Flyout Menu

Privacy Policy

 

I. Name and Address of the Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is:
 
TÜV TRUST IT GmbH Unternehmensgruppe TÜV AUSTRIA
 
Waltherstr. 49–51
51069 Cologne, Germany
Phone: +49 221 969789-0
Email: info@tuv-austria.com
Website: https://www.it-tuv.com
 

II. Name and Address of the Data Protection Officer

The data protection officer of the controller is:

Manuel Münchhausen

Email: datenschutz@tuv-austria.com

 

III. General Information on Data Processing

1. Scope of Processing Personal Data

We generally process personal data of our users only to the extent necessary to provide a functional website and our content and services. The processing of personal data of our users is regularly carried out only with the user’s consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of data is permitted by legal regulations.

2. Legal Basis for Processing Personal Data 

If we obtain consent from the data subject for processing operations, Art. 6(1)(a) GDPR serves as the legal basis. For processing personal data required for the performance of a contract to which the data subject is a party, Art. 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations necessary for pre-contractual measures. If processing is necessary to fulfill a legal obligation to which our company is subject, Art. 6(1)(c) GDPR serves as the legal basis. If processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights, and freedoms of the data subject do not override that interest, Art. 6(1)(f) GDPR serves as the legal basis.

3. Data Deletion and Storage Duration

Personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Data may be stored beyond this if provided for by European or national legislators in EU regulations, laws, or other provisions to which the controller is subject. Data will also be blocked or deleted when a legally prescribed retention period expires, unless further storage is necessary for contract conclusion or fulfillment.

 

IV. Use of eTracker

We use services provided by etracker GmbH, Hamburg, Germany (www.etracker.com) to analyze usage data.
The etracker consent manager module handles consent management. The etracker tag manager module allows integration of script codes from other tools. Together, these modules enable the control of specific cookies and services based on user consent. Even if statistical cookies are declined, usage data is collected in accordance with the legal requirements of the GDPR and the Telecommunications-Digital Services Data Protection Act (TDDDG).

Data processing is based on the legal provisions of Art. 6(1)(f) GDPR (legitimate interest). Our legitimate interest under the GDPR is to optimize our online offering and ensure compliant integration and management of additional services on our website. If consent is given, other technologies are used based on Art. 6(1)(a) GDPR. Consent can be revoked at any time.
Web analytics data generated by etracker is processed and stored exclusively in Germany on behalf of the website provider, and is subject to strict German and European data protection laws and standards. etracker has been independently audited, certified, and awarded the ePrivacyseal privacy seal. Because we value our visitors’ privacy, data that could potentially identify individuals—such as IP addresses, login or device identifiers—is anonymized or pseudonymized as early as possible. No other use, combination with other data, or disclosure to third parties takes place.

You may object to this data processing at any time by clicking the toggle switch. The objection has no negative consequences. If no toggle switch is displayed, data collection has already been blocked by other measures.

<a href=“#“ data-tld=“tuev.ihr-relaunch.de“ id=“et-opt-out“></a> <br>

More information on data protection at etracker can be found here: <a href=https://www.etracker.com/datenschutz/>hier</a>.


V. Chatbot

Our website includes a chatbot provided by ConRat WebSolutions GmbH, Gartenstraße 4, 37281 Wanfried, Germany (https://www.chatbot4you.io), hereafter referred to as ConRat. The chatbot is an intelligent software solution that interacts with website visitors and can independently request or provide certain information. The chatbot’s communication behavior is programmed by the website operator. ConRat is not involved in programming the chatbot’s behavior and only provides the software.

The communication content can be deleted manually; otherwise, it will be automatically deleted after a maximum of 3 months.

ChatBot4You sets a technically necessary cookie to enable contact via the chat window. This cookie stores a uniquely generated key that allows clear communication between you and us. It is a session cookie that is valid only during your browser session.

All data processed via the chatbot is encrypted and transmitted to a data center located in Germany, provided by ConRat. However, the website operator is solely responsible for data processing. ConRat acts only as a data processor. The website operator has signed a data processing agreement (DPA) with ConRat. This agreement is legally required and ensures GDPR-compliant data processing.

The chatbot is used based on our legitimate interest in providing simple and effective communication with our website visitors (Art. 6(1)(f) GDPR). No conflicting rights of website visitors are apparent.


