Privacy Policy
I. Name and Address of the Entity Responsible
The entity responsible within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is:
TÜV TRUST IT GmbH TÜV AUSTRIA Group
Waltherstr. 49-51
51069 Cologne
Phone: + 49 (0)221 969789-0
E-mail: info@tuv-austria.com
Website: https://www.it-tuv.com
II. Name and Address of the Data Protection Officer
The data protection officer of the entity responsible is:
Manuel Münchhausen
Phone: + 49 (0) 221 969789-0
Mail: datenschutz@tuv-austria.com
III. General Information on Data Processing
1. Scope of Processing of Personal Data
We only process personal data of our users if this is necessary to provide a functional website, its contents and its services. The processing of personal data of our users on a regular basis takes place only after the user has consented. An exception applies in those cases where prior consent cannot be obtained for actual reasons and when the processing of the data is permitted by law.
2. Legal Basis for the Processing of Personal Data
Insofar as we obtain the consent for the processing of personal data by the affected person, Art. 6 para. 1 lit. a EU General Data Protection Regulation (EU-GDPR) serves as the legal basis.
In the processing of personal data required for the performance of a contract to which the affected person is a party, Art. 6 para. 1 lit. b EU-GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c EU-GDPR serves as the legal basis.
If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the person affected do not outweigh the first mentioned interest, Art. 6 para. 1 lit. f EU-GDPR serves as the legal basis.
3. Data Erasure and Storage Time
The personal data of the affected person will be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
IV. Provision of the Website and Creation of Log Files
1. Description and Scope of Data Processing
Every time you visit our website, our system automatically collects data and information of the requesting computer system.
In so doing, the following data will be collected:
- Information about the browser type and version used
- The operating system of the user
- The Internet service provider of the user
- The IP address of the user
- Date and time of access
- Websites from which the system of the user linked to our website
- Websites that are accessed by the user’s system through our website
This information is also stored in the log files. This data is not stored together with other personal data of the user.
Occasionally, we may include third-party contents, such as contents, graphics or videos. For technical reasons, this also requires the transmission of your IP address. We select third parties as far as possible in such a way that further use of transmitted information is in compliance with data protection regulations.
For rendering this Website the font “Proxima Nova” is used as a Typekit service provided by Adobe. To provide the Typekit service, Adobe may collect information about the fonts that are provided. This information is used for accounting and compliance purposes and may include the following:
- Fonts provided
- ID of the typeset
- JavaScript version of the typeset (string)
- Type of font (string “configurable” or “dynamic”)
- Account ID (identifies the customer of which the record is)
- Service that provides the fonts (e.g. Typekit or Edge Web Fonts)
- Application that requests the fonts (e.g. Adobe Muse)
- Server providing the fonts (e.g. Typekit server or Enterprise CDN)
- Host name of the page on which the fonts are loaded
- The time it takes the web browser to download the fonts
- The time that passes between downloading the fonts with the web browser and using the fonts
- Whether or not an ad blocker is installed, to determine if the ad blocker is interfering with the proper tracking of page views
More information: https://www.adobe.com/en/privacy/policies/typekit.html
2. Legal Basis for Data Processing
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f EU-GDPR.
3. Purpose of the Data Processing
The temporary storage of the IP address by the system is necessary to allow delivery of the website to the computer of the user. To do this, the user’s IP address must be kept for the duration of the session.
Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimise the website and to ensure the security of our IT systems. An evaluation of the data for marketing purposes does not take place in this context.
For these purposes, our legitimate interest in the processing of data according to Art. 6 para. 1 lit. f EU-GDPR.
4. Duration of Storage
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. In the case of collecting the data for providing the website, this is the case when the respective session is completed.
In the case of storing the data in log files, this is the case after no more than seven days. An additional storage is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.
5. Objection- and Removal-possibility
The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. There is consequently no possibility to object on the part of the user.
V. Use of Cookies
a) Description and Scope of Data Processing
Our website uses cookies. Cookies are text files that are stored in the Internet browser on the user’s computer system. When a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is reopened.
