Your Data.

Your Rights.

We are very pleased with your interest in our company. Data protection is of particular importance to the management of QAware GmbH. The use of the QAware GmbH internet pages is generally possible without providing any personal data. However, if a data subject wishes to use special services of our company via our website, the processing of personal data may become necessary. If the processing of personal data is required and there is no legal basis for such processing, we generally obtain the data subject’s consent.

The processing of personal data, such as a data subject’s name, address, email address, or telephone number, will always be in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations applicable to QAware GmbH. Through this privacy policy, our company wishes to inform the public about the nature, scope, and purpose of the personal data we collect, use, and process. Furthermore, data subjects are informed of their rights by means of this privacy policy.

As the controller for the processing, QAware GmbH has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, internet-based data transmissions can fundamentally have security vulnerabilities, so absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us via alternative means, such as by telephone.

Definitions

The privacy policy of QAware GmbH is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and understand for the public, as well as for our customers and business partners. To ensure this, we would like to first explain the terms used.

In this privacy policy, we use, among other things, the following terms:

a) Personal data

Personal data means any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

b) Data subject

A data subject is any identified or identifiable natural person whose personal data is processed by the controller.

c) Processing

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.

d) Restriction of processing

Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.

e) Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

f) Pseudonymization

Pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

g) Controller or data controller

Controller or data controller is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

h) Processor

A processor is a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

i) Recipient

A recipient is a natural or legal person, public authority, agency, or other body to whom personal data are disclosed, whether a third party or not. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

j) Third party

A third party is a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.4

k) Consent

Consent of the data subject means any freely given, specific, informed, and unambiguous indication of the data su6bject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to th7em.

2. NAME AND ADDRESS OF THE CONTROLLER

The controller for the purposes of the General Data Protection Regulation, other data protection laws applicable in the member states of the European Union, and other provisions related to data protection is:

QAware GmbH
Aschauer Str. 30
81549 Munich
Germany

Tel.: +49 89 232315-0
Email: info@qaware.de
Website: www.qaware.de

3. NAME AND ADDRESS OF THE DATA PROTECTION OFFICER

The data protection officer of the controller is:

Prof. Dr. Reiner Hüttl
IT Consultant
Palnkamer Str. 44
83624 Otterfing
Germany

Tel.: +49 89 232315-0

Email: reiner.huettl@qaware.de

Website: www.th-rosenheim.de

Any data subject can contact our data protection officer directly at any time with any questions or suggestions regarding data protection.

4. Hosting

Our website is hosted by an external service provider:

Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen
Germany
www.hetzner.com

The personal data collected from you during the use of our website are processed on Hetzner’s servers. This includes, in particular, IP addresses, meta and communication data, website accesses, server log files, and other data transmitted via a contact or application form. The use of the hosting provider is for the purpose of the secure and efficient provision of our online offer by a professional provider (Art. 6(1) lit. f GDPR).

A data processing agreement (DPA) in accordance with Art. 28 GDPR has been concluded with Hetzner. This ensures that Hetzner processes personal data only according to our instructions and within the framework of the GDPR.

Further information can be found in the privacy policy of Hetzner Online GmbH at: https://www.hetzner.com/de/legal/privacy-policy.

5. COOKIES

Our website uses cookies and similar technologies (e.g., pixels, scripts) to ensure the functionality and security of the website, and—after obtaining your consent—for analysis, marketing, and convenience purposes.

Cookies are small text files that are stored on your device when you visit a website. They contain information that allows the website to remember you and provide certain functions.

A distinction is made between:

• Technically necessary cookies – required for the operation of the website, do not require consent.

• Non-necessary cookies – e.g., for statistics, marketing, or social media integration, are only set after your explicit consent.

The processing of personal data through cookies is based on:

• Art. 6(1) lit. c GDPR in conjunction with Section 25(2) No. 2 of the Telecommunications-Telemedia Data Protection Act (TTDSG) for technically necessary cookies.

• Art. 6(1) lit. a GDPR in conjunction with Section 25(1) TTDSG for non-necessary cookies – only after consent, which can be withdrawn at any time.

Consent Management with Borlabs Cookie

We use the consent management tool Borlabs Cookie from Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany, to obtain and lawfully document your consent for the storage of cookies and the use of certain technologies.

When you visit our website, a technically necessary cookie (borlabs-cookie) is set to store your granted consents or the revocation of these consents. If you wish to withdraw these consents, simply delete the cookie in your browser. When you re-enter/reload the website or enter it in private mode, you will be asked for your cookie consent again. The data collected are not transmitted to Borlabs.

The legal basis is Art. 6(1) lit. c GDPR in conjunction with Section 25(2) No. 2 TTDSG. Further information: https://de.borlabs.io/datenschutz/.

Tracking, Analysis, and Marketing Services Used

a) Google Analytics

This website uses Google Analytics, a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies to evaluate the use of the website. The IP address is anonymized.

