Data protection declaration
The TÜV Rheinland Group welcomes you to our websites and is pleased about your interest in our products and services. Data protection and data security for our customers and users have, from time immemorial, been of great significance to our Group. The protection of your personal data is therefore very important and a special concern of ours.
General guidelines and mandatory information
1 Information about the collection of personal data
In the following sections we shall inform you about the collection and further processing of personal data when you visit our website. Personal data refers to all data which relates to you personally or with which you can be identified personally, e.g. name, address, e-mail address, or user behaviour.
The Controller, according to Article 4(7) of the EU General Data Protection Regulation (GDPR), is
TÜV Rheinland AG
Am Grauen Stein
51105 Cologne, Germany
Tel.: +49 (0) 221 / 806 - 0
Fax: +49 (0) 221 / 806 - 114
E-mail: firstname.lastname@example.org (see our legal notice).
You can reach our legally designated data protection specialist at:
with the subject line “Data protection specialist”
b. or through our postal address with the tag “Data protection specialist”.
When you contact us by e-mail or via a contact form, we shall store the personal data you submit to us (your e-mail address, your name and your telephone number, if necessary) for purposes of responding to your questions. We shall delete the data connected with this event as soon as its storage is no longer required, or we shall restrict the processing of this data if there are any legal obligations necessitating its storage.
If we engage contracted service providers for individual functions of our service provision, or if we want to use your data for advertising purposes, we shall hereafter inform you in detail about the respective procedures. At the same time, we shall also tell you the fixed criteria for the storage duration.
Insofar as your inquiry necessitates the transmission of personal data to particular recipients, the data will also be shared with third parties. This will always take place within the framework of legal regulations.
This website uses SSL and/or TLS encryption for security reasons and to protect the transmission of confidential contents, e.g. submitted contents of a form. If the encryption is activated, the data transmitted to us cannot be read by third parties. You can recognise an encrypted connection by the fact that the address bar of your browser changes from “http://” to “https://” and by the lock symbol in the browser bar.
The use of the contact details published in connection with the obligatory legal notice for sending not explicitly solicited advertising and information material is hereby excluded. The operators of the websites reserve the right to take express legal steps in the event of unsolicited circulation of advertising information, for example through spam e-mails.
2 Your rights
You can assert the following rights against us regarding your personal data:
- a. Right to information,
- b. Right to rectification or erasure of personal data,
- c. Right to restriction of processing,
- d. Right of objection to the processing,
- e. Right to data portability.
You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.
3 Collection of personal data when you visit our website
If you are simply visiting our website for information purposes, and not to register or send us any information at all, we shall still collect the following personal data which will be transmitted to our server by your browser.
- a. IP address
- b. Date and time of your inquiry
- c. Time zone difference to Greenwich Mean Time (GMT)
- d. Contents of the request (precise page)
- e. Access status / HTTP status code
- f. The respective amount of data transmitted
- g. Website originating the request
- h. Browser
- i. Operating system and its interface
- j. Language and version of the browser software
The legal basis for the processing of your data is Article 6(1)(f) of the GDPR, which allows the processing of technically requisite data that ensures a stable and secure operation of the website.
In addition to the data mentioned earlier, cookies are stored on your computer when you visit our website. Cookies are small text files which are stored on your hard disk and associated with the browser you use; through these cookies, information is transmitted to the institution which has placed the cookie on your computer (here, our organisation). Cookies cannot run any programmes on or transmit viruses to your computer. They serve to make our web content more user-friendly and more effective as a whole.
- a. This website uses the following types of cookies, whose scope and functionality is described here below:
I. Transient cookies (refer to b)
II. Persistent cookies (refer to c)
- b. Transient cookies are automatically deleted when you close the browser. These include, in particular, session cookies. This type of cookie stores what is known as a “session ID” with which different requests from your browser can be assigned to the common session. Through this, your computer can be recognised the next time you visit our website. Session cookies are deleted when you log out or when you close the browser.
- c. Persistent cookies are deleted after a pre-determined time, which can vary from one cookie to the next. You can delete cookies at any time through the security settings of the browser.