VI. Newsletter

1. Description and Scope of Data Processing Our website offers the option to subscribe to a free newsletter. When registering, the data entered into the input form is transmitted to us. This includes:

  • Salutation
  • Last name
  • First name
  • Email address
 

Additionally, the following data is collected during registration:

  • IP address of the accessing device
  • Date and time of registration
  • Consent to data processing is obtained during registration and reference is made to this privacy policy.
 

If you order services from us and provide your email address, we may use it to send you newsletters. In this case, the newsletter will only contain direct advertising for our own similar products or services.

We may use technical service providers to send the newsletter. Your data will be used exclusively for this purpose.

2. Legal Basis for Data Processing The legal basis for processing data after newsletter registration is Art. 6(1)(a) GDPR if consent is given, or § 7(3) UWG following the sale of goods or services.

3. Purpose of Data Processing The email address is collected to deliver the newsletter. Other personal data collected during registration helps prevent misuse of the services or the email address.

4. Duration of Storage Data is deleted once it is no longer needed for its intended purpose. Your data will be stored as long as the newsletter subscription is active. Additional personal data collected during submission will be deleted after seven days at the latest.

5. Right to Object and Removal You may unsubscribe from the newsletter at any time. A corresponding link is included in every newsletter.


VII. Contact Form, Email Contact, and Personal Interaction

1. Description and Scope of Data Processing Our website includes a contact form for electronic communication. If a user uses this form, the data entered will be transmitted and stored. Optional fields are clearly marked. The data includes:

  • Salutation
  • Last name
  • First name
  • Company
  • Email address
  • Phone number
  • Message (free text)
 

At the time of submission, the following data is also stored:

  • IP address of the user
  • Date and time of registration Consent to data processing is obtained during submission, and reference is made to this privacy policy.
 

Alternatively, you may contact us via the provided email address. In this case, the personal data transmitted with the email will be stored. This also applies if we contact you by email following a personal conversation or if you provide your contact details in non-electronic form (e.g., business card).

If you are based in Austria, your inquiry will be forwarded to TÜV TRUST IT TÜV AUSTRIA GMBH, TÜV AUSTRIA-Platz 1, A-2345 Brunn am Gebirge for processing. No further data will be shared with third parties. The data will be used solely to process your inquiry and, if applicable, to fulfill contracts.

2. Legal Basis for Data Processing If consent is given, the legal basis is Art. 6(1)(a) GDPR. For data transmitted via email, the legal basis is Art. 6(1)(f) GDPR. If the email contact aims to conclude a contract, Art. 6(1)(b) GDPR also applies.

3. Purpose of Data Processing The personal data entered into the contact form is used solely to process your inquiry. In the case of email contact…

The email also provides the necessary legitimate interest for processing the data. Other personal data collected during the submission process helps prevent misuse of the contact form and ensures the security of our IT systems.

4. Duration of Storage Data is deleted as soon as it is no longer needed for the purpose for which it was collected. For personal data entered via the contact form or sent by email, this is the case when the conversation with the user has clearly ended. A conversation is considered ended when it can be reasonably inferred that the matter has been fully resolved. Additional personal data collected during submission will be deleted after a maximum of seven days.

5. Right to Object and Erasure Users may withdraw their consent to the processing of personal data at any time. If a user contacts us via email, they may object to the storage of their personal data at any time. In such cases, the conversation cannot be continued. Objections can be submitted via email or the contact form on our website. All personal data stored in connection with the contact will be deleted in this case.


VIII. Application Process and Recruitment

1. Description and Scope of Data Processing

If you apply for a position with us, we process the information you provide. Certain data is required to carry out the application process; additional data is submitted voluntarily. We use the application platform JOIN by JOIN Solutions AG to receive and manage applications. JOIN acts as a data processor on our behalf. We have signed a data processing agreement with JOIN Solutions AG. For more information on JOIN’s data protection, visit: https://join.com/de/datenschutz

2. Purpose and Legal Basis for Data Processing

Your data is processed to decide whether to establish an employment relationship in accordance with Art. 6(1)(b) GDPR. If necessary, we process your data beyond this decision based on our legitimate interest under Art. 6(1)(f) GDPR, for example, for scheduling and task planning during the recruitment process. If you have given us consent under Art. 6(1)(a) GDPR to process your data for specific purposes (e.g., storing unsolicited applications for future job openings), the processing is lawful based on your consent. You may withdraw your consent at any time.

