Data Privacy Notice

This data privacy notice informs you about how we handle your personal data and about your rights in accordance with the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). Energiequelle GmbH (hereinafter referred to as “we” or “us”) is the controller responsible for data processing.

Contents

I. General information

1. Contact
2. Legal bases
3. Duration of storage
4. Categories of recipients of data
5. Data transfer to third countries
6. Processing when exercising your rights
7. Your rights
8. Right to object
9. Data Protection Officer

II. Data processing on our website

1. Processing of server log files
2. Contact options and enquiries
3. Ordering the customer magazine
4. Applications
5. Cookies
6. Consent management tool
7. External media and third-party services

III. Data processing on our social media pages

1. Visiting a social media page
   a) Facebook and Instagram
   b) LinkedIn
2. Comments and direct messages

IV. Further data processing

1. Communication
2. Visitor management
3. Prize draw

I. General information
1.      Contact
If you have any questions or suggestions regarding this information or would like to contact us regarding the assertion of your rights, please send your request to

Energiequelle GmbH (hereinafter: EQ)

Address:
Hauptstraße 44, D-15806 Zossen OT Kallinchen, Germany
Telephone: +49 33769 871-0
Fax: +49 33769 871-105
e-mail: info@energiequelle.de
Website: www.energiequelle.de

2.     Legal bases
The term “personal data” under data protection law refers to all information relating to an identified or identifiable person. We process personal data in compliance with the relevant data protection regulations, in particular the GDPR and the BDSG. We only process data on the basis of legal permission. We only process personal data with your consent (Section 25 1 TTDSG or Article 6 (1)(a) GDPR), for the performance of a contract to which you are party or upon your request for the implementation of pre-contractual measures (Article 6 (1)(b) GDPR), to fulfil a legal obligation (Article 6 (1)(c) GDPR) or if the processing is necessary to protect our legitimate interests or the legitimate interests of a third party, unless your interests or fundamental rights and freedoms that require the protection of personal data outweigh this (Article 6 (1)(f) GDPR).

If you apply for an open position in our company, we also process your personal data to decide on the establishment of an employment relationship (Section 26 (1) p. 1 BDSG).

3.     Duration of storage
Unless otherwise stated in the following notices, we only store the data for as long as necessary to achieve the purpose of processing or to fulfil our contractual or legal obligations. Such statutory retention obligations may arise in particular from commercial or tax regulations. From the end of the calendar year in which the data was collected, we will retain such personal data contained in our accounting records for ten years and retain personal data contained in commercial letters and contracts for six years. In addition, we will retain data in connection with consents requiring proof as well as with complaints and claims for the duration of the statutory limitation periods. We will delete data stored for advertising purposes if you object to the processing for this purpose.

4.     Categories of recipients of data
We use processors for the processing of your data. Processing operations carried out by such processors include, for example, hosting, e-mail dispatch, maintenance and support of IT systems, customer and order management, order processing, accounting and billing, marketing measures or destruction of files and data carriers. A data processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller. Processors do not use the data for their own purposes, but carry out the data processing exclusively for the Controller and are contractually obliged to ensure suitable technical and organisational measures for data protection. In addition, we may transfer your personal data to bodies such as postal and delivery services, regular bank, tax consultancy/auditing company or the tax authorities. Further recipients may arise from the following notes.

5.     Data transfer to third countries
Our data processing operations may involve the transfer of certain personal data to third countries, i.e. countries where the GDPR is not applicable law. Such a transfer is permissible if the European Commission has determined that an adequate level of data protection is provided in such a third country. In the absence of such an adequacy decision by the European Commission, a transfer of personal data to a third country shall only take place if appropriate safeguards pursuant to Article 46 GDPR are in place or if one of the conditions of Article 49 GDPR is met.

Unless otherwise stated below, we use EU standard data protection clauses as appropriate safeguards for transfers of personal data to third countries. You have the option of receiving or viewing a copy of these EU standard data protection clauses. To do so, please contact the address provided under Contact.

