Login
Schedule a Demo

Data Privacy information.

Qualifyze Data Protection Declaration

Last modified September 1st, 2025.

  • Purpose

The Purpose of this Data Protection Policy is to outline the commitment of Qualifyze GmbH and Qualifyze Spain, S.L.U. (hereinafter “Qualifyze”) to protecting the privacy, security and confidentiality of personal data in compliance with the General Data Protection Regulation (GDPR) and the relevant data protection laws. This Policy establishes the principles, procedures and responsibilities for the processing of personal data within Qualifyze. 

Personal data shall be understood as any information that relates to an identified or identifiable living individual. The protection of natural persons in relation to the processing of personal data is a fundamental right that Qualifyze aims to not only respect but also protect. Qualifyze undertakes to implement the necessary technical and organisational measures to protect personal data against any threat that could potentially affect the confidentiality, integrity, availability, and resilience, regardless of the means and the format in which the data is used. 

  • Scope of Application 

This Data Protection Policy applies to all employees, contractors and third parties who process personal data on behalf of Qualifyze. It covers all data collected, processed, or stored by Qualifyze, regardless of the format or medium in which it is stored. 

General Principles on Data Protection 

  • Lawfulness and Fairness 

The processing of personal data shall be lawful, fair and transparent. Qualifyze shall collect the personal data for one or more specific and legitimate purposes in accordance with the applicable data protection law. When mandatory under such regulation, the express consent of the data subjects must be obtained. Data privacy policies shall be drafted in clear and plain language and accessible to the data subjects. 

In particular, Qualifyze shall not collect or process personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation, unless the collection and processing of such data is necessary, legitimate and required or permitted by the applicable laws, in which case the data shall be collected and processed in accordance with the provisions of the applicable laws. 

  • Purpose Limitation 

Qualifyze shall collect the data for specified, explicit and legitimate purposes and shall not process the personal data in any different matter. 

  • Data Minimization: 

The processing of personal data shall be adequate, relevant and limited to the necessary data for the purposes of which it is processed. 

  • Accuracy

Personal data shall be accurate and up to date, otherwise Qualifyze shall delete or correct them. 

  • Storage Limitation 

Personal data shall not be stored longer than necessary for the purposes for which it is processed.

  • Integrity and Confidentiality 

When processing personal data, Qualifyze shall ensure adequate organisational and security measures. These measures shall  guarantee a level of security appropriate to the risk, taking into account the state of the art, the costs of implementation, and the nature, scope, and context and purposes of the processing. Additionally, they shall address the varying likelihood and severity of risks that may result from personal data processing, potentially leading to damage to the rights and freedoms of natural persons.may result from personal data processing which could lead to damage. 

  • Transparency and Information

The processing of personal data shall be transparent to the data subjects, Qualifyze shall provide them with the information about the processing of personal data drafted in a clear, plain and accessible language.  Qualifyze shall inform the data subjects, at least, about: 

  • The identity of the Controller of the personal data. 
  • The purpose of the processing. 
  • The legal basis for the processing. 
  • Automated decisions including profiling, if any. 
  • The third parties to whom the data may be transferred. 
  • The data storage period. 

  • Limit to the Acquisition of Personal Data

Qualifyze shall not obtain personal data from illegitimate sources or sources that do not guarantee the legitimate origin of the personal data and/or that cannot be proven to have been obtained in compliance with the applicable data protection laws. 

  • Contracting Processors 

Prior to signing any agreement with any service provider that accesses personal data for which Qualifyze is the data controller, during the contractual relationship and onwards, Qualifyze shall ensure that the service provider complies with the applicable data protection laws and has the appropriate technical and organizational security measures. 

The User of the Website or the platform grants Qualifyze a general written authorization to engage subprocessors for the provision of the services. A current list of authorized subprocessors is maintained and made available at the web and app privacy policy, section 4, data sharing. 

Qualifyze will update this list in the event of any intended changes concerning the addition or replacement of subprocessors. Such updates will be published in the same location. The User may object to the changes within 14 calendar days from the date of publication by submitting a written objection on reasonable grounds related to data protection. 

Continued use of the services after this period without express objection shall be deemed as tacit acceptance of the new subprocessors.

  • International Transfers 

Personal data shall not be transferred to countries outside the European Economic Area (EEA) without adequate safeguards in place to protect the data in accordance with the applicable data protection regulations. 

  • Data Subject Rights

Qualifyze shall guarantee the rights of the data subjects, in particular: 

  • The right to access: Qualifyze shall allow data subjects to obtain confirmation as to whether or not their personal data is being processed. 
  • Right to rectification: to request correction of inaccurate or incomplete personal data. 
  • Right to erasure: to delete or remove data subject’s personal data in accordance with the data protection regulations. 
  • Right to restriction of processing: to limit the processing of data subject’s personal data as required. 
  • Right to data portability: to allow data subjects to receive their personal data in a structured and readable manner. 
  • Right to object to the processing of their personal data. 
  • Right in relation to automated individual decision-making. 

