General information

Thank you for visiting our website and for your interest in the TÜV Association (TÜV-Verband e. V.). In the following, we would like to inform you of the handling of your data pursuant to Art. 13 of the EU’s General Data Protection Regulation (GDPR).

1. Responsible party

The TÜV Association is responsible for the data processing described below in accordance with the data protection regulations.
If you would like us to contact you, email your request to berlin@tuev-verband.de.

2. Server log files

When you visit our website, our web server stores standardised information about your device and the browser you use in a log file. We process this data to be able to analyse errors in our server and attempts at misuse. Specifically, the following information is collected:

  • name of the website accessed
  • date and time of access
  • amount of data transferred
  • notification of successful access
  • IP address of the accessing computer
  • specific address of the page accessed on our website
  • browser type and version
  • operating system used
  • where applicable, referrer URL

We are unable to use this data to identify you and the log data is only evaluated anonymously. Log data is usually deleted immediately, but at the latest after four days. The legal basis for this data processing is our legitimate interest in the sense of Art. 6 (1) (f) GDPR.

3. SSL and TLS encryption

This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. enquiries to the controller). You can recognise an encrypted connection by the “https://” character string and the lock symbol in the browser line.

4. Cookies

Our website uses cookies, which are small text files that websites use to simplify and speed up the management of your visit or that are necessary to enable you to use and access secure areas of the website.

A distinction is made between “first-party” and “third-party” cookies, depending on the cookie’s provenance:

  • First-party cookies: These cookies are generated and stored locally by the website operator in their capacity as the controller or by a processor commissioned by them. Only the website operator can access these cookies.
  • Third-party cookies: These cookies are generated, set and retrieved by third-party providers not acting as the controller on behalf of the website operator.

Depending on the cookies’ lifetime, a distinction can moreover be made between temporary and persistent cookies.

  • Temporary cookies: These cookies are deleted automatically when you close your browser. In particular, these include session cookies.
  • Persistent cookies: These cookies remain stored on your device for a specified period of time after you close your browser.

Depending on the cookies’ properties and purpose, the website user’s consent may be required for certain cookies. Cookies can thus be differentiated between according to whether or not the website user’s consent is required for their use.

  • Cookies not requiring consent: These cookies are absolutely essential for the website operator to provide the service explicitly requested by the participant or website user (“strictly necessary cookies”).
  • Cookies requiring consent: These cookies are used for all purposes other than those mentioned above.

We only use such cookies if you have given your prior consent. As a rule, Art. 6 (1) (f) GDPR forms the legal basis for the processing of personal data. When you access our website, we display a cookie banner in which you can confirm your consent to the use of cookies on the website by clicking on a button.

We use strictly necessary cookies that are absolutely essential pursuant to Art. 6 1(f) GDPR, whereby our legitimate interest lies in ensuring the functionality of our website. You cannot deactivate these cookies via the website’s cookie banner. However, you are able to manage and deactivate the general cookie settings in your browser at any time.

This website uses different types of cookies:

Strictly necessary cookies

These cookies are set automatically when the website is accessed or a specific function is activated, unless you have adjusted your browser settings to prevent cookies from being set.

Name

Provider

Purpose

Lifetime

fe_typo_user

TYPO3

Identifies a session ID when logging in to the TYPO3 frontend.

Browser session

be_typo_user

TYPO3

Identifies a backend session when a backend user logs into the TYPO3 backend or frontend.

Browser session

Typo3InstallTool

TYPO3

Validates a session for the system maintenance area / “Install Tool”.

be_lastLoginProvider

TYPO3

Stores information about the last login provider when logging into the TYPO3 backend.

90 days

_Zopeld

Shop.tuev-verband.de

Manages the session in the shop area.

Browser session

serverid

Shop.tuev-verband.de

Enables sticky sessions in the shop area when distributing the load to the backends.

Browser session

We process the data collected through the use of these cookies based on Art. 6 (1) (f) GDPR. All other cookies, which are not absolutely essential for the actual website functions and may link to or share data with other services, require your informed consent.

Preference cookies

These cookies enable a website to remember certain information that affects the way that a website behaves or looks, such as your preferred language or the region that you are in.

Name

Provider

Purpose

Lifetime

Consent

Google

Stores preferences and other user information. Specifically, this includes the preferred language, number of search results to display per page and the decision whether or not to activate the Google SafeSearch filter.

20 years

NID

Google

Registers a unique ID to identify a returning user’s device and stores preferred settings and other information. This includes the number of search results to display per page (e.g. 10 or 20) and whether or not to activate the Google SafeSearch filter.