If you consent to the transfer of personal data to third countries, the transfer takes place on the legal basis of Article 49 (1)(a) GDPR.

6.     Processing when exercising your rights
If you exercise your rights under Articles 15 to 22 GDPR, we will process the personal data provided for the purpose of us implementing those rights and to be able to provide proof of this. We will only process data stored for the purpose of providing information and preparing it for this purpose and for the purpose of data protection control and otherwise restrict processing in accordance with Article 18 GDPR.

These processing activities are based on the legal basis of Article 6 (1)(c) GDPR in conjunction with Articles 15 to 22 GDPR and Section 34 (2) BDSG.

7.     Your rights
As a data subject, you have the right to assert your data subject rights against us. In particular, you have the following rights:

• In accordance with Article 15 GDPR and Section 34 BDSG, you have the right to request information on whether and to what extent we process personal data about you or not.
• You have the right to obtain the rectification of your data in accordance with Article 16 GDPR.
• You have the right to obtain the erasure of your personal data in accordance with Article 17 GDPR and Section 35 BDSG.
• You have the right to obtain restriction of processing of your personal data in accordance with Article 18 GDPR.
• In accordance with Article 20 GDPR, you the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit those data to another controller.
• If you have given us separate consent to data processing, you can revoke this consent in accordance with Article 7(3) GDPR at any time. Such revocation shall not affect the lawfulness of the processing carried out on the basis of the consent until revocation.
• If you believe that the processing of personal data concerning you violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Article 77 GDPR.

8.     Right to object
In accordance with Article 21 (1) GDPR, you have the right to object to processing that is based on the legal basis of Article 6 (1)(e) or (f) GDPR for reasons arising from your particular situation. If we process personal data about you for the purpose of direct marketing, you may object to this processing in accordance with Article 21 (2) and (3) GDPR.

9.     Data Protection Officer
You can reach our data protection officer at the following contact details:

e-mail: datenschutzbeauftragter@energiequelle.de
Herting Oberbeck Datenschutz GmbH
Hallerstr. 76, 20146 Hamburg
https://www.datenschutzkanzlei.de   

II. Data processing on our website
When you use the website, we collect information that you provide yourself. In addition, during your visit to the website, certain information about your use of the website is automatically collected by us. Under data protection law, the IP address is also considered personal data. An IP address is assigned to each device connected to the Internet by the Internet provider so that it can send and receive data.

1.     Processing of server log files
For purely informative use of our website, general information is initially stored automatically (i.e. not via registration), which your browser transmits to our server. This includes as standard: Browser type/version, operating system used, page accessed, previously visited page (referrer URL), IP address, date and time of server request and HTTP status code.

Processing takes place in order to safeguard our legitimate interests and is based on the legal basis of Article 6(1)(f) GDPR. This processing is for the technical administration and security of the website. The stored data will be deleted after seven days unless there is a justified suspicion of unlawful use based on concrete indications and further examination and processing of the information is necessary for this reason. We are unable to identify you as a data subject based on the information stored. Articles 15 to 22 GDPR therefore do not apply pursuant to. Article 11(2) GDPR do not apply unless you provide additional information enabling you to be identified in order to exercise your rights under these articles.

2.     Contact options and enquiries
Our website contains contact forms through which you can send us messages. The transfer of your data is encrypted. All data fields marked as mandatory are required to process your request. Failure to provide it will result in us not being able to process your request. The provision of further data is voluntary. Alternatively, you can also send us a message via the contact e-mail. We process the data for the purpose of responding to your request.

If your request is directed towards the conclusion or performance of a contract with us, Article 6 (1)(b) GDPR is the legal basis for the data processing. Otherwise, we process the data on the basis of our legitimate interest in contacting enquiring parties. The legal basis for the data processing is Article 6 (1)(f) GDPR.