  • Training of Employees

Employees shall receive regular training and awareness programs to ensure they understand their responsibilities regarding data protection and privacy. 

  • Control and Evaluation

The legal team shall monitor compliance with this Data Protection Policy, at least, once a year and inform the Qualifyze management of the outcome of such monitoring. To verify compliance with this Data Protection Policy, external or internal periodical audits shall be conducted. 

This Data Protection Policy shall be reviewed, at least, annually in accordance with the monitoring and the obtained outcomes, and extraordinarily when changes in internal processes or applicable legislations make it necessary. 

  • Implementation

Qualifyze’s management together with the legal team, shall develop the internal policies and procedures as necessary to comply with the applicable data protection regulations, and shall keep them up to date. Such policies shall be implemented by Qualifyze’s management and shall be mandatory for all the employees and third parties contracting with Qualifyze. 

The tech team, in collaboration with the legal team, shall prepare and keep up to date the necessary security and data privacy policies to ensure the protection and integrity of the personal data. Qualifyze shall create an Information Security Committee with the purpose of establishing the norms related to information security within the entity and work to ensure these security measures conform to the standards established in ISO 27001. 

This Data Protection Policy shall be communicated to the relevant parties and shall be available upon request. Adherence to this Data Protection Policy is an obligation of both, employees, contractors and third parties who process personal data on behalf of Qualifyze and Qualifyze as a company. 

Each Qualifyze team, employee, contractor or third parties that process personal data on behalf of Qualifyze must ensure that it is handled and processed in line with this Data Protection Policy and principles defined therein. 

Failure to comply with this Data Protection Policy from an employee will imply a material breach subject to legal and/or disciplinary procedures, aligned with the collective labour agreement in force. 

Furthermore, any breach of this Data Protection Policy or any data protection regulations committed by the contractors and third parties will be considered a material breach of the contractual relationship.

This Data Protection Policy is approved as of May 6th, 2024.

Annex  1

Data Protection basic terms and concepts: 

Unless otherwise defined in this Data Protection Policy, capitalised terms and expressions used shall have the same meaning as in the GDPR and their cognate terms shall be construed accordingly. Here you can find a definition of the basic terms: 

  • Personal Data: means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
  • Processing: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
  • Profiling: means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
    Sensitive personal data: 
  • Data Subject: is the individual the personal data relates to. 
  • Controller: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
  • Processor: means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

Last modified: January 26th, 2026

We are pleased about your visit on our website www.qualifyze.com and app.qualifyze.com. Protecting your personal data is important to us and we want you to feel safe when visiting our website. For this reason, we have compiled here some important information about the personal data that is collected, processed and used when using our website in compliance with data protection regulations (“Privacy Policy”).

Personal data are individual details about personal or factual conditions of a specific or identifiable natural person. This includes information such as your real name, your address, your e-mail address, your telephone number and your date of birth. No personal data are on the contrary such information that cannot be associated with your real identity; this includes, for example, the number of users of our website or comparable summarized information.

1. SCOPE 

This privacy policy applies to the website www.qualifyze.com and all related websites, applications, services, and tools referring to this Privacy Policy, regardless of the type of access and including access via mobile devices.

In the event of changes to this Privacy Policy, we will post the amended Privacy Policy and the effective date of the amended Privacy Policy on this website. We therefore recommend reading the Data Privacy Policy at regular intervals. Changes that require your consent will only be made by requesting it to you. 

2. DATA CONTROLLER OF THE PERSONAL DATA

If you have a Subscription Agreement in place with Qualifyze, the Data Controller will be the company you have signed the Subscription Agreement with. If you do not have an active Subscription Agreement with us and you access our services from the United States, the Data Controller will be Qualifyze Inc., if you access from anywhere else in the world, the Data Controller will be Qualifyze GmbH.  

Details of the data controllers: 

Qualifyze GmbH, Bockenheimer Anlage, 46, 60322 Frankfurt am Main, Germany. DPO: dataprivacy@qualifyze.com

Qualifyze Inc.,  a Delaware corporation with an address at 525 Washington Blvd, Jersey City, NJ 7310, New Jersey. Data Privacy contact details: dataprivacy@qualifyze.com

3. CATEGORIES OF DATA

If you have registered with us, you have chosen to provide us with your personal data and not to remain anonymous to us.

We collect the following types of personal data to enable you to use and access our website, applications, services and tools, to provide you with a more personal and better user experience and to customize content. If you do not allow Qualifyze to collect this personal data, you must stop using the website or platform: For more information see section “Automatically collected data” below:      

Automatically collected data

Upon accessing our website, we temporarily log information about the type and duration of use (general usage data, e.g. IP address, the connection data of the requesting computer, the websites you visit on our site, the date and duration of your visit, the identification data of the browser and operating system type used and the website from which you visit us if you have provided your consent), which is transmitted to us from your computer, mobile device or other technical device. This is to provide you with a more personal and better user experience and to customize content.

