The protection of your privacy and your personal data is important to us, and this is a key factor in how we design and implement our activities on the Internet.

Responsibility, scope of application

This Data Privacy Statement applies to our website:
www.srs-certification.com
operated by:
ການຢັ້ງຢືນ SRS GmbH
Friedländer Weg 20
37085 Göttingen
Germany
e-mail: technical@srs-certification.com
tel: +49 (0) 551- 89024542
(“SRS” or “we”) as data controller.

In this Data Privacy Statement, we notify you about the type, scope and purposes of the collection, processing and use of your personal data when visiting or using our Website. This is performed in accordance with the provisions of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), the German Telemedia Act (TMG) and other applicable data-protection regulations (referred to jointly below as “Applicable Data Protection Law”).

No automated decision-making/profiling is performed.

Handling of personal data, legal bases of data processing

Personal data refers to information that can be used to identify a person, i.e. details that can be traced back to a person. This includes for example the person’s name, e-mail address or telephone number. Personal data is only collected, processed and used by SRS if the user has consented to the data collection or in the event of another permitted circumstance under Applicable Data Protection Law.

If we obtain users’ consent to the processing of personal data, the legal basis for this data processing is Art. 6 (1) a) GDPR.

The processing of personal data that we require for the performance of a contract with the user is governed by Art. 6 (1) b) GDPR as the legal basis for the data processing. This also applies to processing events that enable precontractual measures to be performed.

If we are required to process personal data in order to comply with a legal obligation, the legal basis is Art. 6 (1) c) GDPR.

Further, we may also process personal data if the processing is necessary to protect the vital interests of the user or of another natural person (Art. 6 (1) d) GDPR).

If the processing of your personal data is necessary for the purposes of a legitimate interest pursued by us or a third party that is not overridden by the interests, fundamental rights or fundamental freedoms of the user, the data processing is based on Art. 6 (1) f) GDPR.

Access data / server log files

SRS collects data about every access to the Websites (known as server log files). The access data includes: name of the webpage or webservice accessed, file, date and time of the access, browser type including version, user’s operating system, referrer URL (the page visited previously), IP address, where relevant user name and the requesting provider. SRS uses the log data solely for statistical analyses and the purpose of operating, securing and optimising the Websites. This data is not merged with other data sources or other personal data about you. The system needs to store the IP addresses temporarily to enable the Websites to be delivered to you. The IP address is stored for the duration of the session for this purpose. Data is saved in server log files to safeguard the functionality of the Websites. The data also helps SRS to optimise the Websites and safeguard the security of the IT systems. SRS further reserves the right to review the log data retrospectively if there are specific indications that justify a suspicion of unlawful use. These purposes represent a legitimate interest of SRS in data processing. The legal basis here is Art. 6 (1) f) GDPR.

Contact initiation

When you contact SRS (for instance via contact form, telephone or e-mail), your information is stored for the purpose of processing the request as well as for any follow-up queries (legal basis: Art. 6 (1) b) GDPR).

Comments and posts

If you leave comments on the blog or make other posts, your IP address will be stored. This is done to protect SRS in the event that a user includes unlawful content in comments and posts (insults, forbidden political propaganda, etc.). In this case SRS may itself face legal action for the comment or post and thus has an interest in the identity of the author for purposes of defending the claim or asserting recourse claims or may even be obliged to disclose such information to third parties, courts or public authorities. SRS again has a legitimate interest in such purposes, with the legal basis being Art. 6 (1) c) and f) GDPR.

Disclosure to third parties

We will only disclose your personal data to third parties if you have provided your consent or in the event of another permitted circumstance in accordance with the Applicable Data Protection Law. These include in the first instance service providers commissioned by us who support our business operations (Art. 28 GDPR). This covers e.g. webspace providers for the operation of our Websites or the forwarding of invoicing or tax-relevant information to service providers for the purposes of invoicing and accounting or controlling. In these cases, however, the scope of the transmitted data will extend only to the minimum required to achieve the purposes pursued via the data processing.

