Updates of the privacy statement
This privacy statement may be modified at a later date due to changes, e.g. legal provisions. You will find the latest version at www.sectorcert.com/datenschutz.
Privacy statement
Version : October 2019 (PDF)
Ihre Rechte
Right to information
You can request information about your personal data that we process in accordance with Art. 15 GDPR.
Right to object
You have the right to object, on grounds relationg to your particular situation, at any time to processing of your personal data which is based on point (f) of Article 6(1) GDPR. The controller will then no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, tights and freedoms of the data subject or for the establishment, exercise or defense of legal claims. The collection of data for the provision of the website and the storage of log files are absolutely necessary for the operation of the website.
Right to rectification
If the information concerning you is not (or no longer) accurate, you can request rectification in accordance with Art. 16 GDPR. If your data is incomplete, you can request that it be completed.
Right to erasure
You can request the erasure of your personal data in accordance with Art. 17 GDPR.
Right to restriction of processing
In accordance with Art. 18 GDPR, you have the right to request that the processing of your personal data be restricted.
Right to lodge a complaint
If you believe that the processing of your personal data violates data protection law, you have the right to lodge a complaint with a data protection supervisory authority of your choice in accordance with Art. 77 (1) GDPR. This also includes the data protection supervisory authority responsible for the controller:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Post box 200444, 40102 Düsseldorf
Phone:+49 211 38424-0
Fax:+49 221 38424-10
Email: poststelle@ldi.nrw.de https://www.ldi.nrw.de/kontakt/ihre-beschwerde
Right to data portability
In the event that the requirements of Art. 20 para. 1 GDPR are met, you have the right to have data that process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to third parties. The collection of data for the provision of the website and the storage of log files are absolutely necessary for the operation of the website. They are therefore not based on consent pusuant to Art. 6(1)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR, but are justified pursuant to Art. 6(1)(f) GDPR. The requirements of Art. 20 (1) GDPR are therefore not met in this respect.
Revocation
You also have the right to withdraw your consent to the processing of your personal data at any time, e.g. by sending an e-mail. The withdrawal of consent does not affect the lawfulness of processing based on the consent before its withdrawal.
General information
The EU General Data Protection Regulation (DSGVO), which has entered into force on 25 May 2018, is a European Union regulation harmonising the rules for the processing of personal data by private companies and public authorities in the EU. The aim is to ensure the protection of personal data within the EU as a whole. We at SECTOR Cert take the protection of your personal data very seriously. We process your personal data in accordance with the applicable legal requirements for the purposes listed below.
Purpose of processing
A certification is the confirmation that a person meets the requirements of a certification program. To issue a certificate and to document the certification requirements, for quality assurance measures and customer communication, the certification body ascertains, processes and stores personal data.
Legal bases
The legal basis for processing personal data results from:
• consent of data subject according to Art. 6 para. 1 lit. A)
DSGVO
• fulfillment of a contract according to Art. 6 para. 1 lit. B)
DSGVO
The categories of personal data and the retention periods result from the general requirements for bodies that certify persons (DIN EN ISO/IEC 17024) and from the respective certification standards DIN EN ISO 9712, DIN ISO 18436 and ISO 20807.
Responsible for data processing
SECTOR Cert – Gesellschaft für Zertifizierung GmbH
Am Turm 24, 53721 Siegburg, Germany
Phone: +49 2241 26682-00
Fax: +49 2241 26682-99
Data protection officer: Andreas Schmidt
E-mail: datenschutz
Commitment of employees
All internal and external employees of the certification body, i.e. examiners and technical experts are contractually obliged to comply with data protection regulations.
Personal data
Personal data is all information that belongs to an identifiable person (e.g. name, age, marital status, etc.). Even data without direct personal reference can be personal data if they can be used to refer to the associated persons (e.g. PC user ID).We store and process personal data of certificate holders and our contractual partners (contact persons of our customers and suppliers, audit officers, service providers and employees of our examination centres) in order to fulfil our corporate purpose.
Processing of personal data
Applicants
The processing of applicants data takes place on the legal basis of §26 Abs.1 BDSG. The application documents are stored for a period of 6 months in accordance with §21 AGG (German General Act on Equal Treatment) and then destroyed or deleted.
Authorization of examiners
The following personal data is ascertained and stored for the authorization of examiners:
- surname, forename
- date and place of birth for identification
- proof of qualification (e.g. certificates)
- language skills
- relevant work experience, including details of the relevant employers
- current employer
- proof of physical eligibility (e. g. evidence of satisfactory vision according to DIN EN ISO 9712)
The authorization documents are stored on a personal basis.
Authorization of technical experts
For the authorization of technical experts we require the following personal data:
- surname, forename
- date and place of birth for identification
- certificates
- proof of physical eligibility (e. g. visual acuity according to
DIN EN ISO 9712)
The data and authorization documents are stored on a personal basis.
Qualification examinations
When registering to take part in a qualification examination, the following personal data is ascertained, processed and stored:
- surname, first name, if applicable, birth name and date of birth to identify the participant
- employer confirmation of the participant's minimum industrial experience according to the respective certification program
- employer confirmation of physical eligibility (e. g. evidence of satisfactory vision according to DIN EN ISO 9712)
- if necessary, proof of qualification to check the admission requirements
The examination documents including the examination results and the documentation of the admission requirements are archived for each examination.
