Privacy Policy

Responsible body as defined by current data protection law, especially the EU General Data Protection Regulation (GDPR): The following privacy policy applies to the use of our online offer www.qrelation.com (hereinafter “website”).

We consider the protection of data privacy to be of great importance. The collection and processing of your personal data occurs in compliance with the applicable data protection regulations, in particular the EU General Data Protection Regulation (GDPR).

1    Controller

Controller in relation to the collection, processing and use of your personal data in the sense of Art. 4 No. 7 GDPR is

QRelation Management Team GmbH
Seevekamp 100
21266 Jesteburg, Germany

Management@QRelation.com
+49 (0)4183 7735138

CEO: Dipl. Ing. Stefan Karstens
CFO: Dipl. Ing. Stefan Heinsohn

Local court Tostedt HRB 203091

If you wish to object to the collection, processing or use of your data by us in accordance with these privacy provisions, either as a whole or for individual activities, you can address your objection to the person responsible.

You can save and print this data protection declaration at any time.

2    General purposes of processing

We use personal data for the purpose of operating the website. Our website contains links to other providers for whom this declaration is not valid.

3    What data we use and why we use it

3.1    Hosting

The hosting services we use serve the provision of the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services, which we use for the purpose of operating the website.

In doing so, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta data and communication data of customers, interested parties and visitors to this website on the basis of our legitimate interests in the efficient and secure provision of our website in accordance with Art. 6 Para. 1 S. 1 f) GDPR in connection with Art. 28 GDPR.

3.2    Access data

We collect information about you when you use this website. We automatically collect information about your usage patterns and your interaction with us and register information about your computer or mobile device. We collect, store and use data about each access to our website (so-called server log files). This includes the following access data:

• Name and URL of the retrieved file
• Date and time of retrieval
• Transferred data volume
• Message about successful retrieval (HTTP response code)
• Browser type and browser version
• Operating system
• Referrer URL (i.e. the previously visited page)
• Websites accessed by the user’s system through our website
• Internet service provider of the user
• IP address and the requesting provider

We use this log data without allocation to your person or other profiling for statistical evaluations for the purpose of the operation, security and optimisation of our website, but also for anonymous recording of the number of visitors to our website (traffic) and for the scope and type of use of our website and services, as well as for billing purposes to measure the number of clicks received from cooperation partners. This information enables us to provide personalized and location-based content and analyse traffic, troubleshoot and correct errors, and improve our services.

This is also our legitimate interest pursuant to Art. 6 Para. 1 S. 1 f) GDPR.

We reserve the right to subsequently check the log data if there is a justified suspicion of illegal use on the basis of concrete indications. We also store IP addresses if we have a concrete suspicion of a criminal offence in connection with the use of our website.

3.3    Cookies

Consent with Usercentrics

This website uses the consent technology of Usercentrics to obtain your consent to the storage of certain cookies on your device or for the use of specific technologies, and to document the former in a data protection compliant manner. The party offering this technology is Usercentrics GmbH, Sendlinger Straße 7, 80331 München, Germany, website: https://usercentrics.com/ (hereinafter referred to as “Usercentrics”).

Whenever you visit our website, the following personal data will be transferred to Usercentrics:

• Your declaration(s) of consent or your revocation of your declaration(s) of consent
• Your IP address
• Information about your browser
• Information about your device
• The date and time you visited our website

Moreover, Usercentrics shall store a cookie in your browser to be able to allocate your declaration(s) of consent or any revocations of the former. The data that are recorded in this manner shall be stored until you ask us to eradicate them, delete the Usercentrics cookie or until the purpose for archiving the data no longer exists. This shall be without prejudice to any mandatory legal retention periods.

Usercentrics uses cookies to obtain the declarations of consent mandated by law. The legal basis for the use of specific technologies is Art. 6(1)(c) GDPR.

Data processing

We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

3.4    Data to fulfil our contractual obligations

We process personal data that we need to fulfil our contractual obligations, such as name, address, e-mail address, products ordered, invoice and payment data. The collection of this data is necessary for the conclusion of the contract.