Cookies, Web Beacons and Similar Technologies

We also use data collected through cookies, web beacons and other similar technologies. More detailed information on how we use these technologies and how you can prevent their use can be found in our Cookie Policy.

Data provided by you or your company

Additional personal data is not collected unless you provide this information voluntarily, e.g. as part of registration, application, a survey or for implementation an information request, contacting our sales team or by creating a user in the platform as part of a subscription agreement. 

     These may include:

  • Information you provide when setting up a user account or registering for our services, such as your name, company address, e-mail address, telephone number, and professional title.
  • Data that you transmit to us via social media, websites or services;
  • Data transmitted through community discussions, chats, problem resolution and correspondence/feedback on the website or by e-mail/fax/post;
  • Other personal data which we ask you to provide and which we require for your authentication or for verification in the event of suspected violation of our terms of use (e.g., if permitted by law, a copy of your ID or a copy of invoice to verify your address or your identity).
  • Other contact details as necessary for the performance of the services, including names and email addresses of contact persons; names and email addresses of participants in Qualifyze’s meetings, the meeting subject and description and the input and output of the meeting while Qualifyze’s employees are in the meeting.
  • Your voice and any other personal data you provide in calls or meetings that must be recorded under this privacy policy.

Collection of information from social media and sign-on services

We offer sign-on services that allow you to access our website, applications, services and tools using credentials from other services (such as Microsoft or Google). We also offer services that allow you to share information with other social media sites such as Meta, Google, X and others.

You are free to give us access to certain Personal Data stored on such third-party websites. Which personal data we can access depends on the respective website and is controlled by your data protection settings on this website and your consent. By linking an account managed by a third party to your user account set up with us and authorizing access to this information, you agree that we may collect, use and store information from this website in accordance with this Privacy Policy.

Regulatory compliance verification

In order to verify compliance with our legal and contractual obligations, Qualifyze may carry out a preliminary review (compliance screening) that will include consulting public information relating to the client company, its representatives or related persons, including data related to administrative sanctions or records available in official registers. Under no circumstances will automated decisions or decisions based exclusively on data relating to criminal convictions or offences be taken without the corresponding specific legal basis in accordance with article 10 of GDPR.

Data obtained from third-party sources (data enrichment): 

Qualifyze may supplement information you provide with additional data obtained from legitimate third-party sources to enhance the quality of our services. These may include: 

  • Professional information (job title, role, employment history, industry). 
  • Company information (company name, size, location, sector). 
  • Additional professional contact details (business email, phone number). 
  • Professional social media profiles and activity. 
  • Publicly available business information.

 

4. PROCESSING AND USE OF PERSONAL DATA: PURPOSES

Main purposes:The processing and use takes place in particular for the following main purposes and with the following legal bases:      

  • Provide you with access to our website, applications, services and tools as well as the desired customer service by e-mail or telephone. Depending on the case, the legal basis for this purpose will be your consent (art. 6.1.a) GPDR), our legitimate interest (art. 6.1.f) GDPR) or the performance of the contract (art. 6.1.b) GDPR). The legitimate interest will consist of maintaining commercial relations with the user and providing a proper service.

 

  • Prevent, detect and investigate fraud, security breaches and prohibited or illegal activities and enforce our Terms and Conditions. Depending on the case, the legal basis for this purpose will be our legitimate interest (art. 6.1.f) GDPR) or the fulfilment of legal obligations (art. 6.1.c) GDPR). The legitimate interest will consist of maintaining the security of communications and information for the benefit of Qualifyze and its users.

 

  • Adapt, measure and improve our services and content. Depending on the case, the legal basis for this purpose will be our legitimate interest (art. 6.1.f) GDPR) or your consent (art. 6.1.a) GDPR). Legitimate interest will consist of improving our services to ensure a good relationship with the client and the smooth running of the business.

 

  • Contact you by telephone or e-mail to resolve disputes, enforce fee claims, resolve problems with your user account or our website, our services, applications or tools or for any other legally permitted purposes. Depending on the case, the legal basis for this purpose will be our legitimate interest (art. 6.1.f) GDPR) or the performance of the contract (art. 6.1.b) GDPR). The legitimate interest will consist of maintaining a correct relationship with users and minimizing conflicts that may have legal or security consequences.

 

  • Contact you by telephone or e-mail and to inform you about our services and the services of our group of companies, targeted marketing activities, service updates and advertising offers if you have given your express consent and/or if the statutory requirements are given. The legal basis for this purpose will be your consent (art. 6.1.a) GPDR or our legitimate interest (art.6.1.f) GDPR) Legitimate interest will consist on Qualifyze maintaining a relationship with the data subject and informing of services similar to those contracted between the parties. 

 

  • Provide you with other services that you have expressly requested in accordance with the description provided when collecting the data. The legal basis for this purpose will be the performance of the contract (art. 6.1.b) GDPR).

 

  • Regulatory compliance verification processing is based on the legitimate interest of Qualifyze in preventing legal and reputational risks before establishing a contractual relationship, in accordance with art. 6.1.f) of GDPR and, where applicable, art. 31 of the Swiss Federal Data Protection Act (FADP).