If we are legally obliged to disclose specific personal data on the basis of a judicial decision or following a request for information from law-enforcement or supervisory authorities or authorized third parties in conjunction with investigatory proceedings or the suspicion of a criminal act, an unlawful act or other acts that may give rise to legal liability for you or us, we will disclose the data required for the investigation, such as name, address, e-mail address or other relevant information (Art. 6 (1) c) GDPR). Similarly, we reserve the right to process and use users’ personal data to enforce or defend against claims.

Forwarding of data to countries outside the EEA/EU

Personal data may be passed in this way to third parties that are domiciled in non-EEA or non-EU countries and where the EU Commission has not established a level of data protection comparable to the EU (e.g. USA). In this case, prior to forwarding we ensure either that an adequate level of data protection is in place at the recipient, in particular by obtaining your consent in advance or through specific guarantees (Art. 44 et seq. GDPR) as well as in particular self-certification of a recipient domiciled in the US in accordance with the principles of EU-US Privacy Shield or agreement with the recipient in the third country to what are termed the EU standard contractual clauses. A copy of suitable guarantees can be obtained on request via the e-mail address set out at the end of this Data Privacy Statement technical@srs-certification.com. Basic information about the participants of the EU-US Privacy Shield can further be found under www.privacyshield.gov/list; information about the EU standard contractual clauses can be found here, and information about the adequacy decisions here.

Integration of third-party content and services

Third-party content, such as YouTube videos, RSS feeds or graphics from other websites, may be integrated into these online offerings. This usually assumes that the providers of this content (hereinafter referred to as “Third-Party Providers”) will be aware of the users’ IP address. This is because they would not be able to transmit the content to the browser of the user in question without the IP address. The IP address is therefore necessary in order to display this content. We endeavor only to use such content where the respective provider solely uses the IP address to deliver the content. At the same time, we have no influence over whether the Third-Party Providers use the IP address e.g. for statistical purposes. Where we are aware of this, we will notify the users accordingly. The use of enhanced presentation options for information purposes and to optimize your user experience is within our mutual legitimate interest (Art. 6 (1) f) GDPR).

Cookies

Cookies are small files that permit specific information relating to the device to be stored on the user’s accessing device (PC, smartphone etc.). They first enhance the friendliness of websites and thus aid the user (e.g. by storing login data) and second enable the recording of statistical data about website use and analysis to improve the Websites. You can influence how cookies are used. Most browsers have an option that limits or completely prohibits the storage of cookies. However, it should be noted that usage, and in particular user comfort, may be restricted without cookies. Our users can manage many online advertising cookies from companies via the US page http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/uk/your-ad-choices/. We store cookies on our users’ hard drives unless they actively block them.

The legal basis for setting cookies for the technical operation of our website and providing the services required by the user is Art. 6 (1) f) GDPR.

For further information about the use of cookies and how you can deactivate cookies, see www.meine-cookies.org or www.youronlinechoices.com.

Use of social plugins via integration using the two-click solution

On our websites we use buttons from social networks, known as social plugins (“Plugins”), as explained in further detail below. These enable you to perform actions related to the contents of our Websites. The legal basis for the provision of the social plugins on our website is our legitimate interest in the user-friendly design of our website (Art. 6 (1) f) GDPR).

If you are registered with the respective social network and are logged in, you can communicate directly with the social network. To increase the protection of users’ personal data while visiting our website, the plugins are integrated into the website using the “two-click solution”. This guarantees that when our webpages containing such a Plugin are accessed, no connection is made with the servers of the provider of the social network at first. Only when a user activates a Plugin does the user’s browser create a direct connection to the servers of the provider of the social network. The content of the respective Plugin is transmitted directly to the user’s browser and integrated into the page.

Through the integration of the Plugin, the provider of the social network is given the information that a user has accessed the page in question. If the user is logged on to the social network, the provider of the social network can allocate the visit to the user’s account on the social network. When users interact with the Plugins, for instance by clicking a share button or posting a comment, the corresponding information is transmitted from the user’s browser directly to the social network and saved there. As the provider of this site we are not informed about the content of the data transferred or its use by the social network.

