Pre zobrazenie obsahu špecifického pre vašu polohu, vyberte inú krajinu

//Vybrať krajinu

DATA PRIVACY

Last updated on 01.10.2020

TÜV SÜD Digital Service GmbH thanks you for visiting our TÜV store (https://www.tuvsud.com/de-de/store/akademie and https://www.tuvsud.com/de-de/store/auto-service/datenblattservice) and TÜV SÜD portal (https://myportal.tuvsud.com/) – also referred to hereafter as our "platforms" – and for your interest in our company. We take the protection and security of your personal data seriously, and would like you to feel safe and at ease whilst visiting our TÜV SÜD store and using our services.

It's important to us that you know which personal data is stored, and how we use it when you access our offers and services. We only process personal data in compliance with current data protection laws, in particular the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

PURPOSE OF DATA PROCESSING AND SCOPE OF THIS PRIVACY POLICY

Contained in this privacy policy:
In order to operate the TÜV SÜD store and portal at TÜV SÜD Digital Service GmbH, we process the personal data of the users of these platforms, and if applicable, any other people specified by these users.
As the operator of these two platforms, we act as an intermediary between different (TÜV SÜD) companies and their customers, receiving personal data and sending it to these (TÜV SÜD) companies. You can find out more information about these activities in this privacy policy.

Not contained in this privacy policy:
Different (TÜV SÜD) companies will process personal data depending on what business you carry out on our platforms (e.g. using the TÜV SÜD Auto Service GmbH Specification Sheet Service). You can find out more details about the nature of the data processing carried out in the privacy policy of the relevant (TÜV SÜD) company, the services of which you access via our platforms. You can find the link to the privacy policy of the relevant (TÜV SÜD) company on our platforms, as well as during the ordering process.


TABLE OF CONTENT

 

Using our TÜV SÜD store and portal
Third-party data
Transfer and joint controllership between participating (TÜV SÜD) companies

Planned data transfer to third countries

Security

Cookies

Fundamental/necessary cookies
Performance/statistics cookies
Functionality cookies
Cookies for marketing purposes (targeting)

TÜV SÜD store & portal customer accounts

Contact form

Webanalytics

Standard periods for deletion of data

Additional data applications

Laws concerning the processing of personal data

Right of access
Right to rectify incorrect data
Right to erasure
Right to restriction of processing
Right to data portability
Right to object
Right to withdraw consent
Right to complain to a supervisory authority

Changes to this privacy policy

Data protection officer

Contact details of the data controllers

Information about specialist terminology


PROCESSING PERSONAL DATA

 

USING OUR TÜV SÜD STORE AND PORTAL

When browsing our TÜV SÜD store and portal for purely informational purposes, certain technical information (such as your IP address) is sent by the browser on your end device to our platforms' servers. We process this information in order to display the content that you want to access on the platforms. To ensure the safety of the IT infrastructure that runs our platforms, this information is stored temporarily in a so-called web server log file. 

You can find more details here (Appendix "Details - Personal identifiable information processing").

Third-party data

Our users may also enter personal data relating to third parties while placing an order on the TÜV SÜD store; such as specifying different invoice recipients in the user's company or entering the details of people participating in training courses booked on the TÜV SÜD store. We have an agreement with our users that they keep you informed about us using your personal data in their customer account or us passing it on to the providers of products/services purchased from the TÜV SÜD store. 

We process third-party personal data for the following purposes:

  • To enable the functionality of customer accounts in the TÜV SÜD store
  • To accept orders and to transfer information between users acting as purchasers and other TÜV SÜD companies acting as vendors. In particular, the forwarding of users' orders to the relevant provider/vendor
  • To retain data as evidence in order to establish, exercise or defend legal claims
  • To retain data in order to comply with legal retention periods (in particular, those arising from commercial and tax law)

You can find more details here (Appendix - "Details - Third party data").

Transfer and joint controllership between participating (TÜV SÜD) companies

Certain personal data, such as data provided by the user when registering, can be transferred within the participating (TÜV SÜD) companies, i.e. between us (i.e. TÜV SÜD Digital Service GmbH) and our service providers for the purposes described in this data protection information, provided this use is necessary and legally permissible.

For certain processing operations of personal data of EU-based customers, the (TÜV SÜD) companies jointly determine the purposes and means of processing your data. In this case they are considered to be jointly responsible within the meaning of Art. 26 GDPR. The (TÜV SÜD) companies have defined their mutual obligations for EU customers in accordance with the GDPR in an agreement, the essential content of which is hereby made available.

  •  The collection and processing of pseudonymous user data on the offers via cookies, pixels or comparable technologies for the specified purposes (details on this under "Cookies").
  •  The collection and processing of personal data from interested parties and customers for the purpose of registration, sales, customer service and billing (details on this under Appendix "Details - Personal identifiable information processing").

Detailed information about the transfer of your information to third parties, such as (TÜV SÜD) companies with which you have placed an order via the TÜV SÜD store, or companies that process personal data on our behalf, can be found in the detailed information on the respective processing operation (e.g. above under the section "Using our TÜV SÜD store and portal" or below under the section "TÜV SÜD store and portal customer accounts").

The respective (TÜV SÜD) company with which you have a contractual relationship or whose service offerings you use is primarily responsible for fulfilling the transparency obligations according to Art. 13 and 14 GDPR and the other data subject rights under Chapter 3 of the GDPR with regard to the aforementioned data processing operations. However, you can still assert these rights against each individual (TÜV SÜD) company that is affected by the agreement on joint responsibility.

 

planned data transfer to third countries

Apart from carrying out web analytics (see the section "Web analytics"), we currently do not plan to transfer data to third countries; otherwise, the appropriate legal conditions will be created. In particular, you will be informed about the respective recipients or categories of recipients in accordance with the legal requirements.

 

Security

TÜV SÜD Digital Service GmbH employs technological and organizational security measures to protect the data you have provided from accidental or intentional manipulation, loss and destruction, as well as preventing it from being accessed by unauthorized persons. This also applies to services provided by external suppliers. The effectiveness of our security measures is constantly being tested and improved as technology evolves. Any personal data entered is heavily encrypted at all times. 

 

COOKIES

In order to make our website user-friendly for you and to tailor it optimally to your needs, we use cookies in some areas. A cookie is a small data package (text file) that your browser saves on your device when instructed by a website you visit in order to “remember” information about you, such as your language settings or login information. These cookies are set by us and are referred to as first-party cookies. We also use third-party cookies that come from a different domain than that of the website you are visiting. We use these cookies to support our advertising and marketing measures. In particular, we use cookies and other tracker technologies for the following purposes:

FUNDAMENTAL/NECESSARY COOKIES

These cookies are fundamental to the functioning of our platform and include examples such as submitting anonymized session IDs (to bundle several requests for a web server) or to ensure the full functionality of notifications and orders. 

These cookies are necessary for the functionality of the website and cannot be deactivated in your systems. As a rule, these cookies are only set in response to actions taken by you that correspond to a service request, such as setting your data protection settings, logging in or filling out forms. You can set your browser to block these cookies or to notify you about these cookies. However, some areas of the website will not work after being excluded. These cookies do not save any personal data.

PERFORMANCE/STATISTICS COOKIES

These cookies allow us to count the number of visitors to our website and their sources so that we can measure and improve the performance and experience of our website for you. By measuring these key figures, we find out which pages are accessed particularly frequently or less frequently and how our visitors move around the website. All information collected by these cookies is summarized and therefore anonymized. If you do not agree to these cookies, we will not be able to record when you have visited our website and will not be able to check the performance of the website.

In this case, however, the functionality of the platforms may be impaired (e.g. when placing orders). Your browser also offers a function to delete cookies (e.g. delete browser data). Further information can be found in the operating instructions or, as a rule, under settings of your Internet browser.

