Datenschutz

Home   >   Privacy

Privacy Policy

I. Name and Address of the Entity Responsible

The entity responsible within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is:

TÜV TRUST IT GmbH TÜV AUSTRIA Group

Waltherstr. 49-51

51069 Cologne

Phone:  + 49 (0)221 969789-0

E-mail: info@tuv-austria.com

Website: https://www.it-tuv.com

II. Name and Address of the Data Protection Officer

The data protection officer of the entity responsible is:

Manuel Münchhausen

Phone: + 49 (0) 221 969789-0

E-mail: datenschutz@tuv-austria.com

III. General Information on Data Processing

1. Scope of Processing of Personal Data

We only process personal data of our users if this is necessary to provide a functional website, its contents and its services. The processing of personal data of our users on a regular basis takes place only after the user has consented. An exception applies in those cases where prior consent cannot be obtained for actual reasons and when the processing of the data is permitted by law.

2. Legal Basis for the Processing of Personal Data

Insofar as we obtain the consent for the processing of personal data by the affected person, Art. 6 para. 1 lit. a EU General Data Protection Regulation (EU-GDPR) serves as the legal basis.

In the processing of personal data required for the performance of a contract to which the affected person is a party, Art. 6 para. 1 lit. b EU-GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c EU-GDPR serves as the legal basis.

If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the person affected do not outweigh the first mentioned interest, Art. 6 para. 1 lit. f EU-GDPR serves as the legal basis.

3. Data Erasure and Storage Time

The personal data of the affected person will be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

IV. Provision of the Website and Creation of Log Files

1. Description and Scope of Data Processing

Every time you visit our website, our system automatically collects data and information of the requesting computer system.

In so doing, the following data will be collected:

  • Information about the browser type and version used
  • The operating system of the user
  • The Internet service provider of the user
  • The IP address of the user
  • Date and time of access
  • Websites from which the system of the user linked to our website
  • Websites that are accessed by the user’s system through our website

This information is also stored in the log files. This data is not stored together with other personal data of the user.

Occasionally, we may include third-party contents, such as contents, graphics or videos. For technical reasons, this also requires the transmission of your IP address. We select third parties as far as possible in such a way that further use of transmitted information is in compliance with data protection regulations.

For rendering this Website the font “Proxima Nova” is used as a Typekit service provided by Adobe. To provide the Typekit service, Adobe may collect information about the fonts that are provided. This information is used for accounting and compliance purposes and may include the following:

  • Fonts provided
  • ID of the typeset
  • JavaScript version of the typeset (string)
  • Type of font (string “configurable” or “dynamic”)
  • Account ID (identifies the customer of which the record is)
  • Service that provides the fonts (e.g. Typekit or Edge Web Fonts)
  • Application that requests the fonts (e.g. Adobe Muse)
  • Server providing the fonts (e.g. Typekit server or Enterprise CDN)
  • Host name of the page on which the fonts are loaded
  • The time it takes the web browser to download the fonts
  • The time that passes between downloading the fonts with the web browser and using the fonts
  • Whether or not an ad blocker is installed, to determine if the ad blocker is interfering with the proper tracking of page views

More information: https://www.adobe.com/en/privacy/policies/typekit.html

2. Legal Basis for Data Processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f EU-GDPR.

3. Purpose of the Data Processing

The temporary storage of the IP address by the system is necessary to allow delivery of the website to the computer of the user. To do this, the user’s IP address must be kept for the duration of the session.

Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimise the website and to ensure the security of our IT systems. An evaluation of the data for marketing purposes does not take place in this context.

For these purposes, our legitimate interest in the processing of data according to Art. 6 para. 1 lit. f EU-GDPR.

4. Duration of Storage

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. In the case of collecting the data for providing the website, this is the case when the respective session is completed.

In the case of storing the data in log files, this is the case after no more than seven days. An additional storage is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.

5. Objection- and Removal-possibility

The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. There is consequently no possibility to object on the part of the user.

V. Use of Cookies

a) Description and Scope of Data Processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser on the user’s computer system. When a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is reopened.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.

b) Legal Basis for Data Processing

The legal basis for the processing of personal data using cookies is Art. 6 (1) lit. f EU-GDPR.

c) Purpose of the Data Processing

The purpose of using technically necessary cookies is to facilitate the use of websites for users. Some features of our website can not be offered without the use of cookies. For these, it is necessary that the browser is recognised even after a page change.

The user data collected through technically necessary cookies will not be used to create user profiles.

