1. General information
Information about how IQM processes personal data in the course of its association-related activities can be found here.
Initiative Qualitätsmedizin e.V. (IQM) takes data privacy very seriously. The collection and processing of your personal data is carried out in accordance with the applicable data protection regulations, in particular the General Data Protection Regulation (GDPR). Personal data is collected, processed and used on the pages of this website only to the extent that is necessary for technical reasons and to provide individual services. Where it is necessary to enter personal data in order to use individual services on our website (e.g. to register for the members area), we will collect and use this data only for the purpose for which you have provided it to us.
The controller for the collection, processing and use of your personal data in accordance with Art. 4(7) GDPR is:
IQM Initiative Qualitätsmedizin e.V.
10559 Berlin, Germany
Phone: +49 30 7262 1520
If you wish to object to the collection, processing or use of your data by us in accordance with these data protection provisions, either as a whole or for individual measures, you can address your objection to the controller.
2. Collection, processing and use of data on this website
2.1 Access data
When you visit our website, our web servers automatically store data for statistical analysis for the purpose of operating, securing and optimising our website, as well as for anonymously recording the number of visitors to our website (traffic). Our servers also store data about the extent and type of use of our website and services, the connection details of the requesting computer (user’s internet service provider and IP address as well as the requesting provider – stored only temporarily), the pages you visit on our site, the date, time and duration of the visit, identification data about the type of browser and operating system used, the amount of data transferred, notification of successful retrieval (HTTP response code), referrer URL (i.e. the previously visited page) and the website from which you visit us (server log data). Further personal data such as your name, address, telephone number and e-mail address is not recorded. There is also no link between the server log data and your personal data.
This data allows us to analyse traffic, troubleshoot and correct errors, and improve our services. This constitutes our legitimate interest, which forms the legal basis for processing according to Art. 6(1)(1)(f) GDPR.
We reserve the right to subsequently review log data if there is a justified suspicion of illegal use based on concrete evidence. We temporarily store IP addresses in log files when necessary for security purposes or when necessary to provide a service or bill for a service, e.g. if you take advantage of one of our offers. We delete the IP address when it is no longer required for security purposes. We also store IP addresses if we have a concrete suspicion that a crime is being committed in connection with the use of our website. We also store the date of your last visit (e.g. registration, login, clicking on links, etc.) with your account data.
2.2 Data for fulfilling our contractual obligations in the course of our association-related activities / Access to the members area
We process personal data that is needed to fulfil our contractual obligations regarding IQM membership, such as your name, address and e-mail address. Collecting this data in the course of our association-related activities is necessary for us to fulfil the association’s purpose and enable active participation in association processes.
Accounts to access the members area of our website can be created for persons who are actively involved in association-related activities on behalf of our members. We require personal data to create these accounts. Upon registration, we collect master data (e.g. name, title, person’s function with the member) and communication details (e.g. e-mail address) through direct contact with our members. The login credentials are sent to the person in question. The next time the person logs in, only the e-mail address and the password are required.
Data is deleted after a member has left the association; after a person employed by a member leaves the member organisation; after this person changes departments or areas, provided this change ends their active involvement in association-related activities; or at the express request of the person in question or the member by whom they are employed. A notification in text form (e.g. e-mail, fax, letter) to the contact details listed under Clause 1 is sufficient for such a request. There are no costs other than the communication costs at applicable standard rates. We will then delete your stored personal data, unless we need to store it for other purposes within the scope of our association-related activities or due to legal retention obligations.
Data linked to a members area account is always retained for the duration that this account is maintained. The legal basis for the processing of this data is Art. 6(1)(1)(b) GDPR because this data is required for us to fulfil our association-related obligations to our members in accordance with IQM’s articles of association.
To send you the IQM newsletter, you must provide your e-mail address and then confirm, as part of a double opt-in procedure, that you are the owner of the e-mail address and wish to receive the newsletter. After registering you will receive a message at the e-mail address you entered. We ask you to follow the link in this e-mail in order to confirm that you wish to receive our newsletter. Your registration for the newsletter is recorded. You will then receive our newsletter approximately once a quarter. It is sent by e-mail and contains information about current developments and events at IQM.
