Data Protection

The data protection representative of the responsible party is:

TÜV Informationstechnik GmbH
IT Security – Business Security & Privacy
Fachstelle für Datenschutz
Langemarckstraße 20
45141 Essen

Telefon 0201 – 8999-899
Telefax 0201 – 8999-666
E-Mail: p.kattner@tuvit.de

1. Scope of processing personal data
   As a rule, we collect and use the personal data of our users only if it is necessary to provide a well-functioning website as well as contents and services. The collection and use of our users’ personal data is carried out regularly only with our users’ consent. Exceptions can be made in such cases if a prior consent cannot be given due to actual reasons and the processing of data is permitted on legal regulations.
2. Legal basis of processing personal data
   If we ask for the respective person’s consent for the purposes of the processing of personal data, Article 6 (1) lit.b of the European General Data Protection Regulation (EU-DSGVO) serves as a legal basis for the processing of personal data.
   When processing such personal data which is necessary for fulfilling a contract in which the contractual party is the person concerned, Article 6 (1) lit.b of the European General Data Protection Regulation (EU-DSGVO) serves as a legal basis. This also applies to processes which are necessary for carrying out pre-contractual measures.
   If the processing of personal data is required to comply with legal obligations our company is subject to, Article 6 (1) lit. c of the European General Data Protection Regulation (EU-DSGVO) serves as a legal basis.
   In the event that vital interests of the person concerned or any other natural person make the processing of personal data necessary, Article 6 (1) lit. d of the European General Data Protection Regulation (EU-DSGVO) serves as a legal basis.
   If the processing is necessary in order to safeguard our company’s or a third party’s legitimate interest and if the fundamental rights and freedoms do not outweigh the aforementioned interests, Article 6 (1) lit. f of the European General Data Protection Regulation (EU-DSGVO) serves as a legal basis for the processing.
3. Data deletion and duration of data storage
   The personal data of the respective person is deleted or blocked as soon as the purpose of storage is no longer required. Then, data may only be stored if this is provided by the European or national legislators in legal directives, laws or other regulations the responsible party is subject to. Also, a blockage or deletion of data is carried out if the statutory storage periods stipulated by the mentioned norms expire unless there is the necessity to further store the data for the conclusion or the fulfillment of a contract.

1. Description and scope of data processing
   Each time when viewing our internet page, our system automatically gathers data and information from the viewing computer.
   The following data can be collected here:
   • Information on the type of browser and the used version
   • The user’s operating system
   • The user’s internet service provider
   • The user’s IP address
   • Date and time of the access
   • Websites from which the user’s system can access our internet page
   • Websites which can be viewed by the user’s system via our website

   Also, the data is stored in the log files of our system. Data storage together with other personal data of the user will not occur.

2. Legal basis for data processing
   The legal basis for temporary stored data and log files is Article 6 (1) lit. f of the European General Data Protection Regulation (EU-DSGVO).
3. Purpose of the data processing
   The temporary storage of the IP address by the system is necessary in order to make a delivery of the website to the user’s computer possible. For this purpose, the user’s IP address must be stored for the duration of the session.
   The storage in log files is carried out in order to ensure the functionality of the website. In addition to that, the data helps us to optimize the website and to safeguard the security of our IT systems. An analysis of the data for marketing purposes will not take place in this process.
   For these purposes, we have a legitimate interest in the data processing according to Article 6 (1) lit. f of the European General Data Protection Regulation (EU-DSGVO).
4. Duration of storage
   The data is deleted as soon as it is no longer required for the purposes of data collection. This is the case, when the respective session is finished in the event of data collection in order to provide the website.
   When storing data in log files this will happen within seven days at the latest. Further storage of data is possible. In this case, the users‘ IP addresses are deleted or masked so that an allocation of the viewing client is not possible anymore.
5. The possibility to object and eliminate
   is imperative to operate the internet page. Therefore, the user does not have the possibility to object.

