Data protection | Privacy policy

How we protect your data

The TÜV NORD GROUP takes the protection of your personal data seriously and complies with the statutory provisions of the General Data Protection Regulation ("GDPR") and the Federal Data Protection Act ("BDSG") when processing personal data. In accordance with the GDPR, the following text will provide you with information about when and for what purposes your personal data is processed when you visit our website. This Privacy Policy applies to all processing of personal data carried out by us on our website, in mobile applications and as part of our external online presence, such as our social media profiles - "online offer". It does not extend to any websites the links to which are provided here or websites of other providers.

Last updated: 30/07/2020

Document date: 30/07/2020

Revision 1.7

Click on one of the headings below to be directed to the respective section.

2 Name and address of the controller
3 Name and address of the Data Protection Officer
5 Server log files
10 Visiting Accelerated Mobile Pages (AMP)
11 Online applications
12 Security and integrity of data
14 Foreign language pages
15 Disclaimer and limits of this data protection notice
16 Updates

1 Definitions

Our Privacy Policy is based on the terms used by European legislators and regulators in the General Data Protection Regulation (GDPR). Our Privacy Policy is intended to be easy to read and understand by the general public and by our customers and business partners alike. In order to ensure this, we wish to start by explaining some of the terminology used.

1.1 Personal data

“Personal data” means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

1.2 Data subject

“Data subject” is any identified or identifiable natural person whose personal data is processed by the controller of the processing.

1.3 Processing

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

1.4 Profiling

“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

1.5 Pseudonymisation

“Pseudonymisation” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

1.6 Controller

“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

1.7 Processor

“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

1.8 Recipient

“Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular enquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of such data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

1.9 Third party

“Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

1.10 Consent

“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.

1.11 Cookies

Some of our websites use cookies - these do not contain viruses or cause any other damage to your computer. We only use cookies to make our offer more user-friendly, effective and secure. A cookie is a small text file that a website sends to your computer or mobile device, where it is stored by your web browser. Cookies can store information such as your IP address or another identifier, your browser type and information about the content that you view on the digital services and with which you interact.

1.12 Website

Website or internet presence means all of the controller's web pages available on www.tuev-nord.de.

2 Name and address of the controller

The controller for the purposes of the GDPR, other data protection laws applicable in Member States of the European Union and other provisions related to data protection are:

Companies of the TÜV NORD GROUP, represented by TÜV NORD AG

Am TÜV 1 
Hanover
Germany
Tel.: +49 511 998-0
Email: privacy@tuev-nord.de 
Website: www.tuev-nord.de

3 Name and address of the Data Protection Officer

The Data Protection Officer of the controller is:

Mr Berthold Weghaus
TÜV NORD AG 
Am TÜV 1
45307 Essen
Germany
Tel.: 0201 / 825-2165
Email: privacy@tuev-nord.de
 

If you would like to, for example, receive information about your personal data stored in our IT systems or if you wish to have your personal data erased, please use our Online Form for the Protection of the Rights of Data Subjects 

4 General information on the collection and processing of your data on our website

4.1 How do we collect and use your data?

One of the ways in which your data is collected is when you communicate it to us. This is, for example, the data that you enter in a contact form. Other data is automatically collected by our IT systems when you visit our website. This is mainly technical data (e.g. Internet browser, operating system or date and time of your visit to our website). This data is collected automatically the moment you visit our website.

Some of the data is collected in order to ensure that the website is provided to you without errors. Other data may be used to analyse your user behaviour.

4.2 Scope of processing

In principle, we only process personal data of visitors and users of our website insofar as this is necessary for the provision of a functional website as well as our content and services. As a rule, the personal data of our users is processed only with the consent of the user. An exception applies in those cases in which prior consent cannot be obtained for practical reasons and where data processing is permitted by law.

4.3 Legal basis

The processing of personal data with the consent of the data subject is based on Article 6 (1) (a) of the GDPR.

The processing of personal data that is necessary for the performance of a contract to which the data subject is a party is based on Article 6 (1) (b) of the GDPR. This also applies to processing operations that are required to carry out pre-contractual measures.

The processing of personal data that is necessary to fulfil a legal obligation imposed on our company is based on Article 6 (1) (c) of the GDPR.

In the event that vital interests of the data subject or another natural person require the processing of personal data, such processing is based on Article 6 (1) (d) of the GDPR.

The legal basis for processing that is necessary for the purposes of the legitimate interests pursued by our company or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, is Article 6 (1) (f) of the GDPR.

4.4 Storage and erasure of your data

We erase or block the personal data of the data subject as soon as the purpose of storage no longer applies. Data may also be stored if this is provided for by the European or national legislator in Union regulations, laws or other provisions applicable to our company. Data will also be blocked or erased upon expiry of a storage period prescribed by the standards mentioned, unless further storage of the data is required in order to conclude or perform a contract.

5 Server log files

Every time our website is accessed, our server system automatically collects data and information from the computer system of the calling computer, which includes the following:

  • the type and version of your internet browser,
  • the operating system of your computer or smartphone,
  • your internet service provider,
  • your IP address,
  • date and time of your access,
  • websites from which you have been redirected to us,
  • websites that you visit from our websites.

This data is not merged with other data sources. We collect such technical information in so-called log files in order to ensure that our website is displayed correctly, to assist us in determining the causes of any technical problems, and for the purposes of the technical optimisation of our website and the security of our computer systems and networks. In respect of such purposes, our legitimate interest in data processing is also laid down in Article 6 (1) (f) of the GDPR. The data is erased as soon as it is no longer required to achieve the purpose for which it was collected. In most cases, this technical information is erased or made illegible by no later than seven days. The collection of the data for the provision of the website and the storage of the data in log files is essential for the operation of the website. The user therefore has no option to object to such processing.

6 Cookies and tracking technologies

6.1 Analysis tools and third-party tools

When you visit our website, your surfing behaviour can be statistically evaluated. This is mainly done using cookies and so-called analysis programs. The analysis of your surfing behaviour is anonymous and therefore cannot be traced back to you. You may object to this analysis or prevent it by not using certain tools.

6.2 What are cookies?

6.2.1 Cookies

Most of the cookies used by us are so-called “session cookies”. They are automatically deleted after your visit. Other cookies remain stored on your device until you delete them. These cookies enable us to recognise your browser during your next visit. You can set your browser in such a way that you are informed about the placement of cookies and only allow cookies on a case-by-case basis, exclude accepting cookies for certain cases or in general, and activate the automatic deletion of cookies whenever you close your browser. If cookies are deactivated, the functionality of this website may be restricted. The storage of cookies that are necessary to carry out the electronic communication process or to provide certain functions required by you is based on Article 6 (1) (f) of the GDPR. We have a legitimate interest in storing cookies to ensure technically flawless and optimised provision of our services. If other cookies (e.g. cookies for analysing your surfing behaviour) are stored, these are treated separately in our cookie settings.

