Who is QMD Services GmbH?

QMD Services is an organisation founded in 2018 with the aim to become Conformity Assessment Body according to Regulation (EU) 2017/745 (MDR) and 2017/746 (IVDR).

Who is responsible for data processing, and whom can I contact?

QMD Services GmbH
1010 Vienna, Austria
Tel: +43 1 533 0077
E-Mail: datenschutz(at)qmdservices.com

What sources and data do we use?

When providing our services, we process personal data that the customer (the party ordering the QMD Services service, including its contact person, or a person participating in a service) makes available to us just as much as data that we acquire ourselves when providing the services (e.g. in the course of conformity assessment activities and audits). As a rule, QMD Services cannot provide the desired services without this data.
Relevant personal data includes particulars (e.g. name, address and other contact data), legitimization data, contract data (e.g. audit documentation, personal data includied in technical documentation, documentation of events, data about Certificates, accounting data, bank data).

 What do we process your data for (purpose of data processing)? And on what legal basis?

The personal data that we acquire on the occasion of the QMD Services services will be processed for purposes of performing conformity assessment activities according to the contracts and our Terms and Conditions as well as for the required documentation in conformity to requirements (above all Regulation (EU) 2017/745 (MDR) and 2017/746 (IVDR) and ISO/IEC 17021, as relevant), for bookkeeping and accounting, for establishing and defending legal claims as well as for Customer Relationship Management, including drawing up of offers for further QMD Services services (e.g. surveillance, re-certifications, events). The legal basis for these types of processing is formed by Art. 6 (1) lit. b of the General Data Protection Regulation (GDPR) (performance of a contract and steps prior to entering into a contract) (as far as the person concerned is a contracting party himself or herself) and Art. 6 (1) lit. f of the GDPR (legitimate interests in the provision of the agreed QMD Services services) and Art. 9 (2) lit. f of the GDPR (establishment, exercise or defence of legal claims). Partly processing also is prescribed by law (e.g. fiscal rules, bookkeeping and accounting; Regulation (EU) 2017/745 (MDR) and 2017/746 (IVDR), legal requirements placed by the Accreditation Act).

For maintaining our legitimate interests in direct advertising for our range of services, we use the customer’s personal data (name, title, address, contact data, details of the order, past orders) for our own advertising and marketing purposes in order to send the customer information and advertisements about their services and products, news and other customer information that might be interesting for the customer as long as the customer has not objected to processing for purposes of direct advertising.

If you have given us a consent to our processing personal data for definite purposes (e.g. participation in events, passing on of information), the lawfulness of this processing will be given on the basis of your consent. Consent that has been given can be revoked, at any time. This also applies to the revocation of declarations of consent that were made before the GDPR entered into force.

 Who will receive my data?

Within QMD Services, only Departments and Divisions that need your data for fulfilling the contractual and legal obligations or for processing due to legitimate interest will be granted access to your data.

It is for purposes of providing the service desired by the customer that QMD Services will pass data on to the external QMD Services auditors, reviewers, clinical speciialists or other experts acting as QMD Services contract processors. Moreover, QMD Services avails of services provided by external IT providers.

Based on normative and EU regulation requirements, QMD Services shall further be obliged to make information on the QMD Services services available to the Designating Authority, Accreditation and Certification Bodies and/or grant these bodies access upon their request. In this process, it also is personal data that may be passed on to the Designating Authority, Accreditation and Certification Bodies. Furthermore, QMD Services may transmit personal data to additional recipients (e.g. public authorities) in order to fulfil legal reporting duties.


Is data transmitted into a third country or to an international organization?

Data will be transmitted into countries outside the European Union to the extent as this is necessary for QMD Services carrying out the orders (e.g. if the customer is based in a third country), prescribed by law or you have given an explicit consent.

 How long will my data be saved?

The data will be saved for the period in which this is necessary for enabling QMD Services to fulfil its contractual and legal obligations. Master data about the customer (including organs that have general powers of representation and contact persons at the customer’s) as well as the order history will be archived until the end of the business relationship and, beyond this, until the expiration of the warranty periods, limitation periods and legal retention periods. Application documents, coformity assessment reports as well as other documents relating to certification and conformity assessment will basically be retained for 15 years as far as normative or legal requirements do not require a longer retention period. Civil-law limitation periods can, in the single case, amount to up to 30 years.

 What data protection rights do I have?

Acc. to the General Data Protection Regulation (GDPR), each person concerned shall have the right to be informed of the personal data that we process about him or her as well as the rights to rectification, to erasure, to restriction of processing and to data portability. Furthermore, persons concerned can, for reasons resulting from their special situation, object to our processing of personal data that refer to them for the future on the basis of a legitimate interest, at any time. Moreover, they can, at any time, object to future use of their personal data for purposes of direct advertising free of charge and without giving reasons. If you object to processing for purposes of direct advertising, we will thus no longer use your personal data for these purposes.
Besides, there is a right to lodge a complaint with the competent data protection authority. A consent that has been given can be revoked, at any time.

For exercising their rights as persons concerned and in case of questions about data protection guaranteed by QMD Services, persons concerned can contact datenschutz(at)qmdservices.com.


To what extent are decisions taken in an automated manner?

Not at all!

 Does profiling take place?

In order to be capable of specifically informing and consulting you in terms of products, we may use evaluation tools. These tools enable needs-oriented communication and advertising, including market and opinion research. You can object to profiling used for direct advertising, at any time.

 Is the user behaviour on the website analyzed?

Acc. to the EU Cookie Policy, we would like to point out to you that our website uses cookies. Cookies are small text files that will be stored on your hard disk at the visit of our website. In this respect, a distinction can be made between the following types of cookies:

(a) ”Session Cookies”, which will , depending on the setting of your browser program, automatically be erased again when the browser operations are finished
(b) “Permanent Cookies”, which are provided with an expiration period and will persist when the browser operations are finished

In order to prevent the hint at the use of cookies being displayed after OK has been pressed at each visit of the website, a “Permanent Cookie”, ”cb-enabled”, will be saved for the period of 365 days.

On our website, we also use so-called “Session-Cookies” in order to make it easier for you to use our websites and guarantee fundamental functions of the websites.

These cookies will not call any information about you that is saved on your hard disk and will not impair your PC or your files. Most browsers have been set as to accept cookies automatically. However, you can deactivate saving of cookies or set your browser as to make sure that it hints you at cookies being sent.

You can erase cookies that already are on your computer, at any time. The way to do this depends on the browser. Please have a look at the instructions for your browser (at “Help” in the browser menu).

Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Consent to display content from Youtube
Consent to display content from Vimeo
Google Maps
Consent to display content from Google
Consent to display content from Spotify
Sound Cloud
Consent to display content from Sound