 

  • Qualifyze uses notetaker tools to collect meeting data, for documentation and quality purposes: recording of the meetings are used to document proceedings, decisions and discussions for archival, documentation and quality purposes. And internal communication: recordings may be shared internally within the organisation for review training, or other legitimate business purposes. The legal basis is Qualifyze’s legitimate interest for quality and documentation purposes, as well as for the performance of the contract. Qualifyze’s informs the attendees about the notetaking, providing a link to the applicable policy and giving them the option to oppose the processing and delete the meeting data.

 

  • Qualifyze may supplement the information you provide with additional data obtained from legitimate third-party sources to enhance the quality of our services. We use specialised data enrichment platforms such as HubSpot and Apollo.io, which aggregate information from publicly available sources, professional databases, and commercial data providers, for the purposes of personalizing and improving business communication, better understand your professional needs and interests, enhance our service delivery and user experience, qualify and manage business opportunities and maintain accurate and up-to-date contact information. The legal basis is our legitimate interest in improving the quality and relevance of our services communications (art. 6.1.f) GDPR).

 

The processing may involve authorized subprocessors listed in the applicable policy.

Other Uses of Personal Data: Marketing Purposes

If you have given Qualifyze the consent to use your personal data for Marketing purposes, or if there are legitimate interest grounds, your data may be used for the following specific purposes:

  • inform you about websites, applications, services and tools that we offer;
  • to inform you about targeted marketing campaigns and advertising offers;
  • to personalize, evaluate and improve our advertisements.

We assure you that we will not pass on your personal data to third parties for their marketing purposes without your express consent. 

Objection against the use of your personal data for marketing purposes

If you do not wish to receive marketing and advertising messages from us, you can indicate this in direct contact with us (e.g. by e mail to dataprivacy@qualifyze.com or unsubscribe via the registration link in the marketing or advertising message).

5. DATA SHARING:

      Data can be transmitted to the following recipient groups:

  • Professional advisors and auditors, where such disclosure is required by applicable law, regulatory requirements or professional standards, or where it is necessary for compliance with legal obligations or for the protection of our legitimate interests. This may include, without limitation, external auditors appointed to perform statutory audits of our annual financial statements, tax advisors, legal counsel, compliance consultants and other professional service providers. Depending on the specific circumstances, the nature of the services provided and the applicable legal requirements, such recipients may act either as independent data controllers or as data processors acting on our behalf in accordance with the GDPR. Personal data is disclosed to such recipients strictly on a need-to-know basis and subject to appropriate contractual, confidentiality and data protection safeguards.

 

  • Authorized subprocessors who support us in the provision of services our business operations (in particular fraud prevention, compliance checks, analytics, communications and infrastructure support, as listed in the applicable subprocessor section of our Privacy Policy. The User is informed that the use of such subprocessors is subject to a general written authorization, in accordance with art. 28 GDPR.

 

  • Third-party providers of websites, applications and tools by which we work in accordance with our General Terms and Conditions to publish or promote your advertisement and their content on their website or in their applications and tools. If we also transfer personal data to such third party providers with the content of your advertisements, this happens exclusively on the basis of a written contract which limits the use of the personal data by the third party provider and obliges them to take security measures with regard to this data. In particular, third parties are not permitted to sell, rent or in any other way pass on to third parties the personal data contained in your advertisements.

 

  • Qualifyze uses Datadog Inc., which allows servers, databases, tools and services to be monitored using a software-as-a-service-based data analysis platform. Qualifyze guarantees that the data is located in Europe, if a transfer is needed, it’s GDPR-compliant, as the United States has an adequacy decision by the European Commission and the company is included in the Data Privacy Framework List.
  • Qualifyze uses Amplitude to analyze user behavior within our website, products and services. Qualifyze guarantees that the data is located in Europe, if a transfer is needed, such transfer is GDPR-compliant, as the United States has an adequacy decision by the European Commission and the company is included in the Data Privacy Framework List.

 

  • Qualifyze uses Amplitude to analyze user behavior within our website, products and services. Qualifyze guarantees that such transfer is GDPR-compliant, as the United States has an adequacy decision by the European Commission and the company is included in the  Data Privacy Framework List.

 

  • Qualifyze uses Hotjar to better understand our users’ needs and to optimize this service and experience. 

 

  • Qualifyze uses MailChimp for email marketing, a company established in the United States. Qualifyze guarantees that such transfer is based on the Standard Contractual Clauses approved by the European Commission.

 

  • Qualifyze uses Chili Piper Inc., a company established in the United States, to qualify, route and schedule meetings from any inbound or outbound channel. Qualifyze guarantees that such transfer is based on the Standard Contractual Clauses approved by the European Commission.

 

  • Qualifyze uses Heap to help us better understand user interactions with our website, Qualifyze hereby confirms the company is included in the Data Privacy Framework List.

 

  • Qualifyze uses Hapily.Inc to provide quotations to its customers, Qualifyze hereby confirms it has signed adequate measures . 

