Privacy Policy

1.2 Personal data

Personal data refers to information relating to the factual or personal circumstances of an identified or identifiable natural person. This includes, for example, your name, telephone number, date of birth or email address.

When you contact us by email or via our contact form, we will store the data you provide (your email address, and where applicable your name and telephone number) in order to answer your enquiries. We will delete the data collected in this context once storage is no longer necessary, or restrict its processing if statutory retention obligations apply.

If we use external service providers for specific functions of our website or wish to use your data for marketing purposes, we will provide detailed information below regarding the relevant processes. We will also specify the criteria for the retention period.

 

1.3 Legal basis for the processing of personal data

It is generally possible to use our website without providing any personal data.

Where personal data is processed within our website, this is done in accordance with the relevant legal provisions, in particular the General Data Protection Regulation (GDPR).

The specific legal bases for each individual processing operation are set out in the following sections of this privacy policy.

2.4 Use of Google Ads

DAkkS uses the online advertising programme Google Ads to draw users' attention to our services in a targeted manner. The provider is Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland.

When you click on an advertisement placed by Google, a cookie is set for conversion tracking. Google Ads allows us to recognise that a user has clicked on our advertisement and been redirected to our website. As the website operator, we can evaluate this data quantitatively, for example by analysing which advertisements are successful and how many advertisements have led to corresponding clicks.

The use of this service is based on your consent in accordance with Art. 6 (1) (a) GDPR in conjunction with Section 25 TTDSG, which you can give or refuse via our cookie banner. You can revoke your consent at any time.

When using Google Ads, the transfer of data to Google LLC, based in the USA, cannot be ruled out. Google is certified for data transfer to the USA under the EU-U.S. Data Privacy Framework (DPF). In addition, Google uses standard contractual clauses from the EU Commission to ensure an adequate level of data protection.

Further information on data protection at Google can be found here:

https://policies.google.com/privacy

Details on the EU-U.S. Data Privacy Framework can be found here:

https://www.dataprivacyframework.gov/participant/5780

2.5 Display of contact addresses (Google Maps)

DAkkS uses the Google Maps service of Google to display the contact addresses of the conformity assessment bodies. In this case, the metadata mentioned under 2. “Collection of personal data when visiting our website” are transmitted to Google in order to be able to call up the map data. This transmission only takes place when the plug-in is explicitly activated by clicking on “Display external content”. No data is transferred prior to this.

By using the plugin, Google receives the information that you have accessed the relevant sub-section of our website. This happens regardless of whether you have a Google account or no account. If you are logged in to Google, your data will be associated directly with your account. If you do not want your data associated with your Google profile, you must sign out before activating the button. Google will store your information in the form of a usage profile and use it for the purposes of advertising, market research and/or improving the usability of its website. In particular, such analysis is performed (also for users who are not logged in) in order to provide relevant advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.

The legal basis for the processing of this personal data is your express consent to the use of the service pursuant to Art. 6(1)(1)(a) of the GDPR.

You can find more information about the service provider's treatment of your personal data here:

Google Ireland Limited
Google Building Gordon House
4 Barrow St, Dublin
D04 E5W5, Ireland

www.policies.google.com/privacy

2.6 Translation of texts in the database of accredited bodies (Google Translate)

If necessary, the German texts in the database of accredited bodies can be automatically translated into English. The Google Translate service of Google is automatically used for this purpose. The metadata mentioned under 2. “Collection of personal data when visiting our website” will be transferred to Google.

By using the plugin, Google receives the information that you have accessed the relevant sub-section of our website. This happens regardless of whether you have a Google account or no account. If you are logged in to Google, your data will be associated directly with your account. If you do not want your data associated with your Google profile, you must sign out before activating the button. Google will store your information in the form of a usage profile and use it for the purposes of advertising, market research and/or improving the usability of its website. In particular, such analysis is performed (also for users who are not logged in) in order to provide relevant advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.

The legal basis for the processing of this personal data is your express consent to the use of the service pursuant to Art. 6(1)(1)(a) of the GDPR.

You can find more information about the service provider's treatment of your personal data here:

Google Ireland Limited
Google Building Gordon House
4 Barrow St, Dublin
D04 E5W5
Ireland

www.policies.google.com/privacy

3. Processing of personal data when using the accreditation portal (DAkkS-Port)

Through the DAkkS-Port online portal, DAkkS provides digital administrative services relating to applications for accreditation.

When using the DAkkS-Port website – i.e. if you do not register or otherwise provide us with information – we only collect the data listed under 2.1.