If a user is a member of a social network and does not want the network to collect data about him via these Websites and link it to the membership data saved on the social network, he needs to log out of the social network prior to visiting the website. Similarly, it is generally possible to block Plugins using add-ons for your browser, for example using the “NoScript” script blocker (http://noscript.net/).

Specifically, the following Plugins are integrated into our website using the two-click solution.

Facebook Social Plugins

These Websites use Plugins of the social network facebook.com, operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). According to Facebook, only an anonymized IP address is stored in Germany. As the provider of this site we are not informed about the content of the data transferred or its use by Facebook. We are not told when the user clicked which button. For information about the purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as your rights in this regard and configuration options to protect your privacy, refer to the Facebook privacy policy: https://www.facebook.com/about/privacy/.

Users can also completely prevent the loading of the Facebook Plugins via browser add-ons using “Facebook Blocker”, e.g. for Mozilla Firefox: https://addons.mozilla.org/de/firefox/addon/facebook-blocker/; for Opera: https://addons.opera.com/de/extensions/details/facebook-blocker/?display=en; for Chrome: https://chrome.google.com/webstore/detail/facebookblocker/chlhacbfddknadmnmjmkdobipdpjakmc?hl=de[U8]

Twitter Social Plugins

We also use Plugins of the provider Twitter. These are operated by Twitter Inc., 795 1355 Market Street, Suite 900, San Francisco, CA 94103, USA (hereinafter referred to as “Twitter”). For information about the purpose and scope of the data collection and the further processing and use of the data by Twitter, as well as your rights in this regard and configuration options to protect your privacy, refer to the Twitter privacy policy: https://twitter.com/privacy.

LinkedIn Social Plugins

Plugins of the social network LinkedIn, LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (“LinkedIn”) are also integrated into this website. For information about the purpose and scope of the data collection and the further processing and use of the data by LinkedIn, as well as your rights in this regard and configuration options to protect your privacy, refer to the LinkedIn privacy policy: https://www.linkedin.com/legal/privacy-policy.

Instagram Social Plugins

Additionally, Plugins of the social network Instagram, operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA, are integrated into this site. For information about the purpose and scope of the data collection and the further processing and use of the data by Instagram, as well as your rights in this regard and configuration options to protect your privacy, refer to the Instagram data policy: https://help.instagram.com/519522125107875.

Rights of data subjects

ທ່ານມີສິດຕໍ່ໄປນີ້:

ສິດທິໃນການຮ້ອງຂໍການຢັ້ງຢືນວ່າຂໍ້ມູນສ່ວນຕົວທີ່ກ່ຽວຂ້ອງກັບທ່ານຈະຖືກດໍາເນີນການແລະລາຍລະອຽດຂອງຂໍ້ມູນນີ້ແລະຂໍ້ມູນເພີ່ມເຕີມແລະສໍາເນົາຂອງຂໍ້ມູນ (Art. 15 GDPR);

ສິດທິໃນການຮ້ອງຂໍໃຫ້ສໍາເລັດຂອງຂໍ້ມູນສ່ວນບຸກຄົນທີ່ບໍ່ຄົບຖ້ວນຫຼືການແກ້ໄຂຂໍ້ມູນສ່ວນບຸກຄົນທີ່ບໍ່ຖືກຕ້ອງ (Art. 16 GDPR);

ພາຍໃຕ້ສິລະປະ. 17 GDPR, ສິດທິໃນການຮ້ອງຂໍໃຫ້ຂໍ້ມູນສ່ວນບຸກຄົນຖືກລຶບທັນທີ, ຫຼື, ຖ້າຕ້ອງການພາຍໃຕ້ Art. 18 GDPR, ວ່າການປະມວນຜົນຂໍ້ມູນຖືກຈໍາກັດ (ຖ້າຂໍ້ມູນນີ້ແມ່ນຂຶ້ນກັບໄລຍະເວລາເກັບຮັກສາໄວ້ຕາມກົດຫມາຍ, ພວກເຮົາຈະປິດກັ້ນມັນສໍາລັບໄລຍະເວລາຂອງການເກັບຮັກສາ);

