Data protection statement for data use
Data protection statement for data use
Data protection is a matter of trust and your trust is important to us. We respect your privacy and personal sphere. The protection and legally compliant collection, processing and use of your personal data is therefore an important concern for us. We want you to feel safe when visiting our website. We therefore strictly observe the legal provisions when processing your personal data and would like to inform you herewith about our process of data collection and data use.
We commit ourselves to comply with the EU General Data Protection Regulation (GDPR) as well as the national applicable data protection laws. For us, data protection is anissue with high priority and we only work with partners who can also demonstrate an appropriate level of data protection in their processing frameworks.
We only process your data if you have given us your express consent to do so, if this is for the purpose of a contract or pre-contractual measures on a service basis or if the relevant laws permit, respectively oblige us to process data.
The following data protection information covers both, the currently applicable national legal framework as well as the requirements of the GDPR applicable throughout Europe as of 25 May 2018. References to legal provisions of the GDPR are binding as of 25 May 2018. Under no circumstances we will sell your data or pass it on to unauthorized third parties. We will be happy to provide you with detailed information below on how your data is handled in our company’s divisions.
You can print or save the contents of this declaration by using the usual functionality of your browser. The following data protection declaration explains which data is collected on our website and how we process and use the respective data.
Name and address of the Responsible Person
Responsible Person within the meaning of the GDPR and other national data protection laws of the member states as well as other data protection regulations is:
Represented by Dr. Wolf Cornelius, Dr. Markus Weiler and Alexander Wisse
Data protection officer:
TÜV Informationstechnik GmbH
IT Security, Business Security & Privacy
Fachstelle für Datenschutz (Special Unit for data protection)
Am TÜV 1
Tel: +49 201 – 8999-899-643
Telefax: +49 201 – 8999-666
Details regarding our data processing activities
I.General information on data processing
II. Provision of the website and creation of log files
IV. Contact form and e-mail contact
V. Disclosure of your data to third parties
VI. Your rights
VII. Other information
I. GENERAL INFORMATION ON DATA PROCESSING
1. Scope of the processing of personal data
As a matter of principle, we collect and use personal data of our users only to the extent that this is necessary for the provision of a functional website as well as for our content and services. The collection and use of our users’ personal data regularly only takes place with the consent of the user. An exception applies in those cases in which it is not possible to obtain prior consent due to factual reasons and in which the processing of the data is permitted pursuant to legal regulations.
2. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, art. 6 para. 1 lit. a GDPR serves as the legal basis for the processing of personal data.
When processing personal data that is necessary for the performance of a contract to which the data subject is a contractual party, article 6, para.1, lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
In the event that essential interests of the data subject or another natural person require the processing of personal data, art. 6 para. 1 lit. d GDPR serves as the legal basis.
If the processing is necessary to protect a legitimate interest of our company or of a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the aforementioned interest , art. 6, para.1 lit. f GDPR serves as the legal basis for the processing.
3. Data deletion and storage period
The personal data of the data subject shall be deleted or blocked as soon as the purpose of storage ceases to apply. In addition, storage may take place if this is required by European or national regulations, laws or other provisions to which the Responsible Person is subject. A blocking or deletion of the data also takes place if a storage period prescribed by the aforementioned norms expires, unless the further storage of the data is necessary for the conclusion or performance of a contract.
II. PROVISON OF THE WEBSITE AND CREATION OF LOGFILES
1. Description and extent of the data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer.
The following data is collected:
- Information about the type of browser and the version used
- Information on the user’s operating system
- Information on the user’s internet service provider
- The user’s IP address
- Date and time of access
- Websites from which the user’s system accesses our website
- Websites that are accessed by the user’s system via our website
The log files contain IP addresses or other data that allow an allocation to an user. This could be the case, for example, if the link to the website from which the user accesses the website or the link to the website to which the user switches contains personal data.
This data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
2. Legal basis for processing data
Legal basis for the temporary data storage and the log files is art. 6 para. 1 lit. f GDPR.
3. Purpose of data processing
The temporary storage of the IP address by the system is necessary in order to enable delivery of the website to the user’s computer. For this purpose, the IP address of the user must remain stored for the duration of the session. The storage in log files is done, to ensure the functionality of the website. In addition, the data enables us to optimize the website and to ensure the security of our information technology systems. These purposes are our legitimate interest in data processing according to art. 6 para. 1 lit. f GDPR. The data is not evaluated for marketing purposes in this context.
