Data Privacy

Welcome to the TÜV SÜD website https://www.annualreport.tuvsud.com/. We appreciate your interest in our company. Protection of the personal data you entrust to us is a priority for us, and we want you to feel safe and secure when you visit our website or use our online offers.

TÜV SÜD is a leading technical service organisation operating in the market segments of industry, products and transport. Its range of services embraces advisory services, expert reports and testing, inspection and certification services as well as training. Our objectives include reliability, safety, security and quality in addition to sustainability and profitability.

This privacy statement therefore explains the types of your personal data that are processed by TÜV SÜD when you use our offers and services. All processing of personal data on this website is carried out for the purposes set forth in this Data Privacy Statement.

If you are a natural person residing in the European Union (EU) or the European Economic Area (EEA), please take note of our EU/EEA privacy statement. In this context, please also take note of our further national or company-specific TÜV SÜD websites and their Legal Entity Privacy Statements.

1. Name and contact data of the controller

The data controller of this website is TÜV SÜD AG.

  • TÜV SÜD AG
  • Westendstr. 199
  • 80686 Munich, Germany

2. Contact data of the data protection officer

If you have further questions regarding the processing of your personal data, you can contact our data protection officer directly, who is also available in the case of requests for information, applications or complaints:

3. Processing of your personal data

We understand “personal data” to include all information relating to an identified or identifiable natural person. When you access and use our website, we process your personal data in the following cases and for the following purposes:

3.1. Contacting TÜV SÜD AG for a specific purpose

TÜV SÜD AG will process your enquiry in the contact form, based on its legitimate interest in contacting you in order to respond to your specific enquiry and processing your concern in the best possible manner. This corresponds with your own interest in the processing of your concern. To do so, we need your email address, your first name, last name and title, and the name of your company and the corresponding country/region.

In specific cases, your enquiry may necessitate the involvement of another TÜV SÜD company. In this case, we might have to transfer your enquiry-related data to another legal entity of TÜV SÜD in order to process your enquiry in the best possible and customer-friendly manner.

In some cases, we may also use service providers that process data to handle your enquiry (e.g. for email marketing, software development or support with the processing of customer enquiries). In these specified cases, the information will be transferred to such service providers to enable further processing. To ensure your data privacy is protected, we carefully select and regularly audit our external service providers.

3.2. Contacting other TÜV SÜD companies for a specific purpose

Various points on our website offer the possibility to contact a specific TÜV SÜD company. You can contact TÜV SÜD companies via the following channels in particular: by telephone or email, by entering your data in a contact form, by requesting further information material or as part of a request for quotation.
In the above cases, the TÜV SÜD company receiving your enquiry or request will be the controller responsible for data processing. Wherever you are offered the possibility to contact a TÜV SÜD company, we will also provide you with transparent information about the controller in the specific case. In these cases, the data will only be processed by the receiving TÜV SÜD company once the data has been sent.

3.3. Links to social networks

Our website uses social media buttons. The buttons show the logos of the respective social network. Please note that these buttons are only icons with embedded links. They are not social plugins. When you click one of these buttons, you leave our website and thus our sphere of responsibility.

4. Data processing by cookies, plugins and cookie banners

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. These cookies are set by us and referred to as first-party cookies. Depending on which of our websites you visit, we also use third-party cookies. These are cookies stored under a different domain from the one you are currently visiting. They are used in our advertising and marketing efforts and to help us understand your browsing behaviour on our website (e.g. which pages you access and how long you stay on the individual pages).

We use a cookie consent tool to manage our cookies and your cookie consent and its documentation. Below is a list of the types of cookies used on our websites (for a more detailed list see our Cookie Notice). We categorise cookies as follows

  • • Strictly necessary cookies
  • • Performance cookies

You can opt out of each entire cookie category (except strictly necessary cookies) by clicking the “Cookie Settings” button in the Cookie Notice of the website in question.

This page is available in various languages. The cookie consents requested by the cookie banner when you access our website apply to all cookies for all languages, and therefore all our national sites. Various national sites fall under the responsibility of different TÜV SÜD companies. Thus, by accepting cookies in our cookie banner you also give your consent to other legal entities of TÜV SÜD and TÜV SÜD AG. The Privacy Statements of the TÜV SÜD company that is the controller of the website can be found here.

4.1. Strictly necessary cookies

These cookies are necessary for the website to function. They cannot be deactivated in your systems. They are usually only set in response to actions taken by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. Most of these cookies are session cookies, which means they will be deleted automatically once you leave our website.