- d. You can configure your browser settings according to your wishes and reject the placement of third-party cookies, for instance, or of all cookies. We would like to point out that in this case you may not be able to use all the functions on this website to the fullest extent.
You can view all cookies and manage your user consent on the following page: Manage Cookies
4 Registration on this website
You can register on our website to be able to use other functions on the website. We use the data submitted only for purposes of using the respective product or service for which you have registered. The mandatory information required during registration must be submitted in full. Otherwise, we will reject the registration.
We shall use the e-mail address submitted during registration to inform you about important changes, for example to the scope of the offer, or technically significant changes.
The data submitted during registration is processed on the basis of either a contract (Article 6(1)(b) of the GDPR or your consent (Article 6(1)(a) of the GDPR). You can revoke your consent at any time. You can do this by sending us an informal message by e-mail. The legality of the data processing already carried out shall remain unaffected by the revocation.
Data collected during the registration is stored by us for as long as you are a registered member on our website; thereafter it will be deleted. Legal retention periods shall remain unaffected.
4.1 Registration with Facebook Connect
Instead of direct registration on our website, you can also register with Facebook Connect. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
If you decide to register using Facebook Connect and then click on the button “Login with Facebook”- / “Connect with Facebook”, you will be automatically forwarded to the Facebook platform. You can sign in there with your user details. Through this process, your Facebook profile will be linked to our website and/or services. This connection will enable us to gain access to your data which is stored on Facebook. This includes mainly:
- a. Your Facebook name
- b. Your Facebook profile and cover photo
- c. Facebook cover photo
- d. Your e-mail address stored on Facebook
- e. Facebook ID
- f. Facebook friends lists
- g. Facebook Likes
- h. Date of birth
- i. Gender
- j. Country
- k. Language
This data is used for the setting up, provision and personalisation of your account.
You can find more details in the Facebook terms and conditions and the Facebook data protection regulations. These can be accessed at: https://de-de.facebook.com/about/privacy/ and https://www.facebook.com .
5 Other functions and services of our website
Apart from the purely informative use of our website, we also offer various services which you can use if interested. To do this, you generally have to give us more personal data, which we shall use to provide the respective service and for which the previously outlined principles of data processing apply.
We shall partly engage external service providers to process your data. These have been carefully selected and commissioned by us; they are bound by our instructions and are regularly monitored by us.
Furthermore, we can share your personal data with third parties if we have arranged to participate in promotions, competitions, conclusion of contracts or other similar services in collaboration with our partners. You can get more information about this by providing your personal details or in the subsequent description of the service offered.
Provided that our service providers or partners have their headquarters in a country outside the European Economic Area (EEA), we shall inform you about the consequences of this state of affairs in the description of the service offered.
6 Objection to or revocation of the processing of your data
If you have consented to the processing of your data, you can always revoke this consent at any time. After you have expressed such a revocation to us, it will influence the permissibility of processing your personal data.
Provided that we are basing the processing of your personal data on the need to balance interests, you can raise an objection to this processing of your data. This is the case if the processing is not required in particular to fulfil a contract with you, a fact which we endeavour to outline in the subsequent description of the respective functions. When exercising such a right of objection, we request that you outline the reasons why we should not process your personal data in the manner we have described. If you present to us your reasons, we shall check the circumstances and either stop and/or adjust the processing of the data, or present compelling counterarguments for continuing with the data processing.
You can of course object to the processing of your personal data for purposes of advertising and data analysis at any time. You can inform us of your objection to the use of your data for advertising through the following contact address: By e-mail to email@example.com or by post to TÜV Rheinland AG, Am Grauen Stein, 51105 Köln, Germany.
Newsletter, analysis tools and advertising
With your consent, you can subscribe to our newsletter, through which we can keep you informed about our latest interesting offers. The goods and services advertised are mentioned in the declaration of consent.
We use what is known as the “double opt-in procedure” for subscription to our newsletter. This means that after registration, we shall send you a message to the e-mail address you indicated, in which we shall request you to confirm that you wish to receive the newsletter. If you don’t confirm the registration, we shall block the information you submitted and it will then be deleted automatically. In addition, we shall also store the IP address you used and the time of registration and confirmation. The purpose of this procedure is to verify your registration and to enable us to clarify any possible misuse of your personal data, if necessary.
