Privacy Policy

Status: January 2026

This Privacy Policy explains what personal data (hereinafter “Data”) is collected when you visit our website and use the services and offerings available there, and how we process or use this data.

When you visit the QS-Tag website (www.qs-tag.de), various types of personal data are processed depending on the nature and scope of your visit. Personal data refers to information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”). A natural person is considered identifiable if they can be identified directly or indirectly (e.g., by association with an online identifier). This includes information such as name, address, phone number, date of birth, or IP addresses.

With this privacy notice, we inform you in accordance with Art. 12 et seq. of the GDPR about which personal data is processed when you visit and use our website. Below, you will find, in particular, information on what data we collect in connection with your visit to and use of our website, how we use the collected data, and for what purposes the data is collected. You will also find information regarding the rights you have in connection with the processing of your personal data.

We reserve the right to amend this privacy policy with future effect, particularly in the event of further development of our website, the use of new technologies, or changes to the legal framework or relevant case law. This privacy policy applies to all subpages of the website (https://www.qs-tag.de). It does not apply to any linked websites or to other websites operated by imbus AG or other providers.

This privacy policy applies to all subpages of the website https://www.qs-tag.de. It does not apply to any linked websites or to other websites operated by imbus AG or other providers.

The controller and operator of this website pursuant to Article 4(7) of the GDPR is 

imbus AG, Kleinseebacher Str. 9, 91096 Möhrendorf, Germany. Email: info@imbus.de

Please direct any questions regarding this privacy policy or the use and storage of your data by the website operator to one of the following contacts:

For security reasons and to protect your personal data when it is transmitted to us, we use SSL or TLS encryption to safeguard your data against unauthorised access. You can recognise an encrypted connection by the https:// prefix and the padlock icon in your browser’s address bar.

The legal basis for storing information on your device and accessing it in connection with the use of “DP Cookie Consent” is Section 25(2)(2) of the TDDDG.

5.5.3. Matomo

Provided you have given your consent, this website uses the open-source web analytics service Matomo. Matomo employs technologies that enable cross-page recognition of users for the purpose of analysing user behaviour. The information collected by Matomo regarding the use of this website is stored on our server. The IP address is anonymised prior to storage.

With the help of Matomo, we are able to collect and analyse data on how users interact with our website. This enables us, amongst other things, to identify when specific pages were viewed and the region from which the respective user originates. We also collect various log files (e.g. IP address, referrer, browsers and operating systems used) and can measure whether visitors to our website perform certain actions (e.g. clicks, purchases, etc.).

The storage of cookies in connection with the use of Matomo Analytics is based on your consent in accordance with Section 25(1) of the German Telemedia Act (TDDDG). The legal basis for the processing of your data in connection with the use of Matomo Analytics is your consent in accordance with Article 6(1)(a) of the GDPR. You may withdraw your consent at any time with effect for the future. Further information on withdrawing your consent can be found in this privacy policy under the section ‘Cookie Management’.

5.5.4. Google Ads

Where consent has been given, this website uses the Google Ads service, which is provided for the European region by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter “Google”).

Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters specific search terms into Google (keyword targeting). Furthermore, we can display targeted advertisements based on user data available to Google (e.g. location data and interests) (audience targeting). As a website operator, we can evaluate the data quantitatively, for example by analysing which search terms led to the display of advertisements and how many advertisements resulted in corresponding clicks.

The storage of cookies in connection with the use of Google Ads is based on your consent in accordance with Section 25(1) of the German Telemedia Act (TTDSG). The legal basis for the processing of your data in connection with the use of Google Ads is your consent in accordance with Article 6(1)(a) of the GDPR. You may withdraw your consent at any time with effect for the future. Further information on withdrawing your consent can be found in this privacy policy under the section (“Cookie Management”).

