TÜV SÜD Digital Service GmbH thanks you for visiting our TÜV store channels and portlets – also referred to hereafter as our "platforms" – and for your interest in our company. We take the protection and security of your personal data seriously, and would like you to feel safe and at ease whilst visiting our TÜV SÜD store and using our services.
It's important to us that you know which personal data is stored, and how we use it when you access our offers and services. We only process personal data in compliance with current data protection laws, in particular the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
Contained in this privacy policy:
In order to operate the TÜV SÜD store and portal at TÜV SÜD Digital Service GmbH, we process the personal data of the users of these platforms, and if applicable, any other people specified by these users.
As the operator of these two platforms, we act as an intermediary between different (TÜV SÜD) companies and their customers, receiving personal data and sending it to these (TÜV SÜD) companies. You can find out more information about these activities in this privacy policy.
Not contained in this privacy policy:
Different (TÜV SÜD) companies will process personal data depending on what business you carry out on our platforms (e.g. using the TÜV SÜD Auto Service GmbH Specification Sheet Service). You can find out more details about the nature of the data processing carried out in the privacy policy of the relevant (TÜV SÜD) company, the services of which you access via our platforms. You can find the link to the privacy policy of the relevant (TÜV SÜD) company on our platforms, as well as during the ordering process.
Using our TÜV SÜD store and portal
Third-party data
Transfer and joint controllership between participating (TÜV SÜD) companies
Planned data transfer to third countries
Fundamental/necessary cookies
Performance/statistics cookies
Functionality cookies
Cookies for marketing purposes (targeting)
TÜV SÜD store & portal customer accounts
Standard periods for deletion of data
Laws concerning the processing of personal data
Right of access
Right to rectify incorrect data
Right to erasure
Right to restriction of processing
Right to data portability
Right to object
Right to withdraw consent
Right to complain to a supervisory authority
Changes to this privacy policy
Contact details of the data controllers
Information about specialist terminology
When browsing our TÜV SÜD store and portal for purely informational purposes, certain technical information (such as your IP address) is sent by the browser on your end device to our platforms' servers. We process this information in order to display the content that you want to access on the platforms. To ensure the safety of the IT infrastructure that runs our platforms, this information is stored temporarily in a so-called web server log file.
You can find more details here (Appendix "Details - Personal identifiable information processing").
Our users may also enter personal data relating to third parties while placing an order on the TÜV SÜD store; such as specifying different invoice recipients in the user's company or entering the details of people participating in training courses booked on the TÜV SÜD store. We have an agreement with our users that they keep you informed about us using your personal data in their customer account or us passing it on to the providers of products/services purchased from the TÜV SÜD store.
We process third-party personal data for the following purposes:
You can find more details here (Appendix - "Details - Third party data").
Certain personal data, such as data provided by the user when registering, can be transferred within the participating (TÜV SÜD) companies, i.e. between us (i.e. TÜV SÜD Digital Service GmbH) and our service providers for the purposes described in this data protection information, provided this use is necessary and legally permissible.
For certain processing operations of personal data of EU-based customers, the (TÜV SÜD) companies jointly determine the purposes and means of processing your data. In this case they are considered to be jointly responsible within the meaning of Art. 26 GDPR. The (TÜV SÜD) companies have defined their mutual obligations for EU customers in accordance with the GDPR in an agreement, the essential content of which is hereby made available.
Detailed information about the transfer of your information to third parties, such as (TÜV SÜD) companies with which you have placed an order via the TÜV SÜD store, or companies that process personal data on our behalf, can be found in the detailed information on the respective processing operation (e.g. above under the section "Using our TÜV SÜD store and portal" or below under the section "TÜV SÜD store and portal customer accounts").
The respective (TÜV SÜD) company with which you have a contractual relationship or whose service offerings you use is primarily responsible for fulfilling the transparency obligations according to Art. 13 and 14 GDPR and the other data subject rights under Chapter 3 of the GDPR with regard to the aforementioned data processing operations. However, you can still assert these rights against each individual (TÜV SÜD) company that is affected by the agreement on joint responsibility.
Apart from carrying out web analytics (see the section "Web analytics"), we currently do not plan to transfer data to third countries; otherwise, the appropriate legal conditions will be created. In particular, you will be informed about the respective recipients or categories of recipients in accordance with the legal requirements.
TÜV SÜD Digital Service GmbH employs technological and organizational security measures to protect the data you have provided from accidental or intentional manipulation, loss and destruction, as well as preventing it from being accessed by unauthorized persons. This also applies to services provided by external suppliers. The effectiveness of our security measures is constantly being tested and improved as technology evolves. Any personal data entered is heavily encrypted at all times.
In order to make our website user-friendly for you and to tailor it optimally to your needs, we use cookies in some areas. A cookie is a small data package (text file) that your browser saves on your device when instructed by a website you visit in order to “remember” information about you, such as your language settings or login information. These cookies are set by us and are referred to as first-party cookies. We also use third-party cookies that come from a different domain than that of the website you are visiting. We use these cookies to support our advertising and marketing measures. In particular, we use cookies and other tracker technologies for the following purposes:
These cookies are fundamental to the functioning of our platform and include examples such as submitting anonymized session IDs (to bundle several requests for a web server) or to ensure the full functionality of notifications and orders.
These cookies are necessary for the functionality of the website and cannot be deactivated in your systems. As a rule, these cookies are only set in response to actions taken by you that correspond to a service request, such as setting your data protection settings, logging in or filling out forms. You can set your browser to block these cookies or to notify you about these cookies. However, some areas of the website will not work after being excluded. These cookies do not save any personal data.
These cookies allow us to count the number of visitors to our website and their sources so that we can measure and improve the performance and experience of our website for you. By measuring these key figures, we find out which pages are accessed particularly frequently or less frequently and how our visitors move around the website. All information collected by these cookies is summarized and therefore anonymized. If you do not agree to these cookies, we will not be able to record when you have visited our website and will not be able to check the performance of the website.
In this case, however, the functionality of the platforms may be impaired (e.g. when placing orders). Your browser also offers a function to delete cookies (e.g. delete browser data). Further information can be found in the operating instructions or, as a rule, under settings of your Internet browser.
With the help of these cookies, the website can improve functionality and personalization. They can be set by us or by third-party providers whose services we have added to our pages. The purpose of these cookies is to provide you with a more personalized experience on our website based on your previous visits. If you do not allow these cookies, some or all of these services may not function properly.
These cookies can be set by our advertising partners through our website. They can be used by these companies to create a profile of your interests and to show you interesting and relevant advertisements on other websites. These cookies do not directly store personal data but are based on an identification of your browser and internet device. If you do not allow these cookies, you will receive less tailored advertising.
You can find a detailed list of all cookies we use here.
At TÜV SÜD Digital Service GmbH, we operate the TÜV SÜD store as a marketplace where other (TÜV SÜD) companies offer their goods and services to consumers and traders in return for payment. The vendor offering goods or services in the TÜV SÜD store (the contractual partner to the customer) is the specific (TÜV SÜD) company denoted as the vendor in the TÜV SÜD store. At TÜV SÜD Digital Service GmbH, we only function as an intermediary between the user and the (TÜV SÜD) companies offering goods and services, which involves, in particular, the passing on of orders to the relevant (TÜV SÜD) company. A platform usage agreement exists between ourselves and the user which regulates our activities (Appendix "Details - Customer Account TÜV SÜD store & portal).
You can use your customer account to access the TÜV SÜD portal (by entering your login details). The TÜV SÜD portal is a landing page that gives you access to linked portals of other (TÜV SÜD) companies. In addition, users can use their login details to log into the linked portals directly without visiting the TÜV SÜD portal landing page.
