Privacy Act Advisory of TÜV NORD Mobilität GmbH & Co. KG, Medical-Psychological Institute

We hereby inform you about how we process your personal data and your entitlements and rights in accordance with the data protection regulations.

Which data is generally processed and how it is used is essentially based on the services you have requested and/or we have mutually agreed upon.

1. Who is responsible for processing the data and who is my point of contact?

The responsible entity is:
TÜV NORD Mobilität GmbH & Co. KG Medical-Psychological Institute, Am TÜV, 30519 Hannover.

You may contact our Privacy Act Compliance Representative at:
TÜV NORD AG, Group Representative for Privacy Act Compliance, Am Technologiepark 1, 45307 Essen, privacy@tuev-nord.de 

 

http://www.tuev-nord.de

2. Which sources and data do you use in your capacity as a medical – psychological institute?

We process the personal data you have provided within the framework of our services requested. Relevant personal data includes (name, address and other contact data, date of birth, place of birth and citizenship), identification data (e.g. ID data) and authentication data (e.g. signature sample) as well as data from documents provided to us by the applicable driver licence office. In addition, this may include order data (e.g. payment authorisation), data regarding the fulfillment of our contractual obligations, documentation data (e.g. documented exam results), as well as other data comparable with the categories listed above. Furthermore, depending on the applicable order, data from other sources (e.g. lab-results, personal information provided on questionnaires, the exam discussions and test results, as well as medical reports) may be used.

 

http://www.tuev-nord.de

3. For what reasons are you processing our data (processing purpose) and on what legal basis?

We process personal data in accordance with the regulations of the basic General Data Protection Regulation (GDPR) and the Federal Data Protection Act (FDPA) for the services commissioned by you (e.g. medical-psychological expert statements, medical expert statements, abstinence receipts and similar documents).

4. To fulfill contractual obligations (Article 6 Section 1 lit. b GDPR)

Processing personal data (Article 4 no. 2 GDPR) is implemented to provide the pre-contractual measures or our contract(s) with you and to implement your request(s), such as evaluation exams and/or other potential services as well as, if required for the operation and administration of tasks provided by a medical-psychological service provider and for appointment changes.

The purposes of data processing is primarily based on the specific services (e.g. evaluation or abstinence receipt). Additional details may be derived from the applicable contract documents and/or our general terms and conditions.

5. Within the framework of balancing interests (Article 6 Section 1 lit. f GDPR)

To the extent required, we process your data beyond the actual contract fulfillment in an effort to maintain our, or third party interests. Examples:

  • Consultation of and data exchange with supervisory officials (e.g. BASt, accreditation officials of the countries);
  • Claiming legal entitlements and defense services for legal disputes;
  • Preventing and solving criminal acts;
  • Measures to safeguard domiciliary rights. 
6. Based on your consent (Article 6 Section 1 lit. a GDPR)

If you have granted you consent to process your personal data for specific purposes (e.g. forwarding the data within the TÜV NORD association or for business operation measures and/or developing services and products), the legality of processing your data is assumed based on your consent. The consent granted may be revoked at any time. This shall also apply for revoking consent declarations granted to us prior the applicability of the GDPR.

Please be advised that the revocation request shall apply exclusively for the future. Data processed prior to the revocation of consent shall not be affected.

7. Due to statutory directives (Article 6 Section 1 lit. c GDPR) or public interest (Article 6 Section 1 lit. e GDPR)

In addition, we as the TÜV NORD GROUP are subject to diverse statutory obligations, more specifically, statutory requirements as well as supervisory directives. Processing purposes include verification of identity and age, fraud prevention, fulfilling taxation control and registration obligations, as well as risk assessment and management.

8. Who will receive my information?

With regard to forwarding data to recipients other than the TÜV NORD Mobilität GmbH & Co. KG is to be taken into consideration that we are obligated to keep all customer-related facts and values of which we became aware (including occupational secrets) strictly confidential in accordance with our agreed upon general terms and conditions. We are only authorised to forward information regarding your person if mandated by law, if you have granted your consent, or if we are, or should become authorised to disclose information (waiver of confidentiality). Based on these requirements the recipients of personal data may include, e.g. public offices and institutions in the presence of a statutory or official obligation:

Other data recipients may be entities for which you have granted your consent and/or a confidentiality waiver for data transmission according to an agreement.

9. How long will my information be stored?

To the extent required, we process and store your personal data for the duration of our mutual business relationship, which, for example, may include potential pending contracts or processing a contract. In addition we are subject to diverse retention and documentation obligations, which, amongst others, are derived from the commercial code [Handelsgesetzbuch-HGB] and the fiscal code [Angabenordnung-AO]. The mandated terms range from two to ten years.

10. Will data be transmitted to a third country or an international organisation?

Transmitting the data to third countries (states outside of the perimeter of the European Economic Area– EEA) is not planned.

11. What are my data protection rights?

Each affected party has the right to obtain information pursuant to Article 15 GDPR, the right to correction pursuant to Article 16 GDPR, the right to deletion pursuant to Article 17 GDPR, the right to limited processing pursuant to Article 18 GDPR, as well as the right to request data transmission pursuant to Article 20 GDPR. The restrictions outlined in §§ 34 and 35 FDPA shall apply for the deletion and limitation rights. In addition, you have the right to file a complaint with a Privacy Act supervisory authority (Article 77 GDPR in connection with § 19 FDPA).

12. Are you obligated to provide data?

Within the framework of our business relationship we are only obligated to provide the personal data required for the reason, implementation and conclusion of the business relationship, or if we are obligated by law to collect this data. In absence of this data we would generally have to reject a contract execution or implementation, and/or are no longer able to fulfill an existing contract and must potentially terminate the contract.

13. To what extent is an automated decision-making process available on case-by-case basis?

We generally do not use automated decision-making processes for justifying and implementing a business relationship pursuant to Article 22 GDPR.

14. To what extent is my data used to create a profile?

The Medical-Psychological Institute of TÜV NORD Mobilität GmbH & Co. KG does not create a profile.

Information regarding your right to object pursuant to Article 21 General Data Protection Regulation (GDPR)

Responsible entity:
TÜV NORD Mobilität GmbH & Co. KG, Am TÜV 1, 30519 Hannover

Individual right to object

For reasons resulting from your personal situation, you have the right to object at any time to the processing of your personal data pursuant to Article 6 Section 1 letter f of the GDPR (data processing based in assessing an interest). If you object, your personal data will no longer be processed, unless we are able to provide mandatory protective reasons for processing the data that supersede your interests, rights and freedom or if processing is required to claim, execute or defend legal entitlements.