Last revised: 20.11.2019
1. Name and address of the Data Controller
The entities responsible within the meaning of the General Data Protection Regulation (GDPR), other data protection laws in force in the Member States of the European Union and other provisions with the character of data protection are:
2. Name and address of the Data Protection Officer
The controller’s Data Protection Officer is:
In your browser settings, you can prevent cookies from tracking you or prohibit the storage of third-party cookies.
However, if you delete all cookies, this will include any previously placed opt-out cookies, with the effect that you will have to declare any previously registered objections all over again.
We want to give you the opportunity to make an informed decision for or against the use of those cookies which are not absolutely necessary for the technical functions of the website. Please note that, if you reject cookies used for advertising purposes, the advertising you are shown will be less appropriate and tailored to your interests. You will, however, still be able to make full use of the website.
We distinguish between cookies which are essential for the technical functions of the website and optional cookies.
To enable you to set your desired privacy settings for visits to our website as individually as possible, we will give you options below to change your preferences regarding the “Technically Necessary”, “Statistics” and “Convenience and Personalisation” categories.
"Technically Necessary” category
These cookies are necessary for the technical operation of the site and the management of our commercial business objectives. Some of the functions of our websites cannot be offered without the use of these cookies.
We use technically necessary cookies based on our legitimate interests (Art. 6 (1)(f) GDPR). Our legitimate interest lies in ensuring that our websites work and are as easy to use as possible. Among other things, logging is necessary to fulfil the provisions of Section 13 (2) of the German Telemedia Act (TMG) and cannot be revoked.
In order to further improve our offer and our website, we collect anonymised data for statistical and analytical purposes. These cookies allow us, for example, to determine the number of visitors and the effect of certain pages of our website and to optimise our content.
Analytical cookies and tags allow us to generate general statistics, such as the number of views, which areas of the websites are viewed most frequently, and information concerning visitor locations and the average length of time users spend on the websites. This allows us to improve the quality of our websites and content.
On our websites, we use Google Analytics, a web analytics service provided by Google Ireland Lim-ited, with registered office at Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics places cookies on your device which make it possible to evaluate your use of our web-sites. For this purpose, Google collects data, for instance, to uniquely identify your browser and records information about when and how often you have visited our websites, how much time you have spent on our websites and how you have interacted with our websites (for more information, see here).
We have added the “get._anonymizeIP();” code to Google Analytics. This tells Google to truncate your IP address and enables anonymised evaluation. IP addresses are truncated within the EU or the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. The IP address transmitted by your browser within the scope of Google Analytics will not be combined with other data held by Google. The data ob-tained by means of cookies are usually transmitted to a Google server in the USA and stored there. Compliance with data protection standards and the upholding of your rights are ensured by the certification of Google under the EU-US Privacy Shield. Google transmits data to third parties where consent has been given, to do so is necessary for legal reasons or such third parties have been commissioned with the processing of these data on Google's behalf.
On our behalf, Google uses the data collected via Google Analytics to evaluate the use of our websites, to compile reports on website activity and to provide further services related to website activity and Internet use.
We use Google Analytics only with your consent. We obtain your consent via the cookie banner when you access our websites (opt-in procedure).
You can prevent the storage of cookies by setting your browser software accordingly; however, we would point out that, in this case, you may not be able to make full use of all the functions of this website. You can also prevent the collection by Google of data related to your use of the website (including your IP address) generated by the cookie and the processing of these data by Google by downloading and installing the browser add-on. Opt-out cookies will prevent the future collection of your data when you visit this website.
Contract data processing
We have concluded a contract with Google for contract data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
“Convenience and Personalisation” category
We use these cookies to make it easier for you to use the site. For instance, the site will load more quickly and easily when you return to it.
Cookies in this category are also used to show you personalised content that matches your inter-ests. This allows us to present you with offers.
4. Generation of log files
Every time the website is accessed, TÜV NORD AG collects data and information via an automated system. These are stored in the server's log files.