The exclusive operators of these linked portals are the relevant (TÜV SÜD) companies. At TÜV SÜD Digital Service GmbH, we manage the login details with which users log on to the TÜV SÜD portal entry and access the linked portals.
We process personal data belonging to users of the TÜV SÜD store in order to operate the TÜV SÜD store and portal and enable customer accounts, for the following purposes:
We also use cookies to enable the shopping basket, the login to your customer account and the landing page of the TÜV SÜD store for you.
In the TÜV SÜD store, you can use contact forms to get in touch with different (TÜV SÜD) companies that offer the products and services in the TÜV SÜD store. We process the information that you enter in the contact forms and your request is automatically passed onto your chosen (TÜV SÜD) company.
It will be clear from the contact form you are using whether you are contacting us or a different (TÜV SÜD) company.
When using our contact forms, certain technical information (such as your IP address) is sent by the browser on your end device to our platforms' servers. We process this information in order to display the contact forms and to ensure the safety of the IT infrastructure used to enable the contact form.
You can find more details here (Appendix "Details - Contact form").
Once you have given your consent for us to do so, we install Google's web analytics tool to track and analyse user behaviour on our website in order to improve and optimize the website in line with our objectives (e.g. increase the number of pages viewed).
We use cookies for this purpose.
You can find more details here (Appendix - "Details - Webanalytics").
There are a range of different retention periods and obligations required by law. Once these retention periods have expired, the data in question is routinely erased. Where the data is not legally required, it is deleted or anonymized as soon as it is no longer necessary for the purposes outlined in this privacy policy.
You can find out more information about how long your personal data will be stored for in the descriptions of each processing activity (e.g. the section above, "Using our TÜV SÜD store and portal", or the section below, "TÜV SÜD store & portal customer accounts").
Continued processing or usage of your personal data is only permitted if a law sanctions it or if you have given your consent for your data to be processed or used. If your data is going to be processed for purposes other than those for which the data was originally stored, we will inform you as well as providing information as to why it is being processed.
As a data subject, you have a right of access under the conditions listed in Article 15 of the GDPR.
Specifically, this means that you are entitled to ask us for confirmation about whether or not personal data relating to you is being processed. If this is the case, you are also entitled to request information about the personal data and the types of information stipulated by Article 15 Paragraph 1 of the GDPR. For example, this might include information about the purposes of the data processing, the categories of personal data that are being processed or the recipients or categories of recipient to whom the data has been, or will be, disclosed (Article 15 Paragraph 1 letters. a, b and c of the GDPR).
You can learn about your comprehensive right of access in Article 15 of the GDPR, which you can view at the following link: http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679.
To exercise your right, make a request by post or email to the data protection officer listed below.
As a data subject, you have a right to rectification under the conditions of Article 16 of the GDPR.
Specifically, this means that you have the right to demand that we rectify any incorrect personal data relating to you, and that we complete any data that is incomplete.
You can learn about your comprehensive right to rectification in Article 16 of the GDPR, which you can view at the following link: http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679.
To do so, please use the contact addresses listed below.
As a data subject, you have a right to erasure ("right to be forgotten") under the conditions of Article 17 of the GDPR.
This means that you have the basic right to demand that we immediately erase any personal data relating to you as long as one of the reasons given in Article 17 Paragraph 1 of the GDPR applies. For example, this can sometimes be the case if personal data is no longer needed for the purposes for which it was collected or otherwise processed (Article 17 Paragraph 1 Letter a of the GDPR).
Where we have made the personal data public and are obliged to erase it, we are also obliged, taking account of the available technology and the cost of implementation, to take reasonable steps, including technological measures, to inform other data controllers processing the personal data that a data subject has demanded that they delete all links to, or copy of, or replication of, the personal data (Article 17 Paragraph 2 of the GDPR).
However, the right to erasure ("right to be forgotten") does not apply to processing required for any of the reasons given in Article 17 Paragraph 3 of the GDPR. This can sometimes be the case if the processing is necessary to comply with a legal obligation or to establish, exercise or defend a legal claim (Article 17 Paragraph 3 Letters a and e of the GDPR).
You can learn about your comprehensive right to erasure in Article 17 of the GDPR, which you can view at the following link: http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679.
To exercise this right, please get in touch using one of the contact addresses listed below.
As a data subject, you have a right of restriction of processing under the conditions of Article 18 of the GDPR.
This means that you have the right to demand restriction of processing where one of the conditions of Article 18 Paragraph 1 of the GDPR applies. For example, this can sometimes be the case if you contest the accuracy of the personal data. In this case, the restriction of processing would last for a period that would enable us to verify the accuracy of your personal data (Article 18 Paragraph 1 Letter a of the GDPR).
Restriction means marking saved personal data with the aim of restricting its processing in the future (Article 4 Number 3 of the GDPR).
You can learn about your comprehensive right to restriction of processing in Article 18 of the GDPR, which you can view at the following link: http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679.
To exercise this right, please get in touch using one of the contact addresses listed below.
As a data subject, you have a right of data portability under the conditions of Article 20 of the GDPR.
This means that you have the basic right to receive the personal data relating to your person, and which you have provided to us, in a structured, commonly used and machine-readable format. In addition, you have the right for the data to be transferred to another data controller without obstruction from us; providing that the processing is based on consent, as per Article 6 Paragraph 1 Letter a or Article 9 Paragraph 2 Letter a of the GDPR, or on a contract, as per Article 6 Paragraph 1 Letter b of the GDPR, and that it can be done using automated means (Article 20 Paragraph 1 of the GDPR).
You can find out more on whether processing is based on consent as per Article 6 Paragraph 1 Letter a or Article 9 Paragraph 2 Letter a of the GDPR, or on a contract as per Article 6 Paragraph 1 Letter b of the GDPR, in the information about the legal basis for processing in the descriptions of data processing activities in this privacy policy.
When you exercise your right to data portability, in principle you also have the right to demand us to transfer your personal data directly to another data controller, provided that it is technically feasible (Article 20 Paragraph 2 of the GDPR).
You can learn about your comprehensive right to data portability in Article 20 of the GDPR, which you can view at the following link: http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679.
To exercise this right, please get in touch using one of the contact addresses listed below.
As a data subject, you have the right to object under the conditions of Article 21 of the GDPR.
We will explicitly inform you about your right to object as a data subject in or prior to our first communication with you.
You can find more details here:
Right to object based on the particular situation of the data subject
As a data subject, you have the right to object to the processing of personal data relating to your particular situation at any time, provided that it is based on reasons given in Article 6 Paragraph 1 letters e or f of the GDPR, including profiling based on these examples.
You can find out more information about whether processing is carried out based on Article 6 Paragraph 1 Letters e or f of the GDPR in the descriptions about the legal basis for processing in the sections relating to specific processing activities in this privacy poilcy.
In the case of an objection relating to your particular situation, we will cease to process your personal data unless we can offer a reasonable justification that the need for processing outweighs your interests, rights and freedoms, or that the processing helps establish, exercise or defend legal claims.
You can learn about your comprehensive right to object in Article 21 of the GDPR, which you can view at the following link: http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679.
Right to object to direct marketing
If your personal data is being used to engage in direct marketing, you have the right at any time to object it being processed for the purpose of this kind of marketing, including profiling for direct marketing purposes.
You can find out more about whether, or to what extent, your personal data is processed for direct marketing purposes in the information on the purposes of processing data in this privacy policy.
Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for these purposes.
You can learn about your comprehensive right to object in Article 21 of the GDPR, which you can view at the following link: http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679.
