Data Protection Declaration
We protect your privacy.

The following data protection information informs you about the type and scope of the processing of your personal data. Personal data is information that can be directly or indirectly assigned to your person.

Data processing by the TRA can essentially be divided into the following categories:

• For the purpose of contract processing, all data required for the execution of a contract with TRA will be processed. The required data includes your name, address and e-mail address. This also includes the data that you voluntarily provide to us when opening the customer account or booking. If external service providers are also involved in the execution of the contract, your data will be passed on to them to the extent necessary in each case.
• When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, if applicable. Your name and telephone number) are stored by us in order to answer your questions. We delete the data arising in this context after the storage is no longer necessary or restrict the processing if there are legal storage obligations.
• When you visit the TRA's website/application, various information is exchanged between your device and our server. This may also include personal data. The information collected in this way is used, among other things, to optimize our website or to display advertising in the browser of your device.

In accordance with the requirements of the GDPR, you have various rights that you can assert against us. This includes, among other things, the right to object to selected data processing, in particular data processing for advertising purposes.

The deletion of your data takes place automatically after expiry of the commercial and tax retention obligations applicable to us. The legal basis for this further data processing is Article 6 (1) (c) GDPR and Article 6 (1) (f) GDPR.

If you have any questions about our data protection information, please feel free to contact our company data protection officer at any time. The contact details can be found below.

This data protection information applies to data processing by the

represented by the managing directors Marcus Dohm, Uwe Hensel, Andreas Ollhoff

You can contact TRA's company data protection officer at:

4.1 Accessing our website/applications

4.1.1 Log files

When you visit our website/applications, the browser used on your device automatically sends information to the server of our website/application and temporarily stores it in a so-called log file. We have no influence on this. The following information is collected without any action on your part and stored until it is automatically deleted:

• the IP address of the requesting Internet-enabled device,
• the date and time of the retrieval,
• the name and URL of the page accessed,
• the website/application from which the access was made (referrer URL),
• the amount of data transferred, loading time, as well as product and version information of the browser used in each case as well as the name of your access provider

The legal basis for the processing of the IP address is Article 6 (1) (f) GDPR. Our legitimate interest follows from the purposes of data collection listed below:

• Ensuring a smooth connection setup,
• Ensuring comfortable use of our website/application,
• Evaluation of system security and stability.

A direct conclusion about your identity is not possible on the basis of the information and will not be drawn by us.

The data will be stored and automatically deleted after the aforementioned purposes have been achieved. The standard deadlines for deletion are based on the criterion of necessity.

4.1.2 Cookies, Tracking

We use so-called cookies, tracking tools and targeting procedures for our website/application. Exactly which procedures are involved and how their data is used for this purpose is explained in detail below.

4.2 Establishment, execution and/or termination of a contract

4.2.1 Data processing upon conclusion of the contract

If you register with one of our websites/applications and conclude a contract with us, we process the data required for the conclusion, execution or termination of a contract with you. These include:

• First Name, Last Name
• Credentials
• Address for account
• E-mail address
• Billing and payment data
• If applicable, date of birth
• Telephone number, if applicable

The legal basis for this is Art. 6 (1) (b) GDPR, i.e. You provide us with the data on the basis of the respective contractual relationship (e.g. processing of a service contract) between you and us. We are also obliged to process your e-mail address in the event of a booking via our website/applications due to legal requirements in the German Civil Code (BGB) to send an electronic order confirmation (Art. 6 para. 1 letter c) DSGVO).

Insofar as we do not use your data for advertising purposes (see 4.3 below), we retain the information of the contractual relationship required by commercial and tax law for the periods specified by law. For this period, the data will be processed again solely in the event of an audit by the tax authorities.

4.2.2 Data processing after conclusion of the contract

After registering on our platform, you will have the opportunity to ask questions about learning content and leave comments. We will store this in connection with your customer account and the personal data contained therein. This is necessary in order to be able to correctly address the questions and answers to them.

4.3 Data processing for advertising purposes

4.3.1 Postal advertising

According to the GDPR, the processing of personal data for marketing purposes is based on Art. 6(1)(f) as a legitimate interest. We collect the following data for our own marketing purposes: first name, last name, postal address, e-mail address.

We are also entitled to store further personal data collected about you in compliance with the legal requirements for our own marketing purposes. The aim is to provide you with advertising based solely on your actual or perceived needs and not to bother you with useless advertising.

