Data Privacy

Data protection declaration of TÜV Rheinland Akademie GmbH

TÜV Rheinland Akademie GmbH welcomes you to our weblog and is pleased about your interest in our blog posts. Data protection and data security for our customers and users have, from time immemorial, been of great significance to us. The protection of your personal data is therefore very important and a special concern of ours.

General guidelines and mandatory information

This privacy policy gives you an overview of the type of data collected by TRA and what happens to your personal data when you visit our weblog. We shall treat your personal data confidentially and in compliance with the legal data protection regulations as well as this privacy policy. When you visit our weblog, your browsing behavior can be statistically evaluated. This is mainly done using cookies, analysis tools and tools of third-party providers. In principle, your browsing behavior is analyzed anonymously; this browsing behavior cannot be traced back to you. You can object to this analysis or prevent it by avoiding the use of particular tools. Detailed information about this can be found in the following guidelines to our privacy policy.

Information about the collection of personal data

1.) In the following sections we shall inform you about the collection and further processing of personal data when you visit our weblog. Personal data refers to all data which relates to you personally or with which you can be identified personally, e.g. name, address, e-mail address, or user behavior.

2.) The Controller, according to Article 4(7) of the EU General Data Protection Regulation (GDPR), is

TÜV Rheinland Akademie GmbH
Alboinstraße 56
12103 Berlin, Germany

Represented by the Board of Directors: Markus Dohm, Dr. Steffi Artl, Andreas Ollhoff

Tel.: +49 (0) 221 / 806 – 0
Fax: +49 (0) 221 / 806 – 114
E-Mail: ta-info@de.tuv.com

For the following weblog: tr-academy.com

3.) You can reach our legally designated data protection specialist at:
a.) datenschutz-akademie@de.tuv.com with the subject line “Data protection specialist”
b.) or through our postal address with the tag “Data protection specialist”.

4.) When you contact us by e-mail or via a contact form, we shall store the personal data you submit to us (your e-mail address, your name and your telephone number, if necessary) for purposes of responding to your questions. We shall delete the data connected with this event as soon as its storage is no longer required, or we shall restrict the processing of this data if there are any legal obligations necessitating its storage.

5.) If we engage contracted service providers for individual functions of our service provision, or if we want to use your data for advertising purposes, we shall hereafter inform you in detail about the respective procedures. At the same time, we shall also tell you the fixed criteria for the storage duration.

6.) Insofar as your inquiry necessitates the transmission of personal data to particular recipients, the data will also be shared with third parties. This will always take place within the framework of legal regulations.

7.) This weblog uses SSL and/or TLS encryption for security reasons and to protect the transmission of confidential contents, e.g. submitted contents of a form. If the encryption is activated, the data transmitted to us cannot be read by third parties. You can recognise an encrypted connection by the fact that the address bar of your browser changes from “http://” to “https://” and by the lock symbol in the browser bar.

8.) The use of the contact details published in connection with the obligatory legal notice for sending not explicitly solicited advertising and information material is hereby excluded. The operators of the weblog reserve the right to take express legal steps in the event of unsolicited circulation of advertising information, for example through spam e-mails.

Your rights

1.) You can assert the following rights against us regarding your personal data:
a.) Right to information,
b.) Right to rectification or erasure of personal data,
c.) Right to restriction of processing,
d.) Right of objection to the processing,
e.) Right to data portability.

2.) You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.

Collection of personal data when you visit our weblog

1.) If you are simply visiting our weblog for information purposes, and not to register or send us any information at all, we shall still collect the following personal data which will be transmitted to our server by your browser.

a.) IP address
b.) Date and time of your inquiry
c.) Time zone difference to Greenwich Mean Time (GMT)
d.) Contents of the request (precise page)
e.) Access status / HTTP status code
f.) The respective amount of data transmitted
g.) Website originating the request
h.) Browser
i.) Operating system and its interface
j.) Language and version of the browser software

The legal basis for the processing of your data is Article 6(1)(f) of the GDPR, which allows the processing of technically requisite data that ensures a stable and secure operation of the weblog.

2.) In addition to the data mentioned earlier, cookies are stored on your computer when you visit our weblog. Cookies are small text files which are stored on your hard disk and associated with the browser you use; through these cookies, information is transmitted to the institution which has placed the cookie on your computer (here, our organisation). Cookies cannot run any programmes on or transmit viruses to your computer. They serve to make our web content more user-friendly and more effective as a whole.

3.) Use of cookies:
a.) This weblog uses the following types of cookies, whose scope and functionality is described here below:
I.) Transient cookies (refer to b)
II.) Persistent cookies (refer to c)
b.) Transient cookies are automatically deleted when you close the browser. These include, in particular, session cookies. This type of cookie stores what is known as a “session ID” with which different requests from your browser can be assigned to the common session. Through this, your computer can be recognized the next time you visit our website. Session cookies are deleted when you log out or when you close the browser.
c.) Persistent cookies are deleted after a pre-determined time, which can vary from one cookie to the next. You can delete cookies at any time through the security settings of the browser.
d.) You can configure your browser settings according to your wishes and reject the placement of third-party cookies, for instance, or of all cookies. We would like to point out that in this case you may not be able to use all the functions on this website to the fullest extent.