4. Duration of storage
The data is deleted as soon as it is no longer required for the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is applicable, when the respective session has ended.
In the case data is stored in log files, this is the case after 31 days at the latest. After expiry of this period,
the data will automatically be deleted. Storage of data beyond this period is only possible, if we are obliged due to legal reasons (according to the law), to pass on individual log entries to the responsible investigating authorities.
The collection of data for the provision of the website and the storage of the data in log files is necessary for the operation of the website. Consequently, there is no possibility for the user to object.
1. Description and extent of data processing
- Search terms entered
- Frequency of page visits
- Use of website functionalities
The user data collected in this way is pseudomnized by technical precautions. Therefore, it is no longer possible to allocate the data to the calling user. The data is not stored together with other personal data of the users.
2. How can you avoid the storage of cookies?
Depending on the used browser you can adapt the setting, that a storage of cookies is only accepted in case of your consent. If you only want to accept our cookies, but not the cookies of our service provider or our partners, you can choose in your browser “block third-party cookies”. As a rule, you will be shown how to reject new cookies and disable cookies you have already received in the menu bar of your web browser via the help function. We recommend that, in the case of shared computers that are set to accept cookies and Flash cookies, you should always log off completely after termination.
3. Legal basis for the processing of data
Legal basis for the processing of personal data when using cookies is art. 6, para. 1 lit. f GDPR.
4. Purpose of data processing
The use of these analyze cookies is conducted for the purpose to optimize the quality and the content of our website. The analyze cookies give us information on who has visited the site; this information enables us to continuously optimize our offer.
We need cookies for the following applications:
a) Google Maps
On our website we use Google Maps. Google has several cookies on every site that contains Google Map. Even though we cannot control the cookies used by Google, such cookies seem to contain a mixture of information in order to evaluate the number and behavior of Google Maps users.
Name of the cookies:
SID, SAPISID, APISID, SSID, HSID, NID, PREF
Data which needs to be stored:
Several clear identity factors which exception of PREF, which stores the options and the preferred zoom-level.
Duration of storage:
Most of the cookies expire 10 years after your last visit on a site using Google Map.
b) Content Management System
The cookies store and transmit the following data:
Name of the Cookies:
Data, that has to be stored:
A clear session ID.
Duration of the storage:
The user data collected through technically necessary cookies are not used to create user profiles.
c) Google Analytics
The use of analyze-cookies has the purpose to improve the quality of our website and its contents. Via analyze cookies we learn how the website is used. This way, we can continuously optimize our offer. This purpose is also our justified interest for processing personal data pursuant to art. 6, para. 1 lit. f GDPR.
Our website uses the tracking pixel technologie of wiredminds GmbH
(wiredminds.de) in order to analyze the site visiter’s behavior.
Within this use data might be collected, processed and stored. Based on this data (under a pseudonym) a user profile will be established. Where necessary and possible, such user profiles will be anonymised. This can be done by using cookies. Cookies are small text files that are stored in the user’s internet browser in order to facilitate recognition. The collected data, which might also contain personal data, will be transmitted to wiredminds or are directly pulled by wiredminds. Wiredminds is allowed to use such information in order to establish anonym user profiles. The data so retrieved will not be used without the express consent of the data subject for identifying the visitor’s identity and will not mixed with personal data of the synonym. As far as IP addresses are collected, the same will be anonymised immediately by deletion of the last numbers.
5. Duration of storage, objection and options to eliminate
IV. CONTACT FORM E-MAIL-CONTACT
1. Description and extent of data processing
Our website contains the option to contact us via e-mail. In this case, the transmitted personal data of the user will be stored.
In this context, no data will be transmitted to any third party. The data will only be used for the purpose of the conversation.
2. Legal basis for data processing
Legal basis for processing data on basis of the user’s consent is art. 6, para. 1 lit. a GDPR.
Legal basis for processing data which is collected by receiving/sending an e-mail is art. 6, para. 1 lit. f GDPR. If the purpose of the e-mail contact is the conclusion of a contract, an additional legal basis is art. 6, para. 1 lit. b GDPR.
3. Purpose of data processing
The processing of personal data arising out of an e-mail contact solely serves us for the contact. In case of contact via e-mail, this constitutes the specific interest in processing data.