 

  • Qualifyze may use third-party platforms such as HubSpot and Apollo.io to enrich and validate business contact information.

 

  • Other third parties to whom we send your data exclusively at your express request, or where you have been specifically informed and provided your explicit consent, in accordance with the applicable data protection law. These Parties are not considered subprocessors but independent controllers of third-party recipients

 

  • Criminal prosecution or supervisory authorities or authorized third parties on the basis of a request for information in connection with an investigation procedure or the suspicion of a criminal offence, an illegal act or other actions which may give rise to legal liability for us, you or another user. In such cases, we will disclose the information requested. In order to protect your privacy, we will not disclose your personal data to law enforcement authorities, regulatory authorities or other third parties without a subpoena, court order or comparable legal proceedings, unless we are not convinced that disclosure is necessary to avert imminent danger to life and limb, property or financial assets, to report suspicions of unlawful actions or to otherwise protect our users from unlawful actions.

 

  • Qualifyze’s Affiliates for administrative purposes only.

Standard Information in Advertisements

On our website, the location information of registered trade dealers and buyers is transmitted to external service providers that may be located outside the European Economic Area (EEA) for the purpose of displaying maps with location information in advertisements.

Third country transfers: 

Personal data will be processed within the European Union. In the event that the contracting of any service provider involves the transfer of data outside the European Union, such transfer will take place in accordance with the GDPR. In particular, the data could be processed by companies in the United States. In this case, the processing is based on the European Commission’s adequacy decision, given that the companies importing the data are adhered to the EU-US Data Privacy Framework. Failing this, the exporter and importer of the data will have subscribed to the standard clauses of the European Commission.  When an international data transfer is based on standard clauses of the European Commission, the user will have the right to request a copy of them.

6. USE OF SOCIAL MEDIA PLUGINS

Plugins of the social networks of META (“Facebook”; overview of Facebook plugins), X, USA (“Twitter”) can be integrated on our website via “Tweet-Button“ or “Follow-Button“ and Google Inc., USA (“Google+“ ) (for more information click on the link of the respective network). When you visit our website, which contains such a plugin, the plugin establishes a direct connection between your browser and the server of the respective social network. The social network provider receives the information that you have visited our site with your IP address. If you click the plugin while logged into your account, you can link the content of our website to your social networking profile. This allows the social network to associate the visit to our site with your account. We, as the provider of the pages, are not aware of the content of the transmitted data or its use by the provider of the social network. For more information, see the social networks’ privacy policy, which you can access here for the social networks Facebook, Twitter and Google+.

Please note that you must be logged out of your social network account if you visit our site and do not want your social network or social networks to associate your visit to our site with your account.

7. DATA SECURITY

Qualifyze takes all necessary technical and organizational security measures to protect your personal data from loss, unauthorized access or other misuse. Your data is stored in a secure operating environment that is not accessible to the public.

We protect your data through technical and organizational security measures to minimize risks in connection with loss, misuse, unauthorized access and unauthorized disclosure and modification of this data.  For example, we use firewalls and data encryption, but also physical access restrictions for our data centres and authorization controls for data access. You can find more information in the Information Security Policy.  However, if you believe that your account has been misused, please report this to us at security@qualifyze.com

8. DATA PROTECTION RIGHTS

You have the right of access to your data, the right of rectification of your data, erasure, restriction of the processing, object to the processing and right to portability, as well as the right to withdraw consent at any time, without it affecting the lawfulness of the processing based on consent before its withdrawal. You can reach us by the e-mail dataprivacy@qualifyze.com for this purpose at the contact details given at the end of this Data Privacy Policy.

We will process your request within a reasonable time and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. Qualifyze shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay.      

Subject to the requirements of Art. 77 GDPR, data subjects have the right to file a complaint with a competent supervisory authority. As a rule, the data subjects may contact the supervisory authority of his or her habitual residence or place of work or place of the alleged infringement or the registered office of Qualifyze. The supervisory authority responsible for Qualifyze GmbH is the Hessian Commissioner for Data Protection and Freedom of Information. A list of all German supervisory authorities and their contact details can be found here.

9. STORAGE OF PERSONAL DATA

The data will be stored for the time necessary to fulfill the purpose of the processing and in accordance with the principle of limitation of the conservation period. If you have a contract with us, Qualifyze will retain the company data for 10 years after the termination of the contractual relationship. The data is retained for the legally established period during which legal actions can be exercised. The details of the users of the platform will be deleted (i) when the user formally requests so or (ii) when the Client that has a contract with Qualifyze requests to remove the user from the Client account, in accordance with the specifics of the contract between the Parties. Once the data is no longer necessary, it will no longer be processed for the initial purposes and will be stored with restricted access, only available to the competent authorities in the event of a complaint or legal action.

Last modified March 19th, 2025.

Information on personal data processing in accordance GDPR for job applicants

This policy refers to the processing of job applicants’ or Auditors (“Applicants”) personal data by Qualifyze Spain, S.L.U. (“Qualifyze”). Protecting Applicants’ personal data is important to Qualifyze, for this reason, this policy compiles all the relevant information about the processing of Applicants’ personal data during the application process with Qualifyze.