We process only your e-mail address in order to send you the newsletter. It will not be made available to any third party. To stop receiving the newsletter in the future, you can revoke your consent and thus your subscription to the newsletter at any time. To do so, simply reply to the newsletter with the subject “Unsubscribe from newsletter”. You will also find an opt-out link for unsubscribing from the newsletter at the end of each issue of the newsletter. There are no costs associated with unsubscribing other than the communication costs at applicable standard rates. Revoking your consent has no effect on the lawfulness of the processing that took place prior to the revocation based on your consent.
We store your registration data as long as it is needed for sending the newsletter. We store the record of your registration and the dispatch address as long as we maintain an interest in proving the original consent, usually for the limitation period for civil law claims, i.e. a maximum of three years.
The legal basis for sending the newsletter is your consent in accordance with Art. 6(1)(1)(a) and Art. 7 GDPR in conjunction with Section 7(2)(3) of the German Act against Unfair Competition (UWG). The legal basis for recording your registration is our legitimate interest in proving that the newsletter was sent with your consent.
2.4 E-mail contact
If you contact us (e.g. by e-mail), we will process your data for the purpose of handling the enquiry and answering any follow-up questions, should they arise.
If the data is processed for the purpose of performing pre-contractual activities at your request or, if you are a member of our association, to carry out association-related activities, the legal basis for this data processing is Art. 6(1)(1)(b) GDPR.
We process other personal data only if you give your consent (Art. 6(1)(1)(a) GDPR) or if we have a legitimate interest in processing your data (Art. 6(1)(1)(f) GDPR). Replying to your e-mail is an example of a legitimate interest.
2.5 Storage duration
Personal data will be deleted immediately as soon as knowledge of it is no longer necessary to fulfil the purpose for which it was stored and no legal or statutory obligation to retain or document the data prevents the deletion or destruction of the records in question.
It is also possible to use our website without cookies. Most browsers are configured to automatically accept cookies. However, you can disable cookie storage or set your browser to notify you whenever cookies are sent.
3.1 Required Cookies
Required cookies enable basic functions and are required for the proper functioning of the website. These include, for example, cookies used to save the consent option in your cookie settings and session cookies to uniquely identify a user, which is needed for access to the member area.
The legal basis for the use of required cookies is our legitimate interest in the optimal functioning of our website in accordance with Art. (6)(1)(f) GDPR.
3.2 Use of the Matomo tracking tool
This website uses Matomo, an open-source software for the statistical evaluation of visitor actions. This tool processes your IP address, the website(s) you visit, the website from which you linked to ours (referrer URL), the time you spend on our website and the frequency with which you visit one of our websites.
To collect this data, Matomo stores a cookie on your device via your Internet browser. This cookie is valid for one week.
Privacy information from this third-party provider can be found at https://matomo.org/privacy-policy/
We use Matomo with the “AnonymizeIP” extension. This means that IP addresses are processed in truncated form, making it impossible to assign them to a specific person. The IP address that Matomo transmits from your browser is not merged with other data collected by us.
The legal basis is Art. (6)(1)(f) GDPR. The analysis and optimisation of our website constitutes our legitimate interest.
You have the option to prevent Matomo from analysing and linking your actions. This will protect your privacy, but will also prevent us from learning from your actions and improving usability for you and other users.
3.3 External media
In some places we integrate external media on our website to display certain content. The IP addresses of our website visitors are automatically forwarded to the third-party providers listed below whenever integrated content is displayed, provided you have declared your consent in the cookie settings or by clicking the “Show Now” button in the browser window. These third parties may then set cookies for their own purposes.
In accordance with the GDPR, we use a two-step solution to prevent data from being transferred without your knowledge to third-party providers in third countries. Under this procedure, no personal data is passed on to external service providers when you first visit the IQM website. You must first give your consent by actively clicking in the indicated areas and load the content before data can be transferred to and processed by the respective provider. Information about how the individual third-party providers handle data privacy can be found on their websites.
The following third-party providers are integrated on our website:
We embed YouTube videos in our website. The operator of these plug-ins is YouTube LLC, 901 Cherry Ave, 94066 San Bruno, CA, USA, hereinafter referred to as “YouTube”. YouTube is a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as “Google”.
For information about the collection and use of your data as well as your rights and privacy options, please see Google’s privacy policies at
Our website uses Google Maps to display the locations of our members. Google Maps is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as “Google”.