We have entered into a data processing agreement with Google Ireland Limited in connection with the use of Google Ads. In the event that personal data is transferred by Google Ireland Limited to the USA, Google Ireland Limited and Google LLC have concluded the Standard Contractual Clauses (Implementing Decision (EU) 2021/914, Module 3) in accordance with Article 46(2)(c) of the GDPR to ensure that the data is processed in accordance with the level of protection guaranteed by the GDPR.

Furthermore, on 10 July 2023, the European Commission adopted an adequacy decision pursuant to Article 45 of the GDPR for the USA, known as the EU-US Data Privacy Framework. Accordingly, companies certified under the EU-US Data Privacy Framework offer an adequate level of data protection.

Google LLC is certified under the EU-US Data Privacy Framework:

https://www.dataprivacyframework.gov/list

5.5.5. Google Tag Manager

This website uses Google Tag Manager. Google Tag Manager is a solution for managing website tags. The ‘Tag Manager’ tool is a cookie-free domain and does not collect any personal data. The tool ensures the resolution of other tags, which may themselves collect data. Google Tag Manager does not access this data. If deactivation has been carried out at domain or cookie level, this remains in effect for all tracking tags implemented using Google Tag Manager.

5.5.6. Meta Pixel

We use the so-called Meta Pixel on our website, which is provided for the European region by Meta Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Meta”).

We are jointly responsible with Meta for the processing of your personal data resulting from the integration of the Meta Pixel. We have entered into a joint processing agreement with Meta, which sets out the respective responsibilities. The agreement concluded between us and Meta can be viewed via the following link:

https://www.facebook.com/legal/controller_addendum

Under the agreement, we are specifically responsible for fulfilling the information obligations under Articles 13 and 14 of the GDPR, for complying with the security requirements of Article 32 of the GDPR regarding the correct technical implementation and configuration of the Meta pixel, and for complying with the obligations under Articles 33 and 34 of the GDPR, insofar as a data breach occurs in connection with the use of the Meta Pixel. Under the agreement, Meta is specifically responsible for ensuring the rights of data subjects in accordance with Articles 15–20 of the GDPR, as well as the security of the Meta Pixel in accordance with Article 32 of the GDPR.

The Meta Pixel enables us to target visitors to our website with interest-based advertising on the Facebook social network. To this end, once successfully integrated into our website, the Meta Pixel records when a user performs an action on our website (e.g. adding an item to the shopping basket). The Meta Pixel records these actions (so-called ‘events’) and transmits them to Meta. We can view and use the events recorded by the Meta Pixel to target users of our website with Facebook advertisements (e.g. when users have added an item to their shopping basket but have not purchased it).

The storage of cookies in connection with the use of Meta-Pixel is based on your consent in accordance with Section 25(1) of the German Telemedia Act (TTDSG). The legal basis for the processing of your data in connection with the use of Meta Pixels is your consent in accordance with Article 6(1)(a) of the GDPR. You may withdraw your consent at any time with effect for the future. Further information on withdrawing your consent can be found in this privacy policy under the section ‘Cookie Management’.

We have concluded a data processing agreement with Meta Ireland Limited in connection with the use of Meta Pixels. In the event that personal data is transferred by Meta Ireland Limited to the USA, Meta Ireland Limited and Meta Platforms, Inc. have concluded the Standard Contractual Clauses (Implementing Decision (EU) 2021/914, Module 3) in accordance with Article 46(2)(c) of the GDPR to ensure that the data is processed in accordance with the level of protection guaranteed by the GDPR.

Furthermore, on 10 July 2023, the European Commission adopted an adequacy decision pursuant to Article 45 of the GDPR for the USA, known as the EU-US Data Privacy Framework. Accordingly, companies certified under the EU-US Data Privacy Framework offer an adequate level of data protection.

