Privacy policy

Who is Quality Austria - Trainings, Zertifizierungs und Begutachtungs GmbH?

Quality Austria - Trainings, Zertifizierungs und Begutachtungs GmbH (briefly referred to as “Quality Austria”) is the leading partner for system and product certifications, verifications and validations, assessments, trainings and individuals’ certifications as well as the Austria Quality Seal (following also referred to as “qualityaustria services”). The basis is formed by accreditations at Akkreditierung Austria. Furthermore, the company has, since 1996, presented the Austrian Excellence Award in cooperation with the Federal Ministry of Labour and Economy. Quality Austria’s key asset is its competence as a national market leader for the integrated management system, which helps to secure and increase business excellence. Thus Quality Austria is an important driver and trendsetter for the economic site of Austria and for “Succeed with quality”.

Who is responsible for data processing, and whom can I contact?

Quality Austria - Trainings, Zertifizierungs und Begutachtungs GmbH
Zelinkagasse 10/3
1010 Vienna, Austria, Europe
Tel: (+43 1) 274 87 47
Fax: (+43 1) 274 87 47-100
E-Mail: datenschutz(at)qualityaustria.com

What sources and data do we use?

When providing our services in the fields of system certification, verification and validation, the presentation of the Austrian Excellence Award as well as individuals’ certification and training and further training, we process personal data that the customer (the party ordering the qualityaustria service, including its contact person, or a person participating in a qualityaustria service) makes available to us just as much as data that we acquire ourselves when providing the qualityaustria services (e.g. in the course of an audit or an examination). As a rule, Quality Austria cannot provide the desired services without this data.
Relevant personal data includes particulars (e.g. name, address and other contact data, day and place of birth), legitimization data, contract data (e.g. audit documentation, documentation of events, data about Certificates, accounting data, bank data).

What do we process your data for (purpose of data processing)? And on what legal basis?

The personal data that we acquire on the occasion of the qualityaustria service will be processed for purposes of performing contracts according to the most important contractual documents and our Terms and Conditions as well as for the required documentation in conformity to the normative requirements (above all ISO/IEC 17021, ISO/IEC 17024, ISO/IEC 17065 and possible additional requirements from models to be audited by order of the customer), for bookkeeping and accounting, for establishing and defending legal claims as well as for Customer Relationship Management, including drawing up of offers for further qualityaustria services (e.g. re-certifications and add-on certifications or relevant trainings). The legal basis for these types of processing is formed by Art. 6 (1) lit. b of the General Data Protection Regulation (GDPR) (performance of a contract and steps prior to entering into a contract) (as far as the person concerned is a contracting party himself or herself) and Art. 6 (1) lit. f of the GDPR (legitimate interests in the provision of the agreed qualityaustria services serving to increase business excellence, which are pursued by Quality Austria and the customer) and Art. 9 (2) lit. f of the GDPR (establishment, exercise or defence of legal claims). Partly processing also is prescribed by law (e.g. fiscal rules, bookkeeping and accounting; legal requirements placed by the Accreditation Act).

For maintaining our legitimate interests in direct advertising for our range of services, we use the customer’s personal data (name, title, address, contact data, details of the order, past orders) for our own advertising and marketing purposes in order to send the customer information and advertisements about their services and products, news and other customer information that might be interesting for the customer as long as the customer has not objected to processing for purposes of direct advertising.

If you have given us a consent to our processing personal data for definite purposes (e.g. participation in events, passing on of information), the lawfulness of this processing will be given on the basis of your consent. Consent that has been given can be revoked, at any time. This also applies to the revocation of declarations of consent that were made before the GDPR entered into force.

Who will receive my data?

Within Quality Austria, only Departments and Divisions that need your data for fulfilling the contractual and legal obligations or for processing due to legitimate interest will be granted access to your data.

It is for purposes of providing the qualityaustria service desired by the customer that Quality Austria will pass data on to the external qualityaustria auditors, trainers, assessors and technical experts acting as Quality Austria’s contract processors. Moreover, Quality Austria avails of services provided by external IT providers.