To exercise this right, please get in touch using one of the contact addresses listed below.
If processing is carried out based on consent having been given, in accordance with Article 6 Paragraph 1 Letter a or Article 9 Paragraph 2 Letter a of the GDPR, the data subject has the right to withdraw their consent at any time, in accordance with Article 7 Paragraph 3 of the GDPR. The withdrawal of consent does not affect the legality of processing carried out from the moment of consent being given to that of its withdrawal. You are informed about this before your consent is given.
You can find out more about whether processing is carried out based on consent, in accordance with Article 6 Paragraph 1 Letter a or Article 9 Paragraph 2 Letter a of the GDPR, in the descriptions of the legal basis for processing in the sections relating to data processing activities in this privacy policy.
As a data subject, you have the right to file a complaint to a supervisory authority under the conditions stated in Article 77 of the GDPR.
The relevant supervisory authority for us is:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach, Germany
Tel: +49 (0)981 1800 930
Fax: +49 (0)981 180 093 800
Email: [email protected]
https://www.lda.bayern.de/de/kontakt.html
We may need to update this privacy poilcy as technology and/or the legal or regulatory framework changes. The current version of this privacy policy is available at all times on this page.
If you have further questions regarding the processing of your personal data, you can get in touch with our data protection officer. The data protection officer can also help you with requests for disclosure, claims or complaints:
Data protection officer for
TÜV SÜD Digital Service GmbH
Westendstr. 199
80686 München, Germany
Email: [email protected]
If you have questions regarding data protection or your rights as a data subject, we'd be grateful, for the sake of efficiency, if you could ask the organization that deals with the topic in question. For questions about the operation of your customer account and the TÜV SÜD store in general, we at TÜV SÜD Digital Service GmbH are the correct point of contact. For matters concerning specific orders and data processing by a provider, please get in touch with them directly (you can find the contact details in your order documents). Regardless of whether you get in touch with us or one of the providers, we will work together to resolve the matter in the most efficient and thorough way.
We are available as a central point of contact for you, so you can always contact us directly with your request and we can coordinate with other (TÜV SÜD) companies to resolve it, especially if you're unsure which of the participating companies is best-placed to address your request.
TÜV SÜD Digital Service GmbH
Westendstr. 199
80686 Munich,
Germany Email: mailto:[email protected]
The following (TÜV SÜD) companies and TÜV SÜD Digital Service GmbH are jointly responsible for the data processing operations described above under the section "Disclosure and joint responsibility (joint controller) within participating (TÜV SÜD) companies":
This privacy policy was last updated on 01.10.2020.
The specialist terms used in this privacy policy have a specific meaning as laid out in the GDPR.
You can access the full list of terminology in Article 4 of the GDPR using the following link: http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679
You can find out more information about the most important GDPR terms used in this privacy policy below:
|
Categories of personal data being processed |
Personal data contained in the categories |
Data sources |
Obligation of the data subject to provide data |
Storage duration |
|
HTTP data |
Protocol data that is technologically necessary to access the platforms using the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes the IP address, the type and version of the internet browser, the user's operating system, the page being accessed, the previous page (referrer URL), date and time of the visit. |
Users of the platform
|
Provision of data is neither legally or contractually required, nor is it needed to conclude a contract. The data subject has no obligation to provide the data. If the data is not provided, we cannot display the content being requested on the platforms. |
Data is stored in server log files in a form that enables identification of the data subject for a maximum of 7 days, unless there is a security-related incident (e.g. a DDoS attack). If there is a security-related incident, server log files are stored until the incident has been eliminated and resolved in full. |
|
Opt-in data (cookie settings) |
Data that you provide in order to manage cookie consents on our platforms, the TÜV SÜD store and TÜV SÜD portal, and data that is assigned to your end device in order to use to manage cookie consents: This includes giving your consent and, if applicable, setting your individual preferences for cookies being stored on your end device. We are obliged to install strictly necessary cookies in order for you to manage your cookie consents. You can find more information about the installed cookies here. |
Users of the platform
|
Provision of data is neither legally or contractually required, nor is it needed to conclude a contract. The data subject has no obligation to provide the data. If the data is not provided, we can't recognize any cookie consents on our platforms. |
We only process this data within the user’s browser at maximum for a period of 30 days over our provider OneTrust. The cookies that manage cookie consents are installed on the user's end device. You can find out more information about the validity period of the installed cookies here. |
|
Purpose of processing the personal data |
Categories of personal data being processed |
Automatic decision-making |
Legal basis and, if applicable, legitimate interest |
Recipient |
|
Displaying content requested by the user on the platforms: Data is temporarily processed by our web server for this purpose. |
HTTP data |
No automatic decision-making is carried out.
|
Article 6 Paragraph 1 Letter f of the GDPR (Protection of a legitimate interest using a balancing test): Providing the content on our platforms requested by the user is in our legitimate interest. |
Hosting provider |
|
Enabling the choice of cookie consents for the TÜV SÜD store and TÜV SÜD portal, and the registration of cookie consents: If you visit our platforms again, we will check whether you have already given consent and if so, we will activate cookies and any web tracking and analytics tools to which you have consented. For this purpose, strictly necessary cookies are temporarily processed by our web server. You can find out more information about the content and purposes of the cookies here. |
HTTP data Opt-in data |
No automatic decision-making is carried out.
|
Article 6 Paragraph 1 Letter f of the GDPR (Protection of a legitimate interest using a balancing test): Managing the cookie consents that the user has given us for our platforms is in our legitimate interest. |
Hosting provider |
|
Guaranteeing the security of the IT infrastructure on the platforms, in particular for the detection, elimination and secure documentation of incidents (e.g. DDoS attacks) Data is temporarily stored and evaluated by our web server for this purpose. |
HTTP data Opt-in data |
No automatic decision-making is carried out.
|
Article 6 Paragraph 1 Letter f of the GDPR (Protection of a legitimate interest using a balancing test): Guaranteeing the security of the IT infrastructure on the platforms, in particular for the detection, elimination and secure documentation of incidents (e.g. DDoS attacks), is in our legitimate interest. |
Hosting provider |
|
Recipient |
Role of the recipient |
Location of the recipient |
Adequacy decision or suitable or appropriate guarantees for transfers to third countries and/or international organizations |
|
Intershop Communications AG |
Data processor: Intershop Storefront with the 'Commerce-as-a-service' model |
EU |
- |
|
TÜV SÜD Business Services GmbH |
Data processor for accounts and user identities: Liferay |
EU |
- |
|
Nordcloud Deutschland GmbH |
Managed Service MS Azure |
EU
|
- |
|
EVOLIT Consulting GmbH |
2nd level portal operation for Liferay |
EU
|
- |
|
Categories of personal data being processed |
Personal data contained in the categories |
Data sources |
Obligation of the data subject to provide data |
Storage duration |
|
Contact form HTTP data |
Protocol data that accrues for technical reasons when using contact forms on the platforms, via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes the IP address, the type and version of the internet browser, the user's operating system, the page being accessed, the previous page (referrer URL), and the date and time of the visit. |
Users of the platform
|
Provision of data is neither legally nor contractually required, nor is it needed to conclude a contract. The data subject has no obligation to provide the data. If the data is not provided, we cannot provide the contact forms. |
Data is stored in server log files in a form that enables identification of the data subject for a maximum of 7 days, unless there is a security-related incident (e.g. a DDoS attack). If there is a security-related incident, server log files are stored until the incident has been eliminated and resolved in full. |
|
Contact form data |
Data you enter when using the contact forms on our platforms: This includes the information you submit via the contact forms on our platforms to get in touch with us/other (TÜV SÜD) companies. Contact forms may vary, but typical data types are your name, company, address, telephone number, email address and the content of your request. |
Users of the platform
|
Provision of data is neither legally nor contractually required, nor is it needed to conclude a contract. The data subject has no obligation to provide the data. If the data is not provided, we cannot process your query. |
The data will be stored until your query is resolved. We store this data as evidence for the assertion, exercise or defence of future legal claims for a transitional period of 3 years from the end of the year in which you shared the data with us, or until the end of the dispute in the case of a legal dispute. We may store data for longer periods where statutory retention periods apply, in particular commercial or tax law. Depending on the type of documents, statutory retention periods of 6 or 10 years may apply (§ 147 German Fiscal Code, § 257 German Commercial Code. |
|
Purpose of processing the personal data |
Categories of personal data being processed |
Automated decision-making |
Legal basis and, where applicable, legitimate interest |
Recipient |
|
Provision of contact forms on our platforms: Data is temporarily processed by our web server for this purpose. |
Contact form HTTP data |
No automated decision-making is carried out. |
Article 6 Paragraph 1 Letter f of the GDPR (Protection of a legitimate interest using a balancing test): Providing the contact forms that the user accesses is in our legitimate interest. |
Hosting provider |
|
Ensuring the security of the IT infrastructure that supports the forms, in particular for the detection, elimination and secure documentation of incidents (e.g. DDoS attacks) Data is temporarily stored and evaluated by our web server for this purpose. |
Contact form HTTP data |
No automated decision-making is carried out.