ສິດທິໃນການໄດ້ຮັບ, ຫຼືໄດ້ສົ່ງໄປຫາພາກສ່ວນທີສາມ, ຂໍ້ມູນສ່ວນບຸກຄົນທີ່ກ່ຽວຂ້ອງທີ່ທ່ານໄດ້ສະຫນອງໃຫ້ພວກເຮົາແລະພວກເຮົາດໍາເນີນການໃນລັກສະນະອັດຕະໂນມັດບົນພື້ນຖານການຍິນຍອມຂອງທ່ານຫຼືໃນການປະຕິບັດສັນຍາ. ຂໍ້ມູນຈະຖືກສະໜອງໃຫ້ໃນຮູບແບບທີ່ເຄື່ອງສາມາດອ່ານໄດ້. ຖ້າທ່ານຮ້ອງຂໍການໂອນຂໍ້ມູນໂດຍກົງໄປຫາຕົວຄວບຄຸມທີ່ແຕກຕ່າງກັນ, ນີ້ຈະເຮັດໄດ້ພຽງແຕ່ຖ້າມັນເປັນໄປໄດ້ທາງດ້ານເຕັກນິກ (Art. 20 GDPR).

ສິດທິໃນການຄັດຄ້ານທຸກເວລາຕໍ່ການປະມວນຜົນຂໍ້ມູນສ່ວນບຸກຄົນທີ່ດໍາເນີນການໂດຍພວກເຮົາບົນພື້ນຖານຜົນປະໂຫຍດທີ່ຖືກຕ້ອງຕາມກົດຫມາຍຂອງພວກເຮົາ (Art. 6 (1) f) DGSVO), ອີງຕາມສິລະປະ. 21 GDPR; ແລະ

ສິດ​ທິ​ທີ່​ຈະ​ຖອນ​ການ​ຍິນ​ຍອມ​ໃດໆ​ທີ່​ໄດ້​ອະ​ນຸ​ຍາດ​ໃຫ້​ອີງ​ຕາມ​ສິນ​ລະ​ປະ​. 7 (3) GDPR ທີ່ມີຜົນກະທົບໃນອະນາຄົດ. ອັນນີ້ຈະບໍ່ສົ່ງຜົນກະທົບຕໍ່ຄວາມຖືກຕ້ອງຕາມກົດໝາຍຂອງການປຸງແຕ່ງໃດໆທີ່ປະຕິບັດບົນພື້ນຖານການຍິນຍອມດັ່ງກ່າວຈົນເຖິງການຍົກເລີກ.

ພວກເຮົາຈະແຈ້ງໃຫ້ຜູ້ຮັບໃດໆທີ່ພວກເຮົາໄດ້ເປີດເຜີຍຂໍ້ມູນສ່ວນຕົວຂອງທ່ານກ່ຽວກັບການແກ້ໄຂຫຼືການລຶບຂໍ້ມູນສ່ວນຕົວຫຼືຂໍ້ຈໍາກັດຂອງການປະມວນຜົນ, ເວັ້ນເສຍແຕ່ວ່ານີ້ຈະເປັນໄປບໍ່ໄດ້ຫຼືອາດຈະກ່ຽວຂ້ອງກັບຄວາມພະຍາຍາມທີ່ບໍ່ສົມດຸນ.

ທ່ານ​ສາ​ມາດ​ຢືນ​ຢັນ​ສິດ​ຂ້າງ​ເທິງ​ນີ້​ຕໍ່​ພວກ​ເຮົາ​, ເຊັ່ນ​: ໂດຍ​ການ​ແຈ້ງ​ໃຫ້​ພວກ​ເຮົາ​ໂດຍ​ການ​ໄປ​ສະ​ນີ​ຫຼື​ອີ​ເມລ​ທີ່ technical@srs-certification.com​.

