Data protection

Status: March 2023

General - Information according to Art. 13 + 14 GDPR  

Qurasoft appreciates your visit to our website and your interest in our company. We take the protection and security of your personal data entrusted to us seriously and want you to feel safe and comfortable when visiting our website and using our services. 

It is important to us that you know what personal data is collected when you make use of our offers and services and how we use it afterwards. 

Purpose of the data processing  

Insofar as Qurasoft processes personal data on the website, this is done for the purposes stated in this privacy policy, in particular the provision of our information offer including newsletters, contacting interested parties and downloading files provided.  

Responsible person and data protection officer  

Responsible for the processing of your personal data is 

Qurasoft GmbH
Im Metternicher Feld 30c
D-56072 Koblenz on the Rhine 

Phone: (+49) 261 - 134 986 0
E-mail: kontakt@qurasoft.de 

You can reach our external data protection officer at 

TÜV Technische Überwachung Hessen GmbH 

E-Mail: datenschutz@qurasoft.de

Rights regarding the processing of personal data

Right to information
You have the right to request information from us at any time about the personal data concerning you that we process within the scope of Art. 15 GDPR. To do so, you can send a request by post or email to the addresses given above. 

Right to rectification of inaccurate data
You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you (Art. 16 GDPR). To do so, please use the contact addresses given above. 

Right to erasure 
You have a right to immediate deletion („Right to be forgotten“) of the personal data concerning you if the legal grounds pursuant to Art. 17 GDPR apply. These exist, for example, if the personal data are no longer necessary for the purposes for which they were originally processed or if you have withdrawn your consent and if there is no other legal basis for the processing; the data subject objects to the processing (and there are no overriding reasons for processing - this does not apply to objections to direct marketing). To exercise your above right, please contact us at the addresses given above. 

Right to restriction of processing 
You have a right to restriction of processing if the conditions are met and in accordance with Art. 18 GDPR. According to this, the restriction of processing may be required in particular if the processing is unlawful and the data subject refuses to delete the personal data and instead requests the restriction of the use of the personal data or the data subject has objected to the processing pursuant to Art. 21 para. 1 GDPR, as long as it is not yet clear whether our legitimate reasons outweigh theirs. To assert your aforementioned right, please contact us at the contact addresses given above. 

Right to data portability
You have a right to data portability in accordance with Art. 20 GDPR. You have the right to receive the data concerning you, which you have provided to us, in a commonly used, structured and machine-readable format and to transmit those data to another controller, such as another service provider. The prerequisite for this is that the processing is based on consent or on a contract and is carried out using automated procedures. To assert your above right, please contact us at the addresses given above.

Right of objection
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based, inter alia, on point (e) or (f) of Article 6(1) GDPR pursuant to Article 21 GDPR. We will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims. To assert your aforementioned right, please contact us at the contact addresses given above.

Right to lodge a complaint with a supervisory authority
If you believe that the processing of personal data concerning you by us is unlawful, you have the right to lodge a complaint with the supervisory authority responsible for us, which you can contact as follows: 

The State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate
Prof. Dr. Dieter Kugelmann
Hintere Bleiche 34
55116 Mainz
Phone: +49 (0) 6131 208-2449
E-Mail: poststelle(at)datenschutz.rlp.de 

Planned data transfer to third countries

A transfer to third countries is currently not planned, otherwise the corresponding legal requirements will be created. In particular, you will be informed about the respective recipients or categories of recipients in accordance with the legal requirements. 

Security

Qurasoft uses technical and organizational security measures to protect the data you provide from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. This also applies when external services are used. The effectiveness of our security measures is reviewed and the measures are continuously improved in line with technological developments. 

SaniQ apps

If you use one of our SaniQ apps for self-monitoring, the functions are always executed on your end device. When we call up functions on our servers (e.g. if you activate telemedicine mode or use the health diary PDF export service), your personal data is stored in content-encrypted form. If you have activated the telemedicine mode, your data will be forwarded to your respective telemedicine support provider.  

You can find more detailed information in the privacy policy our SaniQ app:

• Privacy policy for the SaniQ app

• Privacy policy for SaniQ practice and SaniQ video consultation

Standard deadlines for the deletion of data

The legislator has issued various retention periods and obligations. After these periods have expired, the corresponding data is routinely deleted. If data is not affected by this, it will be deleted or anonymized if the purposes stated in this privacy policy no longer apply. Unless this privacy policy contains other, deviating provisions regarding the storage of data, the data collected by us will be stored by us for as long as it is required for the aforementioned purposes for which it was collected. 

