cluetec audit Logo

Better safe than sorry – cluetec Audit and mQuest Data Protection

1. Data protection at a glance

1.1 General information and mandatory information

cluetec takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy. When you use the mQuest services, various personal data is collected. Personal data is data with which you can be personally identified. This privacy policy explains which data we collect and what we use it for. It also explains how and for what purpose this happens. We point out that data transmission over the Internet (e.g., when communicating by email) may have security gaps. Complete protection of data against access by third parties is not possible.

1.2 How mQuest works

mQuest is the survey and data collection software from cluetec GmbH, Karlsruhe. cluetec is a German company that supports its customers with its products and services in surveying and collecting data using mobile devices or browsers. cluetec is a technical service provider and generally does not conduct surveys or surveys itself. mQuest is used exclusively by cluetec or by companies that have purchased a license from cluetec (hereinafter “customers”). The mQuest services are provided by cluetec as “Software as a Service” (SaaS). Direct access to the mQuest services by third parties (e.g., test subjects) cannot be ruled out. In some cases, mQuest customers also operate the software independently in their own data center. In these cases, the mQuest customer is the sole contact for data protection matters, as cluetec does not process any personal data. In these cases, please contact the relevant mQuest customer directly. The following information provides a simple overview of what happens to your personal data when you use our mQuest services. Personal data is any data that can be used to identify you personally. Personal data can originate from mQuest customers, users of mQuest forms, or be entered by mQuest customers’ employees. This privacy policy applies to mQuest services. The privacy policy for visitors to our website can be found at https://cluetec-audit.de/privacy-statement-eu/

2. Data collection via mQuest services

2.1 Cookies

Some of the web-based mQuest services use so-called cookies. Cookies do not cause any damage to your computer and do not contain viruses. Cookies are designed to make our service more user-friendly, effective, and secure. Cookies are small text files that are stored on your computer and saved by your browser. Most of the cookies we use are so-called “session cookies.” They are automatically deleted at the end of your visit. Other cookies remain stored on your device until you delete them. These cookies enable us to recognize your browser the next time you visit. You can set your browser so that you are informed when cookies are set and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when you close the browser. Deactivating cookies may limit the functionality of the mQuest services. Cookies that are necessary to carry out electronic communication or to provide certain functions you have requested are stored on the basis of Art. 6 (1) (f) GDPR. Cluetec has a legitimate interest in storing cookies to ensure the technically error-free and optimized provision of its services. If other cookies (e.g., cookies for analyzing your browsing behavior) are stored, these are treated separately in this privacy policy.

2.2 Server log files

cluetec automatically collects and stores data from the devices and applications through which users access cluetec’s services in so-called server log files. Such data can include, for example, IP addresses, usernames/access codes, app and operating system versions, device type, application ID, system and execution information, time, and browser type/version. Our servers capture this data and store it in log files. cluetec uses these log files for purposes such as system administration and maintenance, record-keeping, and security (i.e., monitoring to protect against misuse, spam, and DDOS attacks). Our legitimate interest in data processing pursuant to Art. 6 (1) (f) GDPR lies in these purposes. This also serves as the legal basis for processing. This data is deleted 120 days after entry. This data will not be merged with other data sources unless you give us your consent, the merger is based on a contract, or another legal basis. Furthermore, cluetec stores this data together with certain actions, such as deleting records, that users perform in the system.

2.3 User access

To use some mQuest services, user access is required. At a minimum, a valid email address is required for this purpose and is required, for example, for the “forgot password” function, optimization of mQuest services, or the sending of information relating to mQuest services. Further information such as title, surname, first name, telephone number, or company name is voluntary. Depending on the specific form, the basis for data processing is Art. 6 (1) (b) GDPR, which permits the processing of data to fulfill a contract or for pre-contractual measures, or Art. 6 (1) (a) GDPR, which requires consent. Both legal bases are based on a relationship between the user and the mQuest customer who uses the mQuest services. This customer is also the contact person for implementing the measures. User access and other information can be changed or deleted at any time by the mQuest customer administrators. If a customer contract is terminated or expires, all data collected via mQuest will be deleted.

