Q Q Q Q Q Q Q Q Q Q Q Q Q Q Q

Your data.
Your rights.

We are very delighted that you have shown interest in our company. Data protection is of a particularly high priority for the management of the QAware GmbH. It is generally possible to use the QAware GmbH website without providing any personal data. However, if a data subject wishes to make use of special services of our company via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.

The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to the QAware GmbH. By means of this data protection declaration, our company would like to inform the public about the type, scope and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed of their rights by means of this privacy policy.

As the controller, the QAware GmbH has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, Internet-based data transmissions can generally have security gaps, so absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.

Definitions

We use the following terms in this privacy policy:

a) personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) Data subject
Data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.

c) Processing

Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of restricting its future processing.

e) Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

f) Pseudonymization
Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

g) Controller or controller responsible for the processing
The controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

h) Processor
A processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

i) Recipient
Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

j) Third party
A third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

k) Consent
Consent is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2. Name and Address of the Controller Responsible For Processing

The controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is

QAware GmbH
Aschauer Str. 30
81549 Munich
Germany

Phone: +49 89 232315-0
E-Mail: info@qaware.de
Website: www.qaware.de

3. Name and Address of the Data Protection Officer

The data protection officer of the controller is

Prof. Dr. Reiner Hüttl
IT Consultant
Palnkamer Str. 44
83624 Otterfing
Otterfing, Germany

Phone: +49 89 232315-0
E-Mail: reiner.huettl@qaware.de
Website: www.th-rosenheim.de

Any data subject can contact our data protection officer directly at any time with any questions or suggestions regarding data protection.

4. Hosting

Our website is hosted by an external service provider:

HubSpot Inc,
25 First Street,
Cambridge,
MA 02141 USA
https://www.hubspot.com

The personal data collected from you when you use our website is processed on HubSpot's servers. This includes, in particular, IP addresses, meta and communication data, website access, server log files and other data transmitted via a contact or application form.

The hosting provider is used for the purpose of the secure and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR).

A data processing agreement (DPA) has been concluded with HubSpot in accordance with Art. 28 GDPR. This ensures that HubSpot only processes the personal data in accordance with our instructions and within the framework of the GDPR.

HubSpot is a US-American company. The transfer of data to the USA is based on the EU standard contractual clauses and, if necessary, further guarantees to ensure an adequate level of data protection.

Further information can be found in HubSpot's privacy policy at: https://legal.hubspot.com/privacy-policy

5. Cookies

Our website uses cookies and similar technologies (e.g. pixels, scripts) to ensure the functionality and security of the website and - with the appropriate consent - for analysis, marketing and convenience purposes.

Cookies are small text files that are stored on your end device when you visit a website. They contain information that enables the website to remember you and provide certain functions.

A distinction is made between:

  • Technically necessary cookies - required for the operation of the website, do not require consent.
  • Non-essential cookies - e.g. for statistics, marketing or social media integration, are only set with your express consent.

The processing of personal data by cookies takes place on the basis of:

  • Art. 6 para. 1 lit. c GDPR in conjunction with § 25 para. 2 no. 2 TTDSG for technically necessary cookies.
  • Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TTDSG for non-essential cookies - only after consent, revocable at any time.

Consent Management with Cookiebot

We use the consent management tool Cookiebot from Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark, to obtain and manage your consent to the storage of cookies and the use of certain technologies and to document them in accordance with data protection regulations.

When you visit our website, a connection is established to the Usercentrics servers in order to request and store your consent. The following data is processed:

  • Your IP address (in anonymized form),
  • Date and time of consent,
  • Browser information,
  • URL from which the consent was sent,
  • an anonymous, random key (consent ID),
  • your consent status.

Cookiebot sets a cookie ("CookieConsent") that stores your consent preferences. This cookie is technically necessary to document your consent and to take it into account when you visit the site again.

The consent data is stored in order to comply with our legal obligation to document consent in accordance with Art. 7 para. 1 GDPR.

The legal basis for the processing is Art. 6 para. 1 lit. c GDPR (fulfillment of a legal obligation) in conjunction with § 25 para. 2 no. 2 TDDDG.

Usercentrics is the recipient of your personal data and acts for us as a processor in accordance with Art. 28 GDPR. The processing takes place in the European Union. Further information on data processing by Cookiebot can be found at:

https://www.cookiebot.com/de/privacy-policy/

Tracking, analysis and marketing services used

a) Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies to analyze the use of the website. The IP address is anonymized.

