1. General Information
As the operator of this website I take the protection of your personal data very seriously. I treat your personal data with utmost confidentiality and in compliance with legal data protection regulations as well as this privacy note.
I have taken appropriate technical and organisational measures to protect your personal data against loss or against any form of unlawful processing. My security measures are continually reviewed in accordance with technological developement.
This website uses SSL- or TLS-encryption for data transmission to guarantee the safety of your information. You can identify encrypted transmission by the little lock-symbol in the adress-bar or by changing from “http://” to “https://”.
The following privacy note should give you an overview how your personal data is processed when you visit my website. Personal data is all data that allows identifying you as a person. You will find more detailed information about privacy in my privacy note as it is stated below.
2. Name and address of the controller
Responsible according to the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz) for the website www.eqmc-consulting.de and the associated data processing is:
Bernhard Bals – Engineering – Quality – Management – Culture
Lechrainstraße 22
86163 Augsburg (Germany)
Phone: +49 176 4737 8899
E-mail: privacy@eqmc-consulting.de
3. General information about data processing
Description and scope of data processing
In general, I process your personal data only as far as it is required for providing a functional website as well as my contents and services. Usually your personal data is only processed with your consent. Exceptions apply in such cases, where it is impossible for me to obtain prior consent due to technical reasons or where tthe processing of personal data is permitted by legal regulations.
Legal ground for data processing
As far as I obtain your consent for the processing of personal data, Art. 6 (1) a of the General Data Protection Regulation (GDPR) is the legal ground.
For the processing of personal data required for the performance of a contract where the person concerned is a contractual party, Art. 6 (1) b GDPR is the legal ground. This also applies for data processing required within the scope of of precontractual activities.
As far as the processing of personal data is required for the compliance with legal obligations applicable to my business, Art. 6 (1) c GDPR is the legal ground.
In case processing of personal data is required based in a legitimate interest for my business or a third party, and your interest, civil rights and fundamental freedoms do not prevail my legitimate interest, Art. 6 (1) f GDPR is the legal ground.
Recipients of personal data
In the scope of my business activities, I cooperate with various external parties. In some cases, this also requires the disclosure of personal data to these external parties. I only disclose personal data to external parties, if
- I am required to do so in the scope of the performance of a contract,
- I am legally obliged to do so (e.g. disclosure of data to tax authorities),
- I have a legitimate interest according to Art. 6 (1) f GDPR or
- any other legal ground permits the disclosure of personal data.
When I cooperate with data processors I disclose personal data of my customers only based on a valid data processing agreement (DPA). In the case of joint processing, I conclude a joint controllers agreement.
Data erasure and storage duration
I will delete or block your personal data as soon as the purpose of storage does no longer exist. Storage may also take place if this is provided for by the European or national legislator in Union regulations, laws or other provisions to which I am subject. Blocking or deletion of data will also occur when a storage period prescribed by the mentioned regulations expires, unless there is a necessity for further data storage for contract conclusion or fulfillment.
4. Website hosting
Description and scope of data processing
This website is hosted at the provider Strato AG, Otto-Ostrowski-Straße 7, 10249 Berlin, Germany (hereinafter „Strato“). Strato automatically collects information from the system of the calling computer or user’s end device each time this page is accessed.
The following data is collected by Strato and stored in so called log-files:
- Information about your browser type and version
- The operating system on your end device
- Visited pages on my website
- If existing: the referrer-URL
- Your internet-service-provider
- Your IP-adress
- Date and time of your visit
There is no linking or cross-evaluation of this data with other data sources.
I concluded a data processing agreement (DPA) with Strato for the hosting of my website. The contract aims to ensure that Strato processes personal data only according to my instructions, adheres to data protection regulations, and ensures the security of personal data.
Legal ground for data processing
Legal ground for the temporary storage of this data and log-files is Art. 6 (1) f GDPR. My legitimate interest lies in ensuring a reliable delivery of my website to the user’s computer.
Purpose of data processing
The temporary storage of the user’s IP address by Strato is necessary to enable the delivery of the website to the user’s computer. The user’s IP address necessarily has to be retained for this purpose. As the operator of the website, I can only view the IP address in an anonymized form.
The storage of the above-mentioned data in the log files is done to ensure the functionality of my website. In addition, these data serve me to optimize the website and ensure the security of my information technology systems (e.g., for attack detection). An evaluation of the data for marketing purposes does not take place in this context.
Possibility to object and erase
The collection of data for the provision of the website and the storage of data in log files is indispensable for the operation of the website. There is therefore no possibility of objection on the part of the user.
5. Cookie use
Description and scope of data processing
My website uses Cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. If a user visits a website, a cookie can be stored on the user’s operating system. This cookie contains a characteristic string that allows for a unique identification of the browser when revisiting the website.
