This privacy statement may be modified at a later date due to changes, e.g. legal provisions. You will find the latest version at www.sectorcert.com/datenschutz.

Version : October 2019 (PDF)

Information, correction, blocking and deletion

According to DSGVO you have the right to information, correction, blocking and deletion of stored personal data at any time. If the retention periods of our certification programs or other legal, contractual, commercial or tax retention periods conflict with the deletion of your data, your data will be blocked instead of deleted.
Revocation
You also have the right to revoke your consent to the processing of your personal data.
Please contact us in the cases mentioned above.

Complaint

If you believe that we are not processing your personal data properly, you have the right to complain to the supervisory authority at any time in accordance with Art. 77 DSGVO:

Landesbeauftragte für Datenschutz und Informations-sicherheit Nordrhein-Westfalen
Post box 200444, 40102 Düsseldorf
Phone:+49 211 38424-0
Fax:+49 221 38424-10
Email: poststelle@ldi.nrw.de

The EU General Data Protection Regulation (DSGVO), which has entered into force on 25 May 2018, is a European Union regulation harmonising the rules for the processing of personal data by private companies and public authorities in the EU. The aim is to ensure the protection of personal data within the EU as a whole. We at SECTOR Cert take the protection of your personal data very seriously. We process your personal data in accordance with the applicable legal requirements for the purposes listed below.

A certification is the confirmation that a person meets the requirements of a certification program. To issue a certificate and to document the certification requirements, the certification body ascertains, processes and stores personal data.

The legal basis for processing personal data results from:

•    consent of data subject according to Art. 6 para. 1 lit. A)
DSGVO
•    fulfillment of a contract according to Art. 6 para. 1 lit. B)
DSGVO

The categories of personal data and the retention periods result from the general requirements for bodies that certify persons (DIN EN ISO/IEC 17024) and from the respective certification standards DIN EN ISO 9712, DIN ISO 18436 and ISO 20807.

SECTOR Cert – Gesellschaft für Zertifizierung GmbH
Am Turm 24, 53721 Siegburg, Germany
Phone:     +49 2241 26682-00
Fax:     +49 2241 26682-99
Data protection officer: Andreas Schmidt
E-mail: datenschutz

All internal and external employees of the certification body, i.e. examiners and technical experts are contractually obliged to comply with data protection regulations.

Personal data is all information that belongs to an identifiable person (e.g. name, age, marital status, etc.). Even data without direct personal reference can be personal data if they can be used to refer to the associated persons (e.g. PC user ID).We store and process personal data of certificate holders and our contractual partners (contact persons of our customers and suppliers, audit officers, service providers and employees of our examination centres) in order to fulfil our corporate purpose.

Applicants

The processing of applicants data takes place on the legal basis of §26 Abs.1 BDSG. The application documents are stored for a period of 6 months in accordance with §21 AGG (German General Act on Equal Treatment) and then destroyed or deleted.

Authorization of examiners

The following personal data is ascertained and stored for the authorization of examiners:
-    surname, forename
-    date and place of birth for identification
-    proof of qualification (e.g. certificates)
-    language skills
-    relevant work experience, including details of the relevant employers
-    current employer
-    proof of physical eligibility (e. g. evidence of satisfactory vision according to DIN EN ISO 9712)
The authorization documents are stored on a personal basis.

Authorization of technical experts

For the authorization of technical experts we require the following personal data:
-    surname, forename
-    date and place of birth for identification
-    certificates
-    proof of physical eligibility (e. g. visual acuity according to
DIN EN ISO 9712)
The data and authorization documents are stored on a personal basis.

Qualification examinations

When registering to take part in a qualification examination, the following personal data is ascertained, processed and stored:
-    surname, first name, if applicable, birth name and date of birth to identify the participant
-    employer confirmation of the participant's minimum industrial experience according to the respective certification program
-    employer confirmation of physical eligibility (e. g. evidence of satisfactory vision according to DIN EN ISO 9712)
-    if necessary, proof of qualification to check the admission requirements
The examination documents including the examination results and the documentation of the admission requirements are archived for each examination.