If you register for DAkkS-Port and log in, the following data is collected:

• IP address
• Date and time of the request
• Time zone difference from Greenwich Mean Time (GMT)
• Content of the request (specific page)
• Access status/HTTP status code
• Amount of data transferred in each instance
• Organisational data
• Contact details
• Roles within the organisation
• Content of drafts / applications
• Process metadata relating to drafts / applications (e.g. who submitted or edited them and when)
• Formal correspondence
• Document content
• Document metadata (e.g. who uploaded documents and when)

If you use the digital services of the DAkkS-Port, personal data from documents you have uploaded may also be processed where necessary for the processing of an accreditation application.

4. Processing of personal data when contacting us via contact form, by email or by telephone

When you enter your data for a request using the contact form or directly by e-mail, personal data is transferred to us. In the contact form, your e-mail address as well as the subject and content of your message must always be sent. In addition, the date of use of the contact form and the IP address are also stored temporarily to allow us to identify and prevent cases of misuse. You are not required to state your name but can do so on a voluntary basis.

If you contact us directly by e-mail, your contact information, the content of your e-mail and other personal data you have disclosed in your contact e-mail will be processed to allow us to deal with your request appropriately. After your request has been processed, your personal data will be deleted or, if it cannot be deleted due to statutory retention periods, processing will be restricted.

If you contact us by telephone, your telephone number will be processed using our telephone system. If you contact us at the central extension number (final digit 0), you will be passed on to the division you require by a selection menu. Only your telephone number is processed in this case. Other personal data will generally not be processed.

If the personal data processed for the purpose of contacting us is to be used again for another purpose; for example for the processing of an application for accreditation, you will be informed separately about the change of purpose.

The purpose of the use of this personal data is to provide you with the ability to contact DAkkS using the contact form on the website or by e-mail. This corresponds to the purpose of the legitimate interest set out above pursuant to point (f) of Article 6 (1) GDPR.

Please note that for security reasons, DAkkS uses so-called Cross-Site-Request-Forgery-Tokens (CSRF-Tokens) for individual contact requests. This is to prevent attacks on the DAkkS website. Apart from these tokens, no other personal data is processed. The processing serves the legitimate interest of preventing attacks on the website through malware. The legal basis is Art. 6 par. 1 lit. f) GDPR.

Other communication channels

In certain cases, personal data may also be sent to us via other communication channels, such as by fax or via a special electronic public authorities' mailbox (beBPo). The data is processed solely for the purpose of dealing with the relevant enquiry or within the context of the relevant procedure.

5. Processing of personal data in connection with the distribution of newsletters

With your consent, you can subscribe to our newsletter, in which we keep you up to date with our latest news.

For registration for our newsletter, we use the so-called double-opt-in procedure. This means that after you register, we will send you an e-mail to the e-mail address you provided asking you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we also store the IP addresses you used in each case and the time of registration and confirmation. The purpose of this procedure is to enable us to prove that you registered and to clarify any possible misuse of your personal data if necessary.

The only information required for sending the newsletter is your e-mail address. The provision of further, separately marked data is voluntary and is used to allow us to address you personally. After your confirmation, we will store your e-mail address for the purpose of sending you the newsletter. The legal basis for processing of your personal data for this purpose is your consent pursuant to point (a) of Article 6 (1) GDPR.

You can withdraw your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare your withdrawal by clicking the link provided in every newsletter e-mail, by sending an e-mail to datenschutz@dakks.de or by sending a message to the contact details given in the imprint.

For the sending and organisation of the newsletter, we use software from the provider mailingwork GmbH. A contract for processing on our behalf which ensures the implementation of data protection requirements has been concluded with this service provider in accordance with Article 28 GDPR.

For more information about how the service provider handles your personal data, please visit the following website:

mailingwork GmbH
Birkenweg 7
09569 Oederan

www.mailingwork.de/datenschutz/

Please note that we analyse your user behaviour when the newsletter is sent. For this analysis, the e-mails sent contain so-called web beacons or tracking pixels, which represent one-pixel image files stored on our website. For analysis purposes, we link the data as set out in this document and the web beacons with your e-mail address and an individual ID. Links received in the newsletter also contain this ID. With the data obtained in this manner, we create a user profile used to tailor the newsletter to your individual interests. We collect data on when you read our newsletters and the links in the newsletters you click in order to understand your personal interests.

You can object to this form of tracking at any time by clicking the separate link provided in each e-mail and disabling this option in your profile or by informing us using another contact channel. This information is stored for as long as you are subscribed to the newsletter. After you unsubscribe, we store the data in purely statistical and anonymous form. Tracking of this kind is also not possible if you have disabled the display of images by default in your e-mail program. In this case, the newsletter will not be displayed in full and you may not be able to use all features. If you display the images manually, tracking as set out above is enabled.