6.2.2 Web beacons/gifs, pixels, page tags, script

Email and mobile applications may contain small, transparent image files or lines of code intended to record how you interact with them. This information is used to help website and app publishers to better analyse and improve their services.

6.2.3 Cookies for analytical purposes

When visiting our website, the user is informed about the use of cookies for analytical purposes and we obtain their consent to the processing of the personal data used in this context. As part of the process, the user is also referred to this Privacy Policy.

Analytical cookies are used for the purpose of improving the quality of our website and its content. They tell us how the website is used, thus allowing us to continuously optimise our offer.

The processing of personal data using cookies for analytical purposes, where the user has given their consent, is based on Article 6 (1) (a) of the GDPR.

6.2.4 Duration of storage, objection and data erasure options

Cookies are stored on the user’s computer, which transfers them to our website. You have and retain full control over the use of cookies and can delete cookies in your browser or via the cookie settings in the bottom left corner of our website, deactivate the storage of cookies entirely or selectively accept certain cookies. Please use the help functions of your browser to find out how you can change these settings. Doing so may restrict the functionality of our website. The user consents to the use of cookies by accepting the use of cookies in the window displayed by us on the website ("cookie banner"). You can adjust your cookie settings individually at any time by clicking on the icon (bottom left of the website).

6.3 Categories of cookies used by TÜV NORD

To assist you with customising your data protection settings for visiting our website according to your individual needs, you can use the cookie settings to set your preferences with regard to the categories “Technically necessary”, “Statistics”, “Comfort and personalisation”.

6.3.1 "Technically necessary" category

These cookies are necessary for the technical operation of the website and for the control of the commercial objectives of our company. Some functions of our website cannot be offered without the use of these cookies.

We use technically necessary cookies based on our legitimate interests (Article 6 (1) (f) of the GDPR). We have a legitimate interest in ensuring the functionality of our websites and its optimal usability. Logging, among other things, serves the fulfilment of Section 13 (2) of the German Telemedia Act and no objection is possible. This type of cookie is used exclusively by TÜV NORD as the operator of the website and all information stored in the cookies is only transmitted to this website.

6.3.2 "Statistics" category

With a view to further improving our offer and our website, we collect anonymised data for statistical and analytical purposes. The use of these cookies allows us to, for example, determine the number of visitors and the impact of certain pages of our website, as well as to optimise our content. Analytical cookies and tags enable us to generate overall statistics, e.g. about the number of visits, which areas of the website are viewed most frequently and information about locations and the average length of visits to our website. We are thus able to improve the quality of our website and the content. Functional cookies enable this website to store information such as the user name or the language selection and to offer the user improved and personalised functions on this basis. These cookies only collect and store anonymised information.

6.3.3 "Comfort and personalisation” category

We use these cookies to make it easier for you to use our website. For example, when you visit our website again, you can easily access the same content.

Cookies in this category are also used to show you personalised content that matches your interests. This enables us to display our offers to you.

We only use functionality cookies, analytical cookies and advertising cookies subject to your consent (Article 6 (1) (a) of the GDPR).

Some of the cookies we use are automatically deleted after you close the browser (so-called session cookies), while others are permanently stored on your device and enable us to recognise your browser (so-called persistent cookies).

Such marketing / third-party / consent-based cookies come from external advertising companies and are used to collect information about the websites visited by the user, e.g. to create targeted advertising for the user. This data is thereby shared with third parties.

6.3.4 Overview of our basic cookie settings and deletion periods

Here you can find our cookie settings: https://www.tuev-nord.de/de/kategorien/cookie-einstellungen/

6.4 Analysis tools and integration of third-party web services

6.4.1 Google Analytics

This website uses Google Analytics, a web analysis service from Google Inc. (“Google”). Google Analytics uses so-called "cookies” - text files that are stored on your computer and that allow an analysis of your use of the website. Three cookies are used:

  • _ga: This cookie is used to distinguish your browser from other browsers. The maximum storage period is 24 months.
  • _gid: This cookie is used to distinguish your browser from other browsers. The maximum storage period is 24 hours.
  • _gat: This cookie is used to throttle the request rate from the browser using the above cookies. The maximum storage period is 10 minutes.

All data collected via the cookies is collected exclusively for statistical purposes. We need the data to determine the data traffic on our website and its origin, to determine whether the website is functioning well in all areas and how we can make it more usable for you. No user profiles are created or conclusions drawn about the identity of a user. All user and event data stored in Google Analytics is deleted after 26 months at the latest.

The information about your use of our website that is generated by the cookies is usually transferred to and stored by Google on servers in the United States. However, your IP address is truncated and thereby anonymised by Google already within the Member States of the European Union or in other states which are party to the Agreement on the European Economic Area. Only in exceptional cases is the complete IP address transmitted to and truncated by Google on a server in the United States. On our behalf, Google will use this information to evaluate your use of our website, to create reports on website activity for the operator of the website, and to provide other services related to website activity and internet usage. No data is transferred to third parties. Likewise, no data from other sources is associated with the data thus collected.

We use Google Tag Manager for integration on our website. Further information can be found in our Privacy Policy under Google Tag Manager.

The processing of data on our website using Google Analytics is based on Article 6 (1) (a) of the GDPR. Your consent is voluntary; you may revoke your consent at any time with effect for the future by changing your currently defined settings in our cookie banner.

You can also prevent the storage of cookies by choosing the appropriate settings of your

browser software. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available under the following link (https://tools.google.com/dlpage/gaoptout?hl=de).

Please note that these settings must be selected individually for each device and each browser.

This website also uses the "gat._anonymizeIp();" function, which ensures the anonymisation of IP addresses during data collection.

Google Analytics is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

6.4.2 Google Ads

We use Google Ads, an advertising system from Google Inc. (“Google”), to advertise our website. As part of this, we use the "conversion tracking" function on our website. We also use Google Analytics to evaluate data from Google Ads for statistical purposes. If you reach our website via a Google ad, a cookie will be placed on your computer. Conversion cookies lose their validity after a maximum of 30 days and are not used to identify you personally. If you visit certain pages of our website and the cookie has not yet expired, we and Google can recognise that you, as a user, have clicked on one of our advertisements placed on Google and have been forwarded to our website.

The information obtained with the help of the conversion cookies is used by Google to create visit statistics for our website. These statistics tell us the total number of users who clicked on our ad and which pages of our website were subsequently accessed by the respective user. However, we or other advertisers that use Google Ads do not receive any information which can be used to identify users personally.

We use Google Tag Manager for integration on our website. Further information can be found in our Privacy Policy under Google Tag Manager.

The processing of data on our website using Google Ads is based on Article 6 (1) (a) of the GDPR. Your consent is voluntary; you may revoke your consent at any time with effect for the future by changing your currently defined Google Analytics settings in our cookie banner.

