QN Europe Deutschland GmbH
D-64625 Bensheim • Germany
Phone: +49 (6251) 98916-40
II. Scope and Supplement
This Policy applies to QN Europe, and any affiliated branches, offices and business units. QN Europe is the “Controller” for the processing of personal data. This Policy covers all forms of processing of personal data. It describes how QN Europe collects, processes, uses, and shares personal data obtained directly from the user, customer, supplier, business partner, or other, or obtained indirectly from other sources. It applies to the processing of personal data obtained through any channel of communication or by any means, including but not limited to email, file transfer, feeding personal data into applications and tools, websites or mobile apps, social media pages and platforms. It shall apply to products, services, and applications that reference this Privacy.
This Policy may be supplemented by specific data protection and privacy notices and statements that relate to specific forms or purposes of data processing, e.g. Cookies. Anonymized data (non-personal data), e.g. for statistical evaluations or studies, is not subject to this Policy.
III. Application of national laws
While the GDPR is applicable throughout the European Union (“EU”) and the European Economic Area (“EEA”) there may be laws and regulations in some countries which specify further data protection requirements, in particular conditions for lawful data processing. If so, it has to be verified on a case-to-case basis whether this Policy can prevail over such laws.
IV. Glossary and definitions
A glossary of specified privacy terms and definitions is attached at the end of this Policy.
V. Personal Data we process, Purposes and Legal Basis
This section of our Policy describes what personal data we collect and process and for what purposes and on what legal basis. The amount of personal data we process depends on the context and circumstances of your interaction with us.
- Handling orders and fulfilling contractual obligations
When you place orders to purchase goods or services from us, or if you request information about products and services prior to placing an order, or if you request support regarding the product or services you have ordered, we will process personal data that is necessary to inform you about products or services, to negotiate and execute a contract and to fulfill any contractual obligations, and to exercise our rights under the contract. This also includes advisory services under the contract if this is related to the contractual purpose. Prior to the conclusion of a contract personal data can be processed to prepare bids or tenders or to fulfill other requests of the prospect that relate to contract conclusion.
For this purpose we process personal details (including name, title, email, telephone, postal address, shipping and billing address), order and customer information (including goods and services ordered and provided, instructions regarding the order, customer activities and interests and order history), financial information (including invoice data, preferred payment options, term of payment, bank account and credit card information).
As far as you are a business partner or independent representative of QN Europe we will process your personal data to create your business account and allow you to use our sales and distribution network and to sell goods or services to individuals (end users), and for delivering goods and services you have requested. We may also use your personal data to contact you and advise you in the context of our business relation with you.
The legal basis for processing such personal data for the purpose of handling orders and fulfilling contractual obligations and exercising contractual rights is Article 6 (1) b) GDPR (contractual necessity). The legal basis for processing personal data for the purposes of understanding customer or business partner activities and interests and to analyze customer or business partner activities including the order history is Article 6 (1) f) GDPR (legitimate interests). The legal basis for processing and keeping personal data for the purpose of complying with record keeping obligations (including commercial accounting standards and tax and fiscal retention obligations) is Article 6 (1) c) GDPR (legal obligation).
- Browsing or registering on our websites, social media pages or platforms
Not all of our websites will employ Cookies and tracking technology that collect personal data. Depending on the Cookies and tracking technologies in use, we collect information about your online browsing behavior on our websites, social media page or platform, including the full Uniform Resource Locators (URL) clickstream to, through and from our website (including date and time), and information how react to adverts and offers (products and / or content you viewed or searched for, page response times, errors, length of visits to certain pages, page interaction). We may also collect information about the device you have used to access our websites, social media pages or platforms, (including device model and operating system, browser type, IP-address, mobile device identifiers and the geographic location from where you access our websites).