Data Controller:
Qualifyze Spain, S.L.U.    
Passeig de Gràcia, 19, planta 5

08007, Barcelona, Spain.     

Contact details for data protection:
Email: dataprivacy@qualifyze.com

General data processing information

Collected data: only personal data shared with Qualifyze are being collected, when applying for a job offer. Apart from that, no personal data are collected. Any processing of Applicants’ personal data that goes beyond this scope is only possible with their express consent.
Data categories: Qualifyze collects and processes some or all of the following type of personal data Applicants provide during the application process, which are not limited to but include:
  • Information provided when applying for a role. This includes information provided through an online job site, via email, in person at interviews and/or by any other method.
  • In particular, Qualifyze processes personal details such as name, email address, gender, address, telephone number, date of birth, qualifications, experience, information relating to employment history, and skills provided by the Applicants.
  • Applicants’ details, CV and interview evaluation outcomes will be shared among current team members.
  • Evaluation outcomes are usually shared with the respective recruiter, contracted by Qualifyze, who referred the candidate.
  • When job interviews are recorded, Qualifyze can process the image and voice of the Applicants.

 

Qualifyze does not process special categories of data.

Processing purpose: To add Applicants’ resume to Qualifyze’s job application process, to evaluate Applicants; send email notifications regarding the current application status and future job offers (only with Applicants’ prior consent) and manage Applicants’ application process.
Legal basis: Adoption of pre-contractual measures (art. 6.1.b) GDPR). However, consent (art. 6.1.a) GDPR) is the legal basis for collecting recommendations from previous employers and image and voice processing.       
Categories of recipients: Qualifyze may share Applicants’ data with the following recipients:
  • Qualifyze’s affiliate (Qualifyze GmbH) for a better administrative management of the companies that comprise Qualifyze. Both entities have signed the appropriate contracts to regulate the communication of data between them.
  • External service providers or other contractors. These providers offer services such as document management, e-mail and other Office applications, information hosting, recruitment, online interview recording or legal advice. Qualifyze has signed the appropriate data processing agreements with those providers when necessary..     
  • Public authorities and agencies in case of legal obligation.

 

Third country transfers: Personal data will be processed within the European Union. In the event that the contracting of any service provider involves the transfer of data outside the European Union, such transfer will take place in accordance with the GDPR. In particular, the personal data could be processed by companies in the United States. In this case, the processing is based on the European Commission’s adequacy decision, given that the companies importing the data are adhered to the EU-US Data Privacy Framework. Failing this, the exporter and importer of the data will have subscribed to the standard clauses of the European Commission. When an international data transfer is based on standard clauses of the European Commission, the user will have the right to request a copy of them.     
Duration of data storage: Application data will generally be deleted within one year, at the latest, after the application date, unless consent has been given to store the data for a longer period of time in an applicant pool or another legal basis.

Automated decision-making

Qualifyze may use automated decision-making processes during the job application process in order to ensure efficiency and consistency in the evaluation of job applications. These processes analyse exclusively the information provided by Applicants under the application form and it does not review nor analyse Applicants’ resume or other documents provided therein. Decisions made through automated processes are always based on objective responses provided by Applicants to ensure there is no bias in the evaluation process. Specifically, Qualifyze’s system automatically evaluates responses to two questions: 1. Do you have a valid permit to work in Spain and/or German; 2. Do you speak English? If an applicant answers “No” to either of these questions, they may be automatically disregarded from the consideration. However, every automated decision is reviewed by a human before being finalized to ensure accuracy and fairness. Qualifyze is committed to fair and equitable treatment of all Applicants. For additional information about how automated decision-making is used or to request human intervention in the decision-making process, please contact us at dataprivacy@qualifyze.com

Qualifyze guarantees that reaching a decision is not solely up to the automated tool, but there is also meaningful human involvement during the process, in order to ensure objectivity and fairness.

Applicants’ rights

Applicants may invoke their rights to access, rectification or erasure their data, limitation, opposition to the use of the data, restrict its processing and portability. The rights can be exercised, and the consent can be withdrawn by sending a written request to the Data Controller, without affecting the lawfulness of the processing based on the consent given before its withdrawal. Applicants can also exercise their right to object to decisions exclusively taken by automated tools. To exercise any of these rights, Applicants may send an e-mail to dataprivacy@qualifyze.com.

Subject to the requirements of Art. 77 GDPR, Applicants have the right to file a complaint with a competent supervisory authority. As a rule, the Applicant may contact the supervisory authority of his or her habitual residence or place of work or place of the alleged infringement or the registered office of Qualifyze. The supervisory authority responsible for Qualifyze in Spain is the Agencia Española de Protección de Datos.

Changes to this Privacy Policy

Qualifyze reserves the right to update or modify this privacy policy at any time to reflect changes in its data processing policies or legal requirements. Qualifyze will always inform Applicants of the updated privacy policy before starting the processing of their data. However, Qualifyze encourages Applicants to review this policy periodically for any updates.