You can also prevent the installation of the conversion cookies by setting your browser accordingly, for example, using a browser setting that generally deactivates the automatic placement of cookies or specifically only blocks cookies from the “googleadservices.com” domain.

The relevant Google Privacy Policy can be found under the following link: https://services.google.com/sitestats/de.html

Google Ads is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

6.4.3 Google Remarketing

For the purpose of advertising our website and the products available on it, we use the so-called remarketing function of Google Ads and Google Analytics, which are web analysis services from Google Inc. (“Google”).

When the remarketing function is used, a cookie is stored in your browser the moment you visit our website. If you later use Google search or visit a website registered in the Google Ad Network, Google can use this cookie to recognise that you have visited a certain page of our website, that you have placed a certain product in the shopping cart and that you have purchased it.

In Google Ads, we can then add the visitor to our website to a so-called remarketing list - a list of users who have visited certain pages of our website. These remarketing lists can be used to call up statistics and define target groups to whom selected advertisements can be displayed in the Google Search Network and Google Display Network.

By using the remarketing function, we wish to ensure that our advertisements presented in the Google Search Network and Google Display Network are only displayed to users who, when visiting the website, indicated that they were potentially interested in an advertised product and thus do not feel irritated or disturbed by the advertising. Likewise, the use of these services excludes the likelihood of a product advertisement being displayed to users who have already purchased the product. Furthermore, for the purposes of statistics and market research, we can also check whether a user has been redirected to our website after clicking on an advertisement, and evaluate whether the advertisement has met their interest.

We cannot draw any conclusions about the visitor's identity from the data collected via Google Ads for the remarketing function. Google processes the data in pseudonymised form. This means that it does not process the name or email address of the user, but only processes the relevant visit data that is stored in the cookie. This does not apply if the user has expressly allowed Google to process their data without pseudonymisation. This has no effect on data processing on our part as the website operator.

The processing of data on our website using Google Remarketing is based on Article 6 (1) (a) of the GDPR. Your consent is voluntary; you may revoke your consent at any time with effect for the future by changing your currently defined Google Analytics settings in our cookie banner.

You can also object to your visit to our website being recorded by the Google cookie and your data being used to display advertisements in Google search or on websites that are connected to the Google Ad Network by doing the following:

You can select a corresponding setting in your browser that generally deactivates the automatic placement of cookies or specifically only blocks cookies from the “googleadservices.com” domain.

You can install the plug-in provided by Google for this purpose in your browser by following this link: https://www.google.com/settings/ads/plugin.

If you would like to specifically object to interest-based advertising by Google Marketing Services, you can use the setting and opt-out options provided by Google: https://adssettings.google.com/authenticated

The relevant Google Privacy Policy can be found under the following link: https://services.google.com/sitestats/de.html

Google Ads and Google Analytics are operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

6.4.4 Google Adwords Conversion Tracking

This website also uses Google Conversion Tracking. Google Adwords will place a cookie on your computer if you land on our website via a Google ad. These cookies lose their validity after a maximum of 30 days and are not used to identify you personally. If the user visits certain pages of the Adwords customer's website and the cookie has not yet expired, Google and the customer can see that the user has clicked on the ad and has been redirected to this page.

Each Adwords customer receives a different cookie. Cookies cannot therefore be tracked via the websites of Adwords customers. The information obtained with the help of the conversion cookie is used to create conversion statistics for Adwords customers who have opted for conversion tracking.

Adwords customers find out the total number of users who have clicked on their ad and have been forwarded to a web page containing a conversion tracking tag. However, they do not receive any information which can be used to personally identify the users. If you do not wish to participate in the tracking process, you can also object to the placement of a cookie required for this - for example, by selecting a browser setting that generally deactivates the automatic placement of cookies. You can also deactivate cookies for conversion tracking by setting your browser to block cookies from the  “www.googleadservices.com” domain. Google's data protection information on conversion tracking can be found in Google’s Privacy Policy.

These services are specifically developed for mobile devices (such as smartphones). In some cases, content is loaded from other sources (mainly to ensure that the data, such as the list of our test centres or map material from map providers, is up to date). Functions are always performed on the end device. If we call up functions on TÜV NORD servers (e.g. to find the nearest test centres to a given location on tuev-nord.de for performance reasons), we discard this data on the servers once the results have been transmitted. We only process personal data if it is necessary for the purpose of the app or if you have given us your explicit consent. No data is transferred to third parties. We reserve the right to statistically evaluate anonymised data sets.

Geolocation data is used for location services (e.g. your location at the time of calling up the "... find nearest test centre" function). We do not combine this geolocation data with your personal data, but only use it for the purpose of determining your location within the framework of the app or a partial function of an app you have called up. After determining your location, we discard this geolocation data. Depending on your end device, you can also generally switch off the location option (to find out more, see information from the manufacturer of your end device). However, if you do so, you will no longer be able to use the location function of the app.

Data is also stored on your device - personal data is always stored in encrypted form, while some data is stored in unencrypted form (e.g. settings of specific on/off switches in our apps). If your device is lost, misuse of the data by third parties cannot be ruled out. We therefore recommend that you use device-specific measures against misuse (user lock, etc.). To find out more, please refer to the information provided by the manufacturer of your end device. When the end device is passed on to other users, e.g. following a sale, you should also take advantage of the options to remove personal data from your device.

6.4.5 Microsoft Advertising

For the purpose of advertising our website, we use Microsoft Advertising - an advertising system from Microsoft Corporation ("Microsoft"). As part of this, a cookie is placed on the devices of visitors who land on our website via an advertisement displayed in the Bing search engine.

This cookie stores data that provides information about the use of our website, including data such as the duration of the visit, the pages viewed and whether a purchase was made. The data is pseudonymised and can be extracted by both Microsoft and us for statistical purposes. No personal data is processed as part of such extraction, and it is not possible to draw any conclusions about the identity of the visitor.

The information collected is transmitted to Microsoft servers in the United States. The maximum storage period is 180 days.

The processing of data on our website using Microsoft Advertising is based on Article 6 (1) (a) of the GDPR. Your consent is voluntary; you may revoke your consent at any time with effect for the future by changing your currently defined settings in our cookie banner.

You can select a corresponding setting in your browser that generally deactivates the automatic placement of cookies or specifically only blocks cookies from the “microsoft.com” domain.

Under certain circumstances, Microsoft can use so-called cross-device tracking to track your usage behaviour across several of your electronic devices, thus allowing it to display personalised advertising on websites and in apps. You can object to the processing of your data for this purpose by following this link: https://account.microsoft.com/privacy/ad-settings/signedout?

