1. Name and address of the controller
The controller, as defined in the General Data Protection Regulation, other data protection legislation applicable in the Member States of the European Union and other provisions of a data protection nature is the:
2. Name and address of the Data Protection Officer
The controller’s Data Protection Officer is:
The setting of cookies can be prevented at any time by changing the appropriate setting in the internet browser. Cookies that have been set can be deleted. Please note that when cookies are deactivated you may not be able to make full use of all functions of our internet site.
4. Creation of log files
Every time our internet site is visited, TÜV NORD AG collects data and information by means of an automated system. These are stored in the server log files.
The following data can be collected in this way:
- Information about the browser type and the version used
- The user’s operating system
- The user’s internet service provider
- The user’s IP address
- Date and time of access
- Websites from which the user’s system reached our internet site
- Websites which the user’s system accessed from our website
The processing of the data helps with delivering the content of our website, guaranteeing the functionality of our information technology systems and optimising our internet site. The log files data are always stored separately from other personal data related to the user.
5. Registration on our internet site
If the data subject takes the opportunity to register on the controller’s internet site by providing personal data, the data in the input form will be transmitted to the controller. The data will be stored exclusively for the purpose of internal use by the controller.
When the user registers, his IP address will be stored, together with the date and time of registration. This is to prevent misuse of the services. The data are not passed on to third parties. The exception to this is if there is a legal obligation to pass them on.
The registration of the data is necessary for the provision of content or services. Registered persons can have the stored data altered or erased at any time. The data subject can receive information about the personal data stored concerning him at any time.
If the data subject subscribes to our newsletter, the data in the relevant input form will be transmitted to the controller.
When the user registers for the newsletter, his IP address will be stored, together with the date and time of registration. This is to prevent misuse of the services or of the data subject’s email address. The data are not transferred to third parties. The exception to this is if there is a legal obligation to pass them on.
The data will be used exclusively for sending the newsletter. The data subject can cancel the newsletter subscription at any time.
Similarly, consent to the storage of the personal data can be withdrawn at any time. In each newsletter there is a link for this purpose.
7. Options for making contact
On the TÜV NORD GROUP website there is a contact form which can be used for making contact electronically. Alternatively, contact can be made via the email address provided. If the data subject contacts the controller using one of these channels, personal data transmitted by the data subject will automatically be stored. This storage is solely for the purpose of processing, or for contacting the data subject. The data are not passed on to third parties.
8. Routine erasure and blocking of personal data
The controller processes and stores the data subject’s personal data only for as long as is necessary to achieve the purpose of the storage. Storage can extend beyond that period if this is provided for by European or national legislators in Union regulations, legislation or other provisions to which the controller is subject.
As soon as the storage purpose is no longer applicable or a storage period prescribed in the provisions referred to above expires, the personal data will be routinely blocked or erased.
9. Rights of the data subject
If personal data concerning you are being processed, you are a data subject as defined by the GDPR and you have the following rights vis-à-vis the controller:
9.1 Right to information
You can obtain confirmation from the controller as to whether personal data concerning you are being processed by us.
If this is the case, you can obtain from the controller the following information:
- the purposes for which the personal data are being processed;
- the categories of personal data which are being processed;
- the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
- the intended storage duration of the personal data concerning you or, if it is not possible to provide concrete details of this, the criteria for determining the storage duration;
- the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
- the existence of a right to lodge a complaint with a supervisory authority;
- where the personal data are not collected from the data subject, any available information as to their source;
- the existence of automated decision-making, including profiling, referred to in Art. 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to obtain information as to whether the personal data concerning you are transferred to a third country or to an international organisation. In this regard, you have the right to be informed of the appropriate safeguards under the terms of Art. 46 GDPR relating to the transfer.
Where data are processed for scientific or historical research purposes or statistical research purposes:
This right to information can be restricted in so far as it is likely to render impossible or seriously impair the achievement of the research or statistical objectives and the restriction is necessary for the fulfilment of the research or statistical objectives.