|
Article 6 Paragraph 1 Letter f of the GDPR (Protection of a legitimate interest using a balancing test): Safeguarding the security of the IT infrastructure that supports the forms, in particular for the detection, elimination and secure documentation of incidents (e.g. DDoS attacks), is in our legitimate interest. |
Hosting provider |
|
Processing your request by automatically sending your request to your chosen (TÜV SÜD) company: It will be clear from the contact form you are using whether you are contacting us or a different (TÜV SÜD) company. |
Contact form data |
No automated decision-making is carried out.
|
Insofar as your query relates to a contract to which you are one of the parties, or where pre-contractual steps need to be taken in order to conclude it: Article 6 Paragraph 1 Letter b of the GDPR (Performance of a contract to which the data subject is party, or where steps need to be taken at the request of the data subject prior to entering the contract). Otherwise: Article 6 Paragraph 1 Letter f of the GDPR (Protection of a legitimate interest using a balancing test): In this instance, it is in our legitimate interest to process your request. |
Where contact requests are passed on to other (TÜV SÜD) companies: The respective other (TÜV SÜD) company. (It will be clear to you from the contact form which (TÜV SÜD) company you are contacting.) |
|
To store and process data as evidence in order to establish, exercise or defend legal claims |
Contact form data |
No automated decision-making is carried out.
|
Article 6 Paragraph 1 Letter f of the GDPR (Protection of a legitimate interest using a balancing test): The assertion, exercising and defence of legal claims is in our legitimate interest. |
- |
|
To retain data in order to comply with legal retention periods (in particular, those arising from commercial and tax law) Depending on the type of documents, statutory retention periods in commercial and tax law can last for 6 or 10 years (§ 147 German Fiscal Code), § 257 German Commercial Code (HGB)). |
Contact form data |
No automated decision-making is carried out.
|
Article 6 Paragraph 1 Letter c of the GDPR (Compliance with a legal obligation) |
- |
|
Recipient |
Role of the recipient |
Location of the recipient |
Adequacy decision or suitable or appropriate guarantees for transfers to third countries and/or international organizations |
|
Hosting provider: Intership Communications AG |
Data processors |
EU |
- |
|
Other (TÜV SÜD) companies (It will be clear from the contact form which respective (TÜV SÜD) company you are contacting.) |
|
EU |
- |
|
Categories of personal data being processed |
Personal data included in the categories |
Data sources |
Obligation of the person concerned to provide data |
Storage period |
|
HTTP data |
Protocol data which will be included for technical reasons when accessing the TÜV SÜD-platforms via the TÜV SÜD ID via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes IP address, model and version of your web browser, operating system used, the websites visited, the previous website visited, (Referrer URL), time and date of the visit. |
Users of the TÜV SÜD platforms to be authenticated with TÜV SÜD ID |
The submission of data is not prescribed by law. The person concerned is under no obligation to submit data. In the event that data is not submitted, we are unable to make it possible to log in to the TÜV SÜD portal or one of the platforms linked to it. |
As a rule, the data is saved until you initiate deletion, TÜV SÜD terminates the contract (see terms and conditions of use) or TÜV SÜD no longer has a reason for saving it; if no other statutory retention periods e.g. for tax-relevant information, are breached. In the event that services in a portal are used, your user name may be required for the provision of services in the portal and will be stored there possibly over an extended period of time. The cookies used for the log in function will be saved on the user’s terminal. You can find information about the validity period of the cookies used in the “Cookies” section. |
|
Log data |
We record certain activities such as log-ins and setting up, amending and deleting User profiles plus your consent to the terms and conditions of use of TÜV SÜD ID and possibly portals and stores for legal and technical reasons. |
Generated, indirectly initiated by the User’s activities |
Log data can only be created by the platforms not being used and connected services of TÜV SÜD being avoided. |
The log entries will be deleted if they are no longer needed for legal or technical purposes. |
|
Customer account data |
Customer account data is saved in the Central User Management System. You will be obliged to submit some of this data when registering. The submission of additonal data is voluntary. At present necessary data is user type (business or private), the first name and surname, country of residence. At present voluntary data is the salutation and the data to identify the firm. Additional data may be required subsequently. |
Users of the TÜV SÜD platforms authenticated with TÜV SÜD ID |
No provision has been made in law for the submission of data. The person concerned is under no obligation to submit data. In the event that data is not submitted, we may possibly be unable to provide all functions in the platforms. Consequently, it will not be possible to to make specific firm data accessible if you do not name the firm. |
As a rule, the data is saved for as long as you initiate deletion, TÜV SÜD terminates the contract (see terms and conditions of use) or TÜV SÜD no longer has a reason for saving it; if no other statutory retention periods e.g. for tax-relevant information, are breached. In the event that services in a portal are used, this data may be required for the provision of services in the portal and will be stored there possibly over an extended period of time. |
|
Technical data |
We save unique ID used internally for identification purposes. This is information in which portals and stores have their own profile of you; plus the status, shown for business Users identified or otherwise, which you have stated. In addition we save information about your role and rights in the TÜV SÜD ID administration portal. |
Generated, indirectly initiated by users of TÜV SÜD platforms authenticated with TÜV SÜD ID. |
The data will be only generated automatically. As a rule, only the unique ID will be saved in the protocol entries, but not the real names. For legal reasons when recording the deletion of a user, the real name of this user will be saved for three years. |
The technical data will be deleted when the customer account is deleted. |
|
Transactions-e-mail data |
Data from transactions e-mails, which we send out for registration, the process of recreating a password, as well as in future for multi-factor authentication. This includes the content and time of the transaction e-mail. |
Generated independently |
The data will be generated automatically. |
E-mail contents will be deleted within 5 days by service provider; addressee addresses by manual deletion by the administrators at TÜV SÜD. |
|
Purpose of processing the personal data |
Categories of personal data being processed |
Automatic decision-making |
Legal basis and justified interests, if there are any |
Recipient |
|
Provision of registration option |
HTTP data Log-in data Log data Customer account data Technical data Transaction-e-mail data |
There is no automated decision making. |
Article 6 Paragraph 1 Letter b of the General Data Protection Regulations (Fulfilment of a contract the party to which is the person concerned or for carrying out pre-contractual measures) |
Hosting provider A E-mail service provider A |