Acc. to the Accreditation Act and the relevant Standards (in particular ISO/IEC 17021 and ISO/IEC 17024), Quality Austria shall be obliged to provide a publicly accessible list of certifications conducted. In the list, which is accessible on Quality Austria’s website, the respectively applicable Certificates and their holders are listed.

Based on normative requirements, Quality Austria shall further be obliged to make information on the qualityaustria services available to the Accreditation and Certification Bodies and/or grant these bodies access upon their request. In this process, it also is personal data that can be passed on to the Accreditation and Certification Bodies. Furthermore, Quality Austria can transmit personal data to additional recipients (e.g. public authorities) in order to fulfil legal reporting duties.

When booking cooperation products that are identified as such, the personal data is passed on to the partners.

Is data transmitted into a third country or to an international organization?

Data will be transmitted into countries outside the European Union to the extent as this is necessary for Quality Austria carrying out the orders (e.g. if the auditee is based in a third country), prescribed by law or you have given an explicit consent.

How long will my data be saved?

The data will be saved for the period in which this is necessary for enabling Quality Austria to fulfil its contractual and legal obligations. Master data about the customer (including organs that have general powers of representation and contact persons at the customer’s) as well as the order history will be archived until the end of the business relationship and, beyond this, until the expiration of the warranty periods, limitation periods and legal retention periods. Application documents, audit and verification reports as well as other documents relating to certification will basically be retained for 12 years as far as normative or legal requirements do not require a longer retention period. Civil-law limitation periods can, in the single case, amount to up to 30 years.

What data protection rights do I have?

Acc. to the General Data Protection Regulation (GDPR), each person concerned shall have the right to be informed of the personal data that we process about him or her as well as the rights to rectification, to erasure, to restriction of processing and to data portability. Furthermore, persons concerned can, for reasons resulting from their special situation, object to our processing of personal data that refer to them for the future on the basis of a legitimate interest, at any time. Moreover, they can, at any time, object to future use of their personal data for purposes of direct advertising free of charge and without giving reasons. If you object to processing for purposes of direct advertising, we will thus no longer use your personal data for these purposes.
Besides, there is a right to lodge a complaint with the competent data protection authority. A consent that has been given can be revoked, at any time.

For exercising their rights as persons concerned and in case of questions about data protection guaranteed by Quality Austria, persons concerned can contact datenschutz(at)qualityaustria.com.

To what extent are decisions taken in an automated manner?

Not at all!

Does profiling take place?

In order to be capable of specifically informing and consulting you in terms of products, we use evaluation tools. These tools enable needs-oriented communication and advertising, including market and opinion research. You can object to profiling used for direct advertising, at any time.

Is the user behaviour on the website analyzed?

If you visit this website, we will track some of your personal data in connection with your visit. In this section we inform you about how we process your personal data.

Categories of processed data and purpose of data processing
When visiting our website we automatically collect and process the following personal data:

date and time of your visit to certain pages of our website;
your IP address;
the type and version of web browser used to access our website;
the previously visited website (URL);
certain cookies (see below)

It is not mandatory to actually provide the information and data asked for on our website. However, providing this information will help us to improve your online experience. Without providing this data, you won’t be able to use all features on our website.

Your data is processed for the following purposes:

to provide you with the best experience during your website visit and to further improve and develop our website;
to be able to create statistics on user activities;
to identify, prevent and investigate potential attacks or fraud on our website, and
to provide users with a user account on our website, if necessary.

Legal basis for processing

We process your personal data on the basis of:

your consent given by accepting the cookie banner (to the extent of your selection), in accordance with the principle of „Privacy by Default“;
our legitimate interests within the meaning of Art 6 para. 1 lit f GDPR, which is providing a user-friendly website and protecting our website from fraud.

Storage period

Usually, your data is stored for 1 hour. If you use our shopping cart, your data may be stored for up to 30 days. Your IP address, anonymized and sent back to us by, for example, Google Analytics, is only stored as long as necessary for improving user experience (such data is no longer personal data). Data will only be stored longer if necessary for the investigation of abusive or fraudulent activities on our website. Beyond that, data is stored only until the expiration of relevant periods of limitation, statutory retention periods or any legal disputes in which the data is required as evidence. Furthermore, we store the data collected to provide your user account for as long as your account exists.

