*Please note that the following translation is provided as a courtesy and that the legally binding text is in the original German.
TÜV SÜD is pleased that you’ve visited this website. We take the protection and security of the personal data that you provide to us seriously and want you to feel secure and comfortable visiting our websites and using our services.
It is important to us that you know which personal data are collected for the use of our offerings and services and how we use this data afterwards.
Purposes of Data Processing
Processing of Personal Data
Accessing Our Website
We collect and store the IP address assigned to your computer in order to transmit the contents of our website as you request them (e.g. texts, images and files made available for download, etc.) (see General Data Protection Regulation (GDPR) Article 6, Paragraph 1 (b)). Furthermore, we process this data to detect and track any data misuse. The legal basis for this is GDPR Article 6, Paragraph 1 (f) in this regard. Our legitimate interest in data processing pertains to the proper functioning of our website.
To the extent that we process your data for the purposes of ensuring the functionality of our website, as described above, you are contractually obliged to provide us with this data.
Inasmuch as we process your data for the purposes of receiving and processing your respective inquiry or order as described above, you are contractually obliged to provide us with such data. Without this data we will not be able to carry out the corresponding processing.
If you have consented to the processing of personal data (see GDPR Article 6, Paragraph 1 (a)), you may revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent before the revocation of such.
Disclosure to Third Parties
As a rule, your information is forwarded to the relevant TÜV SÜD company for the purpose of processing and is processed there.
In doing so we partly use (Germany-based) service providers that process data on our behalf. In the cases described herein, the information is passed on to these third parties to enable further processing. These external service providers are carefully selected and regularly reviewed by us to ensure that your privacy is maintained.
The service providers are bound by directives and are accordingly obligated by us among others to treat your data exclusively in accordance with our instructions and the applicable data protection laws. In particular they are required to treat your data in strict confidence and they are further prohibited from processing the data for any purpose other than what has been agreed upon.
The transfer of data to processors occurs on the basis of GDPR Article 28, Paragraph 1.
We also do not sell your data to third parties nor do we otherwise exploit them.
The disclosure of this data is based on our legitimate interest in the fight against misuse, the prosecution of criminal offenses, and the protection, assertion and enforcement of claims, unless superseded by your rights and interests in the protection of your personal data as described in GDPR Article 6 (1) (f).
Planned Data Transfer to Third Countries
Data transfer to third countries is not planned at the moment; if this should become the case, the appropriate legal conditions will be created. You will be informed in particular about the respective recipients or categories of recipients according to the legal requirements.
TÜV SÜD uses technical and organizational security measures to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. This also applies if external service providers are used. The effectiveness of our security measures will be reviewed and measures will be continuously improved in line with technological developments. Entered personal data are always transmitted in a highly encrypted manner.
We use the following types of cookies:
• Basic/Necessary Cookies
These cookies are fundamental to the functioning of our website. This can for instance include the assignment of anonymous session IDs to bundle multiple queries to a web server or for the error-free functioning of registrations and orders.
• Functionality Cookies
These cookies help us save any settings you choose or support other features as you navigate through our site. In this way we can remember your favorite settings for your next visit or save your login details for specific areas of our website.
• Performance/Statistics Cookies
These cookies collect information about how you use our website (for example the internet browsers used, number of visits, pages viewed or time spent on the website). These cookies do not store any information that allows a personal identification of the visitor. The information collected using these cookies is aggregated and thus anonymous.
Anonymized Website Tracking
We analyze the visits to our website in order to better adapt this website to our customers’ needs. We use your IP address, which we anonymize beforehand (and potentially similar numbers exchanged between computers during normal internet use) with the intention of being able to analyze data, including the subpages visited, your browser and your computer. Cookies are also set for this purpose. Our cookie contains a unique number to recognize you only on our websites, but not on third-party websites. The stored data is evaluated exclusively for statistical purposes and the IP address in particular is not associated with a specific person. Any disclosure to third parties does not occur.
The Use of Google Universal Analytics
This website uses Google Universal Analytics, a web analytics service provided by Google Inc. (“Google”). Google Universal Analytics uses what are known as “cookies,” which are small text data saved to your computer that enable the analysis of your use of the website. The information generated by the cookie about your use of this website (including your IP address) is usually sent to a Google server in the United States and stored there.
You can prevent data acquisition by Google Universal Analytics by clicking on the link below. It sets an opt-out cookie that prevents the future collection of your information when visiting this website: deactivate Google Universal Analytics.
Additional online tools are used on the subpages of the TÜV SÜD Academy, www.tuev-sued.de/academy.
Integration of Social Network Plug-Ins
Our website uses buttons for the following social networks:
• Facebook, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA
• Twitter, Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA
The buttons are marked with the logo of the respective social network. These are not the usual social plug-ins, but buttons with links. The buttons must be separately activated by clicking on them. As long as these buttons are not clicked, no data will be transmitted to the social networks. Only when you click on the buttons and thus declare your consent for communication with the servers of the social network do the buttons become active and a connection is made.