9.2 Right to rectification
You have a right to rectification and/or completion vis-à-vis the controller in so far as the personal data being processed concerning you are inaccurate or incomplete. The controller must undertake the rectification without delay.
Where data are processed for scientific or historical research purposes or statistical research purposes:
Your right to rectification can be restricted in so far as it is likely to render impossible or seriously impair the achievement of the research or statistical objectives and the restriction is necessary for the fulfilment of the research or statistical objectives.
9.3 Right to restriction of processing
You can request the restriction of the processing of the personal data concerning you where one of the following applies:
- where you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
- the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
- the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims, or
- where you have objected to processing under the terms of Art. 21(1) GDPR and it has not yet been established whether the legitimate grounds of the controller override your grounds.
Where processing of the personal data concerning you has been restricted, these personal data shall – with the exception of storage – only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
Where restriction of processing has been obtained under the conditions described above, you will be informed by the controller before the restriction is lifted.
Where data are processed for scientific or historical research purposes or statistical research purposes:
Your right to restriction of processing can be restricted in so far as it is likely to render impossible or seriously impair the achievement of the research or statistical objectives and the restriction is necessary for the fulfilment of the research or statistical objectives.
9.4 Right to erasure
9.4.1. You can request the erasure by the controller of the personal data concerning you without delay, and the controller is obliged to erase the data without delay, where one of the following grounds applies:
- The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- You withdraw the consent on which the processing is based under the terms of Art. 6(1)(a) or Art. 9(2)(a) GDPR and where there is no other legal ground for the processing;
- You object to the processing under the terms of Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing under the terms of Art. 21(2) GDPR.
- The personal data concerning you have been unlawfully processed;
- The personal data concerning you have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
- The personal data concerning you have been collected in relation to the offer of information society services referred to in Art. 8(1) GDPR.
9.4.2. Where the controller has made the personal data concerning you public and is obliged under the terms of Art. 17(1) GDPR to erase them, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you, as the data subject, have requested the erasure by them of any links to, or copy or replication of, those personal data.
9.4.3. The right to erasure does not apply to the extent that processing is necessary
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation which requires processing in accordance with Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- for reasons of public interest in the area of public health in accordance with points (h) and (i) of Art. 9(2) as well as Art. 9(3) GDPR;
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89(1) GDPR in so far as the right referred to in Para. 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
- for the establishment, exercise or defence of legal claims.
9.5 Right to information
If you have exercised your right vis-à-vis the controller to rectification, erasure or restriction of processing, the controller is obliged to inform all recipients to whom the personal data concerning you has been disclosed of this rectification or erasure of the data or restriction of their processing, unless this proves impossible or involves disproportionate effort. You have the right vis-à-vis the controller to be informed concerning these recipients.
9.6 Right to data portability
You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. In addition, you have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
- the processing is based on consent in accordance with point (a) of Art. 6(1) GDPR or point (a) of Art. 9(2) GDPR or on a contract in accordance with point (b) of Art. 6(1) GDPR; and
- . the processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. This must not adversely affect the freedoms and rights of others.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
9.7 Right to object
You have the right to object at any time, on grounds relating to your particular situation, to processing of personal data concerning you which is based on point (e) or (f) of Art. 6(1) GDPR, including profiling based on those provisions.
The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing is for the establishment, exercise or defence of legal claims.
Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing. This also applies for profiling, to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
Where personal data concerning you are processed for scientific or historical research purposes or statistical purposes under the terms of Art. 89(1) GDPR, you have the right, on grounds relating to your particular situation, to object to such processing.
Your right to object can be restricted in so far as it is likely to render impossible or seriously impair the achievement of the research or statistical objectives and the restriction is necessary for the fulfilment of the research or statistical objectives.
9.8 Right to withdrawal of declaration of consent under data protection law
You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
9.9 Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you adversely. This does not apply if the decision:
- is necessary for conclusion or performance of a contract between you and the data controller;
- is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
- is based on your explicit consent.
