Data protection is a matter of course
This is not just an empty phrase, but our deep conviction. That is why you will not find a legally worded data protection declaration on this page, but plain text.
No Spam!
We will only provide customers and interested parties of the DICIS Institute with relevant technical information or contact you in the context of digital certification.
No Overload!
We only collect the data that helps us to provide our software and to send relevant information about your digital certification to interested parties.
No Secrets!
Our tools belong to us. The data belongs to our customers. We don't create mystical profiles or perform arcane analyses. Everything is completely open and clear.
DATA PROTECTION IN BRIEF
We explain very briefly why we collect data and what happens to it. Interested parties with a little more time will find a detailed version of the data protection declaration on this page.
WHY DO WE NEED DATA?
The DICIS Institute offers digital certification processes for international norms and standards.
Interested parties can use our tool to create a free trial version of the ISO 9001 certification tool. To do this, we collect the data we need to provide and operate the software. This includes first and last name, company name, email address, and usage data (login, logout, platform activities, etc.). This data must be truthful. Fake profiles are not allowed to register.
The data that is transmitted to us when you create the certification tool, book a web meeting or download an e-book is used to send you information about the digital certification process.
We use data that users provide as part of the certification process for anonymous benchmark studies, for example to determine the level of maturity in different industries.
We also use automatically collected data to ensure that our software and website are provided without errors and to optimize their content. To do this, we analyze user behavior in anonymized form.
HOW DO WE COLLECT DATA?
On the one hand, data is collected when users communicate it to us. This may be data that is left in a form to create a free software version, when downloading reports and certifications or when retrieving specialist information. Other data are collected automatically by our IT systems when you use the software and visit the website. These data are primarily technical data such as the browser and operating system you are using or when you accessed the page.
WHAT ANALYTICS AND THIRD-PARTY TOOLS DO WE USE?
We want our customers and prospective customers to find relevant functions and information when using our software and visiting our website. To do this, we statistically evaluate the behavior of our software and website usage.
The DICIS institute analyzes user behavior in an anonymized form. This data is stored on the Innolytics servers at Hetzner Online GmbH in Gunzenhausen (Bavaria / Germany) using the statistical functions of our software. DICIS uses the provider OpenAI for its AI services. An interface is used that does not train the provider’s model. The automatic bug tracking system SENTRY notifies our development team when errors occur. User and platform names, as well as the activity that triggered the error, are transmitted.
On our website dicis.org, the evaluation is done primarily with cookies and with the following analysis and service programs: Google Analytics, Google Ads, Google Tag Manager, HubSpot and Microsoft Clarity. When visiting our website, these analyses can be prevented by using certain tools. We recommend Ghostery (https://www.ghostery.com) as a blocker. Some functions of our website can be blocked by using tools like Ghostery.
RIGHTS OF USERS / CONFIDENTIALITY
Clients and users of the certification tool can request information on the origin, recipients and purpose of the stored personal data at any time. We will correct inaccurate data immediately and block or delete all data. We will provide data resulting from the use of the software in XML format upon request. You can contact us – whenever you have questions – at the email address zertifizierungsteam@dicis.org.
Innolytics AG is obliged to keep strictly confidential all information disclosed or made known to it in the course of the cooperation, including trade secrets according to § 2 of the German Trade Secrets Act (GeschGehG), and to use it exclusively for the contractually agreed purposes. Innolytics AG is obliged to protect such information from unauthorized access by appropriate technical and organizational measures in accordance with Art. 32 (1) (b) GDPR, applying the data protection, security and IT concept of Innolytics AG. Confidential information is all information that is not publicly accessible; even in the case of publicly accessible information, the customer remains the author, and its use is only permitted with the express consent of the customer.
DETAILED INFORMATION ON DATA PROTECTION
1. DATA COLLECTION AND PROCESSING, USE OF PERSONAL DATA
Steffen Kügler, Innolytics AG, is named as the head of data processing at the responsible body. He can be reached at support@innolytics.de.
Insofar as personal data (e.g. names, companies or e-mail addresses) is collected on our websites or when creating an instance of the certification tool, this is done on a voluntary basis.