For these purposes, our legitimate interest in the processing of personal data pursuant to Art. 6 para. 1 lit. f EU-GDPR.

d) Duration of storage, objection and disposal options

Cookies are stored on the computer of the user and transmitted from there to our site. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Already saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to use all the functions of the website to their full extent.

VI. Newsletter

1. Description and Scope of Data processing

On our website you can subscribe to a free newsletter. The data from the input mask will be transmitted to us when registering for the newsletter. These data are:

  • Salutation
  • Surname
  • First given name
  • E-mail address

In addition, the following data will be collected upon registration:

  • IP address of the calling computer
  • Date and time of registration
  • For the processing of the data your consent is obtained as part of the registration process and  referred to this
  • Privacy Policy referenced.

If you order services from us and deposit your e-mail address here, this information can subsequently be used by us for sending a newsletter. In such a case, only direct advertising for similar products or services of ours will be sent via the newsletter.

For the dispatch of the newsletter we partly use technical service providers. Your data will be used exclusively for the dispatch of the newsletter.

2. Legal Basis for Data Processing

The legal basis for the processing of the data after the user has registered for the newsletter is, in the presence of the user, Art. 6 para. 1 lit. a EU-GDPR or as a result of the sale of goods or services § 7 para. 3 UWG.

3. Purpose of the Data Processing

The collection of the user’s e-mail address serves to deliver the newsletter.

The collection of other personal data in the context of the registration process serves to prevent misuse of the services or the email address used.

4. Duration of Storage

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. Your data is therefore stored as long as the subscription to the newsletter is active.

The additional personal data collected during the sending process will be deleted at the latest after a period of seven days.

5. Objection- and Removal-possibility

The subscription to the newsletter may be terminated by the user concerned at any given time. For this purpose, there is a corresponding link in each newsletter.

VII. Contact Form, E-mail Contact and Personal Address

1. Description and Scope of Data Processing

On our website there is a contact form available, which can be used for electronic contacting. If a user realises this option, the data entered in the input mask will be transmitted to us and saved. Optional details are marked accordingly in the input mask. These data are:

  •  Salutation
  •  Surname
  •  First given name
  •  Companies
  •  E-mail address
  •  Phone number
  •  Message (free text)

At the time of sending the message, the following data will also be stored:

  •  The IP address of the user
  •  Date and time of registration

For the processing of the data in the context of the sending process your consent is obtained and referred to this privacy statement.

Alternatively, contact via the provided e-mail address is possible. In this case, the user’s personal data transmitted by e-mail will be stored. This also applies if we contact you by e-mail, for example on the basis of a personal conversation or after you have given us your contact information in non-electronic form (for example, as business cards).

If you are based in Austria and you contact us, for processing, your request will be forwarded to TÜV TRUST IT TÜV AUSTRIA GMBH, TÜV AUSTRIA-Platz 1, A-2345 Brunn am Gebirge. In addition, there is no disclosure of the data to third parties. The data will be used exclusively for the processing of the contact and downstream for the execution of contracts, if such are concluded.

2. Legal Basis for Data Processing

Legal basis for the processing of the data is in the presence of the consent of the user Art. 6 para. 1 lit. a EU-GDPR.

The legal basis for the processing of the data transmitted in the course of sending an e-mail is Art. 6 (1) lit. f EU-GDPR. If the e-mail contact aims to conclude a contract, then additional legal basis for the processing is Art. 6 para. 1 lit. b EU-GDPR.

3. Purpose of the Data Processing

The processing of the personal data from the input mask serves us only to process the contact. In the case of contact via e-mail, this also includes the required legitimate interest in the processing of the data.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our IT systems.

4. Duration of Data Storage

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. For the personal data from the input form of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation will be ended as soon as it can be inferred from the circumstances that the relevant facts have been finally clarified.

The additional personal data collected during the sending process will be deleted at the latest after a period of seven days.

5. Objection- and Removal-possibility

The user has the possibility at any given time to revoke his consent to the processing of the personal data. If the user contacts us by e-mail, he can object to the storage of his personal data at any given time. In such a case, the conversation cannot continue. The objection is possible by e-mail or contact form on our website.

All personal data stored in the course of contacting will be deleted in this case.

VIII. Retrieval of Publications

1. Description and Scope of Data Processing

On our website, there is the possibility to request publications such as guides. If a user realises this option, the data entered in the input mask will be transmitted to us and saved. Optional details are marked accordingly in the input mask. These data are:

  • Salutation
  • Surname
  • First given name
  • Companies
  • E-mail address
  • Address
  • Phone number
  • Fax number
  • Your message (free text)

At the time of sending the message, the following data is also stored:

  • The IP address of the user
  • Date and time of the request

For the processing of the data in the context of the sending process your consent is obtained and referred to this privacy statement.

