Menu

Data protection

Privacy policy

General information about the processing of your data

We are legally obliged to inform you about the processing of your personal data (hereinafter referred to as “data”) when you use our website. This data protection notice informs you about the details of the processing of your data and your legal rights in this regard. For terms such as “personal data” or “processing”, the legal definitions from Art. 4 GDPR are authoritative. We reserve the right to adapt the privacy policy with effect for the future, in particular in the event of further development of the website, the use of new technologies or changes to the legal basis or the corresponding case law. We recommend that you read the privacy policy from time to time and take a printout or copy for your records.

The privacy policy applies to all pages of https://kundenportal.e2m.energy and https://www.e2m.energy/de/. It does not extend to any linked websites or internet presences of other providers. Insofar as no differentiation is made below with regard to individual processing operations, the statements in this data protection information apply to both websites. Insofar as reference is made in this data protection information to the Telecommunications and Digital Services Privacy Protection Act (hereinafter: TDDDG), this applies accordingly to the national laws of other member states with which Art. 5 Para. 3 of the ePrivacy Directive (Directive 2002/58/EC) was implemented.

Responsible for the processing of personal data within the scope of this privacy policy is

Energy2market GmbH
Weißenfelser Str. 84
04229 Leipzig

Phone: +49 341 230 28
Fax: +49 341 230 28 499
E-mail: info@e2m.energy

If you have any questions about data protection with regard to our company or our website, you can contact our data protection officer:
SPIRIT LEGAL Rechtsanwaltsgesellschaft mbH
Lawyer and data protection officer
Peter Hense

Postal address:
Data Protection Officer
c/o Energy2market GmbH, Weißenfelser Str. 84, 04229 Leipzig

Contact via the encrypted online form:
Contact data protection officer

We have taken comprehensive technical and organizational precautions to protect your personal data from unauthorized access, misuse, loss and other external interference. To this end, we regularly review our security measures and adapt them to the state of the art.

Your rights

You have the following rights with regard to the personal data concerning you, which you can assert against us:

  • Right to information: You can request information in accordance with Art. 15 GDPR about your personal data that we process.
  • Right to rectification: If the information concerning you is not (or no longer) accurate, you can request rectification in accordance with Art. 16 GDPR. If your data is incomplete, you can request that it be completed.
  • Right to erasure: You can request the erasure of your personal data in accordance with Art. 17 GDPR.
  • Right to restriction of processing: In accordance with Art. 18 GDPR, you have the right to request that the processing of your personal data be restricted.
  • Right to object to processing: You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (e) or (f) of Article 6(1) GDPR pursuant to Article 21(1) GDPR. In this case, we will no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms. Further processing will also take place if the processing serves the assertion and exercise of or defense against legal claims (Art. 21 para. 1 GDPR). You also have the right to object at any time to the processing of your personal data for the purpose of direct marketing in accordance with Art. 21 para. 2 GDPR; this also applies to any profiling insofar as it is associated with such direct marketing. We draw your attention to the right to object in this privacy policy in connection with the respective processing.
  • Right to withdraw your consent: If you have given your consent for processing, you have the right to withdraw your consent in accordance with Art. 7 (3) GDPR.
  • Right to data portability: You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format (“data portability”) and the right to transmit this data to another controller if the requirements of Art. 20 para. 1 lit. a, b GDPR are met (Art. 20 GDPR).


You can assert your rights by sending a message to the contact details given in the “Controller” section or to the data protection officer appointed by us.

If you believe that the processing of your personal data violates data protection law, you also have the right under Art. 77 GDPR to lodge a complaint with a data protection supervisory authority of your choice. This also includes the data protection supervisory authority responsible for the controller:

Saxon Data Protection and Transparency Officer, P.O. Box 110132, 01330 Dresden or: Devrientstraße 5, 01067 Dresden, phone: 0351/85471-101, e-mail: post@sdtb.sachsen.de, https://www.saechsdsb.de/.

