Privacy Policy
The protection of personal data is an important concern of the German Accreditation Body (DAkkS). For the processing of this data, the DAkkS has taken technical and organisational measures to ensure that the regulations on data protection are observed and complied with both by the DAkkS and by external service providers.
Below you will find an overview of which data is collected and processed and for what purpose. We consider it very important for you to be able to use the DAkkS website without disclosing your identity.
Responsible according to Art. 4 (7) EU General Data Protection Regulation (GDPR):
Deutsche Akkreditierungsstelle GmbH
Spittelmarkt 10
10117 Berlin
Phone: 030 670591-0 | kontakt@dakks.de
Contact the Representative for Data Protection
or our postal address with the addition of "Representative for Data Protection".
Your rights
At DAkkS, you have the following rights with respect to your personal data:
- Right to information
- Right to rectification or erasure
- Right to restriction of processing
- Right to object to processing
- Right to data portability
You also have the right to lodge a complaint with the data protection supervisory authority.
If you wish to object to the processing of your data by DAkkS in accordance with this privacy policy or for a specific measure, you can send your objection by e-mail, fax or letter to the contact details for the controller set out above.
A. Processing of personal data
Personal data is information about the factual or personal circumstances of an identified or identifiable natural person. It includes for example your name, your telephone number, date of birth or your e-mail address.
When you contact us by e-mail or using our contact form, the data you provide (your e-mail address, your name and telephone number where applicable) is stored by us in order to answer your questions. Once its storage is no longer necessary, we will delete the data accumulated in this context or, if it is subject to statutory retention requirements, restrict its processing.
If we make use of contracted service providers for individual features of our website or wish to use your data for advertising purposes, we will inform you below in detail about the applicable processes in each case. We also state the defined criteria for the storage period.
Collection of personal data when you visit our website
If you use our website for information purposes only, i.e. if you do not register or otherwise transfer information to us, we collect only the personal data that your browser sends to our server. If you wish to view our website, we collect the following data, which we require for technical reasons to display our website to you and to ensure stability and security (legal basis is the purpose of this stated legitimate interest pursuant to point (f) of Article 6 (1) GDPR):
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status / HTTP status code
- Amount of data transferred in each case
- Website from which the request originates
- Browser
- Operating system and its interface
- Language and version of the browser software
In addition to the data set out above, cookies are also stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive and assigned to the browser you are using, and that provide the party setting the cookie (in this case us) with specific information. Cookies cannot execute programs or transfer viruses to your computer. They are used to make the website more user-friendly and effective overall.
Use of cookies
This website uses the following types of cookies, whose scope and functionality are explained below:
- Transient cookies
- Persistent cookies
Transient cookies are automatically deleted when you close your browser. These include in particular session cookies, which store a so-called session ID that enables various requests from your browser to be assigned to the shared session. This allows your computer to be recognised when you return to our website. Session cookies are deleted when you log out or close your browser.
Persistent cookies are automatically deleted after a specified period, which can vary depending on the cookie. You can delete these cookies at any time in your browser’s security settings.
You can configure your browser settings according to your wishes, for example by refusing to accept third-party cookies or all cookies. Please note that you may then not be able to use all features of this website.
To obtain consent (opt-in) for the use of cookies and similar web elements, this website uses the tool "Consent Management Platform" (CMP) of Usercentrics GmbH, (Sendlinger Straße 7, 80331 Munich, Germany). The tool collects and stores your consent to the use of individual or all cookies or similar web elements. The processing is done to comply with legal requirements for the use of cookies and similar web elements in the sense of point (c) of Article 6 (1) GDPR as well as § 25 para. 1 TTDSG (Telecommunications Telemedia Data Protection Act). For more information on how your personal data is processed by CMP, please visit:
Usercentrics GmbH, Sendlinger Straße 7, 80331 München, Germany
Your requests using the contact form, mail or telephone
When you enter your data for a request using the contact form or directly by e-mail, personal data is transferred to us. In the contact form, your e-mail address as well as the subject and content of your message must always be sent. In addition, the date of use of the contact form and the IP address are also stored temporarily to allow us to identify and prevent cases of misuse. You are not required to state your name but can do so on a voluntary basis.
If you contact us directly by e-mail, your contact information, the content of your e-mail and other personal data you have disclosed in your contact e-mail will be processed to allow us to deal with your request appropriately. After your request has been processed, your personal data will be deleted or, if it cannot be deleted due to statutory retention periods, processing will be restricted.
If you contact us by telephone, your telephone number will be processed using our telephone system. If you contact us at the central extension number (final digit 0), you will be passed on to the division you require by a selection menu. Only your telephone number is processed in this case. Other personal data will generally not be processed.
If the personal data processed for the purpose of contacting us is to be used again for another purpose; for example for the processing of an application for accreditation, you will be informed separately about the change of purpose.
The purpose of the use of this personal data is to provide you with the ability to contact DAkkS using the contact form on the website or by e-mail. This corresponds to the purpose of the legitimate interest set out above pursuant to point (f) of Article 6 (1) GDPR.