This Data Processing Agreement (“DPA”) shall apply to all Subscription Agreements in which QUALIFYZE GMBH or QUALIFYZE INC. (hereinafter individually each as “Qualifyze”), in the course of fulfilling its obligations under the relevant Subscription Agreement, processes Personal Data on behalf of a client acting as a Data Controller. You can download here the latest available version of Qualifyze DPA. If you have any doubts, please contact dataprivacy@qualifyze.com

Last modified July 9th, 2025.

SCOPE

Qualifyze GmbH (hereinafter “Qualifyze”) is committed to protecting the privacy, security and confidentiality of personal data in compliance with the General Data Protection Regulation (GDPR) and the relevant data protection laws.

This privacy notice outlines how Qualifyze collects and processes certain personal data of the attendees to a Qualifyze event (hereinafter the “Event”).

In the event of changes to this Privacy Policy, we will post the amended Privacy Policy and send you an informative email.

CONTROLLER OF THE PERSONAL DATA

The Data Controller of your personal data is Qualifyze GmbH, Bockenheimer Anlage, 46, 60322 Frankfurt am Main, Deutschland, dataprivacy@qualifyze.com.
DPO: dataprivacy@qualifyze.com

CATEGORIES OF PERSONAL DATA

We process the following categories of personal data:

  • Identifying and contact data: name and surname, email address , telephone number, industry, professional title, department and/or email address.
  • Data that you transmit to us via social media, websites or services;
  • In case you are a speaker at our event or in any way intervene by presenting a topic, we will also process professional and academic information about you, such as: professional experience, work title, qualifications.
  • Other information: date and time of access to the Event.
  • Photographs or video images and sound in which individuals may be identifiable.
  • Opinions on the realization of the Event.

PURPOSES FOR THE PROCESSING OF PERSONAL DATA

The processing and use takes place in particular for the following purposes:

  1. Sending of the invitation to the Event, management of your participation and other communications related to the Event.
  2. Access control to the Event.
  3. Satisfaction survey after the Event.
  4. Capturing and sharing Event photos on social media to promote
  5. Qualifyze’s Events and engage with our community.

BASIS FOR PROCESSING YOUR DATA

The legal basis for processing your data for purposes a. to c. is Qualifyze’s legitimate interest (art. 6.1.f) GDPR) for the Event management.

Likewise, for the purpose indicated in letter d. In case of wide shots and environmental sound, the legal basis is Qualifyze’s legitimate interest (art. 6.1.f) GDPR) in publicising and promoting Qualifyze’s Events both internally and externally, whether on our website or social media profiles, blogs, printed or other appropriate actions for the purpose.

In the event that, within the pictures of the Event Qualifyze or any Qualifyze’s subcontractor captures shots in which a person can be identified, the processing of the image and voice is based on the consent (art. 6.1.a) GDPR) of the Attendee given in the process of confirming attendance to the Event. By accepting the processing of their image and voice, the Attendee accepts Qualifyze to publish these images through any media, supports and formats known at present or that may be known in the future, including, by way of example: printed media such as brochures, magazines, press, books; radio, television, mobile telephony or the Internet (including websites, social network profiles, microsites, blogs, etc.), applications for smartphone and tablets, all on a non-exclusive, indefinite and worldwide basis. It is hereby informed that photos/videos may be published on the internet and thus distributed worldwide, further use by other persons cannot be excluded and deletion cannot be guaranteed. This transfer does not imply any obligations for Qualifyze to make use of the rights that are the object of this transfer.

Also, in the process of confirming attendance, the Attendee will be able to authorize Qualifyze to totally or partially assign these rights, transfer or subrogate its rights and obligations to any company of the Qualifyze Group, solely and exclusively for the purpose described above.

DATA SHARING

Data can be transmitted to the following recipient groups:

  • Authorized service providers who support us in our business operations and/or during the Event (advertising agencies, website operation, photographers).
  • Criminal prosecution or supervisory authorities or authorized third parties on the basis of a request for information in connection with an investigation procedure or the suspicion of a criminal offence, an illegal act or other actions which may give rise to legal liability for us, you or another user.
  • Qualifyze’s Affiliates for administrative purposes only.

Third-country transfers:

Personal data will be processed within the European Union. In the event that the contracting of any service provider involves the transfer of data outside the European Union, such transfer will take place in accordance with the GDPR. In particular, the data could be processed by companies in the United States. In this case, the processing is based on the European Commission’s adequacy decision, given that the companies importing the data are adhered to the EU-US Data Privacy Framework. Failing this, the exporter and importer of the data will have subscribed to the standard clauses of the European Commission. When an international data transfer is based on standard clauses of the European Commission, the user will have the right to request a copy of them.

STORAGE OF PERSONAL DATA

The data will be stored for the time necessary to fulfil the purpose of the processing and in accordance with the principle of limitation of the conservation period for 2 years. Once the data is no longer necessary, it will no longer be processed for the initial purposes and will be stored with restricted access, only available to the competent authorities in the event of a complaint or legal action during 4 additional years.