We collect navigation information from our website visitors for the purposes of software development, marketing and website optimization. This information includes data about your visit to our website, in particular your IP address, operating system, device type (e.g. desktop, mobile), referral source, length of visit and pages viewed.
Personal data is collected for the following purposes:
Installation and utilization of the software of DICIS and its parent company Innolytics®.
User post management, sending notifications from the customer platform
Sending of specialized information
Maintenance of inventory and usage data
Customer acquisition
Preparation and answering of inquiries
Additional services for customers
2. DESCRIPTION OF THE GROUPS CONCERNED
In order to fulfill the aforementioned purpose, personal data or data categories are collected, processed and used by the following groups:
Customer data, in particular contact data such as telephone and e-mail data, contact history and other data necessary for the fulfillment of the contract.
Data on interested parties, in particular contact data and interests (websites visited, specialist information viewed).
Users of DICIS tools, in particular contact details and activities on the respective customer platforms and answers when filling out questionnaires.
3. DEFAULT DELETION PERIODS FOR DATA
The legislator has issued a wide range of retention requirements and deadlines. After these deadlines have expired, the corresponding data is routinely deleted.
4. PRIVACY POLICY FOR THE USE OF THIRD-PARTY SERVICES AND SOFTWARE SOLUTIONS
4.1 USE OF THIRD-PARTY SERVICES AND SOFTWARE SOLUTIONS ON THE DICIS WEBSITE
Google Analytics, Google Tag Manager
The dicis.org website uses functions of the web analysis services Google Analytics and Google Tag Manager. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and that allow an analysis of the use of the website. The information generated by the cookie about the use of this website is usually transmitted to a Google server in the USA and stored there.
The storage of Google Analytics cookies is based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.
Storage of cookies can be prevented by a corresponding setting of the browser software. However, we point out that in this case not all features of this website may be fully exploited. Furthermore, the collection of data generated by cookies and related to the use of the website (including your IP address) and the processing of this data by Google can be prevented by users downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
Data collection by Google Analytics can be prevented by clicking on a link provided by Google. This sets an opt-out cookie that prevents the collection of personal data during future visits to this website.
More information about how Google Analytics handles user data can be found in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.
We have entered into an agreement with Google for the outsourcing of our data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
HubSpot
Our registration service allows visitors to our website to learn more about our company, download content and provide their contact information and other demographic information. This information is stored on servers of our software partner HubSpot and may be used by us to contact visitors to our website and to determine which of our services they are interested in. All information we collect is subject to this privacy policy. We use all information collected solely to optimize our marketing.
HubSpot is a software company based in the United States with an office in Ireland.
Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Telephone: +353 1 5187500. HubSpot is subject to the TRUSTe ‘s Privacy Seal and the U.S. – EU Safe Harbor Framework and the U.S. – Swiss Safe Harbor Framework.
Microsoft Clarity
This site uses Microsoft Clarity to analyze user behavior on our website. The service is integrated into the source code at dicis.org via a script. Data is transmitted to optimize the user experience. The data collected includes: duration of stay on the pages, surfing and clicking behavior, IP address and country of origin. This data will not be shared with third parties and is used only for protection and for internal statistics. By using our pages, you agree that you are in agreement with this. You can find more information here: https://clarity.microsoft.com/
YouTube
Our website uses plugins from the Google-owned site YouTube. The site is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit one of our pages equipped with a YouTube plugin, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited.
If you are logged into your YouTube account, you enable YouTube to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
For more information on how user data is handled, please refer to the YouTube privacy policy at https://www.google.de/intl/de/policies/privacy.
Vimeo
Our website uses plugins from the site Vimeo. The site is operated by Vimeo.com Inc., 330 W 34th St. Floor 10, United States.
When you visit one of our pages equipped with a Vimeo plugin, a connection to the Vimeo servers is established. This tells the Vimeo server which of our pages you have visited.
If you are logged into your Vimeo account, you enable Vimeo to directly allocate your surfing behavior to your personal profile. You can prevent this by logging out of your account.