Please note that for security reasons, DAkkS uses so-called Cross-Site-Request-Forgery-Tokens (CSRF-Tokens) for individual contact requests. This is to prevent attacks on the DAkkS website. Apart from these tokens, no other personal data is processed. The processing serves the legitimate interest of preventing attacks on the website through malware. The legal basis is Art. 6 par. 1 lit. f) GDPR.
Sending of newsletters
With your consent, you can subscribe to our newsletter, in which we keep you up to date with our latest news.
For registration for our newsletter, we use the so-called double-opt-in procedure. This means that after you register, we will send you an e-mail to the e-mail address you provided asking you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we also store the IP addresses you used in each case and the time of registration and confirmation. The purpose of this procedure is to enable us to prove that you registered and to clarify any possible misuse of your personal data if necessary.
The only information required for sending the newsletter is your e-mail address. The provision of further, separately marked data is voluntary and is used to allow us to address you personally. After your confirmation, we will store your e-mail address for the purpose of sending you the newsletter. The legal basis for processing of your personal data for this purpose is your consent pursuant to point (a) of Article 6 (1) GDPR.
You can withdraw your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare your withdrawal by clicking the link provided in every newsletter e-mail, by sending an e-mail to datenschutz@dakks.de or by sending a message to the contact details given in the imprint.
For the sending and organisation of the newsletter, we use software from the provider mailingwork GmbH. A contract for processing on our behalf which ensures the implementation of data protection requirements has been concluded with this service provider in accordance with Article 28 GDPR.
For more information about how the service provider handles your personal data, please visit the following website:
mailingwork GmbH
Birkenweg 7,
09569 Oederan
www.mailingwork.de/datenschutz/
Please note that we analyse your user behaviour when the newsletter is sent. For this analysis, the e-mails sent contain so-called web beacons or tracking pixels, which represent one-pixel image files stored on our website. For analysis purposes, we link the data as set out in this document and the web beacons with your e-mail address and an individual ID. Links received in the newsletter also contain this ID. With the data obtained in this manner, we create a user profile used to tailor the newsletter to your individual interests. We collect data on when you read our newsletters and the links in the newsletters you click in order to understand your personal interests.
You can object to this form of tracking at any time by clicking the separate link provided in each e-mail and disabling this option in your profile or by informing us using another contact channel. This information is stored for as long as you are subscribed to the newsletter. After you unsubscribe, we store the data in purely statistical and anonymous form. Tracking of this kind is also not possible if you have disabled the display of images by default in your e-mail program. In this case, the newsletter will not be displayed in full and you may not be able to use all features. If you display the images manually, tracking as set out above is enabled.
Use of web analytics services (Matomo)
This website uses the web analytics service Matomo to analyse and regularly improve the use of our website. We can use the statistics obtained to improve our website and make it more interesting for you as a user. The legal basis for the use of Matomo is explicit consent to analysis pursuant to point (a) of Article 6 (1).
For the purposes of this analysis, cookies are stored on your computer (see above for more details). The information collected in this manner is stored by the controller exclusively on the controller’s server in Germany. You can stop the analysis by deleting existing cookies and preventing the storage of cookies. If you prevent the storage of cookies, please note that you may not be able to use all features of this website. The storage of cookies can be prevented in your browser’s settings.
This website uses Matomo with the extension “AnonymizeIP”, which means that IP addresses are truncated for further processing, excluding the possibility of identifying individuals directly. The IP address sent by your browser using Matomo will not be amalgamated with other data we collect.
The Matomo program is an open source project. You can find information concerning data protection from the third-party provider at
www.matomo.org/privacy-policy/
Objection:
You can prevent the use of Matomo by unchecking the following box to enable the opt-out plug-in:
Applications
If you apply in response to one of our job advertisements, we process the personal data you enter in this context during the application process. We process this data for the purpose of deciding on the establishment of an employment relationship within the meaning of Section 26 (1) BDSG (German Federal Data Protection Act). The categories of data processed in this context include in particular:
- Name
- Address
- E-mail address
- Telephone number
- Curriculum vitae
- Relevant certificates and references
- Language skills
- Salary expectations
- Earliest start date
Please note that you transfer all additional data and data categories to us on a voluntary basis for the purpose of deciding on the establishment of an employment relationship.
Your personal data processed in the context of your application will be kept for up to six months after the decision on the establishment of the employment relationship. Your application data will then be deleted in compliance with data protection law or returned to you. Please note that relevant divisions may also be given access to your application data for the purpose of deciding on the employment relationship.
You also have the option of transferring your data from the Xing or LinkedIn social networks to your application. When you use these plug-ins, your profile data is transferred only to your application on the applicant profile. Your data will never be disclosed to third parties. You can find out how these providers handle your personal data at the following websites:
Xing:
www.privacy.xing.com/en/privacy-policy
LinkedIn:
www.linkedin.com/legal/privacy-policy
We use software from the provider Perbit Software GmbH for the implementation of our applicant management system. This service provider maintains a portal for the purposes of application processing (https://www.perbit-job.de/jobs/dakks). A contract for processing on our behalf has been concluded with this service provider in accordance with Article 28 GDPR. The contract ensures the fulfilment of data protection requirements on the part of the service provider. The data set out above will not be transferred to the service provider for any other purpose.