Cookies

The website uses cookies. Cookies are small files stored on your computer when visiting a website. Usually, cookies are used to give visitors additional functions on a website. For instance, cookies facilitate the navigation on a website, and help to remember information about your visit, such as your preferences and settings once you return to the website. Cookies cannot access, read or change any other data or information on your computer.

Most of the cookies used on our website are so-called session cookies. These are temporary cookies which are automatically deleted once you leave our website. Persistent cookies, on the other hand, remain on your computer until you manually delete them in your browser. We use persistent cookies to recognize you when you visit our website later again.

If you want to control cookies on your computer, you can change your browser settings so that you will be notified whenever a website wants to store cookies. You can also block or delete cookies if they are already stored on your computer. If you want to get further information on how to manage your cookie settings, please go to the “Help” function in your browser. For ensuring the most user-friendly handling of cookies we use a so-called “Cookie Manager” (cookie banner), which makes it even easier for you to manage the cookie settings. Please keep in mind that blocking or deleting cookies may adversely affect the functionality of our website and your online experience.

Right to object:
Cookie settings

Google Analytics

Our website uses functions of the web analytics service “Google Analytics”, owned by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses cookies to measure how you interact with our website content.

The information generated by such a cookie about your user activities on this website (including your IP address and the URLs of the visited pages and the attributes of the website) is transferred to Google servers in the USA and is stored there. We do not store any of your data collected in connection with Google Analytics.

Our website uses the option of IP anonymization offered by Google Analytics. This means that your IP address is shortened and anonymized by Google as soon as Google receives your IP address. On our behalf, Google uses this information for evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage. Google does not merge the IP address transmitted by your browser within the framework of Google Analytics with any other data.

For more information about the Google Terms of Use and Privacy Policy, please go to http://www.google.com/analytics/terms/de.html and https://www.google.at/intl/at/policies/.

Right to object to the transfer to non-EU countries and to processing of your data: You can prevent the collection of your data by Google Analytics on this website via our Cookie Manager (Cookie settings) à an opt-out cookie is set to prevent future collection of your data when visiting this website).

ATTENTION: At this point we would like to point out the recent judgment of the European Court of Justice (ECJ) "Schrems II" (C-311/18), which classifies the appropriate data protection level of some US cloud service providers, including Google Analytics, as not complying with data protection regulations. Our data protection team will be happy to answer any questions you may have (datenschutz@qualityaustria.com), or you can switch off tracking via Google Analytics on our site at any time (Cookie settings).

Google Fonts
We use fonts ("Google Fonts") from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

Mouse Tracking

Our concern in terms of the GDPR (legitimate interests) is the improvement of our services and our website. We thus use Hotjar to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don*t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies (see above) to collect data on our users’ behavior and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to use or sell any of the data collected on our behalf. For further details, please see the Hotjar Privacy Policy: https://www.hotjar.com/legal/policies/privacy.

Presence in social networks (social media)

Quality Austria has an online presence at various social networks. The user data processed at these sites are used to communicate with the users there or to offer information about Quality Austria and our services.

Quality Austria explicitly points out that user data may be transferred outside the European Union. For detailed presentation of the respective processing activities and the right to object (opt-out) we refer to the privacy data of the respective network.

Facebook
Quality Austria together with Facebook Ireland Ltd. is responsible for collecting (but not further processing) data of our visitors of the Facebook page (so-called "Fan page"). This joint liability means that both parties are responsible legally. The data concerned include content that is viewed by the aforementioned users and also content with which these active users interact. In this common relationship there is also a joint agreement on the processing modalities. This agreement is issued by Facebook Ireland Ltd.

Used services and service providers:

Facebook:

Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA

Website: https://www.facebook.com

Right to object (opt-out): for ads: https://www.facebook.com/settings?tab=ads

LinkedIn:

LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

Website: https://www.linkedin.com

Right to object (opt-out): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Twitter:

Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA