Q Q Q Q Q Q Q Q Q Q Q Q Q Q Q

Your Data.
Your Rights.

We are very pleased about your interest in our company. Data protection is of particularly high importance to the management of QAware GmbH. In general, it is possible to use the QAware GmbH website without providing any personal data. However, if a data subject wishes to use specific services offered by our company through our website, the processing of personal data may become necessary. Where the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain the data subject’s consent.

The processing of personal data, such as a data subject’s name, address, email address, or telephone number, is always carried out in compliance with the General Data Protection Regulation and in accordance with the country-specific data protection provisions applicable to QAware GmbH. By means of this Privacy Policy, our company would like to inform the public about the nature, scope, and purpose of the personal data we collect, use, and process. In addition, this Privacy Policy informs data subjects of the rights to which they are entitled.

As the controller, QAware GmbH has implemented numerous technical and organizational measures to ensure the most complete protection possible of personal data processed through this website. Nevertheless, internet-based data transmissions may inherently have security gaps, so absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us through alternative means, for example by telephone.

Definitions

Among others, we use the following terms in this Privacy Policy:

a)    Personal Data
Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

b)    Data Subject
Data subject means any identified or identifiable natural person whose personal data is processed by the controller.

c)    Processing

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

d)    Restriction of Processing
Restriction of processing means the marking of stored personal data with the aim of limiting its processing in the future.

e)    Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s job performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

f)     Pseudonymization
Pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

g)    Controller or Data Controller
Controller or data controller means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for by Union or Member State law.

h)    Processor
Processor means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

i)    Recipient
Recipient means a natural or legal person, public authority, agency, or other body to which personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

j)    Third Party
Third party means a natural or legal person, public authority, agency, or body other than the data subject, the controller, the processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

k)    Consent
Consent means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which the data subject, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to them.

2. Name and Address of the Controller 

The controller for the purposes of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union, and other provisions of a data protection nature is:

QAware GmbH
Aschauer Str. 30
81549 Munich
Germany

Phone: +49 89 232315-0
Email: info@qaware.de
Website: www.qaware.de

3. Name and Address of the Data Protection Officer

The Data Protection Officer of the controller is:

Prof. Dr. Reiner Hüttl
IT Consultant
Palnkamer Str. 44
83624 Otterfing
Germany

Phone: +49 89 232315-0
Email: reiner.huettl@qaware.de
Website: www.th-rosenheim.de

Any data subject may contact our Data Protection Officer directly at any time with any questions or suggestions regarding data protection.

4. Hosting

Our website is hosted by an external service provider:

HubSpot Inc.,
25 First Street,
Cambridge,
MA 02141 USA
https://www.hubspot.com

The personal data collected from you in connection with your use of our website is processed on HubSpot’s servers. This includes, in particular, IP addresses, metadata and communication data, website access data, server log files, and other data transmitted via a contact or application form.

The hosting provider is engaged for the purpose of securely and efficiently providing our online services through a professional provider (Art. 6(1)(f) GDPR).

We have entered into a data processing agreement (DPA) with HubSpot in accordance with Art. 28 GDPR. This ensures that HubSpot processes personal data only on our instructions and in compliance with the GDPR.

HubSpot is a U.S. company. Data transfers to the United States are based on the EU Standard Contractual Clauses and, where applicable, additional safeguards to ensure an adequate level of data protection. 

Further information can be found in HubSpot’s Privacy Policy at: https://legal.hubspot.com/privacy-policy

5.  Cookies

Our website uses cookies and similar technologies (e.g., pixels, scripts) to ensure the functionality and security of the website and, subject to the relevant consent, for analytics, marketing, and convenience purposes.

Cookies are small text files stored on your device when you visit a website. They contain information that allows the website to remember you and provide certain features.

A distinction is made between:

  • Technically necessary cookies – required for the operation of the website and do not require consent.
  • Non-essential cookies – e.g., for statistics, marketing, or social media integration, are only set with your express consent.

The processing of personal data through cookies is based on:

  • Art. 6(1)(c) GDPR in conjunction with Section 25(2) No. 2 TTDSG for technically necessary cookies.
  • Art. 6(1)(a) GDPR in conjunction with Section 25(1) TTDSG for non-essential cookies – only with consent, which may be withdrawn at any time.

Consent Management with Cookiebot

We use the consent management tool Cookiebot from Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark, to obtain, manage, and document your consent to the storage of cookies and the use of certain technologies in a data protection compliant manner.

When you access our website, a connection is established to Usercentrics’ servers in order to request and store your consent. In doing so, the following data is processed:

  • Your IP address (in anonymized form),
  • Date and time of consent,
  • Browser information,
  • URL from which the consent was submitted,
  • an anonymous, random key (Consent ID),
  • your consent status.

For this purpose, Cookiebot sets a cookie (“CookieConsent”) that stores your consent preferences. This cookie is technically required in order to document your consent and take it into account on future visits to the site.

The consent data is stored to fulfill our legal obligation to document consent pursuant to Art. 7(1) GDPR.

The legal basis for processing is Art. 6(1)(c) GDPR (compliance with a legal obligation) in conjunction with Section 25(2) No. 2 TDDDG.

Usercentrics is a recipient of your personal data and acts as our processor in accordance with Art. 28 GDPR. Processing takes place within the European Union. Further information on data processing by Cookiebot can be found at:
https://www.cookiebot.com/de/privacy-policy/

Tracking, analytics, and marketing services used

a) Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies to analyze website usage. The IP address is anonymized.

Legal basis: Art. 6(1)(a) GDPR in conjunction with Section 25(1) TTDSG.
Data transfers to the U.S. are based on the European Commission’s Standard Contractual Clauses.
Further information: https://policies.google.com/privacy.

b) HubSpot

We use HubSpot from HubSpot, Inc., 25 First Street, Cambridge, MA 02141, USA, to analyze website usage and optimize our marketing activities.

Legal basis: Art. 6(1)(a) GDPR in conjunction with Section 25(1) TTDSG.
Data transfers to the U.S. are based on the Standard Contractual Clauses.
Further information: https://legal.hubspot.com/privacy-policy.

c) LinkedIn Insight Tag & Cookies

Our website uses features provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
The LinkedIn Insight Tag collects information about website visits, such as URL, referrer, IP address, and device and browser characteristics.

Legal basis: Art. 6(1)(a) GDPR in conjunction with Section 25(1) TTDSG.
Data transfers to the U.S. are based on the Standard Contractual Clauses.
Further information: https://www.linkedin.com/legal/privacy-policy.

Social media links (without automatic data transfer)

We provide links to external social media profiles (GitHub, Instagram, LinkedIn, Xing). Data is only transmitted once you click the relevant link.

GitHub
GitHub Inc., 88 Colin P Kelly Jr Street San Francisco, CA 94107 United States
https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement

Instagram
Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA.
Privacy Policy: https://help.instagram.com/519522125107875

LinkedIn
LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085 USA.
Privacy Policy: https://www.linkedin.com/legal/privacy-policy

Xing
XING AG, New Work SE Dammtorstraße 30 20354 Hamburg
https://privacy.xing.com/de/datenschutzerklaerung

 6. Collection of General Data and Information

The website of QAware GmbH collects a range of general data and information each time the website is accessed by a data subject or an automated system. This general data and information is stored in the server log files. The following may be collected: (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-pages accessed on our website through an accessing system, (5) the date and time of access to the website, (6) an Internet Protocol address (IP address), (7) the internet service provider of the accessing system, and (8) other similar data and information used for security purposes in the event of attacks on our information technology systems.

This data is technically necessary in order to correctly deliver the content of our website, ensure the stability and security of the system, and prevent misuse. This data is not combined with other data sources.

Processing is carried out on the basis of Art. 6(1)(f) GDPR (legitimate interest in the secure and error-free provision of our website). Server log files are generally stored for a maximum of 60 days and are then anonymized or deleted, unless longer retention is required in the event of a security-related incident.

7. Rights of Data Subjects

Under applicable data protection law, you have the following rights with respect to your personal data:

  • Right of access (Art. 15 GDPR) – information as to whether and which personal data we process, including the purpose of processing, recipients, storage period, and, where applicable, the source of the data.
  • Right to rectification (Art. 16 GDPR) – correction of inaccurate data or completion of incomplete data.
  • Right to erasure (Art. 17 GDPR) – deletion of your data unless statutory retention obligations or other legal grounds prevent this.
  • Right to restriction of processing (Art. 18 GDPR).
  • Right to data portability (Art. 20 GDPR) – provision of your data in a common, machine-readable format.
  • Right to object (Art. 21 GDPR) – to certain processing activities, particularly for direct marketing purposes.
  • Right to withdraw consent previously given (Art. 7(3) GDPR) – with effect for the future.
  • Right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR), for example with the authority responsible for us:
    Bavarian State Office for Data Protection Supervision (BayLDA), Promenade 27, 91522 Ansbach, Germany.

To exercise your rights, please contact:
Email: datenschutz@qaware.de

No automated decision-making within the meaning of Art. 22 GDPR takes place in our company.

8. Use of HubSpot 

We use services provided by HubSpot Inc., 25 First Street, Cambridge, MA 02141 USA (hereinafter “HubSpot”) on our website for processing contact forms, email communications, and managing our customer relationships (CRM).

If you complete our contact form, the data you enter (e.g., name, email address, company affiliation, inquiry) will be transmitted to and stored on HubSpot servers. We use this data to process your request and to contact you subsequently. Depending on the form, automated email responses may follow. In addition, we store your data in our HubSpot CRM in order to manage communications and our business relationships efficiently.

Data processing is carried out on the basis of your consent pursuant to Art. 6(1)(a) GDPR. The use of HubSpot also serves our legitimate interest in effective customer management, communication, and the optimization of our online offering (Art. 6(1)(f) GDPR).

HubSpot is a U.S. company. Data transfers to the United States are based on the EU Standard Contractual Clauses and, where applicable, additional safeguards to ensure an adequate level of data protection. Further information can be found in HubSpot’s Privacy Policy.

