Global | EN

Data privacy

Change to German version

 Last updated on 01.10.2020

 

TÜV SÜD Digital Service GmbH thanks you for visiting our TÜV store channels and portlets – also referred to hereafter as our "platforms" – and for your interest in our company. We take the protection and security of your personal data seriously, and would like you to feel safe and at ease whilst visiting our TÜV SÜD store and using our services.

It's important to us that you know which personal data is stored, and how we use it when you access our offers and services. We only process personal data in compliance with current data protection laws, in particular the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

 

Purpose of data processing and scope of this privacy policy

Contained in this privacy policy:
In order to operate the TÜV SÜD store and portal at TÜV SÜD Digital Service GmbH, we process the personal data of the users of these platforms, and if applicable, any other people specified by these users.
As the operator of these two platforms, we act as an intermediary between different (TÜV SÜD) companies and their customers, receiving personal data and sending it to these (TÜV SÜD) companies. You can find out more information about these activities in this privacy policy.

Not contained in this privacy policy:
Different (TÜV SÜD) companies will process personal data depending on what business you carry out on our platforms (e.g. using the TÜV SÜD Auto Service GmbH Specification Sheet Service). You can find out more details about the nature of the data processing carried out in the privacy policy of the relevant (TÜV SÜD) company, the services of which you access via our platforms. You can find the link to the privacy policy of the relevant (TÜV SÜD) company on our platforms, as well as during the ordering process.

Processing personal data

 

Using our TÜV SÜD store and portal

When browsing our TÜV SÜD store and portal for purely informational purposes, certain technical information (such as your IP address) is sent by the browser on your end device to our platforms' servers. We process this information in order to display the content that you want to access on the platforms. To ensure the safety of the IT infrastructure that runs our platforms, this information is stored temporarily in a so-called web server log file. 

You can find more details here (Appendix "Details - Personal identifiable information processing").

Third-party data

Our users may also enter personal data relating to third parties while placing an order on the TÜV SÜD store; such as specifying different invoice recipients in the user's company or entering the details of people participating in training courses booked on the TÜV SÜD store. We have an agreement with our users that they keep you informed about us using your personal data in their customer account or us passing it on to the providers of products/services purchased from the TÜV SÜD store. 

We process third-party personal data for the following purposes:

To enable the functionality of customer accounts in the TÜV SÜD store
To accept orders and to transfer information between users acting as purchasers and other TÜV SÜD companies acting as vendors. In particular, the forwarding of users' orders to the relevant provider/vendor
To retain data as evidence in order to establish, exercise or defend legal claims
To retain data in order to comply with legal retention periods (in particular, those arising from commercial and tax law)

You can find more details here (Appendix - "Details - Third party data")

Transfer and joint controllership between participating (TÜV SÜD) companies

Certain personal data, such as data provided by the user when registering, can be transferred within the participating (TÜV SÜD) companies, i.e. between us (i.e. TÜV SÜD Digital Service GmbH) and our service providers for the purposes described in this data protection information, provided this use is necessary and legally permissible.

For certain processing operations of personal data of EU-based customers, the (TÜV SÜD) companies jointly determine the purposes and means of processing your data. In this case they are considered to be jointly responsible within the meaning of Art. 26 GDPR. The (TÜV SÜD) companies have defined their mutual obligations for EU customers in accordance with the GDPR in an agreement, the essential content of which is hereby made available.

 The collection and processing of pseudonymous user data on the offers via cookies, pixels or comparable technologies for the specified purposes (details on this under "Cookies").
 The collection and processing of personal data from interested parties and customers for the purpose of registration, sales, customer service and billing (details on this under Appendix "Details - Personal identifiable information processing").

Detailed information about the transfer of your information to third parties, such as (TÜV SÜD) companies with which you have placed an order via the TÜV SÜD store, or companies that process personal data on our behalf, can be found in the detailed information on the respective processing operation (e.g. above under the section "Using our TÜV SÜD store and portal" or below under the section "TÜV SÜD store and portal customer accounts").

The respective (TÜV SÜD) company with which you have a contractual relationship or whose service offerings you use is primarily responsible for fulfilling the transparency obligations according to Art. 13 and 14 GDPR and the other data subject rights under Chapter 3 of the GDPR with regard to the aforementioned data processing operations. However, you can still assert these rights against each individual (TÜV SÜD) company that is affected by the agreement on joint responsibility.