After clicking, the button corresponds to a so-called share plug-in. The social network will be provided with information about the page you are visiting, which you can share with your contacts in your social network. You must be logged in if you want to “share” the information. If you are not logged in, you will end up on the login page of the social network you have clicked on and you are then no longer on the pages of tuv-sud.com. If you are logged in, the information is sent that you want to recommend the respective article.
By activating the button, the social network will also receive among other things the information that you have visited the corresponding page of our website and when, and also for instance your IP address, browser details and language settings. If you click the button, your click will be sent to the social network and used according to its data usage guidelines.
If you activate the button, we have no influence on the collected data and data processing operations, are not responsible for this data processing, and in this respect are also not responsible within the scope of the GDPR. We are also not aware of the full extent of the data collection, its legal basis, the purposes and the period of retention. Therefore the information provided here is unavoidably incomplete.
To the best of our knowledge, the provider stores this data in user profiles that it uses for the purposes of advertising, market research and/or customized website design. Such an evaluation is carried out (also for non-logged-in users) particularly to display needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to refuse the compilation of these user profiles. To exercise this right of refusal, please contact the respective provider.
For the purpose and scope of data collection and the further processing and use of the data by the respective social network as well as your respective rights and options to protect your privacy, please refer to the information provided:
• by Facebook: www.facebook.com/about/privacy
• by Twitter: twitter.com/privacy
If you do not want social networks to receive data about you, simply do not click the buttons.
Statutory Deadlines for Data Deletion
Other Use of Data and Data Deletion
Further processing or use of your personal data generally only takes place if a legal provision allows this or if you have consented to the processing or use of said data. In the event of further processing for purposes other than the ones for which the data were originally collected, we will inform you of these other purposes before further processing and provide you with other relevant information.
Misuse Detection and Tracking
We keep information for detecting and tracking data misuse, particularly your IP address, for a maximum of seven (7) days. The legal basis in this respect is GDPR Article 6 Paragraph 1 (f). Our legitimate interest in retaining this data for seven (7) days is to ensure the proper functioning of our website and the transactions carried out as well as to be able to ward off cyber attacks and the like. We use anonymized usage information as necessary to customize our website.
Rights Regarding the Processing of Personal Data
Right of Disclosure
You have the right to obtain information from us, upon request and at any time, about your personal data within the scope of GDPR Article 15. You may submit a request by post or email to the addresses below.
Right to Correct Incorrect Data
You have the right to demand the immediate correction of your personal data if these are incorrect (GDPR Article 16). Please contact us at the contact addresses below for this.
Right of Deletion
You have a right to the immediate deletion of your personal data (“right to be forgotten”) when naming the legal grounds for this according to GDPR Article 17. Such grounds exist, for example, if the personal data are no longer necessary for the purposes for which they were originally processed, or if you have revoked your consent, or if there is no other legal basis for such processing; or if the person in question submits an objection to the processing (and there are no pre-existing grounds for processing—this does not apply to objections to direct advertising). To assert your abovementioned rights, please contact us at the contact addresses provided below.
Right to Restrict Processing
You have the right to restrict processing if the conditions are met and in accordance with GDPR Article 18. In particular, processing may be restricted if the processing is unlawful and the person in question chooses not to delete the personal data but instead requests certain restrictions on the use of the personal data, or if the person objects to the processing of their personal data according to GDPR Article 21 Paragraph 1, as long as it is remains uncertain as to whether our legitimate reasons outweigh theirs. To assert your abovementioned rights, please contact us at the contact addresses provided below.
Right to Data Portability
You have a right to data portability according to Article 20 GDPR. You have the right to receive the data that you have provided to us in a standard, structured and machine-readable format and to transfer this data to another responsible party, such as another service provider. The prerequisite for this is that the processing is based on consent or on a contract and takes place by means of automated processes. To assert your abovementioned rights, please contact us at the contact addresses provided below.
Right of Objection
You have the right to object to the processing of your personal data at any time, for reasons arising from your particular situation, including but not limited to the basis of GDPR Article 6 Paragraph 1 (e) or (f), and to file an objection according to GDPR Article 21. We will cease the processing of your personal information unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, pursuing or defending legal claims. To assert your abovementioned rights, please contact us at the contact addresses provided below.
Right to Appeal to a Supervisory Authority
If you believe that our processing of your personal data is not allowed, you have the right to appeal to the supervisory authority responsible for us, which you may contact under the following:
Bavarian Data Protection Authority
Promenade 27 (Schloss)
Phone: +49 981 53 1300
Fax: +49 981 53 98 1300
Data Protection Officer
If you have further questions about the processing of your personal data, you can directly contact our data protection officer, who is also available regarding requests for information, other requests and complaints.
Officer Peter Walko
TÜV SÜD Business Services GmbH
Westendstr. 199 80686 Munich
Phone: +49 89 5791-2798
Contact Information for Person Responsible:
TÜV SÜD AG Westendstr. 199
80686 Munich Germany
Phone +49 89 5791-0
Data Protection Officer
Dated: March 2018