1. Description and scope of the data processing
   On our internet page there is a contact form which can be used for getting into contact with us elctronically. If a user chooses this option, all data entered into the input screen is transferred to us and saved. This data comprises:
   • required information: first name, last name, email and message
   • optional information: company
   Additionally, date and time is stored when sending a message.
   For data processing, the basis for sending procedure your consent is gathered and referred to this privacy policy.
   Making contact is also possible by using the provided email address. In this case, the user’s personal data transmitted via email is saved.
   We use the Captcha service “reCAPTCHA v3” of Google LLC. More information about the service can be found at https://www.google.com/recaptcha/intro/v3.html. For more details about the Google Privacy Policy, please visit https://policies.google.com/privacy?hl=en.
2. Legal base for data processing
   The legal base for the processing of data is Article 6 (1) lit. f of the European General Data Protection Regulation (EU-DSGVO) upon the user’s consent..
   The legal base for processing data which was transmitted by email is Article 6 (1) lit. f of the European General Data Protection Regulation (EU-DSGVO). If the email contact aims to conclude a contract, the additional legal base for the processing is Article 6 (1) lit. b of the European General Data Protection Regulation (EU-DSGVO).
3. Purpose of the data processing
   The processing of personal data from the input field serves one purpose only and this is to process the contact. If a contact is made via email, there is a necessary legitimate interest in processing the data.
   The other personal data which is processed during the sending procedure is necessary to prevent any misuse of the contact form and to ensure the security of our IT systems.
4. Duration of storage
   The data is deleted as soon as it is no longer necessary for the purposes of collecting data. This is the case for personal data coming from the input screen and the data which was sent by email when the respective conversation with the user is finished. The conversation is finished when it can be ascertained that the subject at hand is eventually clarified.
   Additional personal data which was gathered while it was submitted, is deleted after a seven day’s notice at the latest.
5. Possibility to object and eliminate
   The user may revoke their consent to process personal data anytime. If the user contacts us via email, they may object to the storage of their personal data anytime. In this case the conversation cannot be continued.
   The revocation of the consent and the objection to the storage can be done by letter, email or fax.
   In this case, all personal data which was saved in the course of making a contact is deleted.

In order to design our website as convenient and comfortable as possible for you as a user, we occasionally appoint external service providers. Below you find information on data protection regulations regarding the use of such services and functions to exercise your rights with service providers if necessary.