When you enter my website, a cookie (“Borlabs-Cookie”) is stored in your browser, which will save the consents you have given or the revocation of these consents for the use of cookies. For that purpose I use the tool Borlabs Cookie of the provider Borlabs GmbH, Rübenkamp 32, 22305 Hamburg. This data will not be disclosed to the provider of Borlabs Cookie. Details for the processing of data by Borlabs Cookie are described here: https://borlabs.io/kb/what-information-does-borlabs-cookie-store/.
To be able to consistently provide my website in the language you have chosen, a cookie is stored in your browser that saves the currently selected language.
Legal ground for data processing
The Borlabs Cookie is used to obtain the legally required consent for the use of cookies. Legal ground for the use of the Borlabs Cookie is Art 6 (1) c GDPR. It is legally required to obtain consent for the use of cookies.
Legal ground for the use of cookies for language setting is Art. 6 (1) f GDPR. My legitimate interest lies in delivering my website in multiple languages to the user’s computer.
Purpose of data processing
The purpose of using technically necessary cookies is to simplify the use of websites for users and to comply with the necessary legal requirements.
The continuous provision of my website in the language chosen by the user cannot be offered without the use of cookies. For this, it is necessary for the browser to be recognized even after a page change.
Duration of storage, possibility to object and erase.
Cookies are stored on the user’s computer and transmitted by them to our site. Therefore, as a user, you also have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Already saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for my website, it may no longer be possible to fully utilize all functions of the website.
6. Contact form, customer survey and contact per email or phone
Description and scope of data processing
On my website, there is a contact form available which can be used for electronic communication. My website also provides a form for entering customer feedback. If a user makes use of one of these options, the data entered in the input mask will be transmitted to me and stored.
This data includes:
- Company name
- First name
- Surname
- Email address
- Phone number
- Content of your inquiry or customer feedback
For the processing of the data, your consent will be obtained as part of the sending process and reference will be made to this privacy policy.
Alternatively you may contact me via the provided email address or phone number. In this case, your personal data transmitted during the contact initiation will be stored.
In this context, there is no transfer of the data from the contact form, the customer survey or an email/phone contact to third parties. The data will be used exclusively for processing the conversation or to evaluate the customer feedback.
The customer feedback as well as the name, position and company of the feedback provider may be published for marketing purposes, provided that the user optionally gives his explicit consent during the submission process.
Legal ground for data processing
Legal ground for processing your personal information is
- on the basis of your consent (contact form) Art. 6 (1) a GDPR,
- in case of communication via email or phone Art. 6 (1) f GDPR, my legitimate interes in this case is the effective handling of your request.
If your request is related to the conclusion or execution of a contract, legal ground for data processing is also Art.6 (1) b GDPR.
Purpose of data processing
The processing of the personal data from the input mask serves solely for me to process the contact inquiry. In case of contact via email or phone, this also constitutes the necessary legitimate interest in processing the data.
The other personal data processed during the sending process is used to prevent abuse of the contact form and ensure the security of my information technology systems.
Storage duration
The data will be deleted as soon as they are no longer necessary for the attainment of the purpose for which they were collected. For the personal data provided in the input form of the contact form, as well as those sent via email or transmitted over the phone, this is applicable when the respective conversation with the user is concluded. The conversation is considered concluded when it can be inferred from the circumstances that the matter in question has been finally resolved. Mandatory legal provisions, especially retention periods, remain unaffected.
Possibility to object and erase
You have the option to revoke their consent to the processing of personal data at any time. If you contact me by email or telephone, you can object to the storage of your personal data at any time. In such a case, the conversation cannot be continued.
You may revoke your consent and/or object the storage of your personal data by sending an email with the corresponding request to privacy@eqmc-consulting.de.
All personal data that has been stored as part of the contact will be deleted in this case. Mandatory legal provisions, especially retention periods, remain unaffected.
7. Booking of appointments via TuCalendi
Description and scope of data processing
The TuCalendi application is integrated on my website, which visitors can use to book appointments for online meetings with me. When a user books an appointment with me using this tool, the data entered is transmitted and stored.
This data includes:
- Name of the company, if applicable,
- First and last name,
- Email address,
- Telephone number, if applicable,
- Purpose of the request,
- Date, time, country and time zone.
For the processing of the data, your consent will be obtained as part of the sending process and reference will be made to this privacy policy.
The data is collected and processed on my behalf by the operator of the TuCalendi application, the company APPLOAD SOLUTIONS S.L., based in C/Bethencourt Alfonso, 33, Floor 7, 38002 Santa Cruz de Tenerife, Spain. I have concluded an order processing contract with the company APPLOAD SOLUTIONS S.L. for the transfer of data.
Legal ground for data processing
The legal basis for the processing of the data is the consent of the user (Art. 6 para. 1 lit. a GDPR). If your request is related to the conclusion or execution of a contract, legal ground for data processing is also Art.6 (1) b GDPR.
