Protection of privacy data

Protection of data privacy

We are pleased that you are visiting our website www.buergerenergie-gmbh.de (hereinafter "website" or "web site". This website is operated by Bürgerenergie GmbH (hereinafter "Bürgerenergie" or "we"). It offers you as a user (hereinafter "user" or "you") the opportunity to to inform about us and our services.

In the following we would like to inform you about the handling of your data in accordance with Article 13 Datenschutzgrundverordnung (DSGVO), if you are visiting our website or our company presence on LinkedIn by www.linkedin.com/company/buergerenergie-gmbh/ or get in contact with us. The following information also relates to the use of our offer with mobile devices, e.g. smartphones or tablets. If you have any questions regarding the use of your personal data by us, please contact us as the responsible point of contact (contact under point 1).

1. Responsible point of contact

Operator of this website and thus responsible for data processing on this website is:

Bürgerenergie GmbH

Christoph-Probst-Weg 21, 20251 Hamburg

Telephone: +49 (0) 4073430709

Email: Datenschutz@buergerenergie-gmbh.de

2. Revocation of your consent to data processing

Some data processing operations are only possible with your express consent. You can revoke any consent you have already given at any time with effect for the future. An informal message by e-mail to us is sufficient for this (contact under number 1). The legality of the data processing that took place up until the revocation remains unaffected by the revocation.

3. General information on data processing via our website

If you visit this website and/or contact Bürgerenergie, various personal data will be collected.

“Personal Information” is information that directly or indirectly identifies you (such as name, address, email address, telephone number, IP address).

The collection and processing of personal data only takes place insofar as this is permitted by a legal permit standard or you have consented to the respective use. As soon as the purpose of the data processing no longer applies, the data will be deleted, unless you have consented to further use or the deletion conflicts with statutory retention requirements. In detail, the following data processing operations are recorded:

4. Data collection when visiting our online offer

When you visit our website and each time a file is called up, our IT system records access data about this process in a log file. We or the web space provider collects this information in so-called server log files, which your browser automatically transmits to us. These are:

Browser type and browser version
operating system used
Referrer URL
Host name of the accessing display device, shortened
Time of server request
abbreviated IP address
amount of data transferred, access status (file transferred, file not found)

This data is collected automatically as soon as you enter our website. This data is not merged with other data sources.

The basis for data processing is Article 6 Paragraph 1 lit. f DSGVO. The temporary storage of this data is necessary in order to display the content of the website for the user. Therefore, the collection of this information is necessary for a presentation of our website. For this purpose, the IP address of the user must also be stored for the duration of the session. Storage in log files takes place to ensure the functionality of the website and to optimize it in order to improve our services. This is also intended to ensure the security of our IT systems. For these purposes, we have a legitimate interest in data processing in accordance with Article 6 Paragraph 1 lit. f DSGVO.

We collect the above data only for the period of use; once use has ended, the data will be deleted immediately, but no later than after seven days. Storage beyond this is possible if the IP addresses of the users are deleted or shortened so that it is not possible to assign the calling user.

We receive information via so-called cookies and web analysis services as soon as your web browser opens our pages. These identifiers support various service functions of our website and are automatically transmitted via your web browser to the hard drive of your computer or other mobile device. You can disable this function by making a corresponding setting in your browser. In this case, however, a personalized service is not possible. In these cases, your anonymised IP address may also be transferred to the USA. More information on the cookies and web analysis tools we use can be found below under the heading "Notes on the use of cookies and tools" (section 8).

5. Contact

If you contact us via our contact form, by post, e-mail or telephone and send us inquiries, your details, including the contact details you provided there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions.

For this purpose, the following data is transmitted to us and stored: e-mail address, name, address, telephone number if applicable and any information on personal data that you provide in the text of the request.