Meta Platforms Inc. is certified under the EU-US Data Privacy Framework:

https://www.dataprivacyframework.gov/list

5.6. Hosting

Our website is hosted by an external service provider, ConnectingBytes GmbH, In der Steele 35, 40599 Düsseldorf, Germany. The data collected when using our website is stored on our host’s servers. This data includes, in particular, IP addresses, contact enquiries, meta and communication data, contact details, website visits and other data generated in the course of using a website.

We use our hosting provider for the purpose of fulfilling our contractual obligations towards our potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of ensuring the secure, fast and efficient provision of our online services by a professional provider (Art. 6(1)(f) GDPR).

Our hosting provider will only process your data to the extent necessary to fulfil its contractual obligations.

5.6. Other purposes of processing

5.6.1. Compliance with legal requirements

We also process your personal data in order to comply with other legal obligations that may apply to us in connection with our business activities. These include, in particular, retention periods under commercial, trade or tax law. In doing so, we process your personal data in accordance with Article 6(1)(c) of the GDPR to fulfil a legal obligation to which we are subject.

5.6.2. Law enforcement

We also process your personal data in order to assert our rights and enforce our legal claims. We also process your personal data to defend ourselves against legal claims. Finally, we process your personal data to the extent necessary to prevent or investigate criminal offences. In doing so, we process your personal data to safeguard our legitimate interests in accordance with Article 6(1)(f) of the GDPR, insofar as we are asserting legal claims, defending ourselves in legal disputes, or preventing or investigating criminal offences (legitimate interest).

Within our company, access to your data is granted to those departments that require it to fulfil our contractual and legal obligations. Service providers and agents engaged by us (e.g. technical service providers, delivery companies, waste disposal companies) may also receive data for these purposes. We limit the disclosure of your personal data to what is strictly necessary, taking into account data protection regulations. In some cases, recipients receive your personal data in their capacity as data processors and are then strictly bound by our instructions when handling your personal data. In some cases, the recipients act independently under their own data protection responsibility and are likewise obliged to comply with the requirements of the GDPR and other data protection regulations.

In the context of organising and running our events, we engage summit GmbH, Hainstraße 16, 04109 Leipzig, in particular as a service provider. In doing so, summit GmbH processes personal data as a data processor on our behalf and exclusively on the basis of our instructions in accordance with Article 28 of the GDPR. This applies in particular to organisational services in connection with event planning and execution, participant management (including communication), and speaker/presenter management (e.g. in connection with the call for papers).

Finally, in specific cases, we may disclose personal data to our legal or tax advisers; these recipients are bound by their professional obligations to maintain the highest standards of confidentiality and secrecy.

We process and store your personal data initially for the duration of the respective purpose of use (see above regarding the individual processing purposes). This may also include the periods during which a contract is being negotiated (pre-contractual legal relationship) and during the performance of a contract. On this basis, personal data is regularly deleted in the course of fulfilling our contractual and/or legal obligations, unless its temporary further processing is necessary for the following purposes:

• Compliance with statutory retention obligations arising, for example, from the German Commercial Code (Sections 238, 257(4) HGB) and the German Fiscal Code (Section 147(3), (4) AO). The retention and documentation periods specified therein are up to ten years.
• Preservation of evidence, taking into account the statute of limitations. Pursuant to Sections 194 et seq. of the German Civil Code (BGB), these limitation periods may be up to 30 years, with the standard limitation period being three years.

9.1. Right of access

You are entitled at any time, pursuant to Article 15 of the GDPR, to request confirmation from us as to whether we are processing personal data relating to you; if this is the case, you are also entitled, pursuant to Article 15 of the GDPR, to obtain information regarding this personal data as well as certain further details (in particular the purposes of processing, categories of personal data, categories of recipients, planned storage period, the origin of the data, the use of automated decision-making and, in the case of transfers to third countries, the appropriate safeguards) and a copy of your data. The restrictions of Section 34 of the Federal Data Protection Act (BDSG) apply.

9.2. Right to rectification

Under Article 16 of the GDPR, you have the right to request that we rectify any personal data we hold about you if it is inaccurate or incorrect.