FUNCTIONALITY COOKIES

With the help of these cookies, the website can improve functionality and personalization. They can be set by us or by third-party providers whose services we have added to our pages. The purpose of these cookies is to provide you with a more personalized experience on our website based on your previous visits. If you do not allow these cookies, some or all of these services may not function properly.

COOKIES For MARKETING purposes (TARGETING)

These cookies can be set by our advertising partners through our website. They can be used by these companies to create a profile of your interests and to show you interesting and relevant advertisements on other websites. These cookies do not directly store personal data but are based on an identification of your browser and internet device. If you do not allow these cookies, you will receive less tailored advertising.

You can find a detailed list of all cookies we use here.

 

TÜV SÜD STORE & PORTAL customer accounts

At TÜV SÜD Digital Service GmbH, we operate the TÜV SÜD store as a marketplace where other (TÜV SÜD) companies offer their goods and services to consumers and traders in return for payment. The vendor offering goods or services in the TÜV SÜD store (the contractual partner to the customer) is the specific (TÜV SÜD) company denoted as the vendor in the TÜV SÜD store. At TÜV SÜD Digital Service GmbH, we only function as an intermediary between the user and the (TÜV SÜD) companies offering goods and services, which involves, in particular, the passing on of orders to the relevant (TÜV SÜD) company. A platform usage agreement exists between ourselves and the user which regulates our activities (Appendix "Details - Customer Account TÜV SÜD store & portal).

You can use your customer account to access the TÜV SÜD portal (by entering your login details). The TÜV SÜD portal is a landing page that gives you access to linked portals of other (TÜV SÜD) companies. In addition, users can use their login details to log into the linked portals directly without visiting the TÜV SÜD portal landing page.

The exclusive operators of these linked portals are the relevant (TÜV SÜD) companies. At TÜV SÜD Digital Service GmbH, we manage the login details with which users log on to the TÜV SÜD portal entry and access the linked portals.

We process personal data belonging to users of the TÜV SÜD store in order to operate the TÜV SÜD store and portal and enable customer accounts, for the following purposes:

  • To provide functionality in our TÜV SÜD store and portal 
  • To make a customer account available to registered customers of the TÜV SÜD store and portal, and to enable functionality within the account 
  • To provide a landing page on our TÜV SÜD portal that gives users and access to the linked portals of different (TÜV SÜD) companies
  • To enable the filter and search functions 
  • To enable our shopping basket function
  • To receive orders and service requests, and to transfer information between users and other (TÜV SÜD) companies acting as purchasers and vendors; in particular, the passing on of users' orders and requests to the relevant provider/vendor
  • To retain data as evidence in order to establish, exercise or defend legal claims
  • To retain data in order to comply with legal retention periods (in particular, those arising from commercial and tax law)
  • To guarantee the security of the IT infrastructure of the TÜV SÜD store and portal – especially for the detection, elimination and secure logging of incidents (e.g. DDoS attacks)

We also use cookies to enable the shopping basket, the login to your customer account and the landing page of the TÜV SÜD store for you. 

 

CONTACT FORM

In the TÜV SÜD store, you can use contact forms to get in touch with different (TÜV SÜD) companies that offer the products and services in the TÜV SÜD store. We process the information that you enter in the contact forms and your request is automatically passed onto your chosen (TÜV SÜD) company. 

It will be clear from the contact form you are using whether you are contacting us or a different (TÜV SÜD) company.

When using our contact forms, certain technical information (such as your IP address) is sent by the browser on your end device to our platforms' servers. We process this information in order to display the contact forms and to ensure the safety of the IT infrastructure used to enable the contact form. 

You can find more details here (Appendix "Details - Contact form").

 

WEBANALYTICS

Once you have given your consent for us to do so, we install Google's web analytics tool to track and analyse user behaviour on our website in order to improve and optimize the website in line with our objectives (e.g. increase the number of pages viewed).

We use cookies for this purpose.

You can find more details here (Appendix - "Details - Webanalytics").

 

standard periods for deletion of data

There are a range of different retention periods and obligations required by law. Once these retention periods have expired, the data in question is routinely erased. Where the data is not legally required, it is deleted or anonymized as soon as it is no longer necessary for the purposes outlined in this privacy policy. 

You can find out more information about how long your personal data will be stored for in the descriptions of each processing activity (e.g. the section above, "Using our TÜV SÜD store and portal", or the section below, "TÜV SÜD store & portal customer accounts"). 

 

additional data applications

Continued processing or usage of your personal data is only permitted if a law sanctions it or if you have given your consent for your data to be processed or used. If your data is going to be processed for purposes other than those for which the data was originally stored, we will inform you as well as providing information as to why it is being processed. 

 

laws concerning the processing of personal data

Right of access

As a data subject, you have a right of access under the conditions listed in Article 15 of the GDPR. 

Specifically, this means that you are entitled to ask us for confirmation about whether or not personal data relating to you is being processed. If this is the case, you are also entitled to request information about the personal data and the types of information stipulated by Article 15 Paragraph 1 of the GDPR. For example, this might include information about the purposes of the data processing, the categories of personal data that are being processed or the recipients or categories of recipient to whom the data has been, or will be, disclosed (Article 15 Paragraph 1 letters. a, b and c of the GDPR).

You can learn about your comprehensive right of access in Article 15 of the GDPR, which you can view at the following link: http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679.

To exercise your right, make a request by post or email to the data protection officer listed below. 

Right to rectify incorrect data

As a data subject, you have a right to rectification under the conditions of Article 16 of the GDPR.

Specifically, this means that you have the right to demand that we rectify any incorrect personal data relating to you, and that we complete any data that is incomplete.

You can learn about your comprehensive right to rectification in Article 16 of the GDPR, which you can view at the following link: http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679.

To do so, please use the contact addresses listed below. 

Right to erasure

As a data subject, you have a right to erasure ("right to be forgotten") under the conditions of Article 17 of the GDPR.

This means that you have the basic right to demand that we immediately erase any personal data relating to you as long as one of the reasons given in Article 17 Paragraph 1 of the GDPR applies. For example, this can sometimes be the case if personal data is no longer needed for the purposes for which it was collected or otherwise processed (Article 17 Paragraph 1 Letter a of the GDPR).

Where we have made the personal data public and are obliged to erase it, we are also obliged, taking account of the available technology and the cost of implementation, to take reasonable steps, including technological measures, to inform other data controllers processing the personal data that a data subject has demanded that they delete all links to, or copy of, or replication of, the personal data (Article 17 Paragraph 2 of the GDPR).

However, the right to erasure ("right to be forgotten") does not apply to processing required for any of the reasons given in Article 17 Paragraph 3 of the GDPR. This can sometimes be the case if the processing is necessary to comply with a legal obligation or to establish, exercise or defend a legal claim (Article 17 Paragraph 3 Letters a and e of the GDPR).

You can learn about your comprehensive right to erasure in Article 17 of the GDPR, which you can view at the following link: http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679.

To exercise this right, please get in touch using one of the contact addresses listed below. 

Right to restriction of processing

As a data subject, you have a right of restriction of processing under the conditions of Article 18 of the GDPR.

This means that you have the right to demand restriction of processing where one of the conditions of Article 18 Paragraph 1 of the GDPR applies. For example, this can sometimes be the case if you contest the accuracy of the personal data. In this case, the restriction of processing would last for a period that would enable us to verify the accuracy of your personal data (Article 18 Paragraph 1 Letter a of the GDPR).

Restriction means marking saved personal data with the aim of restricting its processing in the future (Article 4 Number 3 of the GDPR).

You can learn about your comprehensive right to restriction of processing in Article 18 of the GDPR, which you can view at the following link: http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679.

