TQGG Privacy Policy

We take data protection seriously

The protection of your privacy when processing personal data is important to us.
For this reason, we only process personal data when it is sensible for the use of our services
and economically relevant. In any case, we comply with the provisions of the General Data Protection Regulation
(GDPR) and the Federal Data Protection Act (BDSG).

Below you will find information about what data is processed, in what form, and by whom,
when you visit our website at
https://www.tqgg.de/.

Who is responsible for data processing and whom can you contact?
Personal Data
Visiting our Website
Online Presence on Social Media
Data Subject Rights
Changes to this Privacy Policy
Information obligations according to Art. 13 GDPR

1. Who is responsible for data processing and whom can you contact?

The controller is

The Quality Group GmbH
Werner-von-Siemens-Straße 8
25337 Elmshorn
E-mail: datenschutz@tqgg.de

The company’s data protection officer is

Nico Becker
Projekt 29 GmbH & Co. KG
Ostengasse 14
93047 Regensburg
E-mail: n.becker@projekt29.de
Tel.: 0941-2986930

Back to Table of Contents

2. Personal Data

Personal data is data about you through which you can be identified. This includes, for example,
your name, address, email address, location data, payment data, and many other details.

In principle, you do not have to disclose any personal data to visit our website.
However, in some cases, we need this to be able to offer you the desired services on our website
to be able to.

If you use one of our services where this is necessary, we generally only collect the data
that is required for this, and not without your consent.

Back to Table of Contents

3. Visiting our Website

3.1 General Use

When you visit our website, our web servers store, by default, the IP address of your Internet Service Provider,
the website from which you visit us, the web pages you visit on our site, and the date and duration
of your visit.

The processing of this information is absolutely necessary for the technical transmission of the web pages, the convenient use
of our services, and the secure operation of the server. Our legitimate interest arises from
Art. 6 para. 1 lit. f) GDPR.

Direct identification of your identity is not possible based on this information and is not carried out by us.
The information is stored and automatically deleted after the aforementioned purposes have been achieved.
The regular deletion periods are based on the criterion of necessity.

3.1.1 Automatically Stored Data (Server Log Files)

The provider of the pages automatically collects and stores information in so-called server log files, which your
browser automatically transmits to us. These are:

Date and time of the request
Name of the requested file
Page from which the file was requested
Access status (file transferred, file not found, etc.)
Web browser and operating system used
Full IP address of the requesting computer
Amount of data transferred

This data is not merged with other data sources. Processing is carried out in accordance with
Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and
functionality of our website.

For reasons of technical security, in particular to ward off attack attempts on our web server,
this data is stored by us for a short period. We cannot draw conclusions about individual persons from this data
.

After seven days at the latest, the data is anonymized by shortening the IP address at the domain level,
so that it is no longer possible to establish a link to the individual user. In anonymized form, the
data is also processed for statistical purposes; no comparison with other data sets or disclosure to
third parties, even in extracts, takes place.

3.1.2 Cookies

When you visit our website, we may store information on your computer in the form of
cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie.
It consists of a string of characters by which websites and servers can be assigned to the specific internet browser
in which the cookie was stored.

This allows the visited websites and servers to distinguish the individual browser of the data subject from
other internet browsers that contain other cookies. A specific internet browser can be recognized and identified
via the unique cookie ID.

An overview of the cookies we use can be found here.

By using session cookies, the controller can provide users of this website with a
user-friendly service that would not be possible without the setting of cookies. Without consent,
we only use technically necessary cookies on the legal basis of legitimate interest in accordance with
Art. 6 para. 1 lit. f GDPR.

We only use personal cookies to improve our website or for marketing/advertising purposes with your
consent. When you first visit, you can voluntarily agree to tracking or
analysis via the displayed cookie banner. If necessary, your data may be passed on to partners or third-party providers.

These cookies are only stored if you explicitly agree. The legal basis is then your
consent in accordance with Art. 6 para. 1 lit. a GDPR.

You can change your cookie settings at any time here.

3.1.3 Consent Management

Our website uses consent technology to obtain your consent for storing certain cookies on your
device or for using certain technologies and to document this in compliance with data protection regulations.

The provider of this technology is: CookieYes Limited, 3 Warren Yard Warren Park, Wolverton Mill, Milton Keynes,
MK12 5NW, United Kingdom. E-mail: support@cookieyes.com.