The legal basis for the processing of your data in this case is still Article 6(1)(f) of the GDPR (e.g. for proper operation of the weblog). Insofar as other cookies (e.g. cookies for analysis of your browsing behavior) are stored on your computer, these will be treated separately in our privacy policy.

Other functions and services of our weblog

1.) Apart from the purely informative use of our weblog, we also offer various services which you can use if interested. To do this, you generally have to give us more personal data, which we shall use to provide the respective service and for which the previously outlined principles of data processing apply.

2.) We shall partly engage external service providers to process your data. These have been carefully selected and commissioned by us; they are bound by our instructions and are regularly monitored by us.

3.) Furthermore, we can share your personal data with third parties if we have arranged to participate in promotions, competitions, conclusion of contracts or other similar services in collaboration with our partners. You can get more information about this by providing your personal details or in the subsequent description of the service offered.

4.) Provided that our service providers or partners have their headquarters in a country outside the European Economic Area (EEA), we shall inform you about the consequences of this state of affairs in the description of the service offered.

Objection to or revocation of the processing of your data

1.) If you have consented to the processing of your data, you can always revoke this consent at any time. After you have expressed such a revocation to us, it will influence the permissibility of processing your personal data.

2.) Provided that we are basing the processing of your personal data on the need to balance interests, you can raise an objection to this processing of your data. This is the case if the processing is not required in particular to fulfil a contract with you, a fact which we endeavor to outline in the subsequent description of the respective functions. When exercising such a right of objection, we request that you outline the reasons why we should not process your personal data in the manner we have described. If you present to us your reasons, we shall check the circumstances and either stop and/or adjust the processing of the data, or present compelling counterarguments for continuing with the data processing.

3.) You can of course object to the processing of your personal data for purposes of advertising and data analysis at any time. You can inform us of your objection to the use of your data for advertising through the following contact address: By e-mail to ta-info@de.tuv.com or by post to TÜV Rheinland Akademie GmbH, Alboinstraße 56, 12103 Berlin, Germany.

Analysis tools and advertising

Use of Matomo (formerly Piwik)

1.) This weblog uses the web analytics service Matomo to analyze and regularly improve the use of our website. The statistics obtained allow us to improve our offer and make it more interesting for you as a user. The legal basis for the use of Matomo is Art. 6 para. 1 p. 1 lit. F DS-GVO.

2.) For this evaluation, cookies (more details in § 3) are stored on your computer. The information collected in this way is stored by TÜV Rheinland Akademie GmbH exclusively on its server in Germany. You can set the evaluation by deleting existing cookies and preventing the storage of cookies. If you prevent the storage of cookies, we point out that you may not be able to use this website in full. The prevention of the storage of cookies is possible through the setting in your browser. Preventing the use of Matomo is possible by unchecking the following box to enable the opt-out plug-in:

3.) This website uses Matomo with the extension “AnonymizeIP”. This means that IP addresses are processed in abbreviated form, which means that they cannot be directly linked to a specific person. The IP address transmitted by your browser via Matomo is not merged with other data collected by us.

You have the option to prevent actions you take here from being analyzed and linked. This will protect your privacy, but will also prevent the owner from learning from your actions and improving the usability for you and other users.

4.) The Matomo program is an open source project. Information from the third-party provider on data protection is available at http://matomo.org/privacy/policy.

Push notifications

You can activate the receipt of so-called push notifications. For this purpose, we use the “Signalize” service, which is operated by etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Germany (hereinafter referred to as “Signalize”).

Through our push notifications, you will regularly receive information on our latest blog posts, recommendations for seminars, conferences, training courses, certificates as well as free webinars, industry-specific news on standards, guidelines and laws, etc., interesting practical information (whitepapers, checklists, job aids…) as well as exclusive reports and interviews.

To sign up for the push notifications, you need to confirm your browser or device’s request to receive the push notifications. This process is documented by Signalize and only anonymous data is stored. This makes it possible to determine whether a notification was delivered and whether it was clicked on.
Which and how long data is stored can be viewed at the following link: https://stage20.signalize.com/docs/sonstiges/von-signalize-verwendete-cookies/. This data is used to be able to send you the push notifications. In addition, we evaluate push notifications statistically and can thus recognize whether and when push notifications were displayed and clicked on. This enables us to determine which push notifications interest the recipients.

The legal basis for this processing is your consent and thus Art. 6 para. 1 lit. a DSGVO.

You can revoke your consent to the storage and use of your personal data to receive push notifications at any time with effect for the future. You can revoke your consent in the settings of your browser or device.

Information about deactivation for push notifications can be found here.