More information on the analytics services offered by Microsoft Advertising can be found on https://help.bingads.microsoft.com. Further information on Microsoft’s data protection can be found in Microsoft's Privacy Statement at: https://privacy.microsoft.com/de-de/privacystatement

6.5 Consent Manager

We have integrated the "consentmanager" tool (www.consentmanager.net) from Jaohawi AB (Håltgelvågen 1b, 72348 Västerås, Sweden, info@consentmanager.net) on our website to request consent for data processing and the use of cookies or comparable functions. With the help of "consentmanager", you can consent or object to certain functions of our website, e.g. for the purpose of integrating external elements, integrating streaming content, statistical analysis, reach measurement and personalised advertising. By using "consentmanager", you can give or withhold your consent for all functions or give your consent for individual purposes or individual functions. You can also change your settings at a later date. The purpose of integrating "consentmanager" is to allow the users of our website to make decisions about the aforementioned matters and, as part of the further use of our website, to offer the users the option of changing their settings once they have selected them. During the use of "consentmanager", personal data and information from the end devices used, such as the IP address, is processed.

The processing is based on Article 6 (1) (c) in conjunction with Article 6 (3) (a) of the GDPR in conjunction with Article 7 (1) of the GDPR and, alternatively, (f) of the GDPR). By processing the data, we assist our customers (the “controller” according to the GDPR) with fulfilling their legal obligations (e.g. obligation to provide evidence). In the context of such processing, we have a legitimate interest in the storage of user settings and preferences regarding the use of cookies and other functionalities. "Consentmanager" stores your data for as long as your user settings are active. Two years after the user settings have been selected, the user will be requested to give consent again. The selected user settings are then stored again for this period.

You may object to the processing. You have the right to object for grounds relating to your particular situation. To exercise your right to object, please send an email to info@consentmanager.net.

6.6 Cloudflare

With a view to making our website faster and more secure, we use Cloudflare from Finna Cloudflare, Inc. (101 Townsend St., San Francisco, CA 94107, United States). Cloudflare uses cookies and processes user data. Cloudflare, Inc. is an American company that provides a content delivery network and various security services. These services are located between the user and our hosting provider and act as a reverse proxy for websites. Below, we will try to explain in more detail what all this means.

It goes without saying that we wish to offer you the best possible service with our website. Cloudflare offers us both web optimisation and security services such as DDoS protection and web firewall. This also includes a reverse proxy and content distribution network (CDN). Cloudflare also blocks threats and limits abusive bots and crawlers from wasting our bandwidth and server resources. By storing our website on local data centres and blocking spamware, Cloudflare enables us to reduce our bandwidth usage by around 60%. The provision of content via a data centre near you and some web optimisation performed in such centres reduces the average loading time of a website by about a half. According to Cloudflare, by using the "I'm Under Attack Mode", further attacks can be mitigated by displaying a JavaScript arithmetic problem that must be solved before a user can access a website. Overall, this makes our website much more powerful and less susceptible to spam or other attacks.

Cloudflare generally only forwards the data that is controlled by the website operator. This means that the content is not determined by Cloudflare, but always by the website operator itself. In addition, Cloudflare may collect certain information about the use of our website and process data that is transmitted by us or in respect of which Cloudflare has received corresponding instructions. In most cases, Cloudflare receives data such as contact information, IP addresses, security fingerprints, DNS log data and website performance derived from browser activities. Log data helps Cloudflare, for example, to identify new threats. Cloudflare can thus guarantee a high level of security for our website. As part of its services, Cloudflare processes this data in compliance with the applicable laws. Of course, these also include the GDPR.

For security reasons, Cloudflare also uses a cookie. The L cfduid) cookie is used to identify individual users behind a shared IP address and to apply security settings for each individual user. This cookie is very useful, for example, if you use our website from a location with a number of infected computers. If your computer is trusted, we can recognise this using the cookie. As a result, you can use our website without any obstacles even though there may be infected PCs in your environment. This cookie is essential for the Cloudflare security functions and cannot be deactivated.

Cloudflare only keeps data logs for as long as necessary, and in most cases, this data is erased within 24 hours. Moreover, Cloudflare does not store any personal data, such as your IP address. However, some information is stored by Cloudfare indefinitely as part of its permanent logs in order to improve the overall performance of Cloudflare Resolver and to identify any security risks.

In its Privacy Policy, Cloudflare states that it is not responsible for the content it receives. For example, if you contact Cloudflare to request to have your content updated or erased, Cloudflare will generally refer you to us as the website operator. You can also completely prevent the collection and processing of your data by Cloudflare by deactivating the execution of script code in your browser or by integrating a script blocker in your browser.

For more information on how Cloudfare protects your data, please visit https://www.cloudflare.com/de-de/privacypolicy/

 

6.7 Google Tag Manager

We use Google Tag Manager on our website - a service provided by Google LLC (“Google”) for the purpose of integrating external web services on a website.

By using Google Tag Manager, we integrate services such as Google Analytics, Google Ads, LinkedIn Insight Tag and Twitter Website Tag on our website, provided you have given your consent to the respective services on our site. Google Tag Manager is only used for the purpose of implementing the services on our website. No personal data is collected, stored or processed in this context. Information and setting options for your currently specified consents can be found in our cookie banner.

Further information can be found in Google's use policy for Google Tag Manager: https://www.google.com/intl/de/tagmanager/use-policy.html

If any data is processed by Google Tag Manager, this is based on Article 6 (1) (f) of the GDPR.

Google Tag Manager is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

6.8 Google reCAPTCHA

We use the Google reCAPTCHA service, a Captcha service from Google Inc. (“Google”), for selected web forms on our website for the purpose of protecting it against spam and abuse. The service is used to determine whether an entry was made by a human being or fraudulently by an automated, machine-based agent.

For this purpose, Google saves a cookie in your browser when you use the reCAPTCHA service and collects the following data:

  • IP address (anonymised)
  • referrer URL (page on which reCAPTCHA is used)
  • browser, browser size and resolution, browser plug-ins, date, language setting
  • mouse or touch events within the reCAPTCHA box
  • association with a Google account (if you are logged in to Google when using the reCAPTCHA service)

Your IP address collected for the reCAPTCHA service will be transmitted to Google. Prior to the transmission, however, the IP address is truncated and thereby anonymised by Google already within the Member States of the European Union or in other states which are party to the Agreement on the European Economic Area. Only in exceptional cases is the complete IP address transmitted to and truncated by Google on a server in the United States. On behalf of the operator of the website, Google uses this information to evaluate your use of this service. The IP address transmitted by your browser as part of reCAPTCHA is not merged with other Google data. No data is transferred to third parties. Likewise, no data from other sources is associated with the data thus collected.

Your input is processed by Google in order to improve the pattern recognition of the reCAPTCHA tool. Google also extracts cookies from other Google services such as Gmail, Search and Analytics. All of the aforementioned data is sent to Google in encrypted form. Google's subsequent evaluation decides in which form the Captcha is displayed on the web page - in the form of a checkbox or text input.

