Data Protection2019-01-14T12:26:12+00:00

Data protection

The following information describes how we deal with personal data and the way we ensure the implementation of data protection.

All relevant information about the processing of personal data by us as well as the claims and rights to which data subjects are entitled in accordance with the data protection regulations are presented below.

Which data is processed by us and in which way it is used depends decisively on the existing legal relationship between the person concerned and Q_PERIOR.

Who is responsible for data processing and whom may data subjects contact?

Responsible Body is:

Q_PERIOR AG
Leopoldstraße 28a
80802 Munich (Germany)
Telephone: +49 89 45599-0
Fax: +49 89 45599-100
E-mail address: info@q-perior.com

Our data protection officer is available at:

Q_PERIOR AG
Data Protection Officer
80802 Munich (Germany)
Telephone: +49 89 45599-0
E-mail address: Datenschutz@q-perior.com

Information for users of our website

1. What sources and data do we use?

a) Technically required collection of data

If you merely use our website for information purposes, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the data that is technically necessary for us to display our website and to ensure its stability as well as security (legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR):

b) Use of cookies:

[This chapter b) is only used to a limited extent if the Borlabs Cookie Plugin is used before visiting our website. In this case, the use of cookies or other web tracking technologies, as well as the information collected with them is subject to the options selected in the Borlabs Cookie Plugin].
In addition, cookies are stored on your computer when you visit our website. Cookies are small text files that are stored on your hard drive assigned to the browser you are using and through which certain information flows to the company that sets the cookies (in this case to us). Cookies cannot be used to run programs or transmit viruses to your computer. They serve to make the Internet service more user-friendly and effective.
Our website uses the following types of cookies, whose scope and operation will be explained in the following:

Transient Cookies

Transient cookies are deleted automatically when you close your browser. In particular, these include session cookies. These store a so-called session ID with which various requests from your browser can be assigned to the common session. This will allow your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close the browser.

Persistent Cookies

Persistent cookies are automatically deleted after a specified period of time that may vary depending on the cookie in question. You may delete the cookies at any time in the security settings of your browser.
You are able to configure your browser settings according to your wishes and, for example, refuse to accept third-party cookies or other cookies. In this case, you may not be able to use all functions of our website.

2. Which data do we use for other functions and offers on our website?

In addition to the purely informative use of our website, we offer various services that you may use if you are interested. For this purpose, you need to provide further personal data which we use to provide the respective service and to which the aforementioned data processing principles apply.
In some cases we use external service providers to process your data. These providers have been carefully selected and commissioned by us. In addition, they are bound by our instructions and are subject to random checks and are inspected on certain occasions.
Furthermore, we may transmit your personal data to third parties if services are provided by us together with partners. You will receive further information on this in connection with the specification of your personal data or within the scope of the offer description.
As part of a global group, we have affiliated companies and external service providers both within and outside the European Economic Area (“EEA”). As a result, whenever we use or otherwise process your personal data for the purposes described in this Privacy Policy, we may transmit your personal data to countries outside the EEA, including countries where there is a level of data protection that is not comparable to the level of data protection within the EEA. In any case, such a transmission is subject to the standard contractual clauses of the EU Commission Decision 2010/87/EU or its successor in order to contractually ensure the protection of your personal data by a level of protection applicable in the EEA. An edited version of these standard contractual clauses without commercial content and information that is not relevant may be requested from datenschutz@q-perior.com.

a) Contact Form

When you contact us via a contact form, the data you provide (your e-mail address, possibly your name and telephone number, company, areas of interest, etc.) will be stored by us in order to answer your questions and send you industry-specific information or information on Q_PERIOR services and invitations to our events. If you do not agree to the storage of data for marketing purposes or have objected to it, we will delete the data collected in this context after the storage is no longer necessary or restrict the processing if there are statutory retention obligations.