6. Data protection statement for social media

 

6.1 Technical information: Redirection via hyperlinks

No social media plug-ins are used on this website. The websites provides only links to the DAkkS social media channels. There is no provision for processing of personal data using plug-ins.

 

6.2 LinkedIn

DAkkS maintains a company profile on the LinkedIn platform operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”).

When you visit our LinkedIn page, personal data is processed by LinkedIn. This applies in particular to data collected in the course of using the platform, for example when you visit our page, interact with us or send us messages.

If you contact us via LinkedIn, we will process the data you provide in order to deal with your enquiry.

LinkedIn also collects information via cookies and similar technologies (e.g. web beacons, pixels, ad tags and device identifiers) that enable LinkedIn to recognise users and analyse user behaviour comprehensively. LinkedIn provides us with such information in anonymised form to analyse user behaviour on our online presence. This enables us to statistically evaluate the use of our LinkedIn page and thus to manage our activities in a targeted manner.

The operator of the social media platform can also use the data collected in this way to create user profiles. This enables them to display interest-based advertising to the user both within and outside the respective social media presence. If you are logged into your social media account when visiting our LinkedIn page, LinkedIn may also associate this visit with your account. Our processing of personal data collected via the platform is based on Article 6(1)(e) of the GDPR. If LinkedIn asks you for consent to the data processing described above, the legal basis for this processing is Article 6(1)(a) and Article 7 of the GDPR.

We operate our LinkedIn page in joint control with LinkedIn within the meaning of Article 26 of the GDPR. You can view the joint control agreement here:

https://legal.linkedin.com/pages-joint-controller-addendum

LinkedIn has assumed the majority of the data protection obligations, such as the fulfilment of data subjects’ rights under Article 12 et seq. of the GDPR, the obligation to maintain appropriate technical and organisational measures to protect the security of personal data, and the reporting and notification obligations in the event of a data breach. If you contact us regarding your data subject rights, we will forward your enquiry to LinkedIn immediately.

Further information on data processing by LinkedIn can be found in LinkedIn’s privacy policy:

https://www.linkedin.com/legal/privacy-policy

 

6.3 Mastodon

DAkkS uses the Mastodon instance of the Federal Commissioner for Data Protection and Freedom of Information (BfDI) for its Mastodon account. For the privacy policy, information and rules of conduct regarding the use of the Mastodon instance:

https://social.bund.de/privacy-policy

When you access the site, register, or use the service, an encrypted connection is established with the web server on which the instance is hosted. In order to display the content correctly on your device, the following data, amongst other things, is processed in accordance with the HTTP and TCP/IP protocols:

• IP address
• the operating system and version of your device
• the screen resolution of your device
• browser
• date and time of the request

This is necessary for loading, processing, displaying and controlling the site. After each visit to the site, some of the data is stored in log files and processed for server maintenance and security purposes. The IP address is deleted after 14 days at the latest.

The Mastodon instance of the BfDI collects the IP address from which you access the instance. All logged-in sessions are available for you to review and revoke in the settings.

The Mastodon instance of the BfDI uses cookies for its functionality. These are text files that allow users to be recognised. This enables registered users, for example, to navigate to different subpages of the instance without having to log in again each time. None of the cookies used serve to analyse and/or track the usage behaviour of data subjects. All cookies used are exclusively so-called session cookies, which are deleted at the latest when the browser is closed.

 

6.4 YouTube

To distribute its video content, DAkkS maintains an account on the video portal ‘YouTube’, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit our YouTube channel, Google processes your personal data and places cookies on your device. Further information on this can be found in Google’s Privacy Policy. At this address, Google also informs you that the company transfers its data to its parent company, Google Inc., based in the USA, to other Google companies and to external partners of Google, all of which may be located outside the European Union. Google is certified under the “EU-US Data Privacy Framework” (DPF).

If you are logged in to Google at the same time, the information stored there will be linked to your YouTube account. You can prevent this by logging out of your account before visiting our website. Further information can be found in Google’s privacy settings.

 

6.5 kununu

To provide a transparent picture of the company as an employer, DAkkS maintains an account on the “kununu” review platform operated by kununu GmbH, Arabellastraße 23, 81925 Munich.

When you visit our profile on kununu, data is automatically collected by kununu via tracking. Information about the cookies and technologies used, the processing of your personal data, the purposes for which this is done, the legal basis and retention periods can be found in kununu’s privacy policy.