|
Provision of Log-in option |
HTTP data Log-in data Log data Technical data Transaction e-mail data |
There is no automated decision making. |
Article 6 Paragraph 1 Letter b of the General Data Protection Regulations (Fulfilment of a contract the party to which is the person concerned or for carrying out pre-contractual measures) |
Hosting provider A E-mail service provider A |
|
Provision of the option to manage one’s own user profile (customer account data) in particular, to delete the profile or to amend data. This also includes the implicit amendment of status by entering data voluntarily |
HTTP data Log data Customer account data Technical data |
There is no automated decision making. |
Article 6 Paragraph 1 Letter f of the General Data Protection Regulations (Protection of justified interests). We hjave a justified interest in being able to use data which is current and correct, with the aim of offering you the greatest possible benefit. |
Hosting provider A |
|
Provision of the opportunity to have a new password if the current one has been forgotten. |
HTTP data Log-in data Log data Technical data Transactions-e-mail data |
There is no automated decision making. |
Article 6 Paragraph 1 Letter f of the General Data Protection Regulations (Protection of justified interests). We have a justified interest in enabling the user to continue, as far as possible, to have uninterrupted access to the platforms. |
Hosting provider A E-mail service provider A |
|
Provision of the opportunity to amend an existing password. |
HTTP data Log-in data Log data Technical data |
There is no automated decision making. |
Article 6 Paragraph 1 Letter f of the General Data Protection Regulations (Protection of justified interests). We have a justified interest in maximising the system and data security. The option for being able to change a password if necessary is an important part of this security. |
Hosting-Provider A |
|
Provision of the option with corresponding rights to manage the users of a firm. |
HTTP data Customer account data Technical data |
There is no automated decision making. |
Article 6 Paragraph 1 Letter f of the General Data Protection Regulations (Protection of justified interests). We have a justified interest in enabling you as part of “delegated administration”, to be able to manage the users belonging to your firm yourself. As a result of this the data will be kept up-to-date and this ensures that only justified people will be able to access the Firm’s data in the stores and portals. |
Hosting-Provider A |
|
Safekeeping of legally admissible evidence as may be required to assert, exercise or defend legal rights |
Transactions-e-mail data Log data |
There is no automated decision making. |
Article 6 Paragraph 1 Letter f of the General Data Protection Regulations (Protection of justified interests after balancing interests). We have a justified interest in asserting, exercising or defending legal rights. |
Hosting provider A |
|
Ensuring security of the IT infrastructure used to provide the digital service TÜV SÜD platforms, in particular to detect, eliminate and record bugs (e.g. DDoS attacks) to a legally admissible standard: To do so, HTTP data will be temporarily saved and assessed in log files on our webserver. (Besides this, to do so, data from essential cookies will be temporarily processed on our webserver. Detailed information about the contents and intended use of cookies used can be found in the “Cookies” section). |
HTTP data Log data |
There is no automated decision making. |
Article 6 Paragraph 1 Letter f of the General Data Protection Regulations (Protection of justified interests after balancing interests).
We have a justified interest in guaranteeing security for the IT infrastructure used to provide the form, in particular in detecting, eliminating and keeping a record of bugs (e.g. DDoS attacks) to a legally admissible standard. |
Hosting-Provider A |
|
Recipient category |
Role of the recipient |
Location of the recipient |
Adequacy decision or suitable or appropriate guarantees for transfers to third countries and/or international organizations |
|
Hosting Provider A |
Data processor |
USA |
Data is stored exclusively in EU |
|
Support Provider A |
Data processor |
EU |
|
|
Support Provider B |
Data processor |
EU |
|
|
Email Service Provider A |
Data processor |
EU |
|
Categories of personal data being processed |
Personal data contained in the categories |
Data sources |
Obligation of the data subject to provide data |
Storage duration |
|
HTTP data |
Protocol data that accrues whilst using the TÜV SÜD store for technical reasons – (Hypertext Transfer Protocol (Secure) (HTTP(S)):
This includes the IP address, the type and version of the Internet browser, the user's operating system, the page being accessed, the previous page (referrer URL), date and time of the visit. |
Users of the TÜV SÜD store |
Provision of data is neither legally or contractually required, nor is it needed to conclude a contract. The data subject has no obligation to provide the data.
If the data is not provided, we cannot display the requested content on the TÜV SÜD store. |
Data is stored in server log files in a form that enables identification of the data subject for a maximum of 7 days, unless there is a security-related incident (e.g. a DDoS attack).
If there is a security-related incident, server log files are stored until the incident has been eliminated and resolved in full. |
|
Local profile |
Application dependent master data from you, such as, for example, supplier addresses, rights and roles etc. This also includes technical data from TÜV SÜD ID and data from the customer account of TÜV SÜD ID (Chapter I Paragraph 1). In the store you may also add other data voluntarily in your customer account, to be able to to use this for subsequent orders, e.g. alternative delivery addresses invoice addresses, internal cost centres/order numbers). |
Users of the TÜV SÜD stores |
The submission of data designated as compulsory in the registration process is required for entering into a contract as part of registration. The person concerned shall be under no obligation to submit data. In the event that compulsory data is not submitted, registration cannot take place. |
The data shall be saved and processed until there is no longer any contractual or legal requirement for it to be saved. You will have the option in your customer account to amend or to remove this data yourself at any time. As a rule, the data will be saved until you initiate deletion, TÜV SÜD terminates the contract (see terms and conditions of use) or TÜV SÜD no longer has a reason for keeping it (e.g. closure of the TÜV SÜD store); if no other statutory safekeeping periods e.g. for tax-relevant information, are breached. In the event that an order is placed, some of this data will be incorporated in the order-handling data and in the transactions e-mail data (see below) and will be kept there in connection with the respective order or for a longer period of time. |
|
Shopping basket data |
Data relating to products/offers that you have placed in the shopping basket in the online store, and data assigned to your end device whilst using the shopping basket function: This includes data such as details of participants for training courses; VIN number for the Specification Sheet service. (We install strictly necessary cookies to enable the shopping basket function. You can find out more information about the installed cookies in the section entitled "Cookies".) |
Users of the TÜV SÜD store |
Provision of data is required to conclude a purchase contract. The data subject has no obligation to provide the data.