Legal basis: Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TTDSG.
Data transfer to the USA on the basis of the standard contractual clauses of the EU Commission.
Further information: https://policies.google.com/privacy.

b) HubSpot

We use HubSpot from HubSpot, Inc, 25 First Street, Cambridge, MA 02141, USA, to analyze website usage and to optimize our marketing measures.

Legal basis: Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TTDSG.
Data transfer to the USA on the basis of the standard contractual clauses.
Further information: https://legal.hubspot.com/privacy-policy.

c) LinkedIn Insight Tag & Cookies

Our website uses functions of LinkedIn, provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
The LinkedIn Insight Tag collects information about the visit to the website, such as URL, referrer, IP address, device and browser characteristics.

Legal basis: Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TTDSG.
Data transfer to the USA on the basis of the standard contractual clauses.
Further information: https://www.linkedin.com/legal/privacy-policy.

Social media links (without automatic data transfer)

We link to external social media profiles (GitHub, Instagram, LinkedIn, Xing). Data is only transferred when you click on the link.

GitHub
GitHub Inc, 88 Colin P Kelly Jr Street San Francisco, CA 94107 United States
https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement

Instagram
Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA.
Privacy policy: https://help.instagram.com/519522125107875

LinkedIn
LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085 USA.
Privacy policy: https://www.linkedin.com/legal/privacy-policy

Xing
XING AG, New Work SE Dammtorstraße 30 20354 Hamburg, Germany
https://privacy.xing.com/de/datenschutzerklaerung

6. Collection of General Data and Information 

The website of QAware GmbH collects a series of general data and information each time the website is accessed by a data subject or an automated system. This general data and information is stored in the server log files. The (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub-websites which are accessed via an accessing system on our website can be recorded, (5) the date and time of access to the website, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system and (8) other similar data and information used for security purposes in the event of attacks on our information technology systems.

The data is technically necessary in order to deliver the content of our website correctly, to ensure the stability and security of the system and to prevent misuse. This data is not merged with other data sources.

Processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR (legitimate interest in the secure and error-free provision of our website). Server log files are generally stored for a maximum of 60 days and then anonymized or deleted, unless longer storage is required in the event of a security incident.

7. Rights of the Data Subject

You have the following rights with regard to your personal data within the framework of the applicable data protection laws:

  • Right of access (Art. 15 GDPR) - information about whether and which personal data we process, including the purpose of processing, recipients, storage period and, if applicable, the origin of the data.
  • Right to rectification (Art. 16 GDPR) - rectification of inaccurate or completion of incomplete data.
  • Right to erasure (Art. 17 GDPR) - erasure of your data, provided there are no statutory retention obligations or other legal grounds to the contrary.
  • Right to restriction of processing (Art. 18 GDPR).
  • Right to data portability (Art. 20 GDPR) - provision of your data in a commonly used, machine-readable format.
  • Right to object (Art. 21 GDPR) - to certain processing, in particular for direct marketing.
  • Right to withdraw consent (Art. 7 para. 3 GDPR) - with effect for the future.
  • Right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR), e.g. with the authority responsible for us
    Bavarian State Office for Data Protection Supervision (BayLDA), Promenade 27, 91522 Ansbach, Germany.

To exercise your rights, please contact:
E-mail: datenschutz@qaware.de

Automated decisions within the meaning of Art. 22 GDPR do not take place in our company.

8. Use of HubSpot

On our website, we use the services of HubSpot Inc, 25 First Street, Cambridge, MA 02141 USA (hereinafter "HubSpot") to process contact forms, application forms, e-mail communication and to manage our customer relationships (CRM).

When you fill out our contact form, the data you enter (e.g. name, e-mail address, company affiliation, request) is transferred to HubSpot's servers and stored there. We use this data to process your request and to subsequently contact you. Depending on the form, automated e-mail responses may follow. In addition, we feed your data into our HubSpot CRM in order to efficiently organize the communication and management of our business relationships.

Data processing is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR. The use of HubSpot serves our legitimate interest in effective customer management, communication and optimization of our online offer (Art. 6 para. 1 lit. f GDPR).

HubSpot is a US-American company. The transfer of data to the USA takes place on the basis of the EU standard contractual clauses and, if necessary, further guarantees to ensure an adequate level of data protection. Further information on this can be found in HubSpot's privacy policy.

9. Data Protection for Job Application and in the Application Process

The controller collects and processes the personal data of applicants for the purpose of handling the application process. Processing may also be carried out electronically. This is particularly the case if an applicant submits corresponding application documents to the controller by electronic means, for example by e-mail or via a web form on the website. If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted two months after notification of the rejection, provided that no other legitimate interests of the controller stand in the way of deletion. Other legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).