The following data can be collected in this way:
- Information about the browser type and version used
- The user's operating system
- The user's Internet service provider
- The user's IP address
- Date and time of access
- Websites from which the user’s system accesses our website
- Websites accessed by the user’s system via our website
The processing of the data serves to deliver the contents of our website, to ensure the functionality of our information technology systems and to optimise our website. The data in the log files are always stored separately from other personal user data.
5. 5. Registration on our website
If the data subject uses the opportunity to register on the controller’s website by submitting personal data, the data in the input form in question will be sent to the controller. The data will be stored exclusively for the purpose of internal use by the controller.
The user’s IP address and the date and time of registration will be stored at the point of registration. This is to prevent misuse of the services. The data will not be passed on to third parties unless there is a legal obligation to do so.
The registration of the data is necessary for the provision of content or services. Registered persons can require the deletion or amendment of the stored data at any time. The data subject can ask at any time for information concerning the personal data stored in respect of him/her.
If a user subscribes to our company newsletter, the data in the input form in question will be transmitted to the controller.
When subscribing to the newsletter, the user's IP address will be stored along with the date and time of registration. This is to prevent misuse of the services or the e-mail address of the data subject. The data will not be passed on to third parties unless there is a legal obligation to do so.
The data will be used only to send the newsletter. The subscription to the newsletter can be cancelled by the data subject at any time.
In the same manner, consent to the storage of personal data can also be revoked at any time. Every newsletter includes a link to enable the user to do so.
7. Ways to get in touch
A contact form with which users can contact the company in question electronically is available on the websites of the TÜV NORD GROUP companies. Contact is also possible using the e-mail address provided. If the data subject contacts the controller via one of these channels, the personal data transmitted by the data subject will automatically be stored. This storage is for the sole purpose of processing the data subject’s request or contacting the data subject. The data will not be passed on to third parties.
8. Routine deletion and blocking of personal data
The controller processes and stores personal data of the data subject only for as long as this is necessary to achieve the purpose for which they have been stored. Storage may also take place to the extent provided for by the European or national legislature in EU regulations, laws or other regulations to which the controller is subject.
As soon as the purpose of the storage ceases to apply or a storage period prescribed by the aforementioned provisions expires, the personal data will routinely be blocked or deleted.
9. Rights of the data subject
If your personal data are processed, you are a data subject within the meaning of the GDPR and have the following rights in respect of the controller:
9.1 Right of access
You may request confirmation from the controller as to whether your personal data are being processed by us.
If such processing is taking place, you can require the controller to provide the following information:
the purposes for which the personal data are being processed;
- the categories of personal data that are being processed;
- the recipients or categories of recipients to whom your personal data have been or are still being disclosed;
- the planned duration of the storage of your personal data or, if specific information is not possible, the criteria for determining the storage period;
- the existence of a right to rectification or erasure of your personal data, a right to restriction of the processing thereof by the controller or a right to object to such processing;
- the existence of a right of appeal to a supervisory authority;
- if the personal data are not collected from the data subject, any available information on the origin of the data;
- the existence of automated decision-making, including profiling, in accordance with Articles 22(1) and (4) GDPR and, at least in these cases, meaningful information on the logic in-volved, as well as the scope and intended impact of such processing on the data subject.
You have the right to request information on whether your personal data are being transferred to a third country or an international organisation. In this context, you may in accordance with Article 46 GDPR require that appropriate safeguards are put in place in connection with the data transfer.
In the case of data processing for scientific or historical research purposes or for statistical research purposes:
This right to information may be limited to the extent that it is likely to make it impossible or very difficult to fulfil the research or statistical purposes and this limitation is necessary for this fulfilment of the research or statistical purposes.
9.2 Right to rectification
You may assert a right to rectification and/or completion against the controller if your personal data as processed are incorrect or incomplete. The controller must undertake the rectification without delay.
In the case of data processing for scientific or historical research purposes or for statistical research purposes, your right to rectification may be limited to the extent that it is likely to make it impossible or very difficult to fulfil the research or statistical purposes and this limitation is necessary for this fulfilment of the research or statistical purposes.