To exercise this right, please get in touch using one of the contact addresses listed below. 

Right to data portability 

As a data subject, you have a right of data portability under the conditions of Article 20 of the GDPR.

This means that you have the basic right to receive the personal data relating to your person, and which you have provided to us, in a structured, commonly used and machine-readable format. In addition, you have the right for the data to be transferred to another data controller without obstruction from us; providing that the processing is based on consent, as per Article 6 Paragraph 1 Letter a or Article 9 Paragraph 2 Letter a of the GDPR, or on a contract, as per Article 6 Paragraph 1 Letter b of the GDPR, and that it can be done using automated means (Article 20 Paragraph 1 of the GDPR).

You can find out more on whether processing is based on consent as per Article 6 Paragraph 1 Letter a or Article 9 Paragraph 2 Letter a of the GDPR, or on a contract as per Article 6 Paragraph 1 Letter b of the GDPR, in the information about the legal basis for processing in the descriptions of data processing activities in this privacy policy.

When you exercise your right to data portability, in principle you also have the right to demand us to transfer your personal data directly to another data controller, provided that it is technically feasible (Article 20 Paragraph 2 of the GDPR).

You can learn about your comprehensive right to data portability in Article 20 of the GDPR, which you can view at the following link: http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679.

To exercise this right, please get in touch using one of the contact addresses listed below. 

right to object

As a data subject, you have the right to object under the conditions of Article 21 of the GDPR.

We will explicitly inform you about your right to object as a data subject in or prior to our first communication with you.

You can find more details here:

Right to object based on the particular situation of the data subject

As a data subject, you have the right to object to the processing of personal data relating to your particular situation at any time, provided that it is based on reasons given in Article 6 Paragraph 1 letters e or f of the GDPR, including profiling based on these examples. 

You can find out more information about whether processing is carried out based on Article 6 Paragraph 1 Letters e or f of the GDPR in the descriptions about the legal basis for processing in the sections relating to specific processing activities in this privacy poilcy.

In the case of an objection relating to your particular situation, we will cease to process your personal data unless we can offer a reasonable justification that the need for processing outweighs your interests, rights and freedoms, or that the processing helps establish, exercise or defend legal claims. 

You can learn about your comprehensive right to object in Article 21 of the GDPR, which you can view at the following link: http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679.

Right to object to direct marketing

If your personal data is being used to engage in direct marketing, you have the right at any time to object it being processed for the purpose of this kind of marketing, including profiling for direct marketing purposes. 

You can find out more about whether, or to what extent, your personal data is processed for direct marketing purposes in the information on the purposes of processing data in this privacy policy.

Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for these purposes.

You can learn about your comprehensive right to object in Article 21 of the GDPR, which you can view at the following link: http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679.

To exercise this right, please get in touch using one of the contact addresses listed below. 

Right to withdraw consent

If processing is carried out based on consent having been given, in accordance with Article 6 Paragraph 1 Letter a or Article 9 Paragraph 2 Letter a of the GDPR, the data subject has the right to withdraw their consent at any time, in accordance with Article 7 Paragraph 3 of the GDPR. The withdrawal of consent does not affect the legality of processing carried out from the moment of consent being given to that of its withdrawal. You are informed about this before your consent is given.

You can find out more about whether processing is carried out based on consent, in accordance with Article 6 Paragraph 1 Letter a or Article 9 Paragraph 2 Letter a of the GDPR, in the descriptions of the legal basis for processing in the sections relating to data processing activities in this privacy policy.

Right to complain to a supervisory authority

As a data subject, you have the right to file a complaint to a supervisory authority under the conditions stated in Article 77 of the GDPR.

The relevant supervisory authority for us is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18 
91522 Ansbach, Germany 

Tel: +49 (0)981 1800 930 
Fax: +49 (0)981 180 093 800 
Email: [email protected]

https://www.lda.bayern.de/de/kontakt.html

 

changes to this privacy policy

We may need to update this privacy poilcy as technology and/or the legal or regulatory framework changes. The current version of this privacy policy is available at all times on this page.

 

DATa protection officer

If you have further questions regarding the processing of your personal data, you can get in touch with our data protection officer. The data protection officer can also help you with requests for disclosure, claims or complaints: 

Data protection officer for
TÜV SÜD Digital Service GmbH 
Westendstr. 199
80686 München, Germany 
Email: [email protected]

 

contact details of the data controllers

If you have questions regarding data protection or your rights as a data subject, we'd be grateful, for the sake of efficiency, if you could ask the organization that deals with the topic in question. For questions about the operation of your customer account and the TÜV SÜD store in general, we at TÜV SÜD Digital Service GmbH are the correct point of contact. For matters concerning specific orders and data processing by a provider, please get in touch with them directly (you can find the contact details in your order documents). Regardless of whether you get in touch with us or one of the providers, we will work together to resolve the matter in the most efficient and thorough way.

We are available as a central point of contact for you, so you can always contact us directly with your request and we can coordinate with other (TÜV SÜD) companies to resolve it, especially if you're unsure which of the participating companies is best-placed to address your request.

TÜV SÜD Digital Service GmbH
Westendstr. 199 
80686 Munich,
Germany Email: mailto:[email protected]

The following (TÜV SÜD) companies and TÜV SÜD Digital Service GmbH are jointly responsible for the data processing operations described above under the section "Disclosure and joint responsibility (joint controller) within participating (TÜV SÜD) companies":

See imprint

This privacy policy was last updated on 01.10.2020.

 

Information about specialist terminology

The specialist terms used in this privacy policy have a specific meaning as laid out in the GDPR. 

You can access the full list of terminology in Article 4 of the GDPR using the following link: http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679

You can find out more information about the most important GDPR terms used in this privacy policy below:

  • "Personal data" means any information relating to an identifiable or identified natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
  • "Data subject" means the identified or identifiable natural person to whom the personal data corresponds
  • "Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction
  • "Profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements
  • "Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law
  • "Data processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller
  • "Recipient" means a natural or legal person, public authority, agency or another body, to which the personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular enquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of the data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing
  • "Third party" means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, is authorized to process personal data
  • "International organization" means an organization and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries
  • "Third country" means a country that is not a member state of the European Union ("EU") or the European Economic Area ("EEA")
  • "Special categories of personal data" means data that allows a natural person's race, ethnicity, political beliefs, religious or philosophical convictions to be divulged, as well as their membership to trade unions, any genetic or biometric data that permits him or her to be identified, or data pertaining to their health, sex life or sexual orientation.
  • DETAILS - PERSONAL IDENTIFIABLE INFORMATION PROCESSING

    1. DETAILS about personal data being processed

    Categories of personal data being processed

    Personal data contained in the categories

    Data sources

    Obligation of the data subject to provide data

    Storage duration

    HTTP data

    Protocol data that is technologically necessary to access the platforms using the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes the IP address, the type and version of the Internet browser, the user's operating system, the page being accessed, the previous page (referrer URL), date and time of the visit.

    Users of the platform

     

    Provision of data is neither legally or contractually required, nor is it needed to conclude a contract. The data subject has no obligation to provide the data. If the data is not provided, we cannot display the content being requested on the platforms.

    Data is stored in server log files in a form that enables identification of the data subject for a maximum of 7 days, unless there is a security-related incident (e.g. a DDoS attack). If there is a security-related incident, server log files are stored until the incident has been eliminated and resolved in full.

    Opt-in data (cookie settings)

    Data that you provide in order to manage cookie consents on our platforms, the TÜV SÜD store and TÜV SÜD portal, and data that is assigned to your end device in order to use to manage cookie consents: This includes giving your consent and, if applicable, setting your individual preferences for cookies being stored on your end device. We are obliged to install strictly necessary cookies in order for you to manage your cookie consents. You can find more information about the installed cookies here.

