Privacy Policy of GTÜ Gesellschaft für Technische Überwachung mbH

We as the operator of the website www.gtue.de   (hereafter also referred to as “Website”) are deemed to be the Controller within the meaning of the applicable data protection law, in particular the General Data Protection Regulation (“GDPR”), of the personal data of the user (“You”) of this Website.

As part of our duties to provide information (Art. 13 et seq. GDPR), we are informing you in this document about the data that is processed when you visit our Website and the legal basis for such processing. We will also inform you about the technical and organisational measures we take to protect your data and about your rights vis-à-vis us and the responsible supervisory authority. 

1. Information on the Controller

GTÜ Gesellschaft für Technische Überwachung mbH
Vor dem Lauch 25
70567 Stuttgart
Tel.: 0711 97676-0
Fax: 0711 97676-199
E-mail: info@gtue.de 

2. Data Protection Officer

We have a company Data Protection Officer:

Florian Klytta
c/o DS-Compliance GmbH
Carlsplatz 24 · 40213 Düsseldorf
E-Mail: datenschutzbeauftragter@gtue.de

3. Processing of your personal data

a. Informational use of our Website

If you access our Website merely to visit it, log files are processed. These files are automatically logged by our system.

The following log files are automatically processed:

  • IP address of the requesting computer
  • Type of Internet browser used
  • Version of the Internet browser used
  • Operating system and its version
  • Pages accessed
  • Date and time of visit
  • Access status/http status code
  • Volume of data transmitted

The log files contain your IP address and possibly other personal data. This means that association of the data with you is in principle possible. However, we only store your data on a temporary basis and not together with other personal data.

The processing of the above-mentioned data is necessary for the provisioning of our Website. We also store the data in order to maintain the security of our IT systems. We have a legitimate interest in processing the data for these purposes on the legal basis of Art. 6 (1) (f) GDPR. The log files, which also contain your IP address, are promptly deleted or rendered anonymous as soon as they are no longer necessary to achieve the above-mentioned purposes, at the latest however after 14 days.

b. Contact form / vehicle inspection reminder

You can contact us electronically using our contact form, for example to give us feedback or to make an inquiry, or if you would like us to remind you about your next vehicle inspection. If you use this method of contact, you transmit the following data to us:

  • E-mail address (so we can contact you)
  • Form of address, surname (to prevent misuse)
  • Postcode (only for vehicle inspection reminder)
  • Car registration number (only for vehicle inspection reminder)
  • Next vehicle inspection (only for vehicle inspection reminder; for temporal assignment of information)
  • Your message

In addition to the data you voluntarily communicate to us, we also store data on the time (date and time) of the transmission of your data to us, as well as your IP address. We have a legitimate interest in processing this data (Art. 6 (1) (f) GDPR) in order to guarantee the security of our systems and to prevent improper use. This data, which we additionally collect when you contact us, is deleted as soon as it is no longer required, or at the latest when your reason for contacting us has been fully resolved.

By sending the contact form, you agree to our processing of your data. The legal basis for the processing of your data for the purposes of dealing with the reason for your contact is Art. 6 (1) (a) GDPR. The data is stored until it is no longer required to fulfil the purpose of the conversation with you and your reason for contacting us has been fully resolved.

If your reason for contacting us is to conclude a contract with us, the additional legal basis for the processing of your personal data is Art. 6 (1) (b) GDPR. This data is stored for as long as it is required to perform the contract. Beyond this, we only store your data to fulfil contractual or legal obligations (e.g. tax obligations).

c. Contact via e-mail

You have the option of contacting us by e-mail. We store the personal data transmitted in your e-mail. This data is not forwarded to third parties. It is processed exclusively for the purposes of dealing with the reason for your contact. The legal basis for the processing of your personal data is Art. 6 (1) (f) GDPR. The data is stored until it is no longer required to fulfil the purpose of the conversation with you and your reason for contacting us has been fully resolved.