b) Newsletter

You may subscribe to our newsletter, which contains information about Q_PERIOR in general, as well as current topics and events.
To subscribe to our newsletter, we use the “double opt-in” procedure. This means that after your registration we will send you an e-mail to the specified e-mail address in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration, you will not be included in the newsletter mailing list and will not receive a newsletter. In addition, we store the IP addresses you use and times of registration and confirmation. The purpose of the procedure is to verify your registration and, if necessary, to clarify a possible misuse of your personal data.
The data fields marked in the form are mandatory for sending the newsletter. This information is necessary to contact you personally. After your confirmation we will store the given data for the purpose of sending you the newsletter. The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. a GDPR.
We would like to point out that we evaluate your user behavior when sending the newsletter. For this evaluation, the e-mails sent contain so-called tracking pixels, which represent one-pixel image files stored on our website and count calls when the e-mails are opened. For evaluation purposes, we link the data mentioned in clause 1 a) and the tracking pixels with your e-mail address and an individual ID. Links received in the newsletter also contain this ID and are tracked on our website using JavaScript. With the data obtained in this way, we create a user profile to customize the newsletter to your individual interests. We record when you open our newsletter, which links you click in it and infer your personal interests from this. We link this data with how you use our website.
To prevent tracking of the openings, you may deactivate the display of images in your e-mail program by default. In this case, the newsletter will not be displayed completely and you may not be able to use all functions. The above-mentioned tracking will occur when you display the images manually.

c) Getty Images

On our homepage the pictures of the stock image provider Getty Images may be integrated. The pictures are recognizable by a frame with the reference “Getty Images”. For these pictures to be displayed, Getty Images requires the user’s IP address to be visible so that the images can be delivered to the user’s browser. Your IP address is therefore necessary to display this content. According to the current state of knowledge, the IP address is only used for this purpose. However, we have no control on whether Getty Images stores the IP address, for example, for statistical purposes. As far as we become aware of this, we will inform you about it or remove the pictures within the scope of this Privacy Policy.
For more information please refer to the privacy policy of Getty Images: https://www.gettyimages.de/Corporate/PrivacyPolicy.aspx

d) Google reCAPTCHA

To protect your requests via the Internet form we use the service reCAPTCHA from Google. The tool checks whether the input is made by a human being or abusively by automated processing. This service involves sending Google the IP address and any other data required by Google for the reCAPTCHA service. For this purpose, your input will be transmitted to Google and used there. Your IP address will be truncated by Google within the member states of the European Union or in other parties to the Agreement on the European Economic Area. Only in exceptional cases will the entire IP address be transmitted to a Google server in the USA and truncated there. Google will use this information to evaluate your use of this service on behalf of the operator of this website. The IP address transmitted by your browser as part of reCAPTCHA is not conflated with other Google data. This data is subject to the privacy policy of Google Inc. For more information about Google’s privacy policy, please visit: https://www.google.com/intl/de/policies/privacy/

e) GoToWebinar

For webinars we use the webinar software GoToWebinar from LogMeIn, Inc. 333 Summer Street, Boston, MA 02210 USA. LogMeIn, Inc. is responsible for providing this service and the related data processing. You can view LogMeIn’s privacy policy here.
In order to be able to conduct webinars the following data is requested: Salutation, first name, surname, company name, job title, industry (optional), country, e-mail address, telephone (optional) (hereinafter referred to as “registration data”). Additional data may be queried specifically for the respective webinars. We transmit this registration data to LogMeIn, Inc. The processing of your data takes place on the basis of your consent (Art. 6 para. 1 lit a GDPR). An encrypted connection will be established between you and the webinar organizer to conduct the webinar. Both before and after the webinar, you will receive information from us in connection with the webinar.
The webinars are regularly recorded in order to make them available on the Q_PERIOR website for later retrieval. Questions and related answers asked by participants during the webinar will also be recorded and played back when the webinar is later retrieved. Statistical data will be collected during and after the webinar.
By clicking on “Join the Webinar” you confirm that you will not create a recording or screenshot of this session.
If you attend a webinar, in addition to your registration data, we will receive information about the duration of the participation, interest in the webinar, questions asked or answers given for the purpose of further customer service or to enhance user experience. You may end the session at any time by simply closing the browser window. If the person responsible for conducting the webinar terminates the session, your session participation will also be terminated automatically.

