Privacy Policy

(Date: 20.12.2024)

1. WHO IS RESPONSIBLE FOR DATA PROCESSING AND WHO CAN I CONTACT?

1.1 QMD Services GmbH (“QMD Services“, “we“, “us“) is the controller within the meaning of Article 4 para 7 of the General Data Protection Regulation (“GDPR“).

1.2 You can reach us as follows:

QMD Services GmbH Headquarters
Zelinkagasse 10/3, 1010 Vienna, Austria
Phone: +43 1 533 0077
Office E-mail: Click to open email client and see the email.
Privacy E-mail: Click to open email client and see the email.

Quality Operations Office (under the management of the headquarters)
Am Winterhafen 1, 4020 Linz, Austria

1.3 The controller takes the protection of your personal data very seriously. The controller therefore treats your personal data confidentially and in accordance with the applicable data protection regulations, in particular the GDPR and the Austrian Data Protection Act in the current version (“DSG“).

1.4 In this privacy policy you will find information on the data processing activities carried out. The terms laid down in the GDPR are used accordingly. For better comprehensibility, you will find the most important terms according to their legal definition below:

Personal data: Any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Data subject: The person whose personal data is processed.
Controller: The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Processor: The natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Consent (of the data subject): Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2. FOR WHAT PURPOSES AND ON WHAT LEGAL BASIS IS YOUR PERSONAL DATA PROCESSED

2.1 Provision of the website
2.1.1 In order to make the website available to you and to be able to identify, prevent and investigate attacks on our website, QMD Services processes the following personal data on the basis of our aforementioned legitimate interests (Article 6 para 1 lit f GDPR) the URL; the date and time of the visit; the IP address of the computer or mobile device; the name and version of the web browser; the browser type and settings data (screen resolution, colour depth, time zone settings, browser extensions, fonts, language); the operating system; and the website (URL) from which you visit our website (“referrer”). The processing of this data is necessary to provide you with the website and its features.

2.2 Enquiry by website, e-mail, post or telephone
2.2.1 If you send an enquiry to QMD Services via the contact form on the website, by e-mail or by telephone, QMD Services processes the following personal data to answer the enquiry in order to fulfil pre-contractual measures or to fulfil the contract (Article 6 para 1 lit b GDPR) or on the basis of our legitimate interests in being able to process your enquiry (Article 6 para 1 lit f GDPR): Title, name; e-mail address; address; telephone number; company-related data (website, size-related details, VAT and SRN number), details of the requested certification as well as the applicant, further content of the request; other information you provide to us voluntarily; personal information about our services and products. The processing of certain minimum data, such as e-mail address, is necessary to handle your enquiry.

2.3 Services and products offered by QMD Services (incl. customer support and handling)
2.3.1 In the context of our services and products in the areas of certification / declaration of conformity of medical devices, we process (i) personal data that you provide to us, (ii) personal data that our customers as principals of our services and products provide to us and (iii) personal data that we collect ourselves in the course of providing the services and products. For the aforementioned purposes, we process title, name; e-mail address; address; telephone number; company-related data (website, size-related information, VAT and SRN number), details of the requested certification and the applicant, further content of the request; other information that you voluntarily provide to us as part of the certification / declaration of conformity of the respective product. Without the processing of the aforementioned data, we cannot offer the services and products and cannot manage ongoing customer relationships. The legal basis for this processing is the implementation of pre-contractual measures or the fulfilment of the contract (Article 6 para 1 lit b GDPR).

2.4 Marketing communication, newsletter, event participation

2.4.1 We send our customers electronic communications (by e-mail, SMS, MMS or Messenger) to advertise our products or services (“promotional messages“). For this purpose, we process your name, contact details and other information that you provide to us voluntarily in connection with the receipt of promotional messages. The customer can object to the sending of promotional messages at any time by sending an email with the objection. We will also give you the opportunity to opt out of receiving further promotional messages with each promotional message. The legal basis for the sending of promotional messages is Section 174 para 4 Telecommunications Act 2021.

2.4.2 We will send you postal letters with advertising communication on the basis of our legitimate interests in advertising products or services of interest to you (Article 6 para 1 lit f GDPR). For this purpose, we process your name, contact details and other information that you provide to us voluntarily in connection with the receipt of advertising communication. You can exercise your right to object to postal advertising communication by sending an email.

2.4.3 If you voluntarily provide us with your contact details and other data provided by you for the purpose of sending newsletters, participating in events or other information transmissions, we process your data on the basis of your consent (Article 6 para 1 lit a GDPR). You can revoke your consent at any time by sending an email.

