Data protection - TSO-DATA


Thank you very much for your interest in our company. Data protection is particularly important to the management of TSO-DATA GmbH. A use of the internet pages of the TSO-DATA GmbH is basically possible without any indication of personal data. However, if a person concerned wishes to make use of special services of our company via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the person concerned.

The processing of personal data, for example the name, address, e-mail address or telephone number of a person concerned, is always carried out in accordance with the Basic Data Protection Regulation and in accordance with the country-specific data protection regulations applicable to TSO-DATA GmbH. By means of this data protection declaration, our company wishes to inform the public about the type, scope and purpose of the personal data collected, used and processed by us. Furthermore, this data protection declaration will inform the persons concerned about their rights.

As the data controller, TSO-DATA GmbH has implemented numerous technical and organisational measures to ensure the most complete possible protection of the personal data processed via this website. Nevertheless, Internet-based data transmissions can in principle have security gaps, so that absolute protection cannot be guaranteed. For this reason, every person concerned is free to transmit personal data to us by alternative means, such as telephone.

With all service providers who process personal data on behalf of TSO-DATA GmbH, a so-called order processing contract pursuant to Art. 28 DSGVO has been concluded, which ensures that the data processing is carried out in a permissible manner. 


Definitions of terms

TSO-DATA GmbH's data protection declaration is based on the terms used by the European Directive and Ordinance Giver in the adoption of the General Data Protection Regulation (GDPR). Our data protection declaration should be easy to read and understand for the public as well as for our customers and business partners. In order to guarantee this, we would like to explain the terms used in advance.

We use the following terms in this privacy statement, among others:

a)    personal details

Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). A natural person shall be considered identifiable if he can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more specific characteristics expressing the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.

b)    person concerned

Data subject means any identified or identifiable natural person whose personal data are processed by the controller.

c)    Processing

Processing means any operation or set of operations which is carried out with or without the aid of automated processes and which relates to personal data, such as collection, recording, organisation, sorting, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or association, qualification, erasure or destruction.

d)    Restriction of processing

Limitation of processing is the marking of stored personal data with the aim of limiting their future processing.

e)    Profiling

Profiling is any automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the work performance, economic situation, health, personal preferences, interests, reliability, conduct, whereabouts or movement of that natural person.

f)     Pseudonymisation

Pseudonymisation means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the provision of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures ensuring that the personal data are not attributed to an identified or identifiable natural person.

g)    Person responsible or person responsible for the processing

The controller or data controller is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are laid down by Union law or by the law of the Member States, the controller or controllers may be designated in accordance with Union law or with the law of the Member States on the basis of specific criteria.

h)    Processors

Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

i)      Receivers

The recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not that person is a third party. However, authorities which may receive personal data in the course of a specific investigation task under Union law or the law of the Member States shall not be considered as recipients.

j)      Third party

Third party means any natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or processor.

k)    Consent

Consent shall mean any voluntary, informed and unambiguous expression by the data subject of his or her will in the particular case, in the form of a statement or other unequivocal confirmatory act, indicating that he or she consents to the processing of his or her personal data.


1. Name and address of the controller


Preußenweg 10

49076 Osnabrück


Tel.: +49 (541) 1395-0

E-Mail: info[at]tso[dot]dedatenschutz[at]tso[dot]de



2. Name and address of data protection officer:

Dr. rer. nat. Hans Daldrop
GINDAT GmbH Gesellschaft für IT-Normierung und Datenschutz
Wetterauer Str. 6
42897 Remscheid

Tel.: +49 (2191) 909 - 430
E-Mail: hans.daldrop[at]gindat[dot]dedatenschutz[at]tso[dot]de



3. Data processing via the website

Your visit to our website is logged. Initially, the following data that your browser transmits to us is recorded:

  • the IP address currently used by your PC or router
  • Date and time
  • browser type and version
  • the operating system of your PC
  • the pages you have viewed
  • name and size of the requested file(s)
  • as well as the URL of the referring website, if applicable. 