    Users of the platform

     

    Provision of data is neither legally or contractually required, nor is it needed to conclude a contract. The data subject has no obligation to provide the data. If the data is not provided, we can't recognize any cookie consents on our platforms.

    We only process this data within the user’s browser at maximum for a period of 30 days over our provider OneTrust. The cookies that manage cookie consents are installed on the user's end device. You can find out more information about the validity period of the installed cookies here.

    2. DETAILS about the personal data being processed

    Purpose of processing the personal data

    Categories of personal data being processed

    Automatic decision-making

    Legal basis and, if applicable, legitimate interest

    Recipient

    Displaying content requested by the user on the platforms:

    Data is temporarily processed by our web server for this purpose.

    HTTP data

    No automatic decision-making is carried out.

     

    Article 6 Paragraph 1 Letter f of the GDPR (Protection of a legitimate interest using a balancing test):

    Providing the content on our platforms requested by the user is in our legitimate interest.

    Hosting provider

    Enabling the choice of cookie consents for the TÜV SÜD store and TÜV SÜD portal, and the registration of cookie consents: 

    If you visit our platforms again, we will check whether you have already given consent and if so, we will activate cookies and any web tracking and analytics tools to which you have consented.

    For this purpose, strictly necessary cookies are temporarily processed by our web server. You can find out more information about the content and purposes of the cookies here.

    HTTP data

    Opt-in data

    No automatic decision-making is carried out.

     

    Article 6 Paragraph 1 Letter f of the GDPR (Protection of a legitimate interest using a balancing test):

    Managing the cookie consents that the user has given us for our platforms is in our legitimate interest.

    Hosting provider

    Guaranteeing the security of the IT infrastructure on the platforms, in particular for the detection, elimination and secure documentation of incidents (e.g. DDoS attacks)

    Data is temporarily stored and evaluated by our web server for this purpose.

    HTTP data

    Opt-in data

    No automatic decision-making is carried out.

     

    Article 6 Paragraph 1 Letter f of the GDPR (Protection of a legitimate interest using a balancing test):

    Guaranteeing the security of the IT infrastructure on the platforms, in particular for the detection, elimination and secure documentation of incidents (e.g. DDoS attacks), is in our legitimate interest.

    Hosting provider

    3. Details concerning the recipients of personal data and the transfer of personal data to third countries/international organizations

    Recipient

    Role of the recipient

    Location of the recipient

    Adequacy decision or suitable or appropriate guarantees for transfers to third countries and/or international organizations

    Intershop Communications AG
    Intershop Tower
    07740 Jena

    Data processor: Intershop Storefront with the 'Commerce-as-a-service' model

    EU

    -

    TÜV SÜD Business Services GmbH
    Westendstraße 199
    80686 München / Munich

    Data processor for accounts and user identities: Liferay

    EU

    -

    Nordcloud Deutschland GmbH
    Theresienhöhe 28
    80339 München

    Managed Service MS Azure

    EU

     

    -

    EVOLIT Consulting GmbH
    Marxergasse 1B/Top 6
    1030 Wien, Österreich

    2nd level portal operation for Liferay

    EU

     

    -

     

     

     

     

     

     

     

     

     

     

     

  • DETAILS - CONTACT FORM

    USING ONLINE CONTACT FORMS

    1. Details about the personal data being processed

    Categories of personal data being processed

    Personal data contained in the categories

    Data sources

    Obligation of the data subject to provide data

    Storage duration

    Contact form HTTP data

    Protocol data that accrues for technical reasons when using contact forms on the platforms, via the Hypertext Transfer Protocol (Secure) (HTTP(S)):

    This includes the IP address, the type and version of the internet browser, the user's operating system, the page being accessed, the previous page (referrer URL), and the date and time of the visit.

    Users of the platform

     

    Provision of data is neither legally nor contractually required, nor is it needed to conclude a contract. The data subject has no obligation to provide the data.

    If the data is not provided, we cannot provide the contact forms.

    Data is stored in server log files in a form that enables identification of the data subject for a maximum of 7 days, unless there is a security-related incident (e.g. a DDoS attack). 

    If there is a security-related incident, server log files are stored until the incident has been eliminated and resolved in full.

    Contact form data

    Data you enter when using the contact forms on our platforms:

    This includes the information you submit via the contact forms on our platforms to get in touch with us/other (TÜV SÜD) companies. Contact forms may vary, but typical data types are your name, company, address, telephone number, email address and the content of your request.

    Users of the platform

     

    Provision of data is neither legally nor contractually required, nor is it needed to conclude a contract. The data subject has no obligation to provide the data.

    If the data is not provided, we cannot process your query.

    The data will be stored until your query is resolved.

    We store this data as evidence for the assertion, exercise or defence of future legal claims for a transitional period of 3 years from the end of the year in which you shared the data with us, or until the end of the dispute in the case of a legal dispute.

    We may store data for longer periods where statutory retention periods apply, in particular commercial or tax law. Depending on the type of documents, statutory retention periods of 6 or 10 years may apply (§ 147 German Fiscal Code, § 257 German Commercial Code.

    2. DETAILS about the personal data being processed

    Purpose of processing the personal data

    Categories of personal data being processed

    Automated decision-making

    Legal basis and, where applicable, legitimate interest

    Recipient

    Provision of contact forms on our platforms:

    Data is temporarily processed by our web server for this purpose.

    Contact form HTTP data

    No automated decision-making is carried out.

    Article 6 Paragraph 1 Letter f of the GDPR (Protection of a legitimate interest using a balancing test):

    Providing the contact forms that the user accesses is in our legitimate interest.

    Hosting provider

    Ensuring the security of the IT infrastructure that supports the forms, in particular for the detection, elimination and secure documentation of incidents (e.g. DDoS attacks)

    Data is temporarily stored and evaluated by our web server for this purpose.

    Contact form HTTP data

    No automated decision-making is carried out.

     

    Article 6 Paragraph 1 Letter f of the GDPR (Protection of a legitimate interest using a balancing test):

    Safeguarding the security of the IT infrastructure that supports the forms, in particular for the detection, elimination and secure documentation of incidents (e.g. DDoS attacks), is in our legitimate interest.

    Hosting provider

    Processing your request by automatically sending your request to your chosen (TÜV SÜD) company:

    It will be clear from the contact form you are using whether you are contacting us or a different (TÜV SÜD) company.

    Contact form data

    No automated decision-making is carried out.

     

    Insofar as your query relates to a contract to which you are one of the parties, or where pre-contractual steps need to be taken in order to conclude it: 

    Article 6 Paragraph 1 Letter b of the GDPR (Performance of a contract to which the data subject is party, or where steps need to be taken at the request of the data subject prior to entering the contract).

    Otherwise: 

    Article 6 Paragraph 1 Letter f of the GDPR (Protection of a legitimate interest using a balancing test): 

    In this instance, it is in our legitimate interest to process your request.

    Where contact requests are passed on to other (TÜV SÜD) companies:

    The respective other (TÜV SÜD) company. (It will be clear to you from the contact form which (TÜV SÜD) company you are contacting.)

    To store and process data as evidence in order to establish, exercise or defend legal claims

    Contact form data

    No automated decision-making is carried out.

     

    Article 6 Paragraph 1 Letter f of the GDPR (Protection of a legitimate interest using a balancing test):

    The assertion, exercising and defence of legal claims is in our legitimate interest.

    -

    To retain data in order to comply with legal retention periods (in particular, those arising from commercial and tax law)

    Depending on the type of documents, statutory retention periods in commercial and tax law can last for 6 or 10 years (§ 147 German Fiscal Code), § 257 German Commercial Code (HGB)).

    Contact form data

    No automated decision-making is carried out.