1. Google-Analytics
   Google Analytics is a service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses cookies, i.e. text files which are saved on your computer enabling Google to analyze the use of our offer. As a rule, information about the use of our web pages including your IP address gathered by the cookie is transferred to and saved on a Google server in the USA. Please note that Google Analytics has been extended by the code „gat._anonymizelp()“ on our web pages in order to guarantee an anonymized version of IP addresses (so-called IP masking) which is why we have arranged for Google to gather your IP address in an “abridged” version ensuring anonymization and allowing no conclusions to be drawn about your identity. In the case of the activation of the IP anonymization on our websites, your IP address is shortened by Google within member states of the European Union or other contractual states of the agreement on the European Economic Area. The full IP address is tranferred to a Google server in the USA and shortened there in exceptional circumstances only. Google will use the stated information to analyze your use of our web pages, to compile reports about web page activities for us and to provide us with further services related to the use of web pages and the internet. The IP address transmitted from your browser by Google Analaytics will not be combined with other Google data. This data is only transmitted to third parties by Google as a result of legal regulations or on the basis of the order data processing. Under no circumstances will Google combine your data with other data collected through Google. In using these web pages, you agree to the access and processing of personal data and its purposes. You may prevent the storage of cookies by using specific settings in your browser software; we should inform you, however, that you may not use the whole range of functions on our web pages completely when doing so. Furthermore, you are able to prevent the gathering of data which is created by a cookie and related to the use of these web pages (including your IP address) to Google as well as the processing of this data by Google by downloading and installing the browser plugin available under the following link.
   For more information on Google Analytics and data protection click on
   http://tools.google.com/dlpage/gaoptout?hl=de .
2. Google-AdWords
   This website uses the online avertising programme „Google AdWords“ and in this context the conversion tracking. The cookie for conversion tracking is set when a user clicks on an advert placed by Google. These cookies will lose their validity after 30 days and are not used for the purposes of personal identification. If the user visits specific pages on this website and the cookie has not expired yet, we and Google are able to recognize that the user has clicked on this advert and been transferred to this page. Each Google AdWords customer obtains another cookie. Thus, cookies cannot be traced back over the web pages of AdWords customers. Information which was gathered by conversion cookies is used to create conversion statistics for those AdWords customers who have opted for conversion tracking. The customers will come to know the total amount of users who clicked on their advert and who were transferred to a site containing a conversion tracking tag. They may not, however, obtain any information making a personal user identification possible. Those users who do not wish to take part in tracking are able to easily deactivate the cookie in the Google conversion tracking in their internet browser under user settings. Those users will not be incorporated in the conversion tracking statistics. Learn more about the Google data protection regulations..
3. Social Plugins
   Our website uses social plugins (“plugins“) from different social networks. By using these plugins you may share contents, for example, or recommend products. The plugins on our web pages are deactivated by default and therefore do not send any data. By clicking on the button “Social Media” you are able to activate the plugins. Of course, the plugins can be deactivated again with one click.
   If the plugins are activated, your browser establishes a direct connection with the servers of the respective social network as soon as you enter a page on our website. The content of the plugin is directly transmitted to your browser by the social network and incorporated in the website.
   By incorporating plugins, the social network receives the information that you have entered on the respective page of our website. If you have logged in the social network, it can allocate your visit to your account. If you interact with the plugins, for example if you click on facebook’s “Like” button or if you comment on something, this information is directly transmitted to the social network by your browser and saved there.
   Information as regards aim and scope of gathering and further processing and use of data by social networks as well as your rights and configuration options to protect your privacy can be obtained from the data protection information on the respective social networks and websites. You can find the respective links below.
   Even if you are not registered with social networks, data can be sent from websites with active social plugins to the networks. With each access to a website a cookie with an identifier is set by an active plugin. As your browser sends this cookie with each connection to a network server automatically, the network could principally create a profile showing the web pages the user, who belongs to one specific identifier, has visited. It would also be possible then to allocate this identifier to a person again, for example when logging in a social network at some time later.
   On our web pages we use the following plugins:
   • LinkedIn
   • Xing
   If you do not want the social networks to access data about you via active plugins, you may either deactivate the social plugins by clicking on our web pages, or select the function “Block cookies from third-party providers“ in your browser settings. The browser containing embedded contents from other providers will then not send any cookies from third-party providers to the server anymore. However, aside from plugins, other cross-site functions may not function anymore when selecting these settings.
   a) LinkedIn
   We use plugins on the social network linkedin.com run by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland („LinkedIn“). Here, you can find the link to the privacy policy of Linkedin: data privacy statement of LinkedIn.
   b) Xing
   We use plugins of the social network Xing run by XING SE, Dammtorstraße 30, 20354 Hamburg, Germany („Xing“).Here, you can find the link to the privacy policy of Xing: data privacy statement of Xing.

According to Article 15 DS-GVO and § 34 BDSG, you have the unlimited right to obtain free information in regards to your data stored by us; also, you have the right to delete or block inadmissible data or the right to the correction of incorrect data according to § 35 BDSG.
Upon request, we are happy to inform you in writing about the personal data we have stored. If possible, we will take appropriate measures to update or correct data saved on our system at short notice. Please send all requests for information, enquiries or objections per email giving your complete postal address directly to our data protection representative.
If your personal data is processed, you are a concerned party according to the General Data Protection Regulations (DSGVO) and you are entitled to the following rights against the responsible party:

1. 1. The right to request information
   You may request a confirmation on whether personal data concerning you is being processed by us.
   If this is the case, you may request the following information from the person in charge:
   • the purpose for processing personal data;
   • the categories of personal data that is processed;
   • the recipents or categories of recipients your personal data has been disclosed to or is still to be disclosed to;
   • the planned duration of storing your personal data or, in case such information is not available, criteria regarding the determination of duration of storage;
   • the right to correction or deletion of your personal data, the right to limit the processing through the responsible party or the right to object to this processing;
   • the right to make a complaint to a supervisory authority;
   • all available information on the origin of the data if the personal data is not gathered from the person concerned;
   • the existence of an automated decision-making process including profiling according to Article 22 (1,4) DSGVO and – at least in these cases – plausible information on the logic involved as well as the consequences and the intended implications of such processing on the person concerned.
   You have the right to demand information on whether your personal data is forwarded to a third country or an international organization. In this context you may demand to be informed about the appropriate guarantees according to Article 46 of the General Data Protection Regulations in connection with the transmission.
2. 1. The right to correction
   You have the right to correction and/or completion against the party in charge if your processed personal data is incorrect or incomplete. The party in charge must carry out the correction immediately.
3. 1. The right to limitation of the processing
   You may demand a limitation of the processing of your personal data on the following conditions:
   • if you deny the correctness of your personal data for a duration enabling the party in charge to check the correctness of the personal data;
   • if the processing is unlawful and you refuse the deletion of your personal data and demand a limited use of personal data instead;
   • if the party in charge no longer needs the personal data for the puposes of processing, however, you need this data to make claim, assert or defend legal rights or
   • if you object to the processing according to Article 21 (1) of the General Data protection regulation and it has not been decided yet whether the legitmate reasons of the party in charge outweigh your reasons.
   If the the processing of your personal data has been limited, this data – -apart from its storage – may be processed only with your consent or to make a claim, assert or defend legal rights or to protect the rights of another natural or legal person or for reasons of important public interests of the EU or a member state.
   If the limitation of the processing has been limited according to the aforementioned conditions, you will be informed by the party in charge before the limitation is suspended.
4. 1. The right to deletion
   a) Obligation to deletion
   You may demand that your personal data is deleted immediately and the party in charge is obliged to delete this data immediately if one of the following reasons apply:
   • Your personal data is no longer necessary for the puposes it has been gathered or processed for.
   • You revoke your consent the processing of your personal data was based on according to Article 6 (1) lit. a or Article 9 (2) lit a. of the General Data Protection Regulations and there is no other legal basis for the processing of your personal data.
   • You object to the processing according to Article 21 (1) of the General Data Protection Regulations and there are no other legitimate reasons of higher priority for the processing or you object to the processing according to Article 21 (2) of the General Data Protection Regulations.
   • Your personal data has been processed in an unlawful manner.
   • The deletion of your personal data is required to fulfil legal obligations according to EU law or the law of the member states the party in charge underlies.
   • Your personal data has been gathered with reference to the offered services of the information society according to Article 8 (1) of the General Data Protection Regulations.
   b) Information to third parties
   If the party in charge has published your personal data and is obliged to delete this data according to Article 17 (1) of the General Data Protection Regulations, it will take appropriate measures, also technical ones, taking into consideration the available technology and the implementation costs, to inform the persons in charge of data protection who process personal data that you, as the person concerned, have demanded the deletion of all links to this personal data or of copies or replications of this personal data.
   c) Exceptions
   There is no right to deletion if the processing is necessary
   • to exercise the right to freedom of speech and information;
   • to fulfil a legal obligation which requires the processing according to EU law or the law of the member states the party in charge underlies, or to perform a duty of public interest or a duty which is performed due to the exercise of public authority which has been passed on to the party in charge;
   • for reasons of public interest in the field of public health according to Article 9 (2) lit. h and Article 9 (3) of the General Data Protection Regulations;