Google offers additional information at
We embed videos from the provider Vimeo on our website. Vimeo is operated by Vimeo, LLC, headquartered at 555 West 18th Street, New York, New York 10011, USA.
Information on data processing and Vimeo’s privacy policies can be found at
4. Your rights as data subject
Under applicable laws, you have various rights regarding your personal information. If you wish to exercise these rights, please send your request by e-mail or by post along with sufficient information to identify yourself to the address mentioned in Clause 1.
An overview of your rights is presented below.
4.1 Right to confirmation and notification
You have the right to obtain confirmation from us at any time as to whether we are processing your personal data. If we are, you have the right to request information from us about the personal data we have stored about you as well as a copy of this data.
Furthermore, you have a right to be notified of the nature, scope, purpose, recipient and storage period of your processed personal data.
If personal data is transferred to a third country or to an international organisation, you have the right to be informed of the data protection guarantees for the transfer in accordance with Art. 46 GDPR.
4.2 Right to rectification
You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed.
4.3 Right to erasure (“right to be forgotten”)
Pursuant to Art. 17(1) GDPR, you have the right to obtain from us the erasure of personal data concerning you without undue delay, and we shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
- The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed
- You withdraw consent on which the processing is based according to Art. 6(1)(1)(a) GDPR or Art. 9(2)(a) GDPR, and where there is no other legal ground for the processing
- You object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR
- The personal data has been unlawfully processed
- The personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject
- The personal data has been collected in relation to the offer of information society services referred to in Art. 8(1) GDPR
Where we have made the personal data public and are obliged pursuant to Art. 17(1) GDPR to erase the personal data, we, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, this personal data.
4.4 Right to restriction of processing
You have the right to request that we restrict processing where one of the following applies:
- You contest the accuracy of the personal data, for a period enabling us to verify the accuracy of the personal data.
- The processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead.
- We no longer require the personal data for the purposes of the processing, but it is required by you for the establishment, exercise or defence of legal claims.
- You have objected to processing pursuant to Art. 21(1) GDPR pending the verification of whether the legitimate grounds of our company override yours.
4.5 Right to data portability
You have the right to receive the personal data that you provided to us in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller without hindrance from us, where:
- the processing is based on consent pursuant to Art. 6(1)(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(1)(b) GDPR and
- the processing is carried out by automated means.
In exercising your right to data portability pursuant to paragraph 1, you have the right to have the personal data transmitted directly from us to another controller, where technically feasible.
4.6 Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6(1)(1)(e) or Art. 6(1)(1)(f) GDPR. We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where we process personal data for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing.
Where personal data is processed for scientific or historical research purposes or statistical purposes pursuant to Art. 89(1) GDPR, you have the right to object to processing of personal data concerning you on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
4.7 Right to revoke data protection consent
You have the right to revoke your consent to future processing of personal data at any time.
4.8 Right to appeal to a supervisory authority
You have the right to appeal to a supervisory authority, in particular in the Member State in which you reside, in your place of employment or in the place where the suspected infringement occurred, if you consider that the processing of personal data concerning you is unlawful.
5. Data security
We take technical and organisational security measures in accordance with Art. 32 GDPR, which we constantly adapt to the state of the art, in order to protect your personal data from loss and misuse. Your data is stored in a secure operating environment that is not accessible to the public. In certain cases, your personal data will be encrypted during transmission using the Secure Socket Layer (SSL) technology. In this case, communication between your computer and our servers will be encrypted using a recognised encryption method, provided your browser supports SSL.
Please note, however, that transmission of data over the Internet (e.g. communication by e-mail) may be subject to vulnerabilities. It is not possible to completely protect data against access by third parties.
Furthermore, we provide no guarantee that our website will be available at certain times; disturbances, interruptions or failures cannot be excluded. We conduct careful and regular backups of our servers.
6. Automated individual decision-making
We do not employ automated individual decision-making based on the personal data collected.
7. Transfer of data to third parties, no data transfer to non-EU countries
As a matter of principle, we only use your personal data within our company.
If and insofar as we commission third parties for the fulfilment of contracts, they will receive personal data only to the extent necessary to execute the service in question.
In the event that we outsource certain aspects of data processing, we contractually oblige these processors to use personal data only in accordance with the requirements of applicable data protection laws and to ensure that the rights of the data subject are protected.