We process this data exclusively for the purpose of answering your request or to contact you and the associated technical administration. The legal basis for this processing is your consent in accordance with Article 6 Paragraph 1 lit. a DSGVO and Article 6 Paragraph 1 lit. b DSGVO, insofar as we use the aforementioned data to initiate, implement or terminate a contractual relationship with you. If in the case of contact by telephone, no consent to the data processing and storage should be seen in the call from the user, this is pursuant justified to Article 6 Paragraph 1 lit. f DSGVO. Otherwise the user's request cannot be processed.

The data you provide or communicate will only remain with us until it is no longer required to achieve the purpose of collection. This is the case when contact is made when the respective request has been processed and completed. Furthermore, we will delete the data beforehand if you request us to delete it or revoke your consent to storage. Mandatory legal provisions - in particular retention periods - remain unaffected.

You can revoke your consent to the processing of the data with effect for the future. An informal notification by post or e-mail to us is sufficient (contact number 1). We will then delete the data you have provided and will not process the request any further.

6. Data transfer to third parties

The personal data concerned will be treated confidentially by us and will not be passed on to third parties unless this is necessary for the provision of our website, for answering or processing an inquiry or you have consented to the data processing or we are legally obliged to do so.

We transmit your data as part of order processing in accordance with Art. 28 DSGVO to service providers who support us in operating our websites and the associated processes. Our service providers are strictly bound by our instructions and are contractually bound accordingly. We use the following service providers:

Strato AG, Otto-Ostrowski-Strasse 7, 10249 Berlin, Germany

wix.com Ltd., 40 Nemal St., 6350671 Tel Aviv, Israel

In order to process inquiries or contracts, we sometimes also work with external service providers who support us in whole or in part in the implementation of concluded contracts. Personal data is only transmitted to these service providers for the purpose of fulfilling contractual obligations.

This data transfer takes place on the basis of Article 6 Paragraph 1 lit. b DSGVO. Each service provider only receives the data that is necessary for the provision of the respective service. These service providers are obliged to treat your data confidentially.

7. Notes on the use of cookies and tools

We use cookies on our website. Cookies are small text files that can be stored and read on your end device. A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. Cookies can contain data that make it possible to recognize the device used. In some cases, however, cookies only contain information on certain settings that cannot be related to individuals.

We use session cookies on our website to make our website more user-friendly, effective and secure. Some elements of our website require that the accessing browser can be identified even after a page change.

Depending on the type, cookies are also divided into the following classes: necessary cookies, analysis & statistics and advertising & marketing. Necessary cookies enable you to use our online offer (so-called session cookies). If this cookie is switched off, you may not be able to use our website without restrictions.

We only use technically necessary cookies when you visit our website. No cookies are set by us or third parties to analyze user behavior or for advertising purposes.

The purpose of using the technically necessary cookies is to simplify the use of our website by the user. Some functions of the website cannot be offered without the use of cookies. For these it is necessary that the browser is recognized even after a page change. Some of the cookies are used to simplify the use of the website by saving settings (e.g. adopting language settings, remembering search terms, etc.). The user data collected by technically necessary cookies are not used to create user profiles. Processing takes place on the basis of Article 6 Paragraph 1 lit. f DSGVO and in the interest of optimizing or enabling user guidance and adapting the presentation of our website.

When you start using our website, you will be informed via a cookie banner or cookie consent tool about the cookies we have set and, if necessary, your consent to the setting of cookies will be obtained. Any consent given can be revoked at any time with effect for the future. You can set your browser so that you are informed about the placement of cookies. So the use of cookies becomes transparent for you. You can also delete cookies at any time using the appropriate browser settings and prevent the setting of new cookies in general or for specific cases and activate the automatic deletion of cookies when the browser is closed.

Please note that our website may then not be displayed optimally and some functions may no longer be technically available.

How to do this in detail can be found in the browser's help information. These can be found for the respective browsers under the following links:

Alternatively, you can contact the Digital Advertising Alliance at the Internet address www.aboutads.info to inform about the setting of cookies and make settings for this.