6 months

OTZ

Google

Customises ads within Google entities, such as Google Search.

1 month

We process the data collected through the use of these cookies based on Art. 6 (1) (a) GDPR.

Statistics cookies

These cookies help website operators to understand how visitors interact with websites by collecting and reporting data anonymously.

Name

Provider

Purpose

Lifetime

1p_JAR

Google

Gathers website statistics and tracks conversion rates.

1 month

DV

Google

Gathers website statistics and tracks conversion rates.

5 minutes

We process the data collected through the use of these cookies based on Art. 6 (1) (a) GDPR.

Marketing cookies

These cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual users and thus more valuable for publishers and third-party advertisers.

Name

Provider

Purpose

Lifetime

_pk_id.1.5af9 /
_pk_id.1.266f 

Matomo

Persistent first-party cookie for the statistical evaluation of visitor access.

13 months

_pk_ref.1.5af9 /

Matomo

Stores the attribution information that the referrer originally used to visit the website.

6 months

_pk_ses.1.5af9 /
_pk_ses.1.266f

Matomo

Short-lived cookies used to temporarily store data for the user’s visit.

30 minutes

Consent

YouTube

Determines whether visitors have consented to the use of marketing cookies in the cookie banner. This cookie is necessary for the website’s compliance with the EU’s General Data Protection Regulation (GDPR).

6,030 days

VISITOR_INFO1_Live

YouTube

Measures the user’s bandwidth.

6 months

YSC

YouTube

Registers a unique ID to store statistics for the YouTube videos that the user has watched.

Browser session

5. Third-party providers

In order to provide and continuously improve our services, we use the services of various third-party providers, who may in turn process personal data.

We use tracking technology to measure and evaluate our website and to continuously improve our content, for example. To protect our users and partners, we are also able to identify and prevent fraud and security risks.

5.1 Matomo

We use the open-source software “Matomo” on our website, which is a service provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, NZBN 6106769, New Zealand.

Matomo is a web analysis tool that creates pseudonymised user profiles. We save permanent cookies on your device for this, which we are then able to read. This enables us to identify and count you as a returning visitor accordingly. The use of cookies moreover allows us to analyse how you use the website. Matomo evaluates your use of the website on our behalf and compiles reports on your activities on our website. Your IP address is only processed in an anonymised format. Matomo is run exclusively on our servers as part of this website, which mean that data is only ever processed on our servers and is not made available to any third parties.

Insofar as you gave your consent via our cookie banner, the data processing is based on your consent pursuant to Art. 6 (1) (a) GDPR. You are able to withdraw your consent at any time. Click here to withdraw your consent.

5.2 MyFonts

We use Web Fonts for the uniform display of fonts, which are fonts provided by MyFonts Inc., 500 Unicorn Park Drive, Woburn, MA 01801, USA.

When you access a web page, your browser loads the required web fonts to its browser cache in order to display texts and fonts correctly. To do this, your browser must connect to the MyFonts servers, which may in turn also lead to the transmission of your personal data to servers in the USA belonging to MyFonts Inc. This may allow MyFonts to learn that our website has been accessed via your IP address.

To counteract this, we host the MyFonts fonts locally, i.e. on our web server rather than on the MyFonts servers. As a consequence, no connection is established to the MyFonts servers and none of your data is transmitted or stored. The legal basis for this data processing is our legitimate interest in the sense of Art. 6 (1) (f) GDPR.

For more information on the Web Fonts by MyFonts, see www.myfonts.com/ and the MyFonts privacy policy at www.monotype.com/legal/privacy-policy.

5.3 Google Maps

We use the “Google Maps” map service on our website, which is a service of Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland and of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA for all other users.

In order for the map service to be integrated into your web browser and displayed, a connection must first be established to a server of Google LLC (USA) when you access the contact page. This means that data may be processed outside of the EU or EEA. With regard to Google LLC, an adequate level of data protection cannot be assumed, as data is processed in the USA. Consequently, there is a risk that the authorities may access the data for security and monitoring purposes without your knowledge or without you having recourse to appeal. We have no influence whatsoever over whether and to what extent Google processes your data for its own purposes or links this to any other user profiles you may have.

Insofar as you gave your consent via our cookie banner, the data processing is based on your consent pursuant to Art. 6 (1) (a) GDPR. You are able to withdraw your consent at any time. Click here to adjust the settings via our cookie banner.