If the data is not provided, you will not be able to use the shopping basket function and will not therefore be able to buy any items from the TÜV SÜD store. |
We only process this data for a short period in order for you to use the shopping basket function. (The cookies to enable the shopping basket function are installed on the user's end device. You can find out more information about the validity period of the installed cookies in the section entitled "Cookies".) |
|
Order processing data |
Data that you submit during the ordering process and which is passed on to the relevant provider to process your order: This includes
You can submit, check and edit these details during the ordering process. |
Users of the TÜV SÜD store If you are logged into your customer account whilst using the TÜV SÜD store, these details will be autofilled from your customer account if you have saved them. You can edit them during the ordering process. |
Provision of data is required to conclude a contract. The data subject has no obligation to provide the data. If the data is not provided, you will not be able to buy any items from the TÜV SÜD store. |
In principle, the data is stored until the customer requests its erasure or until the purpose for which TÜV SÜD needs it has expired (e.g. closure of the TÜV SÜD store); providing that doing so wouldn't infringe any statutory retention periods e.g. tax records. |
|
Data that you submit after you have made an order and which is passed on to the relevant provider to process your order: This includes requests to cancel the order. |
Users of the TÜV SÜD store |
Provision of data is neither legally or contractually required, nor is it needed to conclude a contract. The data subject has no obligation to provide the data. If the data is not provided, then we cannot pass the information on to the relevant provider. |
||
|
Data about your order status which we receive from the relevant provider and pass on to you: This includes details about the status of payment and delivery, and any cancellation requests. |
Relevant provider (the contractual partner chosen by the user) |
- | ||
|
Data relating to the status of your order: This includes details about the purchased items (product description, product number, quantity, price, currency), order number, total cost, date and time of your order, status updates about your order and information about updates to the terms and conditions that you have accepted, e.g. the provider's general terms and conditions. |
Automatically generated |
- | ||
|
Transactional email data |
Data from transactional emails relating to the processing or cancellation of your order (such as order confirmation emails): This includes the contents and time of transactional emails. |
Automatically generated |
We store this data as evidence for the assertion, exercise or defence of future legal claims for a transitional period of 3 years from the end of the year in which the relevant transaction was wholly concluded, or until the end of the dispute in the case of a legal dispute. We may store data for longer periods where statutory retention periods apply, in particular commercial or tax law (§ 147 German Fiscal Code, § 257 German Commercial Code. |
|
|
Product filters and search data |
Data that enables the product filter and search functions in the TÜV SÜD store and data that is assigned to your end device whilst using the product filter functions: This includes all search enquiries you submit in the TÜV SÜD store and any product filter options you choose. |
Users of the TÜV SÜD store |
Provision of data is neither legally or contractually required, nor is it needed to conclude a contract. The data subject has no obligation to provide the data. If the data is not provided, we cannot enable the product filter and search functions in the TÜV SÜD store. |
We only process this data temporarily while you are using the product filter and search functions. |
|
Purpose of processing the personal data |
Categories of personal data being processed |
Automatic decision-making |
Legal basis and, if applicable, legitimate interest |
Recipient |
|
Enabling webshop functionality in the TÜV SÜD store: HTTP data is temporarily processed by our web server for this purpose. |
HTTP data |
No automatic decision-making is carried out. |
Article 6 Paragraph 1 Letter f of the GDPR (Protection of a legitimate interest using a balancing test): Enabling the functionality selected by the user in the TÜV SÜD store is in our legitimate interest. |
Hosting provider A Support provider D |
|
To make a customer account available to registered customers of the TÜV SÜD store and enable functionality within the customer account in the TÜV SÜD store: This includes saving customer information for subsequent orders (such as billing address, delivery address, cost centre, customers' order numbers). If the customer is logged in during the ordering process, information is autofilled from the saved customer account data in order to make the ordering process in the TÜV SÜD store as easy as possible for the customer. Details can be edited at any time during the ordering process. In addition, there is also a detailed overview in the TÜV SÜD store detailing all the orders made with different (TÜV SÜD) companies. This contains details relating to the order, delivery status and information about the products/services ordered. (For this purpose, certain strictly necessary cookies are temporarily processed by our web server. You can find out more information about the content and purposes of the cookies in the section entitled "Cookies".) |
HTTP data Customer account data Technical data Local profile Order handling data |
No automatic decision-making is carried out. |
For users who are our direct contractual partners (platform licensing agreement), in particular private customers: Article 6 Paragraph 1 Letter b of the GDPR (Performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering the contract) For users who are agents for our contractual partners, in particular employees of legal bodies: Article 6 Paragraph 1 Letter f of the GDPR (Protection of a legitimate interest using a balancing test): Fulfilment of obligations to our contractual partner arising out of the platform licensing agreement is in our legitimate interest. |
Hosting provider B Support provider D |
|
To enable our shopping basket function: Data relating to the contents of your shopping basket is temporarily processed by our web server. For this purpose, certain strictly necessary cookies are temporarily processed by our web server. You can find out more information about the content and purposes of the cookies in the section entitled "Cookies". |
HTTP data Shopping basket data |
No automatic decision-making is carried out. |
Where the placement of items in the shopping basket relates to a contract concluded with you: Article 6 Paragraph 1 Letter b of the GDPR (Performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering the contract) Otherwise: Article 6 Paragraph 1 Letter f of the GDPR (Protection of a legitimate interest using a balancing test): Enabling the functionality selected by the user in the TÜV SÜD store is in our legitimate interest. |
Hosting provider B Support provider D |
|
Provision of the product filter and search functions: To this end data you enter in our product filter and search funtions will be temporarily processed on our webserver. |
Product filters and search data
|
No automatic decision-making is carried out. |
Article 6 Paragraph 1 Letter f of the GDPR (Protection of a legitimate interest using a balancing test): Enabling the functionality selected by the user in the TÜV SÜD store is in our legitimate interest. |
Hosting-Provider B Support provider D |
|
To accept orders and to transfer information between users and other (TÜV SÜD) companies acting as purchasers and vendors. In particular, the passing on of users' orders to the relevant provider/vendor: We receive your order in the TÜV SÜD store and pass the order details on to the relevant provider. The provider is the (TÜV SÜD) company that is the designated supplier of products/services during the ordering process. The relevant provider may contact you with information about the status of your order via the TÜV SÜD store. We will display messages concerning orders in your customer account. During ordering, you will be forwarded from the TÜV SÜD store to the payment provider. The payment provider acts as a data processor for the chosen supplier. We are not privy to the information that you submit to the payment provider. However, we will receive a notification from the relevant provider (i.e. the (TÜV SÜD) company acting as the supplier) about your payment so that we can complete the ordering process. We will inform you via email about the delivery of an order and any other order notifications. If you are logged into your customer account when you make an order, the data and default settings in your customer account will be autofilled. You can edit these details during the ordering process. The suppliers process the ordering data to carry out contracts concluded in the TÜV SÜD store, and, if applicable, to carry out credit checks for purchases on account, to administer purchase price claims and to comply with statutory retention periods. You can find out more information about the processing of personal data by these (TÜV SÜD) companies in the privacy policy – which there are links to throughout the ordering process in the TÜV SÜD store. (For this purpose, certain strictly necessary cookies are temporarily processed by our web server. You can find out more information about the content and purposes of the cookies in the section entitled "Cookies".) |
HTTP data Customer account data Technical data Local profile Shopping basket data Order handling data Transactional e-mail data |
No automatic decision-making is carried out. |
For users who are our direct contractual partners (platform licensing agreement), in particular private customers: Article 6 Paragraph 1 Letter b of the GDPR (Performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering the contract) For users who are agents for our contractual partners, in particular employees of legal bodies: Article 6 Paragraph 1 Letter f of the GDPR (Protection of a legitimate interest using a balancing test): Fulfilment of obligations to our contractual partner arising out of the platform licensing agreement is in our legitimate interest. |
Hosting provider B Support provider D E-mail service provider A
For order processing data: (TÜV SÜD) companies as suppliers (It will be indicated to you during the ordering process which (TÜV SÜD) company is your supplier. (TÜV SÜD) companies pass certain order processing data on to third parties – e.g. the payment service provider or delivery companies. You can find out more information about the processing of personal data by these (TÜV SÜD) companies in the privacy policy. There are links informing you about this throughout the ordering process in the TÜV SÜD store.) |
|
To retain data as evidence in order to establish, exercise or defend legal claims |
