Thank you for visiting our website and for your interest in the TÜV Association (TÜV-Verband e. V.). In the following, we would like to inform you of the handling of your data pursuant to Art. 13 of the EU’s General Data Protection Regulation (GDPR).
1. Responsible party
The TÜV Association is responsible for the data processing described below in accordance with the data protection regulations.
If you would like us to contact you, email your request to firstname.lastname@example.org.
2. Server log files
When you visit our website, our web server stores standardised information about your device and the browser you use in a log file. We process this data to be able to analyse errors in our server and attempts at misuse. Specifically, the following information is collected:
- name of the website accessed
- date and time of access
- amount of data transferred
- notification of successful access
- IP address of the accessing computer
- specific address of the page accessed on our website
- browser type and version
- operating system used
- where applicable, referrer URL
We are unable to use this data to identify you and the log data is only evaluated anonymously. Log data is usually deleted immediately, but at the latest after four days. The legal basis for this data processing is our legitimate interest in the sense of Art. 6 (1) (f) GDPR.
3. SSL and TLS encryption
This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. enquiries to the controller). You can recognise an encrypted connection by the “https://” character string and the lock symbol in the browser line.
A distinction is made between “first-party” and “third-party” cookies, depending on the cookie’s provenance:
- First-party cookies: These cookies are generated and stored locally by the website operator in their capacity as the controller or by a processor commissioned by them. Only the website operator can access these cookies.
- Third-party cookies: These cookies are generated, set and retrieved by third-party providers not acting as the controller on behalf of the website operator.
Depending on the cookies’ lifetime, a distinction can moreover be made between temporary and persistent cookies.
- Temporary cookies: These cookies are deleted automatically when you close your browser. In particular, these include session cookies.
- Persistent cookies: These cookies remain stored on your device for a specified period of time after you close your browser.
Depending on the cookies’ properties and purpose, the website user’s consent may be required for certain cookies. Cookies can thus be differentiated between according to whether or not the website user’s consent is required for their use.
- Cookies not requiring consent: These cookies are absolutely essential for the website operator to provide the service explicitly requested by the participant or website user (“strictly necessary cookies”).
- Cookies requiring consent: These cookies are used for all purposes other than those mentioned above.
We use strictly necessary cookies that are absolutely essential pursuant to Art. 6 1(f) GDPR, whereby our legitimate interest lies in ensuring the functionality of our website. You cannot deactivate these cookies via the website’s cookie banner. However, you are able to manage and deactivate the general cookie settings in your browser at any time.
This website uses different types of cookies:
Strictly necessary cookies
These cookies are set automatically when the website is accessed or a specific function is activated, unless you have adjusted your browser settings to prevent cookies from being set.
Identifies a session ID when logging in to the TYPO3 frontend.
Identifies a backend session when a backend user logs into the TYPO3 backend or frontend.
Validates a session for the system maintenance area / “Install Tool”.
Stores information about the last login provider when logging into the TYPO3 backend.
Manages the session in the shop area.
Enables sticky sessions in the shop area when distributing the load to the backends.
We process the data collected through the use of these cookies based on Art. 6 (1) (f) GDPR. All other cookies, which are not absolutely essential for the actual website functions and may link to or share data with other services, require your informed consent.
These cookies enable a website to remember certain information that affects the way that a website behaves or looks, such as your preferred language or the region that you are in.
Stores preferences and other user information. Specifically, this includes the preferred language, number of search results to display per page and the decision whether or not to activate the Google SafeSearch filter.
Registers a unique ID to identify a returning user’s device and stores preferred settings and other information. This includes the number of search results to display per page (e.g. 10 or 20) and whether or not to activate the Google SafeSearch filter.
Customises ads within Google entities, such as Google Search.
We process the data collected through the use of these cookies based on Art. 6 (1) (a) GDPR.
These cookies help website operators to understand how visitors interact with websites by collecting and reporting data anonymously.
Gathers website statistics and tracks conversion rates.
Gathers website statistics and tracks conversion rates.
We process the data collected through the use of these cookies based on Art. 6 (1) (a) GDPR.
These cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual users and thus more valuable for publishers and third-party advertisers.
Persistent first-party cookie for the statistical evaluation of visitor access.
Stores the attribution information that the referrer originally used to visit the website.
Short-lived cookies used to temporarily store data for the user’s visit.
Determines whether visitors have consented to the use of marketing cookies in the cookie banner. This cookie is necessary for the website’s compliance with the EU’s General Data Protection Regulation (GDPR).
Measures the user’s bandwidth.
Registers a unique ID to store statistics for the YouTube videos that the user has watched.
5. Third-party providers
In order to provide and continuously improve our services, we use the services of various third-party providers, who may in turn process personal data.
We use tracking technology to measure and evaluate our website and to continuously improve our content, for example. To protect our users and partners, we are also able to identify and prevent fraud and security risks.