This data is only collected for the purposes of data security, to improve our website and for error analysis on the basis of Art. 6 Para. 1 f DSGVO. We reserve the right to use this data in the event of system abuse in order to determine the reasons and the trigger of the abuse, as well as to take legal action if necessary. In addition, the IP address of your computer is only evaluated anonymously (shortened by the last 3 digits).

You can visit our website without providing any personal information.

We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible. You should therefore send us confidential data by other means, e.g. by post.


The data controller processes the personal data of applicants for the purpose of handling the application procedure. The legal basis is Section 26 (1) sentence 1 BDSG. The processing may also take place electronically. This is the case, in particular, if an applicant submits relevant application documents to the controller by electronic means, for example by e-mail or via a web form located on the website. If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents will be deleted in compliance with the statutory provisions after the advertised job has been filled, provided that no other legitimate interests of the controller conflict with such deletion. Other legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG). For this purpose, the data will be stored for 6 months after the conclusion of the application procedure and subsequently deleted.

Applications can only be processed by us if they are sent to the e-mail address "" or submitted via our application portal. If you use a different e-mail address from our company, your application will unfortunately not be recognised by our systems and will therefore not be considered. Please bear in mind that an e-mail is not a secure medium. Should your application reach our e-mail server at the above-mentioned e-mail address, we will protect your application with high technical and organisational measures. On the way of your application to our house, through the public internet, we have no influence and cannot guarantee the level of protection of your application. If your sending e-mail server supports STARTTLS, our e-mail server will also use STARTTLS and thus ensure transport encryption.


Personal data (e.g. your name, address data or contact data) that you provide to us voluntarily, e.g. in the context of an enquiry or in any other way, will be stored by us and processed only for correspondence with you and only for the purpose for which you provided us with this data. The processing of this data is based on our legitimate interest in a prompt response to enquiries from interested parties on the basis of Art 6 Para. 1 lit. f. DSGVO.

Secure data transmission

To protect the security of your data during transmission, we use a state-of-the-art encryption procedure (SSL) via HTTPS.

Processing of data (customer and contract data)

We process personal data only insofar as they are necessary for the establishment, content or amendment of the legal relationship (inventory data). This is done on the basis of Art. 6 (1) lit. b DSGVO, which permits the processing of data for the fulfilment of a contract or pre-contractual measures. We only process personal data about the use of our Internet pages (usage data) insofar as this is necessary to enable the user to use the service or to bill the user. The collected customer data is deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected.


4. Recipients of personal data

We may use service providers by way of commissioned data processing to carry out and handle processing operations.

Specifically, we have engaged service providers for sending the newsletter, for our applicant portal and for hosting our website.

The contractual relationships with our service providers are regulated in accordance with the provisions of Art. 28 DSGVO, which contain the legally required points on data protection and data security.

Data transfer to third countries

Without your consent or contractual necessity, data will only be transferred outside the European Union (EU) and the European Economic Area (EEA) to countries with an adequate level of data protection or on the basis of suitable guarantees. These can be of a legal, technical or organisational nature.


5. etracker

Our website uses the etracker analysis service. The provider is etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Germany. Usage profiles can be created from the data under a pseudonym. Cookies can be used for this purpose. Cookies are small text files that are stored locally in the cache of your internet browser. The cookies enable your browser to be recognised again. The data collected using etracker technologies is not used to personally identify visitors to our website without the separately granted consent of the person concerned and is not merged with personal data about the bearer of the pseudonym. etracker cookies remain on your end device until you delete them. The storage of etracker cookies is based on your consent in accordance with Art. 6 Para. 1 lit. a DSGVO. You can object to the collection and storage of data at any time with effect for the future. To object to the collection and storage of your visitor data in the future, you can obtain an opt-out cookie from etracker using the following link. This will ensure that no visitor data from your browser is collected and stored by etracker in the future:

This will set an opt-out cookie called "cntcookie" from etracker. Please do not delete this cookie as long as you wish to maintain your objection. You can find more information in the etracker privacy policy:

We have concluded an order data processing contract with etracker and fully implement the strict requirements of the German data protection authorities when using etracker.


