- Processing of personal data
- Transfer to third parties
- Website tracking
- Embedding of social plugins
- Online presences in social media
- Use of Google Maps
- User comments
- Standard periods for deletion of data
- Other data use and deletion
- Misuse detection and prosecution
- Rights concerning the processing of personal data
- Right to object
- Right to file a complaint with a supervisory authority
- Data Protection Officer
- Contact data of the controller
Welcome to the TÜV Hessen website ( https://www.tuev-hessen.com). We appreciate your interest in our company. Protection of the personal data you entrust to us is a priority for us, and we want you to feel safe and secure when you visit our website or use our online offers.
It is important to us that you are fully informed about the personal data that we collect when you use our online offers and services, and are familiar with how we use them.
Intended use of data processing
Wherever TÜV Hessen processes personal data, such processing is carried out for the purposes defined in this data privacy statement.
Visiting our website
We record and save your computer's IP address in order to send the contents of our website visited by you to your computer (e.g. texts, pictures, and files provided for downloading, etc.) (cf. Art. 6 (1) lit. b GDPR). We also process these data to identify and pursue any misuse. Legal basis in this case is Art. 6 (1) lit. f GDPR. In this context, our legitimate interest in data processing is to ensure the due functioning of our website and the business transacted via the website.
In as far as we process your data as described above for the purpose of providing the functions of our website, you are contractually bound to make these data available to us.
We also process personal data that you provide voluntarily, e.g. when you make an inquiry or online appointment, or when you order information material or newsletters. Legal basis in this case is Art. 6 (1) lit. b GDPR. The data processed by us in this context include the data of customers, employees, and suppliers to the extent necessary for the purposes specified within the scope of this data privacy statement.
In as far as we process your data as described above for the purpose of accepting and processing your inquiry, appointment, or (newsletter) order, you are contractually bound to make these data available to us. We are unable to process your request without the data.
Where you have given your consent to the processing of personal data (cf. Art. 6 (1) lit. a GDPR), you can withdraw your consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent up to the time of withdrawal of consent.
Newsletters and use of email-marketing service “inxmail”
With your consent, you can subscribe to our newsletter, with which we will inform and send you updates on our latest offers or services, products and partners via email.
The only requirement for sending the newsletter is your email address. The details of salutation, surname and first name are used exclusively to address you personally. In addition, we store your IP addresses and times of registration and confirmation. The purpose of the procedure is to prove your registration and, if necessary, to inform you about possible misuse of your personal data.
If you have signed up or otherwise agreed to receive newsletters or other update services, we will process your contact data that you have given to provide those services for you. The processing is based on our legitimate interests according to Art. 6 (1) (f) GDPR to pursue business development activities, or, as the case may be, for the performance of a contract according to Art. 6 (1) (b) GDPR. In other cases, we may ask you for your explicit consent under Art. 6 (1) (a) GDPR.
Our newsletter is distributed via “inxmail”, a platform of the German email marketing provider Inxmail GmbH, Wentzingerstr. 17, 79106 Freiburg.
Therefore, your email address as well as other contact data that you have given will be processed on the servers of inxmail.
Due to our data processing agreement, inxmail is obliged to comply with our data protection regulations. For more detailed information on the conditions of use and data privacy of inxmail please visit https://www.inxmail.com/data-conditions.
Cancellation / revocation: You can revoke your consent or terminate the receipt of our newsletter at any time. At the same time, your consent to sending it via inxmail and the statistical analyses will lapse. A link to cancel the newsletter can be found at the end of each newsletter.
Transfer to third parties
We generally transfer your data to the relevant TÜV SÜD company where it is processed to deliver the service and support you requested.
This means that information may also be processed by other legal entities of the TÜV SÜD Group. However, such processing is limited to the extent required for the purposes defined in this data privacy statement or to which the other legal entity acting as a service provider / processor has to follow the instructions given by the controller.
In this context, we sometimes use service providers (located in Germany) which process data on our behalf (e.g. in email marketing or software design and development, or to support processing of customer inquiries). In these cases, the information is transferred to third parties to enable further processing. External service providers are selected carefully and audited at regular intervals to ensure protection of your data privacy.
These service providers / processors are bound by instructions. Given this, they are subject to our requirements, which include processing of your data exclusively in line with our instructions and in compliance with the applicable Data Protection Act. In particular, they are contractually bound to treat your data with strict confidentiality, and are not permitted to process data for other purposes than the ones agreed.