We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.
b) Legal Basis for Data Processing
The legal basis for the processing of personal data using cookies is Art. 6 (1) lit. f EU-GDPR.
c) Purpose of the Data Processing
The purpose of using technically necessary cookies is to facilitate the use of websites for users. Some features of our website can not be offered without the use of cookies. For these, it is necessary that the browser is recognised even after a page change.
The user data collected through technically necessary cookies will not be used to create user profiles.
For these purposes, our legitimate interest in the processing of personal data pursuant to Art. 6 para. 1 lit. f EU-GDPR.
d) Duration of storage, objection and disposal options
Cookies are stored on the computer of the user and transmitted from there to our site. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Already saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to use all the functions of the website to their full extent.
VI. Newsletter
1. Description and Scope of Data processing
On our website you can subscribe to a free newsletter. The data from the input mask will be transmitted to us when registering for the newsletter. These data are:
- Salutation
- Surname
- First given name
- Mail address
In addition, the following data will be collected upon registration:
- IP address of the calling computer
- Date and time of registration
- For the processing of the data your consent is obtained as part of the registration process and referred to this
- Privacy Policy referenced.
If you order services from us and deposit your e-mail address here, this information can subsequently be used by us for sending a newsletter. In such a case, only direct advertising for similar products or services of ours will be sent via the newsletter.
For the dispatch of the newsletter we partly use technical service providers. Your data will be used exclusively for the dispatch of the newsletter.
2. Legal Basis for Data Processing
The legal basis for the processing of the data after the user has registered for the newsletter is, in the presence of the user, Art. 6 para. 1 lit. a EU-GDPR or as a result of the sale of goods or services § 7 para. 3 UWG.
3. Purpose of the Data Processing
The collection of the user’s e-mail address serves to deliver the newsletter.
The collection of other personal data in the context of the registration process serves to prevent misuse of the services or the email address used.
4. Duration of Storage
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. Your data is therefore stored as long as the subscription to the newsletter is active.
The additional personal data collected during the sending process will be deleted at the latest after a period of seven days.
5. Objection- and Removal-possibility
The subscription to the newsletter may be terminated by the user concerned at any given time. For this purpose, there is a corresponding link in each newsletter.
VII. Contact Form, E-mail Contact and Personal Address
1. Description and Scope of Data Processing
On our website there is a contact form available, which can be used for electronic contacting. If a user realises this option, the data entered in the input mask will be transmitted to us and saved. Optional details are marked accordingly in the input mask. These data are:
- Salutation
- Surname
- First given name
- Companies
- E-mail address
- Phone number
- Message (free text)
At the time of sending the message, the following data will also be stored:
- The IP address of the user
- Date and time of registration
For the processing of the data in the context of the sending process your consent is obtained and referred to this privacy statement.
Alternatively, contact via the provided e-mail address is possible. In this case, the user’s personal data transmitted by e-mail will be stored. This also applies if we contact you by e-mail, for example on the basis of a personal conversation or after you have given us your contact information in non-electronic form (for example, as business cards).
If you are based in Austria and you contact us, for processing, your request will be forwarded to TÜV TRUST IT TÜV AUSTRIA GMBH, TÜV AUSTRIA-Platz 1, A-2345 Brunn am Gebirge. In addition, there is no disclosure of the data to third parties. The data will be used exclusively for the processing of the contact and downstream for the execution of contracts, if such are concluded.
2. Legal Basis for Data Processing
Legal basis for the processing of the data is in the presence of the consent of the user Art. 6 para. 1 lit. a EU-GDPR.
The legal basis for the processing of the data transmitted in the course of sending an e-mail is Art. 6 (1) lit. f EU-GDPR. If the e-mail contact aims to conclude a contract, then additional legal basis for the processing is Art. 6 para. 1 lit. b EU-GDPR.
3. Purpose of the Data Processing
The processing of the personal data from the input mask serves us only to process the contact. In the case of contact via e-mail, this also includes the required legitimate interest in the processing of the data.
The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our IT systems.
4. Duration of Data Storage
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. For the personal data from the input form of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation will be ended as soon as it can be inferred from the circumstances that the relevant facts have been finally clarified.
The additional personal data collected during the sending process will be deleted at the latest after a period of seven days.