[+] We use cookies for the following actions:

  • Website display
    To display our website, we collect and save the Internet Protocol (IP) address assigned to your computer while you are browsing our website, in order to send the content accessed by you (e.g. texts, images and downloadable files etc.) to your computer. The website serves as the main presentation of TÜV SÜD to the outside world. Beyond the above, these cookies also help you navigate our website.
  • Protection from malfunctions and misuse, improvement of our website
    Our website processes personalised information on visitor behaviour, including your IP address and the times at which you access our website, for the purpose of identifying and tracking malfunctions or misuse of our online offers or telecommunication services and equipment and to improve website performance. This website uses services provided by Cloudflare (provider: Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA). Cloudflare operates a content delivery network (CDN) and provides website security features (web application firewall). Data transfer between your browser and our servers takes place through Cloudflare’s infrastructure, where it is analysed to prevent attacks. Cloudflare uses cookies for this purpose to enable you to access our website. The use of Cloudflare is in the interests of ensuring secure use of our website and of preventing malicious attacks from the outside. For more detailed information, see Cloudflare’s privacy policy. https://www.cloudflare.com/de-de/privacypolicy/
  • Opt-in/opt-out cookies in the cookie banner
    To comply with our obligations to document your consent given or not given or your withdrawal of consent, we save your decision in the opt-in or opt-out cookie.

For more detailed information about the cookies used and their specific lifespans, see our Cookie Notice.

4.2. Performance cookies

These cookies allow us to count visitors to our website and traffic sources, enabling us to measure and improve the performance of our site for your benefit and enhance your visitor experience. By measuring these performance indicators, we learn which pages are the most and least popular and how visitors navigate the site. If you do not accept these cookies, we will not know when you have accessed our site and will not be able to monitor its performance.

[+] We use cookies for the following actions:

  • Matomo
    We use Matomo (formerly known as Piwik), a web analytics service that analyses users’ browsing behaviour. Matomo software is supplied by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand.
    The statistics collected help us to improve our offer and make the website more interesting for you as a user. To this end, we process your truncated IP address and information about the pages of our website which you have accessed, about your browser and the time you have spent on our pages.
    We use Matomo with the “Automatically anonymize visitor IPs” setting. This means IP addresses are not stored in full. Instead, 2 bytes from the IP address are masked (e.g. 192.168.xxx.xxx), making it impossible to trace the truncated IP address back to the computer used to access the website.
    Users’ interest in the protection of their personal data is sufficiently taken into account through anonymisation of IP addresses, hosting on our company’s own servers, and the fact that we do not transfer any data to Matomo. These data will be erased as soon as they are no longer needed for the purposes for which we collected them or if you withdraw your consent.

5. Further recipients of personal data

Your personal data are passed on to law-enforcement authorities where this is necessary to clarify unlawful use of our services or for the purpose of asserting our legal rights. However, such a transfer will only take place if there is concrete evidence of illegal conduct or misuse. A transfer of personal data can also take place where this helps to enforce the terms and conditions of use or other agreements. We are also under legal obligation to provide information to certain public bodies on request. These include law-enforcement authorities, authorities prosecuting administrative offences punishable by a fine, and financial authorities.

6. Security

Personal data which you transfer through our website and the Internet are transferred in encrypted form. We use Transport Layer Security (TLS) encryption technology for this purpose. TLS technology encrypts and protects your personal data during transfer via our website and the Internet. Our website can include links to other websites. If you use such links you will be directed automatically to another website. We assume no liability for the data privacy regulations of such websites. For your own security, you should carefully read the data protection regulations of the websites concerned.

7. Changes to this privacy statement

The applicable version of this privacy statement can always be accessed at https://www.annualreport.tuvsud.com/.

Embedding of social plugins

Our website uses buttons for the following social networks

  • facebook, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA
  • Google+, Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
  • Twitter, Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA
  • Xing, XING AG, Gänsemarkt 43, 20354 Hamburg, Germany
  • YouTube, LLC, 901 Cherry Ave., San Bruno CA 94066, USA


The buttons show the logos of the individual social networks. However, the buttons are not standard social plugins, i.e. plugins provided by social networks, but links with button icons. These buttons are only activated by deliberate actions (clicking). As long as you do not click the buttons, no data will be transferred to the social networks. By clicking the buttons, you accept communication with the servers of the social network, thereby activating the buttons and establishing the link.

Once clicked, the button functions as a share plugin. The social network then obtains information about the site you have visited, which you can share with your friends and contacts. You need to be logged in to “share” information. If you are not logged in, you will be forwarded to the login page of the social network you have clicked, thereby leaving the pages of tuev-sued.de. If you are logged in, your “like” or recommendation of the article in question will be transmitted.

When you activate the button, the social networks will also receive the information that you accessed the respective page of our website and when you did so. In addition, information such as your IP address, details about the browser you used, and your language settings may be transmitted. If you click the button, your click will be transferred to the social network and used according to their data policy.

When you click the button we have no control over the data collected and the dataprocessing operations. We are not responsible for this data processing, nor are we the “controller” as defined in the GDPR. Neither are we aware of the full extent of data collection, its legal basis, purposes and storage periods. Given this, the information provided here is not necessarily complete.

The data will be transmitted irrespective of whether you actually have an account with this provider or whether you are logged in there. If you are logged in with the provider, your data will be assigned directly to your account. Providers may also use cookies on your computers to track you.