Social media plug-ins

1.) We currently use the following social media plug-ins on our website:
a.) Facebook
b.) Twitter
c.) LinkedIn
d.) Xing
e.) WhatsApp
f.) YouTube
g.) Google+
h.) Pinterest
i.) Instagram

2.) We use the two-click solution. This means that when you visit our site, no personal data is sent initially to the plug-in providers. You can identify the provider of the plug-in by the marking on the box, via the provider’s initial letters or logo. We give you the opportunity to communicate directly with the plug-in provider via the button. The plug-in provider will receive the information that you have visited the relevant page on our website only if you click on the marked field and thereby activate it. In addition, the data specified in Part 1, Section 3 of this policy will be transmitted. In the case of Facebook, according to this provider, the IP address is anonymised immediately after being collected in Germany. When the plug-in is activated, your personal data is therefore sent to the relevant plug-in provider and stored there (in the case of US providers, in the USA). Because the plug-in providers carry out data collection using cookies in particular, we recommend deleting all cookies via the security settings in your browser before clicking on the greyed-out box.

3.) We have no influence on the data collected or on the data processing operations, nor do we know the full scope of the data collection, the purposes of the processing or the retention periods. We also have no information regarding the erasure of the collected data by the plug-in providers.

4.) The plug-in provider stores the data collected regarding you as usage profiles and uses these for advertising and market research purposes and/or for ensuring that its website is designed in accordance with requirements. Such use is carried out in particular (including for users who are not logged in) for the purposes of displaying appropriate advertising and informing other users on the social network about your activities on our website. You have a right to object to the creation of these user profiles. To assert this right, you must contact the relevant plug-in provider. Via the plug-ins, we offer you the opportunity to interact with social networks and other users so that we can improve the experience we offer and make it more interesting for you as a user. The legal basis for the use of plug-ins is Art. 6(1)(1)(f) GDPR.

5.) The data transfer takes place irrespective of whether or not you have an account with the plug-in provider and are logged into your account. If you are logged into your account with the plug-in provider, your data collected on our website will be linked directly to this account. If you click on the activated button and e.g. link the page, the plug-in provider also stores this information in your user account and shares it publicly with your contacts. We recommend regularly logging out after using a social network, in particular before activating the button, as in this way you can prevent a link being made by the plug-in provider to your profile.

6.) Further information on the purpose and scope of the collection and processing of data by the plug-in provider is available in the privacy policies of these providers listed below. In these privacy policies, you can also find further information on your associated rights and setting options for protecting your privacy.

7.) Addresses of the relevant plug-in providers and URLs for their privacy policies:
a.) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php ; further information on data collection: http://www.facebook.com/help/186325668085084 , http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo . Facebook has joined the EU-U.S. Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

b.) Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy . Twitter has joined the EU-U.S. Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

c.) LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy . LinkedIn has joined the EU-U.S. Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

d.) Xing AG, Gänsemarkt 43, 20354 Hamburg, DE; http://www.xing.com/privacy.

e.) WhatsApp / Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; https://www.whatsapp.com/legal/#terms-of-service further information on data collection.

f.) YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. Die YouTube, LLC ist eine Tochtergesellschaft der Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

g.) Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=en . Google has joined the EU-U.S. Privacy Shield, https://www.privacyshield.gov/EU-US-Framework .

h.) Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103-490, USA (“Pinterest”) https://policy.pinterest.com/en/privacy-policy further information on data collection

i.) Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA; https://help.instagram.com/155833707900388/

Integration of YouTube videos

1.) We have integrated YouTube videos in our website. These videos are stored on http://www.YouTube.com and can be played directly from our website. The videos are all integrated in “enhanced data protection mode”, meaning that no data regarding you as a user is transmitted to YouTube if you do not play the videos. The data specified in paragraph 2 is transmitted only when you play the videos. We have no influence over this data transmission.

2.) Through the visit to the website, YouTube receives the information that you have accessed the relevant page on our website. In addition, the data specified in Part 1, Section 3 of this policy will be transmitted. This takes place irrespective of whether you have a user account with YouTube that you are logged into or whether no user account exists. If you are logged in on Google, your data will be linked directly to your account. If you do not want your data to be linked to your YouTube profile, you must log out before activating the button. YouTube stores your data as usage profiles and uses it for advertising and market research purposes and/or for ensuring that its website is designed in accordance with requirements. Such an evaluation is carried out in particular (even for users who are not logged in) to provide appropriate advertising and to inform other users on the social network about your activities on our website. You have a right to object to the creation of these user profiles. To assert this right, you must contact YouTube.

3.) Further information on the purpose and scope of the collection and processing of data by YouTube is available in the privacy policy. Here, you can also find further information on your rights and setting options for protecting your privacy: https://www.google.com/intl/en/policies/privacy . Google also processes your personal data in the USA and has joined the EU-U.S. Privacy Shield, https://www.privacyshield.gov/EU-US-Framework .