3. Duration of Storage

Application data is stored for six months. If an employment relationship is established, relevant personal data will be stored for the duration of the employment. With your consent, we may store application data for longer than six months to consider it for future job openings. Data will be deleted if there is no contact for more than 12 months. You may withdraw your consent at any time. Additionally, we are subject to various retention and documentation obligations under the German Commercial Code (HGB) and the Fiscal Code (AO). These retention periods range from six to ten years, especially in cases involving reimbursement of travel expenses.

4. Right to Object and Erasure

You may withdraw your consent at any time. Objections can be submitted via email or the contact form on our website. You may also edit or delete your profile stored with JOIN at any time. However, deleting your profile during an ongoing application process may hinder or prevent its completion.

5. Obligation to Provide Data You are only required to provide personal data necessary for deciding on an employment relationship or data we are legally obligated to collect. Without this data, we may not be able to proceed with the application process or conclude a contract.


IX. Social Media Links

Our website contains links to social networks such as Facebook, Twitter, LinkedIn, and Xing. When accessing parts of our website that include these links, no personal data is transmitted to the operators of these networks. Only when you click the link and visit the respective social network will the operator receive personal data about you. For more information on data processing and the responsible party under Art. 4 No. 7 GDPR, please refer to the privacy policy of the respective network:

  • Facebook: https://www.facebook.com/policy.php
  • X: https://x.com/de/privacy
  • LinkedIn: https://www.linkedin.com/legal/privacy-policy?_l=de_DE
  • Xing: https://privacy.xing.com/de/datenschutzerklaerung
 

X. Event Management

1. Description and Scope of Data Processing

You may register for events organized by us or in cooperation with partners. Registration is possible via the form on our website. Optional fields are clearly marked. The following data is processed:

  • Event date
  • Salutation
  • Title
  • Last name
  • First name
  • Company
  • Position
  • Email address
  • Phone number
  • Address
  • Fax number
  • VAT identification number
  • Your message (free text)
 

At the time of submission, the following data is also stored:

  • IP address of the user
  • Date and time of the request
 

During registration, reference is made to this privacy policy. Alternatively, you may contact us via the provided email address. In this case, the personal data transmitted via email will be stored. If the event is held in cooperation with a partner, your data may be shared with them for direct contact.

2. Legal Basis for Data Processing The legal basis for processing data collected during events is the relevant contract (Art. 6(1)(b) GDPR). Data may also be shared with our partners based on the contract or our legitimate interest under Art. 6(1)(f) GDPR. If the data is subject to consent, Art. 6(1)(a) GDPR applies.

3. Purpose of Data Processing The personal data collected via the registration form is used to manage and carry out our events.

Other personal data processed during the submission process serves to prevent misuse of the contact form and to ensure the security of our IT systems. This also constitutes our legitimate interest in processing the data pursuant to Art. 6(1)(f) GDPR.

4. Duration of Storage Data will be deleted as soon as it is no longer required for the purpose for which it was collected, unless other legal retention obligations apply. Additional personal data collected during the registration process will be deleted no later than seven days after submission.

5. Right to Object and Erasure Users may withdraw their consent to the processing of personal data at any time. Additionally, they may object to the transfer of their data to our cooperation partners. Objections can be submitted via email or the contact form on our website.


XI. Rights of the Data Subject

If your personal data is processed, you are considered a data subject under the GDPR and have the following rights with respect to the controller:

1. Right of Access

You may request confirmation from the controller as to whether personal data concerning you is being processed. If such processing is taking place, you may request access to the following information:

  1. The purposes of the processing
  2. The categories of personal data being processed
  3. The recipients or categories of recipients to whom your personal data has been or will be disclosed
  4. The planned duration of storage of your personal data, or if specific information is not available, the criteria used to determine the storage period
  5. The existence of a right to rectification or erasure of your personal data, a right to restriction of processing by the controller, or a right to object to such processing
  6. The existence of a right to lodge a complaint with a supervisory authority
  7. All available information about the origin of the data, if the personal data was not collected directly from you
  8. The existence of automated decision-making, including profiling, pursuant to Art. 22(1) and (4) GDPR, and—at least in these cases—meaningful information about the logic involved, as well as the significance and intended consequences of such processing for you
 

You also have the right to request information on whether your personal data is transferred to a third country or an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR relating to the transfer.