If the purpose of your e-mail is to conclude a contract with us, the additional legal basis for the processing of your personal data is Art. 6 (1) (b) GDPR. This data is stored for as long as it is required to perform the contract. Beyond this, we only store your data to fulfil contractual or legal obligations (e.g. tax obligations).

You can withdraw the consent you have given us for the processing of your personal data at any time by indicating this in an e-mail to datenschutzbeauftragter@gtue.de . In this case, all personal data in the conversation will be deleted and a continuation of the conversation is not possible.

d. Newsletter

We offer you the opportunity to register for our newsletter for free on our Website. For this, we need your e-mail address as well as your declaration of consent. By sending the newsletter registration, you agree to our processing of your data.

Additional details, such as your name, are optional and are used to address you personally. The legal basis for the newsletter sending is Art. 6 (1) (b) GDPR in relation to your e-mail address, because this is how we provide our service to you, and Art. 6 (1) (a) GDPR in relation to additional optionally provided data.

We will not send the newsletter to you until we receive your confirmation that you wish to register. You do this by clicking a registration link in the confirmation e-mail sent to you for this purpose. This measure helps us to ensure that only you can personally register for the newsletter. Your confirmation of registration must be sent promptly after receiving the confirmation e-mail, as otherwise your registration for the newsletter will be automatically deleted from our database.

As part of your newsletter registration, we additionally store the time (date and time) of the transmission of your data to us, as well as your IP address. We have a legitimate interest in processing this data pursuant to Art. 6 (1) (f) GDPR in order to guarantee the security of our systems and prevent improper use.

We do not forward your data to third parties and we process it exclusively in connection with sending you the newsletter. The purpose of processing your e-mail address is to be able to send you the newsletter. The purpose of requesting additional data as part of the registration process is either to address you personally or also to guarantee the security of our services and prevent misuse of the e-mail address used.

We only store your data for as long as necessary to achieve our purpose. Your e-mail address is therefore stored for the period of your active newsletter subscription if you have consented to this. The data which we additionally collect automatically during your registration (IP address, date and time) is deleted at the latest when you end your newsletter subscription.

Right of objection / newsletter cancellation

You can cancel or terminate your subscription to our newsletter at any time. The link to do this is located at the end of every newsletter. By clicking the link, you withdraw your consent and/or object to further use of your data for the purposes of sending the newsletter. 

4. Cookies

We wish to make you aware that you can take measures yourself to prevent any Cookies being stored on your computer, or to allow only certain Cookies to be stored. You can do this by configuring the settings in your Internet browser. You can also view and delete the Cookies stored on your computer there.

If you block all Cookies, there is a possibility that not all of the functions of our Website will be available to you.

We use Cookies on our Website. Cookies are text files which are sent from our Web server to your browser when you visit our Website. The browser keeps the Cookies on your computer for retrieval the next time the Website is accessed. A Cookie therefore allows your Internet browser to be identified in your subsequent visits to the Website.

Third-party Cookies:

We use the Cookies of “third party providers” on our Website. This means that when you visit our Website, data from your Web browser is transmitted to the Web server of the third party and stored there.

Google Analytics

The analytics service Google Analytics of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereafter: “Google Analytics”) is implemented on our Website.

Google Analytics uses Cookies which store the following information:

  • Type of Internet browser used
  • Version of Internet browser
  • Operating system
  • Referrer (previously visited website)
  • Your shortened IP address
  • Time of server request

Name of Cookie

Purpose of Cookie

Storage period

utmc_

Time stamp with time the user left the website. Used by Google Analytics to calculate the length of a website visit.

until the end of the browser session

utma_

Collects data on the number of visits by a user to the website and data on the first and last visit.

2 years

__utmb

Used to determine new sessions/visits. The Cookie is created when the JavaScript library is executed and no __utmb Cookies are present. The Cookie is updated whenever data is sent to Google Analytics.

30 minutes

utmt_

Used to throttle the request rate

10 minutes after setting/renewing

utmz

Stores the traffic source or campaign explaining how the user reached your website. The Cookie is created on execution of the JavaScript library and updated whenever data is sent to Google Analytics.