6. Adope Typekit

This site uses so-called web fonts for the uniform display of fonts, which are provided by Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly. For this purpose, the browser you are using must connect to Adobe's servers. This informs Adobe that our website has been accessed via your IP address. Adobe Web Fonts are used in the interest of a uniform and appealing presentation of our online offers. If your browser does not support web fonts, a standard font is used by your computer. You can find more information about Adobe Typekit at

The basis for data processing is your consent in accordance with Art. 6 Para. 1 lit. f DSGVO.


7. Google Tag Manager

The website uses the Google Tag Manager. Through this service, website tags can be managed via an interface. The Google Tag Manager only implements tags. The Google Tag Manager triggers other tags that may collect data. The Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, it remains in place for all tracking tags, insofar as these are implemented with the Google Tag Manager. More information on the Google Tag Manager can be found under the following link:

The basis for data processing is your consent pursuant to Art. 6 Para. 1 lit. a DSGVO.


8. Google Web Fonts

This site uses so-called web fonts provided by Google for the uniform display of fonts. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Tel: +353 1 543 1000, Fax: +353 1 686 5660, E-Mail: support-deutschland[at]google[dot]com . When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. For this purpose, the browser you are using must connect to Google's servers. This informs Google that our website has been accessed via your IP address. Google Web Fonts are used in the interest of a uniform and appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO. If your browser does not support web fonts, a standard font from your computer will be used. For more information on Google Web Fonts, please see Google's privacy policy:


9. YieldKit

The controller has integrated components of YieldKit on this website. YieldKit is a German affiliate network that offers affiliate marketing. Affiliate marketing is an Internet-based form of distribution that enables commercial operators of websites, so-called merchants or advertisers, to display advertisements, which are usually remunerated via click or sale commissions, on websites of third parties, i.e. distribution partners, who are also called affiliates or publishers. The merchant provides an advertising medium via the affiliate network, i.e. an advertising banner or other suitable means of Internet advertising, which is subsequently integrated by an affiliate on its own Internet pages or advertised via other channels, such as keyword advertising or e-mail marketing.

The operating company of YieldKit is YieldKit GmbH, Gänsemarkt 43, 20354 Hamburg.

YieldKit sets a cookie on the information technology system of the data subject. The YieldKit tracking cookie does not store any personal data. Only the identification number of the affiliate, i.e. the partner referring the potential customer, as well as the order number of the visitor to a website and the advertising material clicked on are stored. The purpose of storing this data is to process commission payments between a merchant and the affiliate, which are processed via the affiliate network, i.e. YieldKit.

The data subject can permanently object to the setting of cookies by our Cooke consent tool by means of an appropriate setting of the cookie consent tool used. Such a setting would also prevent YieldKit from setting a cookie on the information technology system of the data subject.

The applicable data protection provisions of YieldKit can be found at

The processing of your personal data is based on your consent in accordance with Art. 6 para. 1 lit. a DSGVO


10. Open Street Map

This site uses the open source mapping tool "OpenStreetMap" (OSM) via an API. The operator is the OpenStreetMap Foundation. To use the functions of OpenStreetMap, it is necessary to store your IP address. This information is usually transmitted to a server of OpenStreetMap and stored there. The provider of this site has no influence on this data transmission. The use of OpenStreetMap is in the interest of an appealing presentation of our online offers and an easy location of the places indicated by us on the website. More information on the handling of user data can be found on the OpenStreetMap data protection page and here

Your personal data is processed on the basis of your consent in accordance with Art. 6 (1) a DSGVO.