Other data use and data deletion

Further processing or use of your personal data will generally only take place if this is permitted by law or if you have consented to the data processing or use. In the event of further processing for purposes other than those for which the data was originally collected, we will inform you of these other purposes prior to further processing and provide you with further relevant information. 

Applications

On our website you have the opportunity to apply online for advertised positions or send us an unsolicited application by e-mail.

When you apply to us, we process the information that we receive from you as part of the application process, e.g. through letters of application, CVs, references, correspondence, telephone or verbal information. In addition to your contact details, information about your education, qualifications, work experience and skills is of particular relevance to us. We also process data that you provide to us voluntarily (e.g. as part of your CV or as attachments).

Within our company, only those persons who are involved in the selection process for the advertised position will have access to your data.

Your personal data will not be transmitted to third parties outside the company.

We store your application data for the duration of the review of your application. If your application is unsuccessful or if you withdraw your application, your application data will be deleted after a maximum of 6 months, unless you have expressly agreed to a longer storage period. If your application is successful, the data you have provided to us will be processed further in relation to your future employment with our company. The legal basis is Art. 6 para. 1 a, b and f GDPR and § 26 BDSG.

You have the right of access under Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to erasure under Art. 17 GDPR, the right to restriction of processing under Art. 18 GDPR, the right to object under Art. 21 GDPR and the right to data portability under Art. 20 GDPR. You also have the right to lodge a complaint with the supervisory authority responsible for you.

If you do not provide us with the required personal data, this will not have any negative consequences for you. However, incomplete or incorrectly completed applications will not be considered.

Specific information about the website

Calling up our website

When personal data is entered, it is always transmitted in encrypted form. 

We collect and store the IP address assigned to your computer, the browser type used, the date and time of access as well as messages about successful and unsuccessful accesses in order to transmit the content you have accessed on our website to your computer (e.g. texts, images and files made available for download, etc.) (cf. Art. 6 para. 1 lit. b GDPR). We also process this data to detect and track misuse. In this respect, the legal basis is Art. 6 para. 1 lit. f GDPR. Our legitimate interest in data processing lies in ensuring the proper functioning of our website and the transactions conducted via it. 

Insofar as we process your data for the purpose of providing the functions of our website, as described above, you are contractually obliged to provide us with this data. 

External hosting

This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster's servers. This may include, in particular, IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website. 

The hoster is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR). Our hoster will only process your data to the extent necessary to fulfill its performance obligations and follow our instructions with regard to this data.  

In order to guarantee data protection-compliant processing, we have concluded an order processing contract with our hoster. 

Contact us

If you have a question for us, you can send us a request by e-mail. When you contact us, the data you provide (your e-mail address and the text of your request and any other voluntary information) will be stored by us. Further information is provided on a voluntary basis. The processing is carried out for the purpose of processing the inquiries on the basis of Art. 6 para. 1 lit. b), f) GDPR. The data collected when you contact us will be deleted as soon as it is no longer required to process your request. 

Newsletter

If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. No further data is collected, or only on a voluntary basis. We use a newsletter service provider to process the newsletter, which is described below.  

We use the services of Mailchimp to send newsletters. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA. 

Mailchimp is a service that can be used to organize the sending of newsletters, among other things. If you enter data for the purpose of subscribing to the newsletter (e.g. email address), this data is stored on Mailchimp's servers in the USA. We have deactivated performance measurement at Mailchimp so that Mailchimp will not evaluate your behavior when you open our newsletter. 

If you do not want your data to be transferred to Mailchimp, you must unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message.  

The data processing takes place on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation. 

The data you provide us with for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data stored by us for other purposes remains unaffected by this. 

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here:
https://mailchimp.com/eu-us-data-transfer-statement/ and
https://mailchimp.com/legal/data-processing-addendum/#Annex_C_-_Standard_Contractual_Clauses. 

After you unsubscribe from the newsletter distribution list, your e-mail address will be stored by us or the newsletter service provider may be stored in a blacklist, provided that this is necessary to prevent future mailings is required. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). Storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest. 

For more information, please refer to Mailchimp's privacy policy at:
https://mailchimp.com/legal/terms/. 