ເຖິງຢ່າງໃດກໍ່ຕາມ, ທ່ານມີສິດທີ່ຈະສົ່ງຄໍາຮ້ອງຮຽນຕໍ່ອົງການຄວບຄຸມທີ່ມີການຄວບຄຸມ (ມາດຕາ 77 GDPR).

ໄລຍະເວລາຂອງການເກັບຮັກສາຂໍ້ມູນ

ໃນການພິຈາລະນາຂໍ້ກໍານົດທີ່ກ່ຽວຂ້ອງພາຍໃຕ້ກົດຫມາຍວ່າດ້ວຍການປົກປ້ອງຂໍ້ມູນ, ພວກເຮົາຈະລຶບຂໍ້ມູນສ່ວນຕົວທີ່ເກັບໄວ້ກ່ຽວກັບທ່ານໂດຍບໍ່ມີການດໍາເນີນການໃດໆໃນສ່ວນຂອງເຈົ້າຖ້າບໍ່ຈໍາເປັນສໍາລັບຂໍ້ມູນທີ່ຈະຮູ້ເພື່ອປະຕິບັດຈຸດປະສົງທີ່ກ່ຽວຂ້ອງກັບການເກັບຮັກສາຫຼືຖ້າ ການເກັບຮັກສາຂໍ້ມູນບໍ່ໄດ້ຖືກອະນຸຍາດໃຫ້ສໍາລັບເຫດຜົນທາງກົດຫມາຍອື່ນໆ. ໃນ​ບາງ​ກໍ​ລະ​ນີ​ສະ​ຫນອງ​ໃຫ້​ສໍາ​ລັບ​ກົດ​ຫມາຍ (ເຊັ່ນ​: ຂໍ້​ຜູກ​ມັດ​ການ​ເກັບ​ຮັກ​ສາ​ໄວ້​ຕາມ​ກົດ​ຫມາຍ​)​, ຂໍ້​ມູນ​ຂອງ​ທ່ານ​ອາດ​ຈະ​ຖືກ​ບລັອກ​ແທນ​ທີ່​ຈະ​ຖືກ​ລົບ​.

ໃນກໍລະນີຂອງການສະຫມັກວຽກ, ເອກະສານການສະຫມັກຈະຖືກລຶບຫຼືຖືກບລັອກໂດຍອີງຕາມມາດຕະການດັ່ງຕໍ່ໄປນີ້ແລະຂໍ້ມູນສ່ວນບຸກຄົນທີ່ສະຫນອງໃນ hard copy ສົ່ງຄືນໃຫ້ຜູ້ສະຫມັກ. ຖ້າຜູ້ສະຫມັກໄດ້ສະຫມັກພຽງແຕ່ສໍາລັບວຽກເຮັດງານທໍາທີ່ໂຄສະນາສະເພາະ, ຂໍ້ມູນການສະຫມັກຂອງພວກເຂົາຈະຖືກເກັບໄວ້ຈົນກ່ວາການຕັດສິນໃຈສຸດທ້າຍກ່ຽວກັບການແຕ່ງຕັ້ງໃຫ້ຕໍາແຫນ່ງແມ່ນເຮັດບວກກັບເວລາສູງສຸດຂອງຫົກເດືອນຈາກແຈ້ງການຂອງການຕັດສິນໃຈນີ້.

ຕາມນັ້ນແລ້ວ, ຂໍ້ມູນ ຫຼືເອກະສານທີ່ສະໜອງໃຫ້ໂດຍຜູ້ສະໝັກຈະຖືກລຶບຖິ້ມໃນລັກສະນະທີ່ສອດຄ່ອງກັບລະບຽບການປົກປ້ອງຂໍ້ມູນ.