You can find more information about the handling of user data in the Vimeo data privacy policy at https://vimeo.com/privacy/us-state-privacy
Our website uses functions of the LinkedIn network. The provider of this service is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time one of our pages that contains LinkedIn features is accessed, your browser establishes a direct connection to LinkedIn servers. LinkedIn is informed that you have visited our website from your IP address. If you click on the LinkedIn “Recommend” button and are logged into your LinkedIn account, LinkedIn will be able to link your visit to our website to your user account. We would like to point out that, as the provider of this website, we have no knowledge of the content of the data transmitted or how it will be used by LinkedIn.
For more information, please see LinkedIn’s privacy policy at: https://www.linkedin.com/legal/privacy-policy
4.2 USE OF THIRD-PARTY SERVICES AND SOFTWARE SOLUTIONS FOR THE OPERATION OF THE DICIS TOOLS
Hetzner Online GmbH
Our software is stored on several separate servers of Hetzner Online GmbH (Industriestr. 25, D-91710 Gunzenhausen).
When using our software, a connection is established to servers in the Hetzner Online GmbH data center. All user data listed in this data protection declaration is stored on Hetzner’s servers.
We have entered into a contract data processing agreement with Hetzner Online GmbH and fully implement the strict requirements of the German data protection authorities when using it.
Further information can be found in the privacy policy of Hetzner Online GmbH at https://www.hetzner.de/rechtliches/datenschutz
OpenAI
Our software uses AI functions from the provider OpenAI, L.L.C., 3180 18th Street, San Francisco, California 94110. This concerns the transmission of your company name and your company description in the context of prompts to the AI service. When using the AI assistant, a connection to OpenAI servers is established via an interface. OpenAI is informed that users have made a request.
We use an Enterprise interface to communicate with OpenAI. The company states in its privacy policy: “We do not train on your business data (data from ChatGPT Team, ChatGPT Enterprise, or our API Platform).”
Further information can be found in OpenAI’s privacy policy at https://openai.com/enterprise-privacy.
Amazon Web Services (AWS)
Our software uses Amazon Web Services functions located in Frankfurt. This concerns the storage of images and files, the conversion and storage of videos, and the sending of emails. When using our software, a connection to AWS servers is established. AWS is informed that users have visited our software with their IP address.
We have entered into a contract data processing agreement with Amazon Web Services and fully implement the strict requirements of the German data protection authorities when using it.
For more information, see the AWS Privacy FAQ at https://aws.amazon.com/de/compliance/data-privacy-faq/.
Microsoft Azure
Our software uses functions of Microsoft Azure located in Frankfurt. This concerns the processing of requests from the web via a load balancing service and the storage of images and files. When using our software, a connection to Microsoft Azure servers is established. Microsoft is informed that users have visited our software with their IP address.
We have entered into a contract data processing agreement with Microsoft and fully implement the strict requirements of the German data protection authorities when using it.
For more information, see the Microsoft Azure privacy statement at https://azure.microsoft.com/de-de/support/legal/privacy-statement/germany/.
Strato AG
Our software uses web servers from Strato AG (Pascalstraße 10, D-10587 Berlin) as a backup for platforms and content. Several times a day, an automatic connection is established between Strato AG servers and our servers at Hetzner Online GmbH. Strato receives all data stored on the Hetzner Online GmbH servers in encrypted form as a backup.
We have concluded a contract with Strato AG for commissioned data processing and fully implement the strict requirements of the German data protection authorities when using it.
Further information can be found in the data protection declaration of Strato AG at https://www.strato.de/datenschutz/
Sentry Error Tracking
Our software uses features of the automatic error and bug tracking system Sentry from the US company Functional Software Inc. (132 Hawthorne St, San Francisco, CA 94107). When software functions fail, selected data is transferred to the company’s servers. This is data that enables Innolytics developers to reconstruct the error. As a company with customers within the EU, Sentry has subjected itself to the strict rules of the GDPR.
Further information on this and on the data transferred in the event of an error can be found in the company’s data protection declaration: https://sentry.io/privacy/
5. INFORMATION, DELETION, BLOCKING
DICIS users and potential users have the right to request information about their stored personal data, its origin and recipients, and the purpose of the data processing, as well as the right to correct, block or delete this data. For this purpose, as well as for further questions regarding personal data, data subjects can contact us at any time at the address given in the imprint.