The data will be deleted after the warranty periods and statutory retention periods have expired. Data linked to a user account (see below) will in any case be retained for the duration of the account’s management.

The legal basis for the processing of this data is Art. 6 Para. 1 S. 1 b) GDPR, as this data is required so that we can fulfil our contractual obligations towards you.

The legal basis for processing this data is your consent pursuant to Art. 6 Para. 1 S. 1 a) GDPR.

3.5    Establishing contact

When you contact us (e.g. by e-mail), we process your information to process the enquiry and in the event that follow-up questions arise.

If the data processing is carried out to implement pre-contractual measures that take place at your request, or, if you are already our customer, to conclude the contract, the legal basis for this data processing is Art. 6 Para. 1 S. 1 b) GDPR.

We only process further personal data if you consent to this (Art. 6 Para. 1 S. 1 a) GDPR) or if we have a legitimate interest in processing your data (Art. 6 Para. 1 S. 1 f) GDPR). A legitimate interest lies, for example, in replying to your e-mail.

4    Social media appearances

Data processing through social networks

We maintain publicly available profiles in social networks. The individual social networks we use can be found below.

Social networks such as Facebook, Twitter etc. can generally analyze your user behavior comprehensively if you visit their website or a website with integrated social media content (e.g., like buttons or banner ads). When you visit our social media pages, numerous data protection-relevant processing operations are triggered. In detail:

If you are logged in to your social media account and visit our social media page, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, your personal data may also be recorded if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies stored on your device or by recording your IP address.

Using the data collected in this way, the operators of the social media portals can create user profiles in which their preferences and interests are stored. This way you can see interest-based advertising inside and outside of your social media presence. If you have an account with the social network, interest-based advertising can be displayed on any device you are logged in to or have logged in to.

Please also note that we cannot retrace all processing operations on the social media portals. Depending on the provider, additional processing operations may therefore be carried out by the operators of the social media portals. Details can be found in the terms of use and privacy policy of the respective social media portals.

Legal basis

Our social media appearances should ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. The analysis processes initiated by the social networks may be based on divergent legal bases to be specified by the operators of the social networks (e.g., consent within the meaning of Art. 6 (1) (a) GDPR).

Responsibility and assertion of rights

If you visit one of our social media sites (e.g., Facebook), we, together with the operator of the social media platform, are responsible for the data processing operations triggered during this visit. You can in principle protect your rights (information, correction, deletion, limitation of processing, data portability and complaint) vis-à-vis us as well as vis-à-vis the operator of the respective social media portal (e.g., Facebook).

Please note that despite the shared responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are determined by the company policy of the respective provider.

Storage time

The data collected directly from us via the social media presence will be deleted from our systems as soon as you ask us to delete it, you revoke your consent to the storage or the purpose for the data storage lapses. Stored cookies remain on your device until you delete them. Mandatory statutory provisions – in particular, retention periods – remain unaffected.

We have no control over the storage duration of your data that are stored by the social network operators for their own purposes. For details, please contact the social network operators directly (e.g., in their privacy policy, see below).

Individual social networks

4.1    Facebook

We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter Meta). According to Meta’s statement the collected data will also be transferred to the USA and to other third-party countries.

You can customize your advertising settings independently in your user account. Click on the following link and log in: https://www.facebook.com/settings?tab=ads.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

Details can be found in the Facebook privacy policy: https://www.facebook.com/about/privacy/.

4.2    Instagram

We have a profile on Instagram. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381.

For details on how they handle your personal information, see the Instagram Privacy Policy: https://help.instagram.com/519522125107875.

4.3    XING

We have a profile on XING. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. Details on their handling of your personal data can be found in the XING Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung.

4.4    LinkedIn

We have a LinkedIn profile. The provider is the LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.

If you want to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa und https://www.linkedin.com/legal/l/eu-sccs.

For details on how they handle your personal information, please refer to LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy.

5    Information on Plug-ins and Tools used

In order to operate this website, we integrate external services to make our website more user-friendly, effective and secure. This is our legitimate interest pursuant to Art. 6 Para. 1 S. 1 f) GDPR.