Data transfer to the data processor is effected on the basis of Art. 28 (1) GDPR.
We will not sell your data to third parties or otherwise share them for commercial purposes.
Beyond the above, we will transfer your personal data to prosecution authorities and, if applicable, damaged third parties without your explicit consent where this is necessary for clarifying illegal use of our services or for legal prosecution. However, such a transfer will only take place if there is concrete evidence of illegal conduct or misuse. Transfer of your data may also take place where this contributes to enforcing the conditions of use or other agreements. We are also under legal obligation to provide information to certain public bodies on request. These comprise prosecution authorities, authorities prosecuting offences punishable by a fine, and financial authorities.
The transfer of these data is based on our legitimate interest in fighting misuse, prosecuting criminal acts, and securing, asserting, and enforcing claims unless our interests are overridden by your rights and interests in the protection of your personal data, Art. 6 (1) lit. f GDPR.
At present, data transfer to third countries is not planned. Otherwise we will establish the required legal conditions. In particular, you will be informed of the respective recipients or categories of recipients of the personal data in line with the legal requirements.
TÜV Hessen takes appropriate technical and organizational measures to protect any personal data you provide to TÜV Hessen from accidental or intentional manipulation, loss, destruction, or access by unauthorized parties. This also applies to any external services purchased. We verify the effectiveness of our data protection measures and continuously improve them in line with technological development. Any personal data entered are encrypted during transfer using a secure encryption process.
We use the following types of cookies:
- Essential/necessary cookies
These cookies are essential for the functioning of our website. This includes, for example, issue of anonymous session IDs to summarize multiple queries to a web server, or ensuring fault-free functioning of registrations and orders.
- Functionality cookies
These cookies help us to save your chosen settings or support other functions when you are navigating our website. They allow us, for example, to remember your preferred settings for your next visit or save your login data for certain areas of our Website.
- Performance/statistics cookies
These cookies collect information about how you use our website (e.g. which Internet browser you use, how often you visit our website, which pages you open, or how long you stay on our website). These cookies do not store any information that enables visitors to be personally identified. The information collected with the help of these cookies is aggregated, and thus anonymous.
You can accept or decline cookies - including those used for website tracking - by selecting the appropriate settings for your browser. You can set your browser to notify you when you receive a new cookie, or to decline cookies altogether. However, if you choose to decline cookies you may not be able to use all the features of our website (e.g. for purchasing orders). Your browser also offers you the option to delete cookies (e.g. via the Clear Browsing History function). For further information, please refer to the user help function under Settings in your web browser.
This website uses the web analysis service offered by etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, www.etracker.com*
During your visit of our website the following data is collected and stored to serve marketing and optimizing purposes:
- Request (pagename)
- Browser (e.g. Internet Explorer)
- Browser language (e.g. English)
- Operating system (e.g.: Windows 10)
- Referrer URL (previously visited page)
- Anonymized (shortened) IP address
- Time of access
- City and country
These data can be used to create pseudonymized user profiles. For this purpose, cookies can be used (see Cookies). Without the consent of the affected person, the data collected with etracker- technology is not used to identify the visitor of the website or to merge personal data with the pseudonym.
You can object to the data processing described above at any time, insofar as it is done in a person-related manner.
This website uses etracker to collect data about how users interact with the website and its content. TÜV Hessen uses this data to ensure that the website creates added value for its visitors, for example through content adapted to your personal needs. This data is only available to the owner of the website; they are encrypted before capture. Your safety and privacy will not be compromised.
Further information on data protection at etracker can be found at https://www.etracker.com/en/data-privacy/.
To deactivate etracker and end the collection of usage data, a cookie (named “cntcookie”) must be set by eTracker. The cookie is available under http://www.etracker.de/privacy?et=Zl3oQb. If the cookie is set, the usage data is not collected.
Web analytics will remain disabled as long as you do not disable or delete the eTracker cookie. Therefore, please do not delete the cookie as long as the respective web analysis is not desired.
Our website uses buttons for the following social Networks
- facebook, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA
- LinkedIn, LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA
- Twitter, Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA
- Xing, XING AG, Gänsemarkt 43, 20354 Hamburg, Deutschland
- YouTube, LLC, 901 Cherry Ave., San Bruno CA 94066, USA
The buttons show the logos of the individual social networks. However, the buttons are not standard social plugins, i.e. plugins provided by social networks, but links with button icons. These buttons are only activated by deliberate actions (clicking). As long as you do not click the buttons, no data will be transferred to the social networks. By clicking the buttons, you accept communication with the servers of the social network, thereby activating the buttons and establishing the link.