2.5 Legal Prosecution

2.5.1 If an administrative or judicial dispute arises, the personal data necessary for the appropriate legal prosecution will be processed and, if necessary, transmitted to legal representatives, courts and/or administrative authorities. In this context, your contact details (first and last name, academic title, address) and other data in connection with the legal dispute in question (your behaviour in relation to the use of the website) will be processed. The aforementioned personal data is processed on the basis of our legitimate legal interests in legal prosecution pursuant to Article 6 para 1 lit f GDPR and pursuant to Article 9 para 2 lit f GDPR.

3. TO WHICH RECIPIENTS WILL YOUR PERSONAL DATA BE TRANSMITTED?
3.1 We transmit your personal data to our co-operation partners of the relevant services and products to the extent necessary to process your enquiry or to provide the requested services and products. When booking co-operation products that are identified as such, the personal data will be passed on to the respective partners.

3.2 We use processors pursuant to Article 28 GDPR who perform services on our behalf. The processors may only process the data provided to them in accordance with our instructions and to the extent necessary to perform services for us. We contractually oblige these processors to guarantee the confidentiality and security of the personal data processed within the scope of the order. For the purpose of providing the requested services and products, QMD Services will forward the data on to the external auditors, trainers, assessors and technical experts employed by it, who also act as processors of QMD Services. In addition, QMD Services uses external IT service providers.

3.3 Due to legal requirements, QMD Services is obliged to provide the accreditation and licensing bodies with information about the services and/or to grant access to them upon request. The accreditation and licensing bodies may also participate in on-site audits. In the course of this, personal data may also be passed on to the accreditation and licensing bodies. In addition, QMD Services may transmit personal data to other recipients (such as authorities) in order to fulfil statutory reporting obligations.

3.4 The level of data protection in other countries outside the EEA may not be the same as within the EEA. However, we only transfer your personal data to countries for which the European Commission has decided that they have an adequate level of data protection, or we take measures in accordance with Chapter V GDPR to ensure that all recipients in third countries guarantee an adequate level of data protection. For example, we conclude the standard contractual clauses issued by the European Commission with these recipients.

4. HOW LONG WILL YOUR PERSONAL DATA BE STORED?
4.1 Your personal data will only be stored for as long as necessary to fulfil the respective purpose.

4.2 Notwithstanding point 4.1, QMD Services will store your data for longer if and insofar as this is necessary to fulfil statutory retention obligations (pursuant to Section 132 para 1 BAO; Sections 190, 212 UGB: 7 years) or to pursue or defend legal claims (generally for a maximum period of 3 years), whereby longer processing of the data may be necessary in the event of imminent or pending proceedings.

4.3 Application documents, audit and assessment reports as well as other documents related to certification are generally stored for a period of 10 years in accordance with Section 12 para 8 of the Accreditation Act 2012, unless normative or legal requirements require longer storage. In order to pursue or defend against legal claims, the aforementioned documents are generally processed for a maximum of 3 years, whereby longer processing of the data may be necessary in the event of imminent or pending proceedings. In addition, the storage of data may be necessary to comply with retention obligations under the Medical Devices Regulation (see Article 10 Medical Devices Regulation) for a period of 10 years, or 15 years in the case of implantable products, from the date the last product was placed on the market.

4.4 If the data processing is based on your consent, QMD Services will process your data until your withdrawal of consent. The withdrawal can be made at any time by sending an email to the email address provided at 1.3. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

5. WHAT RIGHTS DO YOU HAVE?
5.1 You have the right of access under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to object under Article 21 GDPR, the right not to be subject to automated individual decision-making, including profiling, under Article 22 GDPR and the right to data portability under Article 20 GDPR. In addition, you have the right to lodge a complaint with a competent data protection supervisory authority in accordance with Article 77 GDPR. You can find more information about your rights at: https://www.dsb.gv.at/rechte-der-betroffenen.

5.2 The competent supervisory authority is the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna (https://www.dsb.gv.at/).

5.3 If you have any questions in connection with the processing of your personal data or wish to assert any rights under the GDPR, such as your right to erasure or your right of access, please contact QMD Services as described above in point 1.3.

6. COOKIES
6.1 Cookies are small files stored on your computer when visiting a website. Usually, cookies are used to give visitors additional functions on a website. For instance, cookies facilitate the navigation on a website, and help to remember information about your visit, such as your preferences and settings once you return to the website. Cookies cannot access, read or change any other data or information on your computer.

6.2 If you want to control cookies on your computer, you can change your browser settings so that you will be notified whenever a website wants to store cookies. You can also block or delete cookies if they are already stored on your computer. If you want to get further information on how to manage your cookie settings, please go to the “Help” function in your browser. Please keep in mind that blocking or deleting cookies may affect your online experience.

7. ANALYTICS

You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.