5.1   Google Maps

We use Google Maps on the basis of Art. 6 Para. 1 S. 1 f) GDPR. It is our legitimate interest to improve the services offered on our website and to provide you with better customer service.

As soon as this service is accessed on our site, a connection to Google is established, via which Google transmits your IP address. If you have previously logged in to Google, search information may be associated with your user account. To prevent this, please log out of Google beforehand.

5.2   Google Web Fonts (local embedding)

This website uses so-called Web Fonts provided by Google to ensure the uniform use of fonts on this site. These Google fonts are locally installed so that a connection to Google’s servers will not be established in conjunction with this application.

For more information on Google Web Fonts, please follow this link: https://developers.google.com/fonts/faq and consult Google’s Data Privacy Declaration under: https://policies.google.com/privacy?hl=en.

5.3   Polylang

We use the Polylang plugin to make our website multilingual. Polylang is a product of WP SYNTEX, 28, rue Jean Sebastien Bach, 38090 Villefontaine, France.
Cookies from Polylang are only set to recognise and keep track of the language used or chosen by the user. These cookies are stored for one year and are then deleted.
For more information on data privacy compliance, please visit https://polylang.pro/doc/is-polylang-compatible-with-the-eu-cookie-law

5.4    AWStats

For the statistical evaluation of our website we use the free web analysis software AWstats. The tool is used to evaluate log files that web servers create on the basis of visitor requests. The program does not use any cookie files for the evaluation. The statistical analysis takes place via the log files, which also contain IP addresses. Unlike other statistical programs, AWstats does not transmit any data to an external server. The program is installed on our hosting package with server in Germany. This also avoids the transfer of data abroad. The program is used by us exclusively to improve our website.

5.5    Pop-up banner

Our website uses a pop-up banner to alert users to special information. The banner uses the cookie “ddp_pop_up_cookie”, which is a technically necessary session cookie used to store user preferences regarding the display of pop-up banners on the website. This helps to provide a better user experience, as the pop-ups are not displayed repeatedly once the user has closed them.

The cookie expires at the end of the session, i.e. it is deleted when the user closes his/her browser. The cookie does not transmit any data to third parties. It only stores the user’s decision regarding the display of pop-up banners for the current session.

6    Online-based audio and video conferences (conference tools)

Data processing

We use online conference tools, among other things, for communication with our customers. The tools we use are listed in detail below. If you communicate with us by video or audio conference using the Internet, your personal data will be collected and processed by the provider of the respective conference tool and by us. The conferencing tools collect all information that you provide/access to use the tools (email address and/or your phone number). Furthermore, the conference tools process the duration of the conference, start and end (time) of participation in the conference, number of participants and other “context information” related to the communication process (metadata).

Furthermore, the provider of the tool processes all the technical data required for the processing of the online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker and the type of connection.

Should content be exchanged, uploaded, or otherwise made available within the tool, it is also stored on the servers of the tool provider. Such content includes, but is not limited to, cloud recordings, chat/ instant messages, voicemail uploaded photos and videos, files, whiteboards, and other information shared while using the service.

Please note that we do not have complete influence on the data processing procedures of the tools used. Our possibilities are largely determined by the corporate policy of the respective provider. Further information on data processing by the conference tools can be found in the data protection declarations of the tools used, and which we have listed below this text.

Purpose and legal bases

The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6(1)(b) GDPR). Furthermore, the use of the tools serves to generally simplify and accelerate communication with us or our company (legitimate interest in the meaning of Art. 6(1)(f) GDPR). Insofar as consent has been requested, the tools in question will be used on the basis of this consent; the consent may be revoked at any time with effect from that date.

Duration of storage

Data collected directly by us via the video and conference tools will be deleted from our systems immediately after you request us to delete it, revoke your consent to storage, or the reason for storing the data no longer applies. Stored cookies remain on your end device until you delete them. Mandatory legal retention periods remain unaffected.

We have no influence on the duration of storage of your data that is stored by the operators of the conference tools for their own purposes. For details, please directly contact the operators of the conference tools.

Conference tools used

We employ the following conference tools:

6.1    Webex

We use Webex. The provider of this service is the Webex Communications Deutschland GmbH, Hansaallee 249 c/o Cisco Systems GmbH, 40549 Düsseldorf, Germany.