11. Adwords und Google Conversion Tracking

This website uses Google AdWords. AdWords is an online advertising programme of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Tel: +353 1 543 1000, Fax: +353 1 686 5660, E-Mail: support-deutschland[at]google[dot]com . Within the framework of Google AdWords, we use so-called conversion tracking. When you click on an ad placed by Google, a cookie is set for conversion tracking. Cookies are small text files that the internet browser stores on the user's computer. These cookies lose their validity after 30 days and are not used to personally identify the user. If the user visits certain pages of this website and the cookie has not yet expired, Google and we will be able to recognise that the user clicked on the ad and was redirected to this page. Each Google AdWords customer receives a different cookie. The cookies cannot be tracked across AdWords customers' websites. The information obtained using the conversion cookie is used to create conversion statistics for AdWords customers who have opted in to conversion tracking. The customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users. If you do not wish to participate in the tracking, you can object to this use by easily deactivating the Google conversion tracking cookie via your internet browser under user settings. You will then not be included in the conversion tracking statistics. The storage of "conversion cookies" is based on your consent in accordance with Art. 6 para. 1 lit. a DSGVO. More information on Google AdWords and Google conversion tracking can be found in Google's privacy policy:

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.

You can change your settings at any time via the cookie settings (


12. Social media / Plugins


Our website uses plugins from the YouTube site operated by Google. The operator of the pages is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, telephone: +353 1 543 1000, fax: +353 1 686 5660, e-mail: support-deutschland[at]google[dot]com ("Google" or synonymously "YouTube"). We have integrated the service with a so-called two-click solution. A connection to Google's servers is only established when you click on the corresponding placeholder. When a video is called up via YouTube, a connection to the YouTube servers is established. In the process, the YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account. For more information on the handling of user data, please see Google's privacy policy at:

As a registered user of the YouTube platform, you can also control the extent to which your user behaviour may be recorded and used by Google via the YouTube platform's comprehensive advertising settings. YouTube is used in the interest of an appealing presentation of our online offers. The legal basis for this is your consent, which you give by clicking on the corresponding placeholder, in accordance with Art. 6 Para. 1 lit. a DSGVO.


13. Use of cookies

So-called cookies are used on our website. Cookies are small text files that are saved by your browser and stored on your computer. The use of cookies serves to make the internet offer more user-friendly. For example, it is possible to recognise the user for the duration of the session without having to constantly re-enter the user name and password. The cookies do not cause any damage to your computer and are deleted at the end of your session. The basis for data processing is Art. 6 para. 1 f DSGVO.

Some of the cookies we use are deleted immediately after you close your browser (so-called session cookies).

Other cookies remain on your terminal device and enable your browser to be recognised on your next visit (persistent cookies).

Data processing in connection with cookies that serve solely to establish the functionality of our online offer is based on our legitimate interest pursuant to Art. 6 (1) lit. f DSGVO.

In all other cases, we only use cookies with your consent. The legal basis is therefore Art. 6 para. 1 lit. a DSGVO. You can revoke your consent at any time by changing your cookie settings [].

If you do not wish cookies to be used, you can set your browser so that cookies are not accepted. Please note, however, that in this case you may not be able to use all the functions of our website.


14. Cookiefirst

Our website uses a cookie consent tool from the company Cookie Consent Tool of Digital Data Solutions B.V., Plantage Middenln 42a, 1018 DH Amsterdam "CookieFirst".

We use this service to store your cookie preferences. This data processing is carried out pursuant to Art. 6 (1) lit. f DSGVO on the basis of our legitimate interest in providing a cookie consent management service for website visitors. In this context, your browser may transmit personal data to Cookiefirst.

The data is deleted as soon as the purpose of its collection has been fulfilled.

For more information on the handling of the transmitted data, please refer to the Cookiefirst privacy policy.

You can prevent the collection and processing of your data by Cookiefirst by deactivating the execution of script code in your browser or installing a script blocker in your browser. In this case, you will be asked again for your decision for cookies every time you call up a page or sub-page.