Disclosure to third parties

We sometimes use service providers (based in Germany) who process data on our behalf (e.g. for hosting/e-mail marketing). In the cases described here, the information is passed on to these third parties to enable further processing. The external service providers are carefully selected and regularly checked by us to ensure that your privacy is protected. 

The service providers are service providers / processors bound by instructions and are accordingly obliged by us, among other things, to treat your data exclusively in accordance with our instructions and the applicable data protection laws. In particular, they are obliged to treat your data as strictly confidential. They are also prohibited from using the data for purposes other than those agreed. 

The transfer of data to processors takes place on the basis of Art. 28 para. 1 GDPR. 

We also do not sell your data to third parties, nor do we market it in any other way. 

Abuse detection and prosecution  

We store information for misuse detection and tracking, in particular your IP address, for a maximum of 7 days. The legal basis in this respect is Art. 6 para. 1 lit. f GDPR. Our legitimate interest in the retention of data is to ensure the proper functioning of our website and the transactions conducted via it, as well as to be able to ward off cyber attacks and the like. We may use anonymous usage information to design our website in line with requirements. 

Cookies

A cookie is a simple small file that is sent together with the pages of an Internet address and can be stored by the web browser on the PC or another device. The information stored in it can be sent to our servers or the servers of relevant third-party providers during subsequent visits. 

We use essential/necessary cookies on our website. These cookies are of fundamental importance for the function of our website and cannot be deselected. This is, for example, the assignment of anonymous session IDs for bundling several queries to a web server. The legal basis for the processing of the data is our legitimate interest (Art. 6 para. 1 lit. f) GDPR). 

Technically unnecessary cookies are only used if you consent to this (Art. 6 I lit. a GDPR, §25 para.1 TTDSG). You have the right to withdraw your consent at any time within the cookie banner.

Functionality Cookies

These cookies help us to save settings you have selected or support other functions when you navigate our website. For example, we can remember your preferred settings for your next visit or save your login details for certain areas of our website. 

Performance/statistics cookies

These cookies collect information about how you use our website (e.g. internet browser used, number of visits, pages viewed or time spent on the website). These cookies do not store any information that allows the visitor to be personally identified. The information collected with the help of these cookies is aggregated and therefore anonymous. 

You can manage the consent or rejection of cookies - also for web tracking - via the consent banner or change the settings of your web browser. You can configure your browser so that the acceptance of cookies is refused in principle or you are informed in advance when a cookie is stored. In this case, however, the functionality of the website may be impaired (e.g. when placing orders). Your browser also offers a function for deleting cookies (e.g. via Delete browser data). Further information on this can be found in the operating instructions or, as a rule, in the settings of your Internet browser. 

Matomo (formerly „PIWIK“) 

This is an open source tool for web analysis. With Matomo, no data is transmitted to servers that are outside the control of Qurasoft (see privacy policy). Matomo is deactivated when you visit our website. Your usage behavior is only recorded anonymously if you actively consent to this. Your IP address will be anonymized immediately, so that you remain anonymous as a user. The information generated by the cookie about your use of this website is not passed on to third parties.  

Google Analytics 

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics enables the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, length of visit, operating systems used and origin of the user. This data is summarized in a user ID and assigned to the respective end device of the website visitor. 

We can also use Google Analytics to track your mouse and scroll movements and clicks, among other things. record. Google Analytics also uses various modeling approaches to supplement the collected data records and uses machine learning technologies for data analysis. Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to a Google server in the USA and stored there. 

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here:
https://privacy.google.com/businesses/controllerterms/mccs/. 

IP anonymization:
We have activated the IP anonymization function on this website. This means that your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. 

Browser Plugin:
You can prevent the collection and processing of your data by Google by downloading and installing the browser plug-in available at the following link:
https://tools.google.com/dlpage/gaoptout?hl=de. 

Google Sitekit 

We have integrated the Google Site Kit plugin from the American company Google Inc. into our website. For the European region, Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. With Google Site Kit, we can quickly and easily view statistics from various Google products, such as Google Analytics, directly in our WordPress dashboard. Site Kit therefore makes it easier for us to compare the respective Google tools.  

If you have actively consented to tracking tools in the cookie banner, Google products such as Google Analytics will set cookies and data about you, such as your user behavior, will be sent to Google, where it will be stored and processed. This also includes storing personal data such as your IP address. 