3.      Ordering the customer magazine
Our website provides the option of subscribing to our free customer magazine. When subscribing, the data from the input screen will be transferred to us so that we can send you the customer magazine. Your data will be processed by external service providers, who have been carefully selected and commissioned. The service providers are bound to our instructions under data processing agreements pursuant to Article 28 GDPR to keep your data confidential, and they are regularly audited. Your personal data will be stored for as long as you are subscribed to the customer magazine. This data is generally not passed on to third parties and is only used to send the customer magazine.

In order to send the electronic customer magazine, we will process the e-mail address provided, and where it is sent by post, your first and last name, street and house number, as well as the post code and city. The legal basis for the processing is Article 6 (1)(b) GDPR. You can unsubscribe from the customer magazine at any time. Please send your unsubscribe request by post to the above address or by e-mail to presse@energiequelle.de. Once unsubscribed, the aforementioned data will be deleted from our mailing list within a reasonable processing period.

4.     Applications
You can apply via our website in the jobs section. For this purpose, we collect personal data from you, including in particular your name, CV, letter of application and other content provided by you. For the selection of our applications, we use the service provider Personio of Personio GmbH & Co. KG, which is solely bound by instructions to act on our behalf in accordance with the legal requirements for order processing.

Your personal application data will only be processed for purposes related to your interest in current or future employment with us and the processing of your application. Your application will only be processed and noted by the relevant contact persons at our company.

All employees entrusted with data processing are obliged to maintain the confidentiality of your data. If we are unable to offer you employment, we will retain the data you submit for up to six months after the end of the application process for the purpose of answering questions relating to your application and rejection. This does not apply if legal provisions prevent deletion, if further storage is necessary for the purpose of providing evidence or if you have expressly consented to longer a storage period.

The legal basis for data collection is Section 26 (1) p. 1 BDSG.

If we store your applicant data for a period of six months and you have expressly consented to this, we would like to point out to you that this consent can be withdrawn at any time in accordance with Article 7 (3) GDPR is freely revocable. Such revocation shall not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

5.     Cookies
We use cookies and similar technologies (“cookies”) on our website. Cookies are small data sets that are stored by your browser when you visit a website. This identifies the browser used and can be recognised by web servers. Your browser gives you full control over the use of cookies. You can delete the cookies in the security settings of your browser at any time. You can object to the use of cookies through your browser settings in principle or for specific cases.

The use of cookies is partly technically necessary for the operation of our website and is therefore permissible without the consent of the user. We may also use cookies to provide specific features and content and for analysis and marketing purposes. These may also include third-party cookies. We only use cookies that are not technically necessary with your consent in accordance with Section 25 (1) TTDSG and, if applicable, Article 6 (1)(a) GDPR. Information on the purposes, providers, technologies used, stored data and the storage duration of individual cookies can be found in the cookie settings of our Consent Management Tool.

Cookie settings
Open data protection settings

6.      Consent management tool

This website uses the consent management tool Borlabs to control cookies and the processing of personal data.

The consent banner enables users of our website to give their consent to certain data processing procedures or to withdraw their consent. By confirming the “I accept” button or by saving individual cookie settings, you agree to the use of the associated cookies.
The legal basis under data protection law is your consent within the meaning of Article 6 (1)(a) GDPR.

In addition, the banner helps us to be able to provide evidence of the declaration of consent. To this end, we process information about the declaration of consent and other log data relating to this declaration. Cookies are also used to collect this data. The processing of this data is necessary in order to be able to prove that consent has been given. The legal basis results from our legal obligation to document your consent (Article 6 (1)(c) in conjunction with Article 7(1) GDPR).

You can revoke your consent for cookies here:
Cookie settings
Open data protection settings

7.    External media and third-party services
This website may include third party content, such as videos, map material, RSS feeds or graphics from other websites. This always assumes that the providers of this content (hereinafter referred to as “third party providers”) know the IP address of the user in order to display the content on the browser of that user. We strive to use only content from providers who use the IP address solely for the purposes of delivering the content. However, we have no control over whether the third party provider saves the IP address, such as for statistical purposes. Where we are aware of this, we shall inform users.