For more information about how the service provider processes personal data, please visit the following website:
perbit Software GmbH Siemensstraße 31
48341 Altenberge
www.perbit.com/datenschutz.htm
B. Data protection statement for social media
1. Data protection statement for the use of social media
No social media plug-ins are used on this website. The websites provides only links to the DAkkS social media channels. There is no provision for processing of personal data using plug-ins.
2. DAkkS events – management using EventManager Online (EMO)
For the registration, invoicing and payment processing of events, DAkkS works with the solutions provided by EMO EventManager Online GmbH. The operator of the platform and the controller for the platform within the meaning of data protection law is EMO EventManager Online GmbH (Winterhuder Weg 29, 22085 Hamburg). EMO is event management software used for online registration, ticketing and payment processing for events.
If you want to take part in a DAkkS event, you must first register using the external link on the EMO platform and provide personal details such as your name, address and method of payment. This is required for event registration, invoicing and drawing up participant lists and participation certificates.
Under the data protection provisions in place at EMO, the participant data collected when you register for a DAkkS event will not be passed on to third parties without authorisation and is only made accessible to DAkkS. The personal data that is processed is processed for the purposes of contract performance and of steps required prior to entering into a contract pursuant to point (b) of Article 6(1) GDPR.
You can find more information about EventManager Online’s privacy policy at:
EMO EventManager Online GmbH,
Winterhuder Weg 29
22085 Hamburg
Germany
www.eventmanager-online.com/pages/privacy
datenschutz@EventManager-Online.com
3. Display of contact addresses (Google Maps)
DAkkS uses the Google Maps service of Google to display the contact addresses of the conformity assessment bodies. In this case, the metadata mentioned under A. “Collection of personal data when visiting our website” are transmitted to Google in order to be able to call up the map data. This transmission only takes place when the plug-in is explicitly activated by clicking on “Display external content”. No data is transferred prior to this.
By using the plugin, Google receives the information that you have accessed the relevant sub-section of our website. This happens regardless of whether you have a Google account or no account. If you are logged in to Google, your data will be associated directly with your account. If you do not want your data associated with your Google profile, you must sign out before activating the button. Google will store your information in the form of a usage profile and use it for the purposes of advertising, market research and/or improving the usability of its website. In particular, such analysis is performed (also for users who are not logged in) in order to provide relevant advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.
The legal basis for the processing of this personal data is your express consent to the use of the service pursuant to Art. 6(1)(1)(a) of the GDPR.
You can find more information about the service provider's treatment of your personal data here:
Google Ireland Limited
Google Building Gordon House
4 Barrow St, Dublin
D04 E5W5, Ireland
4. Translation of texts in the database of accredited bodies (Google Translate)
If necessary, the German texts in the database of accredited bodies can be automatically translated into English. The Google Translate service of Google is automatically used for this purpose. The metadata mentioned under A. “Collection of personal data when visiting our website” will be transferred to Google.
By using the plugin, Google receives the information that you have accessed the relevant sub-section of our website. This happens regardless of whether you have a Google account or no account. If you are logged in to Google, your data will be associated directly with your account. If you do not want your data associated with your Google profile, you must sign out before activating the button. Google will store your information in the form of a usage profile and use it for the purposes of advertising, market research and/or improving the usability of its website. In particular, such analysis is performed (also for users who are not logged in) in order to provide relevant advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.
The legal basis for the processing of this personal data is your express consent to the use of the service pursuant to Art. 6(1)(1)(a) of the GDPR.
You can find more information about the service provider's treatment of your personal data here:
Google Ireland Limited
Google Building Gordon House
4 Barrow St, Dublin
D04 E5W5, Ireland
C. Processing of personal data relating to accreditation procedures
Processing in the context of accreditation procedures
The data processed in the context of the implementation of accreditation procedures also includes personal data. This may include for example details or information about the employees or business partners of a conformity assessment body. The legal basis for the processing of this data in the context of the implementation of accreditation procedures is the performance of a task carried out in the public interest within the meaning of point (e) of Article 6 (1) GDPR in conjunction with Section 2 (2) of the Act on the Accreditation Body (AkkStelleG). Particular attention is paid here to the principle of data economy, which means that only personal data that is actually necessary for the implementation of accreditation procedures is processed. This data will not be processed for any other purpose.
Maintenance of the digital database of accredited bodies
Deutsche Akkreditierungsstelle GmbH (DAkkS) maintains an up-to-date list of accredited conformity assessment bodies. In some circumstances, personal data may be processed for this purpose. This may for example relate to the naming of contact persons in the database. The personal data published in the database is specified by the conformity assessment body as part of the application for accreditation and entered in the database by DAkkS. The legal basis for the inclusion of this personal data is the maintenance of the list in the context of the performance of a task carried out in the public interest within the meaning of point (e) of Article 6 (1) GDPR in conjunction with Section 2 (2) of the Act on the Accreditation Body (AkkStelleG).