When you register on one of our websites, social media pages or platforms we will additionally process personal details(including name, title, email, telephone), and account details (including username, password, login-/logoff data, e-mail address, ), except where registration under an alias or pseudonym is permitted. The legal basis for processing information about online browsing behavior, if it contains personal data, is Article 6 (1) a) GDPR (consent), if we ask you to provide consent and to agree to the processing of your personal data. Specific other provisions in laws relating to data processing in an online context may require your consent as well. Under some circumstances e.g. when we process a limited amount of personal data which, by type and nature does not significantly affect your rights and freedoms, the legal basis for processing your personal data in the context of your browsing or registering on our websites, social media pages or platforms is Article 6 (1) f) GDPR (legitimate interests).
- Communication, marketing, taking part in promotions, events and feedback
When you contact us for any sort of inquiry or request, we will process your personal details (including name, title, email address, telephone, other contact information), as far as this is necessary to deal with your inquiry or request and to respond to.
When you have purchased goods or services from us, or if you have indicated to us that you are interested in certain goods or services, we may process your personal details (including name, title, email address, telephone, other contact information) to contact you and to send you information about our or our business partners’ goods and services, new developments, special offers and opportunities.
When you take part in promotions or events hosted or sponsored by us, we will process your personal details (including name, title, email address, telephone, and other contact information) to manage your participation in the promotion or event, to provide you with information about our or our business partners’ goods and services, new developments, special offers and opportunities. We will also process your personal details to ask for your feedback regarding the promotion or event, your satisfaction with our or our business partners’ goods or services and performance. We may also ask you for contributions to improve and enhance our goods and services and our collaboration with our business partners.
The legal basis for processing personal data for the purpose of communicating with you and answering questions or suggestions of any kind is Article 6 (1) b) DSGVO (contractual necessity), insofar as this is done in the context of preparing or enabling the conclusion of a contract or answering questions and processing suggestions. Insofar as personal data is processed for the purpose of communicating with you on other matters, the legal basis is Article 6 (1) f) of the GDPR (legitimate interests), or your consent pursuant to Article 6 (1) f) of the GDPR. 1 a) DSGVO.
If we process personal data in order to contact you and send you information about our goods and services or those of our business partners, or about new technological developments, special offers and business opportunities, the legal basis is Article 6 (1) a) DSGVO (consent). In this case, we will ask you to give your consent. In certain circumstances, e.g. where we process only a limited amount of personal data, the nature and content of which does not substantially affect your rights and freedoms, this is permissible under Article 6 (1) f) of the GDPR on the legal basis of our legitimate interest in contacting you and providing you with offers and information about our goods and services or those of our business partners.
If we process personal data to manage your participation in a promotion or event, or to inform you about our goods and services or those of our business partners, or about new technological developments, special offers and business opportunities, or to ask for your feedback, the legal basis is Article 6 (1) a) of the GDPR (consent) if we ask for your permission and you consent to the processing of your personal data for this purpose. In certain circumstances, e.g. if we only process a limited amount of personal data, the processing of which does not substantially affect your rights and freedoms by its nature and content, the legal basis for processing your personal data is Article 6 (1) f) DSGVO (legitimate interests).
- Legal obligations and compliance
Some laws and regulations may require the collection and processing of personal data (e.g. tax laws, commercial laws, trade and export compliance regulations, customs codes, anti-money-laundering laws, other compliance obligations). Where such legal obligations are based on EU or EU Member State laws and regulations, the legal basis for processing personal data is Article 6 (1) c) GDPR. Where such legal obligations are based on laws and regulations of third countries (non-EU), compliance with these legal obligations may represent a legitimate interest. If so, the legal basis for processing personal data is Article 6 (1) f) GDPR. The latter applies also to the processing of personal data for the purpose of ensuring compliance with our policies, codes of conduct and regulations.
- Recruitment and application
When we recruit employees, we process the personal data that you provide as part of your application. Data processing for the purpose of recruitment and carrying out the application process includes general personal data (including name, title, e-mail address, telephone and postal address) and information on curriculum vitae and qualifications (including degree, higher education qualification, training certificates, further education certificates, references and skills). After the completion of an application process, we may continue to process (store) applicants’ personal data for a certain period of time if this is necessary to ensure that we can exercise any rights to which we are entitled or defend against unjustified claims in the application or recruitment process.