4. Duration of storage
The data will be deleted, as soon as the same is not further required for achieving its purpose. Regarding personal data achieved by e-mail this is the case when the conversation with the user has ended. A conversation has ended when it seems that the objective case has finally been concluded.
5. Objection and option to eliminate
The user can at any time withdraw its consent to processing the personal data. When the user gets in contact with us, the user can object the storage of its personal contact. In such case, the conversation can not be continued. All personal data retrieved in this context will then be deleted.
V. DISCLOSURE TO THIRD PARTIES
In order to design our website as comfortable as possible for you, we use service provider for specific services. Hereafter, you will find an overview of such service provider and the respective services, so that you are also enabled to claim your rights towards such third parties.
1. Google Analytics
3. Google Maps
1. Google Analytics
Google Analytics is a service of Google Inc., 1600 Amphitheatre Parkway, Mountain
You can also prevent the collection of the data generated by the cookie and related to your use of this website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link.
You can find more information on Google Analytics and data protection at tools.google.com/dlpage/gaoptout .
This website uses the online-marketing-program „Google AdWords“ and within this frame the conversion tracking. The cookie for conversion tracking is placed, when a user clicks on an advertisement placed by Google. Such cookies expire after 30 days and do not serve for the purpose of identification. When the cookie has not yet expired and the user visits specific sites of this website, we and also Google can track that the user has clicked on the advertisement and has been forwarded to this site. Each Google AdWords customer receives another cookie. This way, cookies cannot be tracked by the websites of an AdWords customer. Information received by conversion cookies only serve for the purpose to establish statistics for AdWords customers, which have decided for conversion tracking. These customers learn the number of user, who have clicked on the advertisement and who have been forwarded to a site linked with conversion tracking. User who do not want to participate in the tracking, can deactivate the conversion tracking in their internet browser. Such user will not be included in the statistics of conversion tracking. Please learn more about the Google data policy under https://policies.google.com/privacy.
3. Google Maps
You can find further details, transparency and choices under https://privacy.google.com/intl/de/index.html#
Our website uses plugins of the website of YouTube. Operator of these sites is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit one of our sites including a YouTube plugin, a connection will be established to the server of YouTube. In this context the YouTube server learns, which of our sites you have visited. If you are logged in your YouTube account, you enable YouTube to analyze your surfing-behavior. You can prevent this by logging out of your YouTube account. You can find further details of the handling of user data by YouTube by https://www.youtube.com/intl/ALL_de/howyoutubeworks/our-commitments/protecting-user-data/
VI. MICROSOFT TEAMS
If you participate in an online meeting as an external participant, you will receive an access link by e-mail from the meeting host. When registering for the online meeting, you must enter your name and, if applicable, your e-mail address.
If you do not wish to exchange data with us via Microsoft Teams in accordance with Art. 9 of the GDPR, we ask you to black out this data in advance or otherwise make it unrecognizable.
Microsoft Teams is a service of the Microsoft Corporation. For more information on how your data is processed when using “Teams”, please visit: https://privacy.microsoft.com/de-de/privacystatement and https://news.microsoft.com/de-de/datenschutz-und-sicherheit-in-microsoft-teams-nutzer.
Purposes of data processing/legal basis
We use the tool “Microsoft Teams” to conduct online meetings, video conferences and/or webinars and, if necessary, also to exchange documents with the participants.
The legal basis for the processing of data relating to contact persons at external offices is Art. 6 para. 1 lit. f) GDPR. Our interest lies in improved organization and communication with our contact persons as well as the reduction of previously used tools. If our contact person is a direct contractual partner and a natural person, the legal basis is Art. 6 (1) (b) GDPR.
If special categories of personal data within the meaning of Art. 9 (1) of the GDPR are processed, e.g. within documents provided, the legal basis is Art. 9 (2) (a) of the GDPR. You expressly give your consent to this.
Furthermore, in accordance with Art. 49 (1) (a) GDPR, you expressly consent to the fact that under certain circumstances data may also be transferred to locations outside the EU/EEA where there is no adequate level of data protection within the meaning of the GDPR. You are aware of the risks associated with this, such as the lack of enforcement of data subject rights and possible access by state authorities.
You can revoke these consents at any time with effect for the future. In the event of revocation, the documents will be deleted from Microsoft Teams.