Storage duration
The data will be deleted as soon as they are no longer necessary for the attainment of the purpose for which they were collected. For the personal data from the booked appointment, this is the case when the respective conversation with the user has ended. The conversation is considered concluded when it can be inferred from the circumstances that the matter in question has been finally resolved. Mandatory legal provisions, especially retention periods, remain unaffected.
Possibility to object and erase
You have the option to revoke their consent to the processing of personal data at any time. If you contact me by email or telephone, you can object to the storage of your personal data at any time. In such a case, any outstanding agreed appointments will be canceled.
You may revoke your consent and/or object the storage of your personal data by sending an email with the corresponding request to privacy@eqmc-consulting.de.
All personal data stored in the course of making an appointment with the TuCalendi tool will be deleted in this case. Mandatory legal provisions, especially retention periods, remain unaffected.
8 Rights of the data subject
If your personal data is processed by me, you are a person concerned within the meaning of the GDPR and you have the following rights against the data controller:
Right of access
You can request confirmation from the controller whether personal data concerning you is being processed by me. If such processing exists, you can request information from the controller, among other things, about your stored personal data, their origin and recipients, and the purpose of data processing.
Right to rectification
You have the right to rectification and/or completion towards the controller if the processed personal data concerning you is inaccurate or incomplete. The controller is required to carry out the correction immediately.
Right to restriction of processing
Under the following conditions, you can request the restriction of the processing of your personal data:
- if you contest the accuracy of the personal data concerning you, for a period of time that enables the controller to verify the accuracy of the personal data;
- the processing is unlawful and you object to the deletion of personal data, instead, you request the restriction of the use of personal data.
- the controller no longer needs the personal data for the purposes of processing, but you still need them to assert, exercise or defend legal claims, or
- If you have objected to the processing in accordance with Art. 21 (1) GDPR and it is not yet clear whether the legitimate interest of the controller outweigh your reasons.
If the processing of your personal data has been restricted, aside from their storage, these data may only be processed with your consent, or for the assertion, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for important public interest of the Union or a Member State.
If the restriction of processing has been limited according to the aforementioned conditions, you will be informed by the controller before the restriction is lifted.
Right to erasure
You can demand that the controller immediately deletes the personal data concerning you, and the rcontroller is obliged to delete this data immediately if one of the following reasons applies:
- The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
- You revoke your consent, on which the processing according to Art. 6 (1) a GDPR was based, and there is no other legal ground for the processing.
- You object acc. Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 para. 2 GDPR.
- The personal data concerning you has been processed unlawfully.
- The deletion of the personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.
If the responsible party has publicly disclosed the personal data concerning you and is obliged, pursuant to Art. 17 (1) GDPR, to delete such data, they shall, taking into account the available technology and the implementation costs, take reasonable measures, including technical measures, to inform other data controllers processing the personal data that you, as the data subject, have requested the deletion of all links to, or copies or replications of, such personal data.
The right to erasure does not exist,
- to the extent the processing is necessary for compliance with a legal obligation under the law of the Union or the Member States to which the controller is subject.
- for asserting, exercising, or defending legal claims.
Right to information
Have you exercised your right to rectification, erasure, or restriction of processing against the controller, the controller is obliged to communicate any rectification or erasure of data or restriction of processing to all recipients to whom the personal data concerning you have been disclosed, unless this proves impossible or involves a disproportionate effort.
You are entitled to be informed about these recipients by the responsible person.
Right to data portability
If the processing is based on consent pursuant to Art. Art. 6 para. 1 lit. a GDPR or on a contract pursuant to Art. Art. 6 para. 1 lit. b GDPR, you have the right to receive the personal data concerning you, which I process by automated means, in a structured, commonly used and machine-readable format or – if technically feasible – to have this data transmitted to a third party.
Right to object
You have the right to object, at any time and for reasons arising from your particular situation, to the processing of personal data concerning you based on Art. 6 (1) e or f of the GDPR, including profiling based on those provisions. The respective legal bases for the processing of data under my responsibility can be found in the enclosed privacy note.
The controller will no longer process your personal data unless the controller can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.
If your personal data is processed for the purpose of carrying out direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is related to such direct marketing.
If you oppose the processing for direct marketing purposes, your personal data related to you will no longer be processed for these purposes.
Right to revocate your consent to the processing of data
You have the right to revoke your data protection consent declaration at any time. The revocation of consent does not affect the lawfulness of processing carried out before the revocation, based on the consent.
Right to log a complaint with the competent supervisory agency
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work, or the place of the alleged infringement, if you believe that the processing of your personal data violates the GDPR.
The supervisory authority, to which the complaint has been submitted, informs the complainant about the status and outcomes of the complaint, including the possibility of a judicial remedy under Article 78 of the GDPR.