9. Data Protection in Applications and the Application Process

The controller collects and processes applicants’ personal data for the purpose of handling the application process. Processing may also be carried out electronically. This is particularly the case where an applicant submits the relevant application documents electronically, for example by email or via a web form available on the website, to the controller. If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted 180 days after notification of the rejection decision, provided that no other legitimate interests of the controller prevent deletion. Another legitimate interest in this sense may, for example, be a duty to preserve evidence in proceedings under the German General Equal Treatment Act (AGG).

10. Integration of Personio (Careers Section)

For our careers section, we use the service of Personio SE & Co. KG, Seidlstraße 3, 80335 Munich (“Personio”), to publish job openings and manage online applications.

If you apply for a posted position or use the application form, your information (e.g., name, contact details, resume, cover letter, and other documents you upload) will be stored on Personio’s servers.

Processing takes place exclusively within Personio in accordance with the legal retention periods applicable there for applicant data.

The data is used solely for the purpose of conducting the application process.

The legal basis is Art. 6(1)(b) GDPR (steps prior to entering into a contract) and Section 26 BDSG (data processing in the employment context).

We have entered into a data processing agreement with Personio SE & Co. KG in accordance with Art. 28 GDPR to ensure that your data is processed in compliance with data protection laws.
Further information can be found in Personio’s Privacy Policy: https://www.personio.de/datenschutz/

11. Data Protection Regarding the Use of Google Analytics (with Anonymization Function)

We use Google Analytics on our website, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
Google Analytics uses cookies that enable an analysis of your use of our website. The information generated about your use of this website is generally transmitted to and stored on a Google server in the United States.

We use Google Analytics with IP anonymization activated. As a result, your IP address is truncated within Member States of the European Union or in other contracting states to the Agreement on the European Economic Area before transmission. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and truncated there.

The legal basis for the use of Google Analytics is your consent pursuant to Art. 6(1)(a) GDPR in conjunction with Section 25(1) TTDSG. You may withdraw your consent at any time via our cookie banner.

Data transfers to the United States are based on the Standard Contractual Clauses (SCCs) of the European Commission. Further information is available at: https://policies.google.com/privacy/frameworks.

Google uses the collected information on our behalf to evaluate your use of the website, compile reports on website activity, and provide other services related to website and internet usage.

Further information on Google’s use of data can be found at:
https://policies.google.com/privacy?hl=de
https://marketingplatform.google.com/about/ 

12. Data Protection Regarding the Use of YouTube

Videos provided by YouTube are embedded on our website. YouTube is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
(a company of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).

We embed YouTube videos in order to provide you with multimedia content directly on our website. When you access a page with an embedded YouTube video, a connection to YouTube’s servers is established. In the process, the YouTube server is informed which of our pages you have visited.

If you are logged into your YouTube account, YouTube may directly associate your browsing behavior with your personal profile. You can prevent this by logging out of your YouTube account beforehand.

The legal basis for embedding YouTube and the related data processing is Art. 6(1)(f) GDPR (legitimate interest in an appealing presentation of our online offerings). Where consent has been requested for the use of cookies or similar technologies (e.g., via a consent tool), processing takes place exclusively on the basis of Art. 6(1)(a) GDPR; consent may be withdrawn at any time.

Further information on the handling of user data can be found in YouTube’s Privacy Policy at: https://www.google.de/intl/de/policies/privacy.

13. Legal Basis for Processing

We process personal data only where a legal basis exists. This may include, in particular, your consent (Art. 6(1)(a) GDPR), the performance of a contract or steps taken prior to entering into a contract (Art. 6(1)(b) GDPR), a legal obligation (Art. 6(1)(c) GDPR), or our legitimate interest (Art. 6(1)(f) GDPR). We specify the relevant legal basis for the respective processing activity in this Privacy Policy.

14. Period for Which Personal Data Is Stored

We process and store personal data only for as long as necessary to fulfill the respective purposes or as required by law. Once the purpose no longer applies or a statutory retention period expires, the data is deleted or anonymized.

15. Obligation to Provide Data

The provision of personal data may be required by law (e.g., tax regulations) or may arise from contractual provisions (e.g., information concerning the contractual partner). In certain cases, the provision of data is necessary for entering into a contract. If the required data is not provided, a contract may not be concluded or performed. We will inform you in the context of the respective processing activity if such an obligation exists.

16. Automated Decision-Making

As a responsible company, we do not engage in automated decision-making or profiling within the meaning of Art. 22 GDPR.

17. Newsletter

The data you provide to us for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted after you unsubscribe. Data stored by us for other purposes remains unaffected. For our newsletter distribution and subsequent performance analysis, we use HubSpot.

If you subscribe to our newsletter, your email address will be collected via a HubSpot form and used to send our regular email newsletters. In doing so, we measure open rates, click behavior, and other metrics in order to continuously improve our content.

Registration takes place using a so-called double opt-in process. Your consent is logged and may be withdrawn at any time.

Legal basis: Art. 6(1)(a) GDPR (consent)

HubSpot also processes personal data in the United States. EU Standard Contractual Clauses are used to ensure an adequate level of data protection.

Further information: https://legal.hubspot.com/privacy-policy