f) Google Analytics

Our website uses Google Analytics. Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, which are text files stored on your computer that enable the analysis of the way in which you use the website.
We use Google Analytics to analyze and regularly improve the function of our website and make it more interesting for you as a user.
The information about your use of the website that is generated by the cookies will usually be transmitted to and stored in a Google server located in the United States. However, if IP anonymization is enabled on this website, Google will previously truncate your IP address within member states of the European Union or other signatory states to the Agreement on the European Economic Area Only in exceptional cases will the entire IP address be transmitted to a Google server in the USA and truncated there. For these exceptional cases, Google has agreed to comply with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 para. 1 sentence 1 lit. f GDPR.
On our behalf, Google will use this information to evaluate your use of our website, to compile reports on website activity and to provide us with other services relating to website activity and Internet usage.
The IP address transmitted by your browser as part of Google Analytics is not conflated with other Google data.
You may prevent the saving of cookies by selecting the appropriate settings in your browser. We would like to point out, however, that doing this may mean that not all functions of this website can be used to their full extent. You may also prevent the data generated by cookies concerning your use of the website (incl. your IP address) from being transmitted to Google, and the processing of this data by Google, by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
This website uses Google Analytics with the extension “_anonymizeIp()”. As a result, IP addresses are only processed in truncated form in order to prevent Google from identifying specific individuals’ use of the site. If the data collected about you is personally identifiable, it will be blocked immediately and the personal data deleted as soon as possible.
Information about the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of Use: http://www.google.com/analytics/terms/de.html, Privacy Statement: http://www.google.com/intl/de/analytics/learn/privacy.html, and Privacy Statement: http://www.google.de/intl/de/policies/privacy.

g) Inclusion of YouTube videos

We have included YouTube videos in our online service, which are stored on http://www.youtube.com and are playable directly from our website. These are all included in the extended data protection mode. Only when you play the video data is transmitted to YouTube. We have no control over the extent of data transmission.

a) Transmission of data to YouTube

When you visit the website, YouTube receives, among other things, the information that you have accessed the corresponding subpage of our website. This takes place regardless of whether YouTube makes available a user account via which you are logged into or no user account exists. If you are logged in to Google, your information will be directly associated with your account. If you do not wish to be associated with your profile when using YouTube, you must first log out before clicking the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or requirements-oriented design of its website. Such evaluation also takes place (even for users who are not logged in) for the purposes of providing customized advertising and to inform other social network users about activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.

b) Further information on the purpose and scope of data collection by YouTube

For more information on the purpose and scope of data collection and processing by YouTube, please refer to the privacy policy. There you will also find further information on your corresponding rights and settings options for protecting your privacy: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

h) Integration of Google Maps

On our website we use the services of Google Maps. This allows us to show you interactive maps directly on the website.

a) Transmission of data to Google

By visiting the website Google receives the information, among other things, that you have accessed the corresponding subpage of our website. This takes place regardless of whether Google makes available a user account via which you are logged into or no user account exists. If you are logged into Google, your information will be directly associated with your account. If you do not wish to be associated with your profile when using Google, you must first log out before clicking the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or needs-based design of its website.

b) Further information on the purpose and scope of data collection and its use by Google

For more information on the purpose and scope of data collection and processing by Google, please refer to Google’s privacy policy. There you will also find further information on your corresponding rights and settings options for protecting your privacy: http://www.google.de/intl/de/policies/privacy.
Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.

3. What do we process your data for (purpose of processing) and on what legal basis?

We process personal data in accordance with the provisions of the European Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) on the following legal bases:

a) For the fulfillment of contractual obligations (in accordance with Art. 6 para. 1 lit. b GDPR)

The processing of personal data (Art. 4 No. 2 GDPR) is carried out to establish, implement and terminate the contracts concluded or to be concluded with you via our website as well as all activities necessarily associated with the operation and administration of a company.
The purposes of the data processing depend primarily on the contractual relationship. Further details for the purpose of data processing are set out in the respective contractual conditions.

b) Within the scope of the balancing of interests (in accordance with Art. 6 para. 1 lit. f GDPR)

If necessary, we process your data to protect our legitimate interests or those of third parties. This includes in particular:

  • Assessment and optimization of procedures for needs analysis and direct customer approach;
  • Advertising, market and opinion research, e.g. through the use of cookies, insofar as you have not objected to the use of your data;
  • Assertion of legal claims and mounting a defense in legal disputes;
  • Ensuring IT security and IT operations;
  • Measures for management of business and further development of services and products.

c) On the basis of your consent (Art. 6 para. 1 lit. a GDPR)

If you have given your consent to the processing of personal data for certain purposes to us or to the service providers listed in clause 2, the lawfulness of this processing is given on the basis of your consent. You may withdraw your consent at any time.
Please note that such revocation only applies with future effect. Processing operations that are performed prior to the revocation are not affected.
The objection may be made form-free and should be addressed to:
Q_PERIOR AG
Leopoldstraße 28a
80802 Munich (Germany)
Telephone: +49 89 45599-0
Fax: +49 89 45599-100
E-mail address: info@q-perior.com

d) On the basis of legal requirements (Art. 6 para. 1 lit. c GDPR)

In addition, we are subject to various legal obligations, i.e. legal requirements (e.g. commercial law, tax laws, etc.). Insofar as data is processed in this respect, this is done exclusively on the basis of these regulations.