2.4 Data collection via mQuest forms

cluetec provides the mQuest services to its customers as “Software as a Service” (SaaS). The forms used for data collection are created and provided by the mQuest customers. This also allows the mQuest customer to determine which types of data are collected. The mQuest customer is the “controller” within the meaning of the GDPR.

It is the responsibility of the mQuest customer to ensure that data collection and processing is in compliance with applicable laws and data protection regulations, e.g., the GDPR. Depending on the specific form, the basis for data processing is Art. 6 (1) (b) GDPR, which permits the processing of data to fulfill a contract or for pre-contractual measures, or Art. 6 (1) (a) GDPR, which requires consent. Both legal bases are based on a relationship between the user and the mQuest customer. Regarding this relationship, please contact the mQuest customer.

mQuest customers with an active contract have control over the purpose and duration of data processing and are therefore also responsible for deleting the collected data. When a customer contract is terminated or expires, all data collected via mQuest is deleted.

Data that cluetec receives from its clients is used exclusively for the purpose specified in the order. It is not shared with third parties.

Forms that use the Aztec Code Scanner photo function can read data from tickets in UIC918* and VDV formats. Personal data that may be stored in the ticket’s Aztec code is not saved.

To ensure a consistently positive user experience, mQuest Audit collects analytics data using Microsoft Azure’s Application Insights. This data is anonymous and used solely to improve the web application by analyzing performance, errors, and page views.

2.5 Data collection via Audit Intelligence

Audit Intelligence encompasses all AI-based features in cluetec Audit that aim to optimize the audit process through improved insights and automated data analysis.

Audit Intelligence leverages Azure OpenAI and Azure AI Services to deliver these advanced capabilities. Data from audit reports, including findings, findings, mitigations, and actions, can be collected and used to analyze and refine AI capabilities. The extent of data usage depends on the specific function and the intended use case of the AI capability being utilized.

In addition, Audit Intelligence may collect and use personal data or personally identifiable information (PII) contained in client data such as audit reports or findings—including the names, emails, and addresses of auditors and assigned personnel. This data collection is solely for the purpose of achieving the intended function or objective of the AI-based services offered and is carried out in compliance with applicable data protection laws.

The processing of data by Audit Intelligence, including inputs (prompts) and outputs (completions) as well as document embeddings, is protected as follows:

  • They are NOT accessible to other customers.
  • They are NOT accessible to other model providers.
  • They are NOT used by Azure Direct Model providers to improve their models or services.
  • They will NOT be used to train basic generative AI models without your express permission or instruction.

We store relevant data, including inputs (prompts) and outputs (completions), separately and solely for the purpose of improving AI services and for no other purpose. This data management approach is carried out in strict compliance with applicable data protection laws to ensure privacy and confidentiality.

3. Your rights

You have the right:

  • Pursuant to Art. 15 GDPR, you have the right to request information about your personal data processed by us. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected from us, as well as the existence of automated decision-making, including profiling, and, where applicable, meaningful information on its details.
  • to request the immediate correction or completion of any inaccurate personal data stored by us in accordance with Art. 16 GDPR;
  • to request the deletion of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
  • to request the restriction of the processing of your personal data pursuant to Art. 18 GDPR if you contest the accuracy of the data, the processing is unlawful but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have objected to the processing pursuant to Art. 21 GDPR;
  • pursuant to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transmitted to another controller;
  • According to Art. 7 (3) GDPR, you have the right to revoke your consent at any time. This means that we may no longer continue the data processing based on this consent in the future and
  • Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority at your usual place of residence or work, or at our headquarters.
  • Please direct inquiries (e.g. data subject inquiries, information requests, etc.) to the responsible party, usually the cluetec customer who uses the mQuest services.
If you would like to contact cluetec directly as a processor, please contact us at datenschutz@cluetec.de or at the address provided in the imprint of our website: https://cluetec-audit.de/impressum

4. Security

4.1 SSL or TLS encryption

For security reasons and to protect the transmission of confidential content that you send to us as a processor, the mQuest services use SSL or TLS encryption. You can recognize an encrypted connection in your browser by the fact that the address bar changes from “http://” to “https://” and by the lock symbol in your browser bar. In the mQuest app, you can recognize this in the settings menu under QuestServer Settings: SSL Connection Active. If SSL or TLS encryption is activated, the data you send to us cannot be read by third parties.