Planned data transfer to third countries
 
Apart from carrying out web analytics (see the section "Web analytics"), we currently do not plan to transfer data to third countries; otherwise, the appropriate legal conditions will be created. In particular, you will be informed about the respective recipients or categories of recipients in accordance with the legal requirements.
Security
 
TÜV SÜD Digital Service GmbH employs technological and organizational security measures to protect the data you have provided from accidental or intentional manipulation, loss and destruction, as well as preventing it from being accessed by unauthorized persons. This also applies to services provided by external suppliers. The effectiveness of our security measures is constantly being tested and improved as technology evolves. Any personal data entered is heavily encrypted at all times. 
Cookies
 
In order to make our website user-friendly for you and to tailor it optimally to your needs, we use cookies in some areas. A cookie is a small data package (text file) that your browser saves on your device when instructed by a website you visit in order to “remember” information about you, such as your language settings or login information. These cookies are set by us and are referred to as first-party cookies. We also use third-party cookies that come from a different domain than that of the website you are visiting. We use these cookies to support our advertising and marketing measures. In particular, we use cookies and other tracker technologies for the following purposes:


Fundamental/necessary cookies
 
These cookies are fundamental to the functioning of our platform and include examples such as submitting anonymized session IDs (to bundle several requests for a web server) or to ensure the full functionality of notifications and orders. 

These cookies are necessary for the functionality of the website and cannot be deactivated in your systems. As a rule, these cookies are only set in response to actions taken by you that correspond to a service request, such as setting your data protection settings, logging in or filling out forms. You can set your browser to block these cookies or to notify you about these cookies. However, some areas of the website will not work after being excluded. These cookies do not save any personal data.


Performance/statistics cookies
 
These cookies allow us to count the number of visitors to our website and their sources so that we can measure and improve the performance and experience of our website for you. By measuring these key figures, we find out which pages are accessed particularly frequently or less frequently and how our visitors move around the website. All information collected by these cookies is summarized and therefore anonymized. If you do not agree to these cookies, we will not be able to record when you have visited our website and will not be able to check the performance of the website.

In this case, however, the functionality of the platforms may be impaired (e.g. when placing orders). Your browser also offers a function to delete cookies (e.g. delete browser data). Further information can be found in the operating instructions or, as a rule, under settings of your Internet browser.


Functionality cookies
 
With the help of these cookies, the website can improve functionality and personalization. They can be set by us or by third-party providers whose services we have added to our pages. The purpose of these cookies is to provide you with a more personalized experience on our website based on your previous visits. If you do not allow these cookies, some or all of these services may not function properly.


Cookies for marketing purposes (targeting)
 
These cookies can be set by our advertising partners through our website. They can be used by these companies to create a profile of your interests and to show you interesting and relevant advertisements on other websites. These cookies do not directly store personal data but are based on an identification of your browser and internet device. If you do not allow these cookies, you will receive less tailored advertising.

You can find a detailed list of all cookies we use here.
TÜV SÜD store & portal customer accounts
 

At TÜV SÜD Digital Service GmbH, we operate the TÜV SÜD store as a marketplace where other (TÜV SÜD) companies offer their goods and services to consumers and traders in return for payment. The vendor offering goods or services in the TÜV SÜD store (the contractual partner to the customer) is the specific (TÜV SÜD) company denoted as the vendor in the TÜV SÜD store. At TÜV SÜD Digital Service GmbH, we only function as an intermediary between the user and the (TÜV SÜD) companies offering goods and services, which involves, in particular, the passing on of orders to the relevant (TÜV SÜD) company. A platform usage agreement exists between ourselves and the user which regulates our activities (Appendix "Details - Customer Account TÜV SÜD store & portal).

You can use your customer account to access the TÜV SÜD portal (by entering your login details). The TÜV SÜD portal is a landing page that gives you access to linked portals of other (TÜV SÜD) companies. In addition, users can use their login details to log into the linked portals directly without visiting the TÜV SÜD portal landing page.

