Data protection

Status: March 2023

General - Information according to Art. 13 + 14 DSGVO  

Qurasoft appreciates your visit to our website and your interest in our company. We take the protection and security of your personal data entrusted to us seriously and want you to feel safe and comfortable when visiting our website and using our offers. 

It is important to us that you know what personal data is collected when you use our offers and services and how we use it afterwards. 

Purpose of the data processing  

Insofar as Qurasoft processes personal data on the website, this is done for the purposes stated in this data protection declaration, in particular the provision of our information offer including newsletters, contacting interested parties, and for downloading files made available.  

Person responsible and data protection officer  

Responsible for the processing of your personal data is 

Qurasoft GmbH 
Im Metternicher Feld 30c
D-56072 Koblenz on the Rhine 

Phone: (+49) 261 - 134 986 0 
E-mail: kontakt@qurasoft.de 

You can reach our external data protection officer at: 

TÜV Technical Monitoring Hesse GmbH 

E-mail: datenschutz@qurasoft.de

Rights concerning the processing of personal data

Right to information 
You have the right to receive information from us at any time upon request about the personal data we have processed concerning you within the scope of Art. 15 DSGVO. To do this, you can send a request by post or e-mail to the addresses given above. 

Right to rectify inaccurate data 
You have the right to demand that we correct your personal data without delay if it is incorrect (Art. 16 DSGVO). To do so, please contact us at the addresses given above. 

Right to erasure 
You have a right to immediate deletion ("Right to be forgotten) of the personal data concerning you if the legal grounds pursuant to Art. 17 of the GDPR exist. These are, for example, if the personal data are no longer necessary for the purposes for which they were originally processed or you have withdrawn your consent and there is no other legal basis for the processing; the data subject objects to the processing (and there are no overriding reasons for processing - this does not apply to objections to direct marketing). To exercise your above right, please contact us at the above contact addresses. 

Right to restrict processing 
You have the right to restrict processing if the conditions are met and in accordance with Article 18 of the GDPR. Accordingly, the restriction of processing may be required in particular if the processing is unlawful and the data subject refuses the erasure of the personal data and instead requests the restriction of the use of the personal data or the data subject has objected to the processing pursuant to Article 21 (1) of the GDPR, as long as it has not yet been determined whether our legitimate grounds override theirs. To exercise your aforementioned right, please contact us at the above contact addresses. 

Right to data portability
You have a right to data portability according to Art. 20 DSGVO. In this context, you have the right to receive the data concerning you that you have provided to us in a common, structured and machine-readable format and to transfer this data to another controller, such as another service provider. The prerequisite for this is that the processing is based on consent or on a contract and is carried out with the help of automated processes. To exercise your above right, please contact us at the above contact addresses.

Right of objection
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out, inter alia, on the basis of Article 6(1) of the Data Protection Act. lit. e or f DSGVO, to lodge an objection pursuant to Art. 21 DSGVO. We will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims. To exercise your above right, please contact us at the above contact addresses.

Right to complain to a supervisory authority
If you believe that the processing of personal data relating to you by us is unlawful, you have the right to complain to the supervisory authority responsible for us, which you can contact as follows: 

The State Commissioner for Data Protection and Freedom of Information of Rhineland-Palatinate 
Prof. Dr Dieter Kugelmann 
Rear pale 34 
55116 Mainz 
Phone: +49 (0) 6131 208-2449 
E-mail: mailroom(at)datenschutz.rlp.de 

Planned data transfer to third countries

A transfer to third countries is currently not planned, otherwise the corresponding legal requirements will be created. In particular, you will be informed about the respective recipients or categories of recipients in accordance with the legal requirements. 

Security

Qurasoft uses technical and organisational security measures to protect the data you have made available from accidental or intentional manipulation, loss, destruction or access by unauthorised persons. This also applies when external services are obtained. The effectiveness of our security measures is reviewed and the measures are continuously improved in line with technological developments. 

SaniQ apps

If you use one of our SaniQ apps for self-monitoring, the functions are always executed on your end device. When we call up functions on our servers (e.g. when you activate the telemedicine mode or use the PDF export health diary offer), your personal data is stored in content-encrypted form. If you have activated the telemedicine mode, your data will be forwarded to your respective telemedicine supporter.  