When you enter our website, a connection is established to the servers of the consent management provider
to obtain your consents and other declarations regarding cookie usage. The provider then stores
a cookie in your browser to be able to assign the given consents or their revocation to you.

The data collected in this way will be stored until you request its deletion, delete the cookie yourself, or the
purpose for data storage ceases. Mandatory legal retention periods remain unaffected.

The use of this consent tool serves to obtain the legally required consents for the use of
cookies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.

You can change your cookie settings at any time on our site via the corresponding
cookie icon.

3.1.4 Cloudflare

We use the service “Cloudflare”. The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107,
USA (hereinafter “Cloudflare”).

Cloudflare offers a globally distributed Content Delivery Network with DNS. Technically, the
information transfer between your browser and our website is routed through Cloudflare’s network.
This enables Cloudflare to analyze the data traffic between your browser and our website and
to serve as a filter between our servers and potentially malicious internet traffic.

Cloudflare may also use cookies or other technologies to recognize internet users,
but these are used solely for the purpose described here.

The use of Cloudflare is based on our legitimate interest in providing our website as error-free and secure
as possible (Art. 6 para. 1 lit. f GDPR).

Further information on security and data protection at Cloudflare can be found here:

https://www.cloudflare.com/privacypolicy/

We have concluded a data processing agreement (DPA) in accordance with Art. 28 GDPR with the aforementioned provider.
This is a contract required by data protection law, which ensures
that this provider processes the personal data of our website visitors only according to our instructions and in compliance
with the GDPR.

3.1.5 Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that allows us to integrate tracking or analytics tools and other technologies into our website.

Google Tag Manager itself does not create user profiles, does not store cookies, and does not carry out any independent analyses. It is used solely to manage and deploy the tools integrated via it.

However, Google Tag Manager does collect your IP address, which may also be transferred to Google’s parent company in the United States.

The use of Google Tag Manager is based on Art. 6 (1) lit. f GDPR.

3.1.6 Google Analytics (4)

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze the behavior of website visitors. In doing so, the website operator receives various usage data, such as page views, dwell time, operating systems used and the origin of the user. This data is summarized in a user ID and assigned to the respective end device of the website visitor.

Furthermore, Google Analytics allows us to record your mouse and scroll movements and clicks, among other things. Furthermore, Google Analytics uses various modeling approaches to supplement the collected data sets and uses machine learning technologies in the data analysis.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there. The use of this service is based on your consent according to Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG. The consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

3.1.7 Google Ads

The website operator uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to play advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be played on the basis of user data available at Google (e.g. location data and interests) (target group targeting). As the website operator, we can evaluate this data quantitatively by analyzing, for example, which search terms led to the display of our advertisements and how many ads resulted in corresponding clicks.

The use of this service is based on your consent according to Art. 6 para. 1 lit. a DSGVO and §25 para. 1 TTDSG. The consent can be revoked at any time. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://policies.google.com/privacy/frameworks and
https://privacy.google.com/businesses/controllerterms/mccs/.

3.1.8 MetaPixel

This website uses Facebook’s visitor action pixel to measure conversions. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the collected data may also be transferred to the United States and other third countries. This allows the behavior of site visitors to be tracked after they have been redirected to the provider’s website by clicking on a Facebook advertisement. This enables the effectiveness of Facebook advertisements to be evaluated for statistical and market research purposes and future advertising measures to be optimized.

The data collected is anonymous for us as the operator of this website; we are unable to draw any conclusions about the identity of users. However, the data is stored and processed by Facebook, enabling a connection to the respective user profile and allowing Facebook to use the data for its own advertising purposes in accordance with Facebook’s Data Usage Policy. This enables Facebook to display advertisements on Facebook pages as well as outside of Facebook. We, as the site operator, have no influence over this use of the data.

The use of this service is based on your consent pursuant to Art. 6 (1) lit. a GDPR and §25 (1) TDDDG. Consent may be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum and
https://de-de.facebook.com/help/566994660333381.

Where personal data is collected on our website using the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transmission to Facebook. The processing carried out by Facebook after the transfer is not part of the joint responsibility. The obligations jointly incumbent on us have been set out in a joint processing agreement. The wording of the agreement can be found at:
https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for the data protection-compliant implementation of the tool on our website. Facebook is responsible for the data security of Facebook products. Data subject rights (e.g. requests for information) regarding data processed by Facebook can be asserted directly with Facebook. If you assert your data subject rights with us, we are obliged to forward them to Facebook.
https://de-de.facebook.com/about/privacy/.