It cannot be ruled out that data processed via Webex will be transferred to third-party countries (e.g. USA). Webex has Binding Corporate Rules (BCR) which have been approved by the Dutch, Polish, Spanish, and other relevant European Data Protection Authorities. These are binding corporate rules that legitimize the transfer of data within the company to third countries outside the EU and EEA: https://www.cisco.com/c/de_de/about/trust-center/data-protection-and-privacy-policy.html and https://konferenzen.telekom.de/fileadmin/Redaktion/conference/cisco-webex/Webex_Compliance_Deutsch_V1.0.pdf.

For details on data processing, please refer to Webex’s privacy policy: https://www.cisco.com/c/de_de/about/legal/privacy-full.html.

Data processing

We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

6.2    MS Teams

We use MS Teams. The provider of this service is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

Microsoft generally bases transfers of EU data to the USA from August 12, 2020 on standard data protection clauses of the EU Commission. For details on data processing, please refer to Microsoft’s privacy policy: https://privacy.microsoft.com/de-de/privacystatement

7    Storage period

Unless specifically stated, we will only store personal data for as long as is necessary to fulfil the purposes for which it was collected.

In some cases, the law provides for the retention of personal data, for example in tax or commercial law. In these cases, the data is only stored by us for these legal purposes, but is not processed elsewhere and is deleted after the legal retention period has expired.

8    Your rights as a data subject

Under the applicable laws, you have various rights with respect to your personal information. If you wish to exercise these rights, please send your request by e-mail or by post, clearly identifying yourself, to the address given in paragraph 1.

Below you will find an overview of your rights.

8.1    Right to confirmation and information

You have the right to transparent information about the processing of your personal data.

In detail:

You have the right at any time to receive confirmation from us as to whether or not your personal data is being processed. If this is the case, you have the right to request from us free information about the personal data stored about you together with a copy of this data. Furthermore, you have the right to the following information:

1. The processing purposes.
2. The categories of personal data processed.
3. The recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations.
4. If possible, the envisaged duration for which the personal data will be stored or, if that is not possible, the criteria for determining that duration.
5. The existence of a right to have personal data concerning you rectified or erased or to have the processing limited by the controller or to object to such processing.
6. The existence of a right of appeal to a supervisory authority.
7. If the personal data is not collected from you, all available information about the origin of the data.
8. The existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) GDPR and, at least in these cases, meaningful information on the logic involved and the scope and intended effects of such processing for you.

If personal data are transferred to a third country or to an international organisation, you have the right to be informed of the appropriate safeguards pursuant to Art. 46 GDPR provided in connection with the transfer.

8.2    Right to rectification

You have the right to demand that we correct and, if necessary, complete any personal data concerning you.

In detail:

You have the right to demand from us immediately the correction of incorrect personal data concerning you. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data – also by means of a supplementary declaration.

8.3    Right to erasure (“right to be forgotten”)

In a number of cases, we may be required to delete personal information about you.

In detail:

Pursuant to Art. 17 (1) GDPR, you have the right to demand that we delete personal data concerning you immediately; and we are obliged to delete such personal data immediately if one of the following reasons applies:

1. The personal data is no longer required for the purposes for which it was collected or otherwise processed.
2. You revoke your consent on which the processing was based pursuant to Art. 6 para. 1 sentence 1 a) GDPR or Art. 9 para. 2 a) GDPR, and there is no other legal basis for the processing.
3. You object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate reasons for the processing or you object to the processing pursuant to Art. 21 para. 2 GDPR.
4. The personal data has been processed unlawfully.
5. The deletion of the personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which we are subject.
6. The personal data were collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.

If we have made the personal data public and we are obliged to delete them in accordance with Art. 17 para. 1 GDPR, taking into account the available technology and implementation costs, we shall take appropriate measures, including technical measures, to notify those responsible for data processing who process the personal data that you have requested them to delete all links to this personal data or copies or replications of this personal data.

8.4    Right to restriction of processing

In a number of cases, you have the right to ask us to restrict the processing of your personal data.

