Data Privacy Policy

Data Protection Officer

Dr. Clément Labadie
clement.labadie@cdq.ch

Do you need more information about data protection at CDQ or our data privacy policy? I will be glad to answer your questions!

Get in touch with me

This privacy notice applies to the CDQ Group (collectively "CDQ", "we", "us" our "our").

Responsible organization:

  • Name: CDQ AG (CDQ)
  • Street/no.: Lukasstrasse 4
  • Postcode/city/country: 9008 St. Gallen, Switzerland
  • Commercial register no. (UID): CHE-218.608.886

CDQ is a unique institution for data management in Europe. With its research-oriented approach, CDQ links experts from practice and science and develops innovative solutions for current issues in data management.

We are headquartered in St. Gallen, Switzerland and operate subsidiaries in Germany and Poland.

Visitors of this website or any identifiable person to whom personal data is processed by CDQ itself or on behalf of data controllers (our customers) are data subjects in the context of this privacy notice.

The personal data we collect may be stored, with risk-appropriate technical and organizational security measures applied to it, on third-party servers in Switzerland, the European Union or the United States. Whenever possible, we select data storage locations among EU member states and Switzerland.

In all cases, we follow generally accepted standards and security measures to protect the personal data submitted to us, both during transmission and once we receive it.

We may update this privacy notice to reflect changes to our data practices. We encourage our visitors and customers to periodically review this page for the latest information on our privacy practices.

As a data subject, you may exercise the following rights regarding the processing of your personal data:

  • Right to information. You have the right to receive information about the processing of your personal data by CDQ, prior to as well as during the processing, upon request.
  • Right of access. You have the right to receive a copy of your personal data currently processed by CDQ, upon request.
  • Right to rectification. Data quality is our business, and we should process your personal data accurately. Should you discover any inaccuracy, you have the right to request the rectification of your affected personal data by CDQ.
  • Right to erasure ("right to be forgotten"). You have the right to request the deletion of your personal data by CDQ, unless there are lawful grounds for CDQ to continue processing (e.g., legal obligation).
  • Right to object. When CDQ processes your personal data based on a legitimate interest, you can object to such processing, on grounds relating to your individual situation, and we shall assess our processing activities to ensure compliance with all relevant rules and regulations.
  • Right to withdraw consent. When CDQ processes your personal data based on your consent, you can withdraw your consent at any time, using the dedicated link in the communications you receive from us. The withdrawal of consent is not retroactive and shall not affect the lawfulness of prior processing.
  • Right to restriction of processing. In the following cases, you have the right to request the restriction of processing of your personal data:
    • When exercising your rights to rectification and to object, while we are verifying your claim.
    • When processing is unlawful, and you would prefer restriction over deletion of your personal data.
    • When CDQ no longer needs to process your personal data, but you require them in the context of a legal claim.

These data subject rights depend on the categories of personal data and the processing activities in question. In all cases, CDQ will handle your requests in the best way possible. You may also contact and lodge a complaint with the data protection supervisory authority of your country.

Our core business is to provide collaborative management services, enabling our customers to improve management of their business partner data by sharing it within a network of trusted peers.

We collect business partner data from our customers which we analyze on their behalf to derive quality assessment and error reports and apply corrective data quality rules. We also update business partner data and add missing information to it, using external data sources such as open data collections, commercial registers, or third-party services.

We run our cloud services and databases hosted in data centers located in the EU (Germany and Ireland). Data records are encrypted "at rest" in databases as well as "in transit" (when being transferred between your browser and our cloud platform).

DATA COLLECTION AND PROCESSING

Processing bases: customer contracts, legitimate interest
Data subjects = business customers or suppliers of CDQ customers:

  • Legal name
  • Legal form
  • Tax and identification numbers
  • Address(es)
  • IBAN account number(s)
  • Hierarchy relations
Purpose Data residency Controls
Cloud infrastructure and filesystem Germany and Ireland Sub processor complies with the GDPR

Data Processing Agreement and Standard Contractual Clauses in place
Database infrastructure Germany and Ireland Sub processor complies with the GDPR

Data Processing Agreement and Standard Contractual Clauses in place

Our website is the showcase of our business, and it is important for us to understand our audience to grow it.