No personal data is extracted from the input fields of the respective form or stored. For more information on Google's Privacy Policy, see: https://www.google.com/policies/privacy/

The processing of data on our website using Google reCAPTCHA is based on Article 6 (1) (a) of the GDPR. Your consent is voluntary; you may revoke your consent at any time with effect for the future by changing your currently defined settings in our cookie banner.

Google ReCAPTCHA is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

6.9 Integration of plug-ins and tools

6.9.1 YouTube

Our website uses plug-ins from YouTube, which is operated by Google. The operator of the website is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, United States.

If you visit one of our web pages containing a YouTube plug-in, a connection to the YouTube servers will be established. The YouTube server is thus informed which of our web pages you have visited.

Furthermore, YouTube may store various cookies on your device. With the help of these cookies, YouTube can obtain information about visitors to our website. Among other things, this information may be used to record video statistics, improve usability and prevent fraud attempts. These cookies remain stored on your device until you delete them.

If you are logged into your YouTube account, you enable YouTube to directly associate your surfing behaviour with your personal account. You can prevent this by logging out of your YouTube account.

YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Article 6 (1) (f) of the GDPR.

For more information on how user data is handled, please refer to YouTube's Privacy Policy available at: (https://www.google.de/intl/de/policies/privacy).

6.9.2 Google Web Fonts

This page uses so-called web fonts, which are provided by Google, for the uniform display of fonts. When you call up a website, your browser loads the required web fonts into your browser cache to ensure that text and fonts are displayed correctly.

For this purpose, the browser you are using must establish a connection with the Google servers. When this happens, Google is informed that our website has been accessed via your IP address. Google Web Fonts are used in the interest of a uniform and appealing presentation of our online offers. This represents a legitimate interest within the meaning of Article 6 (1) (f) of the GDPR.

If your browser does not support web fonts, instead, a standard font will be used by your computer.

You can find more information about Google Web Fonts at developers.google.com/fonts/faq (https://developers.google.com/fonts/faq) and in Google's Privacy Policy: www.google.com/policies/privacy/

 

6.9.3 Vimeo

This website uses plug-ins from the Vimeo video portal. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, United States.

If you visit one of our web pages containing a Vimeo plug-in, a connection to the Vimeo servers will be established. The Vimeo server is thus informed which of our web pages you have visited. Vimeo also obtains your IP address. This is also the case if you are not logged in to Vimeo or do not have a Vimeo account. The information collected by Vimeo is transmitted to the Vimeo server in the United States.

If you are logged into your Vimeo account, you enable Vimeo to directly associate your surfing behaviour with your personal account. You can prevent this by logging out of your Vimeo account.

Vimeo is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Article 6 (1) (f) of the GDPR. If a corresponding consent has been requested, processing takes place exclusively on the basis of Article 6 (1) (a) of the GDPR; the consent may be revoked at any time.

For more information on how user data is handled, please refer to Vimeo's Privacy Policy available at: https://vimeo.com/privacy .

6.9.4 Google Maps

This website uses Google Maps to display maps and to plan routes. Google Maps is operated by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, United States.

By using this website, you agree that Google, one of its representatives or third-party providers may collect, process and use automatically collected data and the data you have entered.

You can find the terms of use for Google Maps under Google Maps Terms of Use.

You can find detailed information in the Privacy Centre of google.de: Transparency and options and Data protection regulations.

6.9.5 Podigee Podcast Hosting

We use the Podigee podcast hosting service from Podigee UG, Am Walde 2, 56249 Herschbach, Germany. As part of the service, podcasts are loaded by Podigee or transmitted via Podigee. Our use of the service is based on our legitimate interests, i.e. our interest in a safe and efficient provision, analysis and optimisation of our podcast offer in accordance with Article 6 (1) (f) of the GDPR. Podigee processes IP addresses and device information to enable podcast downloads/playbacks and to determine statistical data, such as the number of visits. This data is anonymised or pseudonymised by Podigee prior to storage in the database, unless it is required for the provision of the podcasts. Further information and options to object can be found in Podigee's Privacy Policy available at: https://www.podigee.com/de/about/privacy/.

6.9.6 Edudip next

We offer you the opportunity to register for our webinars via a landing page / on our website. The webinars themselves take place on the edudip next platform (hereinafter referred to as the “webinar service provider”) (details can be found in edudip’s Privacy Policy available at www.edudip.com/datenschutz). Edudip next is operated by edudip GmbH, Jülicher Strasse 306, 52070 Aachen, Germany.

We have concluded an order processing agreement with the webinar service provider in which we oblige it to protect our customers' data and not to pass it on to third parties. The cooperation with the webinar service provider ensures that the webinar is conducted properly using professional tools. This represents a legitimate interest within the meaning of Article 6 (1) (f) of the GDPR.

When you register for a free webinar, you are required to enter general information (company name, postcode, etc.) as well as personal data such as your email address and your name. After successful registration, you will receive automated emails from the webinar service provider, including your personal access link. Please also note the webinar service provider’s Privacy Policy (www.edudip.com/datenschutz). You can leave a webinar at any time. At the end of the webinar, all your data will also be stored for specific purposes and erased in accordance with the prescribed periods.

6.9.7 Webinars with GoToWebinar

To enable us to conduct webinars over the Internet, our company uses the software solution GoToWebinar from LogMeIn, Inc. 333 Summer Street, Boston, MA 02210 United States. LogMeIn, Inc. is responsible for the provision of this service and the associated data processing. You can find LogMeIn's Privacy Policy here: https://www.logmeininc.com/de/legal/privacy.

To conduct the webinar, we transmit your registration or customer data to LogMeIn, Inc. Your data is processed on the basis of your consent (Article 6 (1) (a) of the GDPR). An encrypted connection is established between you and the webinar organiser in order to conduct the webinar. The webinars are recorded as required in order to make them accessible on our website at a later date. Questions and related answers asked by participants during the session are also recorded and re-played when the webinar is accessed later. Statistical data is collected during and after the webinar. If you take part in a webinar, in addition to your registration data, we receive information about the duration of your participation, your interest in the webinar, questions asked or answers given. This is done for the purposes of further customer service or improvement of the user experience.

 

6.10 Issuu

Our website uses plug-ins from the Issuu digital publishing platform. The provider is Issuu Inc., 131 Lytton Ave, Palo Alto, CA 94301, United States.

If you visit one of our web pages containing an Issuu plug-in, a connection to the Issuu servers will be established. The Issuu server is thus informed which of our web pages you have visited. Issuu also obtains your IP address. This is also the case if you are not logged in to Issuu or do not have an Issuu account. The information collected by Issuu is transmitted to the Issuu server in the United States.

If you are logged into your Issuu account, you enable Issuu to directly associate your surfing behaviour with your personal account. You can prevent this by logging out of your Issuu account.

For more information on how user data is handled, please refer to Issuu's Privacy Policy available at: https://issuu.com/legal/privacy.