The only mandatory piece of information for the sending of our newsletter is your e-mail address. The provision of further, separately marked data is voluntary and is used to enable us to address you personally. After your confirmation, we shall store your e-mail address to send you the newsletter. The legal basis for this is Art. 6(1)(1)(a) of the GDPR.
You can revoke your consent for the newsletter any time and also unsubscribe from the same. You can perform the revocation by clicking on the link provided in each newsletter e-mail, or by sending a message to the contact address given in our legal notice.
We would like to let you know that we evaluate your user behaviour when we send you the newsletter. To do this evaluation, the e-mails sent contain “web beacons” or “tracking pixels”, which are one-pixel files stored on our website. To do this evaluation, we shall link the data specified in Part 1, Section 3 of this policy and the web beacons with your e-mail address and an individual ID. The links contained in the newsletter also contain this ID.
You can object to this tracking any time by unsubscribing from the newsletter. It is possible to unsubscribe through a link in each newsletter. The information you submitted will be stored for as long as you are subscribed to the newsletter. After you have unsubscribed, we shall keep your data for purely statistical reasons.
2 Analysis tools and advertising
We use the Eloqua service for optimal communication with our customers. The Eloqua servers of the provider – ORACLE Deutschland B.V. & Co. KG, Riesstrasse 25, 80992 München – are located within the EU. Within the context of support and administrative services, it cannot be ruled out – on a case-by-case basis – that individual employees of Oracle Corporation outside the EU will also have access to user data as part of their contractual service delivery. We have ensured an appropriate data protection standard for Oracle Corporation as a precaution through sufficient guarantees within the meaning of the German federal data protection regulation. Eloqua shall place a persistent cookie on the relevant registration page, as long as there is no other cookie from Eloqua on your device. If you have already used a website before which uses Eloqua, then you probably already have an Eloqua cookie. We use the Eloqua cookie for the purpose of analysing your use of our website, so that we can keep making improvements. E-mails sent with the help of Eloqua use tracking technologies. We use this data in order to, first and foremost, find out which topics are interesting to you, by establishing whether you opened our e-mails and which links you clicked on. We shall then use this information to improve the e-mails we send to you and the services we offer, and to connect them with the tracking and profiling information already available. If you want to prevent the use of Eloqua cookies on your device in future, you can do that through the following link: www.oracle.com/legal/privacy/privacy-policy.html#opt-out
If you do not want us to recognise your computer the next time you visit our website (hard disk cookies), you can also configure your browser to delete cookies from your hard disk, block all cookies, or warn you before a cookie is stored. If you do not accept cookies, you will not be able to use some of our services. In general, cookies enable us to determine who you are so that we can offer you better, more personalised services.
Data is collected and stored for marketing and optimisation purposes on this website using Webtrekk ( www.webtrekk.com ). Webtrekk does not pass on any data to third parties. Usage profiles can be created from this data under a pseudonym.
Webtrekk uses the following cookies:
- a. Last click (used for session timeout; duration is one session)
- b. Session cookie (used for session identification; duration is one session)
- c. An “Ever cookie” (used for the identification of new and returning visitors; duration is six months)
You can define in your browser settings whether or not cookies are allowed.
We use a Webtrekk “Ever-Cookie“ with a unique ID per user. Remember this ID to request hand-over or deletion of your data at any point in time.
2.3 LinkedIn conversion tracking
This website uses LinkedIn conversion tracking, a web analysis service of the LinkedIn Corporation. LinkedIn conversion tracking uses what are known as ‘cookies’, i.e. text files which are stored on your computer via the LinkedIn insight tag, and which allow website usage to be analysed.
The information collected by the LinkedIn insight tag about your usage of our website is encrypted. The cookie is stored in the LinkedIn member’s browser until the member deletes the cookie or it expires (the expiry date is on a rolling basis, six months after the member’s browser last loaded the insight tag).