4. To whom do we transmit your data?

Within the company, those departments receive your data that need it to fulfill our contractual and legal obligations. Also contract processors used by us in accordance with Art. 28 GDPR may receive data for these purposes. These are companies providing IT, telecommunications, and consulting and marketing services.
In addition, we transmit personal data to companies of the group and affiliated companies for the purposes listed above under the conditions listed above.
With regard to the transmission of data to recipients outside the company, please note that we will only pass on your data if this is permitted or stipulates by law, if you have consented to this or if we are authorized to provide information.
Other data recipients may be those entities for which you have given your consent for data transmission.

5. How long will your data be stored?

To the extent permitted by law, we process and store your personal data, in particular as long as this is necessary to fulfill the respective purposes.

6. Is data transmitted to a third country or to an international organization?

Data will only be transmitted to third countries (outside the European Union or the European Economic Area – EEA) if this is necessary for the performance of the services, is required by law, or you have given us your consent.
We have already provided details of the various services on our website in clauses 1 and 2. If further information is required, we will make it available to you before using the respective services.

7. What data protection rights do you have?

Every data subject has the right to information in accordance with Art. 15 GDPR, the right to correction in accordance with Art. 16 GDPR, the right to erasure in accordance with Art. 17 GDPR, the right to restriction of processing in accordance with Art. 18 GDPR, the right to object in accordance with Art. 21 GDPR and the right to data transfer (portability) in accordance with Art. 20 GDPR. The restrictions in accordance with §§ 34 and 35 of the BDSG (German Federal Data Protection Act) apply to the right of information and the right to erasure. In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG).

8. Is there an obligation to provide data?

Within the scope of using our website and its offers, you must only provide personal data that is necessary for the use or which we are legally obliged to collect. Without this data, meaningful use may be limited or impossible.

9. To what extent is there automated decision-making process in individual cases?

A fully automated individual decision-making process in accordance with Art. 22 GDPR does not take place. Should we use these procedures in individual cases, we will inform you separately, insofar as this is required by law.

10. To what extent is your data used for profiling (scoring)?

We do not process your data automatically with the aim of evaluating certain personal aspects (profiling).

11. Objection to marketing e-mails

We hereby expressly prohibit the use of contact data published in the context of the legal notice requirements for websites with regard to submitting promotional and informational material that was not specifically requested. We expressly reserve the right to take legal action against unsolicited mailing or spam e-mails and other similar advertising materials.

Information for applicants, employees and freelancers

1. What sources and data do we use?

We process personal data that we receive from you in the course of the recruitment process or the initiation of a contract, the employment relationship or during the business relationship or when you contact us.
In addition, we process – to the extent necessary – personal data that we have received from authorities, other companies or other third parties (e.g. for tax or social security purposes, as part of a job placement).
On the other hand, we process personal data that we have obtained and are permitted to process from publicly accessible sources (e.g. professional networks, press, and media).
Relevant personal data are personal data (name, address, e-mail address and other contact data, date and place of birth and nationality, gender), employee and performance data (e.g. CV data, qualifications, references, time recording data, holiday periods, periods of incapacity to work, any previous convictions, social data, bank details, social security number, pension insurance number, salary data and the tax identification number) as well as payment and payment transaction data.
This may also include special categories of personal data (sensitive data).
In the case of freelancers, we also collect order data (e.g. consulting orders) and other data from the fulfillment and processing of contractual obligations (e.g. sales data, etc.).

2. What do we process your data for (purpose of processing) and on what legal basis?

We process personal data in accordance with the provisions of the European Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) on the following legal bases:

a) For the fulfillment of contractual obligations (in accordance with Art. 6 para. 1 lit. b GDPR)

The processing of personal data (Art. 4 No. 2 GDPR) is carried out to establish, implement and terminate the contracts concluded or to be concluded with you (in particular employment, service, work or agency contracts), as well as all activities necessarily associated with the operation and administration of a company.
The purposes of the data processing depend primarily on the employment or other contractual relationship. Further details on the purpose of the data processing can be found in the respective contractual documents.

b) Within the scope of the balancing of interests (in accordance with Art. 6 para. 1 lit f GDPR)

If necessary, we process your data to protect our legitimate interests or those of third parties. This includes in particular:

