Privacy policy

(Date: 25.10.2024)

>> Our Cookie Policy

1.) Who is responsible for data processing and who can I contact?

  • 1.1) Quality Austria Holding GmbH, along with its operational subsidiaries Quality Austria Academy GmbH and Quality Austria Certification GmbH, is the leading Austrian authority for training and further education, as well as for personal, system, and product certifications, assessments, and validations, as well as the Austria Quality Seal. This is based on globally recognized accreditations and international approvals. Additionally, since 1996, the company has awarded the Austrian Excellence Award in collaboration with the Federal Ministry of Economy, Energy and Tourism. As the national market leader for the Integrated Management System to ensure and enhance business quality, Quality Austria plays a pivotal role in the Austrian economy and stands for ‘Succeed with Quality’.
  • 1.2) Quality Austria, that is Quality Austria Holding GmbH (‘QA Holding’), Quality Austria Academy GmbH (‘QA Academy’) and Quality Austria Certification GmbH (‘QA Certification’) (collectively ‘Quality Austria’, ‘we’, ‘us’), each of which acts as a controller within the meaning of Article 4(7) of the General Data Protection Regulation (‘GDPR’).
  • 1.3) You can reach us as follows:

Quality Austria Holding GmbH
Zelinkagasse 10/3
1010 Vienna, Austria
Phone: +43 1 274 87 47
Fax: +43 1 274 87 47-100
E-mail: datenschutz@qualityaustria.com

Quality Austria Academy GmbH
Zelinkagasse 10/3
1010 Vienna, Austria
Phone: +43 1 274 87 47
Fax: +43 1 274 87 47-100
E-mail: academy-datenschutz@qualityaustria.com

Quality Austria Certification GmbH
Zelinkagasse 10/3
1010 Vienna, Austria
Phone: +43 1 274 87 47
Fax: +43 1 274 87 47-100
E-mail: certification-datenschutz@qualityaustria.com

  • 1.4) CURRENT NEWS: If you are already a Quality Austria customer, we would like to inform you that, by way of a spin-off, your data was passed from Quality Austria - Trainings, Zertifizierungs und Begutachtungs GmbH on to the universal successor Quality Austria Academy GmbH or the universal successor Quality Austria Certification GmbH in order to be able to continue the contracts with you (Article 6(1)(b) GDPR). Quality Austria Academy GmbH and Quality Austria Certification GmbH are the new data controllers as of the spin-off and are thus responsible for your questions and concerns in connection with the GDPR. This privacy policy was updated accordingly.
  • 1.5) The controller takes the protection of your personal data very seriously. The controller therefore treats your personal data confidentially and in accordance with the applicable data protection regulations, in particular the GDPR and the Austrian Data Protection Act ("DSG").
  • 1.6) In this privacy policy you will find information on the data processing activities carried out. The terms laid down in the GDPR are used accordingly. For better comprehensibility, you will find the most important terms according to their legal definition below:
    • Personal data: Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
    • Processing: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
    • Data subject: The person whose personal data is processed.
    • Controller: The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
    • Processor: The natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
    • Consent (of the data subject): Any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2.) For what purposes and on what legal basis is your personal data processed?

QA Holding is the sole controller for the following data processing activities in accordance with Article 4(7) of the GDPR: provision of the website (see point 2.1), enquiry via website, e-mail, post or telephone (see point 2.2), offering qualityaustria services and products (see point 2.3), marketing communication, newsletter, event participation (see point 2.4) and legal prosecution (see point 2.6);
QA Academy is the sole controller for the following data processing activities in accordance with Article 4(7) GDPR: enquiry via the website, e-mail, post or telephone (see point 2.2), offering qualityaustria services and products (see point 2.3), marketing communication, newsletter, event participation (see point 2.4) and legal prosecution (see point 2.6);
QA Certification is the sole controller for the following data processing activities in accordance with Article 4(7) of the GDPR: provision of the website (see point 2.1), enquiry via the website, e-mail, post or telephone (see point 2.2), offering qualityaustria services and products (see point 2.3), marketing communication, newsletter, event participation (see point 2.4) certificate management (see point 2.5) and legal prosecution (see point 2.6).