Overview of the cookies we use:

8. Integration of social media and professional networks

8.1 Social media appearances and use of social media icons

We do not use social plug-ins as active buttons on our website. We only refer to our offer in the following social networks:

Linkedin: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

To protect data protection, we only link to the offer in the social networks. As a result, no personal data is transmitted to the social networks simply by visiting our website. Only when you click on the link and thus call up our company website there is a connection to this third-party provider established via your web browser in a separate tab (tab). This third-party provider can thus track your visit to our site. If you are a member, you can share the content of our site with other members from your network by activating the button.

By participating in the LinkedIn network or by visiting or calling up our company website, your data can be processed outside the EU. This can result in risks because e.g. B. the enforcement of your rights can be more difficult.

When you access a social network, cookies are usually stored on your end device to record user behavior. If you have a user account on the respective network and are logged in there, your usage behavior can be saved for your user account. The social networks can analyze usage behavior and use it for market research and advertising purposes. This can lead to advertisements being displayed to you both inside and outside of social networks. We have no influence on this.

We have no influence on the data collected and stored about you by the social networks. We only receive anonymous evaluations of user data via our above-mentioned company website. If users interact with our company website and are logged in with a user account, we can also recognize the user profile and see the content of comments or postings on our website. This data processing is therefore carried out jointly with the respective provider of the social network, in this case LinkedIn.

For the evaluation of the data in connection with our company appearance, an additional agreement, the Joint Controller Addendum, became part of the LinkedIn Terms of Use (Article 26 DSGVO).

8.2 LinkedIn

We operate a company website at www.linkedin.com/company/buergerenergie-gmbh/, which we use to display photos and posts on community energy, provide information about our services and current events, publish job advertisements if necessary and communicate with users. When using and accessing our LinkedIn page, user data is also processed by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, based in Ireland, and LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA 94085, based in the USA (im hereinafter “LinkedIn”). Among other things, LinkedIn enables a system in which LinkedIn distributes advertising via its network.

We analyze the views and interactions on our LinkedIn page. For this purpose, LinkedIn creates usage profiles, but only provides us with anonymous data, so-called page analyses. This is aggregated data that gives us insight into how users interact with our LinkedIn page. The generated statistics are only transmitted to us in an anonymous form. We have no access to the underlying data. In relation to this analysis service, we process your personal data together with LinkedIn. For this reason, LinkedIn has added a joint controller addendum with regard to so-called page insights as part of the terms of use (Article 26 DSGVO). In this, LinkedIn has undertaken, among other things, to inform you about joint responsibility to inform you and to protect your rights as a data subject. For more information, see Linkedin's privacy policy https://www.linkedin.com/legal/privacy-policyand the Joint Controller Addendum https://legal.linkedin.com/pages-joint-controller-addendum. You can also assert your rights against us. However, LinkedIn can fulfill your rights more comprehensively because the data for use and evaluation is also stored there.

You can access our LinkedIn page regardless of whether you have a LinkedIn user account or not. We process your personal data when you interact with our LinkedIn page, e.g. B. leave a comment, click a Like button or send us a message. We do not pass on the data to other third parties. The terms of use of LinkedIn at: https://ch.linkedin.com/legal/user-agreement?trk=hb_ft_userag.

Depending on the type of activity, the legal basis for this data processing is your consent (Art. 6 Para. 1 lit. a DSGVO) or our legitimate interest (Art. 6 Para. 1 lit. f DSGVO) in customer-oriented marketing. LinkedIn users can revoke their consent to the publication of their comment or like at any time with effect for the future by deleting the comment or the content in question. A revocation does not affect the legality of the processing carried out on the basis of the consent up to the time of revocation.

LinkedIn offers the possibility to object to certain data processing; relevant information and opt-out options can be found at: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out?trk=microsites-frontend_legal_cookie-policy.

LinkedIn users can go to https://www.linkedin.com/psettings/advertising to influence the extent to which your usage behavior may be recorded when you visit our LinkedIn page.

Data processing via cookies used by LinkedIn can also be prevented by settings in the browser.