9.3 Right to restrict processing
You may request the restriction of the processing of your personal data under the following conditions:
- if you are disputing the accuracy of your personal data for a period of time that allows the controller to verify the accuracy of the personal data;
- if the processing is unlawful, and you refuse the deletion of your personal data and instead request the restriction of the use of your personal data;
- if the controller no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
- if you have objected to the processing in accordance with Article 21(1) GDPR and it has not yet been determined whether the legitimate reasons of the controller outweigh your reasons.
If the processing of your personal data has been restricted, such data may only be used with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of a other natural or legal person or for reasons of an important public interest of the Union or of a Member State.
If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
In the case of data processing for scientific or historical research purposes or for statistical research purposes, your right to restrict the processing may be limited to the extent that it is likely to make it impossible or very difficult to fulfil the research or statistical purposes and this limitation is necessary for the fulfilment of the research or statistical purposes.
9.4 Right to erasure
9.4.1. You can request the immediate deletion of your personal data, and the controller is obliged to delete these data immediately if one of the following reasons applies:
- your personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
- you revoke your consent upon which the processing is based in accordance with Art. 6 (1)(a) a or Art. 9 (2)(a) GDPR, and there is no other legal basis for processing;
- you object to the processing in accordance with Article 21 (1) GDPR and there are no overriding legitimate reasons for processing, or you object to the processing in accordance with Art. 21 (2) GDPR;
- your personal data have been processed unlawfully;
- the erasure of your personal data is necessary to fulfil a legal obligation under EU law or the law of the Member States to which the controller is subject;
- your personal data have been collected in relation to information society services offered in accordance with Article 8 (1) GDPR.
9.4.2. . If the controller has made your personal data public and is obliged to delete them in accordance with Article 17 (1) GDPR, he shall take appropriate measures, also of a technical nature, taking into account the available technology and the implementation costs, to inform data controllers who process the personal data that you, as a data subject, have requested that they delete all links to these personal data or to copies or replications of these personal data.
9.4.3. The right to erasure does not apply where the processing is necessary
- to exercise the right to freedom of expression and information;
- to fulfil a legal obligation requiring processing under EU law or the law of the Member States to which the controller is subject, or to perform a task which is in the public interest or takes place in the context of the exercise of official authority delegated to the controller;
- for reasons of public interest in the field of public health, in accordance with Article 9 (2) (h) and (i) and Art. 9 (3) GDPR;
- for archival, scientific or historical research purposes in the public interest or for statistical purposes in accordance with Art. 89 (1) GDPR, in so far as the right referred to in paragraph 1 is likely to make the attainment of the objectives of such processing impossible or very difficult, or e. for the assertion, exercise or defence of legal claims.
9.5 Right to information
If you have asserted the right to rectification, erasure or restriction of the processing against the controller, the controller is obliged to communicate this correction or erasure of the data or restriction of processing to all recipients to whom your personal data have been disclosed, unless to do so proves impossible or involves a disproportionate amount of effort. You have the right to be informed of the identity these recipients.
9.6 Right to data portability
You have the right to receive the personal data that you have provided to the controller in a struc-tured, standard and machine-readable format. In addition, you have the right to transfer these data to another controller without hindrance by the controller to whom the personal data have been provided, under the condition that:
- the processing is based on the granting of consent in accordance with Art. 6 (1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract in accordance with Art. 6 (1)(b). GDPR and
- the processing is carried out with the aid of automated procedures.
In exercising this right, you also have the right to have your personal data transferred directly by one controller to another controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this.
The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task which is in the public interest or carried out in the context of the exercise of official authority delegated to the controller.
9.7 Right to object
You have the right, for reasons arising from your particular situation, to object at any time to any processing of your personal data based on Article 6(1) (e) or (f) GDPR; this applies also to profiling based on these provisions.
The controller will no longer process your personal data, unless he can prove the existence of compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or unless the processing serves the purpose of the assertion, exercise or defence of legal claims.
If your personal data are processed for direct advertising purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also ap-plies to profiling where it is related to such direct advertising.
If you object to processing for direct advertising purposes, your personal data will no longer be processed for these purposes.
You have the option to exercise your right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures which use technical specifications.
In the case of data processing for scientific or historical research purposes or for statistical research purposes, you also have the right, for reasons arising from your particular situation, to object to the processing of your personal data for scientific or historical research purposes or for statistical purposes in accordance with Article 89(1) GDPR.