10. Integration of Personio (Career Area)

For our career section, we use the service of Personio SE & Co KG, Seidlstraße 3, 80335 Munich ("Personio") to publish job offers and manage online applications.

If you apply for an advertised position or use the application form, your details (e.g. name, contact details, CV, cover letter and other documents uploaded by you) will be stored on HubSpot's servers (for details on HubSpot, see point 4 Hosting and point 8 Use of HubSpot)

Your personal data will only be temporarily stored in HubSpot for transmission. All applicant data is automatically deleted in HubSpot once a week. Further storage and processing takes place exclusively in Personio in accordance with the statutory retention periods for applicant data applicable there.

The data is used exclusively for the purpose of carrying out the application process.

The legal basis is Art. 6 para. 1 lit. b GDPR (contract initiation) and § 26 BDSG (data processing in the employment context).

We have concluded an order processing contract with Personio SE & Co KG in accordance with Art. 28 GDPR, which ensures that your data is processed in compliance with data protection regulations.
Further information can be found in Personio's privacy policy.
https://www.personio.de/datenschutz/


10. Data Protection Regarding the Deployment and use of Google Analytics (with Anonymization Function)

We use Google Analytics on our website, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
Google Analytics sets cookies that enable your use of our website to be analyzed. The information generated about your use of this website is usually transferred to a Google server in the USA and stored there.

We use Google Analytics with activated IP anonymization. This means that your IP address is truncated within the member states of the European Union or in other signatory states to the Agreement on the European Economic Area prior to transmission. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

The legal basis for the use of Google Analytics is your consent in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TTDSG. You can revoke your consent at any time via our cookie banner.

Data is transferred to the USA on the basis of the EU Commission's Standard Contractual Clauses (SCC). Further information can be found at: https://policies.google.com/privacy/frameworks.

Google uses the information collected on our behalf to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage.

You can find further information on the use of data by Google at
https://policies.google.com/privacy?hl=de
https://marketingplatform.google.com/about/

11. Data Protection for the Use and Application of Youtube

Our website includes videos from the provider YouTube, which is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
(a company of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).

We embed YouTube videos to provide you with multimedia content directly on our website. When you access a page with an embedded YouTube video, a connection to the YouTube servers is established. The YouTube server is informed which of our pages you have visited.

If you are logged into your YouTube account, YouTube can assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account beforehand.

The legal basis for the integration of YouTube and the associated data processing is Art. 6 para. 1 lit. f GDPR (legitimate interest in an appealing presentation of our online offers). If consent to the use of cookies or comparable technologies has been requested (e.g. via a consent tool), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; consent can be revoked at any time.

Further information on the handling of user data can be found in YouTube's privacy policy at: https://www.google.de/intl/de/policies/privacy.

12. Legal Basis of the Processing

We only process personal data if there is a legal basis for doing so. In particular, this may be your consent (Art. 6 para. 1 lit. a GDPR), the fulfillment of a contract or pre-contractual measures (Art. 6 para. 1 lit. b GDPR), a legal obligation (Art. 6 para. 1 lit. c GDPR) or our legitimate interest (Art. 6 para. 1 lit. f GDPR). We will inform you of the relevant legal basis for the respective processing in this privacy policy.

13. Duration for which the Personal Data is Stored

We only process and store personal data for as long as is necessary to fulfill the respective purposes or as long as we are legally obliged to store it. If the purpose no longer applies or if a statutory retention period expires, the data will be deleted or anonymized.

14. Obligation to Provide Data

The provision of personal data may be required by law (e.g. tax regulations) or result from contractual provisions (e.g. details of the contractual partner). In certain cases, the provision of data is necessary for the conclusion of a contract. If the necessary data is not provided, it may not be possible to conclude or fulfill a contract. We will inform you within the scope of the respective processing if such an obligation exists.

15. Automated Decision-Making

As a responsible company, we do not use automated decision-making or profiling in accordance with Art. 22 GDPR.

16. Newsletter

The data stored by us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and deleted after you unsubscribe from the newsletter. Data stored by us for other purposes remains unaffected by this. We use HubSpot to send our newsletter and for the subsequent performance analysis.

When you register for our newsletter, your email address is collected via a HubSpot form and used to send our regular email newsletters. We measure opening rates, click behavior and other metrics in order to continuously improve our content.

Registration takes place via a so-called double opt-in procedure. Your consent is logged and can be revoked at any time.

Legal basis: Art. 6 para. 1 lit. a GDPR (consent)

HubSpot also processes personal data in the USA. EU standard contractual clauses are used to ensure an appropriate level of data protection.

Further information: https://legal.hubspot.com/privacy-policy