You can find more detailed information in the data protection declaration our SaniQ app. (Privacy Policy SaniQ App / Privacy Policy SaniQ Practice).

Standard periods for the deletion of data

The legislator has enacted a variety of retention periods and obligations. After these periods have expired, the corresponding data is routinely deleted. If data is not affected by this, it will be deleted or anonymised if the purposes stated within the scope of this data protection declaration cease to apply. Unless this privacy policy contains other, deviating provisions regarding the storage of data, the data collected by us will be stored by us for as long as it is required for the aforementioned purposes for which it was collected. 

Other data use and data deletion

Further processing or use of your personal data will generally only take place if permitted by law or if you have consented to the data processing or use. In the event of further processing for other purposes Purposes, than the one for which the data was originally collected, we will inform you about these other purposes before further processing and provide you with the further relevant information. 

Applications

On our website you have the opportunity to apply online for advertised positions or to send us an unsolicited application by e-mail.

When you apply to us, we process the information we receive from you as part of the application process, e.g. through your letter of application, CV, references, correspondence, telephone or verbal details. In addition to your contact details, information about your education, qualifications, work experience and skills is particularly relevant to us. In addition, we process data that you provide to us voluntarily (e.g. as part of your CV or as attachments).

Within our company, only those people who are involved in the selection process for the advertised position will have access to your data.

Your personal data will not be transferred to any third parties outside the company.

We store your application data for the duration of the review of your application. If your application is unsuccessful or if you withdraw your application, your application data will be deleted after a maximum of 6 months, unless you have expressly agreed to longer storage. If your application is successful, the data you have provided us with will be further processed in relation to your future employment with us. The legal basis is Art. 6 Para. 1 a, b and f DSGVO as well as § 26 BDSG.

You have the right to information according to Article 15 of the GDPR, the right to rectification according to Article 16 of the GDPR, the right to erasure according to Article 17 of the GDPR, the right to restriction of processing according to Article 18 of the GDPR, the right to object according to Article 21 of the GDPR and the right to data portability according to Article 20 of the GDPR. Furthermore, you have the right to complain to the supervisory authority responsible for you.

If you do not provide us with the required personal data, this will not have any negative consequences for you. However, incomplete or inaccurately completed applications will not be considered.

Specific information about the website

Calling up our website

When personal data is entered, it is always transmitted in encrypted form. 

We record and store the IP address assigned to your computer, the type of browser used, the date and time of access as well as messages about successful and unsuccessful accesses in order to transmit the contents of our website accessed by you to your computer (e.g. texts, images as well as files made available for download, etc.) (cf. Art. 6 para. 1 lit. b DSGVO). We also process this data for abuse detection and tracking. In this respect, the legal basis is Art. 6 para. 1 lit. f DSGVO. Our legitimate interest in processing the data is to ensure the proper functioning of our website and the transactions conducted via it. 

Insofar as we process your data for the purposes of providing the functions of our website, as described above, you are contractually obliged to provide us with this data. 

External hosting

This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster's servers. This may include, in particular, IP addresses, contact requests, meta and communication data, contract data, contact data, names, website accesses and other data generated via a website. 

The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b DSGVO) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f DSGVO). Our hoster will only process your data insofar as this is necessary for the fulfilment of its service obligations and will follow our instructions with regard to this data.  

In order to ensure data protection-compliant processing, we have concluded an order processing contract with our hoster. 

Contact

If you have a question for us, you can send an enquiry to send to us by e-mail. When you contact us, the data you provide (your e-mail address and the text of your enquiry as well as any other voluntary information) will be stored by us. In the case of further information, this is voluntary information. The processing is carried out for the purpose of handling the enquiries on the basis of Art. 6 Para. 1 lit. b), f) GDPR. The data collected in the course of contacting you will be deleted as soon as it is no longer required for processing your enquiry. 

Newsletter

If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the specified e-mail address and that you agree to receive the newsletter. No further data is collected or only on a voluntary basis. We use a newsletter service provider to process the newsletters, which are described below.  

We use the services of Mailchimp for sending newsletters. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA. 