The stored data will not be transmitted to third parties. In addition, the person responsible pseudonymizes / anonymizes personal data collected about you for the purpose of using the pseudonymized / anonymized data for his own marketing purposes. The pseudonymized / anonymized data can also be used to advertise you individually online, whereby the advertising can be controlled by a service provider / agency. The legal basis for the use of personal data for marketing purposes is Art. 6 (1) (f) GDPR

4.3.2 Newsletter

On our website/applications, we offer you the opportunity to subscribe to our newsletters. In order to be sure that no mistakes have been made when entering the email address, we use the so-called double opt-in procedure (DOI procedure): After you have entered your email address in the registration field, we will send you a confirmation link to the address provided. Only when you click on this confirmation link will your email address be added to our mailing list for sending our newsletter. The legal basis for this data processing is Art. 6 (1) (a) GDPR. You can revoke your consent at any time with effect for the future by sending a message to datenschutz-akademie@de.tuv.com or using the unsubscribe option at the end of each newsletter.

4.3.3 Product recommendations by e-mail

As an existing customer of our platform, you will regularly receive product recommendations from us by e-mail. You will receive these product recommendations from us regardless of whether you have subscribed to a newsletter. In doing so, we use the e-mail address you provided during registration to advertise our own services that are similar to those you have purchased from us on the basis of a booking that has already been made. The legal basis for this data processing is Art. 6 (1) (f) GDPR. You can object to our product recommendations at any time with effect for the future by notifying datenschutz-akademie@de.tuv.com or at the end of each product recommendation e-mail, without incurring any costs other than the transmission costs according to the basic rates.

If you object, your data will be blocked for further advertising data processing. We would like to point out that in exceptional cases, advertising material may be sent temporarily even after receipt of your objection. This is technically due to the necessary lead time in the selection process and does not mean that we have not implemented your objection.

4.4 Online presence and website optimisation

4.4.1 Cookies – General Information

In order to make visiting our website attractive and to enable the use of certain functions, we use so-called cookies on various pages.

These are small text files that are stored on your device (laptop, tablet, smartphone, etc.). These cookies are used to make our website more user-friendly, effective and secure. Thanks to these files, it is possible, for example, to display information on the site that is specifically tailored to your interests. The sole purpose is therefore to adapt our offer to your customer wishes in the best possible way and to make surfing with us as comfortable as possible for you.

Cookies do not cause any damage to your device and do not contain any viruses, Trojans or other malware. Information is stored in the cookie, which results in each case in connection with the specific end device used. However, this does not mean that we are immediately aware of your identity.

Some of the cookies we use are deleted at the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your device and enable us to recognize your browser on your next visit (so-called long-term cookies).

You can set your browser so that you are informed about the setting of cookies and decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general. If cookies are not accepted, the functionality of our website may be restricted.

In Microsoft Edge:

1. In the "Settings and more" menu, select "Settings".
2. Click on the "Cookies and Website Permissions" entry.
3. Now you can make the security settings for cookies and stored data. Here you can set whether and which cookies should be accepted or rejected.

In Firefox:

1. In the "Tools" menu, select Settings.
2. Click on "Privacy & Security".
3. In the options, select the "Custom" item.
4. Now you can set whether cookies should be accepted, how long you want to keep these cookies and add exceptions to which websites you always or never want to allow cookies to use.

In Google Chrome:

1. Click on the Chrome menu in the browser's toolbar.
2. Now select "Settings".
3. Click on "Privacy and Security".
4. Under "Privacy and Security," click on "Cookies and other site data."
5. Under "Cookies" you can make the following settings for cookies:
   • Setting which cookies are blocked or allowed by default
   • Delete cookies and website data by default after closing the browser
   • Allow exceptions for cookies from specific websites or domains

Important note

It is only through the use of our cookies that you can fully use and experience some of the most interesting features in our webshop. For example, if you place a seminar in the shopping cart, our server reads the code from the cookie and remembers that the seminar belongs in your shopping cart. If you visit other websites after our webshop and then return to our site, your shopping cart is still filled. This service is only possible through the use of cookies!

We therefore recommend that you leave the receipt of cookies switched on.

If these cookies and/or the information contained therein are personal data, the legal basis for data processing is Art. 6 (1) (f) GDPR. Our interest in optimising our website is to be regarded as justified within the meaning of the aforementioned provision.

4.4.2 Cookiebot

Our website uses functions of the provider Cookiebot. Cookiebot is provided by Cybot A/S, Havnegade 39, 1058 Copenhagen, DK.

Among other things, Cookiebot provides us with the opportunity to provide you with a comprehensive cookie notice (also known as a cookie banner or cookie notice) and to get a good overview of our cookies (first-party and third-party cookies). In this way, we can inform you exactly and transparently about the use of cookies and the cookie notice presented is always up-to-date and data protection compliant.

The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Among other things, Cookiebot provides us with the opportunity to provide you with a comprehensive cookie notice (also known as a cookie banner or cookie notice) and to get a good overview of our cookies (first-party and third-party cookies). In this way, we can inform you exactly and transparently about the use of cookies and the cookie notice presented is always up-to-date and data protection compliant.

• Your IP address in anonymised form
• technical browser data
• Date and time of consent given
• the URL of our website
• personal, anonymous key in encrypted form
• Information about the cookies allowed as proof of consent

All data collected by Cybot for the Cookiebot will be transferred, stored and forwarded exclusively within the European Union. All user data for Cookiebot is automatically deleted 12 months after registration (cookie consent) or immediately after termination of the Cookiebot service.