Certification
Certification application
When applying for certification, the following personal data is ascertained, processed and stored:
- the surname, first name, date and place of birth of the applicant
- photo for identification of the applicant according to DIN EN ISO 9712 clause 12
- private address of the applicant to contact him/her if the scope of the certification is restricted, if a certificate is suspended or if a certificate is withdrawn
- contact person of the employer (surname, first name)
- employer confirmation of experience according to the respective certification program
- employer confirmation of physical eligibility (e.g. evidence of satisfactory vision according to DIN EN ISO 9712 clause 7.4)
In the case of self-employed applicants or applicants without an employer, the following additional data is collected:
- proof of physical eligibility
- customer reference list with contact person or
- qualified employment certificate as proof of experience time for initial certification or continued activity for renewal and recertification (e.g. DIN ISO 18436)
- Surname, forename, e-mail address, telephone number and proof of qualification of referee (DIN EN ISO 9712)
After a certificate has been issued, the application documents and proofs are archived on a personal basis. The certificates of physical eligibility are destroyed in accordance with data protection regulations after they have been checked.
Certificate
The certificate contains the following personal data to identify the certificate holder:
- surname, first name, date and place of birth
- signature of the certified person
The certificate is archived on a personal basis.
Complaints
Complaints may be recorded on a personal basis, i.e. the complainant's surname and first name are processed and stored.
All complaints are checked internally and are not passed on to third parties. Upon completion of the appeal procedure, the records are made anonymously and stored by using an action number.
Appeals
Appeals are recorded on a personal basis, i.e. the surname and first name of the appellant are processed and stored.
When appeals are forwarded to third parties for verification, all personal data will be made anonymous. After the appeal procedure has been completed, objections are stored under and measure identification number.
Employer based certification
Within the scope of employer certification, we create personalized gradings. These include the surname, first name, address, date of birth and examination results of the participant. The gradings are archived on a personal basis.
Quality assurance measures and customer service
We process the contact details of the contact persons named on the certification applications to improve communication; to carry out customer surveys following the certification process and to remind you of the follow-up certification. The legal basis for the processing is the consent of the data subject (Art. 6 para. 1 lit. a GDPR; Section 7 para. 2 no. 2 UWG) as well as our legitimate interest in efficient contact and communication with you and in improving our services (Art. 6 para. 1 lit. f GDPR). The processing of data for this purpose is generally carried out until revoked (see section 11.2. of this privacy policy).
Newsletter
If you subscribe to our newsletter, we process your personal data in order to send you information by e-mail, in particular about our services and our company, as well as about innovations in the field of accredited certification. In addition to your consent, we process your name to address you personally and your e-mail address to send you the newsletter. We use the so called "double opt-in procedure" to subscribe to our newsletter. Therefore, after your registration, we will send you an e-mail to the e-mail address provided, in which we ask you to confirm that you are the authorized owner of the e-mail address provided and that you wish to receive the newsletter. After your confirmation, we will save your e-mail address for the purpose of sending you the newsletter. The processing of personal data when subscribing to our newsletter takes place on the legal basis of consent (Art. 6 para. 1 lit.a GDPR; Section 7 para. 2 no. 2 UWG). The data will be processed for this purpose until you withdraw your consent (see section 11.2. of this privacy policy), which you can declare, for example, by e-mail or by clicking on the unsubscribe link at the end of each newsletter.
Retention periods
Complaints and appeals are kept for 6 years. Application documents which do not result in a certificate will be archived up to 5 years after rejection of the application. All authorization documents, training, examination and certificate files are archived for 30 years as evidence in the customer's interest.
Forwarding and publication of personal data
In the context of qualification examinations, personal data is passed on to the authorized examiner for the purpose of conducting and evaluating the examination.During the certification process, personal data is transferred to a technical expert for the purpose of checking the certification requirements.The certificate data (name of the certificate holder, procedure, level and validity) can be queried in a validity check of certificates (ZertCheck) on our homepage. The employer also receives information as to whether a certificate must be renewed or recertified.
Personal data will not be transferred to third parties without the permission of the affected party, unless otherwise provided for by law.
Webpage
Webpage
Collection and processing of personal data
When visiting our websites, our web servers temporarily store the connection data of the requesting computer by default, the websites you visit on our website, the date and duration of your visit, the identification data of the browser and operating system type used and the website from which you visit us.
Further personal data such as your name, address, telephone number or e-mail address are not recorded unless you provide this information voluntarily, e.g. as part of a registration (see DSGVO Art. 6 Par. 1 lit. A) and B).
We use the personal data you provide exclusively for the purpose of technical administration of the websites and to fulfil your wishes and requirements, i.e. as a rule to process the contract concluded with you or to answer your enquiry.
Use of cookies
As a rule, we do not use cookies on our websites. Only in exceptional cases are so-called session cookies used, which store data for technical session control in the memory of your browser. These data are not personal.
Should we exceptionally also have to store personal data in a cookie, we will first obtain your explicit agreement in accordance with Art. 6 para. 1 lit. A) DSGVO. Furthermore, we would like to point out that browsers generally have functions for managing cookies.