Mailchimp is a service that can be used to organise the sending of newsletters, among other things. When you enter data for the purpose of receiving newsletters (e.g. email address), this data is stored on Mailchimp's servers in the USA. We have deactivated Mailchimp's performance measurement so that Mailchimp will not evaluate your behaviour when opening our newsletter. 

If you do not want your data to be transferred to Mailchimp, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message.  

The data processing is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation. 

The data you provide us with for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data that has been stored by us for other purposes remains unaffected by this. 

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: 
https://mailchimp.com/eu-us-data-transfer-statement/ and 
https://mailchimp.com/legal/data-processing-addendum/#Annex_C_-_Standard_Contractual_Clauses. 

After you have unsubscribed from the newsletter distribution list, your e-mail address will be stored with us or the newsletter service provider may be stored in a blacklist, insofar as this is required to prevent future mailings is required. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest. 

For more details, please refer to Mailchimp's privacy policy at: 
https://mailchimp.com/legal/terms/. 

Disclosure to third parties

We sometimes use service providers (based in Germany) who process data on our behalf (e.g. for hosting/email marketing). In the cases described here, the information is passed on to these third parties to enable further processing. The external service providers are carefully selected and regularly reviewed by us to ensure that your privacy is protected. 

The service providers are service providers / order processors bound by instructions and are accordingly obligated by us, among other things, to treat your data exclusively in accordance with our instructions and the applicable data protection laws. In particular, they are obliged to treat your data as strictly confidential. They are also prohibited from using the data for purposes other than those agreed. 

The transfer of data to processors takes place on the basis of Art. 28 (1) DSGVO. 

We also do not sell your data to third parties, nor do we market it in any other way. 

Abuse detection and tracking  

We retain information for abuse detection and tracking, in particular your IP address, for a maximum of 7 days. The legal basis in this respect is Art. 6 (1) lit. f DSGVO. Our legitimate interest in retaining data is to ensure the proper functioning of our website and the transactions conducted via it, as well as to be able to defend against cyber attacks and the like. We may use anonymous usage information to tailor our website to your needs. 

Cookies

A cookie is a simple small file that can be sent with the pages of an internet address and stored by the web browser on the PC or other device. The information stored in it may be sent to our or relevant third party servers during subsequent visits. 

We use basic/essential cookies on our website. These cookies are fundamental to the functioning of our website, and accordingly cannot be deselected. This is, for example, the allocation of anonymous session IDs for the bundling of several queries to a web server. The legal basis for processing the data is our legitimate interest (Art. 6 para. 1 lit. f) DSGVO). 

Technically unnecessary cookies are only used if you consent to them (Art. 6 I lit. a DSGVO, §25 Abs.1 TTDSG). You have the right to revoke your consent at any time within the cookie banner.

Functionality Cookies

These cookies help us to remember settings you have chosen or support other functions when you navigate our website. For example, we can remember your preferred settings for your next visit or save your login details for certain areas of our website. 

Performance/Statistics Cookies

These cookies collect information about how you use our website (e.g. internet browser used, number of visits, pages viewed or time spent on the website). These cookies do not store any information that allows personal identification of the visitor. The information collected with the help of these cookies is aggregated and thus anonymous. 

You can consent to or refuse cookies - including for web tracking - by via the Consent-Banner manage, or the settings of your web browser change. You can configure your browser in such a way that the acceptance of cookies is refused in principle or you are informed in advance when a cookie is stored. In this case, however, the functionality of the website may be impaired (e.g. when placing orders). Your browser also offers a function to delete cookies (e.g. via Delete browser data). You can find more information on this in the operating instructions or usually under settings of your internet browser. 

Matomo (formerly "PIWIK") 

This is an open source tool for web analysis. Matomo does not transmit data to servers outside of Qurasoft's control (see privacy policy). Matomo is disabled when you visit our website. Only if you actively consent, your usage behaviour will be recorded anonymously. Your IP address is anonymised immediately; this means that you remain anonymous as a user. The information generated by the cookie about your use of this website is not passed on to third parties.  

Google Analytics 

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics enables the website operator to analyse the behaviour of website visitors. In this process, the website operator receives various usage data, such as page views, duration of visit, operating systems used and the origin of the user. This data is summarised in a user ID and assigned to the respective end device of the website visitor. 