Use of our website / the customer portal

In principle, you can use our websites for purely informational purposes without disclosing your identity. When accessing the individual pages of the websites in this sense, only access data is transmitted to our web space provider so that the websites can be displayed to you. The following data is processed in the process:

  • Browser type / browser version,
  • operating system used,
  • Language and version of the browser software,
  • Date and time of access,
  • Host name of the accessing end device
  • IP address,
  • Content of the request (specific website),
  • Access status/HTTP status code,
  • Websites accessed via the website
  • Referrer URL (the previously visited website),
  • Message indicating whether the call was successful,
  • amount of data transferred,
  • Time zone difference to GMT,
  • SSL/TLS information,
  • Connection status.


The temporary processing of this data is necessary to technically enable the course of a website visit and the delivery of the respective website to your end device. The access data is not used to identify individual users and is not merged with other data sources. Further storage in log files takes place in order to ensure the functionality of the website and the security of the information technology systems. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interests lie in ensuring the functionality of the website and the integrity and security of the website. Storing access data in log files, in particular the IP address, for a longer period of time enables us to detect and prevent misuse. This includes, for example, the defense against requests that overload the service or any bot usage. The access data is deleted as soon as it is no longer required to achieve the purpose for which it was processed. In the case of the collection of data for the provision of the website, this is the case when you end your visit to the website. The log data is always stored directly and only accessible to administrators and is deleted after seven days at the latest. After that, it is only available indirectly via the reconstruction of backup tapes and is permanently deleted after a maximum of four weeks.

You can object to the processing. You have the right to object on grounds relating to your particular situation. You can send us your objection using the contact details provided in the “Controller” section.

You have the following rights with regard to the personal data concerning you, which you can assert against us:

  • Right to information: You can request information in accordance with Art. 15 GDPR about your personal data that we process.
  • Right to rectification: If the information concerning you is not (or no longer) accurate, you can request rectification in accordance with Art. 16 GDPR. If your data is incomplete, you can request that it be completed.
  • Right to erasure: You can request the erasure of your personal data in accordance with Art. 17 GDPR.
  • Right to restriction of processing: In accordance with Art. 18 GDPR, you have the right to request that the processing of your personal data be restricted.
  • Right to object to processing: You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (e) or (f) of Article 6(1) GDPR pursuant to Article 21(1) GDPR. In this case, we will no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms. Further processing will also take place if the processing serves the assertion and exercise of or defense against legal claims (Art. 21 para. 1 GDPR). You also have the right to object at any time to the processing of your personal data for the purpose of direct marketing in accordance with Art. 21 para. 2 GDPR; this also applies to any profiling insofar as it is associated with such direct marketing. We draw your attention to the right to object in this privacy policy in connection with the respective processing.
  • Right to withdraw your consent: If you have given your consent for processing, you have the right to withdraw your consent in accordance with Art. 7 (3) GDPR.
  • Right to data portability: You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format (“data portability”) and the right to transmit this data to another controller if the requirements of Art. 20 para. 1 lit. a, b GDPR are met (Art. 20 GDPR).

You can assert your rights by sending a message to the contact details given in the “Controller” section or to the data protection officer appointed by us.

If you believe that the processing of your personal data violates data protection law, you also have the right under Art. 77 GDPR to lodge a complaint with a data protection supervisory authority of your choice. This also includes the data protection supervisory authority responsible for the controller:

Saxon Data Protection and Transparency Officer, P.O. Box 110132, 01330 Dresden or: Devrientstraße 5, 01067 Dresden, phone: 0351/85471-101, e-mail post@sdtb.sachsen.de, https://www.saechsdsb.de/.

In principle, you can use our websites for purely informational purposes without disclosing your identity. When accessing the individual pages of the websites in this sense, only access data is transmitted to our web space provider so that the websites can be displayed to you. The following data is processed in the process:

  • Browser type / browser version,
  • operating system used,
  • Language and version of the browser software,
  • Date and time of access,
  • Host name of the accessing end device
  • IP address,
  • Content of the request (specific website),
  • Access status/HTTP status code,
  • Websites accessed via the website
  • Referrer URL (the previously visited website),
  • Message indicating whether the call was successful,
  • amount of data transferred,
  • Time zone difference to GMT,
  • SSL/TLS information,
  • Connection status.