Further information on the protection of your privacy can be found in Facebook’s privacy policy:  https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen

Facebook Custom Audiences

We use Facebook Custom Audiences. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

When you visit or use our websites and apps, use our free or paid services, submit data to us, or interact with our company’s Facebook content, we collect your personal data. If you give us your consent to use Facebook Custom Audiences, we will transmit this data to Facebook in order to display advertisements that are relevant to you. In addition, your data may be used to define target groups (lookalike audiences).

Facebook processes this data as our data processor. Details can be found in Facebook’s terms of use:
https://www.facebook.com/legal/terms/customaudience.

The use of this service is based on your consent pursuant to Art. 6 (1) lit. a GDPR and §25 (1) TDDDG. Consent may be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://www.facebook.com/legal/terms/customaudience und https://www.facebook.com/legal/terms/dataprocessing.

3.2 Contact

When contacting us (e.g., by email, phone, or via social media), the data sent by the
inquiring person is processed to the extent necessary to answer the contact inquiries and any
requested measures, and stored on our servers as part of data backup.

Your data will be used by us exclusively for processing your request. Your data will be treated strictly
confidentially. No disclosure to third parties will take place.

The answering of contact inquiries within the framework of contractual or pre-contractual relationships takes place for
the fulfillment of our contractual obligations or for answering (pre-)contractual inquiries and, in other respects,
on the basis of legitimate interests in answering the inquiries.

Types of data processed:

Inventory data (e.g., names, addresses), contact data (e.g., email, phone numbers), content data (e.g., entries in online forms).

Data subjects:

Communication partners.

Purposes of processing:

Contact inquiries and communication.

Legal bases:

Fulfillment of contract and pre-contractual inquiries (Art. 6 para. 1 lit. b GDPR), legitimate interests (Art. 6 para. 1 lit. f GDPR).

3.4 Security

We have implemented technical and administrative security measures to protect your personal data against loss, destruction, manipulation, and unauthorized access.

All our employees as well as service providers acting on our behalf (data processors) are obligated to comply with the applicable data protection laws.

Whenever we collect and process personal data, it is encrypted before transmission. This means that your data cannot be misused by third parties.

Unsere Sicherheitsvorkehrungen unterliegen dabei einem ständigen Verbesserungsprozess und unsere Datenschutzerklärungen werden ständig überarbeitet. Bitte stellen Sie sicher, dass Ihnen die aktuelle Version
vorliegt.

3.5 Data Exchange within the Group

Your order data will be made available to the group companies, if necessary for contract processing.
Customer data is stored company-specific and separately, whereby our parent company or individual
companies can act as service providers for the other individual participating companies
(e.g., customer support or logistics).

Back to Table of Contents

4. Online Presence on Social Media

If you have given your consent to the respective social media provider
in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, your data
will be automatically collected and stored for market research and advertising purposes when you visit our online presences on our social media channels, from which usage profiles are created using pseudonyms
.

These can be used, for example, to display advertisements within and outside the platforms that
presumably match your interests. Cookies are generally used for this purpose.

Detailed information on the processing and use of data by the respective social media provider,
as well as contact options and your rights and setting options for protecting your
privacy, can be found in the linked data protection notices of the providers on their websites.
Should you still need help in this regard, you can contact us.

Back to Table of Contents

5. Data Subject Rights

You have the right at any time to information, rectification, erasure, or restriction of the processing of your
stored data, a right to object to processing, and a right to data portability and
to lodge a complaint in accordance with the requirements of data protection law.

Right to information:

You can request information from us as to whether and to what extent we process your data.

Right to rectification:

If we process your data that is incomplete or incorrect, you can request its rectification
or completion from us at any time.

Right to erasure:

You can request the erasure of your data from us if we process it unlawfully or if the
processing disproportionately interferes with your legitimate protection interests. Please note that there may be reasons
that prevent immediate erasure, e.g., in the case of legally regulated
retention obligations.

Regardless of the exercise of your right to erasure, we will delete your data immediately and completely,
unless there is a legal or contractual retention obligation to the contrary.

Right to restriction of processing:

You can request the restriction of the processing of your data from us if

you dispute the accuracy of the data, for a period that allows us to verify the accuracy of the data,
the processing of the data is unlawful, but you refuse erasure and instead request a restriction of data use,
we no longer need the data for the intended purpose, but you still need this data for the establishment, exercise, or defense of legal claims, or
you have objected to the processing of the data.