Alternatively, contact via the provided e-mail address is possible. In this case, the user’s personal data transmitted by e-mail will be stored.

In this context, there is no disclosure of the data to third parties. The data will be used for the processing of your request to be able to process queries if necessary and for the purpose of advertising by e-mail, telephone or post.

2. Legal Basis for Data Processing

Legal basis for the processing of the data is in the presence of the consent of the user Art. 6 para. 1 lit. a GDPR.

The legal basis for the processing of the data transmitted in the course of sending an e-mail is Art. 6 (1) lit. f EU-GDPR.

3. Purpose of the data processing

The processing of personal data from the input mask serves us to process your request and for the purpose of advertising. For these purposes, our legitimate interest in the processing of personal data in accordance with Art. 6 para. 1 lit. f EU-GDPR.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our IT systems. This is also our legitimate interest in the processing of data according to Art. 6 para. 1 lit. f EU-GDPR.

4. Duration of storage

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. When requesting publications, this is the case at the latest when no contact with the user has been made for at least 15 months.

The additional personal data collected during the sending process will be deleted at the latest after a period of seven days.

5. Objection- and Removal-possibility

The user has the possibility at any time to revoke his consent to the processing of the personal data. The objection is possible by e-mail or contact form on our website.

All personal data stored in the course of contacting will be deleted in this case.

IX. Web Analysis by Matomo (formerly PIWIK)

1. Scope of Processing of Personal Data

On our website we use the open-source software tool Matomo (formerly PIWIK) to analyse the surfing behaviour of our users. The software places a cookie on the computer of the users (for cookies see above). If individual pages of our website are called, the following data is stored:

(1) Two bytes of the IP address of the calling system of the user

(2) The called website

(3) The website from which the user came to the accessed website (referrer)

(4) The subpages that are called from the called web page

(5) The length of stay on the website

(6) The frequency of calling the website

The software runs exclusively on the servers of our website. A storage of the users’ personal data takes place only there. A transfer of the data to third parties does not take place.

The software is configured in such a manner that the IP addresses are not completely stored but 2 bytes of the IP address are masked (eg 192.168.xxx.xxx). In this way, an assignment of the shortened IP address to the calling computer is no longer possible.

2. Legal Basis for the Processing of Personal Data

The legal basis for processing users’ personal data is Art. 6 (1) lit. f EU-GDPR.

3. Purpose of the Data Processing

The processing of users’ personal data enables us to analyse the surfing behavior of our users. By analysing the obtained data, we are able to compile information about the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness. For these purposes, our legitimate interest lies in the processing of the data according to Art. 6 para. 1 lit. f EU-GDPR. The anonymisation of the IP address sufficiently takes into account the interest of users in their protection of personal data.

4. Duration of Storage

The data will be deleted as soon as they are no longer needed for our recording purposes. The anonymised and thus no longer personal data of the web analysis will be deleted after 12 months.

5. Objection- and Removal-possibility

Cookies are stored on the computer of the user and transmitted from there to our website. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Already saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to use all the functions of the website to their full extent.

We offer our users the option of opting out of the analysis process on our website. For this you must follow the appropriate link. In this way, another cookie is set on your system, which signals our system not to save the data of the user. If the user deletes the corresponding cookie in the meantime from his own system, he must set the opt-out cookie again.

For more information on Matomo Software’s privacy settings, please visit the following link: matomo.org/docs/privacy/.

X. Rights of the person concerned

If your personal data is processed, you are a person affected as laid down in the EU-GDPR and you have the following rights to the person responsible:

1. Right to Information

You may ask the person in charge to confirm if personal data concerning you is processed by us.

If such processing is available, you can request information from the person responsible about the following information:

  1. the purposes for which the personal data are processed;
  2. the categories of personal data that are processed;
  3. the recipients or categories of recipients to whom the personal data relating to you have been disclosed or are still being disclosed;
  4. the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;
  5. the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
  6. the existence of a right of appeal to a supervisory authority;
  7. all available information on the source of the data if the personal data are not collected directly from the data subject;
  8. the existence of automated decision-making including profiling under Art. 22 (1) and (4) EU-GDPR and, at least in these cases, meaningful information about the logic involved, and the scope and intended impact of such processing on the person affected.

You have the right to request information about whether your personal information relates to a third country or an international organisation. In this connection, you can request the appropriate guarantees in accordance with. Art. 46 EU-GDPR in connection with the transfer.