However, these decisions must not be based on special categories of personal data referred to in Art. 9(1) GDPR, unless point (a) or (g) of Art. 9(2) applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
In the cases referred to in points (a) and (c), the data controller must implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
9.10 Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or the place of the alleged infringement if you consider that the processing of personal data concerning you infringes the GDPR.
The supervisory authority with which the complaint has been lodged is to inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy under the terms of Art. 78 GDPR.
10. Transfer of data to third parties
This website collects and stores data for marketing and optimisation purposes using technology provided by etracker GmbH. From these data, usage profiles can be created under a pseudonym. Cookies may be used for this. Cookies are small text files which are stored locally in the cache of the internet browser of the person visiting the site. The cookies facilitate the recognition of the internet browser.
Pixel tags, web beacons, clear GIFs or similar tools, collectively referred to below as pixel tags, are used to measure and statistically record the use of a website and its response rates. Pixel tags allow us to count the users who visit the sub-pages of a website and to perform services associated with our brands, and they help us to determine and optimise the use of our internet sites. Without the express consent of the data subject, data collected by using etracker technologies will not be used to identify the visitor to this website personally and will not be merged with the personal data about the bearer of the pseudonym. The consent to data collection and storage may be withdrawn at any time with effect for the future.
This website uses functions provided by the web analysis service Google Analytics. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses what are known as cookies. These are text files that are stored on your computer and facilitate an analysis of your use of the website. The information generated by the cookie about your use of this website is generally transferred to, and stored on, a server operated by Google in the USA.
On this website we have activated an IP anonymisation function.
This means that within the Member States of the European Union or in other signatory states to the Agreement on the European Economic Area your IP address will be truncated by Google before transmission to the USA. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activities and providing other services relating to the use of the website and the use of the internet for the website operator. Google will not associate the IP address that your browser transmits within the scope of Google Analytics with any other data held by Google.
You can prevent the storage of cookies by selecting an appropriate setting in your browser software; however please note that if you do this, you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) at Google as well as the processing of these data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en
Objection to data collection
You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will then be set which prevents the collection of your data when you visit this website in future: deactivate Google Analytics
Contract data processing
We have entered into a contract with Google for the processing of contract data and fully comply with the strict provisions of the German Data Protection Authorities when using Google Analytics.
Use of Google Maps
This website uses Google Maps to display maps and to generate route maps.
Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
By using this website you consent to the collection, processing and use by Google, one of its representatives, or third party providers, of the data automatically collected and the data input by you.
You will find full details in the Google Data Protection Center: Transparency and choice as well as data protection provisions.
Google Adwords Remarketing
Google Adwords Conversion Tracking
In addition, this website uses Google Conversion Tracking. This means that Google AdWords will place a cookie on your computer if you have reached our website via a Google advertisement. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits particular pages of the website of the AdWords customer and the cookie has not yet expired, Google and the customer recognise that the user clicked on the advertisement and was directed to this page. In addition, this website uses Google Conversion Tracking. This means that Google AdWords will place a cookie on your computer if you have reached our website via a Google advertisement. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits particular pages of the website of the AdWords customer and the cookie has not yet expired, Google and the customer recognise that the user clicked on the advertisement and was directed to this page. Each AdWords customer receives a different cookie. So cookies cannot be traced via the AdWords customers’ websites. The information collected with the aid of conversion cookies generates conversion statistics for AdWords customers who have opted-in to conversion tracking.
This informs the AdWords customers of the total number of users who have clicked on their advertisement and been directed to a page that contains a conversion tracking tag. However, they do not receive any information with which it is possible to identify users personally. If you do not want to participate in the tracking process, you can refuse the placing of cookies required, e.g. via a browser setting that deactivates the automatic placing of cookies across the board. You can also deactivate conversion tracking cookies by setting your browser so that cookies from the www.googleadservices.com domain are blocked. You will find Google’s data protection information on conversion tracking in Google’s Data Protection Provisions.