9.3. Right to erasure

You are entitled, subject to the conditions set out in Article 17 of the GDPR, to request that we erase personal data concerning you without undue delay. The right to erasure does not apply, inter alia, where the processing of your personal data is necessary, for example, to comply with a legal obligation (e.g. statutory retention obligations) or to establish, exercise or defend legal claims. Furthermore, the restrictions set out in Section 35 of the Federal Data Protection Act (BDSG) apply.

9.4. Right to restriction of processing

You are entitled, subject to the conditions set out in Article 18 of the GDPR, to request that we restrict the processing of your personal data.

9.5. Right to data portability

You are entitled, subject to the conditions set out in Article 20 of the GDPR, to request that we provide you with the personal data concerning you that you have supplied to us in a structured, commonly used and machine-readable format.

9.6. Right to withdraw consent

You may withdraw your consent to the processing of personal data at any time. This also applies to the withdrawal of consent given to us prior to the entry into force of the GDPR, i.e. before 25 May 2018. Please note that the withdrawal only takes effect for the future. Processing carried out prior to the withdrawal is not affected by the withdrawal of consent. To withdraw your consent, a simple informal notification, e.g. by email, sent to us is sufficient.

9.7. Right to object

You have the right to object to the processing of your personal data under the conditions set out in Article 21 of the GDPR, in which case we must cease processing your personal data. The right to object applies only within the limits set out in Article 21 of the GDPR. Furthermore, our interests may override the cessation of processing, meaning that we are entitled to process your personal data despite your objection. We will take immediate account of any objection to direct marketing measures without further weighing up the interests involved.

Information regarding your right to object under Article 21 of the GDPR

You have the right to object at any time to the processing of your data carried out on the basis of Article 6(1)(f) GDPR (data processing based on a balancing of interests) or Article 7(1)(1)(e) GDPR (data processing in the public interest), if there are grounds for doing so arising from your particular situation.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims.

The objection may be made in any form and should, if possible, be addressed to:

imbus AG

Kleinseebacher Str. 9

91096 Moehrendorf

E-Mail: info(at)imbus.de

9.8. Right to lodge a complaint with a supervisory authority

Subject to the conditions set out in Article 77 of the GDPR, you have the right to lodge a complaint with a competent supervisory authority. In particular, you may lodge a complaint with the supervisory authority responsible for us (Bavarian State Office for Data Protection Supervision (BayLDA); www.lda.bayern.de/de/kontakt.html) or any other competent supervisory authority. A list of data protection supervisory authorities and their contact details can be found via the following link:

https://www.bfdi.bund.de/EN/Service/Anschriften/Laender/Laender-node.html

9.9. Other enquiries

If you have any further questions or concerns regarding data protection, please contact our Data Protection Officer using the contact details provided above.

In principle, you are not obliged to provide us with your personal data. However, if you do not do so, we will not be able to provide you with full access to our website or respond to your enquiries. Personal data that we do not strictly require for the processing purposes mentioned above is marked accordingly as voluntary information.

Some pages on our website contain embedded links to video clips stored on YouTube’s servers (www.youtube.com/t/impressum). Clicking on the thumbnail (to play the video) triggers a data transfer to YouTube, during which YouTube assigns you a visitor ID.

We do not use automated decision-making or profiling (an automated analysis of your personal circumstances).

We use the web analytics software Matomo (Piwik), provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand (matomo.org). This software and the data it collects are stored solely on the web server of imbus AG, as described in this privacy policy. We do not pass this data on to third parties.

Matomo (Piwik) uses cookies, i.e. text files that are stored on your computer and enable an analysis of your use of the website. We use the information generated by the cookie to evaluate how visitors use the website. You can prevent the storage of cookies by adjusting your browser settings accordingly; however, we would like to point out that, in this case, you may not be able to use all the functions of this website to their full extent.