Thank you very much for your interest in our company. Data protection is particularly important to the management of TSO-DATA GmbH. A use of the internet pages of the TSO-DATA GmbH is basically possible without any indication of personal data. However, if a person concerned wishes to make use of special services of our company via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the person concerned.
The processing of personal data, for example the name, address, e-mail address or telephone number of a person concerned, is always carried out in accordance with the Basic Data Protection Regulation and in accordance with the country-specific data protection regulations applicable to TSO-DATA GmbH. By means of this data protection declaration, our company wishes to inform the public about the type, scope and purpose of the personal data collected, used and processed by us. Furthermore, this data protection declaration will inform the persons concerned about their rights.
As the data controller, TSO-DATA GmbH has implemented numerous technical and organisational measures to ensure the most complete possible protection of the personal data processed via this website. Nevertheless, Internet-based data transmissions can in principle have security gaps, so that absolute protection cannot be guaranteed. For this reason, every person concerned is free to transmit personal data to us by alternative means, such as telephone.
With all service providers who process personal data on behalf of TSO-DATA GmbH, a so-called order processing contract pursuant to Art. 28 DSGVO has been concluded, which ensures that the data processing is carried out in a permissible manner.
Definitions of terms
TSO-DATA GmbH's data protection declaration is based on the terms used by the European Directive and Ordinance Giver in the adoption of the General Data Protection Regulation (GDPR). Our data protection declaration should be easy to read and understand for the public as well as for our customers and business partners. In order to guarantee this, we would like to explain the terms used in advance.
We use the following terms in this privacy statement, among others:
a) personal details
Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). A natural person shall be considered identifiable if he can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more specific characteristics expressing the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
b) person concerned
Data subject means any identified or identifiable natural person whose personal data are processed by the controller.
Processing means any operation or set of operations which is carried out with or without the aid of automated processes and which relates to personal data, such as collection, recording, organisation, sorting, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or association, qualification, erasure or destruction.
d) Restriction of processing
Limitation of processing is the marking of stored personal data with the aim of limiting their future processing.
Profiling is any automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the work performance, economic situation, health, personal preferences, interests, reliability, conduct, whereabouts or movement of that natural person.
Pseudonymisation means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the provision of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures ensuring that the personal data are not attributed to an identified or identifiable natural person.
g) Person responsible or person responsible for the processing
The controller or data controller is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are laid down by Union law or by the law of the Member States, the controller or controllers may be designated in accordance with Union law or with the law of the Member States on the basis of specific criteria.
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
The recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not that person is a third party. However, authorities which may receive personal data in the course of a specific investigation task under Union law or the law of the Member States shall not be considered as recipients.
j) Third party
Third party means any natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or processor.
Consent shall mean any voluntary, informed and unambiguous expression by the data subject of his or her will in the particular case, in the form of a statement or other unequivocal confirmatory act, indicating that he or she consents to the processing of his or her personal data.
1. Name and address of the controller
Tel.: +49 (541) 1395-0
E-Mail: info[at]tso[dot]de, datenschutz[at]tso[dot]de
2. Name and address of data protection officer:
Dr. rer. nat. Hans Daldrop
GINDAT GmbH Gesellschaft für IT-Normierung und Datenschutz
Wetterauer Str. 6
Tel.: +49 (2191) 909 - 430
E-Mail: hans.daldrop[at]gindat[dot]de, datenschutz[at]tso[dot]de
3. Data processing via the website
Your visit to our website is logged. Initially, the following data that your browser transmits to us is recorded:
This data is only collected for the purposes of data security, to improve our website and for error analysis on the basis of Art. 6 Para. 1 f DSGVO. We reserve the right to use this data in the event of system abuse in order to determine the reasons and the trigger of the abuse, as well as to take legal action if necessary. In addition, the IP address of your computer is only evaluated anonymously (shortened by the last 3 digits).
You can visit our website without providing any personal information.
We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible. You should therefore send us confidential data by other means, e.g. by post.