Right to data portability:

You can request that we provide you with your data that you have provided to us in a structured,
common, and machine-readable format and that you can transmit this data to another controller
without hindrance from us, provided that

we process this data based on your given and revocable consent or for the fulfillment of a contract between us, and
this processing is carried out by automated means.

If technically feasible, you can request that we directly transmit your data to another
controller.

Right to object:

If we process your data based on legitimate interest, you can object to this data processing at any time;
this would also apply to profiling based on these provisions.

We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the
processing that override your interests, rights, and freedoms, or the processing serves the
establishment, exercise, or defense of legal claims.

You can object to the processing of your data for direct marketing purposes at any time without giving reasons.

Right to lodge a complaint:

If you believe that we are violating German or European data protection law when processing your data,
we ask you to contact us to clarify any questions.

Of course, you also have the right to contact the supervisory authority responsible for you, the respective
State Office for Data Protection Supervision.

If you wish to assert any of the aforementioned rights against us, please contact our
data protection officer. In case of doubt, we may request additional information to confirm your identity.

Back to Table of Contents

6. Changes to this Privacy Policy

We reserve the right to change our privacy policies if this should become necessary due to new technologies.
Please ensure that you have the current version.

If fundamental changes are made to this privacy policy, we will announce them on our website.

Back to Table of Contents

7. Information obligations according to Art. 13 GDPR

The protection of your personal data is of particular concern to us. We therefore process your personal data
(hereinafter “data”) exclusively on the basis of legal provisions. With this privacy policy,
we want to inform you comprehensively about the processing of your data in our company and your data protection rights
and claims in the sense of Art. 13 of the European General Data Protection Regulation (EU GDPR).

7.1 Who is responsible for data processing and whom can you contact?

The controller is

The Quality Group GmbH
Werner-von-Siemens-Straße 8
25337 Elmshorn
Tel.: 0049 (0) 4121 830 31 00
E-mail: datenschutz@tqgg.de

The company’s data protection officer is

Nico Becker
Projekt 29 GmbH & Co. KG
Ostengasse 14
93047 Regensburg
E-mail: n.becker@projekt29.de
Tel.: 0941-2986930

7.2 What data is processed and from what sources does this data originate?

We process the data that we have received from you in the context of contract initiation or execution,
based on consents, or in the context of your application to us or your employment with us.

Personal data includes:

Your master/contact data, which for customers includes, for example, first and last name, address, contact data
(email address, telephone number), bank details.

For applicants and employees, this includes, for example, first and last name, address, contact data
(email address, telephone number, fax), date of birth, data from CVs and references, bank details,
religious affiliation, photographs.

For business partners, this includes, for example, the designation of their legal representatives, company name,
commercial register number, VAT identification number, company number, address, contact details of contact persons
(email address, telephone number, fax), bank details.

For influencers, this includes first and last name, email address, telephone number, bank details.

For journalists, this includes first and last name, email address, telephone number.

For competition participants, this includes first and last name, email address, social media account (Instagram, Facebook, TikTok).

In addition, we also process the following other personal data:

Information on the type and content of contract data, order data, sales and receipt data, customer and supplier history, and consulting documents,
Advertising and sales data,
Information from your electronic communication with us (e.g., IP address, login data),
other data that we have received from you in the course of our business relationship (e.g., in customer discussions),
data that we generate ourselves from master/contact data and other data, such as through customer needs and customer potential analyses,
the documentation of your consent declaration for receiving, e.g., newsletters,
photographs taken at events.

7.3 For what purposes and on what legal basis is the data processed?

We process your data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the
Federal Data Protection Act in their currently valid versions:

For the fulfillment of (pre-)contractual obligations (Art. 6 para. 1 lit. b GDPR):

The processing of your customer data takes place for contract processing online or via a common
supplier contractual relationship, for contract processing of your employment in our company.
The data is processed in particular during business initiation and during the execution of contracts with you.

For the fulfillment of legal obligations (Art. 6 para. 1 lit. c GDPR):

Processing of your data is necessary for the fulfillment of various legal obligations, e.g.,
from the German Commercial Code or the Tax Code.

For the protection of legitimate interests (Art. 6 para. 1 lit. f GDPR):

Based on a balancing of interests, data processing beyond the actual fulfillment of the contract may take place
to protect legitimate interests of us or third parties. Data processing to protect legitimate
interests occurs, for example, in the following cases:

Advertising or marketing,
Measures for business management and further development of services and products,
Maintaining a group-wide customer database to improve customer service,
in the context of legal prosecution,
Sending non-promotional information and press releases,
Video surveillance.