2. Right to Rectification

You have the right to request the rectification and/or completion of your personal data if it is inaccurate or incomplete. The controller must carry out the correction without delay.

3. Right to Restriction of Processing

You may request the restriction of processing of your personal data under the following conditions:

  1. You contest the accuracy of your personal data for a period that allows the controller to verify its accuracy
  2. The processing is unlawful and you oppose the erasure of the personal data and instead request the restriction of its use
  3. The controller no longer needs the personal data for processing purposes, but you require it for the establishment, exercise, or defense of legal claims
  4. You have objected to processing pursuant to Art. 21(1) GDPR and it has not yet been determined whether the legitimate grounds of the controller override your interests
 

If processing has been restricted under the above conditions, such data—apart from storage—may only be processed with your consent or for the establishment, exercise, or defense of legal claims, or to protect the rights of another natural or legal person, or for reasons of important public interest of the Union or a Member State. If the restriction of processing is lifted, you will be informed by the controller.

4. Right to Erasure

a) Obligation to Erase

You may request that the controller erase your personal data without undue delay, and the controller is obliged to do so if one of the following reasons applies:

  1. The personal data is no longer necessary for the purposes for which it was collected or otherwise processed
  2. You withdraw your consent on which the processing was based pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR, and there is no other legal basis for the processing
  3. You object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object pursuant to Art. 21(2) GDPR
  4. Your personal data has been unlawfully processed
  5. Erasure is required to comply with a legal obligation under Union or Member State law to which the controller is subject
  6. The personal data was collected in relation to services offered by the information society pursuant to Art. 8(1) GDPR
 

b) Notification to Third Parties

If the controller has made your personal data public and is obliged to erase it pursuant to Art. 17(1) GDPR, the controller shall take reasonable steps, including technical measures, considering available technology and implementation costs, to inform other controllers processing the personal data that you, as the data subject, have requested the erasure of all links to, copies of, or replications of that personal data.

C) Exceptions

The right to erasure does not apply if processing is necessary:

  1. For exercising the right to freedom of expression and information
  2. For compliance with a legal obligation requiring processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
  3. For reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) GDPR
  4. For archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Art. 89(1) GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing
  5. For the establishment, exercise, or defense of legal claims
 

5. Right to Notification

If you have exercised your right to rectification, erasure, or restriction of processing, the controller is obliged to inform all recipients to whom your personal data has been disclosed of this correction or deletion of data or restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients.

6. Right to Data Portability

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the data was originally provided, provided that:

  1. The processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, or on a contract pursuant to Art. 6(1)(b) GDPR
  2. The processing is carried out by automated means
 

In exercising this right, you also have the right to have your personal data transmitted directly from one controller to another, where technically feasible. This must not adversely affect the rights and freedoms of others. The right to data portability does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to Object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on Art. 6(1)(e) or (f) GDPR, including profiling based on those provisions. The controller will no longer process your personal data unless compelling legitimate grounds for the processing can be demonstrated that override your interests, rights, and freedoms, or the processing is for the establishment, exercise, or defense of legal claims.

If your personal data is processed for direct marketing purposes, you have the right to object at any time to such processing, including profiling related to direct marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

You may exercise your right to object in connection with the use of information society services—regardless of Directive 2002/58/EC—by means of automated procedures using technical specifications.

8. Right to Withdraw Consent

You have the right to withdraw your data protection consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

9. Automated Individual Decision-Making Including Profiling

You have the right not to be subject to a decision based solely on automated processing—including profiling—that produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:

  1. Is necessary for entering into or performing a contract between you and the controller
  2. Is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests
  3. Is based on your explicit consent
 

We do not use automated decision-making or profiling.

10. Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority—particularly in the Member State of your residence, place of work, or place of the alleged infringement—if you believe that the processing of your personal data violates the GDPR.

Contact details of the supervisory authority responsible for us:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen

Kavalleriestr. 2-4
40213 Düsseldorf
Telefon: 0211/38424-0
Fax: 0211/38424-999
E-Mail: poststelle@ldi.nrw.de