The data controller processes the personal data of applicants for the purpose of handling the application procedure. The legal basis is Section 26 (1) sentence 1 BDSG. The processing may also take place electronically. This is the case, in particular, if an applicant submits relevant application documents to the controller by electronic means, for example by e-mail or via a web form located on the website. If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents will be deleted in compliance with the statutory provisions after the advertised job has been filled, provided that no other legitimate interests of the controller conflict with such deletion. Other legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG). For this purpose, the data will be stored for 6 months after the conclusion of the application procedure and subsequently deleted.
Applications can only be processed by us if they are sent to the e-mail address "firstname.lastname@example.org" or submitted via our application portal. If you use a different e-mail address from our company, your application will unfortunately not be recognised by our systems and will therefore not be considered. Please bear in mind that an e-mail is not a secure medium. Should your application reach our e-mail server at the above-mentioned e-mail address, we will protect your application with high technical and organisational measures. On the way of your application to our house, through the public internet, we have no influence and cannot guarantee the level of protection of your application. If your sending e-mail server supports STARTTLS, our e-mail server will also use STARTTLS and thus ensure transport encryption.
Personal data (e.g. your name, address data or contact data) that you provide to us voluntarily, e.g. in the context of an enquiry or in any other way, will be stored by us and processed only for correspondence with you and only for the purpose for which you provided us with this data. The processing of this data is based on our legitimate interest in a prompt response to enquiries from interested parties on the basis of Art 6 Para. 1 lit. f. DSGVO.
Secure data transmission
To protect the security of your data during transmission, we use a state-of-the-art encryption procedure (SSL) via HTTPS.
Processing of data (customer and contract data)
We process personal data only insofar as they are necessary for the establishment, content or amendment of the legal relationship (inventory data). This is done on the basis of Art. 6 (1) lit. b DSGVO, which permits the processing of data for the fulfilment of a contract or pre-contractual measures. We only process personal data about the use of our Internet pages (usage data) insofar as this is necessary to enable the user to use the service or to bill the user. The collected customer data is deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected.
4. Recipients of personal data
We may use service providers by way of commissioned data processing to carry out and handle processing operations.
Specifically, we have engaged service providers for sending the newsletter, for our applicant portal and for hosting our website.
The contractual relationships with our service providers are regulated in accordance with the provisions of Art. 28 DSGVO, which contain the legally required points on data protection and data security.
Data transfer to third countries
Without your consent or contractual necessity, data will only be transferred outside the European Union (EU) and the European Economic Area (EEA) to countries with an adequate level of data protection or on the basis of suitable guarantees. These can be of a legal, technical or organisational nature.
Our website uses the etracker analysis service. The provider is etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Germany. Usage profiles can be created from the data under a pseudonym. Cookies can be used for this purpose. Cookies are small text files that are stored locally in the cache of your internet browser. The cookies enable your browser to be recognised again. The data collected using etracker technologies is not used to personally identify visitors to our website without the separately granted consent of the person concerned and is not merged with personal data about the bearer of the pseudonym. etracker cookies remain on your end device until you delete them. The storage of etracker cookies is based on your consent in accordance with Art. 6 Para. 1 lit. a DSGVO. You can object to the collection and storage of data at any time with effect for the future. To object to the collection and storage of your visitor data in the future, you can obtain an opt-out cookie from etracker using the following link. This will ensure that no visitor data from your browser is collected and stored by etracker in the future:
We have concluded an order data processing contract with etracker and fully implement the strict requirements of the German data protection authorities when using etracker.
6. Adope Typekit
This site uses so-called web fonts for the uniform display of fonts, which are provided by Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly. For this purpose, the browser you are using must connect to Adobe's servers. This informs Adobe that our website has been accessed via your IP address. Adobe Web Fonts are used in the interest of a uniform and appealing presentation of our online offers. If your browser does not support web fonts, a standard font is used by your computer. You can find more information about Adobe Typekit at
The basis for data processing is your consent in accordance with Art. 6 Para. 1 lit. f DSGVO.