Within the scope of your consent (Art. 6 para. 1 lit. a GDPR):

If you have given us consent to process your data, e.g., for sending our newsletter,
publishing photos, competitions, etc.

7.4 Processing of personal data for advertising purposes

You can object to the use of your personal data for advertising purposes at any time, either generally or for individual
measures, without incurring any costs other than the transmission costs according to the basic rates.

Under the legal conditions of § 7 para. 3 UWG, we are entitled to use the email address that you provided
when concluding the contract for direct advertising for our own similar goods or services.

You will receive these product recommendations from us regardless of whether you have subscribed to a newsletter.

If you do not wish to receive such recommendations from us by email, you can object to the use of your address
for this purpose at any time, without incurring any costs other than the transmission costs according to the basic rates.
A notification in text form is sufficient for this. Of course, every email always contains an
unsubscribe link.

7.5 Who receives my data?

If we use a service provider in the sense of a processor, we remain responsible for the protection of your
data. All processors are contractually obliged to treat your data confidentially
and to process it only within the scope of service provision.

The processors commissioned by us receive your data if they need this data to fulfill their
respective services. These include, for example, IT service providers that we need for the operation and security of our
IT system, as well as advertising and address publishers for our own advertising campaigns.

Your data is processed in our customer database. The customer database supports the improvement of the
data quality of existing customer data (duplicate detection, labeling, address correction).

This data will be made available to the group companies, if necessary for contract processing.
Customer data is stored company-specific and separately, whereby individual participating companies
act as service providers.

In addition, we use service providers as so-called processors. Corresponding contracts in accordance with Art. 28 GDPR
have been concluded with these service providers, who process personal data on our behalf.

In the event of a legal obligation and in the context of legal prosecution, authorities and courts
as well as external auditors may be recipients of your data.

Furthermore, for the purpose of contract initiation and fulfillment, insurance companies, banks, credit agencies, and
service providers may be recipients of your data.

7.6 How long will my data be stored?

We process your data until the termination of the business relationship or until the expiry of the applicable legal
retention periods (e.g., from the German Commercial Code, the Tax Code, or the Working Hours Act); beyond that,
until the termination of any legal disputes in which the data is required as evidence.

7.7 Will personal data be transferred to a third country?

In principle, we do not transfer any data to a third country. A transfer only takes place in individual cases
on the basis of an adequacy decision by the European Commission, standard contractual clauses, appropriate
guarantees, or your explicit consent.

7.8 What data protection rights do I have?

Right to information:

You can request information from us as to whether and to what extent we process your data.

Right to rectification:

If we process your data that is incomplete or incorrect, you can request its rectification
or completion from us at any time.

Right to erasure:

Regardless of the exercise of your right to erasure, we will delete your data immediately and completely,
unless there is a legal or contractual retention obligation to the contrary.

Right to restriction of processing:

You can request the restriction of the processing of your data from us if

you dispute the accuracy of the data, for a period that allows us to verify the accuracy of the data,
the processing of the data is unlawful, but you refuse erasure and instead request a restriction of data use,
we no longer need the data for the intended purpose, but you still need this data for the establishment, exercise, or defense of legal claims, or
you have objected to the processing of the data.

Right to data portability:

we process this data based on your given and revocable consent or for the fulfillment of a contract between us, and
this processing is carried out by automated means.

If technically feasible, you can request that we directly transmit your data to another
controller.

Right to object:

If we process your data based on legitimate interest, you can object to this data processing at any time;
this would also apply to profiling based on these provisions.

You can object to the processing of your data for direct marketing purposes at any time without giving reasons.

Right to lodge a complaint:

If you believe that we are violating German or European data protection law when processing your data,
we ask you to contact us to clarify any questions.

Of course, you also have the right to contact the supervisory authority responsible for you, the respective
State Office for Data Protection Supervision.

If you wish to assert any of the aforementioned rights against us, please contact our
data protection officer. In case of doubt, we may request additional information to confirm your identity.

7.9 Am I obliged to provide data?

The processing of your data is necessary for the conclusion or fulfillment of your contract with us.
If you do not provide us with this data, we will generally have to refuse to conclude the contract
or will no longer be able to carry out an existing contract and consequently will have to terminate it.

However, you are not obliged to give consent for data processing regarding data that is not relevant for contract fulfillment
or not legally required.

Back to Table of Contents