5. Objection- and Removal-possibility
The user has the possibility at any given time to revoke his consent to the processing of the personal data. If the user contacts us by e-mail, he can object to the storage of his personal data at any given time. In such a case, the conversation cannot continue. The objection is possible by e-mail or contact form on our website.
All personal data stored in the course of contacting will be deleted in this case.
VIII. Retrieval of Publications
1. Description and Scope of Data Processing
On our website, there is the possibility to request publications such as guides. If a user realises this option, the data entered in the input mask will be transmitted to us and saved. Optional details are marked accordingly in the input mask. These data are:
- Salutation
- Surname
- First given name
- Companies
- E-mail address
- Address
- Phone number
- Fax number
- Your message (free text)
At the time of sending the message, the following data is also stored:
- The IP address of the user
- Date and time of the request
For the processing of the data in the context of the sending process your consent is obtained and referred to this privacy statement.
Alternatively, contact via the provided e-mail address is possible. In this case, the user’s personal data transmitted by e-mail will be stored.
In this context, there is no disclosure of the data to third parties. The data will be used for the processing of your request to be able to process queries if necessary and for the purpose of advertising by e-mail, telephone or post.
2. Legal Basis for Data Processing
Legal basis for the processing of the data is in the presence of the consent of the user Art. 6 para. 1 lit. a GDPR.
The legal basis for the processing of the data transmitted in the course of sending an e-mail is Art. 6 (1) lit. f EU-GDPR.
3. Purpose of the data processing
The processing of personal data from the input mask serves us to process your request and for the purpose of advertising. For these purposes, our legitimate interest in the processing of personal data in accordance with Art. 6 para. 1 lit. f EU-GDPR.
The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our IT systems. This is also our legitimate interest in the processing of data according to Art. 6 para. 1 lit. f EU-GDPR.
4. Duration of storage
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. When requesting publications, this is the case at the latest when no contact with the user has been made for at least 15 months.
The additional personal data collected during the sending process will be deleted at the latest after a period of seven days.
5. Objection- and Removal-possibility
The user has the possibility at any time to revoke his consent to the processing of the personal data. The objection is possible by e-mail or contact form on our website.
All personal data stored in the course of contacting will be deleted in this case.
IX. Application procedure and recruitment
Description and scope of data processing
If you apply for jobs with us, we will process the information you provide. Certain data is absolutely necessary in order to carry out the application procedure. You provide us with any additional data voluntarily.
To receive and manage applications, we use, among other things, the JOIN application platform of JOIN Solutions AG, which acts as a processor for us for this purpose. We have therefore concluded an order processing agreement with JOIN Solutions AG. You can find more information about data protection at JOIN at: https://join.com/de/datenschutz.
2. Purpose and legal basis for data processing
Your data is processed for the purpose of deciding on the establishment of an employment relationship pursuant to Art. 6 (1) lit. b DSGVO.
If necessary, we process your data beyond the decision on the establishment of the employment relationship on the basis of a legitimate interest pursuant to Art. 6 para. 1 lit. f DSGVO, for example for scheduling and task planning in the application process. Insofar as you have given us your consent pursuant to Art. 6 (1) a DSGVO to process your data for certain purposes (e.g. storage of application documents submitted on your own initiative for subsequent job advertisements), this processing is lawful on the basis of your consent. Consent given can be revoked at any time.
3. Duration of storage
The retention period for application documents is six months. If an employment relationship is established, the relevant personal data will be retained for the duration of the employment relationship.
With your consent, we keep application documents for longer than six months in order to use them for future job advertisements. They will be deleted if there is no contact with you for more than 12 months. The consent you have given can be revoked at any time for the future.
In addition, we are subject to various storage and documentation obligations, which result from the German Commercial Code (HGB) and the German Fiscal Code (AO), among other things. The retention and documentation periods specified there are six to ten years.This is particularly relevant when travel expenses are reimbursed.
4. Possibility of objection and removal
You have the possibility to revoke your consent at any time. The objection is possible via e-mail or contact form on our website.
You can also edit and delete your profile stored at JOIN at any time. However, deleting data during an ongoing application process may hinder or prevent it from being carried out.