Certification

Certification application

When applying for certification, the following personal data is ascertained, processed and stored:
-    the surname, first name, date and place of birth of the applicant
-    photo for identification of the applicant according to DIN EN ISO 9712 clause 12
-    private address of the applicant to contact him/her if the scope of the certification is restricted, if a certificate is suspended or if a certificate is withdrawn
-    contact person of the employer (surname, first name)
-    employer confirmation of experience according to the respective certification program
-    employer confirmation of physical eligibility (e. g. evidence of satisfactory vision according to DIN EN ISO 9712 clause 7.4)
In the case of self-employed applicants, the following additional personal data is collected:
-    proof of physical eligibility (e. g. evidence of satisfactory vision  according to DIN EN ISO 9712 clause 7.4)
-    customer reference list with contact person
For applicants without an employer (job seekers), the following additional data is ascertained:
-    proof of physical eligibility (e. g. evidence of satisfactory vision according to DIN EN ISO 9712 para. 7.4)
-    confirmation of experience time by an independent party or qualified employment certificate as proof of experience time for initial certification or continued activity for renewal and recertification
After a certificate has been issued, the application documents and proofs are archived on a personal basis. The certificates of visual acuity are destroyed in accordance with data protection regulations after they have been checked.

Certificate

The certificate contains the following personal data to identify the certificate holder:
-    surname, first name, date and place of birth
-    signature of the certified person
The certificate is archived on a personal basis.

Complaints

Complaints may be recorded on a personal basis, i.e. the complainant's surname and first name are processed and stored.
All complaints are checked internally and are not passed on to third parties. Upon completion of the appeal procedure, the records are made anonymously and stored by using an action number.

Appeals

Appeals are recorded on a personal basis, i.e. the surname and first name of the appellant are processed and stored.
When appeals are forwarded to third parties for verification, all personal data will be made anonymous. After the appeal procedure has been completed, objections are stored under and measure identification number.

Employer based certification

Within the scope of employer certification, we create personalized gradings. These include the surname, first name, address, date of birth and examination results of the participant. The gradings are archived on a personal basis.

Complaints and appeals are kept for 6 years. Application documents which do not result in a certificate will be archived up to 5 years after rejection of the application. All authorization documents, training, examination and certificate files are archived for 30 years as evidence in the customer's interest.

In the context of qualification examinations, personal data is passed on to the authorized examiner for the purpose of conducting and evaluating the examination.During the certification process, personal data is transferred to a technical expert for the purpose of checking the certification requirements.The certificate data (name of the certificate holder, procedure, level and validity) can be queried in a validity check of certificates (ZertCheck) on our homepage. The employer also receives information as to whether a certificate must be renewed or recertified.
Personal data will not be transferred to third parties without the permission of the affected party, unless otherwise provided for by law.

Webpage

Collection and processing of personal data
When visiting our websites, our web servers temporarily store the connection data of the requesting computer by default, the websites you visit on our website, the date and duration of your visit, the identification data of the browser and operating system type used and the website from which you visit us.
Further personal data such as your name, address, telephone number or e-mail address are not recorded unless you provide this information voluntarily, e.g. as part of a registration (see DSGVO Art. 6 Par. 1 lit. A) and B).
We use the personal data you provide exclusively for the purpose of technical administration of the websites and to fulfil your wishes and requirements, i.e. as a rule to process the contract concluded with you or to answer your enquiry.

Use of cookies

As a rule, we do not use cookies on our websites. Only in exceptional cases are so-called session cookies used, which store data for technical session control in the memory of your browser. These data are not personal.
Should we exceptionally also have to store personal data in a cookie, we will first obtain your explicit agreement in accordance with Art. 6 para. 1 lit. A) DSGVO. Furthermore, we would like to point out that browsers generally have functions for managing cookies.