LinkedIn members can opt out of LinkedIn conversion tracking and block/delete cookies at https://www.linkedin.com/psettings/advertising/, as well as disable demographic features. There is no separate opt-out option for third-party impressions or click tracking for campaigns that run on LinkedIn in LinkedIn settings, since all underlying campaigns respect LinkedIn member settings.
In addition, you can prevent cookie storage by adjusting your browser software or third-party provider tools accordingly. Please note that, in this case, you will not be able to use all the functions of this website to their full extent.
We use LinkedIn conversion tracking to analyse the usage of our website and to continually improve the web site. We can improve the experience we offer and make it more interesting for you as a user by using the statistics that are collected. The legal basis for using LinkedIn conversion tracking Article 6, Paragraph 1, Sentence 1, lit. f of the EU GDPR.
Additional third-party information: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA;
http://www.linkedin.com/legal/privacy-policy ; https://www.linkedin.com/help/lms/answer/85787 ; https://www.linkedin.com/help/linkedin/answer/87150/linkedin-marketinglosungen-und-die-datenschutz-grundverordnung-dsgvo-?lang=de ;
LinkedIn has joined the EU-U.S. Privacy Shield https://www.privacyshield.gov/EU-US-Framework
2.4 Bing Ads
The website uses the remarketing function “Bing Ads” provided by Microsoft Corporation One Microsoft Way, Redmond, WA 98052-6399, USA. (“Microsoft Advertising”). Microsoft Bing Ads stores a cookie on your computer if you have reached our website via a Microsoft Bing advert. This enables Microsoft Bing and us to determine that someone has clicked on an advert, been forwarded to our website and reached a previously determined target page (conversion page). We learn only the total number of users that have clicked on a Bing advert and then been forwarded to the conversion page. No personal information regarding the identity of the user is passed on.
If you do not want information on your behaviour to be used by Microsoft as described above, you can refuse the setting of the cookie required for this purpose – for example by configuring the browser setting that disables the automatic setting of cookies generally. You can also prevent the collection of data generated by the cookie relating to your use of the website and the processing of this data by Microsoft by opting out at the following link: http://choice.microsoft.com/en/opt-out . Further information on data protection and the cookies used by Microsoft and in the context of Bing Ads is available on the Microsoft website at https://privacy.microsoft.com/en-us/privacystatement .
2.5 Facebook Custom Audiences
The website also uses the remarketing function “Custom Audiences” provided by Facebook Inc. (“Facebook”). Through this function, website users are shown interest-related adverts (“Facebook ads”) when visiting the social network Facebook or other websites that also use the function. In this way, we are pursuing our desire to show you adverts of interest to you to make our website more interesting.
Through the marketing tools used, such as Facebook pixels, your browser automatically establishes a direct connection to the Facebook server. We have no influence on the scope and further use of the data that is collected through use of this tool by Facebook and are therefore providing you with information based on what we know: Through the integration of Facebook Customer Audiences, Facebook receives the information that you have accessed the relevant page on our website or that you have clicked on one of our adverts. If you are registered with a Facebook service, Facebook can link the visit to your account. Even if you are not registered with Facebook or are not logged in, the provider may learn and store your IP address and other identifying features.
To disable the “Facebook Custom Audiences” function, logged-in users should go to https://www.facebook.com/settings/?tab=ads#_möglich .
The legal basis for the processing of your data is Art. 6(1)(1)(f) GDPR. Further information on data processing by Facebook can be found at https://www.facebook.com/about/privacy .
2.6 DoubleClick Ad Exchange
Through the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence on the scope and further use of the data collected through use of this tool by Google and are therefore providing you with information based on what we know: Through the integration of DoubleClick, Google receives the information that you have accessed the relevant section of our website or that you have clicked on one of our adverts. If you are registered with a Google service, Google can link the visit to your account. Even if you are not registered with Google or are not logged in, the provider may learn and store your IP address.