7. Google Tag Manager
The website uses the Google Tag Manager. Through this service, website tags can be managed via an interface. The Google Tag Manager only implements tags. The Google Tag Manager triggers other tags that may collect data. The Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, it remains in place for all tracking tags, insofar as these are implemented with the Google Tag Manager. More information on the Google Tag Manager can be found under the following link:
The basis for data processing is your consent pursuant to Art. 6 Para. 1 lit. a DSGVO.
8. Google Web Fonts
The controller has integrated components of YieldKit on this website. YieldKit is a German affiliate network that offers affiliate marketing. Affiliate marketing is an Internet-based form of distribution that enables commercial operators of websites, so-called merchants or advertisers, to display advertisements, which are usually remunerated via click or sale commissions, on websites of third parties, i.e. distribution partners, who are also called affiliates or publishers. The merchant provides an advertising medium via the affiliate network, i.e. an advertising banner or other suitable means of Internet advertising, which is subsequently integrated by an affiliate on its own Internet pages or advertised via other channels, such as keyword advertising or e-mail marketing.
The operating company of YieldKit is YieldKit GmbH, Gänsemarkt 43, 20354 Hamburg.
YieldKit sets a cookie on the information technology system of the data subject. The YieldKit tracking cookie does not store any personal data. Only the identification number of the affiliate, i.e. the partner referring the potential customer, as well as the order number of the visitor to a website and the advertising material clicked on are stored. The purpose of storing this data is to process commission payments between a merchant and the affiliate, which are processed via the affiliate network, i.e. YieldKit.
The data subject can permanently object to the setting of cookies by our Cooke consent tool by means of an appropriate setting of the cookie consent tool used. Such a setting would also prevent YieldKit from setting a cookie on the information technology system of the data subject.
The applicable data protection provisions of YieldKit can be found at https://www.yieldkit.com/privacy-policy.
The processing of your personal data is based on your consent in accordance with Art. 6 para. 1 lit. a DSGVO
10. Open Street Map
This site uses the open source mapping tool "OpenStreetMap" (OSM) via an API. The operator is the OpenStreetMap Foundation. To use the functions of OpenStreetMap, it is necessary to store your IP address. This information is usually transmitted to a server of OpenStreetMap and stored there. The provider of this site has no influence on this data transmission. The use of OpenStreetMap is in the interest of an appealing presentation of our online offers and an easy location of the places indicated by us on the website. More information on the handling of user data can be found on the OpenStreetMap data protection page and here http://wiki.openstreetmap.org/wiki/Legal_FAQ.
Your personal data is processed on the basis of your consent in accordance with Art. 6 (1) a DSGVO.
11. Adwords und Google Conversion Tracking
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.
You can change your settings at any time via the cookie settings (https://www.tso.de/datenschutz/#c27963).
12. Social media / Plugins
As a registered user of the YouTube platform, you can also control the extent to which your user behaviour may be recorded and used by Google via the YouTube platform's comprehensive advertising settings. YouTube is used in the interest of an appealing presentation of our online offers. The legal basis for this is your consent, which you give by clicking on the corresponding placeholder, in accordance with Art. 6 Para. 1 lit. a DSGVO.
Some of the cookies we use are deleted immediately after you close your browser (so-called session cookies).
Other cookies remain on your terminal device and enable your browser to be recognised on your next visit (persistent cookies).
Data processing in connection with cookies that serve solely to establish the functionality of our online offer is based on our legitimate interest pursuant to Art. 6 (1) lit. f DSGVO.
If you do not wish cookies to be used, you can set your browser so that cookies are not accepted. Please note, however, that in this case you may not be able to use all the functions of our website.
Our website uses a cookie consent tool from the company Cookie Consent Tool of Digital Data Solutions B.V., Plantage Middenln 42a, 1018 DH Amsterdam "CookieFirst".
We use this service to store your cookie preferences. This data processing is carried out pursuant to Art. 6 (1) lit. f DSGVO on the basis of our legitimate interest in providing a cookie consent management service for website visitors. In this context, your browser may transmit personal data to Cookiefirst.
The data is deleted as soon as the purpose of its collection has been fulfilled.