The exclusive operators of these linked portals are the relevant (TÜV SÜD) companies. At TÜV SÜD Digital Service GmbH, we manage the login details with which users log on to the TÜV SÜD portal entry and access the linked portals.

We process personal data belonging to users of the TÜV SÜD store in order to operate the TÜV SÜD store and portal and enable customer accounts, for the following purposes:

  • To provide functionality in our TÜV SÜD store and portal
  • To make a customer account available to registered customers of the TÜV SÜD store and portal, and to enable functionality within the account
  • To provide a landing page on our TÜV SÜD portal that gives users and access to the linked portals of different (TÜV SÜD) companies
  • To enable the filter and search functions
  • To enable our shopping basket function
  • To receive orders and service requests, and to transfer information between users and other (TÜV SÜD) companies acting as purchasers and vendors; in particular, the passing on of users' orders and requests to the relevant provider/vendor
  • To retain data as evidence in order to establish, exercise or defend legal claims
  • To retain data in order to comply with legal retention periods (in particular, those arising from commercial and tax law)
  • To guarantee the security of the IT infrastructure of the TÜV SÜD store and portal – especially for the detection, elimination and secure logging of incidents (e.g. DDoS attacks)

 

We also use cookies to enable the shopping basket, the login to your customer account and the landing page of the TÜV SÜD store for you. 


Contact form
 
In the TÜV SÜD store, you can use contact forms to get in touch with different (TÜV SÜD) companies that offer the products and services in the TÜV SÜD store. We process the information that you enter in the contact forms and your request is automatically passed onto your chosen (TÜV SÜD) company. 

It will be clear from the contact form you are using whether you are contacting us or a different (TÜV SÜD) company.

When using our contact forms, certain technical information (such as your IP address) is sent by the browser on your end device to our platforms' servers. We process this information in order to display the contact forms and to ensure the safety of the IT infrastructure used to enable the contact form. 

You can find more details here (Appendix "Details - Contact form").
Web analytics
 
Once you have given your consent for us to do so, we install a web analytics tool to track and analyse user behaviour on our website in order to improve and optimize the website in line with our objectives (e.g. increase the number of pages viewed).

We use cookies for this purpose.

You can find more details here (Appendix - "Details - Webanalytics").
Standard periods for deletion of data
 
There are a range of different retention periods and obligations required by law. Once these retention periods have expired, the data in question is routinely erased. Where the data is not legally required, it is deleted or anonymized as soon as it is no longer necessary for the purposes outlined in this privacy policy. 

You can find out more information about how long your personal data will be stored for in the descriptions of each processing activity (e.g. the section above, "Using our TÜV SÜD store and portal", or the section below, "TÜV SÜD store & portal customer accounts"). 
Additional data applications
 
Continued processing or usage of your personal data is only permitted if a law sanctions it or if you have given your consent for your data to be processed or used. If your data is going to be processed for purposes other than those for which the data was originally stored, we will inform you as well as providing information as to why it is being processed. 

Laws concerning the processing of personal data

 

Right of access

As a data subject, you have a right of access under the conditions listed in Article 15 of the GDPR. 

Specifically, this means that you are entitled to ask us for confirmation about whether or not personal data relating to you is being processed. If this is the case, you are also entitled to request information about the personal data and the types of information stipulated by Article 15 Paragraph 1 of the GDPR. For example, this might include information about the purposes of the data processing, the categories of personal data that are being processed or the recipients or categories of recipient to whom the data has been, or will be, disclosed (Article 15 Paragraph 1 letters. a, b and c of the GDPR).

You can learn about your comprehensive right of access in Article 15 of the GDPR, which you can view at the following link: http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679.

To exercise your right, make a request by post or email to the data protection officer listed below. 


Right to rectify incorrect data
 
As a data subject, you have a right to rectification under the conditions of Article 16 of the GDPR.

Specifically, this means that you have the right to demand that we rectify any incorrect personal data relating to you, and that we complete any data that is incomplete.

You can learn about your comprehensive right to rectification in Article 16 of the GDPR, which you can view at the following link: http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679.

To do so, please use the contact addresses listed below. 


Right to erasure
 
As a data subject, you have a right to erasure ("right to be forgotten") under the conditions of Article 17 of the GDPR.