4.2 Confidentiality and state of the art

All data collected through mQuest services is treated confidentially by cluetec. All data is stored securely, and access to the data is restricted to authorized personnel. To ensure the security of your data, cluetec implements technical and organizational measures in accordance with the current state of the art.

5. Data Protection Officer

Legally required data protection officer

We have appointed a data protection officer for our company.
Thomas Heimhalt | Data Protection perfect GmbH
datenschutz@cluetec.de

Places of data processing

Data processing by cluetec takes place exclusively within the EU.

7. Subcontractors

Operator of the data center

TelemaxX Telecommunications GmbH
 Amalienbadstraße 41 | Building 61 | 76227 Karlsruhe | Germany
https://www.telemaxx.de

Cloud service providers

Microsoft Ireland Operations Limited
 Private Company Limited by Shares | Registered in Ireland | No. 256796
70 Sir John Rogerson’s Quay | Dublin 2 | Ireland
https://azure.microsoft.com/de-de/

MongoDB, Inc.
 1633 Broadway | 38th Floor | New York, NY 10019
https://www.mongodb.com/

Provider of the OCR service

ABBYY Cloud OCR SDK
 Landsberger Straße 300 | 80687 Munich | Germany
https://www.ocrsdk.com

Managed Services

abilis GmbH IT Services & Consulting
 Lorenzstraße 8 | 76297 Stutensee | Germany
https://www.abilis.de

8. Changes to this Privacy Policy

We reserve the right to change our privacy policy as new technologies require it. Please ensure you have the most recent version.

Last modified: October 15, 2025

Company
Audit Platform
Audit types
Insights
Benefits
Mobile Data Collection
Newsletter registration
In good company
Awarded
Linkedin Icon
kununu icon
instagram icon
facebook button
youtube button
Privacy policy
Imprint
Compliance
cluetec Logo
clutec audit Logo
Sie wollen die Revolution für 
Audits und Qualitätsprüfungen?
Leonard Schwind
Sales Development Representative
Schicken Sie mir eine Anfrage. Ich melde mich zur digitalen Revolution Ihres Unternehmens.

Welche Auditarten sollen digitalisiert werden?

clutec audit Logo
Kurz & Knapp
Audit Management Software
Audit Intelligence – Audit-KI
Features
Integration
Sicherheit
Service & Support
FAQ
Audit Software für
Systemaudits
Prozessaudits
Produktaudits
Audit Software für
Automotive
Produzierende Industrie
Handel & Logistik
Echte Mehrwerte für
Management
Qualitätsleitung
QM-Beauftragte
Auditoren
Leitung Digitalisierung
Darauf sind wir Stolz
News & Blog
Webinare & Events
Success Stories
Die Digitalisierer
cluetec
Team
Referenzen
Netzwerk
Karriere
Beraten lassen
clutec audit Logo
You want a revolution in audits and quality checks?
Leonard Schwind
Sales Development Executive
Send me a request. I'll get in touch with you about your company's digital revolution.

Which types of audits should be digitized?

clutec audit Logo
IN A NUTSHELL
Audit Management Software
Audit Intelligence – Audit AI
Features
Integration
Security
Service & Support
FAQ
Audit software for
System audits
Process audits
Product audits
Audit software for
Automotive
Manufacturing industry
Retail & Logistics
Real benefits for
Management
Head of Quality
QM representative
Auditors
Head of Digitalization
We are proud of that.
News & Blog
Webinars & Events
Success Stories
The digitalizers
cluetec
Team
References
Network
Career
Get in touch
clutec audit Logo
clutec audit Logo

Thank you for subscribing
to our newsletter.

Back to start
clutec audit Logo

Thank you for your request.
Our team will get in touch with you shortly.

Back to start