Furthermore, we can use Google Analytics to track, among other things, your mouse and scroll movements and clicks. record. Furthermore, Google Analytics uses various modelling approaches to supplement the data sets collected and uses machine learning technologies in the data analysis. Google Analytics uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transferred to a Google server in the USA and stored there. 

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: 
https://privacy.google.com/businesses/controllerterms/mccs/. 

IP anonymisation: 
We have activated the IP anonymisation function on this website. This means that your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. 

Browser Plugin: 
You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available under the following link: 
https://tools.google.com/dlpage/gaoptout?hl=de. 

Google Sitekit 

We have integrated the Google Site Kit plugin of the American company Google Inc. into our website. For the European region, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. With Google Site Kit, we can quickly and easily view statistics that come from various Google products such as Google Analytics directly in our WordPress dashboard. Site Kit therefore makes it easier for us to reconcile the respective Google tools.  

If you have actively consented to tracking tools in the cookie banner, Google products such as Google Analytics will set cookies and send data about you, such as your user behaviour, to Google, where it will be stored and processed. This also includes personal data such as your IP address. 

The use of Google Site Kit requires your consent, which we have obtained with our cookie banner.  

Google Tag Manager 

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The Google Tag Manager is a tool that enables us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store cookies and does not perform any independent analyses. It only serves to manage and play out the tools integrated via it. However, the Google Tag Manager collects your IP address, which may also be transmitted to Google's parent company in the United States. 

The use of the Google Tag Manager is based on Art. 6 (1) lit. f DSGVO. The Website operators have a legitimate interest in a quick and uncomplicated integration and administration of various tools on their website. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time. 

Integration of social network plug-ins

Our website uses buttons for linking to our presences in the social networks. The button is marked with the logo of the respective social network. However, these are not social plugins, but simply buttons with links on them. The buttons must be activated (clicked) separately by you. As long as this does not happen, no data is transmitted to the social networks. Only when you click on the buttons and thereby declare your consent to communication with the servers of the social network, the buttons become active and the connection is established. 

By activating the button, the social networks then also receive, among other things, the information that and when you have accessed the corresponding page of our website, as well as, for example, your IP address, details of the browser used and the language settings. When you click on the button, your click is transmitted to the social network and used according to its data usage guidelines. 

When activating the button, we have no influence on the collected data and data processing operations and are not responsible for this data processing and in this respect are not the responsible party in the sense of the GDPR. We are also not aware of the full scope of the data collection, its legal basis, the purposes and the storage periods. Therefore, the information provided here is not necessarily complete. 

The transmission of data takes place regardless of whether you actually have an account with the provider or are logged in there. If you are logged in to the provider, your data is directly assigned to your account. If applicable, the providers also use cookies on your computer to track you. 

To our knowledge, the provider stores this data in usage profiles, which it uses for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (also for users who are not logged in) for the display of needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. To exercise this right of objection, please contact the respective provider. 

For the purpose and scope of the data collection and the further processing and use of the data by the respective social network, as well as your rights in this respect and setting options for protecting your privacy, please refer to the information 

If you do not want the social network to receive data about you, you must not click the button. 

Specific information on our online presence in social media

Qurasoft maintains several online presences within social networks and platforms, such as Facebook, Instagram, Twitter and LinkedIn, in order to have the opportunity to communicate with active users there and to inform them about our service portfolio. Qurasoft uses the technical platforms and services offered by the operators for this purpose. In social networks and on other external platforms, the respective operators' own data protection provisions apply, even if we disseminate information and maintain presences there. 

We would like to point out that you use the services of the social networks and platforms offered here as well as their functions on your own responsibility. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating, etc.). The data collected about you in this context will be processed by the operators of the platforms and may be transferred to countries outside the European Union. What information the operators receive and how it is used is described in general terms in the respective data protection guidelines. On the individual platforms, you will also find information on how to contact the operators and on the setting options for advertisements. 

In which way the operators of the social networks use the data from the visit of the respective pages for their own purposes, to which extent activities on den pages are assigned to individual users, how long this data is stored and whether data from a visit to the respective page is passed on to third parties is not conclusively and clearly stated by the operators and is not known to us.