These services have been specifically developed for mobile devices (such as smartphones). In some cases content has been loaded from other sources (mainly to ensure that the data are up to date, e.g. the list of our test centres or map material from map providers). Functions are always executed on the end device. If we access functions on TÜV NORD servers (e.g. in order to find the nearest test centres to a given location on tuev-nord.de for performance reasons), we discard these data there after the transfer of results. We only process personal data if it is necessary for the purpose of the app or if you have given us your explicit consent. Data are not passed on to third parties. We reserve the right to carry out statistical evaluation of anonymized data records.
Geo-data are used for localisation services (e.g. your location at the time of calling up the “...find nearest test centre” functionality). We do not combine these geo-data with your personal data, but use them only for the purpose of localisation within the framework of the app or sub-function of an app you have accessed. After localisation, we discard these geo-data. Depending on your device, you can also generally switch off the location option (see information from the manufacturer of your device). However, if you do the localisation function of the app cannot be used.
Data are also stored on your device; personal data are always stored in encrypted form, although some data are also stored in unencrypted form (e.g. settings of specific on/off switches of our apps). If your device is lost, misuse by third parties cannot be ruled out. We therefore recommend that you adopt the device-specific measures against misuse (user lock, etc.). Please refer to the information provided by the manufacturer of your device. You should also make use of the options for removing personal data from your device when passing it on, e.g. when selling it.
Integration of plug-ins for social networks
Our website uses buttons for social networks:
- facebook, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA
- Twitter, Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA
- Xing, XING AG, Gänsemarkt 43, 20354 Hamburg, Deutschland
- YouTube, LLC, 901 Cherry Ave., San Bruno CA 94066, USA
The buttons use the logo of the respective social network. However, these are not the usual social plug-ins, but are buttons with stored links. To activate these links you must activate (click) the buttons. As long as these buttons are not clicked, no data are transferred to the social networks. It is only when you click on the buttons and thereby declare your consent to communication with the servers of the social network that the buttons become active and the connection is established.
After being clicked, the button is equivalent to what is known as a share plugin. The social network is provided with information about the page you visit, which you can share with your contacts on your social network. If you want to share the information, you must be logged in. If you are not logged in, you will be taken to the login page of the social network you clicked on and you will no longer be on the pages of tuev-nord.de. Once you are logged in, the information that you would like to recommend the article will be transmitted.
By activating the button, the social network then also receives the information that you accessed the relevant page of our website and when you did so, as well as your IP address, information on the browser used and the language settings. When you click the button, your click is sent to the social network and is used according to its data usage guidelines. To find out about the purpose and scope of data collection and the further processing and use of the data by the relevant social network, as well as your rights and settings options for the protection of your privacy, please go to:
Podigee podcast hosting
We use the podcast hosting service known as Podigee from the provider Podigee UG, Am Walde 2, 56249 Herschbach, Germany. The podcasts are uploaded or transmitted via Podigee.
Their use is based on our legitimate interests, i.e. our interest in the secure and efficient provision, analysis and optimisation of our podcasts in accordance with Art.6(1)(f) GDPR.
Podigee processes IP addresses and device information to enable podcast downloads/streaming and to collect statistical data such as download and streaming figures. These data are anonymised or pseudonymised before being stored in Podigee's database, unless they are required for the provision of the podcasts.
11. Legal basis of processing
Insofar as we obtain the consent of the data subject for the processing of personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
For the processing of personal data necessary for the performance of a contract to which the data subject is a party, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Article 6(1)(c) GDPR serves as the legal basis.
In the event that the vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) GDPR serves as the legal basis.
If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not override the former interest, Article 6(1)(f) GDPR serves as the legal basis for processing. The legitimate interest of our company lies in the performance of our business activities.
12. Duration of the storage of personal data
Personal data are stored for the duration of the respective legal retention period. After the expiry of this period, the data will be routinely erased, unless there is a need to initiate or fulfil a contract.
13. Foreign language pages
In so far as parts of the website are also offered in languages other than German, this is exclusively a service for employees, customers and interested parties of TÜV NORD GROUP who do not speak German.