5. Obligation to provide data
You only have to provide the personal data that is required for the decision on the establishment of an employment relationship or that we are legally obliged to collect. Without this data, we will usually have to refuse to conclude the contract or will no longer be able to carry out an ongoing application procedure and may have to terminate it.
X. Social Media Links
Our website contains links to social networks such as Facebook, Twitter, LinkedIn and Xing. When the parts of our website that contain such links are accessed, no personal data is transmitted to the operators of these social networks. Only when you click on the link and thereby visit the relevant social network will the operator of the visited network receive personal data relating to you. For more information about the data processing that takes place when you visit a social network and who is responsible for this within the meaning of Art. 4 No. 7 EU-GDPR, please refer to the website of the respective social network:
Facebook: https://www.facebook.com/policy.php
Twitter: https://twitter.com/de/privacy
LinkedIn: https://www.linkedin.com/legal/privacy-policy?_l=de_DE
Xing: https://privacy.xing.com/de/datenschutzerklaerung
XI. Rights of the person concerned
If your personal data is processed, you are a person affected as laid down in the EU-GDPR and you have the following rights to the person responsible:
1. Right to Information
You may ask the person in charge to confirm if personal data concerning you is processed by us.
If such processing is available, you can request information from the person responsible about the following information:
- the purposes for which the personal data are processed;
- the categories of personal data that are processed;
- the recipients or categories of recipients to whom the personal data relating to you have been disclosed or are still being disclosed;
- the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;
- the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
- the existence of a right of appeal to a supervisory authority;
- all available information on the source of the data if the personal data are not collected directly from the data subject;
- the existence of automated decision-making including profiling under Art. 22 (1) and (4) EU-GDPR and, at least in these cases, meaningful information about the logic involved, and the scope and intended impact of such processing on the person affected.
You have the right to request information about whether your personal information relates to a third country or an international organisation. In this connection, you can request the appropriate guarantees in accordance with. Art. 46 EU-GDPR in connection with the transfer.
2. Right to Rectification
You have a right to rectification and / or completion to the controller, if the processed personal data is incorrect or incomplete. The responsible person must make the correction without delay.
3. Right to Restriction of Processing
You may request the restriction of the processing of your personal data under the following conditions:
- if you contest the accuracy of your personal information for a period of time that enables the controller to verify the accuracy of your personal information;
- the processing is unlawful and you refuse to delete the personal data and instead request the restriction of the use of the personal data;
- the controller no longer requires personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
- if you objected to the processing pursuant to Art. 21 (1) EU-GDPR and it is not yet certain whether the legitimate reasons of the person responsible prevail over your reasons.
If the processing of personal data concerning you has been restricted, these data may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.
If the processing is restricted on the basis of the above mentioned conditions, you will be informed by the person in charge before the restriction is lifted.
4. Right to Erasure
a) Obligation to delete
You may require the controller to delete your personal information without delay, and the controller is required to delete that information immediately if one of the following is true:
- Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
- You revoke your consent to the processing according to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. EU-GDPR and there is no other legal basis for processing.
- Pursuant to Art. 21 para. 1 EU-GDPR, you object to the processing and there are no prior justifiable reasons for the processing, or you lay opposition to processing according to Art. 21 para. 2 EU-GDPR.
- Your personal data has been processed unlawfully.
- The deletion of personal data concerning you is required to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.
- The personal data concerning you were collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.
b) Information to third parties
If the person in charge has made the personal data concerning you public and is according to Art. 17 (1) of the EU-GDPR obligated to delete them, he shall take appropriate measures, including technical means, to inform data controllers who the according process personal data that you, as the person affected, have rightfully requested the erasure of all links to these personal data, as well as the erasure of copies or replications of these personal data.
c) Exceptions
The right to erasure does not exist if the processing is necessary
- to exercise the right to freedom of expression and information;
- to fulfill a legal obligation required by the law of the Union or of the Member States to which the controller is subject, or to carry out a task of public interest or in the exercise of official authority conferred on the controller;
- for reasons of public interest in the field of public health pursuant to Art. 9 (2) lit. h and i and Art. 9 (3) EU-GDPR;
- for archival purposes of public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) EU-GDPR, to the extent that the law referred to in subparagraph (a) is likely to render impossible or seriously affect the achievement of the objectives of that processing, or
- to assert, exercise or defend legal claims.