Your right to object may be limited to the extent that it is likely to make it impossible or very difficult to fulfil the research or statistical purposes and this limitation is necessary for this fulfilment of the research or statistical purposes.
9.8 Right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. This revocation of consent does not affect the legality of the processing carried out on the basis of that consent until such time as it is revoked.
9.9 Automated decisions on a case-by-case basis, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which has legal implications for you or significantly affects you in a similar way. This does not apply if the decision:
- is necessary for the conclusion or performance of a contract between you and the controller,
- is permitted by EU or Member State legislation to which the controller is subject, and that legislation contains appropriate measures to safeguard your rights and freedoms and legitimate interests, or
- is taken with your express consent.
However, such decisions may not be based on specific categories of personal data under Article 9 (1) GDPR, unless Article 9 (2)(a) or (g) apply and appropriate measures have been taken to protect rights and freedoms and your legitimate interests..
With regard to the cases referred to in a. and c., the controller shall take appropriate measures to safeguard rights and freedoms and your legitimate interests, including at least the right to obtain the intervention of a person on the part of the controller, to state one's own position and to challenge the decision.
9.10 Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence, place of employment or place of the alleged violation, if you believe that the processing your personal data is in breach of the GDPR.
The supervisory authority with which the complaint was lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.
The State Commissioner for Data Protection in Lower Saxony is the data protection authority re-sponsible for TÜV NORD AG:
Tel.: +49 511 120 45 00
Fax: +49 511 120 45 99
10. Disclosure of data to third parties
You can prevent the storage of cookies by setting your browser software accordingly; however, we would point out that, in this case, you may not be able to make full use of all the functions of this website. You can also prevent the collection by Google of data related to your use of the website (including your IP address) generated by the cookie and the processing of these data by Google by downloading and installing the browser plug-in available from the following link:tools.google.com/dlpage/gaoptout
Objection to data collection
You can prevent Google Analytics from collecting your data by clicking on the following link. An opt-out cookie will be placed to prevent the collection of your data on future visits to this website: Disable Google Analytics
Use of Google Maps
This website uses Google Maps to display maps and create directions.
Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
By using this website, you agree to the collection, processing and use by Google, one of its repre-sentatives, or third parties of automatically collected data and data entered by you.
Google Adwords Remarketing
Google Adwords Conversion Tracking
This website also uses Google Conversion Tracking. Google Adwords places a cookie on your com-puter if you have accessed our website via a Google ad. These cookies expire after 30 days and are not used for personal identification. If the user visits certain pages of the Adwords customer's web-site and the cookie has not yet expired, Google and the customer can recognise that the user has clicked on the ad and been redirected to this page.
Each Adwords customer receives a different cookie. Cookies cannot therefore be tracked through the websites of Adwords customers. The information collected using the conversion cookie is used to generate conversion statistics for Adwords customers who have opted for conversion tracking.
These services are specifically designed for mobile devices (such as smartphones). In some cases, content from other sources is reloaded (mainly to keep data such as the list of our test sites or map material from map providers up to date). Functions are always carried out on the end device. If we call up functions on TÜV NORD servers (e.g. to find the nearest test sites on tuev-nord.de for reasons of performance at a given location), we will discard these data after the result has been transferred. We process personal data only if to do so is necessary for the purpose of the app or if you have given us explicit consent. Data will not be passed on to third parties. We reserve the right to carry out a statistical analysis of anonymised data sets.
Geo-data are used for localisation services (e.g. your location at the time of activation of the functionality “...find the nearest test centre”). We will not combine these geo-data with your personal data but will use them only for the purpose of localisation within the scope of the app or partial function of an app that you call up. After localisation, we will discard these geodata. Depending on your device, you can also switch off the general location services option (see the information provided by the manufacturer of your device). This will, however, render the app’s localisation function unusable.