We use the open-source software “Matomo” on our website, which is a service provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, NZBN 6106769, New Zealand.
Insofar as you gave your consent via our cookie banner, the data processing is based on your consent pursuant to Art. 6 (1) (a) GDPR. You are able to withdraw your consent at any time. Click here to withdraw your consent.
We use Web Fonts for the uniform display of fonts, which are fonts provided by MyFonts Inc., 500 Unicorn Park Drive, Woburn, MA 01801, USA.
When you access a web page, your browser loads the required web fonts to its browser cache in order to display texts and fonts correctly. To do this, your browser must connect to the MyFonts servers, which may in turn also lead to the transmission of your personal data to servers in the USA belonging to MyFonts Inc. This may allow MyFonts to learn that our website has been accessed via your IP address.
To counteract this, we host the MyFonts fonts locally, i.e. on our web server rather than on the MyFonts servers. As a consequence, no connection is established to the MyFonts servers and none of your data is transmitted or stored. The legal basis for this data processing is our legitimate interest in the sense of Art. 6 (1) (f) GDPR.
5.3 Google Maps
We use the “Google Maps” map service on our website, which is a service of Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland and of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA for all other users.
In order for the map service to be integrated into your web browser and displayed, a connection must first be established to a server of Google LLC (USA) when you access the contact page. This means that data may be processed outside of the EU or EEA. With regard to Google LLC, an adequate level of data protection cannot be assumed, as data is processed in the USA. Consequently, there is a risk that the authorities may access the data for security and monitoring purposes without your knowledge or without you having recourse to appeal. We have no influence whatsoever over whether and to what extent Google processes your data for its own purposes or links this to any other user profiles you may have.
Insofar as you gave your consent via our cookie banner, the data processing is based on your consent pursuant to Art. 6 (1) (a) GDPR. You are able to withdraw your consent at any time. Click here to adjust the settings via our cookie banner.
The transfer of data to a third country is based on Art. 49 (1) (a) GDPR.
6. Social media
We have a presence online in social networks to enable us to communicate with the users active there and to provide information about our organisation. When you visit our website, no direct connection will be established between your browser and the servers of the respective social network.
However, if you click on the “Share” button (plugin) of the respective social network, a new browser window will open and redirect you to your user account if you are logged in there. A direct connection is established between your browser and the server belonging to the respective social network via the plugin in this way. The social network is then notified that you visited our website using your IP address.
We hereby explicitly advise that we have no knowledge whatsoever of the content of any (personal) data transmitted, nor do we know how it is used by the respective social network. For details of the forms of processing and the options to object to this, see the privacy policies and information provided by the operators of the social networks.
Our website uses functions of the Instagram network, which is provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA. For more information, see Instagram’s data policy: https://help.instagram.com/519522125107875
6.4 Facebook (fan page)
We operate a fan page on Facebook to inform on topics relating to the TÜV Association. This is a service provided by Facebook Ireland Ltd. (“Facebook”), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
We have agreed to Facebook’s commercial terms of service. When you visit our fan page on Facebook, Facebook stores our fan page cookie on your device and collects “insights data” about the use of our fan page:
- information about your visit to our Facebook fan page (your IP address, referrer website, file name, URL)
Each of these cookies set by Facebook has a unique cookie ID. Based on Facebook’s data processing, it is possible to receive statistical data from Facebook in accordance with our joint controllership pursuant to Art. 26 GDPR. We operate this Facebook fan page solely to raise awareness about our company and to interact with you as a visitor to and user of this Facebook fan page. At no point during your visit to our fan page is it possible to identify you using the insights function and the statistics provided.
Within Facebook, your data may be transmitted to Facebook Inc. (USA). This means that data may be processed outside of the EU or EEA. With regard to Facebook Inc., an adequate level of data protection cannot be assumed, as data is processed in the USA. Consequently, there is a risk that the authorities may access the data for security and monitoring purposes without your knowledge or without you having recourse to appeal. We have no influence whatsoever over whether and to what extent Facebook processes your data for its own purposes or links this to any other user profiles you may have.
Operation of this fan page is based on our legitimate interest pursuant to Art. 6 (1) (f) GDPR in a timely and supportive opportunity to inform and interact with our users and visitors. Should you wish to object to the embedding, we recommend that you do not use our fan page in the future. The transfer of data to a third country is based on Art. 49 (1) (a) GDPR.
For information on how to contact Facebook, on the settings options for advertisements as well as the data usage guidelines, see Facebook’s data policy: www.facebook.com/about/privacy
For more information on our joint controllership with Facebook, see: www.facebook.com/legal/terms/page_controller_addendum
7. YouTube videos
We have embedded YouTube videos in our website. YouTube is a subsidiary of Google Ireland Ltd. (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Accessing a page on our website with an embedded video leads the provider’s content to be reloaded. YouTube is then informed that you have accessed our website and also receives the necessary usage data.
