Data Protection Notice of TÜV NORD EnSys GmbH & Co. KG

Processing of your personal data and your privacy rights Information referred to in Article 13, 14 and 21 of GDPR

With this notice, we wish to inform you about processing of your personal data by TÜV NORD EnSys as well as about claims and rights you are entitled to under the data protection regulations.

The processing of specific data depends mainly on the services you have requested or contracted.

Name and contact details of those responsible:

Responsible office:
TÜV NORD EnSys GmbH & Co. KG
Große Bahnstraße 31
22552 Hamburg 

Our data protection officer:
Berthold Weghaus
Chief Officer Corporate Data Protection
Am Technologiepark 1
45307 Essen 

Legal basis of data processing:

We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act.

Purpose of the data collection:


We process personal data that we receive from you in the context of our business relationship. In addition, we process personal data we have permissibly received (e.g. for execution of orders and contracts or due to your given consent) from other third parties (such as credit agencies) to the extent necessary for the provision of our service.

Furthermore, these may include order data, data from the fulfillment of our contractual obligations, product data, documentation data, and other data comparable to the mentioned categories.

Performance of contractual obligations (Article 6 (1) (b) of GDPR)

The processing of personal data (Article 4 (2) of GDPR) is performed for provision of inspection, testing and certification services, assessment and consulting services, in par-ticular for the execution of our contracts or pre-contractual activities with you and the execution of your orders as well as all activities required for the operation and management of a technical inspection company.

For further details concerning the purpose of data processing, please see the respective contract documents as well as terms and conditions.

Balancing of interests (Article 6 (1) (f) of GDPR)

If necessary, we process your data beyond the actual fulfillment of the contract in order to secure our legitimate interests and those of third parties. For example:

– Consultation of and data exchange with au-thorities and accreditation bodies (e.g. BAST, DakkS) etc.


Obligation of data provision:

As part of our business relationship, you must provide the personal information necessary for establishment, conduct, and termination of a business relationship or infor-mation we are required to collect by law. Without this data, we will usually have to re-ject the conclusion of the contract or the execution of the order. Furthermore, we might be unable to complete an existing contract and to terminate it if necessary.

Data recipient or categories of data re-cipients:

The processor who receives your personal data (Article 28 of GDPR) is an IT company of TÜV NORD GROUP engaged by TÜV NORD EnSys.

With regard to the transfer of data to recipients outside of TÜV NORD EnSys, it must first be noted that by the terms and conditions agreed between our parties we are obliged to maintain confidentiality with regard to all customer-related facts and assessments of which we obtain knowledge (inter alia professional secrecy). We may only disclose information concerning our partners and customers if it is legally required, if they consented thereto, or if we are authorized to provide this information (release from confidentiality obligation). Under these conditions, recipients of personal data may include e.g.:

– Public authorities and institutions in case a relevant official authorization or order is available.

Transfers of personal data to third coun-tries or international organizations:

Transfers of personal data to third countries (countries outside the European Economic Area – EEA) may take place only if it is necessary for the execution of orders, if it is legally required, or if our partners and customers have given us their consent to do so.

Duration of storage of the personal data:

If necessary, we process and store personal data of our partners and customers for the duration of our business relationship, which includes, for example, the initiation and execution of a contract. It should be noted that our business relationship could be a continuing obligation, which may last several years.

Specific rights as data subject:

Each data subject has the right of access to information under Article 15 of GDPR, the right to rectification under Article 16 of GDPR, the right to erasure under Article 17 of GDPR, the right to restriction of processing under Article 18 of GDPR and the right to data portability under Article 20 of GDPR. Restrictions under Article 34 and 35 of Federal Data Protection Act apply to the right of access and the right to erasure. In addition, there is a right to lodge a complaint with a supervisory authority (Article 77 of GDPR in conjunction with Article 19 of Federal Data Protection Act):

Commissioner for Data Protection and Freedom of Information of the city of Hamburg
Prof. Dr. Johannes Caspar
Kurt-Schumacher-Allee 4
20097 Hamburg

Phone: 040 42854-4040
Fax: 040 4279-11811

Information on right to object under Arti-cle 21 (GDPR):

Individual right to object - The data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on of Article 6 (1) of GDPR (data processing based on a balancing of interests). This includes profiling based on those provisions within the meaning of Article 4 (4) of GDPR. If you object, we will no longer process your personal data, unless we can provide compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is necessary for establishment, exercise or defense of legal claims.

Chief Officer Corporate Data ProtectionTÜV NORD AG
Am Technologiepark 1
45307 Essen 

Status: September 2018