Transactional email data |
No automatic decision-making is carried out. |
Article 6 Paragraph 1 Letter f of the GDPR (Protection of a legitimate interest using a balancing test): The assertion, exercising and defence of legal claims is in our legitimate interest. |
Hosting provider B Support provider D Email service provider A |
|
To retain data in order to comply with legal retention periods (in particular, those arising from commercial and tax law) Depending on the file type, statutory retention periods in commercial and tax law can last for 6 or 10 years (§ 147 German Fiscal Code), § 257 German Commercial Code (HGB). |
Transactional email data |
No automatic decision-making is carried out. |
Article 6 paragraph 1 letter c of the GDPR (Compliance with a legal obligation) |
Hosting-Provider B Support provider D Email service provider A |
|
To guarantee the security of the IT infrastructure of the TÜV SÜD store – especially for the detection, elimination and secure logging of incidents (e.g. DDoS attacks) HTTP data is temporarily stored and evaluated by our web server for this purpose. (For this purpose, certain strictly necessary cookies are temporarily processed by our web server. You can find out more information about the content and purposes of the cookies in the section entitled "Cookies".) |
HTTP data |
No automatic decision-making is carried out. |
Article 6 Paragraph 1 Letter f of the GDPR (Protection of a legitimate interest using a balancing test): Guaranteeing the security of the IT infrastructure which enables us to provide forms to users, in particular for the detection, elimination and secure documentation of incidents (e.g. DDoS attacks), is in our legitimate interest. |
Hosting-Provider B Support provider C Support provider D Network service provider A |
|
Recipient category |
Role of the recipient |
Location of the recipient |
Adequacy decision or suitable or appropriate guarantees for transfers to third countries and/or international organizations |
|
Hosting provider B |
Data processor |
EU |
|
|
Email service provider A |
Data processor |
EU |
|
|
TÜV SÜD Companies (It will be indicated to you during the ordering process which (TÜV SÜD) company is your supplier. These (TÜV SÜD) companies pass certain order processing data on to third parties – e.g. our payment provider (as a data processor) or t o delivery companies (as a controller). You can find out more information about the processing of personal data by these (TÜV SÜD) companies in the privacy policy. There are links informing you about this throughout the ordering process in the TÜV SÜD store.) |
Controller |
EU
|
|
|
Support provider D |
Data processor |
EU |
|
|
Email service provider A |
Data processor |
EU |
|
|
Categories of personal data being processed |
Personal data contained in the categories |
Data sources |
Obligation of the data subject to provide data |
Storage duration |
|
HTTP data |
Protocol data that accrues whilst using the TÜV SÜD portal for technical reasons – (Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes the IP address, the type and version of the Internet browser, the user's operating system, the page being accessed, the previous page (referrer URL), date and time of the visit. |
Users of the TÜV SÜD portal |
Provision of data is neither legally or contractually required, nor is it needed to conclude a contract. The data subject has no obligation to provide the data. If the data is not provided, we cannot display the requested content on the TÜV SÜD portal. |
Data is stored in server log files in a form that enables identification of the data subject for a maximum of 7 days, unless there is a security-related incident (e.g. a DDoS attack). If there is a security-related incident, server log files are stored until the incident has been eliminated and resolved in full. |
|
Local profile |
Application dependent master data such as, for example, rights and roles etc. This also includes technical data from TÜV SÜD ID and data from the customer account of TÜV SÜD ID (see above). In the portal you can still add additional data voluntarily to your customer account in order to be able to use this for portal specific actions. |
Users of the TÜV SÜD portal |
The submission of the data marked as compulsory in the registration process is required for entering into a contract in the course of registration. The person concerned will not be under any obligation to submit data. Registration cannot be carried out if compulsory information is not submitted. |
The data shall be saved and processed until there is no longer any contractual or legal requirement for it to be saved. You will have the option in your customer account to amend or to remove this data yourself at any time. As a rule, the data will be saved until you initiate deletion, TÜV SÜD terminates the contract (see terms and conditions of use) or TÜV SÜD no longer has a reason for keeping it (e.g. closure of the TÜV SÜD store); if no other staturoty safekeeping periods e.g. for tax-relevant information, are breached. In the event that an order is placed, some of this data will be incorporated in the order-handling data and in the transactions e-mail data (see below) and will be kept there in connection with the respective order or for a longer period of time. |
|
Process data |
Information about your current activities. |
Indirect user of the TÜV SÜD portal |
Will be generated and saved automatically. |
The data will be updated in line with the progress of processes and, as a rule, deleted following completion. Data will only be retained in the following cases: It is relevant for subsequent processes. There is a legal obligation to retain the data. |
|
Right of access data |
Information about which of the linked portals you can access. |
Providers of the linked portals |
- |
We store the right of access data until the provider of the linked portal informs us that your access has expired or that your platform licence agreement has ended. We store this data as evidence for the assertion, exercise or defence of future legal claims, followed by a transitional period of 3 years from the end of the year in which your access authorization (e.g. after your platform licence agreement has ended) has expired, or until the end of the dispute in the case of a legal dispute. |
|
Transactional email data |
Data from transactional emails sent as part of the individual membership areas (reminder emails, etc.) |
Independently generated |
The data is generated automatically. |
The email content is kept with the service provider for 5 days; |
|
Purpose of processing the personal data |
Categories of personal data being processed |
Automatic decision-making |
Legal basis and, if applicable, legitimate interest |
Recipient |
|
Enabling portal functionality in the TÜV SÜD portal: HTTP data is temporarily processed by our web server for this purpose. |
HTTP data |
No automatic decision-making is carried out.
|
Article 6 Paragraph 1 Letter f of the GDPR (Protection of a legitimate interest using a balancing test): Enabling the functionality selected by the user in the TÜV SÜD portal is in our legitimate interest. |
Hosting provider A Support provider A Support provider B Support provider C |
|
To make a customer account available to registered customers of the TÜV SÜD portal and enable functionality within the customer account in the TÜV SÜD portal: This includes allows data entered by the customer in the customer account (such as addresses, contact details, settings) to be stored. It also enables an overview of all the information in the linked portals of other (TÜV SÜD) companies to be shown in the TÜV SÜD portal. |
HTTP data Customer account data Technical data Local profile |
No automatic decision-making is carried out. |
For users who are our direct contractual partners (platform licensing agreement), in particular private customers: Article 6 Paragraph 1 Letter b of the GDPR (Performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering the contract) For users who are agents for our contractual partners, in particular employees of legal bodies: Article 6 Paragraph 1 Letter f of the GDPR (Protection of a legitimate interest using a balancing test): Fulfilment of obligations to our contractual partner arising out of the platform licensing agreement is in our legitimate interest. |
Hosting provider A Support provider A Support provider B Support provider C |
|
Provision of the technical functions |
HTTP data Customer account data Technical data Local profile Process data Entitlement data Transaction email data |
No automatic decision-making is carried out. |
Article 6 Paragraph 1 Letter f of the General Data Protection Regulations (Protection of a justified interest after balancing interests): Our justified interest is the submission of the functions accessed by the User in the TÜV SÜD portal. |
Hosting provider A Support provider A Support provider B Support provider C Email service provider A |
|
Recipient category |
Role of the recipient |
Location of the recipient |
Adequacy decision or suitable or appropriate guarantees for transfers to third countries and/or international organizations |
|
Hosting provider A |
Data processor |
EU |
|
|
Support provider A |
Data processor |
EU |
|
|
Support provider B |
Data processor |
EU |
|
|
Support provider C |
Data processor |
EU |
|
|
Email service provider A |
Data processor |
EU |
|
Categories of personal data being processed |
Personal data contained in the categories |
Data sources |
Obligation of the data subject to provide data |
Storage duration |
|
Registration data Additional customer account data Shopping basket data Order processing data Transactional email data |
(Section "Third-party data" detailed information about these data categories.) The data is for the most part assigned to the user carrying out the order. However, the data may also contain information relating to third parties depending on what the user is doing. For example, the user might nominate you as the invoice recipient or name you as a participant in one of the training courses that he/she has booked. |
Users of the TÜV SÜD store
|
- |
(Section "Third-party data" for more detailed information about these data categories.) |
|
Purpose of processing the personal data |
Categories of personal data being processed |
Automated decision-making |
Legal basis and, where applicable, legitimate interest |
Recipient |
|
To enable the functionality of customer accounts in the TÜV SÜD store: For more information, refer to Section "Third-party data". You are affected as a third party in this case if one of our users names you as the invoice recipient (if they specify a different billing address) or as the contact person for any accounting queries. Our users are informed during the ordering process – and as part of the terms of usage for our platform – of their obligation to inform you that your third-party data will be processed, and direct you to this privacy policy. |
Registration data Additional customer account data |
No automated decision-making is carried out.