  • Assertion of legal claims and mounting a defense in legal disputes;
  • Ensuring IT security and IT operations;
  • Prevention and investigation of criminal offenses;
  • Measures for building and maintaining system security (e.g. access controls);
  • Measures to ensure domiciliary rights;
  • Measures for management of business and further development of services and products;
  • Processing of the data of freelancers for the transmission of concrete project vacancies;
  • Processing of the data by companies of the group of companies or affiliated companies.

c) On the basis of your consent (Art. 6 para. 1 lit. a GDPR)

If you have given us your consent to process personal data for specific purposes, the lawfulness of this processing is given on the basis of your consent. You may revoke your consent at any time.
Please note that such revocation only applies with future effect. Processing operations that are performed prior to the revocation are not affected.
The objection may be made form-free and should be addressed to:
Q_PERIOR AG
Leopoldstraße 28a
80802 Munich (Germany)
Telephone: +49 89 45599-0
Fax: +49 89 45599-100
E-mail address: info@q-perior.com

d) On the basis of legal requirements (Art. 6 para. 1 lit. c GDPR)

In addition, we are subject to various legal obligations, i.e. legal requirements (e.g. commercial law, tax laws, etc.). Insofar as data is processed in this respect, this is done exclusively on the basis of these regulations.

3. To whom do we transmit your data?

Within the company, your data will be transmitted to those departments that need it to fulfill our contractual and legal obligations. Also contract processors used by us in accordance with Art. 28 GDPR or other service providers may receive data for these purposes. These are companies in the categories IT services, logistics, printing services, telecommunications, debt collection, consulting, sales and marketing and address research.
In addition, we transmit personal data to companies of the group and affiliated companies for the purposes listed above under the conditions listed above.
With regard to the transmission of data to recipients outside the company, it should be noted that we only transmit the data if this is permitted or stipulated by law, if you have consented to this or if we are authorized to provide information. Under these conditions, recipients of your personal data may include, for example:

  • Public bodies and institutions (e.g. tax office, social security agency, public prosecutor’s office, police, supervisory authorities, auditors) in the event of a legal or official obligation;
  • Other companies to which we transmit personal data (depending on the contract: e.g. customers, banks, credit agencies).
    Other data recipients may be those entities for which you have given your consent for data transmission.

4. How long do we store your data?

To the extent necessary, we process and store your personal data for the duration of your employment relationship or the existing contractual relationship, which also includes, for example, the execution of a contract or the fulfillment of contractual obligations.
If you have provided us with your data as part of an application process and have not given us your consent to store your data in our applicant database, we will store them for a period of 5 to a maximum of 6 months after completion of the application process.
In addition, we are subject to various retention and documentation obligations, which derive, among other things, from the German Commercial Code (HGB) and the German Tax Code (AO). The period for retention and documentation specified in these regulations may range from two to ten years.
Finally, the retention period is also assessed in accordance with the statutory limitation periods, which, for example, in accordance with §§ 195 et seq. BGB (German Civil Code) may, as a rule, be three years, but in certain cases also up to thirty years. For the beginning of the limitation period § 199 BGB applies.

5. Is data transmitted to a third country or to an international organization?

Data will only be transferred to third countries (countries outside the European Economic Area – EEA) if this is necessary, legally required or permitted for the initiation and execution of contracts concluded with them (e.g. for the execution of payment orders) or if you have given us your consent. We will inform you of further details separately, if required by law.

6. What data protection rights do you have?

You have the right of access in accordance with Art. 15 GDPR, the right to correction in accordance with Art. 16 GDPR, the right to erasure in accordance with Art. 17 GDPR, the right to restriction of processing in accordance with Art. 18 GDPR, the right to object in accordance with Art. 21 GDPR and the right to data transfer (portability) in accordance with Art. 20 GDPR. The restrictions in accordance with §§ 34 and 35 of the BDSG (German Federal Data Protection Act) apply to the right of information and the right to erasure. In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG).

7. Is there an obligation for you to provide data?

Within the framework of our contractual relationship (employment contract or service contract), you must only provide us with the personal data that is required for the establishment, performance and termination of a contractual relationship or which we are legally obliged to collect. Without this data we will normally have to refuse the conclusion of the contract or will no longer be able to execute an existing contract and may have to terminate it.

8. To what extent is there automated decision-making process in individual cases?

We do not use fully automated individual decision-making processes in accordance with Art. 22 GDPR to establish and implement the contractual relationship. Should we use these procedures in individual cases, we will inform you separately, insofar as this is required by law.

9. To what extent is your data used for profiling (scoring)?

We do not process your data automatically with the aim of evaluating certain personal aspects (profiling). Profiling is therefore not used.