We use an analytics platform (configured to reduce your IP addresses to eliminate personal references to you) as well as a marketing platform. Our marketing platform enable us to collect information on your interactions with our website to understand your interest for our services. To do this, these platforms rely on cookies placed on your device – the cookie banner that is displayed upon your first visit enables you to turn on or off optional cookies. These cookies gather information such as the time of your visit, how you arrived to CDQ's site, the search engine and keywords that lead you to us, information about your device and browser, as well as your approximate location based on your IP address.

Various pages of our website contain registration forms that you can use to get in touch with us and/or receive further information from us. With these forms, we collect your information based on your explicit consent, and each of landing page lays out the purpose of the registration. Our marketing platform handles our automated e-mail communications (e.g., newsletter, blog subscription, product updates, depending on what you registered to). These e-mails may contain web beacons to record, for instance, whether you opened our emails and how you acted upon reading them. They also include links to unsubscribe.

DATA COLLECTION AND PROCESSING

Processing bases: consent, legitimate interest
Data subjects = visitors of the CDQ website

  • First and last name
  • E-mail address
  • Company and industry
  • Job description
  • IP address
  • Web logging data
Purpose Data residency Controls
Analytics platform EU and USA Sub processor complies with the GDPR

Data Processing Agreement and Standard Contractual Clauses in place
Marketing platform EU and USA Sub processor complies with the GDPR

Data Processing Agreement and Standard Contractual Clauses in place
CRM Germany Sub processor complies with the GDPR

Data Processing Agreement in place

EVENTS AND WEBINARS

CDQ organizes events and webinars around the topic of data management.

To process your registration to our events/webinar, we may transfer some of your personal information to organization partners (e.g., a hotel for an in-person event, a partner company for a webinar).

The provision of webinars is supported by conferencing solutions, and webinars may be recorded and subsequently made available publicly on our website and social media channels as well as on those of relevant webinar partners.

All of our event/webinar partners and channels are listed on each event/webinar's registration page and we ask for your consent when needed.

By registering and/or logging on to an event/webinar, you agree to the following:

  • Your personal data may be heard, seen, read, collected, or used by CDQ and its event/webinar partners (as organizers), and by participants.
  • Any communication or information transmitted during the event/webinar, such as voice, display names, presentations, are available to the event/webinar audience and may be recorded for CDQ's and its event/webinar partners' further promotion and information purposes.
  • CDQ and its event/webinar partners may further use information from the event/webinar such as invitee lists, attendee logs, information on the event/webinar subject matter and the recording thereof.

We collect and process personal data of our customers’ representatives as part of the initial contractual and negotiations process, as well as for accessing CDQ Cloud Apps.

For our commercial processes, we collect and store information on our customer contacts in our customer records management (CRM) system as well as within our digital signature platform, when applicable.

CDQ collects and processes personal data of Controller’s employees for the provision of and access to CDQ Cloud Services, as well as for relevant notifications. CDQ also logs user actions for performance and security metrics.

DATA COLLECTION AND PROCESSING

Processing bases: customer contract, legitimate interest
Data subjects = representatives of CDQ customers

  • First and last name
  • E-mail address
  • Phone number
  • Digital signature
  • IP address and timestamp of various user actions
Purpose Data residency Controls
Product support, documentation and notifications Germany, Ireland Sub processor complies with the GDPR

Data Processing Agreement and Standard Contractual Clauses in place
E-Signature EU Sub processor complies with the GDPR

Data Processing Agreement and Standard Contractual Clauses in place
Analytics EU nad USA Sub processor complies with the GDPR

Data Processing Agreement and Standard Contractual Clauses in place
Communication, e-mail and document storage Switzerland Sub processor complies with the GDPR

Data Processing Agreement and Standard Contractual Clauses in place
CRM Germany Sub processor complies with the GDPR

Data Processing Agreement in place

Cloud Security at CDQ

Data security is on our focus: We rely not only on a state-of-the-art cloud infrastructure for our data quality solutions, but also on highest standards in the area of data protection. Learn more about our cloud security approach
Updated on June 2021
Go to top