This means that you have the basic right to demand that we immediately erase any personal data relating to you as long as one of the reasons given in Article 17 Paragraph 1 of the GDPR applies. For example, this can sometimes be the case if personal data is no longer needed for the purposes for which it was collected or otherwise processed (Article 17 Paragraph 1 Letter a of the GDPR).

Where we have made the personal data public and are obliged to erase it, we are also obliged, taking account of the available technology and the cost of implementation, to take reasonable steps, including technological measures, to inform other data controllers processing the personal data that a data subject has demanded that they delete all links to, or copy of, or replication of, the personal data (Article 17 Paragraph 2 of the GDPR).

However, the right to erasure ("right to be forgotten") does not apply to processing required for any of the reasons given in Article 17 Paragraph 3 of the GDPR. This can sometimes be the case if the processing is necessary to comply with a legal obligation or to establish, exercise or defend a legal claim (Article 17 Paragraph 3 Letters a and e of the GDPR).

You can learn about your comprehensive right to erasure in Article 17 of the GDPR, which you can view at the following link: http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679.

To exercise this right, please get in touch using one of the contact addresses listed below. 


Right to restriction of processing
 
As a data subject, you have a right of restriction of processing under the conditions of Article 18 of the GDPR.

This means that you have the right to demand restriction of processing where one of the conditions of Article 18 Paragraph 1 of the GDPR applies. For example, this can sometimes be the case if you contest the accuracy of the personal data. In this case, the restriction of processing would last for a period that would enable us to verify the accuracy of your personal data (Article 18 Paragraph 1 Letter a of the GDPR).

Restriction means marking saved personal data with the aim of restricting its processing in the future (Article 4 Number 3 of the GDPR).

You can learn about your comprehensive right to restriction of processing in Article 18 of the GDPR, which you can view at the following link: http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679.

To exercise this right, please get in touch using one of the contact addresses listed below. 


Right to data portability 
 
As a data subject, you have a right of data portability under the conditions of Article 20 of the GDPR.

This means that you have the basic right to receive the personal data relating to your person, and which you have provided to us, in a structured, commonly used and machine-readable format. In addition, you have the right for the data to be transferred to another data controller without obstruction from us; providing that the processing is based on consent, as per Article 6 Paragraph 1 Letter a or Article 9 Paragraph 2 Letter a of the GDPR, or on a contract, as per Article 6 Paragraph 1 Letter b of the GDPR, and that it can be done using automated means (Article 20 Paragraph 1 of the GDPR).

You can find out more on whether processing is based on consent as per Article 6 Paragraph 1 Letter a or Article 9 Paragraph 2 Letter a of the GDPR, or on a contract as per Article 6 Paragraph 1 Letter b of the GDPR, in the information about the legal basis for processing in the descriptions of data processing activities in this privacy policy.

When you exercise your right to data portability, in principle you also have the right to demand us to transfer your personal data directly to another data controller, provided that it is technically feasible (Article 20 Paragraph 2 of the GDPR).

You can learn about your comprehensive right to data portability in Article 20 of the GDPR, which you can view at the following link: http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679.

To exercise this right, please get in touch using one of the contact addresses listed below. 


Right to object
 
As a data subject, you have the right to object under the conditions of Article 21 of the GDPR.

We will explicitly inform you about your right to object as a data subject in or prior to our first communication with you.

You can find more details here:

Right to object based on the particular situation of the data subject

As a data subject, you have the right to object to the processing of personal data relating to your particular situation at any time, provided that it is based on reasons given in Article 6 Paragraph 1 letters e or f of the GDPR, including profiling based on these examples. 

You can find out more information about whether processing is carried out based on Article 6 Paragraph 1 Letters e or f of the GDPR in the descriptions about the legal basis for processing in the sections relating to specific processing activities in this privacy poilcy.

In the case of an objection relating to your particular situation, we will cease to process your personal data unless we can offer a reasonable justification that the need for processing outweighs your interests, rights and freedoms, or that the processing helps establish, exercise or defend legal claims. 

You can learn about your comprehensive right to object in Article 21 of the GDPR, which you can view at the following link: http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679.