2. Right to Rectification

You have a right to rectification and / or completion to the controller, if the processed personal data is incorrect or incomplete. The responsible person must make the correction without delay.

3. Right to Restriction of Processing

You may request the restriction of the processing of your personal data under the following conditions:

  1. if you contest the accuracy of your personal information for a period of time that enables the controller to verify the accuracy of your personal information;
  2. the processing is unlawful and you refuse to delete the personal data and instead request the restriction of the use of the personal data;
  3. the controller no longer requires personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
  4. if you objected to the processing pursuant to Art. 21 (1) EU-GDPR and it is not yet certain whether the legitimate reasons of the person responsible prevail over your reasons.

If the processing of personal data concerning you has been restricted, these data may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.

If the processing is restricted on the basis of the above mentioned conditions, you will be informed by the person in charge before the restriction is lifted.

4. Right to Erasure

a) Obligation to delete

You may require the controller to delete your personal information without delay, and the controller is required to delete that information immediately if one of the following is true:

  1. Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
  2. You revoke your consent to the processing according to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. EU-GDPR and there is no other legal basis for processing.
  3. Pursuant to Art. 21 para. 1 EU-GDPR, you object to the processing and there are no prior justifiable reasons for the processing, or you lay opposition to processing according to Art. 21 para. 2 EU-GDPR.
  4. Your personal data has been processed unlawfully.
  5. The deletion of personal data concerning you is required to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.
  6. The personal data concerning you were collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.

b) Information to third parties

If the person in charge has made the personal data concerning you public and is according to Art. 17 (1) of the EU-GDPR obligated to delete them, he shall take appropriate measures, including technical means, to inform data controllers who the according process personal data that you, as the person affected, have rightfully requested the erasure of all links to these personal data, as well as the erasure of copies or replications of these personal data.

c) Exceptions

The right to erasure does not exist if the processing is necessary

  1. to exercise the right to freedom of expression and information;
  2. to fulfill a legal obligation required by the law of the Union or of the Member States to which the controller is subject, or to carry out a task of public interest or in the exercise of official authority conferred on the controller;
  3. for reasons of public interest in the field of public health pursuant to Art. 9 (2) lit. h and i and Art. 9 (3) EU-GDPR;
  4. for archival purposes of public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) EU-GDPR, to the extent that the law referred to in subparagraph (a) is likely to render impossible or seriously affect the achievement of the objectives of that processing, or
  5. to assert, exercise or defend legal claims.

5. Right to Information

If you have asserted the right of rectification, erasure or restriction of processing to the controller, they are obliged to notify all recipients to whom your personal data have been disclosed of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.

You have a right to the person responsible to be informed about these recipients.

6.Right to Data Portability

You have the right to receive personal data you provide to the person responsible in a structured, common and machine-readable format. In addition, you have the right to transfer these data to another person without hindrance by the person responsible for providing the personal data, given that

  1. the processing is based on a consent according to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a EU-GDPR or on a contract according to Art. 6 para. 1 lit. b EU-GDPR and
  2. the processing is done using automated procedures.

In exercising this right, you also have the right to obtain that your personal data relating to you are transmitted directly from one person to another, insofar as this is technically feasible. Freedoms and rights of other persons may not be affected.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the controller.

7. Right to Object

You have the right at any given time, for reasons that arise from your particular situation, to object to the processing of your personal data as authorised by Art. 6 para. 1 lit. e or f EU-GDPR; this also applies to profiling based on these provisions.

The controller will no longer process the personal data concerning you unless he can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, exercising or defending legal claims.

If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any given time to the processing of your personal data for the purpose of advertising; this also applies to profiling insofar as it is associated with such direct mail.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

Regardless of Directive 2002/58 / EC, you have the option, in the context of the use of information society services, of exercising your right to object through automated procedures that use technical specifications.

8. Right to Revoke Prio Consent to the Processing of Personal Data

You have the right to revoke your data protection declaration at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

9. Automated Decision on a Case-by-Case Basis, Including Profiling

You have the right not to be subjected to a decision based solely on automated processing – including profiling – that will have legal effect or affect you in a similar manner. This does not apply if the decision

  1. is required for the conclusion or performance of a contract between you and the controller,
  2. is permissible on the basis of Union or Member State legislation to which the controller is subject, and that legislation contains adequate measures to safeguard your rights and freedoms and your legitimate interests, or
  3. with your express consent.

We do not make use of automated decisions, be it in individual cases or profiling.

10. Right to Complain to a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of its residence, place of work or place of alleged infringement, if you believe that the processing of the personal data concerning you violates the EU-GDPR.

The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 of the EU-GDPR.