Legal basis: Art. 6(1) lit. a GDPR in conjunction with Section 25(1) TTDSG.

Data transfer to the USA is based on the Standard Contractual Clauses of the EU Commission.

Further information: https://policies.google.com/privacy.

b) HubSpot

We use HubSpot from HubSpot, Inc., 25 First Street, Cambridge, MA 02141, USA, for the analysis of website usage and the optimization of our marketing activities.

Legal basis: Art. 6(1) lit. a GDPR in conjunction with Section 25(1) TTDSG.

Data transfer to the USA is based on the Standard Contractual Clauses.

Further information: https://legal.hubspot.com/privacy-policy.

c) LinkedIn Insight Tag & Cookies

Our website uses functions of LinkedIn, provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

The LinkedIn Insight Tag collects information about the website visit, such as URL, referrer, IP address, device, and browser properties.

Legal basis: Art. 6(1) lit. a GDPR in conjunction with Section 25(1) TTDSG.

Data transfer to the USA is based on the Standard Contractual Clauses.

Further information: https://www.linkedin.com/legal/privacy-policy.

Social Media Links (without automatic data transfer)

We link to external social media profiles (GitHub, Instagram, LinkedIn, Xing). Data are only transferred when you click on the link.

• GitHub: GitHub Inc., 88 Colin P Kelly Jr Street San Francisco, CA 94107 United States (Privacy Policy: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement)

• Instagram: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA. (Privacy Policy: https://help.instagram.com/519522125107875)

• LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085 USA. (Privacy Policy: https://www.linkedin.com/legal/privacy-policy)

• Xing: XING AG, New Work SE Dammtorstraße 30 20354 Hamburg (Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung)

6. COLLECTION OF GENERAL DATA AND INFORMATION

The website of QAware GmbH collects a series of general data and information with every visit to the website by a data subject or an automated system. This general data and information are stored in the server log files. The following may be collected: (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrer), (4) the sub-pages that are accessed on our website via an accessing system, (5) the date and time of an access to the website, (6) an Internet Protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) other similar data and information that serve to avert danger in the event of attacks on our information technology systems.

The data are technically necessary to correctly deliver the content of our website, to ensure the stability and security of the system, and to prevent abuse. This data is not merged with other data sources.

The processing is based on Art. 6(1) lit. f GDPR (legitimate interest in the secure and error-free provision of our website). Server log files are generally stored for a maximum of 60 days and then anonymized or deleted, unless a longer retention period is required in the event of a security incident.

7. RIGHTS OF THE DATA SUBJECT

Under the applicable data protection laws, you have the following rights regarding your personal data:

• Right of access (Art. 15 GDPR) – Information about whether and which personal data we process, including the purpose of processing, recipients, storage period, and, if applicable, the data’s origin.

• Right to rectification (Art. 16 GDPR) – Rectification of inaccurate or completion of incomplete data.

• Right to erasure (Art. 17 GDPR) – Deletion of your data, provided there are no legal retention obligations or other legal grounds that prevent it.

• Right to restriction of processing (Art. 18 GDPR).

• Right to data portability (Art. 20 GDPR) – Provision of your data in a common, machine-readable format.

• Right to object (Art. 21 GDPR) – Against certain processing activities, particularly for direct marketing.

• Right to withdraw consent (Art. 7(3) GDPR) – With effect for the future.

• Right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR), for example, with the competent authority for us:

  • Bavarian State Office for Data Protection Supervision (BayLDA), Promenade 27, 91522 Ansbach, Germany.

To exercise your rights, please contact:

Email: datenschutz@qaware.de

Automated decision-making within the meaning of Art. 22 GDPR does not take place in our company.

8. Use of HubSpot

On our website, we use services of HubSpot Inc., 25 First Street, Cambridge, MA 02141 USA (hereinafter “HubSpot”) for the handling of contact forms, email communication, and the management of our customer relationships (CRM).

When you fill out our contact form, the data you enter (e.g., name, email address, company affiliation, concern) are transferred to and stored on HubSpot servers. We use this data to process your request and to contact you afterward. Depending on the form, automated email responses may follow. Furthermore, we enter your data into our HubSpot CRM to efficiently manage communication and our business relationships.

The data processing is based on your consent in accordance with Art. 6(1) lit. a GDPR. The use of HubSpot serves our legitimate interest in effective customer management, communication, and the optimization of our online offer (Art. 6(1) lit. f GDPR).

HubSpot is a US-based company. The transfer of data to the USA is based on the EU Standard Contractual Clauses and, if applicable, other guarantees to ensure an adequate level of data protection. Further information can be found in HubSpot’s privacy policy.

9. Data Protection for Applications and in the Application Process

The controller collects and processes the personal data of applicants for the purpose of carrying out the application process. The processing can also take place electronically. This is particularly the case if an applicant submits corresponding application documents electronically, for example, via email or a web form on the website. If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the legal provisions. If the controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted two months after notification of the rejection, provided that no other legitimate interests of the controller stand in the way of deletion. Another legitimate interest in this sense is, for example, a duty to provide evidence in a proceeding under the General Equal Treatment Act (AGG).

