Data Protection Declaration
Data Protection Declaration
Information regarding the collection of personal data
In this declaration, we inform you about the collection of personal data when you use our website.
The entity responsible as defined in Art. 4, Section 7 of the EU General Data Protection Regulation (GDPR) is
Deutsche Energie-Agentur GmbH (dena)
Tel: +49 (0)30 66 777 – 0
Fax: +49 (0)30 66 777 – 699
Directors with authorisation to represent the company: Andreas Kuhlmann, Kristina Haverkamp
You can contact our company data protection officer at email@example.com or via our postal address, with the additional line: ‘z.H. betriebliche Datenschutzbeauftragte’ (‘For the company data protection officer’)
Definition of terms in accordance with Art. 4 GDPR
‘Personal data’ is all information that relates to an identified or identifiable natural entity (e.g. name, address, telephone number, date of birth, e-mail address or usage behaviour).
‘Processing’ means any operation or set of operations, with or without the aid of automated methods, in connection with personal data, such as the collection, recording, organisation, ordering, storage, adaptation or alteration, read-out, querying, usage, disclosure through transmission, distribution or other form of provision, comparison or linkage, restriction, deletion, or destruction.
The ‘controller’ is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Collection of personal data
The following personal data of visitors and users is regularly collected during use of our online offer and our services:
->Basic data (e.g. name, address)
->Contact data (e.g. e-mail, telephone number)
->Contract data (e.g. subject of contract, period of validity, payment history)
->Content data (e.g. text inputs, photographs, videos)
->Usage data (e.g. device information, IP addresses)
Purpose of processing and legal basis
We process your personal data for the following purposes:
Provision of an online offer (incl. functions and content)
When the website is used for purely informational purposes, i.e., when you do not register or transfer any other information to us, we collect the following data in order to display our website to you and to guarantee stability and security (the legal basis is Art. 6, Section 1, p. 1 lit. f GDPR):
->Date and time of the query
->Content of the request (specific page)
->Access status/HTTP status code
->Operating system and its interface
->Language and version of the browser software
The above data (or ‘log files’) is stored for a maximum of 30 weeks for security reasons and for the detection of faults. The log files are then deleted. If, however, the storage of this information is required for the purpose of providing evidence (e.g. during investigation into misuse or fraud), it is not deleted until the investigation of the respective incident has been concluded.
The provision of contractual performances
In order to fulfil the contract or implement pre-contractual measures, personal data such as basic data and contractual data is processed (legal basis, Art. 6 Section 1 lit b) GDPR).
If you contact us (e.g., by e-mail, telephone, contact form, or social media), your data will be processed in order to process the contact enquiry and its implementation (legal basis Art. 6, Section 1 lit b) GDPR).
If your enquiry is no longer necessary, we will delete it unless statutory storage periods apply. We check the necessity every 3 months. The statutory storage periods continue to apply.
You may assert the following rights with regard to the personal data of which you are the subject:
->The right to information
->The right to correction or erasure
->The right to restriction of processing
->The right to object to processing
->The right to data portability
You can also revoke your consent with effect for the future at any time.
You also have the right to submit a complaint to a data protection supervisory authority regarding the processing of your personal data by us.
Cooperation with order processors and third parties
Your personal data is only disclosed, transferred or otherwise provided for access to third parties on the basis of a statutory permission (e.g. for the fulfilment of contract, following your consent, on the basis of our justified interests or in cases of legal obligation).
If third parties are commissioned with the processing of data on the basis of an order processing contract, they may only process this personal data according to our instructions, in accordance with Art. 28 GDPR.
Thirdly country transfer
It is ensured that before forwarding personal data, either a suitable data protection level exists, or there is an agreement of so-called EU standard contractual clauses of the European Union between dena and the recipients, and/or sufficient approval has been provided by the data subject.
Erasure of data
Your data is only stored for as long as is necessary for the provision of our services and the online offer, and no other statutory period of retention applies. Data that is subject to a statutory retention period is blocked until the corresponding retention period expires. This data is no longer available for further use.
With your consent, you can subscribe to our newsletter, in which we inform you about our current offers. The goods and services purchased are listed in the declaration of consent.