You can prevent the collection and processing of your data by Cookiefirst by deactivating the execution of script code in your browser or installing a script blocker in your browser. In this case, you will be asked again for your decision for cookies every time you call up a page or sub-page.
15. Microsoft Advertising
Microsoft Advertising collects data via UET that allows us to track target groups thanks to remarketing lists. For this purpose, a cookie is stored on the end device used when visiting our website. Microsoft Advertising can thus recognize that our website has been visited and play an ad when Microsoft Bing or Yahoo is used at a later time. The information is also used to create conversion statistics, i.e. to record how many users have reached our website after clicking on an advertisement. We thereby learn the total number of users who clicked on our ad and were redirected to our website. However, we do not receive any information that personally identifies users.
For more information about these processing activities, the technologies used, stored data and the storage period, please refer to the settings of our Consent Management Tool. Processing is only carried out with your consent in accordance with Section 15 (3) TMG or Article 6 (1) a DSGVO. You can revoke your consent via our Consent Management Tool.
You can also deactivate personalized advertising in at Microsoft at: https://about.ads.microsoft.com/de-de/ressourcen/richtlinien/personalisierte-anzeigen.
In the case of Microsoft services, a transfer of data to Microsoft Corp. in the USA cannot be ruled out. Please note the information in the section "Data transfer to third countries". For more information on data protection at Microsoft, please refer to the Microsoft data protection information at https://privacy.microsoft.com/de-de/privacystatement.
16. Your rights
Pursuant to Articles 15-21 of the GDPR, you may exercise the following rights in relation to the personal data we process, provided the conditions described therein are met.
You may request information pursuant to Article 15 of the GDPR about your personal data processed by us.
If inaccurate personal data is processed, you have a right to rectification pursuant to Art. 16 DS-GVO.
If the legal requirements are met, you may request the deletion or restriction of processing (Art. 17, 18 DSGVO).
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
Right of objection pursuant to Art. 21 DSGVO
The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her which is carried out on the basis of Article 6(1)(e) or (f) of the GDPR; this shall also apply to any profiling based on those provisions.
17. Standard periods for the deletion of data
If there is no statutory retention requirement, the data is deleted or destroyed when it is no longer required to achieve the purpose of the data processing. Different periods of time apply to the storage of personal data: data relevant to tax law is generally stored for 10 years, other data according to commercial law regulations is generally stored for 6 years. Finally, the storage period can also be based on the statutory limitation periods, which, for example, according to §§ 195 ff. of the German Civil Code (BGB), can generally be three years, but in certain cases can also be up to thirty years.
18. Right to complain to a supervisory authority
Pursuant to Article 77 of the GDPR, every data subject has the right to lodge a complaint with a supervisory authority if he or she is of the opinion that the processing of personal data concerning him or her violates the GDPR. The competent supervisory authority for data protection issues is the State Data Protection Commissioner of the federal state in which our company is based.
Der Landesbeauftragte für den Datenschutz Niedersachsen
Postfach 221, 30002 Hannover
Telefon: 0511 120-4500
Telefax: 0511 120-4599
Liability for contents
As a service provider, we are responsible for our own content on these pages in accordance with general laws (pursuant to § 7 Para.1 TMG). However, as a service provider, we are not obliged to monitor transmitted or stored third-party information or to investigate circumstances that indicate illegal activity (§8 to §10 TMG). This does not affect obligations to remove or block the use of information in accordance with general laws. However, liability in this regard is only possible from the time of knowledge of a concrete infringement. If we become aware of corresponding infringements, we will remove this content immediately.
Liability for links
Our offer contains links to external websites of third parties, on whose contents we have no influence. Therefore, we cannot assume any liability for these external contents. The respective provider or operator of the pages is always responsible for the content of the linked pages. The linked pages were checked for possible legal violations at the time of linking. Illegal contents were not recognisable at the time of linking. However, permanent monitoring of the content of the linked pages is not reasonable without concrete indications of a legal violation. If we become aware of any infringements of the law, we will remove such links immediately.