4.4.3 Google Tag Manager

To provide third-party tools on our website, we use the Google Tag Manager from Google Inc. For the European region, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services used.

In order to make our website as good as possible for all visitors, we integrate the tracking tool Webtrekk, for example, using the Google Tag Manager (see 4.4.4). In order for this tracking to work, corresponding JavaScript code must be integrated into our website. In principle, it is technically possible to integrate each code section of individual third-party tools separately into our source code. However, this would be very maintenance-intensive, especially in the interaction of several scripts. That's why Google Tag Manager is used for obsolescence and optimization for this task.

The Tag Manager itself is a domain that does not set its own cookies and does not store any data, but acts as a kind of administrator of the implemented tags. Nevertheless, for technical reasons, the user's IP address is forcibly transmitted to Google when visiting a website. In addition, Google Tag Manager does not collect any data and does not send any data to third parties.

As part of the use of the Tag Manager, we allow Google to receive anonymized data from us. However, this is only data from our site regarding the use and use of the Tag Manager, not your personal data.

Data stored by Google is stored on Google's own servers. The servers are distributed worldwide, with most located in the United States. Under https://www.google.com/about/datacenters/inside/locations/?hl=de you can read exactly where Google's servers are located.

4.4.4 Webtrekk

We use the services of Webtrekk GmbH for web analysis. Webtrekk GmbH is a company based in Germany, Robert-Koch-Platz 4, 10115 Berlin, which collects, stores and analyzes usage data. It has been certified for data protection in the area of web controlling in Germany after its data processing has been checked for data protection compliance and data security. The legal basis for the use of Webtrekk is Art. 6 Para. 1 S. 1 Letter f) GDPR.

When you use our website, Webtrekk GmbH sets cookies. These enable the collection, storage and evaluation of usage data by Webtrekk GmbH. The collected usage data is anonymized by shortening the IP address. It is therefore not possible to draw any conclusions about you as a visitor to our website, even with Webtrekk. The abbreviated IP address is required solely for the purpose of session identification and geolocation (down to city level). Further information on data protection at Webtrekk can be found under https://www.webtrekk.com/privacy-notice.html.

In order to deactivate Webtrekk and exclude the collection of usage data, a cookie ("webTrekkOptOut") must be set. If this cookie is set, the usage data will not be collected.

You have the option of preventing the collection of statistical data by Webtrekk by clicking on this link.

A cookie is stored in your browser. As long as this is active in your browser, Webtrekk will not collect any usage-related data.

With the exception of the processing described above, we do not pass on your data to recipients based outside the European Union or the European Economic Area. The processing mentioned under 4.4.8 results in data being transmitted to the servers of the providers of tracking or targeting technologies commissioned by us. These servers are located in the United States. The data transfer takes place on the basis of so-called standard contractual clauses of the EU Commission.

6.1 Overview

In addition to the right to revoke the consent you have given us, you are entitled to the following further rights if the respective legal requirements are met:

1. the right to information about your personal data stored by us (Art. 15 GDPR), in particular you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the origin of your data, if it has not been collected directly from you;
2. the right to rectification of inaccurate data or completion of correct data (Art. 16 GDPR);
3. the right to deletion of your data stored by us (Art. 17 GDPR), insofar as no legal or contractual retention periods or other legal obligations or rights for further storage are to be complied with by us;
4. the right to restrict the processing of your data (Art. 18 GDPR), insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it; the person responsible no longer needs the data, but you need it to assert, exercise or defend legal claims or you have been informed in accordance with Art. 21 GDPR have lodged an objection to the processing;
5. the right to data portability pursuant to Art. 20 GDPR, i.e. the right to have selected data stored by us about you transferred in a common, machine-readable format, or to request that it be transferred to another person responsible;
6. the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.

Under the conditions of Art. 21 para. 1 GDPR, the data processing may be objected to for reasons arising from the particular situation of the data subject

Insofar as we base the processing of your personal data on the balancing of interests pursuant to Art. 6 (1) (f) GDPR, you may object to the processing. This is the case if, in particular, the processing is not necessary for the fulfilment of a contract with you, which is described by us in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done (e.g. a possible danger to life or health). In the event of your justified objection, we will examine the situation and either discontinue or adapt the data processing or point out to you our compelling reasons worthy of protection, on the basis of which we will continue the processing.

Of course, you can also object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us of your objection to advertising using the following contact details: TÜV Rheinland Akademie GmbH, Adressteam, Am Grauen Stein, 51105 Cologne or by e-mail to datenschutz-akademie@de.tuv.com.

If you have given your consent to the processing of your data, you can revoke it at any time. Such a revocation affects the permissibility of the processing of your personal data after you have given it to us.