The use of Google Site Kit requires your consent, which we have obtained with our cookie banner.  

Google Tag Manager 

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is a tool that enables us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store any cookies and does not carry out any independent analyses. It is only used to manage and display the tools integrated via it. However, Google Tag Manager records your IP address, which may also be transmitted to Google's parent company in the United States. 

The Google Tag Manager is used on the basis of Art. 6 para. 1 lit. f GDPR. The The website operator has a legitimate interest in the fast and uncomplicated integration and management of various tools on its website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time. 

Integration of social network plug-ins

Our website uses buttons to link to our presence on social networks. The button is marked with the logo of the respective social network. However, these are not social plugins, but simply buttons with links on them. The buttons must be activated (clicked) separately by you. As long as this does not happen, no data is transferred to the social networks. Only when you click on the buttons and thereby declare your consent to communication with the servers of the social network will the buttons become active and the connection be established. 

By activating the button, the social networks then receive, among other things, the information that and when you have accessed the corresponding page of our website, as well as, for example, your IP address, information on the browser used and the language settings. If you click on the button, your click will be transmitted to the social network and used in accordance with its data usage guidelines. 

When the button is activated, we have no influence on the data collected and data processing operations and are not responsible for this data processing and in this respect are not the controller within the meaning of the GDPR. We are also not aware of the full extent of the data collection, its legal basis, the purposes and the storage periods. Therefore, the information provided here is not necessarily complete. 

The data is transmitted regardless of whether you actually have an account with the provider or are logged in there. If you are logged in with the provider, your data will be assigned directly to your account. The providers may also use cookies on your computer to track you. 

To our knowledge, the provider stores this data in user profiles, which it uses for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to display needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. To exercise this right of objection, please contact the respective provider. 

The purpose and scope of the data collection and the further processing and use of the data by the respective social network as well as your rights in this regard and setting options to protect your privacy can be found in the information 

• on Twitter: http://twitter.com/privacy 
• on LinkedIn: http://www.linkedin.com/static?key=privacy_policy&trk=hb_ft_priv 
• on Instagram: https://privacycenter.instagram.com/policy 
• on Facebook: https://www.facebook.com/privacy/policy  

If you do not want the social network to receive data about you, you must not click on the button. 

Specific information on our online presence in social media

Qurasoft maintains several online presences within social networks and platforms, such as Facebook, Instagram, Twitter and LinkedIn, in order to have the opportunity to communicate with active users there and to inform them about our service portfolio. Qurasoft uses the technical platforms and services offered by the operators for this purpose. In social networks and on other external platforms, the respective operators' own data protection provisions apply, even if we disseminate information and maintain a presence there. 

We would like to point out that you use the services of the social networks and platforms offered here and their functions on your own responsibility. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating, etc.). The data collected about you in this context is processed by the operators of the platforms and may be transferred to countries outside the European Union. The respective privacy policies describe in general terms what information the operators receive and how it is used. On the individual platforms, you will also find information on how to contact the operators and on the settings options for advertisements. 

• on Facebook: www.facebook.com/about/privacy
• on Instagram: https://help.instagram.com/519522125107875
• on LinkedIn: www.linkedin.com/static
• on Twitter: twitter.com/privacy

The way in which the operators of the social networks use the data from visits to the respective pages for their own purposes, the extent to which activities on the pages are assigned to individual users, how long this data is stored and whether data from a visit to the respective page is passed on to third parties is not conclusively and clearly stated by the operators and is not known to us. 

Data collection via Formbricks

As part of our online self-test for suitability for telemonitoring in heart failure, we use the Formbricks survey tool. Participation in the test is voluntary and anonymous, provided you do not enter any personal data. If you decide to contact or be referred to a cardiology treatment center at the end of the test, we will collect the personal data you provide.

This data is processed on the basis of your express consent in accordance with Art. 6 para. 1 lit. a and Art. 9 para. 2 lit. a GDPR.

The data is stored on servers within the European Union. Formbricks acts as a processor within the meaning of Art. 28 GDPR.

Your data will be used exclusively for the purpose of checking your suitability for telemonitoring and, if necessary, for referral to a cooperating medical facility. Your data will only be passed on to a cooperating cardiology treatment center with your express consent.

You have the right to revoke your consent at any time, to receive information about your stored data or to request its deletion.