The temporary processing of this data is necessary to technically enable the course of a website visit and the delivery of the respective website to your end device. The access data is not used to identify individual users and is not merged with other data sources. Further storage in log files takes place in order to ensure the functionality of the website and the security of the information technology systems. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interests lie in ensuring the functionality of the website and the integrity and security of the website. Storing access data in log files, in particular the IP address, for a longer period of time enables us to detect and prevent misuse. This includes, for example, the defense against requests that overload the service or any bot usage. The access data is deleted as soon as it is no longer required to achieve the purpose for which it was processed. In the case of the collection of data for the provision of the website, this is the case when you end your visit to the website. The log data is always stored directly and only accessible to administrators and is deleted after seven days at the latest. After that, it is only available indirectly via the reconstruction of backup tapes and is permanently deleted after a maximum of four weeks.

You can object to the processing. You have the right to object on grounds relating to your particular situation. You can send us your objection using the contact details provided in the “Controller” section.

In addition to the aforementioned access data, technologies are used when using the websites that store information in your end device (e.g. desktop PC, laptop, tablet and smartphone) or access information that is already stored in your end device. These technologies may include cookies, pixels, LocalStorage, SessionStorage, IndexedDB or browser fingerprinting technologies. These technologies can be used to recognize you across devices and websites.

In accordance with the scope of application of Section 25 (1) TDDDG, we generally require your consent to use these technologies. According to Section 25 (2) TDDDG, such consent is only not required if the technologies either enable the transmission of a message via a public telecommunications network or if they are absolutely necessary in order to provide a telemedia service expressly requested by you:

Technically necessary end device information

Some elements of our website serve the sole purpose of transmitting a message (§ 25 para. 2 no. 1 TDDDG) or are absolutely necessary in order to make our website or individual functionalities of our website available to you (§ 25 para. 2 no. 2 TDDDG):

  • Language settings,
  • Log-in information,

The elements are deleted after storage is no longer required, usually at the end of the browser session.

You can prevent processing by making the appropriate settings in your browser software. In the case of elements whose storage duration is not limited to the session, you can delete the elements in the settings of your browser software after your session has expired.

Technically unnecessary end device information

We also use elements on the website that are not technically necessary. We only use these technologies with your consent in accordance with the legal requirements. Information on the individual technologies and functions can be found under “Manage services” within the consent management platform (“cookie banner”) and sorted according to the individual functions in the following information.

Since we carry out so-called conversion measurements (website analytics, which measures the effectiveness with which an addressed group of people is persuaded to carry out desired actions) on our website by Google (Google Ads, Floodlight, Google Analytics 4 of Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland and Google, LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA), the integration of Google Consent Mode is necessary.

We have implemented Consent Mode in Basic Mode. This stores information in your end device or accesses information that is already stored in your end device.

This serves to record the consent status for the fulfillment of the data protection accountability and verification obligations under Art. 5 para. 2, 24 para. 1 and Art. 7 para. 1 GDPR in the processing chain with Google and is therefore absolutely necessary according to § 25 para. 2 no. 2 TDDDG in order to make our website or individual functionalities of the consent query on our website available to you. Tags and SDKs (Software Development Kit), which then enable the use of cookies and similar tracking technologies and trigger access to information from the server request of a user’s browser, are only actively loaded after consent has been granted.

With the consent mode in the basic mode, we receive the additional information (so-called pings to the consent status) that or whether the user data can be used for marketing purposes (“ad_user_data”) and possibly for retargeting purposes (“ad_personalization”), i.e. whether consent has been given or not.