Personal data processed in connection with the filing of documents in Microsoft Teams will not be disclosed to third parties unless it is intended for disclosure. Please note that content from the stored documents as well as from personal meetings is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on. Other recipients: The provider of “Microsoft Teams” necessarily receives knowledge of the above-mentioned data, insofar as this is provided for in the context of our order processing agreement with “Microsoft Teams”.
Data processing outside of the European Union
Data processing outside the European Union (EU) does not take place as a matter of principle as we have restricted our storage location to data centres in the European Union. However, we cannot exclude the possibility that data is routed via internet servers located outside the EU or EEA. In some countries, there is a risk that authorities may access the data for security and surveillance purposes without informing you or allowing you to seek redress. We have agreed standard EU contractual clauses with the provider of “Microsoft Teams”.
You are not obliged to communicate with us via Microsoft Teams. If you prefer, our communication can take place by other means, e.g. via e-mail or telephone.
Storage duration/Criteria for determining storage duration
We generally delete personal data when there is no need for further storage. A requirement may exist in particular if the data is still needed to fulfil contractual services, to check and grant or defend against warranty and, if applicable, guarantee claims. In the case of statutory retention obligations, deletion is only considered after expiry of the respective retention obligation.
VII. YOUR RIGHTS
Pursuant to art. 15 GDPR in connection with § 34 German Federal Data Protection Act (BDSG) you have the right to receive information of our data stored by us as well as pursuant to § 35 BDSG the right of deletion/blocking unauthorized data, respectively the right of correction of false data.
Upon your request, we will inform you in writing which of your personal data we have stored. As far as possible, we will conduct appropriate measures to adapt or correct your data. Please direct all requests for information or objections to data processing per e-mail (including your complete address) to our Responsible Person for data protection. If your personal data is processed, you are a data subject and have the following rights:
1. Right to information
You can request a confirmation from our data protection officer contact if your personal data has been processed by us. In case of such data processing, you can further request the following:
- Purpose for the processing of personal data;
- Categories of personal data processed;
- Recipient/categories of recipients towards which your personal data has been disclosed/are disclosed;
- Planned duration of storage of such personal data or, in case specific information is not possible, criteria for the determination of the storage period;
- Existence of the right of correction/deletion of your personal data, right of limiting the data processing, right of objecting the data processing;
- Existence of the right of complaint towards the authorities;
- All available information regarding origin of the data, when the personal data was not received from you;
- Existence of an automatic decision process including profiling pursuant to art. 22, para. 1 and 4 GDPR and – at least in this cases – information on the involved logic as well as extent and the envisaged impact of such processing for the respective person.
You have the right to request information, if your personal data has been transferred to a third-party-country or an international organization. In this context, you can require to be informed of the appropriate guarantees pursuant to art. 46 GDPR.
2. Right to correction
You have a right to correction and/or completion vis-à-vis the data controller, if the personal data processed and concerning you is inaccurate or incomplete. The controller shall carry out the rectification without undue delay.
3. Right to restrict processing
You may request the restriction of the processing of personal data relating to you under the following conditions:
- if you contest the accuracy of the personal data concerning you for a period of time which enables the controller to verify the accuracy of the personal data;
- if the processing is unlawful and you reject the deletion of the personal data and instead request the restriction of the use of personal data;
- if the data controller does no longer need the personal data for the purpose of processing, whereas you need the same for enforcing, exercising or defending of your legal remedies; or
- if you have filed an objection against the processing pursuant to art. 21, para. 1 GDPR and it has not yet been determined, whether the legitimate reasons of the data controller outweigh your reasons.
Where the processing of personal data relating to you has been restricted, those data may be processed, with the exception of their storage only with (i) your consent, (ii) for the establishment, exercise or defense of legal claims, (iii) for the protection of the rights of another natural or legal person or (iv) for reasons of substantial public interest of the Union or of a Member State.
If the restriction of processing has been limited in accordance with the above-mentioned conditions, you will be informed by the data controller before the restriction is lifted.
4. Right to deletion
a) Obligation to deletion
You may request the data controller to delete the personal data concerning you without undue delay, and the controller is obliged to delete this data immediately, if one of the following reasons applies:
- The personal data concerning you is no longer necessary for the purpose for which the data was collected and/or processed.
- You withdraw your consent, on which the processing pursuant to art. 6, para. 1 lit. a
or art. 9, para. 2 lit. a GDPR was based, and there is no further legal basis for the processing
- You file an objection against the processing pursuant to art. 21, para. 1 GDPR and there are no legal reasons for the processing or you file an objection pursuant to art. 21, para. 2 GDPR.