10. Integration of Personio (Careers Section)

For our careers section, we use the service of Personio SE & Co. KG, Seidlstraße 3, 80335 Munich, Germany (“Personio”), to publish job vacancies and manage online applications.

When you apply for a posted position or use the application form, your information (e.g., name, contact details, resume, cover letter, and other documents you upload) is processed directly on Personio’s servers. The data are used exclusively for the purpose of carrying out the application process.

The legal basis is Art. 6(1) lit. b GDPR (initiation of a contract) and Section 26 of the German Federal Data Protection Act (BDSG) (data processing in the employment context).

We have concluded a data processing agreement in accordance with Art. 28 GDPR with Personio SE & Co. KG, which ensures the data protection-compliant processing of your data.

Further information can be found in Personio’s privacy policy.

https://www.personio.de/datenschutz/

11. DATA PROTECTION REGARDING THE USE OF GOOGLE ANALYTICS (WITH ANONYMIZATION FUNCTION)

On our website, we use Google Analytics, a web analysis service from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

Google Analytics uses cookies that enable an analysis of your use of our website. The information generated about your use of this website is usually transferred to a Google server in the USA and stored there.

We use Google Analytics with IP anonymization activated. This means that your IP address is shortened within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area before transmission. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there.

The legal basis for the use of Google Analytics is your consent in accordance with Art. 6(1) lit. a GDPR in conjunction with Section 25(1) TTDSG. You can withdraw your consent at any time via our cookie banner.

The transfer of data to the USA is based on the Standard Contractual Clauses (SCCs) of the EU Commission. Further information can be found at: https://policies.google.com/privacy/frameworks.

Google uses the collected information on our behalf to evaluate your use of the website, to compile reports on website activities, and to provide other services related to website and internet use.

Further information on data usage by Google can be found at:

https://policies.google.com/privacy?hl=en

https://marketingplatform.google.com/about/

12. DATA PROTECTION REGARDING THE USE OF YOUTUBE

Our website incorporates videos from the provider YouTube, which is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (a company of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).

We embed YouTube videos to provide you with multimedia content directly on our website. When you access a page with an embedded YouTube video, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited.

If you are logged into your YouTube account, YouTube can directly associate your browsing behavior with your personal profile. You can prevent this by logging out of your YouTube account beforehand.

The legal basis for the integration of YouTube and the associated data processing is Art. 6(1) lit. f GDPR (legitimate interest in an attractive presentation of our online offers). If consent to the use of cookies or similar technologies was requested (e.g., via a consent tool), the processing is carried out exclusively on the basis of Art. 6(1) lit. a GDPR; consent can be withdrawn at any time.

Further information on the handling of user data can be found in YouTube’s privacy policy at: https://www.google.de/intl/de/policies/privacy.

13. LEGAL BASIS FOR PROCESSING

We only process personal data if there is a legal basis for it. This can be, in particular, your consent (Art. 6(1) lit. a GDPR), the performance of a contract or pre-contractual measures (Art. 6(1) lit. b GDPR), a legal obligation (Art. 6(1) lit. c GDPR), or our legitimate interest (Art. 6(1) lit. f GDPR). We will inform you of the respective legal basis for each specific processing activity in this privacy policy.

14. DURATION FOR WHICH PERSONAL DATA ARE STORED

We process and store personal data only for as long as is necessary to fulfill the respective purposes or as long as we are legally obligated to retain them. If the purpose ceases or a legal retention period expires, the data are deleted or anonymized.

15. OBLIGATION TO PROVIDE DATA

The provision of personal data may be required by law (e.g., tax regulations) or may result from contractual provisions (e.g., information on the contractual partner). In certain cases, the provision of data is necessary to conclude a contract. If the required data are not provided, a contract may not be able to be concluded or performed. We will inform you within the context of the respective processing if such an obligation exists.

16. AUTOMATED DECISION-MAKING

As a responsible company, we do not engage in automated decision-making or profiling in accordance with Art. 22 GDPR.

17. NEWSLETTER

The data you have provided to us for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted after you unsubscribe. Data stored by us for other purposes are not affected by this. For our newsletter distribution and subsequent performance analysis, we use HubSpot.

When you sign up for our newsletter, your email address is collected via a HubSpot form and used for the distribution of our regular email newsletters. We measure open rates, click behavior, and other metrics to continuously improve our content.

The registration is carried out using a so-called double opt-in procedure. Your consent is logged and can be withdrawn at any time.

Legal basis: Art. 6(1) lit. a GDPR (consent).

HubSpot also processes personal data in the USA. EU Standard Contractual Clauses are used to ensure an adequate level of data protection.

Further information: https://legal.hubspot.com/privacy-policy