Information for customers, suppliers, service providers and their contacts

1. What sources and data do we use?

We process personal data that we receive from you in the context of the initiation and execution of our business relationship or through your establishment of contact.
We also process personal data that we have received from other companies or from other third parties (e.g. for the execution of orders, for the fulfillment of contracts or on the basis of your consent).
On the other hand, we process personal data that we have obtained and are permitted to process from publicly accessible sources (e.g. debtor registers, land registers, commercial registers, press, and media) (Art. 14 para. 2 lit. f GDPR).
Relevant personal data of contact persons are name, contact and communication data (telephone number, e-mail address etc.). For business partners, this may also include personal data (name, address and other contact data, date and place of birth and nationality), identification data (e.g. ID card data) and authentication data (e.g. signature specimen). This may also include order data (e.g. supply order, service order), data from the fulfillment of contractual obligations (e.g. sales data, credit limit, product data, etc.), advertising and sales data, contract and documentation data (e.g. order data, business letters), register data, payment transaction data (account number, bank details), data on your use of our offered telemedia (e.g. time of calling up our web pages, apps or newsletters, pages clicked on by us or entries) as well as other data comparable with the categories mentioned.

2. What do we process your data for (purpose of processing) and on what legal basis?

We process personal data in accordance with the provisions of the European Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) on the following legal bases:

a) For the fulfillment of contractual obligations (in accordance with Art. 6 para. 1 lit. b GDPR)

The processing of personal data (Art. 4 No. 2 GDPR) is carried out for the provision of services, delivery of goods by suppliers, in particular for the execution of our contracts with you and the execution of your orders, as well as all activities necessary for the operation and administration of a company.
The purposes of the data processing depend primarily on the concrete products supplied by you or the services provided by you or us.
Further details on the purpose of the data processing can be found in the respective contractual documents and the terms and conditions.

b) Within the scope of the balancing of interests (in accordance with Art. 6 para. 1 lit f GDPR)

If necessary, we process your data beyond the actual fulfillment of the contract to protect our legitimate interests or that of third parties. This includes in particular:

  • Assessment and optimization of procedures for needs analysis and direct customer approach;
  • Market and opinion research, insofar as they have not objected to the use of your data;
  • Assertion of legal claims and mounting a defense in legal disputes;
  • Ensuring IT security and IT operations;
  • Prevention and investigation of criminal offenses;
  • Measures for building and maintaining system security (e.g. access controls);
  • Measures to ensure domiciliary rights;
  • Measures for management of business and further development of services.

If you are already our customer, we may use the contact information you provide to send you marketing communications about similar Q_PERIOR services to the extent permitted by law and which you have not objected. In other cases, we may ask for your consent to send you marketing information.

c) On the basis of your consent (Art. 6 para. 1a GDPR)

If you have given us permission to process personal data for specific purposes (e.g. transmission of marketing communications and news about Q_PERIOR’s services, events and other advertising campaigns, transmission of data to third parties, evaluation of data for marketing purposes), the legality of this processing is given on the basis of your consent. You may revoke your consent at any time.
Please note that such revocation only applies with future effect. Processing operations that are performed prior to the revocation are not affected.
The objection may be made form-free and should be addressed to:
Q_PERIOR AG
Leopoldstraße 28a
80802 Munich (Germany)
Telephone: +49 89 45599-0
Fax: +49 89 45599-100
E-mail address: info@q-perior.com

d) On the basis legal requirements (in accordance with Art. 6 para. 1 lit. c GDPR) or in the public interest (in accordance with Art. 6 para. 1 lit. e GDPR)

In addition, we are subject to various legal obligations, i.e. legal requirements (e.g. commercial law, tax laws, etc.). Insofar as data is processed in this respect, this is done exclusively on the basis of these regulations.

3. To whom do we transmit your data?

Within the company, those departments receive your data that need it to fulfill our contractual and legal obligations. Also contract processors used by us in accordance with Art. 28 GDPR may receive data for these purposes. These include companies providing IT services, logistics, printing, telecommunications, debt collection, consulting, sales and marketing, and address research services.
In addition, we transmit personal data to companies of the group and affiliated companies for the purposes listed above under the conditions listed above.
With regard to the transmission of data to recipients outside the company, please note that we will only pass on your data if this is permitted or stipulated by law, if you have consented to this or if we are authorized to provide information. Under these conditions, recipients of your personal data may include, for example:

  • Public bodies and institutions (e.g. tax office, public prosecutor’s office, police, supervisory authorities, auditors) where there is a legal or official obligation.
  • Other companies to which we transmit personal data in order to carry out the business relationship with you (depending on the contract: e.g. banks, credit agencies, suppliers).