5. Right to Information
If you have asserted the right of rectification, erasure or restriction of processing to the controller, they are obliged to notify all recipients to whom your personal data have been disclosed of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.
You have a right to the person responsible to be informed about these recipients.
6. Right to Data Portability
You have the right to receive personal data you provide to the person responsible in a structured, common and machine-readable format. In addition, you have the right to transfer these data to another person without hindrance by the person responsible for providing the personal data, given that
- the processing is based on a consent according to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a EU-GDPR or on a contract according to Art. 6 para. 1 lit. b EU-GDPR and
- the processing is done using automated procedures.
In exercising this right, you also have the right to obtain that your personal data relating to you are transmitted directly from one person to another, insofar as this is technically feasible. Freedoms and rights of other persons may not be affected.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the controller.
7. Right to Object
You have the right at any given time, for reasons that arise from your particular situation, to object to the processing of your personal data as authorised by Art. 6 para. 1 lit. e or f EU-GDPR; this also applies to profiling based on these provisions.
The controller will no longer process the personal data concerning you unless he can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, exercising or defending legal claims.
If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any given time to the processing of your personal data for the purpose of advertising; this also applies to profiling insofar as it is associated with such direct mail.
If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
Regardless of Directive 2002/58 / EC, you have the option, in the context of the use of information society services, of exercising your right to object through automated procedures that use technical specifications.
8. Right to Revoke Prio Consent to the Processing of Personal Data
You have the right to revoke your data protection declaration at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.
9. Automated Decision on a Case-by-Case Basis, Including Profiling
You have the right not to be subjected to a decision based solely on automated processing – including profiling – that will have legal effect or affect you in a similar manner. This does not apply if the decision
- is required for the conclusion or performance of a contract between you and the controller,
- is permissible on the basis of Union or Member State legislation to which the controller is subject, and that legislation contains adequate measures to safeguard your rights and freedoms and your legitimate interests, or
- with your express consent.
We do not make use of automated decisions, be it in individual cases or profiling.
10. Right to Complain to a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of its residence, place of work or place of alleged infringement, if you believe that the processing of the personal data concerning you violates the EU-GDPR.
The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 of the EU-GDPR.
XII. Realisation of events
1. Description and amount of data processing
You have the possibility to register for events. We either organise these ourselves or together with cooperation partners. You can register using the corresponding form on our website. Optional information is marked as such in the forms.
The following data will be processed:
- date of the event
- addressing
- title
- name
- first name
- company
- position
- Email address
- phone number
- address
- telefax
- VAT identification number
- Your message (free text)
The following data is also stored at the time the message is sent:
- the user‘s IP address
- date and time of the request
With regard to the processing of data, reference is made to this data protection declaration during the registration process.
As an alternative, it is possible to contact us via the provided e-mail address. In this case, the user’s personal data transmitted with the e-mail will be stored.
If we organise the event together with a cooperation partner, your data may be passed on for the purpose of direct contacting.
2. Legal basis for data processing
The legal basis for the processing of data collected in the context of events is the respective contract (Art. 6 para. 1 lit. B GDPR). The transfer of data to our cooperation partners also happens on the basis of the contract, alternatively on the basis of legitimate interests according to Art. 6 para. 1 lit. f GDPR.
If the data is subject to consent, Art. 6 para. 1 lit. a GDPR is relevant.
3. Purpose of data processing
The processing of the personal data from the entry mask is used for the handling and realisation of our events.
The other personal data processed during the submission process serve to prevent misuse of the contact form and to ensure the security of our information technology systems. This is also our legitimate interest in processing the data according to Art. 6 Para. 1 lit. f GDPR.
4. Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected, unless other statutory retention obligations are relevant.
The additional personal data collected during the registration process will be deleted after a period of seven days at the latest.
5. Possibility of objection and removal
The user has the possibility to withdraw a given consent to the processing of personal data at any time. In addition, it is possible to object to the transfer of data to our cooperation partners.
The objection is possible via e-mail or contact form on our website.