The transfer of data to a third country is based on Art. 49 (1) (a) GDPR.

6. Social media

We have a presence online in social networks to enable us to communicate with the users active there and to provide information about our organisation. When you visit our website, no direct connection will be established between your browser and the servers of the respective social network.

However, if you click on the “Share” button (plugin) of the respective social network, a new browser window will open and redirect you to your user account if you are logged in there. A direct connection is established between your browser and the server belonging to the respective social network via the plugin in this way. The social network is then notified that you visited our website using your IP address.

We hereby explicitly advise that we have no knowledge whatsoever of the content of any (personal) data transmitted, nor do we know how it is used by the respective social network. For details of the forms of processing and the options to object to this, see the privacy policies and information provided by the operators of the social networks.

6.1 LinkedIn

Our website uses functions of the LinkedIn network, which is provided by LinkedIn Co., 2029 Stierlin Court, Mountain View, CA 94043, USA. For more information, see LinkedIn’s privacy policy: www.linkedin.com/legal/privacy-policy

6.2 Instagram

Our website uses functions of the Instagram network, which is provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA. For more information, see Instagram’s data policy: https://help.instagram.com/519522125107875

6.3 Twitter

Our website uses functions of the Twitter network, which is provided by Twitter International Company, One Cumberland Place, Fenian Street Dublin 2, D02 AX07, Ireland. For more information, see Twitter’s privacy policy: https://twitter.com/en/privacy

6.4 Facebook (fan page)

We operate a fan page on Facebook to inform on topics relating to the TÜV Association. This is a service provided by Facebook Ireland Ltd. (“Facebook”), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

We have agreed to Facebook’s commercial terms of service. When you visit our fan page on Facebook, Facebook stores our fan page cookie on your device and collects “insights data” about the use of our fan page:

  • information about your visit to our Facebook fan page (your IP address, referrer website, file name, URL)

Each of these cookies set by Facebook has a unique cookie ID. Based on Facebook’s data processing, it is possible to receive statistical data from Facebook in accordance with our joint controllership pursuant to Art. 26 GDPR. We operate this Facebook fan page solely to raise awareness about our company and to interact with you as a visitor to and user of this Facebook fan page. At no point during your visit to our fan page is it possible to identify you using the insights function and the statistics provided.

Within Facebook, your data may be transmitted to Facebook Inc. (USA). This means that data may be processed outside of the EU or EEA. With regard to Facebook Inc., an adequate level of data protection cannot be assumed, as data is processed in the USA. Consequently, there is a risk that the authorities may access the data for security and monitoring purposes without your knowledge or without you having recourse to appeal. We have no influence whatsoever over whether and to what extent Facebook processes your data for its own purposes or links this to any other user profiles you may have.

Operation of this fan page is based on our legitimate interest pursuant to Art. 6 (1) (f) GDPR in a timely and supportive opportunity to inform and interact with our users and visitors. Should you wish to object to the embedding, we recommend that you do not use our fan page in the future. The transfer of data to a third country is based on Art. 49 (1) (a) GDPR.

For information on how to contact Facebook, on the settings options for advertisements as well as the data usage guidelines, see Facebook’s data policy: www.facebook.com/about/privacy

For more information on our joint controllership with Facebook, see: www.facebook.com/legal/terms/page_controller_addendum

7. YouTube videos

We have embedded YouTube videos in our website. YouTube is a subsidiary of Google Ireland Ltd. (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Accessing a page on our website with an embedded video leads the provider’s content to be reloaded. YouTube is then informed that you have accessed our website and also receives the necessary usage data.

We use YouTube’s Privacy Enhanced Mode. According to YouTube, no cookies are set during this mode and data is only transmitted to the YouTube server when you actually play a video.

Within YouTube, your data may be transmitted to Google Ireland Ltd. and Google LLC (USA). This means that data may be processed outside of the EU or EEA. With regard to Google LLC, an adequate level of data protection cannot be assumed, as data is processed in the USA. Consequently, there is a risk that the authorities may access the data for security and monitoring purposes without your knowledge or without you having recourse to appeal. We have no influence whatsoever over whether and to what extent Google processes your data for its own purposes or links this to any other user profiles you may have.

The data processing is based on your consent pursuant to Art. 6 (1) (a) GDPR. By clicking on a video, you give your consent for us to reload the content from Google. The transfer of data to a third country is based on Art. 49 (1) (a) GDPR. You are able to withdraw your consent at any time. Click here to adjust the settings via our cookie banner.