As far as we know, these providers store these data in user profiles which they use for advertising, market research and/or demand-oriented website design. This type of analysis is performed (also for users who are not logged in) to present demand-oriented advertising and inform other users of the social network of your activities on our website. You have the right to object to the creation of these user profiles. To exercise your right of objection, please contact the relevant provider.

Please consult the information provided by the following social media sites for details of the purpose and scope of data collection and of further processing and use of the data by the respective social network, and for your rights and privacy settings:


If you do not wish social networks to obtain data about you, do not click the button.

 

Standard periods for deletion of data:

Legislation has defined numerous data storage periods and obligations. At the end of these periods, the relevant data will be routinely deleted. Data that are not affected by the above storage periods and obligations are deleted or anonymized as soon as the purposes defined in this data privacy statement no longer apply. Unless this data privacy statement includes other deviating provisions for data storage, we will store any data we collect for as long as they are required for the above purposes for which they were collected.

Other data use and deletion of data

Any further processing or use of your personal data will generally only be carried out to the extent permitted on the basis of a legal regulation or where you have consented to data processing or data use. In the case of further processing for other purposes than the ones for which the data were originally collected, we will inform you about these other services and provide you with all other significant information before further processing.

Identification and prosecution of misuse

We will store any information for the identification and prosecution of misuse, in particular your IP address, for a maximum period of 7 days. Legal basis in this case is Art. 6 (1) lit. f GDPR. Our legitimate interest in keeping your data for 7 days is to ensure the functioning of our website and the business transacted via this website and to be able to fight off cyberattacks and similar malicious actions. Where appropriate, we may use anonymous information to tailor the design of our website to user needs.

 

Rights concerning the processing of personal data.

Right of access

On request, you have the right to obtain information from us about the personal data concerning you and processed by us, to the extent defined in Art. 15 GDPR. You can send your request either by mail or email to the addresses given below.

Right to rectification

You have the right to require us to rectify any inaccurate personal data concerning you without undue delay (Art. 16 GDPR). For this purpose, please contact the address given below.

Right to deletion

Where the legal reasons defined in Art. 17 GDPR apply, you have the right to immediate deletion (“right to be forgotten”) of personal data concerning you. These legal reasons include: the personal data are no longer necessary for the purposes for which they were processed, or you withdraw your consent, and there are no other legal grounds for processing; the data subject objects to the processing (and there are no overriding legitimate grounds for processing––does not apply to objections to direct advertising). To assert your above right, please contact the contact address given below.

 

Right to restriction of processing

If the criteria defined in Art. 18 GDPR are fulfilled, you have the right to restriction of processing as established in the above article of the GDPR. According to this article, restriction of processing may be called for in particular if processing is unlawful and the data subject opposes deletion of the personal data and requests the restriction of their use instead, or if the data subject has objected to processing according to Art. 21 (1) GDPR as long as it is unclear whether our legitimate interest overrides the interest of the data subject. To assert your above right, please contact the contact address given below.

Right to data portability

You have the right to data portability as defined in Art. 20 GDPR. This means you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, and have the right to transmit those data to another controller, such as another service provider. Prerequisite is that processing is based on consent or a contract, and is carried out using automated means. To assert your above right, please contact the contact address given below.

 

Right to object

You have the right to object at any time under Art. 21 GDPR to processing of personal data concerning you which is based on Art 6 (1) lit. e or f GDPR, on grounds relating to your particular situation. We will desist from processing your personal data unless we can demonstrate compelling legitimate grounds for processing which override your interests, rights, and freedoms, or unless processing is for the establishment, exercise, or defense of legal claims.To assert your above right, please contact the contact address given below.

 

Right to file a complaint with a supervisory authority

If you think that processing of personal data concerning you and carried out by us is unlawful or impermissible, you have the right to file a complaint with the supervisory authority responsible for us. You can contact this authority at

Bayerisches Landesamt für Datenschutzaufsicht (Bavarian State Office for Data Protection)

Promenade 27 (Schloss)

91522 Ansbach

Tel.: +49 (0) 981 53 1300

Fax: +49 (0) 981 53 98 1300

Email: poststelle@lda.bayern.de

 

Amendment of this data privacy statement

The current version of this data privacy statement can always be accessed at https://www.tuev-sued.de/servicelinks_en/privacy_statement.

 

Data Protection Officer

Please address any questions regarding the processing of your personal data, requests for information, applications, or complaints directly to our data protection officer, who will be happy to be of service.

Data Protection Officer

Peter Walko
TÜV SÜD Business Services GmbH

Westendstr. 199

80686 Munich

Tel.: +49 (0)89 5791 -2798

 

Contact data of the controller:

TÜV SÜD AG
Westendstr. 199
80686 Munich

Tel.: +49 (0) 89 5791-0

Email: info@tuev-sued.de

 

TÜV SÜD

Data Protection Officer

As at: March 2018