     

    Article 6 Paragraph 1 Letter c of the GDPR (Compliance with a legal obligation)

    -

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

    3. Details concerning the recipients of personal data and the transfer of personal data to third countries/international organizations

    Recipient

    Role of the recipient

    Location of the recipient

    Adequacy decision or suitable or appropriate guarantees for transfers to third countries and/or international organizations

    Hosting provider:

    Intership Communications AG
    Intershop Tower
    07740 Jena

    Data processors

    EU

    -

    Other (TÜV SÜD) companies

    (It will be clear from the contact form which respective (TÜV SÜD) company you are contacting.)

     

    EU

    -

     

     

     

     

     

     

     

     

     

  • DETAILS - CUSTOMER ACCOUNT TÜV SÜD STORE & PORTAL

    I. Usage of the TÜV SÜD store, including creating and using a customer account

    1. Details about the personal data being processed

    Categories of personal data being processed

    Personal data contained in the categories

    Data sources

    Obligation of the data subject to provide data

    Storage duration

    HTTP data

    Protocol data that accrues whilst using the TÜV SÜD store for technical reasons – (Hypertext Transfer Protocol (Secure) (HTTP(S)):

    This includes the IP address, the type and version of the Internet browser, the user's operating system, the page being accessed, the previous page (referrer URL), date and time of the visit.

    Users of the TÜV SÜD store

     

    Provision of data is neither legally or contractually required, nor is it needed to conclude a contract. The data subject has no obligation to provide the data.

    If the data is not provided, we cannot display the requested content on the TÜV SÜD store.

    Data is stored in server log files in a form that enables identification of the data subject for a maximum of 7 days, unless there is a security-related incident (e.g. a DDoS attack). 

    If there is a security-related incident, server log files are stored until the incident has been eliminated and resolved in full.

    Registration data

    Registration data for accessing the TÜV SÜD store and TÜV SÜD portal:

    This includes the required fields in the registration form (marked with "*") which you fill out in order to create a customer account. Which specific details are required depends on whether you are creating a private account or a business customer account.

    Details such as your email address, password, first name, last name and your postal address are needed in either case.

    Users of the TÜV SÜD store

     

    It is necessary to fill in the data in the required fields during the registration process in order to conclude a contract. The data subject has no further obligation to provide data.

    Registration is impossible if the required fields are not filled in.

    You can change these details at any time in your customer account.

    If an order is made, some of this data will be incorporated into the order processing and transactional email data (see below), and may be stored for longer/the duration of the order process.

    In principle, the data is stored until the customer requests its erasure or until the purpose for which TÜV SÜD needs it has expired (e.g. closure of the TÜV SÜD store); providing that doing so wouldn't infringe any statutory retention periods e.g. tax records.

    Additional customer account data

    Data that you voluntarily submit either during registration or later in your customer account in order to facilitate future orders (e.g. alternative delivery addresses, billing addresses, internal cost centres/order numbers) 

    Users of the TÜV SÜD store

    Provision of data is neither legally or contractually required, nor is it needed to conclude a contract. The data subject has no obligation to provide the data.

    If the data is not provided, we cannot provide certain functionality in the TÜV SÜD store.

    You can change or delete these details at any time in your customer account.

    In principle, data is stored until the customer requests its erasure or until the purpose for which TÜV SÜD needs it has expired (e.g. closure of the TÜV SÜD store); providing that doing so wouldn't infringe any statutory retention periods e.g. tax records. If an order is made, some of this data will be incorporated into the order processing and transactional email data (see below) and may be stored for the duration of the order processing.

    Login data

    Data that you provide in order to log into your customer account and data that is assigned to your end device when you log into your customer account.

    This includes your email address, password and a unique, randomly generated identification number for your current session (Session ID) 

    (We install strictly necessary cookies to enable you to log in. You can find out more information about the installed cookies in the section entitled  "Cookies").

    Users of the TÜV SÜD store

    Provision of data is neither legally or contractually required, nor is it needed to conclude a contract. The data subject has no obligation to provide the data.

    If the data is not provided, we cannot enable you to log into your customer account.

    Cookies are stored on the user's system.

    (The cookies for the login function are installed on the user's end device. You can find out more information about the validity period of the installed cookies in the section entitled "Cookies".)

    Cookie data is stored in server log files in a form that enables identification of the data subject for a maximum of 7 days, unless there is a security-related incident (e.g. a DDoS attack). 

    If there is a security-related incident, server log files are stored until the incident has been eliminated and resolved in full.

    Shopping basket data

    Data relating to products/offers that you have placed in the shopping basket in the online store, and data assigned to your end device whilst using the shopping basket function:

    This includes data such as details of participants for training courses; VIN number for the Specification Sheet service.

    (We install strictly necessary cookies to enable the shopping basket function. You can find out more information about the installed cookies in the section entitled "Cookies".)

    Users of the TÜV SÜD store

    Provision of data is required to conclude a purchase contract. The data subject has no obligation to provide the data.

    If the data is not provided, you will not be able to use the shopping basket function and will not therefore be able to buy any items from the TÜV SÜD store.

    We only process this data for a short period in order for you to use the shopping basket function. (The cookies to enable the shopping basket function are installed on the user's end device. You can find out more information about the validity period of the installed cookies in the section entitled "Cookies".)

     

    Order processing data

    Data that you submit during the ordering process and which is passed on to the relevant provider to process your order:

    This includes

    • Contact details such as form of address, first and last name, postal address, telephone number, email address;

    • Data relating to the dispatch of the ordered products, such as the invoice, delivery address, billing address, billing postal address;

    • Details of a separate recipient, if applicable;

    • Instructions/notes relating to the order or delivery of the order, such as particular instructions to the delivery company;

    • Any other details relating to the services ordered, such as: the form of address; name and email address of the participants of training courses you have booked; and the participants' date of birth which may be voluntarily provided so a training certificate can be created;

    • Your internal data relating to the order process, such as internal order numbers or cost centres;

    • Data relating to the payment method, such as purchase on account;

    • Data relating to conditions you have accepted, such as the general terms and conditions, and consents you have given, like the provision of the requested service before the end of the cancellation period.

    You can submit, check and edit these details during the ordering process.

    Users of the TÜV SÜD store

    If you are logged into your customer account whilst using the TÜV SÜD store, these details will be autofilled from your customer account if you have saved them. You can edit them during the ordering process.

    Provision of data is required to conclude a contract. The data subject has no obligation to provide the data.

    If the data is not provided, you will not be able to buy any items from the TÜV SÜD store.

    In principle, the data is stored until the customer requests its erasure or until the purpose for which TÜV SÜD needs it has expired (e.g. closure of the TÜV SÜD store); providing that doing so wouldn't infringe any statutory retention periods e.g. tax records. 

    Data that you submit after you have made an order and which is passed on to the relevant provider to process your order:

    This includes requests to cancel the order.

    Users of the TÜV SÜD store

     

    Provision of data is neither legally or contractually required, nor is it needed to conclude a contract. The data subject has no obligation to provide the data.

    If the data is not provided, then we cannot pass the information on to the relevant provider.

    Data about your order status which we receive from the relevant provider and pass on to you:

    This includes details about the status of payment and delivery, and any cancellation requests.

    Relevant provider (the contractual partner chosen by the user)

    -

    Data relating to the status of your order:

    This includes details about the purchased items (product description, product number, quantity, price, currency), order number, total cost, date and time of your order, status updates about your order and information about updates to the terms and conditions that you have accepted, e.g. the provider's general terms and conditions.

    Automatically generated

    -

    Transactional email data

    Data from transactional emails relating to the processing or cancellation of your order (such as order confirmation emails):

    This includes the contents and time of transactional emails.