 YouTube

We use the YouTube service of Google Ireland Limited (Ireland, EU) on our website to integrate videos. For such an integration, processing of your IP address is technically necessary so that the content can be sent to your browser. Your IP address will therefore be transmitted to Google and Google may set its own cookies. We use YouTube in “extended data protection mode” so that YouTube does not set cookies to analyse user behaviour.

Your data will be processed on the basis of your consent pursuant to Article 6 (1)(a) GDPR.

When using the service, the transfer of your data to the USA cannot be ruled out. Please note the information in the section “Data transfer to third countries”. Further information on data protection at Google can be found in Google’s privacy policy at https://www.google.com/policies/privacy.

Google Maps
We use Google Maps from Google Ireland Limited (Ireland, EU) on our website to display maps and for virtual tours. For such an integration, processing of your IP address is technically necessary so that the content can be sent to your browser. Your IP address will therefore be transmitted to Google and Google may set its own cookies.

Your data will be processed on the basis of your consent pursuant to Article 6 (1)(a) GDPR.

When using the service, the transfer of your data to the USA cannot be ruled out. Please observe the information in the section “Data transfer to third countries”. Further information on data protection at Google can be found in Google’s privacy policy at https://www.google.com/policies/privacy.

III. Data processing on our social media pages
We are represented on several social media platforms with a company page. In this way, we would like to offer further opportunities for information about our company and for exchange. Our company has company pages on the following social media platforms:

• Facebook
• Instagram
• LinkedIn

When you visit or interact with a profile on a social media platform, personal data about you may be processed. The information associated with a social media profile used also regularly constitutes personal data. This also includes messages and statements made using the profile. In addition, during your visit to a social media profile, certain information about this is often automatically collected, which can also constitute personal data.

1.     Visiting a social media page

a)     Facebook and Instagram

When you visit our Facebook or Instagram page, through which we present our company or individual products from our range, certain information about you is processed. The sole controller for this processing of personal data is Meta Platforms Ireland Limited (Ireland, EU – “Meta”). Further information on the processing of personal data by Meta can be found at https://www.facebook.com/privacy/explanation. Meta offers the option of objecting to certain data processing; notices and opt-out options can be found at https://www.facebook.com/settings?tab=ads.

Meta provides us with anonymised statistics and insights for our Facebook and Instagram page that help us gain insights into the types of actions people take on our page (known as “page insights”). These page insights are created on the basis of certain information about persons visiting our page. This personal data is processed by Facebook and us as joint controllers. The processing serves our legitimate interest in our analysis of the types of activities undertaken and to improve our page using this knowledge. The legal basis for the processing of this data is Article 6 (1)(f) GDPR.

We cannot associate the information obtained through page insights with individual user profiles that interact with our Facebook and Instagram page. We have entered into a joint controller agreement with Meta which sets out the allocation of data protection obligations between us and Meta. For details of the processing of personal data to produce page insights and the agreement entered into between us and Meta, please see https://www.facebook.com/legal/terms/information_about_page_insights_data. With regard to this data processing, you also have the option of asserting your data subject rights (see “Your rights”) against Meta. Further information can be found in Meta’s privacy policy at https://www.facebook.com/privacy/explanation.

Please note that according to the meta data protection regulations, user data is also processed in the USA or other third countries. Meta only transfers user data to countries for which there is an adequacy decision by the European Commission pursuant to Article 45 GDPR or on the basis of appropriate guarantees pursuant to Article 46 GDPR.

b)     LinkedIn

LinkedIn Ireland Unlimited Company (Ireland, EU – “LinkedIn”) is the sole controller for the processing of personal data when you visit our LinkedIn page. Further information on the processing of personal data by LinkedIn can be found at https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.

When you visit, follow or engage with our LinkedIn company page, LinkedIn processes personal data to provide us with anonymised statistics and insights. This provides us with insights into the types of actions people take on our site (known as page insights). For this purpose, LinkedIn processes in particular data that you have already provided to LinkedIn via the information in your profile, such as data on function, country, industry, seniority, company size and employment status. In addition, LinkedIn will process information about how you interact with our LinkedIn company page, e.g. whether you are a follower of our LinkedIn company page. With page insights, LinkedIn does not provide us with any personal data concerning you. We only have access to the summarised page insights. It is also not possible for us to identify individual members based on the information in the page insights. This processing of personal data in the context of page insights is carried out by LinkedIn and us as joint controllers. The processing serves our legitimate interest to evaluate the types of actions taken on our LinkedIn company page and to improve our company page based on these insights. The legal basis for the processing of this data is Article 6 (1)(f) GDPR.

We have entered into a joint controller agreement with LinkedIn which sets out the allocation of data protection obligations between us and LinkedIn. The agreement is available at: https://legal.linkedin.com/pages-joint-controller-addendum. The following then applies:

• LinkedIn and we have agreed that LinkedIn is responsible for enabling you to exercise your rights under the GDPR. You can contact LinkedIn online via the following link (https://www.linkedin.com/help/linkedin/ask/PPQ?lang=de) or reach LinkedIn via the contact details in the Data Privacy Policy. You can contact the Data Protection Officer at LinkedIn Ireland via the following link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO. You can also contact us at our contact details provided about exercising your rights in relation to the processing of personal data in the context of page insights. In such a case, we will forward your request to LinkedIn.

• LinkedIn and we have agreed that the Irish Data Protection Commission is the lead supervisory authority overseeing processing for page insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see dataprotection.ie) or any other supervisory authority.

Please note that in accordance with LinkedIn’s privacy policy, personal data may also be processed by LinkedIn in the USA or other third countries. LinkedIn only transfers personal data to countries for which an adequacy decision has been issued by the European Commission in accordance with Article 45 GDPR or on the basis of appropriate guarantees in accordance with Article 46 GDPR.

2.      Comments and direct messages
We also process information that you have provided to us via our company page on the respective social media platform. Such information may be the user name used, contact details or a message to us. These processing operations are carried out by us as the sole controller. We process this data on the basis of our legitimate interest in contacting enquiring parties. The legal basis for the processing is Article 6 (1)(f) GDPR. Further data processing may take place if you have consented (Article 6 (1)(a) GDPR) or if this is necessary for the fulfilment of a legal obligation (Article 6 (1)(c) GDPR).

IV. Further data processing

1.     Communication
If you send us a message by email, call us or we communicate by other means such as WhatsApp, we will process the data transmitted and your contact details for the purpose of answering your inquiry and communicating with you in accordance with our business relationship. We process this data on the basis of our legitimate interest in communicating with people and responding to their inquiries. The legal basis for data processing is initially Art. 6 para. 1 letter f GDPR.

2.     Visitor management
When you visit our premises (e.g. for a job interview), we collect certain data from you for access control purposes. This includes, in particular, your name, address and telephone number. We process this data on the basis of our legitimate interest in controlling access to our premises. The legal basis for data processing is therefore Art. 6 para. 1 letter f GDPR. We only process your data for as long as is necessary to achieve the stated purpose and regularly for no longer than two months.

3.     Prize draw
If you take part in a prize draw, we will process your personal data in order to carry out and process the competition. This includes in particular the selection of winners, notification of the prize and delivery of the prize. In the event that the delivery or provision of certain prizes takes place via another company (e.g. via a subsidiary or other cooperation partner), we will transfer the winner’s data to this company to the extent necessary. Once the prize draw has ended, we will delete the data, provided that there are no statutory retention obligations that prevent immediate deletion. The legal basis for the processing is Art. 6 para. 1 letter b GDPR.

Date: 18.09.2024