  • 2.1) Provision of the website
    • 2.1.1) In order to make the website available to you and to be able to identify, prevent and investigate attacks on our website, Quality Austria processes the following personal data on the basis of our aforementioned legitimate interests (Art 6 para 1 lit f GDPR) the URL; the date and time of the visit; the IP address of the computer or mobile device; the name and version of the web browser; the browser type and settings data (screen resolution, colour depth, time zone settings, browser extensions, fonts, language); the operating system; and the website (URL) from which you visit our website ("referrer"). The processing of this data is necessary to provide you with the website and its features.
  • 2.2) Enquiry by website, e-mail, post or telephone
    • 2.2.1) If you send an enquiry to Quality Austria via the contact form on the website, by e-mail or by telephone, Quality Austria processes the following personal data to answer the enquiry in order to fulfil pre-contractual measures or to fulfil the contract (Art 6 para 1 lit b GDPR) or on the basis of our legitimate interests in being able to process your enquiry (Art 6 para 1 lit f GDPR): Name; e-mail address; address; telephone number; content of the enquiry; other information you provide to us voluntarily; personal information about our qualityaustria services and products. The processing of this data is necessary to handle your enquiry.
  • 2.3) Offering qualityaustria services and products (incl. customer handling)
    • 2.3.1) In the context of our qualityaustria services and products in the areas of system certification, assessment and verification, awarding of the Austrian Quality Award for Business Quality as well as individual certification and training and further education, we process (i) personal data that you provide to us, (ii) personal data that our customers as principals of qualityaustria services and products provide to us and (iii) personal data that we collect ourselves in the course of providing qualityaustria services and products. For the aforementioned purposes, we process name, address and other contact data, date and place of birth, identification data (including ID data, certificates, electronic signature) and other personal data in connection with the respective order (including audit documentation, event documentation, certificate data, billing data, bank data).  Without the processing of the aforementioned data, we cannot offer qualityaustria services and products and cannot manage ongoing customer relationships. The legal basis for this processing is the implementation of pre-contractual measures or the fulfilment of the contract (Art 6 para 1 lit b GDPR).
  • 2.4) Marketing communication, newsletter, event participation
    • 2.4.1) We send our customers electronic communications (by e-mail, SMS, MMS or Messenger) to advertise our products or services ("promotional messages"). For this purpose, we process your name, contact details and other information that you provide to us voluntarily in connection with the receipt of promotional messages. The customer can object to the sending of promotional messages at any time by sending an email to the e-mail address set out in point 1.3 with the objection. We will also give you the opportunity to opt out of receiving further promotional messages with each promotional message. The legal basis for the sending of promotional messages is Section 174 para 4 Telecommunications Act 2021.
    • 2.4.2) We will send you postal letters with advertising communication on the basis of our legitimate interests in advertising products or services of interest to you (Article 6 para 1 lit f GDPR). For this purpose, we process your name, contact details and other information that you provide to us voluntarily in connection with the receipt of advertising communication. You can exercise your right to object to postal advertising communication by sending an email to the e-mail address set out in point 1.3.
    • 2.4.3) If you voluntarily provide us with your contact details and other data provided by you for the purpose of sending newsletters, participating in events or other information transmissions, we process your data on the basis of your consent (Art 6 para 1 lit a GDPR). You can revoke your consent at any time by sending an email to the e-mail address set out in point 1.3.
  • 2.5) Certificate management
    • 2.5.1) Quality Austria makes it possible to check or query valid certifications that have been issued. Personal data can also be processed for this purpose, specifically name, academic title, certificate name, certificate title and certificate number (for further details, see point 3.3 below). The legal basis for this is Art 6 para 1 lit c GDPR in conjunction with the Accreditation Act 2021 (as well as relevant standards, in particular EN ISO/IEC 17021-1, ISO/IEC 17065, ISO 17024 and relevant regulations of the accreditation bodies) and our legitimate interest pursuant to Art 6 para 1 lit f GDPR to carry out all activities related to certificate management.
  • 2.6) Legal Prosecution
    • 2.6.1) If an administrative or judicial dispute arises, the personal data necessary for the appropriate legal prosecution will be processed and, if necessary, transmitted to legal representatives, courts and/or administrative authorities. In this context, your contact details (first and last name, academic title, address) and other data in connection with the legal dispute in question (your behaviour in relation to the use of the website) will be processed. The aforementioned personal data is processed on the basis of our legitimate legal interests in legal prosecution pursuant to Art 6 para 1 lit f GDPR and pursuant to Art 9 para 2 lit f GDPR.

3.) To which recipients will your personal data be transmitted?

  • 3.1) We transmit your personal data to our co-operation partners of the relevant qualityaustria services and products to the extent necessary to process your enquiry or to provide the desired qualityaustria services and products. When booking co-operation products that are identified as such, the personal data will be passed on to the respective partners.
  • 3.2) We use processors pursuant to Art 28 GDPR who perform services on our behalf. The processors may only process the data provided to them in accordance with our instructions and to the extent necessary to perform services for us. We contractually oblige these processors to guarantee the confidentiality and security of the personal data processed within the scope of the order. For the purpose of providing the requested qualityaustria services and products, Quality Austria will forward the data to the external qualityaustria auditors, trainers, assessors and technical experts employed by it, who also act as processors of Quality Austria. In addition, Quality Austria uses external IT service providers.
  • 3.3) Due to legal requirements, Quality Austria is obliged to provide the accreditation and licensing bodies with information on qualityaustria's services and/or to grant access to them upon request. The accreditation and licensing bodies may also participate in on-site audits. In the course of this, personal data may also be passed on to the accreditation and licensing bodies. In addition, Quality Austria may transmit personal data to other recipients (such as authorities) in order to fulfil statutory reporting obligations.
  • 3.4) The level of data protection in other countries outside the EEA may not be the same as within the EEA. However, we only transfer your personal data to countries for which the European Commission has decided that they have an adequate level of data protection, or we take measures in accordance with Chapter V GDPR to ensure that all recipients in third countries guarantee an adequate level of data protection. For example, we conclude the standard contractual clauses issued by the European Commission with these recipients.