DATA PROTECTION RIGHTS

You have the right of access to your data, the right of rectification of your data, erasure, restriction of the processing, object to the processing and right to portability, as well as the right to withdraw consent at any time, without it affecting the lawfulness of the processing based on consent before its withdrawal. You can reach us for this purpose at dataprivacy@qualifyze.com .

We will process your request within a reasonable time and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. Qualifyze shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay.

Subject to the requirements of Art. 77 GDPR, data subjects have the right to file a complaint with a competent supervisory authority. As a rule, the data subject may contact the supervisory authority of his or her habitual residence or place of work or place of the alleged infringement or the registered office of Qualifyze. The supervisory authority responsible for Qualifyze is the Hessian Commissioner for Data Protection and Freedom of Information. A list of all German supervisory authorities and their contact details can be found here.

Last modified July 30th, 2025.

SCOPE

Qualifyze Inc. (hereinafter “Qualifyze”) is committed to protecting the privacy, security of individuals and transparency and fairness in the processing of their personal data. This privacy notice outlines how Qualifyze collects and processes certain personal data of the attendees to a Qualifyze event in the U.S. (hereinafter the “Event”), including marketing activities. 

In the event of changes to this Privacy Policy, we will post the amended Privacy Policy and send you an informative email. 

CATEGORIES OF PERSONAL DATA COLLECTED

In the course of the Event, we process the following categories of personal data: 

  • Identifying and contact data: name and surname, email address, telephone number, industry, professional title, department and/or email address. 
  • Data that you transmit to us via social media, websites or services;
  • In case you are a speaker at our event or in any way intervene by presenting a topic, we will also process professional and academic information about you, such as: professional experience, work title, qualifications. 
  • Other information: date and time of access to the Event. 
  • Photographs or video images and sound in which individuals may be identifiable. 
  • Opinions on the realization of the Event.

PURPOSES FOR THE PROCESSING OF PERSONAL DATA 

The processing and use takes place in particular for the following purposes:      

  1. Sending of the invitation to the Event, management of your participation and other communications related to the Event. 
  2. Access control to the Event. 
  3. Satisfaction survey after the Event. 
  4. Capturing and sharing Event photos on social media to promote Qualifyze’s Events and engage with our community. 

BASIS FOR PROCESSING YOUR DATA 

The legal basis for processing your data for purposes is your consent given when accepting this Privacy Policy by registering to the Event. 

DATA SHARING

Data can be transmitted to the following recipient groups:

  • Authorized service providers who support us in our business operations and/or during the Event (advertising agencies, website operation, photographers, speakers).
  • Criminal prosecution or supervisory authorities or authorized third parties on the basis of a request for information in connection with an investigation procedure or the suspicion of a criminal offence, an illegal act or other actions which may give rise to legal liability for us, you or another user. 
  • Qualifyze’s Affiliates.

Third country transfers: 

This Privacy Policy and the Event is intended for attendees located within the United States. While the website is generally available outside the United States, we do not market the Event to any other individuals beyond the United States. Law governing data collection and use in other jurisdictions may differ from U.S. law. If you are located in the European Union and decide to join the Event, you should be aware that data will be transferred to the U.S. 

EVENT PHOTOGRAPHY AND VIDEO

To promote Qualifyze’s Events and engage with our community, Qualifyze or its contractors may capture and employ pictures and videos of the attendees. Attendance at our Event means consent to this Privacy Policy for Qualifyze’s events in the U.S., including the use of individuals’ image in promotions. Qualifyze may publish these images through any media, supports and formats known at present or that may be known in the future, including, by way of example: printed media such as brochures, magazines, press, books; radio, television, mobile telephony or the Internet (including websites, social network profiles, microsites, blogs, etc.), applications for smartphone and tablets, all on a non-exclusive, indefinite and worldwide basis. It is hereby informed that photos/videos may be published on the internet and thus distributed worldwide, further use by other persons cannot be excluded and deletion cannot be guaranteed. Qualifyze hereby disclaims any liability for its usage by other attendees or third parties on social media. Also, the Attendee is hereby authorizing Qualifyze to totally or partially assign these rights, transfer or subrogate its rights and obligations to any company of the Qualifyze Group, solely and exclusively for the purpose described above.

 If you don’t agree to this, you can exercise your opt-out right by sending an email to dataprivacy@qualifyze.com

While the data will be stored for as long as it is required to fulfil the purposes of this Privacy Policy, attendees may exercise the opt-out right at any time, without it affecting the consent given prior to that withdrawal. 

DATA PROTECTION RIGHTS

You have the right of access to your data, the right of rectification of your data, erasure, restriction of the processing, object to the processing and right to portability, as well as the right to withdraw consent at any time, without it affecting the lawfulness of the processing based on consent before its withdrawal. You can reach us for this purpose at dataprivacy@qualifyze.com.

We will process your request within a reasonable time and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. Qualifyze shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay.