Data Controller and Data Protection Officer
TÜV Rheinland AG, Executive Board, Am Grauen Stein, 51105 Cologne, Germany
You can reach our data protection officer at
TÜV Rheinland AG, FAO Data Protection Officer, Am Grauen Stein, 51105 Cologne, Germany
E-Mail:
dataprotection@tuv.com
Purposes and Legal Basis of Data Processing
We process your personal data in compliance with the GDPR, the local data protection regulations (e.g. BDSG) and all other relevant legal provisions. This applies in particular (but not conclusively) to the purpose of secure, managed data transfers.
a. In order to fulfill contractual obligations (Art. 6 Para. 1 b) GDPR)
The processing of personal data takes place on the basis of the necessity for the purpose of fulfilling a contract or a pre-contractual measure, to which you are or should become a contracting party.
b. Legitimate interests (Art. 6 Para. 1 f) GDPR)
If necessary, we process your data beyond the actual fulfillment of the contract to protect the legitimate interests of us or third parties.
c. On the basis of your consent (Art. 6 Para. 1 a) GDPR)
If you have given us your consent to the processing of personal data for certain purposes (e.g. transfer of data within the group), the lawfulness of the processing is based on your consent. A given consent can be revoked at any time. The revocation of consent does not affect the legality of the data processed until the revocation.
| Designation | Affected Users/Retention period |
Intended use/distribution to third parties |
|---|---|---|
| Cookies Randomly generated IDs, technical parameters (Session cookie, Same-site cookies; Remember-me cookie) | all visitors to the site / end of session (closing the browser) users of the "automatic login" / permanently | Recognition of the user while using the application Recognition of the user with "automatic login" no disclosure to third parties |
| Log file entries IP address, timestamp, page accessed, status, amount of data, referrer, user agent | all visitors of the page / 365 days | Troubleshooting, clarification of improper use, anonymized statistical evaluation no disclosure to third parties |
| Account data (TUVbox Accounts) User name, name E-mail address | User with TUVbox account / runtime of the TUVbox account 60 days after last usage | Search for users when sharing content, send of notifications Sharing to all users |
| Password | For accounts of internal employees no permanent storage, direct transfer to authentication server | Authentication (Login) Internal, encrypted transfer to the authentication server |
| Account data (external accounts) User name, name, e-mail address | external users with account / deletion after 60 days of inactivity | The search for users is not possible for external users. |
| Password | external users with account / deletion after 60 days of inactivity | Authentication password (login) is stored locally. No disclosure to third parties |
| Settings / Properties Timestamp last login, storage space quota, storage space purchase / runtime, language, personal settings made | User with account / see Account | Detection of inactive users, memory allocation, personalization of the interface, notifications, etc. No disclosure to third parties |
| Files The file exchange is the central function of the system. Only browser use permitted. | User with account / see Account | Clients and data synchronization are not provided. The data isshared with defined target persons via e-mail address. The forwarding is not individually adjustable. |
Data protection declaration
Recipient of Personal Data
Within the TÜV Rheinland Group, those places who have access to your data to fulfill our contractual and legal obligations are given access. With regard to the transfer of your data to recipients outside the TÜV Rheinland Group, bodies will only receive the data if contractual or legal provisions so require. In addition, we use external processors and service providers who support us to protect our legitimate interests (e.g. ensuring the user help desk).
Other data recipients may be those bodies for which you have given us your consent to the data transfer.
Data transfer to a Third Country
If we transfer personal data to service providers outside the European Economic Area (EEA), the transfer will only take place if the third country has confirmed an appropriate level of data protection or if there are other appropriate data protection guarantees (e.g. EU standard contractual clauses).
Duration of Retention
We process and store your personal data as long as it is necessary to fulfill our contractual and legal obligations. If the data are no longer required for the fulfillment of contractual or legal obligations, they are regularly deleted or anonymized. It should be noted that the storage period varies depending on the purpose of the data processing.
Rights of the Data Subject
In accordance with Art. 15 GDPR, you have the right to receive information about the data stored about you, including any recipients and the planned retention period. If incorrect personal data is processed, you have a right to correction in accordance with Art. 16 GDPR. If the legal requirements are met, you can request that the processing be deleted or restricted and you can object to the processing (Art. 17, 18 and 21 GDPR). If you believe that the processing of your personal data violates data protection law, you have the right to complain to a data protection supervisory authority of your choice in accordance with Art. 77 (1) GDPR.
The most current version of this data protection declaration applies. As of March 1st,2020.