You can prevent participation in this tracking process in a number of ways: a) by configuring your browser software accordingly; in particular, the suppression of third-party cookies means that you will not receive adverts from third-party providers; b) by disabling the cookies for conversion tracking, by setting your browser to block cookies from the domain “www.googleadservices.com”, at https://www.google.com/settings/ads; this setting is deleted if you delete your cookies; c) by disabling interest-related adverts from providers who are part of the “About Ads” self-regulation campaign via the link http://www.aboutads.info/choices; this setting is deleted if you delete your cookies; d) by permanently deactivating your Firefox, Internet Explorer or Google Chrome browser at the link http://www.google.com/settings/ads/plugin . Please note that in this case, you may not be able to use fully all the functions on this website.
The legal basis for the processing of your data is Art. 6(1)(1)(f) GDPR. Further information on DoubleClick by Google is available at https://www.google.com/doubleclick and http://support.google.com/adsense/answer/2839090 , and on data protection in general at Google: https://www.google.com/intl/en/policies/privacy . Alternatively, you can visit the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org . Google has joined the EU-U.S. Privacy Shield, https://www.privacyshield.gov/EU-US-Framework .
Social media and other plug-ins
1. Social media plug-ins
We currently use the following social media plug-ins on our website:
- a. WhatsApp
- b. Google+
- c. Facebook
- d. Twitter
- e. Pinterest
- f. Xing
- g. LinkedIn
We use the two-click solution. This means that when you visit our site, no personal data is sent initially to the plug-in providers. You can identify the provider of the plug-in by the marking on the box, via the provider’s initial letters or logo. We give you the opportunity to communicate directly with the plug-in provider via the button. The plug-in provider will receive the information that you have visited the relevant page on our website only if you click on the marked field and thereby activate it. In addition, the data specified in Part 1, Section 3 of this policy will be transmitted. In the case of Facebook and Xing, according to these providers, the IP address is anonymised immediately after being collected in Germany. When the plug-in is activated, your personal data is therefore sent to the relevant plug-in provider and stored there (in the case of US providers, in the USA). Because the plug-in providers carry out data collection using cookies in particular, we recommend deleting all cookies via the security settings in your browser before clicking on the greyed-out box.
We have no influence on the data collected or on the data processing operations, nor do we know the full scope of the data collection, the purposes of the processing or the retention periods. We also have no information regarding the erasure of the collected data by the plug-in providers.
The plug-in provider stores the data collected regarding you as usage profiles and uses these for advertising and market research purposes and/or for ensuring that its website is designed in accordance with requirements. Such use is carried out in particular (including for users who are not logged in) for the purposes of displaying appropriate advertising and informing other users on the social network about your activities on our website. You have a right to object to the creation of these user profiles. To assert this right, you must contact the relevant plug-in provider. Via the plug-ins, we offer you the opportunity to interact with social networks and other users so that we can improve the experience we offer and make it more interesting for you as a user. The legal basis for the use of plug-ins is Art. 6(1)(1)(f) GDPR.
The data transfer takes place irrespective of whether or not you have an account with the plug-in provider and are logged into your account. If you are logged into your account with the plug-in provider, your data collected on our website will be linked directly to this account. If you click on the activated button and e.g. link the page, the plug-in provider also stores this information in your user account and shares it publicly with your contacts. We recommend regularly logging out after using a social network, in particular before activating the button, as in this way you can prevent a link being made by the plug-in provider to your profile.
Further information on the purpose and scope of the collection and processing of data by the plug-in provider is available in the privacy policies of these providers listed below. In these privacy policies, you can also find further information on your associated rights and setting options for protecting your privacy.
Addresses of the relevant plug-in providers and URLs for their privacy policies:
WhatsApp / Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; https://www.whatsapp.com/legal/#terms-of-service further information on data collection
Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=en . Google has joined the EU-U.S. Privacy Shield, https://www.privacyshield.gov/EU-US-Framework .
Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php ; further information on data collection: http://www.facebook.com/help/186325668085084 , http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo . Facebook has joined the EU-U.S. Privacy Shield, https://www.privacyshield.gov/EU-US-Framework .
Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy . Twitter has joined the EU-U.S. Privacy Shield, https://www.privacyshield.gov/EU-US-Framework .
Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103-490, USA ("Pinterest") https://policy.pinterest.com/en/privacy-policy further information on data collection
Xing AG, Gänsemarkt 43, 20354 Hamburg, DE; http://www.xing.com/privacy .
LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy . LinkedIn has joined the EU-U.S. Privacy Shield, https://www.privacyshield.gov/EU-US-Framework .
2. Integration of YouTube videos
We have integrated YouTube videos in our website. These videos are stored on http://www.YouTube.com and can be played directly from our website. The videos are all integrated in “enhanced data protection mode”, meaning that no data regarding you as a user is transmitted to YouTube if you do not play the videos. The data specified in paragraph 2 is transmitted only when you play the videos. We have no influence over this data transmission.
Through the visit to the website, YouTube receives the information that you have accessed the relevant page on our website. In addition, the data specified in Part 1, Section 3 of this policy will be transmitted. This takes place irrespective of whether you have a user account with YouTube that you are logged into or whether no user account exists. If you are logged in on Google, your data will be linked directly to your account. If you do not want your data to be linked to your YouTube profile, you must log out before activating the button. YouTube stores your data as usage profiles and uses it for advertising and market research purposes and/or for ensuring that its website is designed in accordance with requirements. Such an evaluation is carried out in particular (even for users who are not logged in) to provide appropriate advertising and to inform other users on the social network about your activities on our website. You have a right to object to the creation of these user profiles. To assert this right, you must contact YouTube.
3. Integration of Google Maps
We use Google Maps on this website. This enables us to display interactive maps directly on the website and provides you with convenient use of the map function.
When you visit the website, Google receives the information that you have accessed the relevant page on our website. In addition, the data specified in Part 1, Section 3 of this policy will be transmitted. This takes place irrespective of whether you have a user account with Google that you are logged into or whether no user account exists. If you are logged in on Google, your data will be linked directly to your account. If you do not want your data to be linked to your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses it for advertising and market research purposes and/or for ensuring that its website is designed in accordance with requirements. Such an evaluation is carried out in particular (even for users who are not logged in) to provide appropriate advertising and to inform other users on the social network about your activities on our website. You have a right to object to the creation of these user profiles. To assert this right, you must contact Google.
Further information on the purpose and scope of the collection and processing of data by the plug-in provider is available in the provider’s privacy policies. Here, you can also find further information on your associated rights and setting options for protecting your privacy: http://www.google.com/intl/en/policies/privacy . Google also processes your personal data in the USA and has joined the EU-U.S. Privacy Shield, https://www.privacyshield.gov/EU-US-Framework .
5. Integration of Issuu digital publishing platform
6. Integration of social media plug-ins or widgets from Walls.io
Our website uses social media plug-ins or widgets from Walls.io. When these plug-ins are called up, IP address and cookie information is transmitted to Walls.io. Walls.io is operated by "Die Socialisten" Social Software Development GmbH in Vienna, Austria. You will find further information about data processing by Walls.io at: https://walls.io/privacy .
7. Integration of Baidu Maps
This website uses the Baidu Maps software provided by Baidu, Inc. By using this site, you consent to the collection, processing and use by Baidu, Inc. and its agents of any automated data collected.
Terms of Service of Baidu Maps: map.baidu.com/zt/client/service/index.html
8. Integration of Youku Player
To display and deliver videos in China, TÜV Rheinland makes use of Youku, a video sharing website. The embedded Youku player, uses these cookies to check if certain features or preferences have been selected by the user.
For the purpose of online surveys, we use the services of the provider Netigate Deutschland GmbH, Luisenforum, Kirchgasse 2, 65185 Wiesbaden.
Netigate processes the information provided by users solely for the purpose of evaluating the survey on our behalf and, if no personal data such as names or e-mail addresses is requested, stores it anonymously, including without the IP address of the users. When personal data (e.g. name, address, company, etc) is requested we make it clear that this is additional, voluntary information that we collect and use. In the case of surveys with personal data, these are automatically deleted after 6 months. TÜV Rheinland has a Data Processing Agreement in place with Netigate in accordance with Art. 28 GDPR.