Data are also stored on your device; personal data are generally stored in encrypted form, although some data are also stored in unencrypted form (e.g. settings of specific on/off switches in our apps). In the event of the loss of your device, the possibility of misuse by third parties cannot be ruled out We therefore recommend that you use the device-specific measures to prevent misuse (use block, etc.). Please refer to the information provided by the manufacturer of your device. You should also use the option to remove personal data from your device when passing it on to someone else, e.g. by selling it.
Integration of social network plug-ins
Our website uses buttons for the various social networks:
- Facebook, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA
- Twitter, Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA
- Xing, XING AG, Gänsemarkt 43, 20354 Hamburg, Germany
- YouTube, LLC, 901 Cherry Ave., San Bruno CA 94066, USA
The buttons are marked with the logos of the respective social networks. However, these are not standard social plug-ins but buttons with stored links. The buttons must be specifically activated by you by clicking on them. If you do not click on these buttons, no data will be transmitted to the social networks. Only when you click on the buttons, thus declaring your consent to communication with the servers of the social network, will the buttons become active and the connection be established.
Once you have clicked on it, the button will in effect become a share plug-in. The social network will be provided with information about the page you have visited which you can share with your contacts on your social network. If you want to share the information, you must be logged in. If you are not logged in, you will be directed to the login page of the social network you clicked on and will no longer be on the tuev-nord.de site. If you are logged in, the information will be provided that you would like to recommend the article in question.
By activating the button, the social networks will also receive the information that you have accessed the corresponding page on our website, and when you did so, as well as, for example, your IP address, information about your browser and your language settings. When you click on the button, your click will be transmitted to the social network and used according to its data use policies. The purpose and scope of the data collection and the further processing and use of the data by the social network in question, along with your rights in this regard and setting options for the protection of your privacy can be found in the following information:
on Facebook: http://www.facebook.com/about/privacy
on Google: policies.google.com/privacy
on Google: https://policies.google.com/privacy
on Twitter: http://twitter.com/privacy
on Xing: https://www.xing.com/privacy
on YouTube: http://www.youtube.com/t/privacy_at_youtube
Podigee podcast hosting
We use the podcast hosting service known as Podigee from the provider Podigee UG, Am Walde 2, 56249 Herschbach, Germany. The podcasts are uploaded or transmitted via Podigee. Their use is based on our legitimate interests, i.e. our interest in the secure and efficient provision, analysis and optimisation of our podcasts in accordance with Art.6 (1)(f) GDPR. Podigee processes IP addresses and device information to enable podcast downloads/streaming and to collect statistical data such as download and streaming figures. These data are anonymised or pseudonymised before being stored in Podigee's database, unless they are required for the provision of the podcasts.
11. Legal basis for processing
Where we obtain the consent of the data subject for the processing of personal data, Article 6 (1)(a) GDPR serves as the legal basis thereof.
Article 6 (1)(b) GDPR serves as the legal basis for the processing of the personal data which is required for the fulfilment of a contract to which the data subject is a party. This also applies to processing operations necessary for the implementation of pre-contractual measures.
Where the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Article 6 (1)(c) GDPR serves as the legal basis thereof.
If vital interests of the data subject or another natural person require the processing of personal data, Article 6 (1)(d) GDPR serves as the legal basis thereof.
If the processing is necessary to safeguard a legitimate interest of our company or a third party, and the interests, fundamental rights and freedoms of the data subject do not outweigh the aforementioned interest, Article 6 (1)(f) GDPR serves as the legal basis for the processing. The legitimate interest of our company lies in the conduct of our business activities.
12. Duration of storage of personal data
Personal data will be stored for the duration of the applicable statutory retention period. Once this period has expired, the data will routinely be deleted unless their retention is required for the initiation or fulfilment of a contract.
13. Foreign language pages
Where parts of the website are also offered in languages other than German, this is exclusively a service for employees, customers and interested parties in the TÜV NORD GROUP who do not speak or understand German.
If you are not satisfied with the data protection measures presented here, or if you still have ques-tions regarding the collection, processing and/or use of your personal data, please contact us. We will answer your questions as soon as possible and make every effort to implement your suggestions. Please address your privacy issues to firstname.lastname@example.org .
If you would like to receive information about your personal data stored in our IT systems or wish to erase your personal data, please use our online form concerned with safeguarding the rights of the data subject.