In detail:

You have the right to demand that we restrict the processing of your personal data if one of the following conditions is met:

1. The accuracy of the personal data is disputed by you; then for a period of time that allows us to verify the accuracy of the personal data.
2. The processing is unlawful and you refused to delete the personal data and instead requested that the use of the personal data be restricted.
3. We no longer need the personal data for the purposes of processing, but you need the data to assert, exercise or defend legal claims.
4. You have lodged an objection against the processing pursuant to Art. 21 para. 1 GDPR, insofar as it has not yet been established whether the legitimate reasons of our company outweigh yours.

8.5    Right to to data portability

You have the right to receive, transmit or have us transmit machine-readable personal data concerning you.

In detail:

You have the right to receive the personal data that you have provided to us concerning you in a structured, common and machine-readable format and also have the right to transfer this data to another controller without hindrance, provided that

1. the processing is based on consent pursuant to Art. 6 para. 1 sentence 1 a) GDPR or Art. 9 para. 2 a) GDPR or on a contract pursuant to Art. 6 para. 1 sentence 1 b) GDPR and
2. the processing is carried out using automated procedures.

When exercising your right to data portability in accordance with paragraph 1, you have the right to have the personal data transferred directly by us to another controller, insofar as this is technically feasible.

8.6    Right of objection

You have the right to object to a lawful processing of your personal data by us if this is justified by your particular situation and our interests in the processing do not outweigh yours.

In detail:

You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you on the basis of Art. 6 Para. 1 S. 1 e) or f) GDPR; this also applies to profiling based on these provisions. We no longer process personal data unless we can prove compelling reasons for the processing worthy of protection which outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.

If personal data is processed by us for the purpose of direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling, insofar as it is connected with such direct advertising.

You have the right to object to the processing of your personal data for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 GDPR for reasons arising from your particular situation, unless such processing is necessary for the performance of a task in the public interest.

8.7    Automated decisions including profiling

You have the right not to be subject to any decision based solely on automated processing, including profiling, that has any legal effect on you or similarly significantly affects you.

No automated decision-making based on the personal data collected is carried out.

8.8    Right to revoke consent under data protection law

You have the right to revoke your consent to the processing of personal data at any time.

8.9    Right to complain to a supervisory authority

You have the right to complain to a supervisory authority, in particular in the Member State where you are staying, at your place of work or at the place where the alleged infringement occurred, if you consider that the processing of your personal data is unlawful.

9    Data security

We make every effort to ensure the security of your data within the framework of the applicable data protection laws and technical possibilities.

Your personal data will be transmitted encrypted. This applies to all offered forms. We use the SSL (Secure Socket Layer) coding system, but point out that data transmission over the Internet (e.g. when communicating by e-mail) can have security gaps. A complete protection of the data against access by third parties is not possible.

To secure your data, we maintain technical and organisational security measures in accordance with Art. 32 GDPR, which we continually adapt to the state of the art.

Furthermore, we do not guarantee that our services will be available at certain times; disruptions, interruptions or failures cannot be ruled out. The servers we use are regularly and carefully backed up.

10    Transfer of data to third parties; no data transfer to non-EU countries

In principle, we use your personal data only within our company.

If and to the extent that we involve third parties in the performance of contracts (such as logistics service providers), these personal data will only be provided to the extent that the transmission is necessary for the corresponding service.

In the event that we outsource certain parts of the data processing (“order processing”), we contractually oblige order processors to use personal data only in accordance with the requirements of the data protection laws and to guarantee the protection of the rights of the person concerned.

Data will not be transferred to entities or persons outside the EU except in the cases referred to in paragraphs 5 and 6 of this statement.

11    Data Protection Officer

If you have any questions or concerns about data protection, please contact our data protection officer:

Sven Weschler
Iqanta GmbH
Boschstraße 23a
22761 Hamburg, Germany
kontakt@iqanta.com
+49 (0)40 357 014 60

12    Changes to this Privacy Policy

If new services or providers are used to operate this website, we reserve the right to adapt this data protection declaration in order to meet the legal requirements. This amended privacy policy will then apply to your next visit to this website.