ພຽງແຕ່ບ່ອນທີ່ຄໍາຮ້ອງສະຫມັກເຮັດໃຫ້ການພົວພັນການຈ້າງງານເຂົ້າໄປໃນຫຼືຖ້າຂໍ້ກໍານົດທາງກົດຫມາຍອະນຸຍາດໃຫ້ເກັບຮັກສາຂໍ້ມູນນີ້ຕື່ມອີກໂດຍວິທີການຍົກເວັ້ນຈະບໍ່ນໍາໃຊ້; ໃນກໍລະນີນີ້, ຂໍ້ມູນການສະໝັກຈະຖືກປະມວນຜົນເພື່ອໃຫ້ຄວາມສຳພັນການຈ້າງງານຖືກປະຕິບັດ ຫຼື ເກັບຮັກສາໄວ້ເປັນໄລຍະເວລາດົນຂຶ້ນຕາມລະບຽບກົດໝາຍ ແລະ, ຖ້າມີກົດໝາຍກຳນົດ, ປຸງແຕ່ງ ແລະນຳໃຊ້ (ມາດຕາ 26 (1) BDSG ແລະ/. ຫຼື Art. 6 (1) b) ແລະ f) GDPR). ໃນ​ກໍ​ລະ​ນີ​ນີ້​, ພວກ​ເຮົາ​ຈະ​ແຈ້ງ​ໃຫ້​ຜູ້​ສະ​ຫມັກ​ກ່ອນ​ທີ່​ຈະ​ປະ​ຕິ​ບັດ​ສະ​ເພາະ​ຂອງ​ການ​ປະ​ຢັດ​, ການ​ປະ​ມວນ​ຜົນ​ຫຼື​ການ​ນໍາ​ໃຊ້​ຂໍ້​ມູນ​ສ່ວນ​ບຸກ​ຄົນ​ຂອງ​ເຂົາ​ເຈົ້າ​ອີງ​ຕາມ​ຂໍ້​ກໍາ​ນົດ​ຂອງ​ກົດ​ຫມາຍ​ວ່າ​ດ້ວຍ​ການ​ປົກ​ປັກ​ຮັກ​ສາ​ຂໍ້​ມູນ​, ຖ້າ​ຫາກ​ວ່າ​ເຂົາ​ເຈົ້າ​ບໍ່​ໄດ້​ມີ​ຢູ່​ໃນ​ການ​ຄອບ​ຄອງ​ຂອງ​ຂໍ້​ມູນ​ນີ້​.

ຕິດຕໍ່ລາຍລະອຽດຂອງເຈົ້າຫນ້າທີ່ປົກປ້ອງຂໍ້ມູນ

ສໍາລັບຄໍາຖາມທີ່ກ່ຽວຂ້ອງກັບການປົກປ້ອງຂໍ້ມູນ, ກະລຸນາຕິດຕໍ່ເຈົ້າຫນ້າທີ່ປົກປ້ອງຂໍ້ມູນຂອງພວກເຮົາ, ຜູ້ທີ່ທ່ານສາມາດ e-mail ໄດ້ technical@srs-certification.com.

ອັບເດດຄຳຖະແຫຼງການຄວາມເປັນສ່ວນຕົວຂອງຂໍ້ມູນ

ໃນໄລຍະການພັດທະນາຢ່າງຕໍ່ເນື່ອງຂອງເວັບໄຊທ໌ຂອງພວກເຮົາ, ພວກເຮົາຍັງຈະສືບຕໍ່ປັບປຸງແກ້ໄຂຖະແຫຼງການຄວາມເປັນສ່ວນຕົວຂໍ້ມູນຂອງພວກເຮົາ. ການ​ປ່ຽນ​ແປງ​ໃດໆ​ຈະ​ໄດ້​ຮັບ​ການ​ສື່​ສານ​ໃນ​ຫນ້າ​ນີ້​ໃນ​ເວ​ລາ​ທີ່​ດີ​. ດ້ວຍເຫດຜົນນັ້ນ, ຜູ້ໃຊ້ຂອງພວກເຮົາຄວນເບິ່ງໜ້ານີ້ຢ່າງເປັນປົກກະຕິເພື່ອແຈ້ງບອກຕົນເອງກ່ຽວກັບສະຖານະປັດຈຸບັນຂອງຖະແຫຼງການຄວາມເປັນສ່ວນຕົວຂອງຂໍ້ມູນ.

ເລື່ອນໄປເທິງ