15a. Leadinfo

We use the lead generation service provided by Leadinfo B.V., Rotterdam, The Netherlands, which recognizes visits of companies to our website based on IP-addresses and shows us related publicly available information, such as company names or addresses. In addition, Leadinfo places two first-party cookies for providing transparency on how our visitors use our website and the tool processes domains from provided form inputs (e.g. “”) to correlate IP addresses with companies and to enhance its services. For additional information, please visit On this page: you have an opt-out option. In the event of an opt-out, your data will no longer be used by Leadinfo.


15b. Use of SalesViewer® technology

This website uses SalesViewer® technology from SalesViewer® GmbH on the basis of the website operator’s legitimate interests (Section 6 paragraph 1 lit.f GDPR) in order to collect and save data on marketing, market research and optimisation purposes.In order to do this, a javascript based code, which serves to capture company-related data and according website usage. The data captured using this technology are encrypted in a non-retrievable one-way function (so-called hashing). The data is immediately pseudonymised and is not used to identify website visitors personally. The data stored by Salesviewer will be deleted as soon as they are no longer required for their intended purpose and there are no legal obligations to retain them. The data recording and storage can be repealed at any time with immediate effect for the future, by clicking on in order to prevent SalesViewer® from recording your data. In this case, an opt-out cookie for this website is saved on your device. If you delete the cookies in the browser, you will need to click on this link again.


16. Your rights

Pursuant to Articles 15-21 of the GDPR, you may exercise the following rights in relation to the personal data we process, provided the conditions described therein are met.

You may request information pursuant to Article 15 of the GDPR about your personal data processed by us.

If inaccurate personal data is processed, you have a right to rectification pursuant to Art. 16 DS-GVO.

If the legal requirements are met, you may request the deletion or restriction of processing (Art. 17, 18 DSGVO).

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Right of objection pursuant to Art. 21 DSGVO

The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her which is carried out on the basis of Article 6(1)(e) or (f) of the GDPR; this shall also apply to any profiling based on those provisions.


17. Standard periods for the deletion of data

If there is no statutory retention requirement, the data is deleted or destroyed when it is no longer required to achieve the purpose of the data processing. Different periods of time apply to the storage of personal data: data relevant to tax law is generally stored for 10 years, other data according to commercial law regulations is generally stored for 6 years. Finally, the storage period can also be based on the statutory limitation periods, which, for example, according to §§ 195 ff. of the German Civil Code (BGB), can generally be three years, but in certain cases can also be up to thirty years.


18. Right to complain to a supervisory authority

Pursuant to Article 77 of the GDPR, every data subject has the right to lodge a complaint with a supervisory authority if he or she is of the opinion that the processing of personal data concerning him or her violates the GDPR. The competent supervisory authority for data protection issues is the State Data Protection Commissioner of the federal state in which our company is based.

Der Landesbeauftragte für den Datenschutz Niedersachsen

Postfach 221, 30002 Hannover

Prinzenstraße 5

30159 Hannover

Telefon: 0511 120-4500

Telefax: 0511 120-4599


19. Disclaimer

Liability for contents

As a service provider, we are responsible for our own content on these pages in accordance with general laws (pursuant to § 7 Para.1 TMG). However, as a service provider, we are not obliged to monitor transmitted or stored third-party information or to investigate circumstances that indicate illegal activity (§8 to §10 TMG). This does not affect obligations to remove or block the use of information in accordance with general laws. However, liability in this regard is only possible from the time of knowledge of a concrete infringement. If we become aware of corresponding infringements, we will remove this content immediately.

Liability for links

Our offer contains links to external websites of third parties, on whose contents we have no influence. Therefore, we cannot assume any liability for these external contents. The respective provider or operator of the pages is always responsible for the content of the linked pages. The linked pages were checked for possible legal violations at the time of linking. Illegal contents were not recognisable at the time of linking. However, permanent monitoring of the content of the linked pages is not reasonable without concrete indications of a legal violation. If we become aware of any infringements of the law, we will remove such links immediately.


This cookie policy was created and updated by the company