    Automatically generated

    -

    We store this data as evidence for the assertion, exercise or defence of future legal claims for a transitional period of 3 years from the end of the year in which the relevant transaction was wholly concluded, or until the end of the dispute in the case of a legal dispute.

    We may store data for longer periods where statutory retention periods apply, in particular commercial or tax law (§ 147 German Fiscal Code, § 257 German Commercial Code.

    Product filters and search data

    Data that enables the product filter and search functions in the TÜV SÜD store and data that is assigned to your end device whilst using the product filter functions:

    This includes all search enquiries you submit in the TÜV SÜD store and any product filter options you choose.

    Users of the TÜV SÜD store

    Provision of data is neither legally or contractually required, nor is it needed to conclude a contract. The data subject has no obligation to provide the data.

    If the data is not provided, we cannot enable the product filter and search functions in the TÜV SÜD store.

    We only process this data temporarily while you are using the product filter and search functions.

    2. Details about the personal data being processed

    Purpose of processing the personal data

    Categories of personal data being processed

    Automatic decision-making

    Legal basis and, if applicable, legitimate interest

    Recipient

    Enabling webshop functionality in the TÜV SÜD store:

    HTTP data is temporarily processed by our web server for this purpose.

    HTTP data

    No automatic decision-making is carried out.

     

    Article 6 Paragraph 1 Letter f of the GDPR (Protection of a legitimate interest using a balancing test):

    Enabling the functionality selected by the user in the TÜV SÜD store is in our legitimate interest.

    Hosting-Provider

    To make a customer account available to registered customers of the TÜV SÜD store and enable functionality within the customer account in the TÜV SÜD store:

    This includes enabling login to the customer account and saving customer information for subsequent orders (such as billing address, delivery address, cost centre, customers' order numbers). If the customer is logged in during the ordering process, information is autofilled from the saved customer account data in order to make the ordering process in the TÜV SÜD store as easy as possible for the customer. Details can be edited at any time during the ordering process.

    In addition, there is also a detailed overview in the TÜV SÜD store detailing all the orders made with different (TÜV SÜD) companies. This contains details relating to the order, delivery status and information about the products/services ordered. 

    (For this purpose, certain strictly necessary cookies are temporarily processed by our web server. You can find out more information about the content and purposes of the cookies in the section entitled "Cookies".)

    HTTP data

    Registration data

    Additional customer account data

    Login data

    Order processing data

    No automatic decision-making is carried out.

     

    For users who are our direct contractual partners (platform licensing agreement), in particular private customers:

    Article 6 Paragraph 1 Letter b of the GDPR (Performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering the contract)

    For users who are agents for our contractual partners, in particular employees of legal bodies:

    Article 6 Paragraph 1 Letter f of the GDPR (Protection of a legitimate interest using a balancing test):

    Fulfilment of obligations to our contractual partner arising out of the platform licensing agreement is in our legitimate interest.

    Hosting provider

    To enable our shopping basket function:

    Data relating to the contents of your shopping basket is temporarily processed by our web server.

    For this purpose, certain strictly necessary cookies are temporarily processed by our web server. You can find out more information about the content and purposes of the cookies in the section entitled "Cookies".

    HTTP data

    Shopping basket data

    No automatic decision-making is carried out.

     

    Where the placement of items in the shopping basket relates to a contract concluded with you:

    Article 6 Paragraph 1 Letter b of the GDPR (Performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering the contract)

    Otherwise

    Article 6 Paragraph 1 Letter f of the GDPR (Protection of a legitimate interest using a balancing test):

    Enabling the functionality selected by the user in the TÜV SÜD store is in our legitimate interest.

    Hosting provider

    To enable the product filter and search functions

    This includes the temporary processing of data by our web server that you enter into our product filter and search functions. 

    Product filters and search data

     

    No automatic decision-making is carried out.

    Article 6 Paragraph 1 Letter f of the GDPR (Protection of a legitimate interest using a balancing test):

    Enabling the functionality selected by the user in the TÜV SÜD store is in our legitimate interest.

    Hosting provider

    To accept orders and to transfer information between users and other (TÜV SÜD) companies acting as purchasers and vendors. In particular, the passing on of users' orders to the relevant provider/vendor:

    We receive your order in the TÜV SÜD store and pass the order details on to the relevant provider. The provider is the (TÜV SÜD)  company that is the designated supplier of products/services during the ordering process.

    The relevant provider may contact you with information about the status of your order via the TÜV SÜD store. We will display messages concerning orders in your customer account.

    During ordering, you will be forwarded from the TÜV SÜD store to the payment provider. The payment provider acts as a data processor for the chosen supplier. We are not privy to the information that you submit to the payment provider. However, we will receive a notification from the relevant provider (i.e. the (TÜV SÜD) company acting as the supplier) about your payment so that we can complete the ordering process.

    We will inform you via email about the delivery of an order and any other order notifications.

    If you are logged into your customer account when you make an order, the data and default settings in your customer account will be autofilled. You can edit these details during the ordering process.

    The suppliers process the ordering data to carry out contracts concluded in the TÜV SÜD store, and, if applicable, to carry out credit checks for purchases on account, to administer purchase price claims and to comply with statutory retention periods. You can find out more information about the processing of personal data by these (TÜV SÜD) companies in the privacy policy – which there are links to throughout the ordering process in the TÜV SÜD store.

    (For this purpose, certain strictly necessary cookies are temporarily processed by our web server. You can find out more information about the content and purposes of the cookies in the section entitled "Cookies".)

    HTTP data

    Registration data

    Additional customer account data

    Login data

    Shopping basket data

    Order processing data

    Transactional email data

     

    No automatic decision-making is carried out.

    For users who are our direct contractual partners (platform licensing agreement), in particular private customers:

    Article 6 Paragraph 1 Letter b of the GDPR (Performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering the contract)

    For users who are agents for our contractual partners, in particular employees of legal bodies:

    Article 6 Paragraph 1 Letter f of the GDPR (Protection of a legitimate interest using a balancing test):

    Fulfilment of obligations to our contractual partner arising out of the platform licensing agreement is in our legitimate interest.

    Hosting provider

    Email provider

    For order processing data:

    (TÜV SÜD) companies as suppliers

    (It will be indicated to you during the ordering process which (TÜV SÜD) company is your supplier. (TÜV SÜD)  companies pass certain order processing data on to third parties – e.g. the payment service provider or delivery companies. You can find out more information about the processing of personal data by these (TÜV SÜD) companies in the privacy policy. There are links informing you about this throughout the ordering process in the TÜV SÜD store.)

     

    To retain data as evidence in order to establish, exercise or defend legal claims

    Transactional email data

    No automatic decision-making is carried out.

    Article 6 Paragraph 1 Letter f of the GDPR (Protection of a legitimate interest using a balancing test):

    The assertion, exercising and defence of legal claims is in our legitimate interest.

    Hosting provider

    To retain data in order to comply with legal retention periods (in particular, those arising from commercial and tax law)

    Depending on the file type, statutory retention periods in commercial and tax law can last for 6 or 10 years (§ 147 German Fiscal Code), § 257 German Commercial Code (HGB).

    Transactional email data

    No automatic decision-making is carried out.

    Article 6 paragraph 1 letter c of the GDPR (Compliance with a legal obligation)

    Hosting provider

    To guarantee the security of the IT infrastructure of the TÜV SÜD store – especially for the detection, elimination and secure logging of incidents (e.g. DDoS attacks)

    HTTP data is temporarily stored and evaluated by our web server for this purpose.

    (For this purpose, certain strictly necessary cookies are temporarily processed by our web server. You can find out more information about the content and purposes of the cookies in the section entitled "Cookies".) 

    HTTP data

    Login data

    No automatic decision-making is carried out.