Other data recipients may be those entities for which you have given your consent for data transmission.

4. How long will your data be stored?

If necessary, we process and store your personal data for the duration of our business relationship, which includes, for example, the initiation and execution of a contract or for the fulfillment of contractual purposes.
In addition, we are subject to various retention and documentation obligations, which derive, among other things, from the German Commercial Code (HGB) and the German Tax Code (AO). The period for retention and documentation specified in these regulations may range from two to ten years.
Finally, the retention period is also assessed in accordance with the statutory limitation periods, which, for example, in accordance with Art. 195 et seq. BGB (German Civil Code) may, as a rule, be three years, but in certain cases also up to thirty years. For the beginning of the limitation period § 199 BGB applies.

5. Is data transmitted to a third country or to an international organization?

Data will only be transmitted to third countries (countries outside the European Economic Area – EEA) if this is necessary, legally required or permitted for the initiation and execution of the contracts concluded between you and us (e.g. for the execution of payment orders) or if you have given us your consent. We will inform you of further details separately, if required by law.

6. What data protection rights do you have?

You have the right of access in accordance with Art. 15 GDPR, the right to correction in accordance with Art. 16 GDPR, the right to erasure in accordance with Art. 17 GDPR, the right to restriction of processing in accordance with Art. 18 GDPR, the right to object in accordance with Art. 21 GDPR and the right to data transfer (portability) in accordance with Art. 20 GDPR. The restrictions in accordance with §§ 34 and 35 of the BDSG (German Federal Data Protection Act) apply to the right of information and the right to erasure. In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG).

7. Is there an obligation for you to provide data?

Within the framework of our business relationship, you must only provide us with the personal data that is required for the establishment, performance and termination of a business relationship or which we are legally obliged to collect. Without this data, we will usually have to refuse the conclusion of the contract or the execution of the order or we will no longer be able to execute an existing contract and may have to terminate it.

8. To what extent is there an automated decision-making process in individual cases?

In principle, we do not use fully automated individual decision-making processes in accordance with Art. 22 GDPR for the establishment and implementation of the business relationship. Should we use these procedures in individual cases, we will inform you separately, insofar as this is required by law.

9. To what extent is your data used for profiling (scoring)?

We do not process your data automatically with the aim of evaluating certain personal aspects (profiling).

Information for users of our social media services

1. Who is responsible for data processing and whom may you contact?

In addition to us, Q_PERIOR AG, the following companies are responsible for data processing, depending on which social media service you use.

a) Facebook Fanpage

The operation of a Facebook fan page constitutes a processing under joint responsibility in accordance with Art. 26 GDPR. For this purpose, an agreement was signed with Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). This agreement can be found at the following link: https://www.facebook.com/legal/terms/page_controller_addendum

In accordance with this agreement, we do not have any decisions or control over the processing of the data by Facebook.

Facebook assumes responsibility for processing the so-called “Insights Data” and fulfilling the corresponding obligations in accordance with GDPR.

b) Instagram profile

c) LinkedIn

d) XING

2. What sources and data do we use?

We process personal data that we have received from you in the context of your social media use.
Relevant personal data may include IP addresses and data about your use of our social media services (e.g. time of access to our websites, apps or newsletters, pages clicked on or entries) as well as other data comparable with the categories mentioned.
Within the scope of social media use, we can call up statistical usage data from the respective social media company. This can be information about page views and activities, views of individual articles, videos, services (e.g. route planners) etc., comments, shared content, responses, usage rates of men and women, origin related to country and city and language.

3. What do we process your data for (purpose of processing) and on what legal basis?

We process personal data in accordance with the provisions of the European Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) on the following legal bases:

a) Within the scope of the balancing of interests (in accordance with Art. 6 para. 1 lit f GDPR)

If necessary, we process your data to protect our legitimate interests or those of third parties. For example, this may include:

  • Assessment and optimization of procedures for needs analysis and direct customer approach;
  • Advertising, market and opinion research, e.g. through the use of cookies, insofar as you have not objected to the use of your data;
  • Assertion of legal claims and mounting a defense in legal disputes;
  • Measures for management of business and further development of services and products.