The legal basis for the processing of personal data for the purpose of carrying out the application procedure, for recruitment and for processing applications is Article 6 (1) (b) of the GDPR (contractual necessity), insofar as the processing of data is necessary for the examination and evaluation of applications and for the selection of applicants and the implementation of the employment relationship, or in order to be able to exercise rights or defend against unjustified claims in the context of the application procedure.
If you apply for a job with us via a careers site, recruitment platform or job portal, or if you respond to a job advert, further and more specific privacy information will usually be provided to you on the careers site, recruitment platform, or job portal.
VI. Personal Data of Children
QN Europe’s business is focused on adult customers and business partners. Therefore, we do not intentionally or intentionally process personal data of children. While users of all ages may navigate our websites, social media pages or platforms, they are not directed at children. If, after notification by a parent or guardian or discovery by other means, we discover that a child under the age of 16 has been registered on one of our websites, social media pages or platforms, we will delete the account and registration, and with it any personal data about the child, unless it is still needed for legal reasons or to enforce or defend claims.
VII. Sharing Personal Data with Third Parties and Service Providers
Not all of your personal data will be processed by QN Europe itself. In some cases, we use service providers and vendors (“Processors”) who process personal data on our behalf and according to our instructions. Such processors may be other companies or affiliates of QN Europe. Such outsourcing of data processing shall be carried out in accordance with a process that ensures compliance with data protection and due diligence obligations and on the basis of a corresponding contract for the processing of personal data on behalf.
Where we use service providers and vendors as processors to process personal data on our behalf, your personal data may be shared with the following categories of recipients:
IT service providers, application service providers, internet service providers, platform, website or hosting service providers, data disposal companies, marketing agencies, market research agencies, advertising partners, order and account management service providers, payment service providers, logistics service providers, customer support service providers (hotline, customer service).
Apart from sharing personal data with service providers and vendors, it may be necessary to share your personal data with third parties because it is required by law or there is a legitimate interest to ensure compliance with policies and regulations, or to facilitate business cooperation. In such cases, your personal data may be shared with the following categories of recipients:
Authorities and administrations, law enforcement and anti-fraud agencies, courts, lawyers, tax advisors, accounting firms, credit bureaus, payment card and insurance companies, manufacturers, resellers and retailers.
If you use our websites, social media pages or platforms and choose to link your social media accounts to us, or if you are logged into your social media account, your personal data may be shared with the operators of those social media pages and platforms.
If we sell or buy a business or assets, or transfer a division of our business to a new owner, we will disclose your personal information to the prospective seller or buyer of such business or assets who acquires our assets or to whom the business is transferred.
We may also share anonymous or aggregated information with third parties, affiliated or unaffiliated with us. While this information will not identify you personally, even to the extent that this information does not contain personal data, in some cases it may be possible for recipients to combine this aggregate information with other data they already have about you or that has been collected from you and thus establish a personal link. When we share such information with third parties, we take steps to ensure that they have appropriate safeguards in place to protect your information.
VIII. Storing periods for Personal Data
Generally, we do not retain personal data for longer than is necessary to pursue or achieve the purposes for which the personal data is processed. In most cases, however, personal data are processed for more than one purpose. If, for example, the data processing takes place in the context of a purchase, we process personal data for the purpose of taking and processing your order, for the delivery of the goods or services, for invoicing and payment and for subsequent customer support. However, as a business, we are also subject to retention and record-keeping obligations and must comply with tax and commercial laws that require us to retain certain documents and files that may contain personal data for longer periods of time.
If we process personal data for the purpose of processing orders and fulfilling contractual obligations, we will retain your personal data for as long as you have a customer or business relationship with us. Personal data contained in documents or files subject to tax laws are kept for 10 years (unless legal provisions or pending legal disputes or tax proceedings require a longer retention period); personal data contained in documents or files serving business or commercial purposes are generally kept for 6 years (unless legal provisions or pending legal disputes require a longer retention period).