LinkedIn only transfers user data to countries for which the European Commission has issued an adequacy decision pursuant to Art. 45 GDPR or on the basis of suitable guarantees pursuant to Art. 46 DSGVO. The LinkedIn Corporation is certified under the EU-US Privacy Shield, but does not offer an adequate level of data protection (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active). The European Court of Justice has determined that the USA does not have a level of data protection comparable to that of the EU (EuGH, judgment of July 16, 2020 - C-311/18, Rn. 200, Facebook/Schrems II). If personal data is transferred there, there is a risk that surveillance authorities will be able to evaluate this data. There is currently no effective legal protection against this.

9. Data Security

In order to protect your data from unwanted access as comprehensively as possible, we take technical and organizational measures. We use an encryption process on our website. Your details are transmitted from your computer to our server and vice versa via the Internet using TLS encryption (Transport Layer Security). You can recognize this by the fact that the lock symbol is closed in the status bar of your browser and the address line changes from "http://" to "https://".

10. Your rights as a user

We are happy to inform you below about the rights that you as the data subject have with regard to the processing of your personal data.

10.1 right to information

You can request confirmation as to whether personal data concerning you is being processed by us. If such processing is available, you can request information about the following information:

Purposes of processing;
the recipients or categories of recipients to whom your personal data has been or will be disclosed;
if possible, the planned duration of the storage of the personal data concerning you or, if this is not possible, criteria for determining the storage duration;
the existence of other rights, see below;
all available information about the origin of the data if the personal data is not collected from you;
the existence of automated decision-making including profiling and, if necessary, further information on this.

You have the right to information about the appropriate guarantees according to Art. 46 DSGVO if your data is forwarded to a third country or an international organization.

10.2 Rightfor correction

You have the right to demand that we immediately correct any incorrect or incomplete personal data concerning you.

10.3 Right to erasure

You can request that we delete the personal data concerning you immediately. We are obliged to delete your personal data immediately if one of the following reasons applies:

Your personal data is no longer necessary for the purposes for which we collected it or processed it in any other way.
You revoke your consent and there is no other legal basis for processing.
You file an objection (see below) against the processing.
Your personal data has been processed unlawfully.
The deletion of your personal data is necessary for us to fulfill a legal obligation under Union law or the law of the member states.
We collected the personal data on the basis of a child's consent.

10.4 Right to Restrictionseffect of processing

You have the right to request us to restrict processing if one of the following conditions is met:

You contest the accuracy of the personal data. The processing of the data is unlawful and you reject the deletion of the personal data and instead request that the use of the personal data be restricted. We no longer need the personal data for the purposes of processing, but you need the data to assert, exercise or defend legal claims; or you have objected to the processing (see below) pending the verification whether our legitimate grounds override yours.

10.5 Right to information

If you have asserted the right to correction, deletion or restriction of processing against us, we are obliged to inform all recipients to whom your personal data has been disclosed of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort. You have the right to be informed about these recipients.

10.6 Right to data portability

You have the right to receive the personal data that you have provided to us in a structured, common and machine-readable format. You also have the right to transmit this data to another person responsible without hindrance from us, provided that

the processing is based on consent in accordance with Article 6 Paragraph 1 lit. a DSGVO or Article 9 Paragraph 2 lit. a DSGVO or
is based on a contract in accordance with Art. 6 Paragraph 1 lit. b DSGVO and the processing is carried out using automated procedures.

In exercising this right, you can request that we transmit the personal data concerning you directly to another person responsible, insofar as this is technically feasible. The freedoms and rights of other people must not be impaired by this. The right to data portability does not apply to processing of personal data that is required to perform a task that is in the public interest or in the exercise of official authority that has been assigned to the controller.

10.7 right of objection

If data is collected on the basis of Article 6 Paragraph 1 lit. f (data processing to protect legitimate interests), you have the right to object to the processing at any time for reasons that arise from your particular situation (Art. 21 DSGVO). We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.

10.8 Right of appeal to a supervisory authority

In the event of violations of data protection law, the person concerned has the right to lodge a complaint with the supervisory authority (Article 77 DSGVO). For a list of data protection officers seeand their contact details can be found at the following link:

https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

Status: January 2023