|
Article 6 Paragraph 1 Letter f of the GDPR (Protection of a legitimate interest using a balancing test): It is in our legitimate interest to fulfil the contract between us and the user on the terms of usage of our platform. |
Hosting provider |
|
To accept orders and to transfer information between users and other (TÜV SÜD) companies acting as purchasers and vendors. In particular, the passing on of users' orders to the relevant provider/vendor: For more information, refer to Section "Third-party data". You are affected as a third party if one of our users mentions you in relation to the billing address, specifies you as the invoice recipient or contact person for accounting enquiries, or names you as participant whilst they are booking a course. Our users are informed during the ordering process and as part of the terms of usage for our platform that they are obliged to inform you that your data will be processed as a third party and direct you to this privacy policy. |
Registration data Additional customer account data Shopping basket data Order processing data Transactional email data |
No automated decision-making is carried out.
|
Article 6 Paragraph 1 Letter f of the GDPR (Protection of a legitimate interest using a balancing test): It is in our legitimate interest to fulfil the contract between us and the user on the terms of usage of our platform. |
Hosting provider Email provider For order processing data: (TÜV SÜD) companies as suppliers (It will be indicated to our users during the ordering process which (TÜV SÜD) company is your supplier. (TÜV SÜD) companies pass certain order processing data on to third parties – e.g. the payment service provider or delivery companies. You can find out more information about the processing of personal data by these (TÜV SÜD) companies in the privacy policy. There are links informing you about this throughout the ordering process in the TÜV SÜD store.) |
|
To retain data as evidence in order to establish, exercise or defend legal claims For more, refer to Section "Third-party data". You are affected as a third party in this case if one of our users provides your personal data in their customer account or to make an order (see above). |
Order processing data Transactional email data |
No automated decision-making is carried out.
|
Article 6 Paragraph 1 Letter f of the GDPR (Protection of a legitimate interest using a balancing test): The assertion, exercising and defence of legal claims is in our legitimate interest.
|
Hosting-Provider |
|
To retain data in order to comply with legal retention periods (in particular, those arising from commercial and tax law) For more, refer to section "Third-party data". You are affected as a third party in this case if one of our users submits your personal data in their customer account or to make an order (see above). |
Order processing data Transactional email data |
No automated decision-making is carried out. |
Article 6 Paragraph 1 Letter c of the GDPR (Compliance with a legal obligation) |
Hosting provider |
|
Recipient |
Role of the recipient |
Location of the recipient |
Adequacy decision or suitable or appropriate guarantees for transfers to third countries and/or international organizations |
|
Hosting provider:
Intershop Communications AG Intershop Tower 07740 Jena |
Data processor: Intershop Storefront with the "commerce-as-a-service" model |
EU |
- |
|
Email provider: TÜV SÜD Business Services GmbH Westendstraße 199 80686 München / Munich |
Data processors |
EU |
- |
|
(TÜV SÜD) companies as suppliers (It will be indicated to our users during the ordering process which (TÜV SÜD) company is your supplier. These (TÜV SÜD) companies pass certain order processing data on to third parties – e.g. the payment service provider (as a data processor) or to delivery companies (as a controller). You can find out more information about the processing of personal data by these (TÜV SÜD) companies in the privacy policy. There are links informing you about this throughout the ordering process in the TÜV SÜD store.) |
Controller |
EU
|
- |
|
Categories of personal data being processed |
Personal data contained in the categories |
Data sources |
Obligation of the data subject to provide data |
Storage duration |
|
Google Analytics HTTP data |
Protocol data that accrues for technical reasons (Hypertext Transfer Protocol (Secure) (HTTP(S)) whilst the web analytics service Google Analytics is being used: This includes the IP address, the type and version of the Internet browser, the user's operating system, the page being accessed, the previous page (referrer URL), date and time of the visit. |
Website users
|
Provision of data is neither legally nor contractually required, nor is it needed to conclude a contract. The data subject has no obligation to provide the data. If you do not allow us to use the data, we are unable to carry out web analytics using Google Analytics. |
A process known as IP anonymization is used on this website when the web analytics tool is being deployed. This means that when your browser sends the IP address – which is necessary for the site to function – the IP address is truncated (by deleting the last octet of the IP address) before being saved and therefore anonymized. The anonymized data is saved for a duration of 50 months and is then automatically deleted. |
| Google Analytics end device data |
Data that is assigned to your device by the web analytics tool Google Analytics: This includes a unique ID that is used to (re-)identify returning users. (We install cookies for the web analytics tool Google Analytics. You can find out more information about the installed cookies in the section entitled "Cookies".) |
Website users |
Provision of data is neither legally or contractually required, nor is it needed to conclude a contract. The data subject has no obligation to provide the data. If you do not provide the data, we are unable to carry out web analytics using Google Analytics. |
We only process this data temporarily for the duration of the website visit. (The cookies for the web analytics tool Google Analytics are installed on the user's end device. You can find out more information about the validity period of the installed cookies in the section entitled "Cookies".) |
| Google Analytics profile data |
Data that is generated by the web analytics tool Google Analytics and stored in pseudonymized user profiles: This includes information about how the website is used, in particular page visits, frequency of visit and duration of visit on the various web pages. This data is matched with the unique user ID of each user which is assigned to users' end devices by Google Analytics. |
Automatically generated | - | Data that is generated by the web analytics tool Google Analytics and stored in pseudonymized user profiles is automatically deleted after a maximum of 50 months. Data relating to users' age, sex and categories of interest are automatically deleted after 2 months. |
|
Purpose of processing the personal data |
Categories of personal data being processed |
Automated decision-making |
Legal basis and, where applicable, legitimate interest |
Recipient |
|
Website optimization and better attainment of website objectives (e.g. increasing page views) For this purpose, user behaviour on our website is recorded and analyzed in a pseudonymized form. Website users are pseudonymized so that they may be recognized whilst on the website. The browsing information is used to create pseudoymized user profiles. The pseudonymized user profiles are not combined with data that identifies the person to whom the pseudonym has been given. The aim is to analyse where users are coming from, what parts of the website they visit, and how frequently they visit sub-pages and sub-categories, and the duration of their visit. We use Google Analytics, Google's web analytics tool, for this purpose. (For this purpose, cookies are also temporarily processed by our web server. You can find out more information about the content and purposes of the cookies in the section entitled "Cookies".) |
Google Analytics HTTP data Google Analytics end device data Google Analytics profile data |
No automated decision-making is carried out.
|
Article 6 paragraph 1 letter a of the GDPR (Consent) |
|
|
Recipient |
Role of the recipient |
Location of the Recipient |
|
Google: Google LLC |
Data processors |
USA |
Site Selector
Global
Americas
Asia
Europe
Middle East and Africa
