Data privacy
Your personal data
Required information for the execution of a contract is:
Customer company, address, name and e-mail of the person(s) responsible
Payment data including additional information for payment processing
The legal basis for this data processing is Art. 6 Para. 1 S. 1 lit. b GDPR.
Please note:
(1) DQC processes the data provided by the CUSTOMER to execute the order placed. For
this purpose, DATA Q COMPANY can pass on CUSTOMER’S payment data to third party payment
service providers. The legal basis for this is Art. 6 Para. 1 S. 1 lit. b GDPR. Where DQC
utilizes third party payment service providers, the customer's payment information will be
disclosed to such third parties for card validation and transaction processing. DQC will
securely store any client information where necessary to process orders.
(2) Depending on the version and deployment of the software, the following data may be collected by
DQC if the user decides to send error reports: error message, performance metrics, – as generated by the software, error description, user name, contact information – as filled in by the user in the error form.
(3) For the use of the DQC website and/or other services provided through the website,
additional privacy terms may apply, which are accessible through the relevant website or service.
(4) Other services or websites that are linked or redirected to from the DQC website may
have implemented different guidelines as regards data collection and processing; for this reason, the
data protection notices on the respective websites, or the data protection notices for the use of
respective services are effective.
Use of data
(1) If personal data is passed on to DQC, the customer and the user declares himself in
agreement with DQC passing on, using and storing this information in all countries in
which DQC is established, or in which DQC avails of technical services from a third party.
(2) The data processing centers used by DQC are located within a member state of the
European Union (EU) or within a member state of the European Economic Area (EEA) or, if a transfer of
data to a state which is not a member state of either the EU or the EEA will take place, DQC will secure, that the specific conditions of Article 44 et seq. GDPR have been fulfilled. The data processing in such territories will only take place in countries, where the adequate level of protection
has been decided by the European Commission (Article 45 Paragraph 3 GDPR),
is the result of binding corporate rules (Article 46 Paragraph 2 Point b in conjunction with
Article 47 GDPR),is the result of Standard Data Protection Clauses (Article 46 Paragraph 2 Points c and d
GDPR),is the result of approved Codes of Conduct (Article 46 Paragraph 2 Point e in conjunction
with Article 40 GDPR).
(3) DQC will only use PERSONAL DATA for the specific reason for which this data was conveyed. Personal data will only be passed on to a third party with the express agreement of the user, or in cases that are allowed by law. Unless otherwise stated, personal data the user has passed on to DQC is only for internal DQC use, and for use described in the data protection directive. Personal data can, however, be passed on to third party organizations that provide services for DQC in the areas of execution of orders, payment processing or administration, or other services described in this document.
(4) DQC can pass on personal data and other information, if this is required by virtue of a
law, or because of a citation or court ruling, or if it is required to answer a query, request or complaint
from the user or from a third party on behalf of the user.
Compliance
SOC 2 Type 2 (audit in progress)
ISO 27001 (audit in progress)
GDPR
Data Privacy Organization
Privacy Information Management System
DQC has implemented a holistic management system to ensure that all personal data is processed in compliance with applicable regulatory requirements and internal policies.Data Privacy Team
Our team monitors, maintains and updates the DQC Privacy program regularly.Employee Training & Awareness Measures
All DQC employees are required to undergo mandatory annual training on Data Privacy. This training is supplemented by contractual obligations and individual awareness measures.Supplier Lifecycle Management
Assessment of new suppliers prior to onboarding, along with regular audits thereafter, ensure that suppliers meet our high standards for processing personal data.Continuous Improvement Process
Continuous self-assessments in the form of internal audits and process reviews ensure the sustainable implementation and continuous improvement of our privacy efforts.
Privacy By Design
Lawfulness, Fairness and Transparency
The DQC/Platform helps you to process (personal) data lawfully, fairly and in a transparent manner in relation to data subjects.Purpose Limitation
The DQC/Platform supports the need to collect personal data only for a specific, explicit and legitimate purpose, and to retain such data only for as long as is necessary to fulfil such purpose.Data Minimisation
In order to visualize data issues and improvements within the DQC/Platform, there is no inherent need to process user information or personal data. The depth of the analyses can be readily adjusted within the data provision, and your ability to configure the analyses (limiting the data procession by privacy by default and privacy by design with configuration at set up possibilities) helps you to minimize the use of personal data within DQC/Platform .Accuracy & Accountability
The set-up and configuration of the DQC/Platform supports your efforts to be fully accountable for the use of personal data within the DQC/Platform.Storage Limitation
Once personal data are no longer required to operate analyses within the DQC/Platform (including in the event of termination of your subscription) you can request the deletion within the DQC/Platform, which is also subject to a set of defined deletion rules. Additionally, you have the ability to delete all data within your account at any time upon request to DQC.Integrity and Confidentiality
Industry best-practice security mechanisms ensure that all data processed within the DQC/Platform is safeguarded. Please refer to our dedicated webpage on Information Security.