Privacy Notice: Data protection
We would like to inform you about the processing of personal data carried out by TÜV SÜD Akademie.
TÜV SÜD Akademie, Westendstr. 160, 80339 Munich, Germany (TÜV SÜD, we) is responsible for processing your personal data in accordance with the General Data Protection Regulation (GDPR). You can contact our data protection officer by mail at TÜV SÜD Business Services GmbH, Westendstr. 199, 80686 Munich, Germany, with the addition "AKD Datenschutz" or by e-mail at email@example.com.
In the following, we have compiled the most important information on typical data processing for you, separated by topics and data subjects. For certain data processing that only affect specific groups, the information obligations are fulfilled separately.
If the term "data" is used in the text, only personal data within the meaning of the GDPR is meant.
1. General information and rights of data subjects
Your rights as data subject
If you have any questions about the processing of your personal data by us, we will of course be happy to provide you with information about the data concerning you (Art. 15 GDPR). In addition, if the legal requirements according to the GDPR are met, you have the right to correction (Art. 16 GDPR), restriction of processing (Art. 18 GDPR), objection to processing (Art. 21 GDPR) and the right to data transferability (Art. 20 GDPR). Finally, you have the right to complain to a competent data protection supervisory authority (Art. 77 GDPR, Section 19 Federal Data Protection Act).
Your right of objection
If you wish to revoke a granted consent or object to the processing of your personal data for advertising purposes or due to your special situation, a short message to our data protection officer by e-mail to firstname.lastname@example.org or by post to TÜV SÜD Business Services GmbH, AKD Datenschutz, Westendstr. 199, 80686 Munich is sufficient at any time.
2. Privacy notice according to Art. 13 and Art. 14 GDPR for customers and seminar participants (open, in-house and online)
We process your data for the purpose of providing services in connection with the execution of the respective legal transaction and for invoicing (Art. 6 section 1 b DSGVO, Art. 6 section 1 f DSGVO). In addition, we process your personal data in order to inform you by post about products, services and specialist events for training and further education and personal certification as well as due examinations from these areas and for customer analyses (Art. 6 section 1 f DSGVO).
With your consent, which can be revoked at any time, we will also inform you about these topics by e-mail (§7 section 2 no. 3 UWG, Art. 6 section 1 a GDPR). We also inform our business customers about this by telephone (§ 7 section 2 no. 2 UC). Your personal data will not be transferred to third countries. We store your contract data and the associated documents for 10 years after termination of the business relationship (§ 147 section 3 General Fiscal Law), other trade and business letters for 6 years (§ 257 section 4 German Commercial Code), unless other legal provisions or regulations apply.
3. Privacy information for participants of VC trainings (‚virtual classroom‘) and online events
The processed data is your registration data (surname, first name, email address) from the event. If you activate the camera and / or the microphone of your device, we also process the transmitted data. If you take part in chats, whiteboards or voting, this data will also be processed.
The legal basis for the processing of data from participants in events is Art. 6 section 1 b GDPR (contract for the implementation of the event), Art. 6 section 1 f GDPR (legitimate interest of the person responsible to provide his service to third parties such as the employer of participants) and Art. 6 section 1 c GDPR (legal obligations, in particular tax and commercial regulations). The legal basis for possible data processing in third countries when using Microsoft Teams is your consent (Art. 6 section 1 a GDPR). In the USA there is no data protection level comparable to the requirements of the GDPR. It is possible for government agencies to access personal data without us or you knowing about it. An effective enforcement of your rights is probably not possible in the USA.
By joining the online event, the participant consents to the processing of his or her personal data.
We use processors (service providers) in particular for the provision, maintenance and care of IT systems.
We store your contract data and the associated documents for 10 years after termination of the business relationship (§ 147 section 3 General Fiscal Law), other trade and business letters for 6 years (§ 257 section 4 German Commercial Code), unless other legal provisions or regulations apply.
The specification of the registration data is contractually binding for the participation in digital events.
4. Privacy notice according to Art. 13 for trainers
We process your personal data for the purposes of trainer accreditation and trainer management as part of the implementation of contractual or pre-contractual measures (Art. 6(1b) GDPR, Art. 6(1f) GDPR). Further we process your data to inform you by mail about products, services, subject specific events and due examinations regarding training, professional development and personnel certification as well as for customer analysis purposes (Art. 6(1f) GDPR).
With your consent, which is revocable at any time, we additionally inform you about this topics via email (section 7 (2.3) of the Law against unfair Competition [UWG], Art. 6(1a) GDPR). Our business clients are additionally informed by telephone (section 7 (2.2) of the Law against unfair Competition [UWG]).
If you order products or services from us, or when you attend subject specific events organised by us, our service providers and we will process your personal data in order to carry out the respective transaction and for the purposes of invoicing (Article 6 (1b) GDPR). In individual cases, as part of checks carried out by TÜV SÜD Akademie GmbH, your personal data will be passed on to accreditation and review bodies (e.g. authorities, accreditation bodies, German Federal Labour Office). We use processors (service providers) in particular for the provision, maintenance and care of IT systems.
Personal data is not transfered to third countries.