Once clicked, the button functions as a share plugin. The social network then obtains information about the site you have visited, which you can share with your friends and contacts. You need to be logged in to “share” information. If you are not logged in, you will be forwarded to the login page of the social network you have clicked, thereby leaving the pages of tuev-hessen.de. If you are logged in, your “like” or recommendation of the article in question will be transmitted.
When you activate the button, the social networks will also receive the information that you accessed the respective page of our website and when you did so. In addition, information such as your IP address, details about the browser you used, and your language settings may be transmitted. If you click the button, your click will be transferred to the social network and used according to their data policy.
When you click the button we have no control over the data collected and the data-processing operations. We are not responsible for this data processing, nor are we the “controller” as defined in the GDPR. Neither are we aware of the full extent of data collection, its legal basis, purposes and storage periods. Given this, the information provided here is not necessarily complete.
As far as we know, these providers store these data in user profiles which they use for advertising, market research and/or demand-oriented website design. This type of analysis is performed (also for users who are not logged in) to present demand-oriented advertising and inform other users of the social network of your activities on our website. You have the right to object to the creation of these user profiles. To exercise your right of objection, please contact the relevant provider.
Please consult the information provided by the following social media sites for details of the purpose and scope of data collection and of further processing and use of the data by the respective social network, and for your rights and privacy settings:
- Facebook: http://www.facebook.com/about/privacy
- Google: http://www.google.com/intl/de/policies/privacy
- Twitter: http://twitter.com/privacy
- Xing: https://www.xing.com/privacy
- bei youtube: http://www.youtube.com/t/privacy_at_youtube
- LinkedIN: http://www.linkedin.com/static?key=privacy_policy&trk=hb_ft_priv
If you do not wish social networks to obtain data about you, do not click the button.
TÜV Hessen maintains several online presences within social networks and platforms, such as Facebook, Twitter, youtube, Xing and LinkedIn, in order to be able to communicate with active users there and to inform them about our service portfolio. TÜV Hessen uses the technical platforms and services offered by the operators. In social networks and on other external platforms the data protection regulations of the operators apply, even though we publish information and maintain presences there.
We would like to point out that you use the services of the social networks and platforms offered here as well as their functions under your own responsibility.
This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating etc.). The data collected about you in this context will be processed by the platform operators and, if necessary, transferred to countries outside the European Union. Which information the operators receive and how these are used, describe the respective data protection guidelines in general form. On the individual platforms you will also find information on how to contact the operators and on the setting for advertisements.
- Facebook: http://www.facebook.com/about/privacy
- Google: http://www.google.com/intl/de/policies/privacy
- Twitter: http://twitter.com/privacy
- Xing: https://www.xing.com/privacy
- youtube: http://www.youtube.com/t/privacy_at_youtube
- LinkedIn: http://www.linkedin.com/static?key=privacy_policy&trk=hb_ft_priv
In which way the social network operators use the data from the visits of the respective pages for own purposes, to what extent activities on the pages are assigned to individual users, how long these data are stored and whether data from a visit of the respective page are passed on to third parties, is not conclusively and clearly named by the operators and is not known to us.
- Facebook Insights
Objection against the processing can be made via the following link www.facebook.com/settings.
Further information can be found on Facebook at the following link: de-de.facebook.com/help/pages/insights.
- Facebook Pixel
Furthermore, Facebook uses the remarketing tool „Facebook Pixel“, a service of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. This function is used to display interest-based adverts (“Facebook ads”) to visitors when they visit the website. For this purpose, Facebook's remarketing tag has been implemented on this website. The tag establishes a direct connection to the Facebook servers when you visit the website. This information is transmitted to the Facebook server that you have visited this website and Facebook assigns this information to your personal Facebook user account.
- Twitter Analytics
It’ a service provided by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA. Twitter Analytics stores and processes information about your behaviour on our online presences within social media. Twitter Analytics uses, among other things, cookies that are stored locally in the cache of your browser and which enables the analysis of your use of social media platforms.
- Adobe Marketing Cloud
- Google Analytics & Google Conversion Trackings
- Adobe Marketing Cloud
- Facebook Pixel
Xing uses the remarketing tool „Facebook Pixel“, a service of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. This function is used to display interest-based adverts (“Facebook ads”) to visitors when they visit the website. For this purpose, Facebook's remarketing tag has been implemented on this website. The tag establishes a direct connection to the Facebook servers when you visit the website. This information is transmitted to the Facebook server that you have visited this website and Facebook assigns this information to your personal Facebook user account.https://www.facebook.com/business/help/742478679120153?helpref=search&sr=3&query=pixel
- Facebook Pixel
LinkedIn uses the remarketing tool „Facebook Pixel“, a service of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. This function is used to display interest-based adverts (“Facebook ads”) to visitors when they visit the website. For this purpose, Facebook's remarketing tag has been implemented on this website. The tag establishes a direct connection to the Facebook servers when you visit the website. This information is transmitted to the Facebook server that you have visited this website and Facebook assigns this information to your personal Facebook user account.
- Nielsen NetRatings
Nielsen NetRatings is provided by Nielsen GmbH, Lindwurmstraße 10, 80634 Munich and is an Internet tracking service for measuring and analyzing consumer behavior. You can object to the collection or evaluation of your data using this tool by downloading or setting and saving the opt-out cookie available under the following link: http://www.nielsen.com/us/en/privacy-statement/digital-measurement.htm
AppNexus is provided by von AppNexus Inc., 28 W 23rd Street, 4th floor, New York, NY - 10010, USA and is a tool for web analysis and interest-oriented advertisement. You can object the collection and evaluation of your data here: https://www.appnexus.com/en/company/platform-privacy-policy-de.
- Eloqua Tracking
Eloqua, a service of Oracle Cor, 500 Oracle Parkway, M/S 5op7, Redwood Shores, CA 94065, USA, places a persistent cookie on the respective login page, if no Eloqua cookie already exists on your device. If you have already used a website that uses Eloqua, you may already have an Eloqua cookie. The Eloqua cookie may be used to analyze your use of pages to improve them. Emails sent using Eloqua use the tracking technologies described above. If you want to completely eliminate the use of Eloqua tracking technologies for your device, you can do so on the Eloqua Opt-Out page.
- Twitter Analytics & Twitter Ads
Twitter Analytics is a service provided by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA. Twitter Analytics stores and processes information about your behaviour on our online presences within social media. Twitter Analytics uses, among other things, cookies that are stored locally in the cache of your browser and which enables the analysis of your use of social media platforms. Twitter Ads enables target-oriented campaigns.
- Facebook Insights
When visiting our Facebook page, Facebook (Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA) collects your IP address and other information available on your device via cookies. This information is used to provide the operator of a Facebook fanpage with statistical information about the use of this page. Facebook provides more information on this under the following link
- Google Analytics
Infusionsoft is a program for preparing, creation and executing targeted marketing campaigns. The operator of Infusionsoft is Infusionsoft Inc, 1260 p. Spetrum Blvd, Chandler, AZ 85286, USA. The software makes it possible to link statistical data and network behaviour of individual users with the contact data of specific persons for marketing purposes. If you install a deactivation add-on for your web browser, you can object to the collection of your data.
- DoubleClick Floodlight
DoubleClick Floodlight is a service provided by Google Inc., Moutain View, Kalifornien, USA. DoubleClick Floodlight-cookies enable enable us to understand whether you complete certain actions on the social media platforms after viewing a display/video ad on Google or other platforms via DoubleClick or clicking through. DoubleClick uses this cookie to understand the content you have interacted with on our websites in order to send you targeted advertising later. https://support.google.com/ds/answer/2839090?hl=en
- Facebook Insights
Through Facebook Insights, a service provided Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA, Facebook collects, among other things, your IP address and other information available on your PC in the form of cookies. This information is used to provide statistical information about the use of the respective site. Facebook provides more information on this under the following link:
Further information regarding MediaMind data protection can be found at
You can disable the MediaMind cookies here http://www.networkadvertising.org/choices/.
The TÜV Hessen website uses Google Maps API, a Google interactive service (“Google”), to display an interactive map or create a route map. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States.
Through the use of Google Maps, information about your use of this website (including your IP address) may be transferred to a Google server in the United States of America and stored there. Google will transfer the information obtained through Google Maps to third parties if this is required by law or if third parties process these data on behalf of Google.
By using this website and not disabling java, you agree with the collection, processing and use of the automatically collected data and the data entered by you (including your IP address) by Google, one of its representatives or third-party providers.