   • for the purposes of archiving underlying public interests, for scientific or historical purposes or for statistical purposes according to Article 89 (1) of the General Data Protection Regulations if the regulations stated in a) presumably make the realization of the targets of the processing impossible or impair it seriously or
   • to claim for, assert or defend legal rights.
5. 1. The right to information
   If you have asserted your right to correction, deletion or limitation of the processing from the responsible party, they are obliged to inform all recipients of your personal data as regards to correction, deletion or limitation of the processing unless this turns out to be impossible or leads to extreme efforts.
   You may assert the right from the responsible party to be informed about these recipients.
6. 1. The right to transferability of data
   You have the right to obtain your personal data you have provided to the responsible party in a structured, common and machine-readable format. Also, you have the right to transfer this personal data to another responsible party without obstruction by the responsible party you have provided your personal data with if
   (1) the processing is based on a consent according to Article 6 (1) lit. a or Article 9 (2) lit. a of the General Data Protection Regulations or on a contract according to Article 6 (1) lit. b of the General Data Protection Regulations and
   (2) the processing is carried out by means of automated processes.
   In the execution of these rights you also have the right to have your personal data directly transmitted from one responsible party to another one if this is technically feasible. However, the freedom and rights of other persons must not be impaired.
   The right to the transferability of data does not apply to the processing of personal data which is necessary for performing a duty being part of the public interest or to perform a duty which is performed due to the exercise of public authority which has been passed on to the responsible party.
7. 1. The right of opposition
   You have the right, for reasons resulting from your personal situation, to object to the processing of your personal data having been carried out in accordance with Article 6 (1) lit. e or f of the General Data Protection Regulations anytime; this also applies to a profiling based on these regulations.
   The responsible party no longer processes your personal data unless they can provide compelling reasons or reasons worthy of protection outweighing your interests, rights and freedoms, or the purpose of the processing is to assert, exercise or defend legal rights.
   If your personal data is used for the purposes of direct advertising, you have the right to object to the processing of your personal data for the purposes of such advertising anytime; this also applies to the profiling if it can be connected to such direct advertising.
   If you object to the processing of data for the purposes of direct advertising, your personal data is no longer processed for these purposes.
   You have the possibility, in connection with the use of services of the information society regardless of Directive 2002/58/EG, to exercise your right of opposition by means of automated processes which use technical specifications.
8. 1. The right to revoke the declaration of consent to data protection regulations
   You have the right to revoke the declaration of consent to data protection regulations anytime. The revocation of this consent does not affect the rightfulness of the processing from the date of consent until the revocation.
9. 1. Automated decision in an individual case including profiling
   You have the right not to be subjected to a decision based on an automated processing including profiling which may affect you in a legal way or impair you similarly. This does not apply if the decision
   • is necesary for the conclusion or fulfillment of a contract between you and the responsible person,
   • is admissible on the grounds of legal regulations of the EU or the member states the responsible person underlies and if these legal regulations provide adequate measures to safeguard your rights and freedoms as well as your legitimate interests or
   • is made with your explicit consent.
   However, these decisions must not be based on specific categories of personal data according to Article 9 (1) of the General Data Protection Regulations, provided Article 9 (2) lit. a or g do not apply and adequate measures to protect the rights and freedoms as well as your legitimate interests have been taken.
   As regards (1) and (2), the responsible person is to take adequate measures to safeguard the rights and freedoms as well as your legitimate interests, whereas at least the right to intervention of the responsible party, the presentation of one’s own standpoint and the right to contest the decision is involved.
10. 1. The right to make a complaint with a supervisory authority
    Regardless of another administrative or judicial legal remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the member state of your residence or your work place or in the place of the alleged infringement if you believe that the processing of your personal data infringes the General Data Protection Regulations.
    The supervisory authority the complaint has been submitted to inform the complainant about the status and results of the complaint including the option of a judicial legal remedy according to Article 78 of the General Data Protection Regulations.

If parts of the website are also offered in other languages than German, this is a service to our customers, interested parties and employees whose German skills are not fully adequate.

Here you may access information on data protection according to Art. 13 DS-GVO.

Our privacy policy dated as of January 2020