Where we process personal data for communication, marketing, promotion, event and feedback purposes, we will retain the data for as long as we need to communicate with you or for as long as we have a legitimate interest in providing you with business, product and service information or marketing, event and promotional material, unless you have objected to the processing of your personal data for such purposes.
Where we process personal data for the purpose of complying with laws and regulations that impose legal obligations on QN Europe, we will retain personal data for as long as required by law.
When we process personal data for the purpose of recruitment and carrying out the application process, we keep personal data until we have reviewed and assessed applications, selected applicants, negotiated employment contracts and carried out the employment relationship. Thereafter, we continue to retain personal data to the extent required by relevant retention obligations or to the extent that we needed the data to exercise rights or defend ourselves against claims in the context of the application process or the employment relationship. If an application is successful, your personal data will be retained – insofar as this is necessary for the performance of the employment contract – for as long as you are employed by QN Europe and, after termination of your employment, for as long as this is necessary for the fulfilment of the retention obligations. If your application is unsuccessful, we will store your personal data for up to six months to protect ourselves against potential claims and lawsuits.
If your application is unsuccessful but you have consented to us retaining your personal data for future vacancies, we will retain your personal data for up to two years unless otherwise stated in a job advert or on our career pages, recruitment platforms or job portals.
IX. Transfers of Personal Data to Third Countries
In some cases, it may be necessary to transfer personal data to recipients in other countries. This may be the case if certain information, which may contain personal data, has to be passed on to our affiliated companies and group companies or in the context of international cooperation with our business partners or if orders are processed, managed and sent internationally. If and to the extent that we use the services of processors, we may also transfer your personal data to processors in other countries. Where such transfers involve recipients in countries outside the EU or EEA (“third countries”), we will ensure that the transfers are made in accordance with the applicable data protection laws governing the transfer of personal data outside the EU or EEA. In this respect, we will take the appropriate data protection measures and security precautions necessary to ensure an adequate level of data protection.
X. Your rights in relation to your personal data
Under the relevant provisions of the GDPR, you have the following rights in relation to your personal data:
- Right of access (Article 15 of the GDPR):
You can request information from us at any time about the data we store about you. This information concerns, among other things, the categories of data we process, the purposes for which we process them, the origin of the data if we have not collected it directly from you and, if applicable, the recipients to whom we have transmitted your data. You may receive one free copy of your data from us. Should you be interested in further copies, we reserve the right to charge you for the further copies.
- Right to rectification (Art. 16 DS-GVO):
If you believe that your data is incorrect, you can request that we correct your data.
- Right to erasure (Art. 17 DS-GVO):
You can request us to delete your data if the legal requirements for this are met. This may be the case, for example, if the data is no longer necessary for the purposes for which it was collected or otherwise processed, or if you withdraw your consent which is the basis for the data processing and there is no other legal basis for the processing, or you object to the processing of your data and there are no overriding legitimate interests for the processing of the data, or you object to the processing of data for direct marketing purposes, or the data was processed unlawfully.
- Right to restriction of processing (Art. 18 DS-GVO):
You may request us to restrict the processing of your data if you dispute the accuracy of the data and we need time to verify the accuracy of the data, or if the processing is unlawful and you object to the erasure of your data and request the restriction of its use instead, or if we no longer need your data but you need it to assert, exercise or defend legal claims, or you have objected to the processing but it is not yet clear whether our legitimate grounds override yours.
- Right to data portability (Art. 20 DS-GVO):
You can request that we provide you with a copy of your data – insofar as this is technically possible – or transfer it to another person responsible.
- Right to object (Art. 21 DS-GVO):
You can object to the processing of your data for reasons arising from your particular situation at any time, provided that the data processing is based on your consent or on our legitimate interests or those of a third party. In this case, we will no longer process your data. The latter does not apply if we can demonstrate compelling legitimate grounds for the processing which override your interests or if we need your data to assert, exercise or defend legal claims.