6.11 Watchado

This website uses the functions of a Whatchado plug-in. It is used to embed videos on our website. Whatchado is operated by whatchado GmbH, Möllwaldplatz 4/39, 1040 Vienna, Austria. If web pages containing this plug-in are called up, a connection with the Whatchado servers will be established. If a user is logged in to their Whatchado account, this enables Whatchado to directly associate the user’s surfing behaviour with their personal account.

6.11.1 HubSpot

We use HubSpot, software from HubSpot Inc., United States, for our online marketing activities - for example, to distribute newsletters. This software is used in the field of inbound marketing and supports us with statistical analyses and evaluations of the behaviour of registered users, thus allowing us to better coordinate our marketing strategy and optimise the content provided to you.

For more information, see the HubSpot Inc. Terms of Service and Privacy Policy available at: http://www.hubspot.com/terms-of-service and http://www.hubspot.com/privacy-policy. If you do not want the information about your visit to be used for the purposes described, you can also contact us. All information we collect is subject to this Privacy Policy.

6.11.2 Chatlösung

This website uses the live chat software from Userlike. Userlike uses cookies to save the content of the chat while you wait on the website and, if possible, to connect you to the same operator. The data collected is not used to personally identify the visitor to the website. It is only merged with personal data of the owner of the pseudonym if personal data has been voluntarily provided by the user when using the live chat tool. You can find Userlike's Privacy Policy here: https://www.userlike.com/de/privacy_policy

 

6.11.3 QUANTCAST

We use the Quantcast service on our website. Quantcast enables interest-based advertising. Quantcast is a service provided by Quantcast International Limited, Ireland. The service places cookies which forward data to Quantcast. If you wish to object to interest-based advertising by Quantcast, you can use the opt-out option provided by Quantcast: https://www.quantcast.com/de/opt-out/

Since the opt-out function is also cookie-based, your browser must be set to accept cookies from third parties. If you are using multiple devices or browsers, you will need to use the opt-out function on each of them individually. If you delete cookies, you will need to opt out again.

You can find Quantcast's Privacy Policy here: https://www.quantcast.de/datenschutz

 

6.12 Social media

Social media cookies make it possible to establish a connection to your social networks and to share the content of our website on your networks.

Our website uses buttons for the following social networks:

  • facebook, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, United States
  • Twitter, Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, United States
  • LinkedIn IrelandAttn: Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland
  • YouTube, LLC, 901 Cherry Ave., San Bruno CA 94066, United States 

 

The buttons are marked with the logo of the respective social network. However, these are not standard social network plug-ins, but buttons with stored links. You must activate the buttons separately by clicking on them. If you do not click on the buttons, no data will be transmitted to the social networks. Only when you click on the buttons and thereby declare your consent for communication with the servers of the social network will the buttons become active and a connection established.

When you click on one of the buttons, it serves the function of a so-called share plug-in. Information about the visited website is made available to the social network, which you can share with your contacts on the social network. If you wish to "share” the information, you must be logged in. If you are not logged in, you will land on the login page of the social network you have clicked on and you will be directed away from the tuev-nord.de website. If you are logged in, the social network is informed that you wish to recommend the respective article.

By activating the button, the social network is also informed, among other things, of the date and time of your access to the corresponding page of our website, and receives data such as your IP address, information on the browser used and the language settings. If you click on the button, your click will be transmitted to the social network and used according to its Data Usage Policy. The purpose and scope of the data collection and the further processing and use of the data by the respective social network as well as your rights and setting options to protect your privacy can be found under the following links:

6.12.1 Legal basis

Our participation in social media is intended to ensure the widest possible presence on the Internet. This represents a legitimate interest within the meaning of Article 6 (1) (f) of the GDPR. The analysis processes initiated by the social networks may be based on different legal bases that must be specified by the operators of the social networks (e.g. consent within the meaning of Article 6 (1) (a) of the GDPR).

6.12.2 Controller and exercising your rights

When you visit one of our social media pages (e.g. Facebook), we and the operator of the social media platform are joint controllers of the data processing operations triggered during your visit. You can generally exercise your rights (access, rectification, erasure, restriction of processing, data portability and lodging a complaint) against us as well as the operator of the respective social media platform (e.g. Facebook).

Please note that, despite being joint controllers with the operator of the social media platform, we do not have full control of the data processing operations undertaken by the social media platform. Our options are largely based on the company policy of the respective provider.

6.12.3 Storage period

The data collected directly by us via our social media page will be erased from our systems as soon as the purpose for its storage no longer applies, you request that we erase it, revoke your consent to storage or the purpose of data storage no longer applies. Saved cookies remain stored on

your end device until you delete them. Mandatory legal provisions, in particular retention periods, remain unaffected.

We have no control of the storage period of your data stored by the operators of the social networks for their own purposes. For details, please contact the operators of the social networks directly.

6.12.4 Social networks in detail

Facebook

We have a Facebook profile. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the data collected is also transferred to the United States and other third countries.

You can adjust your advertising settings yourself in your user account. To do this, click on the following link and log in: www.facebook.com/settings.

For details, please refer to Facebook’s Privacy Policy available at: https://www.facebook.com/about/privacy/.

Twitter

We use the microblogging service Twitter. The provider is Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, United States. 

You can adjust your Twitter privacy settings yourself in your user account. To do this, click on the following link and log in: twitter.com/personalization.

For details, please refer to Twitters’s Privacy Policy available at:  https://twitter.com/de/privacy .

LinkedIn

We have a LinkedIn profile. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. 

If you wish to deactivate LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out .

For more details on how your personal data is handled by LinkedIn, please refer to its Privacy Policy: https://www.linkedin.com/legal/privacy-policy .

Instagram

Functions of the Instagram service are integrated on this website. These functions are provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, United States.

If you are logged into your Instagram account, you can link the contents of this website to your Instagram profile by clicking on the Instagram button. This enables Instagram to associate your visit to this website with your user account. We wish to point out that, as the provider of the website, we are not informed by Instagram of the content of the data transmitted or its use by Instagram.

The storage and analysis of the data is based on Art. 6 (1) (f) of the GDPR. We have a legitimate interest in the greatest possible visibility on social media. If a corresponding consent has been requested, processing takes place exclusively on the basis of Article 6 (1) (a) of the GDPR; the consent may be revoked at any time.

Further information and options to object can be found in Instagram's Privacy Policy available at: https://instagram.com/about/legal/privacy/.

7 Contact requests for product information, newsletters or other matters

7.1 Description and scope of data processing

You can contact us in various ways on our website: using our contact form, subscribing to a newsletter, requesting an offer, requesting product information, etc. If you use this option, the data entered in the input mask will be transmitted to us and stored.

 In addition to the specific input mask data, the IP address and the date and time of the request are collected and stored. By sending the data, you are deemed to give your consent for its processing.