For registration for our newsletter, we use the ‘double opt-in’ method. This means that after you register, we send you an e-mail to the e-mail address given by you, in which we request your confirmation that you wish to receive the newsletter. If you do not confirm your registration within 48 hours, your information will be blocked and automatically deleted. We additionally store your respective IP addresses used and the points in time of registration and confirmation. The purpose of the method is to provide evidence of your registration and if necessary, to be able to investigate possible misuse of personal data.
The only mandatory information for the dispatch of the newsletter is your e-mail address. The provision of other data, which is marked separately, is voluntary, and is used in order to address you in person. Following your confirmation, we store your e-mail address for the purpose of dispatching the newsletter. The legal bases are Art. 6, Section 1 p. 1 lit. a GDPR, Art. 7 GDPR in conjunction with § 7, Section 1, No. 3 of the German Fair Trade Practices Act (UWG).
You can revoke your consent to the dispatch of the newsletter at any time (via the de-registration link in the newsletter, or the contact data given in the data protection declaration) and unsubscribe from the newsletter.
We wish to inform you that when dispatching the newsletter, we evaluate your usage behaviour. For this evaluation, the dispatched e-mails contain so-called web beacons and/or tracking pixels, which represent single-pixel image files, which are stored on our website. For the evaluations, we link the data and web beacons named in [XYXY] to your e-mail address and an individual ID. [OPTIONAL: Links received in the newsletter also contain this ID.] [EITHER:] The data is only collected in pseudonymised form, the IDs are therefore not linked to your further personal data, and direct reference to an individual is precluded. [OR:] With the data obtained in this manner, we create a user profile in order to adapt the newsletter to your individual interests. Here, we record when you read our newsletter and which links you click on in the newsletter, and from this, draw conclusions regarding your personal interests. We then link this data to the activities conducted by you on our website.
You can object to this tracking at any time by clicking on the separate link provided in each e-mail, or by informing us by another means of contact. The information is stored for as long as you have subscribed to the newsletter. After de-registration, we store the data in a purely statistical and anonymous form.
Incorporation of services and content of third parties
On our website, services of third parties are used in order to include e.g. videos or fonts. This is done on the basis of Art. 6, Section 1 lit f) GDPR.
We use the ‘YouTube’ platform to embed videos:
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, represented by Sundar Pichai (Chief Executive Officer). Data Protection Declaration: https://policies.google.com/privacy?hl=de&gl=de
We link geographical maps provided by ‘Google Maps’, Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, represented by Sundar Pichai (Chief Executive Officer).
Data Protection Declaration: https://policies.google.com/privacy?hl=de&gl=de
We link fonts provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, represented by Sundar Pichai (Chief Executive Officer). Data Protection Declaration: https://policies.google.com/privacy?hl=de&gl=de
Linkage to third-party pages
Our website also contains links to third-party websites. These websites use the services of suppliers who are not connected to us. After you click on the link, we have no further influence on the collection, storage or processing of personal data transferred to third parties (e.g. IP address or the URL of the page on which the link is located).
Within our website, we use links to Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland).
Data Protection Declaration: https://de-de.facebook.com/privacy/explanation
Within our website, we use links to Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA) profiles. If the user is a member of Twitter, Twitter can assign the retrieval of the above contents and functions to its profiles of users.
Data Protection Declaration: https://twitter.com/de/privacy
Within our website, we use a link to Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany). If the user is a member of Xing, Xing can assign the retrieval of the above contents and functions to its profiles of users.
Xing data protection declaration: https://www.xing.com/app/share?op=data_protection
On the basis of our justified interest in accordance with Art. 6, Section 1 lit. f) GDPR (interest in improving our online offer), we use tools for analysing the use of our website.
For detailed information, see our cookie guideline (link).
Use of our online shop
If you wish to make an order in our online shop, it is necessary in order to complete the order that you enter your personal data, which we require in order to process your order. Mandatory entries required to process the orders are marked separately, while other information is provided voluntarily. The data entered by you is processed by us for the purpose of processing your order. For this purpose, we can forward your payment data to our bank. The legal basis for this is Art. 6, Section 1 p. 1 lit. b GDPR.
We can also process the data entered by you in order to inform you about other interesting products from our portfolio or send you e-mails with technical information.
Due to statutory trade and tax provisions, we are obliged to store your address, payment, and order data for a period of ten years. However, after [two years], we restrict processing, i.e., your data is used only to fulfil the statutory obligations.
In order to prevent unauthorised access to your personal data by third parties, in particular your financial data, the order process is encrypted using TLS technology.