Users have the right to have data which we process based on consent or in fulfillment of a contract automatically delivered to themselves or to a third party in a standard, machine-readable format. If users require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.
6. COOKIES
The dicis.org website and the online certification tool use cookies in some instances. Cookies do not harm computers and do not contain viruses. Cookies serve to make our offering more user-friendly, effective and secure. Cookies are small text files that are stored on the computer and saved by the browser.
Most of the cookies we use are so-called “session cookies.” They are automatically deleted after the end of a visit. Other cookies remain stored on the end device until they are deleted. These cookies enable us to recognize browsers the next time you visit. Users can also be logged into the software faster via cookies.
Users can adjust their browser settings so that they are informed when cookies are set and only allow cookies in individual cases, accept cookies for certain cases or generally exclude them, and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website and our software may be limited.
7. CONTACT FORM
If users or interested parties send us enquiries using the contact form, the information provided in the enquiry form, including the contact details given there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We will not pass on this data without consent.
8. DATA REQUIRED FOR OBTAINING INFORMATION ON PRODUCTS AND FOR USING THE SOFTWARE
If interested parties wish to receive regular specialist information or create a platform, we require an e-mail address as well as information that allows us to verify that the users concerned are the owners of the e-mail address provided and agree to receive the specialist information. Further data is not collected or is only collected on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.
The processing of the data entered into the registration form is carried out exclusively on the basis of consent (Art. 6 para. 1 lit. a DSGVO). The consent given for the storage of the data, the e-mail address and its use for sending specialist information can be revoked at any time, for example via the “unsubscribe” link in each e-mail. When creating platforms, users who have been written to or invited against their will can also have themselves put on a blacklist via a link. The legality of the data processing operations already carried out remains unaffected by the revocation.
The data provided by users for the purpose of receiving specialist information or using our software will be stored by us until they are removed from the distribution list and will be deleted after the specialist information has been canceled or the platform has been deactivated.
HUBSPOT
We use the service provider HubSpot to manage our specialist information and create landing pages. Registration for our specialist information is done using a so-called double opt-in procedure. This means that after registration, interested parties receive an e-mail asking them to confirm their registration. This confirmation is necessary to prevent anyone from registering with someone else’s e-mail address.
Use of the “HubSpot” mailing service
Among other things, we use the “HubSpot” email marketing service. When users take advantage of an offer on our website that requires them to enter an email address, it may be stored on HubSpot’s servers. HubSpot is subject to the TRUSTe’s Privacy Seal and the U.S. – EU Safe Harbor Framework and the U.S. – Swiss Safe Harbor Framework.
HubSpot has responded to the judgment of the Court of Justice of the European Union (CJEU), which on July 16, 2020, invalidated the EU-US Privacy Shield agreement. At the same time, the CJEU confirmed that the standard contractual clauses under Directive 95/46/EC remain valid as a mechanism for secure data transfer to third countries. You can find HubSpot’s statement here: https://www.hubspot.de/data-privacy/privacy-shield
Statistical surveys and analyses
The newsletters may contain a so-called “web beacon”, i.e. a pixel-sized file that is retrieved from the HubSpot server when the newsletter is opened. However, we do not send this file without the express and explicit consent of our users. When registering to receive specialist information or to register in the software, this consent is NOT given, and as a result the above-mentioned information is not collected.
If consent is given, technical information such as information about the browser and the system, as well as the IP address and time of the retrieval, is initially collected as part of this retrieval. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined using the IP address) or access times.
The standard statistical data collected during registration and downloads includes whether newsletters are opened and when they are opened.
9. CONCLUDING REMARKS, SSL AND TLS ENCRYPTION
This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon in your browser line is visible. If SSL or TLS encryption is activated, the data that users transmit to us cannot be read by third parties. For the sake of form, we would like to point out that data transmission over the internet (e.g. when communicating by email) can have security gaps. It is not possible to provide seamless protection of data from access by third parties.
Updated: January 10, 2024, 1:15 pm