- Right to complain to the data protection supervisory authority
You have the right to lodge a complaint with the competent data protection authority if you believe that we have not processed your personal data properly or lawfully or if you believe that we have not dealt with your requests appropriately. The competent data protection supervisory authority to which the complaint can be submitted is the one competent for the place of your habitual residence or place of work, or the one competent for the place where the alleged data protection breach occurred.
If you have filed a complaint, the data protection supervisory authority will inform you about the progress of the procedure and the outcome of the complaint. The competent data protection authority at the registered office of QN EUROPE Sales & Marketing Ltd. is:
Canal House, Station Road
Portarlington, Co. Laois, R32 AP23
Phone: +353 (0761) 104 800
Fax +353 57 868 4757
XI. How to contact us on the subject of data protection
If you have any questions about this policy or about the protection of your personal data, please contact:
oder senden Sie Ihre Anfrage an: QN Europe Sales & Marketing Ltd, Core B, Block 71, The Plaza, Park West, 12 Dublin, Irland.
XII. Responsible for data processing
Unless otherwise stated, QN Europe Sales & Marketing Ltd, Core B, Block 71, The Plaza, Park West, Dublin, Ireland, is the controller within the meaning of Article 4(7) of the GDPR of your personal data. It determines the purposes and means of processing your personal data and is responsible for compliance with applicable data protection laws and regulations and the requirements of this policy.
XIII Amendments to this Directive
We reserve the right to change this policy at any time. We encourage you to periodically review this policy for updates and information about our privacy practices.
Version history of the policy:
Valid from 25 May 2018
Last revision: October 2018
Appendix: Glossary and Definitions
Accountability means that controllers are responsible for and can demonstrate compliance with the GDPR. This requires that the controller takes appropriate technical and organisational measures to ensure that data processing can be carried out and demonstrated in accordance with the GDPR and update these measures as necessary.
Responsible means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its appointment may be determined by Union or Member State law.
A contract for the processing of personal data is a contract that forms part of the framework agreement between a controller and a processor to reflect the parties’ agreement regarding the processing of personal data in accordance with the requirements of the data protection laws.
Data protection impact assessment is the process of assessing the particular likelihood and severity of the high risk to the rights and freedoms of data subjects, taking into account the nature, scope, context and purposes of the processing and the sources of the risk; An impact assessment should in particular include the measures, safeguards and mechanisms envisaged to mitigate that risk, ensure the protection of personal data and demonstrate compliance with the GDPR.
Person concerned means an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors relevant to the physical, physiological, specific factors.
GDPR is the EU General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC).
International organisation means an organisation and its subsidiary bodies governed by international law or any other organisation established by or under an agreement between two or more countries.
Personal data means any information relating to (i) an identified or identifiable natural person and (ii) an identified or identifiable legal person (provided that such information is protected similarly to personal data or personal data under applicable data protection laws and regulations).
Breach of personal data protection is a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed.
Processing means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use. Disclosure by sharing, distributing or otherwise making available, alignment or combination, restriction, deletion or destruction.
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.
Profiling means any form of automated processing of personal data which consists of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects of that natural person’s work performance, economic situation, health and personal preferences , interests, reliability, behaviour, location or movements.
Pseudonymisation means that personal data are processed in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that this additional information is kept separate and is subject to technical and organisational measures to ensure the security that the personal data are not attributed to an identified or identifiable natural person.
Recipientmeans a natural or legal person, public authority, agency or other body to whom the personal data is disclosed, whether or not a third party does so. However, authorities that may receive personal data in the context of a specific investigation in accordance with Union or Member State law shall not be considered as recipients. The processing of such data by those authorities shall be carried out in accordance with the applicable data protection rules, in accordance with the purpose of the processing.
Special categories of personal data are personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person sex life or sexual orientation of the person.
Third party means a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and persons authorised to process personal data under the direct supervision of the controller or the processor.