7. DAkkS events – management using EventManager Online (EMO)

For the registration, invoicing and payment processing of events, DAkkS works with the solutions provided by EMO EventManager Online GmbH. The operator of the platform and the controller for the platform within the meaning of data protection law is EMO EventManager Online GmbH (Winterhuder Weg 29, 22085 Hamburg). EMO is event management software used for online registration, ticketing and payment processing for events.

If you want to take part in a DAkkS event, you must first register using the external link on the EMO platform and provide personal details such as your name, address and method of payment. This is required for event registration, invoicing and drawing up participant lists and participation certificates.

Under the data protection provisions in place at EMO, the participant data collected when you register for a DAkkS event will not be passed on to third parties without authorisation and is only made accessible to DAkkS. The personal data that is processed is processed for the purposes of contract performance and of steps required prior to entering into a contract pursuant to point (b) of Article 6(1) GDPR.

You can find more information about EventManager Online’s privacy policy at:

EMO EventManager Online GmbH
Winterhuder Weg 29
22085 Hamburg
Germany

www.eventmanager-online.com/pages/privacy

datenschutz@EventManager-Online.com

8. Processing of personal data in relation to the Corporate Design Portal

To use the Corporate Design Portal, you must create a user account. To do so, DAkkS requires the following information from you:

• Company
• First name and surname

The data is processed for the purpose of ensuring a consistent and professional image across all of DAkkS’s communication channels by implementing the corporate design guidelines. The legal basis for the processing of personal data is the Terms of Use of the Corporate Design Portal pursuant to Article 6(1)(b) of the GDPR.

We will delete your personal data when it is no longer necessary for the purpose for which it was processed. This is usually the case after the expiry of the limitation period, starting from the end of the year in which the contractual relationship is terminated, for example by deleting your user account.

9. Processing of personal data relating to accreditation procedures

 

9.1 Processing in the context of accreditation procedures

The data processed in the context of the implementation of accreditation procedures also includes personal data. This may include for example details or information about the employees or business partners of a conformity assessment body. The legal basis for the processing of this data in the context of the implementation of accreditation procedures is the performance of a task carried out in the public interest within the meaning of point (e) of Article 6 (1) GDPR in conjunction with Section 2 (2) of the Act on the Accreditation Body (AkkStelleG). Particular attention is paid here to the principle of data economy, which means that only personal data that is actually necessary for the implementation of accreditation procedures is processed. This data will not be processed for any other purpose.

 

9.2 Maintenance of the digital database of accredited bodies

Deutsche Akkreditierungsstelle GmbH (DAkkS) maintains an up-to-date list of accredited conformity assessment bodies. In some circumstances, personal data may be processed for this purpose. This may for example relate to the naming of contact persons in the database. The personal data published in the database is specified by the conformity assessment body as part of the application for accreditation and entered in the database by DAkkS. The legal basis for the inclusion of this personal data is the maintenance of the list in the context of the performance of a task carried out in the public interest within the meaning of point (e) of Article 6 (1) GDPR in conjunction with Section 2 (2) of the Act on the Accreditation Body (AkkStelleG).

10. Processing of personal data as part of a recruitment process

When you apply for one of our job advertisements, we process the personal data you provide during the application process. We process this data for the purpose of deciding whether to enter into an employment relationship, in accordance with Article 6(1)(b) of the GDPR. The categories of data processed in this context include, in particular:

• Name
• Address
• E-mail address
• Telephone number
• Curriculum vitae
• Relevant certificates and references
• Language skills
• Salary expectations
• Earliest start date

Please note that you transfer all additional data and data categories to us on a voluntary basis for the purpose of deciding on the establishment of an employment relationship.

Your personal data processed in the context of your application will be kept for up to six months after the decision on the establishment of the employment relationship. Your application data will then be deleted in compliance with data protection law or returned to you. Please note that relevant divisions may also be given access to your application data for the purpose of deciding on the employment relationship.

You also have the option of transferring your data from the LinkedIn social network into your application. When you use these plug-ins, your profile data is simply transferred to your application on the applicant portal. No data is disclosed to any third parties. You can find out how these providers handle your personal data on the following websites:

LinkedIn: www.linkedin.com/legal/privacy-policy

 

We use software from the provider Perbit Software GmbH for the implementation of our applicant management system. This service provider maintains a portal for the purposes of application processing (https://www.perbit-job.de/jobs/dakks). A contract for processing on our behalf has been concluded with this service provider in accordance with Article 28 GDPR. The contract ensures the fulfilment of data protection requirements on the part of the service provider. The data set out above will not be transferred to the service provider for any other purpose.

For more information about how the service provider processes personal data, please visit the following website:

perbit Software GmbH
Siemensstraße 31
48341 Altenberge
https://perbit.com/datenschutz/