We use YouTube’s Privacy Enhanced Mode. According to YouTube, no cookies are set during this mode and data is only transmitted to the YouTube server when you actually play a video.
Within YouTube, your data may be transmitted to Google Ireland Ltd. and Google LLC (USA). This means that data may be processed outside of the EU or EEA. With regard to Google LLC, an adequate level of data protection cannot be assumed, as data is processed in the USA. Consequently, there is a risk that the authorities may access the data for security and monitoring purposes without your knowledge or without you having recourse to appeal. We have no influence whatsoever over whether and to what extent Google processes your data for its own purposes or links this to any other user profiles you may have.
The data processing is based on your consent pursuant to Art. 6 (1) (a) GDPR. By clicking on a video, you give your consent for us to reload the content from Google. The transfer of data to a third country is based on Art. 49 (1) (a) GDPR. You are able to withdraw your consent at any time. Click here to adjust the settings via our cookie banner.
We use CleverReach to send newsletters, which is a platform of CleverReach GmbH & Co. KG, Mühlenstraße 43, 26180 Rastede, Germany.
Your personal data is stored on the servers of CleverReach GmbH. CleverReach uses this information to send and evaluate newsletters on our behalf. According to CleverReach, it may use this data to optimise or improve its services (e.g. technical optimisation of the dispatch and presentation of newsletters) or for economic purposes in order to determine which countries the recipients are based in. CleverReach does not use our newsletter recipients’ data to contact them itself, nor does it pass this data on to any third parties.
The data processing is based on your consent pursuant to Art. 6 (1) (a) GDPR. You can withdraw this consent at any time by unsubscribing from the newsletter. The lawfulness of the data processing completed up until you withdrew consent shall remain unaffected by your withdrawal of consent.
If you do not want CleverReach to perform any analyses, you must unsubscribe from the newsletter. We provide a link in every newsletter to enable you to do this.
9. Online shop
We have integrated an online shop into our website to enable the purchase of technical guidelines and publications. To place an order, you must conclude a contract with us for which you will be required to provide the personal data we need to process your order. Mandatory information that is required to process contracts is marked specifically; other information is voluntary.
We process the data you provide in order to handle your order and to offer services such as individual customer support. In the course of order processing, we pass on your personal data to TÜV-Media AG, Am Grauen Stein 1, 51105 Cologne, Germany.
We process the data you provide to handle your order; Art. 6 (1) (b) GDPR forms the legal basis for this. We are obliged by commercial and tax laws to store your address, payment information and order details for a period of ten years.
You are able to send us personal messages. To use the message function, you must enter your first and last names and your email address. We use this data based on Art. 6 (1) (f) GDPR to respond to your message. If your message serves to conduct pre-contractual measures, Art. 6 (1) (b) GDPR may also be taken as the legal basis.
You are able decide for yourself whether you would like to provide us with any information above and beyond this. You provide this information voluntarily; it is not absolutely necessary to be able to contact us. Processing of the data that you provide voluntarily is based on Art. 6 (1) (a) GDPR. You are able to withdraw your consent at any time with effect for the future.
11. Your rights as the data subject
With regard to the data processing detailed here, you are entitled to various rights as the data subject which are regulated in the EU’s General Data Protection Regulation (GDPR):
- Right of access (Art. 15 GDPR): You have the right to obtain confirmation from the controller as to whether personal data concerning you is being processed.
- Right to rectification (Art. 16 GDPR): You have the right to ask the controller to rectify any inaccurate personal data concerning you without undue delay.
- Right to erasure (Art. 17 GDPR): You have the right to ask the controller to erase personal data concerning you without undue delay.
- Right to restriction of processing (Art. 18 GDPR): You have the right to ask the controller to restrict processing if one of the conditions detailed in Art. 18 GDPR applies.
- Right to data portability (Art. 20 GDPR): You have the right to receive the personal data concerning you that you have provided to a controller in a structured, commonly used and machine-readable format if one of the conditions detailed in Art. 20 GDPR applies.
- Right of withdrawal (Art. 7 GDPR): Pursuant to Art. 7 (3) GDPR, you have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
- Right to object (Art. 21 GDPR): If data is collected on the basis of Art. 6 (1) (f) GDPR or Art. 6 (1) (e) GDPR, you have the right to object to the processing of personal data at any time for reasons arising from your particular situation.
- Right to lodge a complaint (Art. 77 GDPR): Without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with a supervisory authority. You can contact the supervisory authority in your habitual place of residence or our company headquarters to this end.
The address of the supervisory authority responsible for the TÜV Association is as follows:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
+49 30 13889-0
+49 30 2155050
12. Data protection officer
Our data protection officer can gladly advise on data protection matters:
+49 30 760095-460
13. Final provisions
Last updated: October 2021