, order confirmations, reports and other relevant documents can be provided by us and accessed by you.
If you request from your customer advisor to register for MyDQS, the advisor will create a login for you, based on your relevant contact-data (name, e-mail address) and your organization’s DQS-file number. Your name is required in order to know, who the request comes from. We need your e-mail address to send you an email with a link for your initial registration.
To complete the registration process, you will need to provide additional mandatory information about your company. If you have voluntarily given us your telephone number to be contacted by phone, this number will also be transferred to the account. After your first registration, you have to set a password of your own choice. Together with your e-mail address, this enables access to your account. If permissions are provided, you can add and activate additional members from within your organization. In order to create a login, you will have to provide
- First and last name
- E-mail address and
- Professional contact details
of the person you’d like to register. The newly created user will receive an activation link with which the login can be activated as described above. The link is valid for 24 hours. If the account is not activated by the member of your organization, the details provided by you will be deleted automatically after 48 hours. The organization’s admin can delete additional accounts at any time within the portal itself.
The processing of data is carried out at your request and is required in accordance with Article 6 Para. 1 Subpar. 1 lit. b GDPR for the purposes mentioned above for the performance of a contract we have with you and pre-contractual measures as well as based on legitimate interests of DQS Group to jointly offer its customers additional services, based on Article 6 Para. 1 Subpar. 1 lit. f GDPR.
If you wish to deactivate your organization’s account as a whole, you can request deletion from DQS by e-mail at any time. The personal data processed by us within the context of MyDQS will then automatically be deleted after all contractual matters have been settled, unless you have consented to additional storage (in particular company details and user accounts) in accordance with Article 6 Para. 1 Subpar. 1 lit. a GDPR or legal storage obligations prevent deletion.
You can, in principle, exercise your data subject rights towards any member of the DQS group. Internally responsible, however, is first and foremost DQS GmbH.
5. Legal basis for processing
The legal basis for processing depends on the purpose for which the data are processed. We collect, as described under item 3, data for pseudonymised user profiles to improve the website on the basis of the applicable data protection law for media.
6. Transmission to third parties and in countries outside the EU
Your personal data will only be transmitted to third parties, if this is legally permitted or if you have given your prior consent. For example, we may transfer data to other companies of the DQS group, if this is necessary to respond to a request you have made. We will only disclose your data to government authorities within the framework of legal obligations or as a result of an official order or court decision. A transfer to recipients outside the EU only takes place if it is ensured that the recipient of the data guarantees an adequate level of data protection and that there are no other interests worthy of protection against the data transfer. Should you have any questions in this regard, please contact our data protection officer (see Section 10).
We delete your personal data as soon as they are no longer needed for the purposes pursued with the collection and processing and as far as no legal storage obligations stand in the way.
8. Data security
DQS MED has taken the necessary technical and organisational measures to protect the personal data you provide from loss, destruction, manipulation and unauthorised access. Our employees and all persons involved in data processing are obliged to comply with data protection laws and to treat personal data confidentially. Our employees are trained accordingly. Both internal and external tests ensure compliance with all data protection relevant processes at DQS MED.
To protect the personal data of our users, we use a secure online transmission procedure, the so-called "Secure Socket Layer" (SSL) transmission. You can recognize this by the fact that an "s" ("https://") or a green, closed lock symbol is added to the address component . By clicking on the icon you will receive information about the SSL certificate used. The display of the symbol depends on the browser version you are using. SSL encryption guarantees the encrypted and complete transmission of your data.
9. Your rights regarding personal data
The data protection law grants you a number of rights with regard to data concerning your person (so-called rights of data subjects). In general, these are the right to request information about your personal data stored by us, as well as the right to correct, delete or restrict the processing of these data and to object to the processing. Whether and to what extent these rights exist in individual cases and what conditions apply depends on the law (until 25 May 2018 from the Federal Data Protection Act, from 25 May 2018 also from the EU Basic Data Protection Ordinance). The basic EU data protection regulation also grants you the right to data transferability. If you have given your consent to the processing of your personal data, you can revoke this at any time with effect for the future. They also have a right of appeal to the competent data protection supervisory authority. However, if you have any questions or complaints regarding data protection at DQS MED, we recommend that you first contact our data protection officer (see Section 10).
10. No automated single decision
As far as this is not exceptionally necessary for the conclusion of a contract or permitted by law (as in the case of age verification) we do not use your personal data for automated individual decisions.
11. How can you contact us?
You will find our contact details as the responsible body in the imprint.
If you wish to exercise the rights mentioned under item 8 or if you have any questions about data protection with us or this data protection declaration, you can also contact our data protection officer: