SEFE Energy Website.
Our use of your data and your rights – Information in accordance with Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR)
This Data Protection Declaration applies to the collection, processing and use of your personal data when you use our website www.sefe-energy.eu.
The issue of data protection has a high priority at SEFE Energy GmbH (hereinafter referred to as “we” or “SEFE Energy”). We therefore want to let you know how we implement data protection at our company, as well as about the information we record whenever you visit our website, how it is used, and what rights you have. Please note that your personal data will be used exclusively for the purposes described below and will not be processed otherwise or elsewhere without a legal basis.
Data Privacy Statement (you can find the Data Privacy Statement here)
The Data Privacy Statement describes how and for what purpose SEFE Energy GmbH, Königstor 20, 34117 Kassel, Germany (hereinafter also referred to as “SEFE Energy” or “we”) processes personal data of its business partners and their employees.
You can find the Data Privacy Statement here.
I. General information
1. Controller
The controller responsible for processing your personal data is:
SEFE Energy GmbH
Königstor 20
34117 Kassel
Germany
2. Data Protection Officer
You can contact our Data Protection Officer at:/ our Data Protection team at:
SEFE Securing Energy for Europe GmbH, Data Protection Officer, Markgrafenstr. 23, 10117 Berlin;
E-Mail: datenschutz@sefe-energy.de
3. What data do we process and from what sources?
We process personal data you provide voluntarily or is gathered as part of use of our website.
You can find more information on this subject in Section II “Processing of personal data.”
4. For what purpose do we process your data and what is the legal basis for that?
We process your personal data in compliance with the relevant data protection regulations, in particular the General Data Protection Regulation (GDPR) and national data protection legislation (for Germany e.g. the German Data Protection Act BDSG) and the Telecommunications Telemedia Data Protection Act (TTDSG), for various purposes.
In principle, the purposes for which we process your data are: to perform contractual obligations (Article 6 paragraph 1 point (b) GDPR), to safeguard legitimate interests (Article 6 paragraph 1 point (f) GDPR), for processing subject to your prior consent (Article 6 paragraph 1 point (a) GDPR) and/or to comply with statutory obligations (Article 6 paragraph 1 point (c) GDPR).
You can find more information on this subject in Section II “Processing of personal data.”
5. Who obtains my data?
5.1 Web hosting by processor
Service providers used by us and acting on our behalf (so-called processors, please refer to Art. 4 No. 8 GDPR) may receive personal data. We use IT service providers as processors.
The web host of this website is Online Now! GmbH, Reichsstraße 100, 14052 Berlin, www.online-now.de (hereinafter "Online Now!").
The service provider stores this website on its servers (hosting). The provision of this website requires the commissioning of a web hosting service. The use of Online Now! takes place in accordance with Art. 6 (1) (f) GDPR due to our legitimate economic interest in making our offer available on this website.
In connection with the hosting, Online Now! processes personal data on our behalf, which is generated during the following actions of the user:
- when visiting our website
We have entered into a Data Processing Agreement with Online Now! Through this agreement, Online Now! ensures that they process the data in accordance with the General Data Protection Regulation and ensure the protection of the rights of the data subject.
5.2 Disclosure of data to third parties
We will only transfer your personal data to third parties if:
- you have given your explicit consent in accordance with Art. 6 (1)(a) GDPR
- it is necessary for the fulfilment of a contract with you in accordance with Art. 6 (1)(b) GDPR
- in the event that there is a legal obligation to pass on the data pursuant to Art. 6 (1)(c) GDPR.
If there is a legitimate interest pursuant to Art. 6 (1) f GDPR and in compliance with the statutory regulations, SEFE Energy may transfer personal data to affiliated companies within the meaning of Section 15 of the German Stock Corporation Act (AktG) within the European Economic Area to the extent permitted. The transfer is made in particular due to our legitimate interest in improving and coordinating our internal administration and for the use of shared data resources for jointly used infrastructures and services. Transfers are made to the following companies: SEFE Energy Holding GmbH and, if applicable, other SEFE Securing Energy for Europe GmbH Group companies.
You can find more information on this in Section II - Processing of personal data.
5.3Third country transfer
A transfer of personal data to a third country or an international organisation will only take place if we inform you of this and if the conditions of Art. 44 et seqq. GDPR are given.
A third country is defined as a country outside the European Economic Area (EEA) in which the GDPR is not directly applicable. A third country is deemed to be unsafe if the EU Commission has not issued an adequacy decision for this country in accordance with Art. 45 (1) GDPR, confirming that adequate protection for personal data exists in the country.
The USA is a so-called unsafe third country. This means, that the US does not offer a level of data protection comparable to that in the EU. The risks involved in transferring personal data to the US are as follows: There is a risk that US authorities may gain access to personal data on the basis of the PRISM and UPSTREAM surveillance programmes based on Section 702 of the FISA (Foreign Intelligence Surveillance Act), and on the basis of Executive Order 12333 or Presidential Police Directive 28. EU citizens have no effective means of redress against such access in the US or the EU.
We will inform you in this privacy policy when and how we transfer personal data to the USA or other unsafe third countries. We will only transfer your personal data if
- the recipient provides appropriate safeguards in accordance with Art. 46 GDPR for the protection of personal data,
- you have explicitly agreed to the transmission, after we have informed you of the risks, in accordance with Art. 49 (1)(a) GDPR,
- the transmission is necessary for the fulfilment of contractual obligations between you and us
- or another exception from Art. 49 GDPR applies.
Safeguards under Art. 46 GDPR can be so-called standard contractual clauses. In these standard contractual clauses, the recipient assures to protect the data sufficiently and thus to ensure a level of protection comparable to that provided by the GDPR.
6. Security
We use technical and organizational security measures to ensure that the personal data you supply us with is protected against accidental or deliberate manipulation, loss, destruction and/or access by unauthorized persons. Whenever we collect and process personal data, the information is transmitted in encrypted form to prevent misuse of this data by third parties. Our security measures are subject to continual further development in line with technical advances.
All data transmitted by you personally is encrypted using the generally accepted and secure standard TLS (Transport Layer Security). TLS is a secure and proven standard that can also be used for online banking. You can recognize a secure TLS connection by the s attached to the http (https://..) in the address bar of your browser or by the lock symbol at the bottom of your browser.
II. Processing of personal data
1. Cookies
We use cookies on various pages to make your visit to our website appealing and enable you to use certain functions. Cookies are small text files that are stored on your device. They can be sent to a page when it is accessed and thus allow identification of the user. Cookies help make Internet sites more user-friendly. Some of the cookies used are deleted when the browser session is over, i.e. when you close your browser. They are termed session cookies. Other cookies remain on your device and enable us to recognize your browser again the next time you visit the website. They are termed persistent cookies.
You can set your browser so that you are notified when cookies are placed and can decide whether to accept them on a case-by-case basis or to exclude acceptance of cookies for specific cases or in general. You can delete cookies that have already been placed. If you do not accept cookies, the features of our website may be restricted.
We process the following personal data and categories of data using cookies:
2. Automatic collection of access data/server log files
You can access our website without having to disclose any information about your identity. The browser used on your end device only automatically sends information to our website server (e.g. browser type and version, date and time of access) to enable the website to establish a connection. This also includes the IP address of your requesting end device. This is temporarily stored in a so-called log file, anonymised after 24 hours (by changing the last digit before the storage process to "0") and automatically deleted after 28 days at the latest:
The IP address is processed for technical and administrative purposes of connection establishment and stability, in order to ensure the security and functionality of our website and to be able to pursue any illegal attacks on it if necessary.
The legal basis for the processing of the IP address is Art. 6 (1)(f) GDPR. Our legitimate interest follows from the aforementioned security interest and the necessity of a trouble-free provision of our website.
We cannot draw any direct conclusions about your identity from the processing of the IP address and other information in the log file.
Only authorised agency personnel involved in server maintenance are authorised to access the data. Since there is no personal allocation, the data records are only kept in anonymous form for statistical evaluation by deleting the last character block of the IP address.
3. Google Marketing Platform
This website uses the Google Marketing Platform (e.g. Google Analytics, Google Tag Manager), web analytics services run by Google Ireland Limited, Gordon House, Barrow St, Dublin 4, Ireland (“Google”). Google Marketing Platform uses cookies, text files that are stored on your computer and enable analysis of how you use the website. The information on your use of this website generated by the cookie is usually transferred to a Google server in the USA and stored there.
However, if IP anonymization is activated on this website, your IP address will be abbreviated by Google beforehand within the Member States of the European Union or in other countries that are party to the Agreement on the European Economic Area. The complete IP address is sent to a Google server in the U.S. and truncated there only in exceptional cases. IP anonymization is enabled on this website.
On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activities and to provide other services for the website operator relating to website and Internet use.
In addition, we have signed an order processing contract with Google for the use of the Google marketing platform. Through this contract, Google warrants that it processes the data in accordance with the General Data Protection Regulation and that it safeguards the rights of the data subject.
You can also prevent storage of the cookies by making the appropriate setting in your browser software; however, we point out that if you do so, you might not be able to use all the functions of this website in full. You can also prevent recording of the data relating to your use of the website and generated by the cookie (including your IP address) by Google and processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
You can find more information on the terms of service for Google Analytics and data privacy at http://www.google.com/marketingplatform/terms/de.html and https://support.google.com/analytics/answer/6004245?hl=de.
Processing of personal data using Google Marketing Platform is based on Article 6 (1)(a) GDPR. The purpose of processing your data and our legitimate interests are to analyze use of our website.
4. YouTube
We use components (videos) of the company YouTube, LLC 901 Cherry Ave, 94066 San Bruno, CA, USA (hereinafter "YouTube"), a company of Google Ireland Limited, Gordon House, Barrow St, Dublin 4, Ireland (hereinafter "YouTube"), on our Internet pages.
We have integrated YouTube videos in our online offering. The videos are stored at www.youtube.com and can be played directly from our website. These videos are embedded in “extended data protection mode”, i.e. no data on you as the user will be transmitted to YouTube if you do not play the videos. The data specified in the following paragraph will only be transmitted when you play a video. We have no influence on the transmission of this data.
By playing the video, YouTube is informed that you have visited the relevant sub-page of our Internet site. Data is also collected and sent to YouTube by your browser. It includes your IP address, the date and time of the request, the amount of data transferred, the operating system and its interface, and the language and version of the browser software.
This is done irrespectively of whether YouTube offers a user account and you are logged into this account or you do not have a user account. If you are logged into Google, your data will be directly associated with your account. If you do not want YouTube to associate your actions with your profile, you must log out of your account before activating the button. YouTube stores your data as user profiles and uses it for the purposes of advertising, market research and/or designing its website to suit needs. Such an evaluation is conducted in particular (even for users who are not logged in) in order to provide advertising tailored to the user and to inform other users of the social network about your activities on our website. You must contact Google to exercise any rights, such as to object to creation of these user profiles.
You can find more information on the purpose and scope of the collection and processing of data by YouTube in the [Google Privacy Policy]. This policy also provides you with further information on your rights and the settings that you can use to protect your privacy. Google also processes your personal data in the U.S. and participates in the EU-U.S. Privacy Shield.
The processing of personal data by YouTube is based on Article 6 paragraph 1 point (f) GDPR, whereby our interest lies in the smooth integration of the videos and the resulting attractive design of our website.
5. fonts.com
Diese Website benutzt "fonts.com", einen Schriftarten-Dienst der Monotype Imaging Holdings Inc., 600 Unicorn Park Drive, Woburn, Massachusetts 01801 USA ("fonts.com").
Whenever this website is accessed, files from the “fonts.com” server are loaded to display the texts in a specific font. During this process your IP address may be transferred to a “fonts.com” server and stored as part of the usual server log. Responsibility for further processing of this information lies with “fonts.com”. Please refer to the Privacy Policy Statement (www.monotype.com/legal/privacy-policy) of “fonts.com” for the corresponding conditions and setting options.
Fonts.com is used in accordance with Article 6 paragraph 1 sentence 1 point (f) GDPR, whereby our interest lies in the correct presentation of the texts and thus the appealing design of our website.
6. Contacting us
Our Internet site may contain a form that you can use to contact us electronically. If there are several forms, they may serve several purposes, which you will be able to identify in each case. You may also contact us using the e-mail addresses or the telephone numbers provided. If you contact us using one of these channels, we collect the personal data you provide us with.
The personal data recorded comprises the master data you enter in the contact form if you use it (mandatory fields: form of address, name, address, email address; voluntary fields: title, company, telephone number and fax) and possibly further personal data you provide. If you contact us directly by e-mail, we record your e-mail address and, if applicable, any personal data from the e-mail’s text. We also save your number and contact details and provided necessary data, if you use the telephone numbers to call us.
If your contract request is addressed to a SEFE company other than SEFE Energy GmbH, we pass on your request to that SEFE company, which will then deal with it.
Data is processed on the basis of Article 6 paragraph 1 point (b), (c) and (f) GDPR. The purpose of processing your data and our legitimate interests are to provide customer care and support, as well as to be able to answer messages and mails sent to us.
7. Portal
Our website links to the SEFE Energy customer portal, this is a closed area where you can register and log-in. In this case, we will process you (username/e-mail and password) along with any technical data necessary to guarantee only authorized access to the portal.
Data is processed on the basis of Article 6 paragraph 1 point (b),/(c)/(f) GDPR. The purpose of processing your data and our legitimate interests are to provide access to the portal and allow a meaningful use of the portal.
8. Newsletter
Our customers can subscribe to a newsletter containing information on the most important developments in wholesale market prices.
We process your e-mail address and your status as a customer of SEFE Energy as part of administering your newsletter subscription.
Data is processed on the basis of Article 6 paragraph 1 point (a) and (f) GDPR. The purpose of processing your data and our legitimate interests are to provide customer care and support, as well as to conduct direct marketing, where permissible
9. Your application
If you are turning to us as an applicant, please take into account the more specific Data Privacy Statement for Applicants which you will find with the vacant positions.
10. Your rights
Every data subject has the right to access personal data and obtain information (Article 15 GDPR), the right to rectification of data (Article 16 GDPR), the right to erasure of data (Article 17 GDPR), the right to restriction of processing (Article 18 GDPR), and the right to data portability (Article 20 GDPR). You can get in touch with us under the contact data specified in Section I “General information”, No. 1 and No. 2, to exercise the aforementioned rights.
If you have given us consent to process your data, you can revoke it at any time without using a special form. Where possible, notice of revocation should be sent to us using the contact data specified in Section I “General information”, no. 1 or no. 2.
Under Article 77 paragraph 1 GDPR, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data concerning you infringes the law, in particular the General Data Protection Regulation (GDPR). In this case you have the right to turn to the supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement. Irrespective of your aforementioned rights please feel free to contact us directly regarding your concerns (for contact details see Section I “General information”, no. 1 and no. 2, of this Data Protection Declaration).
You also have a right to object to the processing of your data.
Information on your right to object to processing in accordance with Article 21 of the General Data Protection Regulation (GDPR) You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6 paragraph 1 point (f) GDPR (data processing based on a weighing of interests), including any profiling based on those provisions within the meaning of Article 4 No. 4 GDPR. If you object, we will no longer process the personal data concerning you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. Your objection can be submitted without using a special form and, where possible, should be sent using the contact data specified in Section I “General information”, No. 1 and No. 2, of this Data Protection Declaration. |