Right to object to direct marketing

If your personal data is being used to engage in direct marketing, you have the right at any time to object it being processed for the purpose of this kind of marketing, including profiling for direct marketing purposes. 

You can find out more about whether, or to what extent, your personal data is processed for direct marketing purposes in the information on the purposes of processing data in this privacy policy.

Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for these purposes.

You can learn about your comprehensive right to object in Article 21 of the GDPR, which you can view at the following link: http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679.

To exercise this right, please get in touch using one of the contact addresses listed below. 


Right to withdraw consent
 

If processing is carried out based on consent having been given, in accordance with Article 6 Paragraph 1 Letter a or Article 9 Paragraph 2 Letter a of the GDPR, the data subject has the right to withdraw their consent at any time, in accordance with Article 7 Paragraph 3 of the GDPR. The withdrawal of consent does not affect the legality of processing carried out from the moment of consent being given to that of its withdrawal. You are informed about this before your consent is given.

You can find out more about whether processing is carried out based on consent, in accordance with Article 6 Paragraph 1 Letter a or Article 9 Paragraph 2 Letter a of the GDPR, in the descriptions of the legal basis for processing in the sections relating to data processing activities in this privacy policy.


Right to complain to a supervisory authority

As a data subject, you have the right to file a complaint to a supervisory authority under the conditions stated in Article 77 of the GDPR.

The relevant supervisory authority for us is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18 
91522 Ansbach, Germany 

Tel: +49 (0)981 1800 930 
Fax: +49 (0)981 180 093 800 
Email: [email protected]

https://www.lda.bayern.de/de/kontakt.html

Changes to this policy
 
We may need to update this privacy policy as technology and/or the legal or regulatory framework changes. The current version of this privacy policy is available at all times on this page.
Data protection officer
 
If you have further questions regarding the processing of your personal data, you can get in touch with our data protection officer. The data protection officer can also help you with requests for disclosure, claims or complaints: 

Data protection officer for
TÜV SÜD Digital Service GmbH 
Westendstr. 199
80686 München, Germany 
Email: [email protected]



Contact details of the data controllers
 
If you have questions regarding data protection or your rights as a data subject, we'd be grateful, for the sake of efficiency, if you could ask the organization that deals with the topic in question. For questions about the operation of your customer account and the TÜV SÜD store in general, we at TÜV SÜD Digital Service GmbH are the correct point of contact. For matters concerning specific orders and data processing by a provider, please get in touch with them directly (you can find the contact details in your order documents). Regardless of whether you get in touch with us or one of the providers, we will work together to resolve the matter in the most efficient and thorough way.

We are available as a central point of contact for you, so you can always contact us directly with your request and we can coordinate with other (TÜV SÜD) companies to resolve it, especially if you're unsure which of the participating companies is best-placed to address your request.

TÜV SÜD Digital Service GmbH
Westendstr. 199 
80686 Munich,
Germany Email: mailto:[email protected]

The following (TÜV SÜD) companies and TÜV SÜD Digital Service GmbH are jointly responsible for the data processing operations described above under the section "Disclosure and joint responsibility (joint controller) within participating (TÜV SÜD) companies":

See imprint

This privacy policy was last updated on 01.10.2020.
Information about specialist terminology
 

The specialist terms used in this privacy policy have a specific meaning as laid out in the GDPR. 

You can access the full list of terminology in Article 4 of the GDPR using the following link: http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679

You can find out more information about the most important GDPR terms used in this privacy policy below:

  • "Personal data" means any information relating to an identifiable or identified natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
  • "Data subject" means the identified or identifiable natural person to whom the personal data corresponds
  • "Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction
  • "Profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements
  • "Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law
  • "Data processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller
  • "Recipient" means a natural or legal person, public authority, agency or another body, to which the personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular enquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of the data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing
  • "Third party" means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, is authorized to process personal data
  • "International organization" means an organization and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries
  • "Third country" means a country that is not a member state of the European Union ("EU") or the European Economic Area ("EEA")
  • "Special categories of personal data" means data that allows a natural person's race, ethnicity, political beliefs, religious or philosophical convictions to be divulged, as well as their membership to trade unions, any genetic or biometric data that permits him or her to be identified, or data pertaining to their health, sex life or sexual orientation.