Privacy

Privacy Policy (Art. 13 GDPR)

Data protection declaration and consent to use of data

for the website www.rwtuev.de

Data protection is a matter of trust, and we take this trust very seriously. The protection of your personal data and the safeguarding of your privacy are central concerns for us. We process your data exclusively in accordance with the applicable data protection regulations, in particular the General Data Protection Regulation (GDPR) and the relevant national data protection laws.

We only collect, process, and use personal data if there is a legal basis for doing so. This is particularly the case if you have given us your consent (Art. 6(1)(a) GDPR), if processing is necessary for the performance of a contract or for the implementation of pre-contractual measures (Art. 6(1)(b) GDPR), or if we are legally obligated to process the data or if we have a legitimate interest (Art. 6(1)(c) and (f) GDPR).

Your data will only be passed on to third parties within the scope of legal requirements and only to the extent necessary to fulfill the stated purposes. Your data will not be sold. Furthermore, we work exclusively with service providers and partners who ensure an appropriate level of data protection.

With the following information, we will comprehensively inform you about what personal data we collect when you use our website, for what purposes we process it, and what rights you have.

You have the option to save or print this privacy policy at any time, using the corresponding functions of your browser.

1. General Information

The protection of your personal data is important to us, RWTÜV GmbH. We process your personal data exclusively in accordance with the applicable data protection regulations, in particular the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and the German Telecommunications Telemedia Data Protection Act (TTDSG).
With the following privacy policy, we inform you comprehensively about the type, scope, and purpose of the processing of personal data on our website, as well as your rights.

2. Person in Charge

RWTÜV GmbH
Kronprinzenstrasse 30
45128 Essen
Germany
Phone: +49 (0)201 1252-0
E-Mail: info@rwtuev.de
www.rwtuev.de

3. Data Protection Officer

TÜV Informationstechnik GmbH
Am TÜV 1
45307 Essen
E-Mail: s.kessler@tuvit.de

4. General Principles of Data Processing

We process personal data only to the extent that:

you have consented to this (Art. 6 para. 1 lit. a GDPR),
processing is necessary for the performance of a contract or in order to take steps prior to entering into a contract (Art. 6(1)(b) GDPR),
there is a legal obligation (Art. 6(1)(c) GDPR),
or we have a legitimate interest in doing so (Art. 6 para. 1 lit. f GDPR).

Your data will only be passed on if this is legally permissible or if you have consented.

5. Website Deployment and Log Files

When you visit our website, the following data is automatically collected:

IP address (truncated or anonymized)

  • Date and time of access
  • Browser type and version
  • Operating System
  • Referrer URL

These data are stored in log files.

Purpose of processing

  • Ensuring stable and secure website operation
  • Failure analysis
  • Abuse detection

Legal basis

Art. 6 Para. 1 lit. f GDPR

Storage duration

The data will be deleted or anonymized no later than 7 days.

6. Consent Management (Borlabs Cookie)

We use the Borlabs Cookie tool to manage consents.
Borlabs Cookie is a locally hosted consent management solution. No personal data is transferred to third parties.

Processed Data

  • Consent Status (Consent ID)
  • Point in time of the decision
  • Selected cookie categories

Purpose

Obtaining and Documenting Consents
Control of External Service Activation

Legal basis

  • § 25 para. 2 TTDSG
  • Art. 6 Para. 1 lit. f GDPR

7. Cookies

Our website uses cookies and similar technologies.

Categories

  • Essential cookies (e.g., Borlabs Cookie)
  • Statistics cookies (e.g., Matomo)
  • External media (e.g., Vimeo, YouTube)

Non-essential cookies are only set with your consent.

Legal basis

§ 25 TTDSG in conjunction with Art. 6 GDPR

8. Web Analytics (Matomo)

We use the web analytics tool Matomo.

Special features

  • Operation on own server
  • No disclosure to third parties
  • IP Address Anonymization (Truncating the last two bytes)

Purpose

  • Website Analysis and Improvement

Activation

Matomo is only activated if you consent to the „Statistics“ category in the consent banner.

Legal basis

  • Art. 6 Paragraph 1 letter a GDPR

9. Embedding Videos (Vimeo and YouTube)

We use external video services:

  • Vimeo Inc.
  • Google Ireland Ltd. (YouTube)

How it works

Videos will only be loaded once you give your consent.

When loading, data (e.g., IP address) may be transmitted to the providers.

Legal basis

  • Art. 6 Paragraph 1 letter a GDPR

10. Newsletter (Mailchimp)

For sending our newsletter, we use Mailchimp (Intuit Inc., USA).

Processed Data

  • Email address
  • if necessary name

Purpose

  • Sending information and newsletters

Legal basis

  • Art. 6 Paragraph 1 letter a GDPR

Third-country transfer

The data will be transferred to the USA. To ensure an appropriate level of data protection, standard contractual clauses pursuant to Art. 46 GDPR will be used.

11. Contact Forms and Reporting Channels

On our website, we offer various forms, in particular:

  • Contact Form
  • Sustainability Survey
  • Reporting System (Integrity)

Processed Data

  • Name
  • Email address
  • Subject of the Inquiry
  • IP Address (technically required)

The data will be forwarded by email to internal mailboxes for processing.

Purpose

  • Processing of requests
  • internal processing of reports

Legal basis

  • Art. 6 Paragraph 1 letter a GDPR
  • Art. 6 para. 1 lit. b GDPR

12. Innovation Platform

For our innovation platform, we use:

isn – innovation service network GmbH
Grabenstraße 231
8045 Graz, Austria

Processing

  • User Registration
  • User profile management
  • Content processing (e.g., ideas and comments)

Legal basis

  • Art. 6 para. 1 lit. b GDPR

A data processing agreement has been concluded.

13. Google Fonts

Google Fonts are hosted locally on our server. No personal data is transferred to Google.

14. Social Media

Our website contains links to:

  • LinkedIn
  • Instagram

No data is transferred to these providers when you visit our website. You only leave our website when you click on them.

15. Data Transfer

We only share personal data:

  • a processor in accordance with Art. 28 GDPR
  • in the event of a statutory obligation
  • to the extent this is necessary for the fulfillment of the contract

16. Storage Duration

We only store personal data for as long as is necessary for the respective purposes or as long as statutory retention periods exist.

17. Your Rights

You have the following rights:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to withdraw consent (Art. 7 GDPR)

18. Right to complain

You have the right to lodge a complaint with a data protection supervisory authority, particularly with the authority responsible for your place of residence.

19. Data Security

We implement technical and organizational measures to protect your data, in particular:

  • TLS/SSL Encryption
  • Access restrictions
  • Protection against unauthorized access

20. Timeliness

This privacy policy is currently valid and is dated June 2026.