Data protection

Welcome to the TÜV Hessen website ( https://www.tuev-hessen.com). We appreciate your interest in our company. Protection of the personal data you entrust to us is a priority for us, and we want you to feel safe and secure when you visit our website or use our online offers.

It is important to us that you are fully informed about the personal data that we collect when you use our online offers and services, and are familiar with how we use them.

Intended use of data processing

Wherever TÜV Hessen processes personal data, such processing is carried out for the purposes defined in this data privacy statement.

Processing of personal data

Visiting our website

We record and save your computer's IP address in order to send the contents of our website visited by you to your computer (e.g. texts, pictures, and files provided for downloading, etc.) (cf. Art. 6 (1) lit. b GDPR). We also process these data to identify and pursue any misuse. Legal basis in this case is Art. 6 (1) lit. f GDPR. In this context, our legitimate interest in data processing is to ensure the due functioning of our website and the business transacted via the website.

In as far as we process your data as described above for the purpose of providing the functions of our website, you are contractually bound to make these data available to us.

Other purposes

We also process personal data that you provide voluntarily, e.g. when you make an inquiry or online appointment, or when you order information material or newsletters. Legal basis in this case is Art. 6 (1) lit. b GDPR. The data processed by us in this context include the data of customers, employees, and suppliers to the extent necessary for the purposes specified within the scope of this data privacy statement.

In as far as we process your data as described above for the purpose of accepting and processing your inquiry, appointment, or (newsletter) order, you are contractually bound to make these data available to us. We are unable to process your request without the data.

Where you have given your consent to the processing of personal data (cf. Art. 6 (1) lit. a GDPR), you can withdraw your consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent up to the time of withdrawal of consent.

Newsletters and use of email-marketing service “inxmail”

With your consent, you can subscribe to our newsletter, with which we will inform and send you updates on our latest offers or services, products and partners via email.

The only requirement for sending the newsletter is your email address. The details of salutation, surname and first name are used exclusively to address you personally. In addition, we store your IP addresses and times of registration and confirmation. The purpose of the procedure is to prove your registration and, if necessary, to inform you about possible misuse of your personal data.

If you have signed up or otherwise agreed to receive newsletters or other update services, we will process your contact data that you have given to provide those services for you. The processing is based on our legitimate interests according to Art. 6 (1) (f) GDPR to pursue business development activities, or, as the case may be, for the performance of a contract according to Art. 6 (1) (b) GDPR. In other cases, we may ask you for your explicit consent under Art. 6 (1) (a) GDPR.

Our newsletter is distributed via “inxmail”, a platform of the German email marketing provider Inxmail GmbH, Wentzingerstr. 17, 79106 Freiburg.

Therefore, your email address as well as other contact data that you have given will be processed on the servers of inxmail.

Due to our data processing agreement, inxmail is obliged to comply with our data protection regulations. For more detailed information on the conditions of use and data privacy of inxmail please visit https://www.inxmail.com/data-conditions.

Cancellation / revocation: You can revoke your consent or terminate the receipt of our newsletter at any time. At the same time, your consent to sending it via inxmail and the statistical analyses will lapse. A link to cancel the newsletter can be found at the end of each newsletter.

Transfer to third parties

We generally transfer your data to the relevant TÜV SÜD company where it is processed to deliver the service and support you requested.

This means that information may also be processed by other legal entities of the TÜV SÜD Group. However, such processing is limited to the extent required for the purposes defined in this data privacy statement or to which the other legal entity acting as a service provider / processor has to follow the instructions given by the controller.

In this context, we sometimes use service providers (located in Germany) which process data on our behalf (e.g. in email marketing or software design and development, or to support processing of customer inquiries). In these cases, the information is transferred to third parties to enable further processing. External service providers are selected carefully and audited at regular intervals to ensure protection of your data privacy.

These service providers / processors are bound by instructions. Given this, they are subject to our requirements, which include processing of your data exclusively in line with our instructions and in compliance with the applicable Data Protection Act. In particular, they are contractually bound to treat your data with strict confidentiality, and are not permitted to process data for other purposes than the ones agreed.

Data transfer to the data processor is effected on the basis of Art. 28 (1) GDPR.

We will not sell your data to third parties or otherwise share them for commercial purposes.

Beyond the above, we will transfer your personal data to prosecution authorities and, if applicable, damaged third parties without your explicit consent where this is necessary for clarifying illegal use of our services or for legal prosecution. However, such a transfer will only take place if there is concrete evidence of illegal conduct or misuse. Transfer of your data may also take place where this contributes to enforcing the conditions of use or other agreements. We are also under legal obligation to provide information to certain public bodies on request. These comprise prosecution authorities, authorities prosecuting offences punishable by a fine, and financial authorities.

The transfer of these data is based on our legitimate interest in fighting misuse, prosecuting criminal acts, and securing, asserting, and enforcing claims unless our interests are overridden by your rights and interests in the protection of your personal data, Art. 6 (1) lit. f GDPR.

Intended data transfer to third countries

At present, data transfer to third countries is not planned. Otherwise we will establish the required legal conditions. In particular, you will be informed of the respective recipients or categories of recipients of the personal data in line with the legal requirements.

Security

TÜV Hessen takes appropriate technical and organizational measures to protect any personal data you provide to TÜV Hessen from accidental or intentional manipulation, loss, destruction, or access by unauthorized parties. This also applies to any external services purchased. We verify the effectiveness of our data protection measures and continuously improve them in line with technological development. Any personal data entered are encrypted during transfer using a secure encryption process.

Cookies

For a user-friendly website experience and to tailor the operations of our website to your needs, some areas of our website may use cookies. A cookie is a small file that is stored locally on your computer when you visit a website. When you revisit the website on the same device, the cookie will indicate, for example, that you are a repeat visitor. Cookies also allow us to analyze the use of our website. They do not include any personal data and cannot identify you on third-party websites––including those of analytics providers.

We use the following types of cookies:

  • Essential/necessary cookies

These cookies are essential for the functioning of our website. This includes, for example, issue of anonymous session IDs to summarize multiple queries to a web server, or ensuring fault-free functioning of registrations and orders.

  • Functionality cookies

These cookies help us to save your chosen settings or support other functions when you are navigating our website. They allow us, for example, to remember your preferred settings for your next visit or save your login data for certain areas of our Website.

  • Performance/statistics cookies

These cookies collect information about how you use our website (e.g. which Internet browser you use, how often you visit our website, which pages you open, or how long you stay on our website). These cookies do not store any information that enables visitors to be personally identified. The information collected with the help of these cookies is aggregated, and thus anonymous.

You can accept or decline cookies - including those used for website tracking - by selecting the appropriate settings for your browser. You can set your browser to notify you when you receive a new cookie, or to decline cookies altogether. However, if you choose to decline cookies you may not be able to use all the features of our website (e.g. for purchasing orders). Your browser also offers you the option to delete cookies (e.g. via the Clear Browsing History function). For further information, please refer to the user help function under Settings in your web browser.

Website-Tracking

This website uses the web analysis service offered by etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, www.etracker.com*

During your visit of our website the following data is collected and stored to serve marketing and optimizing purposes:

  • Request (pagename)
  • Browser (e.g. Internet Explorer)
  • Browser language (e.g. English)
  • Operating system (e.g.: Windows 10)
  • Referrer URL (previously visited page)
  • Anonymized (shortened) IP address
  • Time of access
  • City and country
  • Clicks

These data can be used to create pseudonymized user profiles. For this purpose, cookies can be used (see Cookies). Without the consent of the affected person, the data collected with etracker- technology is not used to identify the visitor of the website or to merge personal data with the pseudonym.

You can object to the data processing described above at any time, insofar as it is done in a person-related manner.

This website uses etracker to collect data about how users interact with the website and its content. TÜV Hessen uses this data to ensure that the website creates added value for its visitors, for example through content adapted to your personal needs. This data is only available to the owner of the website; they are encrypted before capture. Your safety and privacy will not be compromised.

Further information on data protection at etracker can be found at https://www.etracker.com/en/data-privacy/.

To deactivate etracker and end the collection of usage data, a cookie (named “cntcookie”) must be set by eTracker. The cookie is available under http://www.etracker.de/privacy?et=Zl3oQb. If the cookie is set, the usage data is not collected.

Web analytics will remain disabled as long as you do not disable or delete the eTracker cookie. Therefore, please do not delete the cookie as long as the respective web analysis is not desired.

Embedding of social plugins

Our website uses buttons for the following social Networks

  • facebook, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA
  • LinkedIn, LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA
  • Twitter, Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA
  • Xing, XING AG, Gänsemarkt 43, 20354 Hamburg, Deutschland
  • YouTube, LLC, 901 Cherry Ave., San Bruno CA 94066, USA

The buttons show the logos of the individual social networks. However, the buttons are not standard social plugins, i.e. plugins provided by social networks, but links with button icons. These buttons are only activated by deliberate actions (clicking). As long as you do not click the buttons, no data will be transferred to the social networks. By clicking the buttons, you accept communication with the servers of the social network, thereby activating the buttons and establishing the link.

Once clicked, the button functions as a share plugin. The social network then obtains information about the site you have visited, which you can share with your friends and contacts. You need to be logged in to “share” information. If you are not logged in, you will be forwarded to the login page of the social network you have clicked, thereby leaving the pages of tuev-hessen.de. If you are logged in, your “like” or recommendation of the article in question will be transmitted.

When you activate the button, the social networks will also receive the information that you accessed the respective page of our website and when you did so. In addition, information such as your IP address, details about the browser you used, and your language settings may be transmitted. If you click the button, your click will be transferred to the social network and used according to their data policy.

When you click the button we have no control over the data collected and the data-processing operations. We are not responsible for this data processing, nor are we the “controller” as defined in the GDPR. Neither are we aware of the full extent of data collection, its legal basis, purposes and storage periods. Given this, the information provided here is not necessarily complete.

The data will be transmitted irrespective of whether you actually have an account with this provider or whether you are logged in there. If you are logged in with the provider, your data will be assigned directly to your account. Providers may also use cookies on your computers to track you.

As far as we know, these providers store these data in user profiles which they use for advertising, market research and/or demand-oriented website design. This type of analysis is performed (also for users who are not logged in) to present demand-oriented advertising and inform other users of the social network of your activities on our website. You have the right to object to the creation of these user profiles. To exercise your right of objection, please contact the relevant provider.

Please consult the information provided by the following social media sites for details of the purpose and scope of data collection and of further processing and use of the data by the respective social network, and for your rights and privacy settings:

If you do not wish social networks to obtain data about you, do not click the button.

Online presences in social media

TÜV Hessen maintains several online presences within social networks and platforms, such as Facebook, Twitter, youtube, Xing and LinkedIn, in order to be able to communicate with active users there and to inform them about our service portfolio. TÜV Hessen uses the technical platforms and services offered by the operators. In social networks and on other external platforms the data protection regulations of the operators apply, even though we publish information and maintain presences there.

We would like to point out that you use the services of the social networks and platforms offered here as well as their functions under your own responsibility.

This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating etc.). The data collected about you in this context will be processed by the platform operators and, if necessary, transferred to countries outside the European Union. Which information the operators receive and how these are used, describe the respective data protection guidelines in general form. On the individual platforms you will also find information on how to contact the operators and on the setting for advertisements.

In which way the social network operators use the data from the visits of the respective pages for own purposes, to what extent activities on the pages are assigned to individual users, how long these data are stored and whether data from a visit of the respective page are passed on to third parties, is not conclusively and clearly named by the operators and is not known to us.


I. Facebook

  • Facebook Insights
    When visiting our Facebook page, Facebook (Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA) collects, among other things, your IP address and other information that is stored on your device via cookies. This information is used to provide us, as operators of Facebook pages, with statistical information about the use of the Facebook page. The legal basis for the collection of the data is our legitimate interest (Art. 6 para. 1 f DSGVO). Facebook and TÜV Hessen are jointly responsible for the processing of Insights data pursuant to Art. 26 DSGVO. However, Facebook assumes the primary responsibility and TÜV Hessen makes no decisions regarding the processing of this data.  Since Facebook is constantly improving the availability and processing of data, TÜV Hessen refers to the Facebook Privacy Policy (https://www.facebook.com/about/privacy/) for further details in this regard. Since only Facebook has full access to user data, we recommend that users contact Facebook directly regarding information requests or other questions regarding the rights of affected parties as users (e.g. right to deletion). If the user no longer wishes the data processing described here to be carried out in the future, the connection between the user profile and our site can be separated by the function "Unlike this page". 

    Objection against the processing can be made via the following link www.facebook.com/settings.
    Further information can be found on Facebook at the following link: de-de.facebook.com/help/pages/insights.

  • Facebook Pixel
    Furthermore, Facebook uses the remarketing tool „Facebook Pixel“, a service of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. This function is used to display interest-based adverts (“Facebook ads”) to visitors when they visit the website.  For this purpose, Facebook's remarketing tag has been implemented on this website. The tag establishes a direct connection to the Facebook servers when you visit the website. This information is transmitted to the Facebook server that you have visited this website and Facebook assigns this information to your personal Facebook user account.
    https://www.facebook.com/business/help/742478679120153?helpref=search&sr=3&query=pixel
  • Twitter Analytics
    It’ a service provided by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA. Twitter Analytics stores and processes information about your behaviour on our online presences within social media. Twitter Analytics uses, among other things, cookies that are stored locally in the cache of your browser and which enables the analysis of your use of social media platforms.
    https://twitter.com/personalization 
  • Adobe Marketing Cloud
    The service is provided by Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland. The Adobe Marketing Clouds allows the analysis of visitors’ behaviour on websites. This behaviour is presented in a way which provides an overview on the users’ online activities. Therefore, Adobe uses cookies, which are stored on your computer. If the collected information is transmitted to an Adobe server, the settings ensure that the IP address is anonymized before geolocalization and replaced by a generic IP address before storage.
    http://www.adobe.com/de/privacy/opt-out.html

II. Xing

  • Dynatrace
    Dynatrac is a service operated by Dynatrace LLC mit Hauptsitz in Waltham, Massachusetts, USA, and it gives you insights in the performance of web applications and the user’ behaviour on the website. Dynatrace collects data such as W3C timings, button clicks, link clicks, JavaScript errors, browser types and geographic regions. That way offers can be improved and functional problems can be solved. Dynatrace uses various cookies for this purpose.
    You can find the privacy policy here: https://www.dynatrace.com/company/trust-center/  
  • Google Analytics & Google Conversion Trackings
    Google Analytics, a service of Google Inc, Moutain View, California, USA, uses cookies that are stored on your device and that enable an analysis of your use of our online presence in the social media. The information generated by the cookie about your visit to our online presence in the social media is usually transferred to a Google server in the USA and stored there. If anonymization of the IP address to be transmitted by the cookie is activated on the website ("IP anonymisation"), your IP address will be previously reduced by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases the full IP address will be transmitted to a Google server in the USA and shortened there. Google will use this information to evaluate your use of our online presence in the social media and to compile reports on website use. Pseudonymous user profiles can be created from the processed data. For further information about data privacy go here http://www.google.de/privacy.html.
  • Adobe Marketing Cloud
    The service is provided by Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland. The Adobe Marketing Clouds allows the analysis of visitors’ behaviour on websites. This behaviour is presented in a way which provides an overview on the users’ online activities. Therefore, Adobe uses cookies, which are stored on your computer. If the collected information is transmitted to an Adobe server, the settings ensure that the IP address is anonymized before geolocalization and replaced by a generic IP address before storage. http://www.adobe.com/de/privacy/opt-out.html
  • Facebook Pixel
    Xing uses the remarketing tool „Facebook Pixel“, a service of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. This function is used to display interest-based adverts (“Facebook ads”) to visitors when they visit the website.  For this purpose, Facebook's remarketing tag has been implemented on this website. The tag establishes a direct connection to the Facebook servers when you visit the website. This information is transmitted to the Facebook server that you have visited this website and Facebook assigns this information to your personal Facebook user account.https://www.facebook.com/business/help/742478679120153?helpref=search&sr=3&query=pixel 
  • comScore
    Xing uses comScore, a service of comScore Inc from Reston, Virginia, USA, to collect and store information about users’ behaviour. A small image file or JavaScript is integrated into retrievable Internet pages in order to enable the measurement of access numbers, e.g. using a cookie. In addition, audio and video usage within the player is recorded on the web pages. Under no circumstances can the data obtained be used to personally identify the visitor to this website. The collected data will only be used to improve the offer. Therefore, all IP addresses are only stored in anonymous form. Any other use or passing on to third parties does not take place. https://www.comscore.com/ger/Ueber-Uns/Datenschutzerklaerung 

III. LinkedIn

  • Facebook Pixel
    LinkedIn uses the remarketing tool „Facebook Pixel“, a service of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. This function is used to display interest-based adverts (“Facebook ads”) to visitors when they visit the website.  For this purpose, Facebook's remarketing tag has been implemented on this website. The tag establishes a direct connection to the Facebook servers when you visit the website. This information is transmitted to the Facebook server that you have visited this website and Facebook assigns this information to your personal Facebook user account.
    https://www.facebook.com/business/help/742478679120153?helpref=search&sr=3&query=pixel 
  • Nielsen NetRatings
    Nielsen NetRatings is provided by Nielsen GmbH, Lindwurmstraße 10, 80634 Munich and is an Internet tracking service for measuring and analyzing consumer behavior. You can object to the collection or evaluation of your data using this tool by downloading or setting and saving the opt-out cookie available under the following link: http://www.nielsen.com/us/en/privacy-statement/digital-measurement.htm
  • AppNexus
    AppNexus is provided by von AppNexus Inc., 28 W 23rd Street, 4th floor, New York, NY - 10010, USA and is a tool for web analysis and interest-oriented advertisement. You can object the collection and evaluation of your data here: https://www.appnexus.com/en/company/platform-privacy-policy-de.
  • Eloqua Tracking
    Eloqua, a service of Oracle Cor, 500 Oracle Parkway, M/S 5op7, Redwood Shores, CA 94065, USA, places a persistent cookie on the respective login page, if no Eloqua cookie already exists on your device. If you have already used a website that uses Eloqua, you may already have an Eloqua cookie. The Eloqua cookie may be used to analyze your use of pages to improve them. Emails sent using Eloqua use the tracking technologies described above. If you want to completely eliminate the use of Eloqua tracking technologies for your device, you can do so on the Eloqua Opt-Out page.
    For more information, please see Eloqua's Privacy Policy. (https://www.oracle.com/marketingcloud/products/marketing-automation/index.html)

IV. Twitter

  • Twitter Analytics & Twitter Ads
    Twitter Analytics is a service provided by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA. Twitter Analytics stores and processes information about your behaviour on our online presences within social media. Twitter Analytics uses, among other things, cookies that are stored locally in the cache of your browser and which enables the analysis of your use of social media platforms. Twitter Ads enables target-oriented campaigns.
    https://twitter.com/personalization 
  • Facebook Insights
    When visiting our Facebook page, Facebook (Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA) collects your IP address and other information available on your device via cookies. This information is used to provide the operator of a Facebook fanpage with statistical information about the use of this page. Facebook provides more information on this under the following link
    http://de-de.facebook.com/help/pages/insights 
  • Google Analytics
    Google Analytics, a service of Google Inc, Moutain View, California, USA, uses cookies that are stored on your device and that enable an analysis of your use of our online presence in the social media. The information generated by the cookie about your visit to our online presence in the social media is usually transferred to a Google server in the USA and stored there. If anonymization of the IP address to be transmitted by the cookie is activated on the website ("IP anonymisation"), your IP address will be previously reduced by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases the full IP address will be transmitted to a Google server in the USA and shortened there. Google will use this information to evaluate your use of our online presence in the social media and to compile reports on website use. Pseudonymous user profiles can be created from the processed data. For further information about data privacy go here http://www.google.de/privacy.html 
  • Dynatrace
    Dynatrac is a service operated by Dynatrace LLC mit Hauptsitz in Waltham, Massachusetts, USA, and it gives you insights in the performance of web applications and the users’ behaviour on the website. Dynatrace collects data such as W3C timings, button clicks, link clicks, JavaScript errors, browser types and geographic regions. That way offers can be improved and functional problems can be solved. Dynatrace uses various cookies for this purpose.
    You can find the privacy policy here https://www.dynatrace.com/company/trust-center/ 
  • Infusionsoft
    Infusionsoft is a program for preparing, creation and executing targeted marketing campaigns. The operator of Infusionsoft is Infusionsoft Inc, 1260 p. Spetrum Blvd, Chandler, AZ 85286, USA. The software makes it possible to link statistical data and network behaviour of individual users with the contact data of specific persons for marketing purposes. If you install a deactivation add-on for your web browser, you can object to the collection of your data.
    https://www.infusionsoft.com/legal/privacy-policy 

V. youtube

  • DoubleClick Floodlight
    DoubleClick Floodlight is a service provided by Google Inc., Moutain View, Kalifornien, USA. DoubleClick Floodlight-cookies enable enable us to understand whether you complete certain actions on the social media platforms after viewing a display/video ad on Google or other platforms via DoubleClick or clicking through. DoubleClick uses this cookie to understand the content you have interacted with on our websites in order to send you targeted advertising later. https://support.google.com/ds/answer/2839090?hl=en 
  • Facebook Insights
    Through Facebook Insights, a service provided Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA, Facebook collects, among other things, your IP address and other information available on your PC in the form of cookies. This information is used to provide statistical information about the use of the respective site. Facebook provides more information on this under the following link:
    http://de-de.facebook.com/help/pages/insights 
  • MediaMind
    Youtube uses the technology of MediaMind Technologies Inc., 135 West 18th Street, New York, NY 10011, USA for optimizing online ads. MediaMind uses cookies with anonymous and personally unidentifiable information in connection with the ad serving service. Ad serving supports youtube in the selection of suitable ads for the users. The cookie does not contain any names, addresses, telephone numbers, e-mail addresses or other information that can personally identify the user.
    Further information regarding MediaMind data protection can be found at
    http://www.mediamind.com/privacy-policy 
    You can disable the MediaMind cookies here http://www.networkadvertising.org/choices/.

Use of Google Maps

The TÜV Hessen website uses Google Maps API, a Google interactive service (“Google”), to display an interactive map or create a route map. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States.

Through the use of Google Maps, information about your use of this website (including your IP address) may be transferred to a Google server in the United States of America and stored there. Google will transfer the information obtained through Google Maps to third parties if this is required by law or if third parties process these data on behalf of Google.

Google will in no case associate your IP address with other data from Google. Nevertheless, it would be technically possible that Google could make an identification of the least single users on the basis of the data obtained. It would be possible for personal data and personality profiles to be processed by users of Google’s website for other purposes to which we have no influence. This and the fact that data are transmitted to the US is problematic for reasons of data protection law. You can easily disable the Google Maps service, preventing data transfer to Google: For this, disable JavaScript in your browser. Please note that in this case, you can no longer use the map display.

By using this website and not disabling java, you agree with the collection, processing and use of the automatically collected data and the data entered by you (including your IP address) by Google, one of its representatives or third-party providers.

The terms of use for Google Maps can be found at the following link: https://www.google.com/intl/en/policies/terms/regional.html

In-depth information about transparency and choices, as well as the data protection policy, can be found at the Google Privacy Center: https://www.google.com/intl/en/policies/privacy/?fg=1

Apps

Services can be used on mobile devices such as smartphones or iPads (with iOS as operating system). In part, content will be downloaded from other sources (due to up-to-dateness of the data, e.g. the list of test centers). Functions are executed on the mobile devices. If we retrieve external functions from our servers (…), the data will be deleted after the results are transferred. We process personal data required for the use of the app or if you have given your explicit consent. Your data is not transferred to third parties. We reserve the right to analyse anonymized data statistically.

For localization services, geo data is used (e.g. your location while using the function “find next test center”) We do not combine this geo data with your personal data, but use it only for the purpose of localization within the framework of the app or sub-function of an app you have called up. After localization, we delete this geo data. Depending on your device, you can also generally switch off the localization. However, the localization function of the app cannot be used anymore. Data is also stored on your mobile device. The storage of personal data is always in encrypted form, some data is also stored in unencrypted form (e.g. settings of specific on/off switches of our apps).

In case of losing your device, misuse by third parties cannot be ruled out. We therefore recommend using the device-specific measures against misuse (encryption, usage lock). Please refer to the information provided by the manufacturer of your device. You should also use the possibilities to remove personal data from your device in case of passing it on, e.g. when selling it.

Standard periods for deletion of data

Legislation has defined numerous data storage periods and obligations. At the end of these periods, the relevant data will be routinely deleted. Data that are not affected by the above storage periods and obligations are deleted or anonymized as soon as the purposes defined in this data privacy statement no longer apply. Unless this data privacy statement includes other deviating provisions for data storage, we will store any data we collect for as long as they are required for the above purposes for which they were collected.

Other data use and deletion

Any further processing or use of your personal data will generally only be carried out to the extent permitted on the basis of a legal regulation or where you have consented to data processing or data use. In the case of further processing for other purposes than the ones for which the data were originally collected, we will inform you about these other services and provide you with all other significant information before further processing.

Misuse detection and prosecution

Information for the detection and prosecution of misuse, in particular your IP address, will be kept available for a maximum of 7 days. The legal basis in this respect is Art. 6 para. 1 lit. f DSGVO. Our legitimate interest in the retention of data for 7 days is to ensure the proper functioning of our website and the transactions conducted over it, and to be able to ward off cyber attacks and the like. We may use anonymous usage information to design our website to meet your needs.

Rights concerning the processing of personal data

Right of access

On request, you have the right to obtain information from us about the personal data concerning you and processed by us, to the extent defined in Art. 15 GDPR. You can send your request either by mail or email to the addresses given below.

Right to rectification

You have the right to require us to rectify any inaccurate personal data concerning you without undue delay (Art. 16 GDPR). For this purpose, please contact the address given below.

Right to deletion

Where the legal reasons defined in Art. 17 GDPR apply, you have the right to immediate deletion (“right to be forgotten”) of personal data concerning you. These legal reasons include: the personal data are no longer necessary for the purposes for which they were processed, or you withdraw your consent, and there are no other legal grounds for processing; the data subject objects to the processing (and there are no overriding legitimate grounds for processing––does not apply to objections to direct advertising). To assert your above right, please contact the contact address given below.

Right to restriction of processing

If the criteria defined in Art. 18 GDPR are fulfilled, you have the right to restriction of processing as established in the above article of the GDPR. According to this article, restriction of processing may be called for in particular if processing is unlawful and the data subject opposes deletion of the personal data and requests the restriction of their use instead, or if the data subject has objected to processing according to Art. 21 (1) GDPR as long as it is unclear whether our legitimate interest overrides the interest of the data subject. To assert your above right, please contact the contact address given below.

Right to data portability

You have the right to data portability as defined in Art. 20 GDPR. This means you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, and have the right to transmit those data to another controller, such as another service provider. Prerequisite is that processing is based on consent or a contract, and is carried out using automated means. To assert your above right, please contact the contact address given below.

Right to object

You have the right to object at any time under Art. 21 GDPR to processing of personal data concerning you which is based on Art 6 (1) lit. e or f GDPR, on grounds relating to your particular situation. We will desist from processing your personal data unless we can demonstrate compelling legitimate grounds for processing which override your interests, rights, and freedoms, or unless processing is for the establishment, exercise, or defence of legal claims. To assert your above right, please contact the contact address given below.

Right to file a complaint with a supervisory authority

If you think that processing of personal data concerning you and carried out by us is unlawful or impermissible, you have the right to file a complaint with the supervisory authority responsible for us. You can contact this authority at

Der Hessische Datenschutzbeauftragte
Postfach 31 63
D-65021 Wiesbaden
Phone: +49 611 1408-0
Email: poststelle@datenschutz.hessen.de

Data Protection Officer

Please address any questions regarding the processing of your personal data, requests for information, applications, or complaints directly to our data protection officer, who will be happy to be of service:

Data Protection Officer of TÜV Hessen
Robert-Bosch-Str. 16
D-64293 Darmstadt
Email: datenschutz@tuevhessen.de

Contact data of the controller:

TÜV Technische Überwachung Hessen GmbH
Robert-Bosch-Str. 16
D-64293 Darmstadt
Phone: +49 6151 600-0
Email: datenschutz@tuevhessen.de

As at: Mai 2018