4.) How long will your personal data be stored?

  • 4.1) Your personal data will only be stored for as long as is necessary to fulfil the respective purpose.
  • 4.2) Notwithstanding point 4.1, Quality Austria will store your data for longer if and insofar as this is necessary to fulfil statutory retention obligations (pursuant to § 132 para. 1 BAO; §§ 190, 212 UGB: 7 years) or to pursue or defend legal claims (generally for a maximum period of 3 years), whereby longer processing of the data may be necessary in the event of imminent or pending proceedings.
  • 4.3) Application documents, audit and assessment reports as well as other documents related to certification are generally stored for a period of 10 years in accordance with Section 12 (8) of the Accreditation Act 2012, unless normative or legal requirements require longer storage. In order to pursue or defend against legal claims, the aforementioned documents are generally processed for a maximum of 3 years, whereby longer processing of the data may be necessary in the event of imminent or pending proceedings.
  • 4.4) If the data processing is based on your consent, Quality Austria will process your data until your withdrawal of consent. The withdrawal can be made at any time by sending an e-mail to the e-mail address set out in point 1.3. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal

5.) What rights do you have?

  • 5.1) You have the right of access under Art 15 GDPR, the right to rectification under Art 16 GDPR, the right to erasure under Art 17 GDPR, the right to restriction of processing under Art 18 GDPR, the right to object under Art 21 GDPR, the right not to be subject to automated individual decision-making, including profiling, under Art 22 GDPR and the right to data portability under Art 20 GDPR. In addition, you have the right to lodge a complaint with a competent data protection supervisory authority in accordance with Art 77 GDPR. You can find more information about your rights at: https//www.dsb.gv.at/rechte-der-betroffenen.
  • 5.2) The competent supervisory authority is the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna (https://www.dsb.gv.at/).
  • 5.3) If you have any questions in connection with the processing of your personal data or wish to assert any rights under the GDPR, such as your right to erasure or your right of access, please contact Quality Austria as described above in point 1.3.

6.) The essential information about joint controllership pursuant to Art 26(2) GDPR

  • 6.1) What is the reason for the joint controllership? The controllers (QA Holding, QA Certification, QA Academy and CIS - Certification & Information Security Services GmbH) process personal customer data in a data pool under joint controllership if the corresponding consent has been obtained, thus marketing resources can be bundled. Through this cooperation, customers benefit from more effective marketing activities and higher customer satisfaction. The controllers benefit from increased efficiency and effectiveness of their marketing strategies.
  • 6.2) For which data processing operations is there a joint controllership? The controllers have jointly defined the processing of your personal data in the individual areas of activity. They are therefore jointly responsible for the protection of your personal data within the areas of activity described below (Art 26 GDPR).
  • 6.3) What have the two controllers jointly agreed on? The controllers have agreed on who will fulfil which obligations under the GDPR in the context of the jointly controlled activities. This applies in particular to the exercise of the rights of data subjects and the fulfilment of the information obligations under Art 13 and 14 GDPR.

Areas

Description of the processing opeartion

Responsible controller (fulfilment of obligations towards data subjects)

A

Operation of the database for the shared data pool:

-          Entering the data

-          Updating the data

-          Deletion of the data

QA Holding 

B

Collection of data by means of a declaration of consent on the website

QA Holding

C

Collection of data when selling own products and services by means of a declaration of consent

QA Certification

D

Collection of data when selling own products and services by means of a declaration of consent

QA Academy

E

Collection of data when selling own products and services by means of a declaration of consent

CIS

F

Processing of data subject requests in accordance with the GDPR (Art 12-21 GDPR), notification of personal data breaches (Art 33, 34 GDPR)

QA Holding in charge by supporting the respective controller

G

Creation and dispatch of the newsletter

QA Holding

H

Reciprocal advertising of customers with reciprocal products and services of another responsible party

QA Certification, QA Academy, CIS

I

Authorisation to commission processors and control (Art. 28 GDPR) for data processing under joint controllership

QA Holding

J

Security of processing: risk analysis and definition and documentation of technical and organisational measures as well as regular review and updating (Art. 24 para. 1 in conjunction with Art. 32 GDPR) If necessary, regulations for the implementation of internal control measures (if necessary) and certifications (if intended)

QA Holding

  • 6.4) What does this mean for data subjects? Even if there is joint controllership, the parties fulfil the data protection obligations in accordance with their respective responsibilities as follows:
    • The controllers shall make the information required under Art 13 and Art 14 GDPR available to the data subjects free of charge in a concise, transparent, intelligible and easily accessible form, using clear and plain language. Each controller shall provide the other controller with all necessary information from their sphere of activity.
    • The controllers shall inform each other immediately of any requests/legal positions asserted by data subjects. They shall provide each other with all information necessary for responding to requests for information.
    • You can assert your rights as a data subject within the scope of joint controllership primarily with Quality Austria Holding. If you have any questions in connection with the processing of your personal data or wish to assert any rights under the GDPR, such as your right to erasure or your right to information, please contact us at the contact details set out in point 1.3.

>> Privacy policy - Whistleblower system

+43 732 34 23 22