8. Newsletter

We use CleverReach to send newsletters, which is a platform of CleverReach GmbH & Co. KG, Mühlenstraße 43, 26180 Rastede, Germany.

Your personal data is stored on the servers of CleverReach GmbH. CleverReach uses this information to send and evaluate newsletters on our behalf. According to CleverReach, it may use this data to optimise or improve its services (e.g. technical optimisation of the dispatch and presentation of newsletters) or for economic purposes in order to determine which countries the recipients are based in. CleverReach does not use our newsletter recipients’ data to contact them itself, nor does it pass this data on to any third parties.

The data processing is based on your consent pursuant to Art. 6 (1) (a) GDPR. You can withdraw this consent at any time by unsubscribing from the newsletter. The lawfulness of the data processing completed up until you withdrew consent shall remain unaffected by your withdrawal of consent.

If you do not want CleverReach to perform any analyses, you must unsubscribe from the newsletter. We provide a link in every newsletter to enable you to do this.

The security of your data and compliance with data protection regulations is of utmost importance to CleverReach GmbH. For more information, see CleverReach’s privacy policy: www.cleverreach.com/en/privacy-policy

9. Online shop

We have integrated an online shop into our website to enable the purchase of technical guidelines and publications. To place an order, you must conclude a contract with us for which you will be required to provide the personal data we need to process your order. Mandatory information that is required to process contracts is marked specifically; other information is voluntary.

We process the data you provide in order to handle your order and to offer services such as individual customer support. In the course of order processing, we pass on your personal data to TÜV-Media AG, Am Grauen Stein 1, 51105 Cologne, Germany.

We process the data you provide to handle your order; Art. 6 (1) (b) GDPR forms the legal basis for this. We are obliged by commercial and tax laws to store your address, payment information and order details for a period of ten years.

10. Contact

You are able to send us personal messages. To use the message function, you must enter your first and last names and your email address. We use this data based on Art. 6 (1) (f) GDPR to respond to your message. If your message serves to conduct pre-contractual measures, Art. 6 (1) (b) GDPR may also be taken as the legal basis.

You are able decide for yourself whether you would like to provide us with any information above and beyond this. You provide this information voluntarily; it is not absolutely necessary to be able to contact us. Processing of the data that you provide voluntarily is based on Art. 6 (1) (a) GDPR. You are able to withdraw your consent at any time with effect for the future.

11. Your rights as the data subject

With regard to the data processing detailed here, you are entitled to various rights as the data subject which are regulated in the EU’s General Data Protection Regulation (GDPR):

  • Right of access (Art. 15 GDPR): You have the right to obtain confirmation from the controller as to whether personal data concerning you is being processed.
  • Right to rectification (Art. 16 GDPR): You have the right to ask the controller to rectify any inaccurate personal data concerning you without undue delay.
  • Right to erasure (Art. 17 GDPR): You have the right to ask the controller to erase personal data concerning you without undue delay.
  • Right to restriction of processing (Art. 18 GDPR): You have the right to ask the controller to restrict processing if one of the conditions detailed in Art. 18 GDPR applies.
  • Right to data portability (Art. 20 GDPR): You have the right to receive the personal data concerning you that you have provided to a controller in a structured, commonly used and machine-readable format if one of the conditions detailed in Art. 20 GDPR applies.
  • Right of withdrawal (Art. 7 GDPR): Pursuant to Art. 7 (3) GDPR, you have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
  • Right to object (Art. 21 GDPR): If data is collected on the basis of Art. 6 (1) (f) GDPR or Art. 6 (1) (e) GDPR, you have the right to object to the processing of personal data at any time for reasons arising from your particular situation.
  • Right to lodge a complaint (Art. 77 GDPR): Without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with a supervisory authority. You can contact the supervisory authority in your habitual place of residence or our company headquarters to this end.

The address of the supervisory authority responsible for the TÜV Association is as follows:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstraße 219
10969 Berlin
Germany

+49 30 13889-0
+49 30 2155050
mailbox@datenschutz-berlin.de
www.datenschutz-berlin.de

12. Data protection officer

Our data protection officer can gladly advise on data protection matters:

Marc Fliehe
+49 30 760095-460
dsb@tuev-verband.de

13. Final provisions

The TÜV Association reserves the right to modify this privacy policy at any time so that it always complies with the current legal requirements or in order to implement changes to the services in the privacy policy, for example if new services are introduced or changes are made to the website. The new privacy policy will then apply for any future access to this website.

Last updated: October 2021