Alternatively, you can contact us by email. The user's personal data transmitted by email will then be stored.

In this context, the data will not be passed on to third parties, unless this is necessary to process the query. In any case, the data will only be used to process the conversation.

7.2 Legal basis for processing

The processing of personal data, where the user has given their consent, is based on Article 6 (1) (a) of the GDPR. The processing of personal data transmitted in the course of sending an email is based on Article 6 (1) (f) of the GDPR. If the objective of contacting us by email is to conclude a contract, the additional legal basis for processing is Article 6 (1) (b) of the GDPR.

7.3 Purpose of data processing

The sole purpose of the processing of the personal data from the input mask is to handle your request. If you contact us by email, we also have a necessary legitimate interest in processing the data.

The other personal data processed as part of the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

7.4 Duration of storage

If you have subscribed to a newsletter, requested product information or an offer, we reserve the right to store the data for two years in order to measure the profitability of our sales and marketing. Otherwise, we will erase the data as soon as it is no longer required to achieve the purpose for which it was collected. In respect of the personal data from the input mask of the contact form and that sent by email, the erasure takes place when the respective conversation with the user has ended. The conversation is considered to have ended when it can be inferred from the circumstances that the matter in question has been fully resolved.

The additional personal data collected as part of the sending process is erased after a period of seven days at the latest.

7.5 Objection and data erasure options

The user has the option to revoke their consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. For this purpose, a corresponding link is contained in each newsletter. The conversation can then no longer be continued. If this is the case, all personal data stored in the course of contacting us will be erased.

8 Support, advice and advertising for corporate customers

8.1 Description and scope of data processing

For the support, advice and advertising for corporate customers, in addition to the business partner or potential business partner, we collect and use the following data: the contact person, telephone number and postal address. We receive the information from various sources, either through an inquiry (website, email or telephone), but also through events, trade fairs, business cards that our sales staff receive, etc. In this context, the data is not passed on to third parties. The data is only used for the stated purposes.

8.2 Legal basis for processing

The processing of the data is based on our legitimate interest in data processing. If the objecting of contacting us is to conclude a contract, the additional legal basis for processing is the initiation of business and/or contractual relationship.

8.3 Purpose of data processing

We use this contact data exclusively for our own purposes and to tailor our sales activities to suit our needs.

8.4 Duration of storage

If our sales department has not had any contact with a given company in the last 15 months, the sales department will decide whether the contact person for the company contact should be deleted. If contact is established for the purposes of a pre-contractual relationship (offer, inquiry), the transmitted data will also be stored in our Customer Relationship Management system, or CRM for short.

8.5 Option to object and erase data

The company contact has the option to object to the processing of their personal data at any time. If this is the case, all personal data of the contact person that has been saved for the business partner will be erased.

9 Contact form

If you send us enquiries using the contact form, your details from the enquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on this data without your consent.

The processing of this data is based on Article 6 (1) (b) of the GDPR, insofar as your request is related to the performance of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Article 6 (1) (f) of the GDPR) or on your consent (Article 6 (1) (a) GDPR) if your consent has been requested.

The data you enter in the contact form will remain stored by us until you ask us to erase it, revoke your consent to storage or the purpose of data storage no longer applies (e.g. after your request has been processed). Mandatory legal provisions, in particular retention periods, remain unaffected.

Enquiry by email, phone or fax

If you contact us by email, telephone or fax, your enquiry, including all personal data resulting from it (name, enquiry), will be stored and processed by us for the purpose of handling your request. We do not pass on this data without your consent.

The processing of this data is based on Article 6 (1) (b) of the GDPR, insofar as your request is related to the performance of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Article 6 (1) (f) of the GDPR) or on your consent (Article 6 (1) (a) GDPR) if your consent has been requested.

The data you send to us using the contact form will remain stored by us until you ask us to erase it, revoke your consent to storage or the purpose of data storage no longer applies (e.g. after your request has been processed). Mandatory legal provisions, in particular statutory retention periods, remain unaffected.

For the comment function on this website, in addition to your comment itself, information on the time the comment was written, your email address and the username you have chosen (unless you post anonymously) will be stored.

Storage of the IP address

The comment function stores the IP addresses of the users who post comments. Since we do not check comments on this website before they are published, we require this data in order to take action against the author in the event of legal violations such as abuse or propaganda.

9.1 Salesforce - Sales Cloud

For the purpose of managing user accounts and optimising and automating sales processes, some of our European subsidiaries use Sales Cloud, a cloud-based application from Salesforce.com. Inc, The Landmark @ One Market, Suite 300, San Francisco, CA 94105 (hereinafter: "Salesforce"). In this context, your user master data is processed, for example, to enable logging in with your Accord login (username and password) and to manage your communication settings. In addition, Salesforce uses pixel tags and cookies (see Section 4) to implement tracking measures and collect statistical information (e.g. the type, frequency and intensity of the use of the website) as well as the history of the web pages, offers and products accessed. In addition to a general statistical analysis, the information collected is stored in your Salesforce user account in order to optimise our sales processes based on your actual or perceived interests

You can prevent tracking by Salesforce by clicking on this link. An opt-out cookie is placed, thus preventing the future collection of your data when you visit this website. The opt-out cookie is only valid in the specific browser, only for our website and is stored on your device. If you delete the cookies in this browser, you will have to set the opt-out cookie again.

Further information on data protection in connection with Salesforce can be found in the Salesforce Privacy Policy.

Salesforce is used in accordance with Article 6 (1) (f) of the GDPR due to our legitimate economic interest in optimising our sales activities and managing user accounts. These interests are to be regarded as legitimate within the meaning of the aforementioned regulation.

Users can find further information in the Salesforce Privacy Policy available at: https://www.salesforce.com/de/company/privacy/.

10 Visiting Accelerated Mobile Pages (AMP)

Some of our websites are optimised for mobile devices using AMP. These download a Javascript file from the cdn.ampproject.org server. This file is integrated through a server call, which is usually a Google server in the United States. As a result, your IP address may be stored and evaluated by Google. You can find more information in Google's Privacy Policy, which you can access here: ttps://policies.google.com/privacy?hl=de

11 Online applications

You can apply online via the TÜV NORD online application portal. Your online application will be forwarded directly to our HR Department via an encrypted connection and will, of course, be treated confidentially. Applications are only to be sent in via the application portal. Should you nevertheless apply to us by email, we wish to expressly point out that sending unencrypted emails or email attachments is not secure.

Your details will be used to process your application and to make a decision about establishing an employment relationship. This is based on Section 26 (1) in conjunction with Section (8) sentence 2 of the Federal Data Protection Act. Furthermore, your personal data may be processed insofar as this is necessary for the purpose of defence against legal claims asserted against us and arising from the application process. This is based on Article 6 (1) (f) of the GDPR. We have a legitimate interest in the stated purposes.