    Article 6 Paragraph 1 Letter f of the GDPR (Protection of a legitimate interest using a balancing test):

    Guaranteeing the security of the IT infrastructure which enables us to provide forms to users, in particular for the detection, elimination and secure documentation of incidents (e.g. DDoS attacks), is in our legitimate interest.

    Hosting provider

    3. Details concerning the recipients of personal data and the transfer of personal data to third countries/international organizations

    Recipient

    Role of the recipient

    Location of the recipient

    Adequacy decision or suitable or appropriate guarantees for transfers to third countries and/or international organizations

    Hosting provider

    (currently: Intershop Communications AG, Intershop Tower, 07740 Jena)

    Data processor

    EU

    -

    Email provider

    (currently: Intershop Communications AG, Intershop Tower, 07740 Jena)

    Data processor

    EU

    -

    (TÜV SÜD) companies as suppliers

    (It will be indicated to you during the ordering process which (TÜV SÜD)  company is your supplier. These (TÜV SÜD) companies pass certain order processing data on to third parties – e.g. the payment service provider (as a data processor) or to delivery companies (as a controller). You can find out more information about the processing of personal data by these (TÜV SÜD) companies in the privacy policy. There are links informing you about this throughout the ordering process in the TÜV SÜD store.)

    Controller

    EU

     

    -

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

    II. Usage of the TÜV SÜD portal, including a central login to the linked portals of other TÜV SÜD companies

    1. Details about the personal data being processed

    Categories of personal data being processed

    Personal data contained in the categories

    Data sources

    Obligation of the data subject to provide data

    Storage duration

    HTTP data

    Protocol data that accrues whilst using the TÜV SÜD portal for technical reasons – (Hypertext Transfer Protocol (Secure) (HTTP(S)):

    This includes the IP address, the type and version of the Internet browser, the user's operating system, the page being accessed, the previous page (referrer URL), date and time of the visit.

    Users of the TÜV SÜD portal

     

    Provision of data is neither legally or contractually required, nor is it needed to conclude a contract. The data subject has no obligation to provide the data.

    If the data is not provided, we cannot display the requested content on the TÜV SÜD portal.

    Data is stored in server log files in a form that enables identification of the data subject for a maximum of 7 days, unless there is a security-related incident (e.g. a DDoS attack). 

    If there is a security-related incident, server log files are stored until the incident has been eliminated and resolved in full.

    Registration data

    (Section I.1 for more detailed information about these data categories.)

    (Section I.1 for more detailed information about these data categories.)

    (Section I.1 for more detailed information about these data categories.)

     

    (Section I.1 for more detailed information about these data categories.)

    Login data

    Data that you provide whilst logging into the TÜV SÜD portal, and data that is assigned to your end device when you log into the TÜV SÜD portal or one of the linked portals:

    This includes your email address and password, as well as submission of personal data that is contained in the relevant cookies.

    We install strictly necessary cookies to enable you to log in. You can find out more information about the installed cookies in the section entitled "Cookies".

    Users of the TÜV SÜD portal

    Provision of data is neither legally or contractually required, nor is it needed to conclude a contract. The data subject has no obligation to provide the data.

    If the data is not provided, we cannot enable you to log in to the TÜV SÜD portal or any of the linked portals.

    We process this data temporarily, for as long as you are logged into the TÜV SÜD portal or one of the linked portals.

    (The cookies for the login function are installed on the user's end device. You can find out more information about the validity period of the installed cookies in the section entitled "Cookies".)

    Right of access data

    Information about which of the linked portals you can access.

    Providers of the linked portals

    -

    We store the right of access data until the provider of the linked portal informs us that your access has expired or that your platform licence agreement has ended.

    We store this data as evidence for the assertion, exercise or defence of future legal claims, followed by a transitional period of 3 years from the end of the year in which your access authorization (e.g. after your platform licence agreement has ended) has expired, or until the end of the dispute in the case of a legal dispute.

    2. Details about the personal data being processed

    Purpose of processing the personal data

    Categories of personal data being processed

    Automatic decision-making

    Legal basis and, if applicable, legitimate interest

    Recipient

    Enabling portal functionality in the TÜV SÜD portal:

    HTTP data is temporarily processed by our web server for this purpose.

    HTTP data

    No automatic decision-making is carried out.

     

    Article 6 Paragraph 1 Letter f of the GDPR (Protection of a legitimate interest using a balancing test):

    Enabling the functionality selected by the user in the TÜV SÜD portal is in our legitimate interest.

    Hosting provider

    To make a customer account available to registered customers of the TÜV SÜD portal and enable functionality within the customer account in the TÜV SÜD portal:

    This includes enabling customer account login and allows data entered by the customer in the customer account (such as addresses, contact details, settings) to be stored. It also enables an overview of all the information in the linked portals of other (TÜV SÜD) companies to be shown in the TÜV SÜD portal. 

    HTTP data

    Registrierungsdaten

    Ergänzende-Kundenkonto-Daten

    Login-Daten

    Bestellabwicklungsdaten

    No automatic decision-making is carried out.

     

    For users who are our direct contractual partners (platform licensing agreement), in particular private customers:

    Article 6 Paragraph 1 Letter b of the GDPR (Performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering the contract)

    For users who are agents for our contractual partners, in particular employees of legal bodies:

    Article 6 Paragraph 1 Letter f of the GDPR (Protection of a legitimate interest using a balancing test):

    Fulfilment of obligations to our contractual partner arising out of the platform licensing agreement is in our legitimate interest.

    Hosting provider

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

    3. Details concerning the recipients of personal data and the transfer of personal data to third countries/international organizations

    Recipient

    Role of the recipient

    Location of the recipient

    Adequacy decision or suitable or appropriate guarantees for transfers to third countries and/or international organizations

    Intershop Communications AG
    Intershop Tower
    07740 Jena

    Data processor: Intershop Storefront with the 'Commerce-as-a-service' model

    EU

    -

    TÜV SÜD Business Services GmbH
    Westendstraße 199
    80686 München / Munich

    Data processor for accounts and user identities: Liferay

    EU

    -

    Nordcloud Deutschland GmbH
    Theresienhöhe 28
    80339 München

    Managed Service MS Azure

    EU

    -

    EVOLIT Consulting GmbH
    Marxergasse 1B/Top 6
    1030 Wien, Österreich

    2nd level Portal operation for Liferay

    EU

     

    -

     

     

     

     

     

     

     

     

     

     

     

     

  • DETAILS - THIRD PARTY DATA

    I. Processing of personal data during the ordering process at the TÜV SÜD Store (e.g. for participants of booked training courses)

    1. Details about the personal data being processed

    Categories of personal data being processed

    Personal data contained in the categories

    Data sources

    Obligation of the data subject to provide data

    Storage duration

    Registration data

    Additional customer account data

    Shopping basket data

    Order processing data

    Transactional email data

    (Section "Third-party data" detailed information about these data categories.)

    The data is for the most part assigned to the user carrying out the order.

    However, the data may also contain information relating to third parties depending on what the user is doing. For example, the user might nominate you as the invoice recipient or name you as a participant in one of the training courses that he/she has booked.

    Users of the TÜV SÜD store

     

    -

    (Section "Third-party data" for more detailed information about these data categories.)

    2. Details about the personal data being processed

    Purpose of processing the personal data

    Categories of personal data being processed

    Automated decision-making

    Legal basis and, where applicable, legitimate interest

    Recipient

    To enable the functionality of customer accounts in the TÜV SÜD store:

    For more information, refer to Section "Third-party data".

    You are affected as a third party in this case if one of our users names you as the invoice recipient (if they specify a different billing address) or as the contact person for any accounting queries.

    Our users are informed during the ordering process – and as part of the terms of usage for our platform – of their obligation to inform you that your third-party data will be processed, and direct you to this privacy policy. 