We will store your contract data and any related documents for a period of 10 years (section 147 (3) of the German General Tax Code [AO]) and other trade and business correspondence for a period of 6 years (section 257 (4) of the German Commercial Code [HGB]), unless there are other statutory provisions or regulations that apply.
5. Privacy information for interested parties and communication partners
We process the personal data of interested parties and communication partners for the purpose of communicating with those affected. There are no plans to change these purposes.
The legal basis for the processing of data from interested parties and communication partners is Art. 6 section 1 f GDPR (legitimate interest of the person responsible to contact interested parties and communication partners).
We use processors (service providers) in particular for the provision, maintenance and care of IT systems.
Inquiries and communications are automatically deleted after two calendar years.
6. Privacy information for visitors of social media platforms
We are represented on several social media platforms with a company page. We would like to offer further possibilities to inform about our company and for interaction.
If you visit or interact with a profile on a social media platform, personal data about you may be processed. The information associated with a social media profile used also regularly represents personal data. This also includes messages and statements made using the profile. In addition, certain information is often automatically collected during your visit to a social media profile, which can also represent personal data.
When you visit our Facebook page, through which we present our company or individual products, certain information about you is processed. Facebook Ireland Ltd (Ireland / EU - “Facebook”) is solely responsible for this processing of personal data. Further information on the processing of personal data by Facebook is available at https://www.facebook.com/privacy/explanation.
Facebook offers the possibility to object to certain data processing; Related information and opt-out options can be found at https://www.facebook.com/settings?tab=ads.
Facebook provides us with statistics and insights for our Facebook page in anonymised form, by which we obtain information about the types of actions that people take on our page (so-called "page insights"). These page insights are created on the basis of certain information about people who have visited our site. This processing of personal data is carried out by Facebook and us as Joint controllers according to GDPR. The processing serves our legitimate interest in evaluating the types of actions taken on our site and improving our site based on this knowledge. The legal basis for this processing is Art. 6 Para. 1 lit.f GDPR. We cannot assign the information obtained via the page insights to individual Facebook profiles that interact with our Facebook page. We have an agreement with Facebook about processing as Joint controllers, in which the distribution of data protection obligations between us and Facebook is specified. For details about the processing of personal data for the creation of page insights and the agreement concluded between us and Facebook, please visit https://www.facebook.com/legal/terms/information_about_page_insights_data.
With regard to this data processing, you have the opportunity to assert your rights as a data subject (see “Your rights”) against Facebook. Further information can be found in Facebook's data protection declaration at https://www.facebook.com/privacy/explanation.
Please note that in accordance with Facebook's data protection regulations, user data is also processed in the USA or other third countries. Facebook only transfers user data to countries for which the European Commission has issued an adequacy decision in according to Art. 45 GDPR or on the basis of appropriate safeguards under Art. 46 GDPR.
The LinkedIn Ireland Unlimited Company (Ireland / EU - "LinkedIn") is controller for the processing of personal data when you visit our LinkedIn page. Further information on the processing of personal data by LinkedIn is available at https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.
If you visit our LinkedIn company page or follow this page, LinkedIn processes personal data in order to provide us with statistics and insights in an anonymised form. This gives us information about the types of actions that people undertake on our site (so-called page insights). For this purpose, LinkedIn processes data that you have already made available to LinkedIn via the information in your profile, such as: data on function, country, industry, seniority, company size and employment status. In addition, LinkedIn will process information about how you interact with our LinkedIn company page, e.g. whether you are a follower of our LinkedIn company page. With the page insights, LinkedIn does not provide us with any personal data about you. We only have access to the aggregated page insights. It is also not possible for us to draw conclusions about individual members from the information in the page insights. This processing of personal data in the context of page insights is carried out by LinkedIn and us as jointly responsible. The processing serves our legitimate interest in evaluating the types of actions taken on our LinkedIn company page and to improve our company page based on this knowledge. The legal basis for this processing is Article 6 Paragraph 1 Letter f GDPR. We have an agreement with LinkedIn on processing as Joint controllers, in which the distribution of data protection obligations between us and LinkedIn is specified. The agreement is available at: https://legal.linkedin.com/pages-joint-controller-addendum.
The following applies:
LinkedIn and we have agreed that LinkedIn is responsible for enabling you to exercise your rights under the GDPR. You can do this on LinkedIn via the following link (https://www.linkedin.com/help/linkedin/ask/PPQ?lang=de).You can contact the data protection officer at LinkedIn Ireland via the following link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO.You can also contact us using our contact details to exercise your rights in connection with the processing of personal data as part of the page insights. In such a case, we will forward your request to LinkedIn.
LinkedIn and we have agreed that the Irish Data Protection Commission is the lead supervisory authority overseeing the processing for Page Insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see www.dataprotection.ie) or any other regulatory authority.
Please note that in accordance with LinkedIn's data protection regulations, user data is also processed in the USA or other third countries. LinkedIn only transfers user data to countries for which the European Commission has issued an adequacy decision in according to Art. 45 GDPR or on the basis of appropriate safeguards under Art. 46 GDPR.
New Work SE (Germany / EU) is controller for the processing of personal data when you visit our XING profile. Further information on the processing of personal data by New Work SE is available at https://privacy.xing.com/de/datenschutzerklaerung.
TÜV SÜD Akademie GmbH, Status: 26.01.2021