- The personal data concerning you has not lawfully been processed.
- The deletion of the personal data concerning you is necessary in order to comply with a legal obligation pursuant to the EU right or the right of the member state, which is applicable for the data controller.
- The personal data concerning you has been collected with respect to offered services of the information cooperation pursuant to art. 8, para. 1 GDPR.
b) Information to third parties
If the controller has published the personal data concerning you and is obliged to delete the same pursuant to art. 17, para. 1 GDPR, he shall take appropriate measures, including available technology, in order to inform the other data controller that you, as the concerned person, have requested the deletion of all links to the personal data or copies of the personal data.
The right to deletion does not exist in cases where the processing is necessary:
- to exercise the right to freedom of speech and information;
- to fulfill a legal obligation, which requires the processing pursuant to the law of the EU or another member state applicable to the data controller, or which is in the public interest or is carried out in the exercise of official authority;
- due to reasons of the public interest concerning public health pursuant to art. 9, para. 2 lit. h and i as well as art. 9, para. 3 GDPR;
- for archiving, scientific, historical research or statistic purposes which are in the public interest pursuant to art. 89, para. 1 GDPR, to the extent the right defined under provision a)makes impossible the realization of these goals of processing or substantially affects the same, or
- for enforcing, exercising or defending legal remedies.
5. Right to be informed
Have you exercised the right to correction, deletion of restriction towards the data controller, the same is obliged to inform all recipients of these personal data of the correction, deletion or restriction of the personal data, unless this is not possible or only possible with unreasonable efforts. You have the right towards the data controller to be informed of all the respective recipients.
6. Right to data portability
You have the right, to receive the personal data concerning you, which you have provided to the data controller, in a typical and machine-readable format.
Furthermore, you have the right to forward these data to another data controller without being prevented to do so by the data controller, which has already received your data, unless
(a) the processing is based on a consent pursuant to art. 6, para. 1 lit. a GDPR or art. 9, para. 2 lit. a
GDPR or on a contract pursuant to art. 6, para. 1 lit. b GDPR and
(b) the processing is conducted with the help of automated processes.
In exercising this right, you also have the right to obtain that the personal data concerning you is transferred directly from one data controller to another, if this is technically possible.
The right to data portability shall not apply to processing of personal data, which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right of objection
You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data, which is carried out on basis of art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions.
The controller does not further process the personal data relating to you, unless he is able to present mandatory reasons for the processing, which outweigh your interests and rights.
If personal data relating to you is processed, you have the right to object the processing at every time for such marketing purposes; this also applies to profiling to the extent it is connected to the direct marketing.
You have the option, in connection with the use of services of information companies, irrespective of the regulation 2002/58/EG, to exercise your right to object via automated processes which use technical specifications.
8. Right against automated processing in individual cases
You have the right, not to be a subject to a decision solely derived from an automated processing – including profiling – which has legal effects on you or affects you in a similar manner. This does not apply if the decision necessary for the conclusion or fulfillment of a contract between you and us is lawful as well as mandatory, based on legal requirements of the Union member states, and if these regulations contain measures to ensure your rights as well as your rightful interests. This does also not apply if you have given your express consent.
With respect to the afore-mentioned cases, the controller undertakes measures in order to preserve your rights and lawful interests, including at least the right of obtaining support of a person of our company to demonstrate the case and the right to challenge the decision.
9. Right to complain to the supervisory authority
Without prejudice to a right to complain to the supervisory authority, or other legal remedies you have the right to complain to the supervisory authority, in particular in the state of your residence, your workplace or the place of the presumed violation, if you are of the opinion the processing of your personal data is not in compliance with the GDPR. You will find the name and the contact details of the respective supervisory authorities in the European Union under
The supervisory authority, which receives the complaint informs the complainant of the status and results of its complaint, including the options for legal remedies pursuant to art. 78 GDPR.
Responsible for our company is the following data protection authority:
Landesbeauftragte für Datenschutz und Informationsfreiheit
Postfach 20 04 44
VIII. FURTHER INFORMATION
To the extent parts of our website are presented in other languages than German, this is solely a service for our customer that are not proficient in the German language. In any case, the German version prevails.
Version of our data protection statement: Version 1.0 – December 2021