    Registration data

    Additional customer account data

    No automated decision-making is carried out.

     

    Article 6 Paragraph 1 Letter f of the GDPR (Protection of a legitimate interest using a balancing test):

    It is in our legitimate interest to fulfil the contract between us and the user on the terms of usage of our platform.

    Hosting provider

    To accept orders and to transfer information between users and other (TÜV SÜD) companies acting as purchasers and vendors. In particular, the passing on of users' orders to the relevant provider/vendor:

    For more information, refer to Section "Third-party data".

    You are affected as a third party if one of our users mentions you in relation to the billing address, specifies you as the invoice recipient or contact person for accounting enquiries, or names you as participant whilst they are booking a course.

    Our users are informed during the ordering process and as part of the terms of usage for our platform that they are obliged to inform you that your data will be processed as a third party and direct you to this privacy policy. 

    Registration data

    Additional customer account data

    Shopping basket data

    Order processing data

    Transactional email data

    No automated decision-making is carried out.

     

    Article 6 Paragraph 1 Letter f of the GDPR (Protection of a legitimate interest using a balancing test):

    It is in our legitimate interest to fulfil the contract between us and the user on the terms of usage of our platform.

    Hosting provider

    Email provider

    For order processing data:

    (TÜV SÜD) companies as suppliers

    (It will be indicated to our users during the ordering process which (TÜV SÜD) company is your supplier. (TÜV SÜD) companies pass certain order processing data on to third parties – e.g. the payment service provider or delivery companies. You can find out more information about the processing of personal data by these (TÜV SÜD) companies in the privacy policy. There are links informing you about this throughout the ordering process in the TÜV SÜD store.)

    To retain data as evidence in order to establish, exercise or defend legal claims

    For more, refer to Section "Third-party data".

    You are affected as a third party in this case if one of our users provides your personal data in their customer account or to make an order (see above).

    Order processing data

    Transactional email data

    No automated decision-making is carried out.

     

    Article 6 Paragraph 1 Letter f of the GDPR (Protection of a legitimate interest using a balancing test):

    The assertion, exercising and defence of legal claims is in our legitimate interest.

     

    Hosting-Provider

    To retain data in order to comply with legal retention periods (in particular, those arising from commercial and tax law) 

    For more, refer to section "Third-party data".

    You are affected as a third party in this case if one of our users submits your personal data in their customer account or to make an order (see above).

    Order processing data

    Transactional email data

    No automated decision-making is carried out.

    Article 6 Paragraph 1 Letter c of the GDPR (Compliance with a legal obligation)

    Hosting provider

    3. Details concerning the recipients of personal data and the transfer of personal data to third countries/international organizations

    Recipient

    Role of the recipient

    Location of the recipient

    Adequacy decision or suitable or appropriate guarantees for transfers to third countries and/or international organizations

    Hosting provider:

     

    Intershop Communications AG

    Intershop Tower

    07740 Jena

    Data processor: Intershop Storefront with the "commerce-as-a-service" model

    EU

    -

    Email provider:

    TÜV SÜD Business Services GmbH

    Westendstraße 199

    80686 München / Munich

    Data processors

    EU

    -

    (TÜV SÜD) companies as suppliers

    (It will be indicated to our users during the ordering process which (TÜV SÜD) company is your supplier. These (TÜV SÜD) companies pass certain order processing data on to third parties – e.g. the payment service provider (as a data processor) or to delivery companies (as a controller). You can find out more information about the processing of personal data by these (TÜV SÜD) companies in the privacy policy. There are links informing you about this throughout the ordering process in the TÜV SÜD store.)

    Controller

    EU

     

    -

     

     

     

     

     

     

     

     

     

     

     

  • DETAILS - WEBANALYTICS

    1. Details about the personal data being processed

    Categories of personal data being processed

    Personal data contained in the categories

    Data sources

    Obligation of the data subject to provide data

    Storage duration

    Google Analytics HTTP data

    Protocol data that accrues for technical reasons (Hypertext Transfer Protocol (Secure) (HTTP(S)) whilst the web analytics service Google Analytics is being used:

    This includes the IP address, the type and version of the Internet browser, the user's operating system, the page being accessed, the previous page (referrer URL), date and time of the visit.

    Website users

     

    Provision of data is neither legally nor contractually required, nor is it needed to conclude a contract. The data subject has no obligation to provide the data.

    If you do not allow us to use the data, we are unable to carry out web analytics using Google Analytics.

    A process known as IP anonymization is used on this website when the web analytics tool is being deployed. This means that when your browser sends the IP address – which is necessary for the site to function – the IP address is truncated (by deleting the last octet of the IP address) before being saved and therefore anonymized. The anonymized data is saved for a duration of 50 months and is then automatically deleted.

    Google Analytics end device data

    Data that is assigned to your device by the web analytics tool Google Analytics:

    This includes a unique ID that is used to (re-)identify returning users.

    (We install cookies for the web analytics tool Google Analytics. You can find out more information about the installed cookies in the section entitled "COOKIES".)

    Website users

    Provision of data is neither legally or contractually required, nor is it needed to conclude a contract. The data subject has no obligation to provide the data.

    If you do not provide the data, we are unable to carry out web analytics using Google Analytics.

    We only process this data temporarily for the duration of the website visit.

    (The cookies for the web analytics tool Google Analytics are installed on the user's end device. You can find out more information about the validity period of the installed cookies in the section entitled "COOKIES".)

    Google Analytics profile data

    Data that is generated by the web analytics tool Google Analytics and stored in pseudonymized user profiles:

    This includes information about how the website is used, in particular page visits, frequency of visit and duration of visit on the various web pages. This data is matched with the unique user ID of each user which is assigned to users' end devices by Google Analytics.

    Automatically generated - Data that is generated by the web analytics tool Google Analytics and stored in pseudonymized user profiles is automatically deleted after a maximum of 50 months. Data relating to users' age, sex and categories of interest are automatically deleted after 2 months.

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

    2. Details about the personal data being processed

    Purpose of processing the personal data

    Categories of personal data being processed

    Automated decision-making

    Legal basis and, where applicable, legitimate interest

    Recipient

    Website optimization and better attainment of website objectives (e.g. increasing page views)

    For this purpose, user behaviour on our website is recorded and analyzed in a pseudonymized form. Website users are pseudonymized so that they may be recognized whilst on the website. The browsing information is used to create pseudoymized user profiles. The pseudonymized user profiles are not combined with data that identifies the person to whom the pseudonym has been given.

    The aim is to analyse where users are coming from, what parts of the website they visit, and how frequently they visit sub-pages and sub-categories, and the duration of their visit.

    We use Google Analytics, Google's web analytics tool, for this purpose. 

    (For this purpose, cookies are also temporarily processed by our web server. You can find out more information about the content and purposes of the cookies in the section entitled "COOKIES".)

    Google Analytics HTTP data

    Google Analytics end device data

    Google Analytics profile data

    No automated decision-making is carried out.

     

    Article 6 paragraph 1 letter a of the GDPR (Consent)

    Google

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

    3. Details concerning the recipients of personal data and the transfer of personal data to third countries/international organizations

    Recipient

    Role of the recipient

    Location of the Recipient

    Adequacy decision or suitable or appropriate guarantees for transfers to third countries and/or international organizations

    Google:

    Google LLC
    1600 Amphitheatre Parkway Mountain View
    CA 94043
    USA

    Data processors

    USA

    Google is certified by the EU-US Privacy Shield:
    https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

    There has been a decision on the adequacy of the EU-US Data Privacy Shield by the Commission:
    http://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32016D1250.


     

     

     

     

     

     

     

     

Získajte viac

Vybrať lokalitu

Global

Americas

Asia

Europe

Middle East and Africa