In particular, the social media companies create so-called usage profiles by means of your usage behavior and use them to place advertisements. Cookies are usually stored on your computer for this purpose.

b) On the basis of your consent (Art. 6 para. 1 lit. a GDPR)

If you have given us permission to process personal data for certain purposes (e.g. passing on data to third parties, evaluating data for marketing purposes), the legality of this processing is given on the basis of your consent. You may revoke your consent at any time.

Please note that such revocation only applies with future effect. Processing operations that are performed prior to the revocation are not affected.

If you have given the social media companies your consent to a specific data processing, the processing will take place on the legal basis of Art. 6 para. 1 lit. a GDPR.

c) On the basis of legal requirements (in accordance with Art. 6 para. 1 lit. c GDPR) or in the public interest (in accordance with Art. 6 para. 1 lit. e GDPR)

In addition, we are subject to various legal obligations, i.e. legal requirements. Insofar as data is processed in this respect, this is done exclusively on the basis of these regulations.

4. To whom do we transmit your data?

Within the company, those departments receive your data that need it to fulfill our contractual and legal obligations. Also contract processors used by us (Art. 28 GDPR) may receive data for these purposes. These are companies providing IT, telecommunications, and consulting as well as distribution and marketing services.
With regard to the transmission of data to recipients outside the company, please note that we will only pass on your data if this is permitted or stipulated by law, if you have consented to this or if we are authorized to provide information. Other data recipients may be those entities for which you have given your consent for data transmission.

5. How long will your data be stored?

To the extent permitted by law, we process and store your personal data, in particular as long as this is necessary to fulfill the respective purposes.

6. Is data transmitted to a third country or to an international organization?

Data will only be transmitted to third countries (outside the European Union or the European Economic Area – EEA) if this is necessary for the performance of our social media services, is required by law, or you have given us your consent.

Facebook, as a privacy shield certified US provider, is committed to complying with EU privacy standards:
https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

7. What data protection rights do you have?

Every data subject has the right to information in accordance with Art. 15 GDPR, the right to correction in accordance with Art. 16 GDPR, the right to erasure in accordance with Art. 17 GDPR, the right to restriction of processing in accordance with Art. 18 GDPR, the right to object in accordance with Art. 21 GDPR and the right to data transfer (portability) in accordance with Art. 20 GDPR. The restrictions in accordance with §§ 34 and 35 of the BDSG (German Federal Data Protection Act) apply to the right of information and the right to erasure. In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG).
We would like to point out that your data subject rights in connection with your use of social media are most easily asserted against the social media company.
On Facebook you can find further information at: https://www.facebook.com/legal/terms/information_about_page_insights_data
On Instagram you can find further information at: https://help.instagram.com/155833707900388

8. Is there an obligation to provide data?

In the context of Internet or social media use, you must only provide personal data that is required for use or which we are legally obliged to collect. Without this data, meaningful use may be limited or impossible.

9. To what extent is there automated decision-making process in individual cases?

A fully automated decision-making in accordance with Art. 22 GDPR does not take place. Should we use these procedures in individual cases, we will inform you separately, insofar as this is required by law.

10. To what extent is your data used for profiling (scoring)?

We do not process your data automatically with the aim of evaluating certain personal aspects (profiling).

11. Miscellaneous

At this point we would like to inform you about further possibilities for the protection of your rights, setting possibilities and for the protection of your privacy at social media companies.
Information from Facebook: https://www.facebook.com/about/privacy/ and in the “Information on Page Insights Data”: https://www.facebook.com/legal/terms/information_about_page_insights_data
Opt-Out: https://www.facebook.com/settings?tab=ads resp. http://www.youronlinechoices.com

Information on your right to object in accordance with Art. 21 of the General Data Protection Regulation (GDPR)

1. Right to object on a case-by-case basis

You have the right for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you on the basis of Art. 6 Para. 1 lit. e GDPR (data processing in the public interest) and Art. 6 Para. 1 lit. f of the General Data Protection Regulation (data processing on the basis of a weighing of interests); this also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR.
If you file an objection, we will no longer process your personal data unless we are able to prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims.

2. Right to object to the processing of data for direct marketing purposes

In individual cases, we process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling, insofar as it is connected with such direct advertising.
If you object to the processing of your personal data for direct marketing purposes, we will no longer process your personal data for these purposes.
The objection may be made form-free and should be addressed to:
Q_PERIOR AG
Leopoldstraße 28a
80802 Munich (Germany)
Telephone: +49 89 45599-0
Fax: +49 89 45599-100
E-mail address: info@q-perior.com