In-depth information about transparency and choices, as well as the data protection policy, can be found at the Google Privacy Center: https://www.google.com/intl/en/policies/privacy/?fg=1
Services can be used on mobile devices such as smartphones or iPads (with iOS as operating system). In part, content will be downloaded from other sources (due to up-to-dateness of the data, e.g. the list of test centers). Functions are executed on the mobile devices. If we retrieve external functions from our servers (…), the data will be deleted after the results are transferred. We process personal data required for the use of the app or if you have given your explicit consent. Your data is not transferred to third parties. We reserve the right to analyse anonymized data statistically.
For localization services, geo data is used (e.g. your location while using the function “find next test center”) We do not combine this geo data with your personal data, but use it only for the purpose of localization within the framework of the app or sub-function of an app you have called up. After localization, we delete this geo data. Depending on your device, you can also generally switch off the localization. However, the localization function of the app cannot be used anymore. Data is also stored on your mobile device. The storage of personal data is always in encrypted form, some data is also stored in unencrypted form (e.g. settings of specific on/off switches of our apps).
In case of losing your device, misuse by third parties cannot be ruled out. We therefore recommend using the device-specific measures against misuse (encryption, usage lock). Please refer to the information provided by the manufacturer of your device. You should also use the possibilities to remove personal data from your device in case of passing it on, e.g. when selling it.
Legislation has defined numerous data storage periods and obligations. At the end of these periods, the relevant data will be routinely deleted. Data that are not affected by the above storage periods and obligations are deleted or anonymized as soon as the purposes defined in this data privacy statement no longer apply. Unless this data privacy statement includes other deviating provisions for data storage, we will store any data we collect for as long as they are required for the above purposes for which they were collected.
Any further processing or use of your personal data will generally only be carried out to the extent permitted on the basis of a legal regulation or where you have consented to data processing or data use. In the case of further processing for other purposes than the ones for which the data were originally collected, we will inform you about these other services and provide you with all other significant information before further processing.
Information for the detection and prosecution of misuse, in particular your IP address, will be kept available for a maximum of 7 days. The legal basis in this respect is Art. 6 para. 1 lit. f DSGVO. Our legitimate interest in the retention of data for 7 days is to ensure the proper functioning of our website and the transactions conducted over it, and to be able to ward off cyber attacks and the like. We may use anonymous usage information to design our website to meet your needs.
If you think that processing of personal data concerning you and carried out by us is unlawful or impermissible, you have the right to file a complaint with the supervisory authority responsible for us. You can contact this authority at
Der Hessische Datenschutzbeauftragte
Postfach 31 63
Phone: +49 611 1408-0
Right of access
On request, you have the right to obtain information from us about the personal data concerning you and processed by us, to the extent defined in Art. 15 GDPR. You can send your request either by mail or email to the addresses given below.
Right to rectification
You have the right to require us to rectify any inaccurate personal data concerning you without undue delay (Art. 16 GDPR). For this purpose, please contact the address given below.
Right to deletion
Where the legal reasons defined in Art. 17 GDPR apply, you have the right to immediate deletion (“right to be forgotten”) of personal data concerning you. These legal reasons include: the personal data are no longer necessary for the purposes for which they were processed, or you withdraw your consent, and there are no other legal grounds for processing; the data subject objects to the processing (and there are no overriding legitimate grounds for processing––does not apply to objections to direct advertising). To assert your above right, please contact the contact address given below.
Right to restriction of processing
If the criteria defined in Art. 18 GDPR are fulfilled, you have the right to restriction of processing as established in the above article of the GDPR. According to this article, restriction of processing may be called for in particular if processing is unlawful and the data subject opposes deletion of the personal data and requests the restriction of their use instead, or if the data subject has objected to processing according to Art. 21 (1) GDPR as long as it is unclear whether our legitimate interest overrides the interest of the data subject. To assert your above right, please contact the contact address given below.
Right to data portability
You have the right to data portability as defined in Art. 20 GDPR. This means you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, and have the right to transmit those data to another controller, such as another service provider. Prerequisite is that processing is based on consent or a contract, and is carried out using automated means. To assert your above right, please contact the contact address given below.
|You have the right to object at any time under Art. 21 GDPR to processing of personal data concerning you which is based on Art 6 (1) lit. e or f GDPR, on grounds relating to your particular situation. We will desist from processing your personal data unless we can demonstrate compelling legitimate grounds for processing which override your interests, rights, and freedoms, or unless processing is for the establishment, exercise, or defence of legal claims. To assert your above right, please contact the contact address given below.|
Please address any questions regarding the processing of your personal data, requests for information, applications, or complaints directly to our data protection officer, who will be happy to be of service:
Data Protection Officer of TÜV Hessen