Insofar as an employment relationship is established between you and us, we may process the personal data previously received from you for the purposes of the employment relationship in accordance with Section 26 (1) of the Federal Data Protection Act, if this is necessary for the implementation or termination of the employment relationship or for the exercise of or compliance with the rights and obligations of the employee representatives arising from a law, a collective agreement or an employer/works council agreement.

Your application data will not be processed beyond the scope of the use described above.

Once the application process has been completed, your personal data will be erased after 6 months at the latest, provided that its erasure is not precluded by any other legitimate interests on our part or unless you have consented to longer storage. Other legitimate interest in this respect is, for example, the burden of proof in proceedings under the General Equal Treatment Act (AGG).

12 Security and integrity of data

Protecting the information with which you provide us or that we receive about you is our priority. We take appropriate security measures to protect your data against loss, misuse and unauthorised access, as well as modification, disclosure or destruction. TÜV NORD AG has taken measures to ensure the ongoing confidentiality, integrity, availability and reliability of systems and services that process personal data and will restore the availability and access to information in the event of a physical or technical incident.

13 Your rights

If your personal data is processed, you are a data subject within the meaning of the GDPR and, after successful identification, you may exercise the following rights against us:

13.1 Right of access

You have the right to obtain confirmation from our company as to whether personal data concerning you is being processed.

If this is the case, you may request information from us about a variety of matters such as:

  1. the purposes for which your personal data is processed;
  2. the categories of personal data being processed;
  3. the recipients or the categories of recipients to whom your data has been or will be disclosed;
  4. the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  5. the existence of the right to request from our company the rectification or erasure of your personal data, or restriction of processing by our company, or to object to such processing;
  6. the existence of the right to lodge a complaint with a supervisory authority;
  7. all available information about the origin of your personal data, unless your personal data was collected from you;
  8. the existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.

You have the right to request information about whether your personal data is being transmitted to a third country or to an international organisation. In the context of such transmission of data, you can request information about the appropriate safeguards in accordance with Article 46 of the GDPR.

13.2 Right to rectification

You have the right to have your personal data rectified and/or completed if the data is inaccurate or incomplete. We will then rectify it without undue delay.

13.3 Right to restriction of processing

Under certain conditions, you can request the restriction of the processing of your personal data.

  1. If you contest the accuracy of your personal data, in which case its processing should be restricted for a period enabling us to verify the accuracy of your personal data;
  2. If the processing is unlawful and you oppose the erasure of your personal data and request the restriction of its use instead;
  3. If we no longer need the personal data for the purposes of the processing, but you require the data for the establishment, exercise or defence of legal claims, or
  4. if you have objected to processing, pending the verification whether the legitimate grounds of our group of companies and affiliated subsidiaries override those of you as the data subject.

Where the processing of your personal data has been restricted, with the exception of storage, we may only process this data with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person. If the processing of your personal data has been restricted in accordance with the above requirements, we will inform you before the restriction of processing is lifted.

13.4 Right to erasure

You have the right to request that we erase your personal data without undue delay and we will then have the obligation to erase such data without undue delay where one of the following grounds applies:

  1. Your personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
  2. You withdraw your consent on which the processing is based according to Article 6 (1) (a) of the GDPR, or of Article 9 (2) (a) of the GDPR, and where there is no other legal ground for the processing.
  3. You object to the processing pursuant to Article 21 (1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21 (2) of the GDPR.
  4. The personal data concerning you has been unlawfully processed.
  5. The personal data concerning you must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.

Where we have made your personal data public and are obliged pursuant to Article 17 (1) of the GDPR to erase such data, taking account of available technology and the cost of implementation, we must take reasonable steps, including technical measures, to inform other companies which are processing your personal data that you have requested the erasure by such companies of any links to, or copy or replication of, this personal data (“right to be forgotten”).

The right to erasure does not apply to the extent that processing is necessary:

  1. for exercising the right of freedom of expression and information;
  2. for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  3. for reasons of public interest in the area of public health in accordance with points of Article 9 (2) (h) and (i) as well as Article 9 (3) of the GDPR, or
  4. for the establishment, exercise or defence of legal claims.

13.5 Right to require our company to inform third parties

If you have exercised your right to rectification, erasure or restriction of processing against our company, we are obliged to communicate such rectification or erasure of personal data or restriction of processing to each recipient to whom we have disclosed your personal data, unless this proves impossible or involves disproportionate effort. You also have the right to request that we inform you about those recipients.

13.6 Right to data portability

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where:

  • the processing is based on consent pursuant to Article 6 (1) (a) of the GDPR or Article 9 (2) (a) of the GDPR or on a contract pursuant to Article 6 (1) (b) of the GDPR and the processing is carried out by automated means.
  • In exercising your right to data portability, you have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. This right must not adversely affect the rights and freedoms of others.

The right to data portability does not apply to processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

13.7 Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6 (1) (e) or (f) of the GDPR, including profiling based on those provisions.

In this case, we will no longer process personal data concerning you, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

Where personal data is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, we will no longer process your personal data for such purposes.

You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent prior to its withdrawal.

13.8 Right against automated individual processing

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects that concern you or similarly significantly affect you.

The above does not apply if the decision:

  1. is necessary for entering into, or performance of, a contract between you and us,
  2. is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or
  3. is based on your explicit consent.

In the cases referred to in (1) and (3), the data controller must implement suitable measures to safeguard the your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of our company, to express your point of view and to contest the decision.

13.9 Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR. The names and contact information of the competent supervisory authorities in the European Union can be found at http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm

The supervisory authority with which the complaint has been lodged must inform the

complainant on the progress and the outcome of the complaint including the

possibility of a judicial remedy pursuant to Article 78 of the GDPR.

The Lower Saxony State Commissioner for Data Protection is the data protection authority responsible for TÜV NORD AG:

Barbara Thiel
Prinzenstraße 5
30159 Hanover

Tel.:                       +49 (511) 120 45 00
Fax:                       +49 (511) 120 45 99
Email:                     poststelle@lfd.niedersachsen.de 

14 Foreign language pages

Insofar as parts of the website are also offered in languages other than German, this is exclusively a service aimed at employees, customers and interested parties of the TÜV NORD GROUP who do not speak German.

15 Disclaimer and limits of this data protection notice

This data protection notice only refers to processing taking place on the website. Other websites are not covered by this data protection notice and provide their own specific data protection notices.

If you are not satisfied with the data protection measures presented here or if you have any questions regarding the collection, processing and/or use of your personal data, please do not hesitate to contact us. We will answer your questions as soon as possible and try to implement your suggestions. Please address your data protection concerns to privacy@tuev-nord.de.

16 Updates

This Privacy Policy will be updated with future effect in the event of new legal requirements or significant changes to the functionality of our website. We therefore recommend that you read our Privacy Policy at regular intervals. In the event that we make any material changes, we will clearly indicate it in this section.