6 months

We use the Google Analytics function to render your IP address anonymous prior to storage or processing. As a rule, your IP address is shortened within the European Union/EEA and only transmitted to Google servers in the USA after that. Pseudonymisation is used for the processing of your information and we will not consolidate the information with other personal data concerning you.

We use the data thus collected for statistics purposes, with a view to optimising our Website and offers. The legal basis for this is Art. 6 (1) (f) GDPR.

You can also prevent Google’s recording and processing of the data created by the Cookie and related to your use of the Website (incl. your IP address) by downloading and installing the browser plugin available at the following link (http://tools.google.com/dlpage/gaoptout?hl=de  ).

You can prevent the storage of Google Cookies directly in your browser settings yourself, or prevent the processing of your data by clicking on the link to “opt out”. This sets an “opt-out Cookie”, which prevents the collection of your user data on this Website.

Google’s Privacy Policy can be found at the following link: https://policies.google.com/privacy?hl=de 

5. Icon links to social networks

We use small icons on our Website to link to our online offering on third-party platforms (Facebook, Instagram, Twitter, YouTube, Xing and Google+). These are hyperlinks, which means that none of your data is automatically transmitted. Your data is only transmitted if you click on the icons and open a new tab with the third-party provider’s website in your browser.

6. Facebook fan page

https://www.facebook.com/GTUEmbH 

We operate a fan page on the social media platform Facebook (Facebook Inc., Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland (hereafter: “Facebook”), which we link to on our corporate homepage via the Facebook icon. As long as you do not click on the link, Facebook will not receive any of your data. If you do click on the link, for example to view our Facebook page or to “like” our site, Facebook will receive data from you (the type of data received by Facebook also depends on whether or not you are logged in to Facebook at the time of clicking the link). While Facebook uses this data under its own responsibility inter alia in order to create profiles and generate what are known as custom audiences, all we are able to see on our corporate homepage is aggregated data, i.e. statistics, which do not allow any reference to a specific person. We have legitimate interests in linking to our social media presence on Facebook and the associated processing of data. The legal basis for this is Art. 6 (1) (f) GDPR. Facebook’s Privacy Policy is available here: https://www.facebook.com/policy.php 

7. Other third-party content incorporated into our Website

YouTube

In order to make the design of our Website more appealing, we incorporate videos from YouTube, owned by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereafter: “YouTube”). In this connection, we use privacy-enhanced mode so that information about you is only shared with YouTube if you activate the video by clicking the play button on the video.

If you activate the video, YouTube employs Cookies to collect information for analytics purposes and to improve user-friendliness. According to YouTube, pseudonymisation is used for processing the data. However, if you are logged in to your Google or YouTube account, the data can if applicable be directly linked with your YouTube account.

More information on data protection, including the period of storage of your data on YouTube, can be found in Google’s Privacy Policy: https://policies.google.com/privacy?hl=de&gl=de  .

The legal basis for the incorporation of the YouTube service in our Website and the associated processing of your data is Art. 6 (1) (f) GDPR.

8. Applicant data

You can browse our Website for job vacancies in our team and submit your application to us via e-mail. We process your data in order to deal with your application, which means that your application is looked at by the employees responsible for screening candidates. Your data is not forwarded to third parties and we do not use your data for other purposes.

We store your applicant data. If we reject your application, we only store the data for as long as necessary, at most for six months, unless you give us your consent to store the applicant data for a longer period, for example to contact you at a later date.

The legal basis for the processing of your data is § 26 BDSG [Federal Data Protection Act] and Art. 88 GDPR.

9. Your rights

If we process your data, you are a “data subject” within the meaning of the GDPR. As such, you have the following rights: right of access, right to rectification, right to restriction of processing, right to erasure, right to notification and the right to data portability. In addition, you have a right to object and a right to withdraw.

We have provided details of the individual rights below: 

a. Right of access

You have the right to ask us for confirmation that we process your personal data.

Provided that we do process your personal data, you have the right to access the following information:

  • the purposes of the processing
  • the categories of personal data concerned;
  • the recipients or categories of recipient to whom your personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
  • where possible, the envisaged period for which your personal data will be stored, or, if not possible, the criteria used to determine that period;
  • the existence of the right to request from the controller rectification or erasure of personal data or restriction of our processing of personal data or to object to such processing;
  • the right to lodge a complaint with a supervisory authority;
  • where the personal data are not collected from you, any available information as to their source;
  • the existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.

Where we transfer your data to an international organisation or to an third country, you also have the right to be informed of the appropriate safeguards pursuant to Art. 46 GDPR relating to the transfer.

b. Right to rectification

You have the right to rectification and/or completion of the data concerning you which we have stored if this data is inaccurate or incomplete. We rectify or complete the information without undue delay.

c. Right to restriction of processing

Subject to certain conditions, you have the right to ask us to restrict the processing of your personal data. This right only applies if at least one of the following conditions is fulfilled: 

  • You contest the accuracy of the personal data, for a period which enables us to verify the accuracy of the personal data,
  • The processing is unlawful and you oppose the erasure of the personal data and request the restriction of the use of the personal data instead;
  • We no longer need the personal data for the purposes of the processing, but it is required by you for the establishment, exercise or defence of legal claims, or
  • You have objected to the processing pursuant to Art. 21 (1) GDPR, pending the verification whether our legitimate interests override your interests.

 d. Right to erasure

You have the right to ask us to erase your personal data without undue delay if we have an obligation to do so. This is the case where one of the following grounds applies:

  • Your personal data are no longer necessary in relation to the purposes for which it was collected or otherwise processed.
  • You withdraw your consent on which the processing was based according to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR, and where there is no other legal ground for the processing.
  • You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
  • Your personal data have been unlawfully processed.
  • The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which we are subject.
  • Your personal data have been collected in relation to the offer of information society services referred to in Art. 8 (1) GDPR.

Where we have made your personal data public and are obliged pursuant to paragraph 1 to erase your personal data, we, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers which are processing the personal data that you have requested the erasure by us of any links to, or copies or replications of, those personal data. 

Your right to erasure shall not, however, apply to the extent that processing is necessary on the following grounds (exceptions):

  • for exercising the right of freedom of expression and information;
  • for compliance with a legal obligation which requires processing by Union or Member State law to which we are subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
  • for reasons of public interest in the area of public health in accordance with Art. 9 (2) (h) and (i) and Art. 9 (3) GDPR;
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 (1) GDPR in so far as the right referred to in (1) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  • for the establishment, exercise or defence of legal claims.

 e. Right to notification

If you have exercised your right to rectification, erasure or restriction of processing vis-à-vis us, we are then obliged to notify all recipients to whom we disclosed your personal data of the rectification, erasure or restriction of processing of your data, unless this proves impossible or involves disproportionate effort.

 f. Right to data portability

You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller, where:

(1)    the processing is based on consent pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) and

(2)    the processing is carried out by automated means.

In exercising the above right, you have the right to have your personal data transmitted directly to another controller, where technically feasible and where the freedoms and rights of other persons are not impaired hereby.

This right to data portability does not apply if the processing was necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

g. Right to object

You have the right to object, on grounds relating to you particular situation, at any time to processing of your personal data which is based on Art. 6 (1) (e) or (f) GDPR. This also applies to profiling based on these provisions.

We will no longer process your personal data after your objection unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Where we process your personal data for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing. This includes profiling to the extent that it is related to such direct marketing.

Where you object to the processing of your personal data for direct marketing purposes, we will no longer process it for such purposes. 

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC (Privacy and Electronic Communications Directive), you may exercise your right to object by automated means using technical specifications.

 h. Right to withdraw

You have the right to withdraw your consent at any time in accordance with Art. 7 (3) GDPR. The lawfulness of the processing does not become retrospectively invalid if you withdraw your consent.

 i. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR.

The following link contains the contact details of the Regional Data Protection Officers responsible for the federal states in Germany:

https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html  .

10. Up-to-date status and amendment of this Privacy Policy

(Valid as of: 25 May 2018)