If a user does not give consent for Google Analytics and/or Google Ads cookies, the functionality of the corresponding Google tags is adjusted so that no such cookies are read or written. If it is not possible to observe the path from ad interactions to conversions, gaps may occur in the media measurements. These gaps can be closed with conversion modeling, which is also integrated in the basic mode. In conversion modeling, observable data and previous trends are analyzed. This allows the ratio of users with and without consent to be determined.

The legal basis for the processing of conversion modeling is Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interests in the integration lie in measuring the success of advertising expenditure without identifying an identifiable person.

Google also processes your personal data in the USA. The EU Commission has issued an adequacy decision for data transfer to the USA. Google, LLC is certified under this. In addition, so-called standard contractual clauses have been concluded with Google, LLC in order to commit Google, LLC to an appropriate level of data protection. You can obtain a copy of the standard contractual clauses at https://cloud.google.com/terms/sccs. Further information on the purpose and scope of processing by the plug-in provider and the storage period at Google can be found at https://policies.google.com/privacy?hl=de.

You can object to the processing if the processing is based on Art. 6 para. 1 sentence 1 lit. f) GDPR. You have the right to object on grounds relating to your particular situation. You can send us your objection using the contact details provided in the “Controller” section.

In order to obtain consent on our website for the processing of your end device information and personal data by means of cookies or other tracking technologies, we use a consent management plugin “complianz.io” (“cookiebanner”) from the provider Complianz BV (CoC 717814475, Kalmarweg 14-5, 9723 JG, Groningen, Netherlands) which is hosted on our own servers. The data processed in connection with the use of the plugin is therefore not transmitted to Complianz BV.

Using the consent banner, you have the option of consenting to or rejecting the storage of your end device information and the processing of personal data using cookies or other tracking technologies for the purposes listed. Such processing purposes may include the integration of external elements or statistical analysis, reach measurement, individualized product recommendations or individualized advertising.

You can give or refuse your consent for all processing purposes or give or refuse your consent for individual purposes or individual third-party providers.

The settings you have made within the consent management platform can also be changed by you retrospectively. The purpose of integrating the consent management platform is to allow users of our website to decide on the setting of cookies and similar functionalities and to offer the option of changing settings that have already been made as part of the further use of our website. In the course of using the Consent Management Platform, we process personal data and information about the end devices used. The information about the settings you have made is also stored on your device. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. c) GDPR in conjunction with Art. 7 para. 1 GDPR. Art. 7 para. 1 GDPR, insofar as the processing serves to fulfil the legally standardized obligations to provide evidence for the granting of consent. Otherwise, Art. 6 para. 1 sentence 1 lit. f) GDPR is the relevant legal basis. Our legitimate interests in the processing lie in the storage of user settings and preferences in relation to the use of cookies and the evaluation of consent rates.

At the end of 365 days after the user settings have been made, a new request for consent will be made. The user settings made will then be saved again for this period, unless you delete the information about your user settings in the terminal device capacities provided for this purpose yourself beforehand.

You can object to the processing if the processing is based on Art. 6 para. 1 sentence 1 lit. f) GDPR. You have the right to object on grounds relating to your particular situation. You can send us your objection using the contact details provided in the “Controller” section.

When you contact our company, e.g. by email or via the contact forms provided on our websites, the personal data you provide will be processed by us in order to respond to your inquiry. To process inquiries via the contact form, you must provide your first name and surname and a valid email address. In addition, at the time the message is sent to us, the date and time of registration and, if applicable, details of the respective request and the telephone number will be processed if you provide these in your contact request. In addition, we protect our forms from spam bots using so-called honeypot fields from the provider “Elementor” (Elementor Ltd., Ramat Gan, Tuval St. 40, Ramat Gan, Central District, 5252247 Israel). We add a hidden input field to the forms available on our website using a user-defined HTML widget. This is used to check whether the data entry within the relevant form is made by a human or by an automated program (“bot”) by checking whether the generated input field has been filled in or not. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f) GDPR or Art. 6 para. 1 sentence 1 lit. b) GDPR if the contact is aimed at concluding a contract. If the request is aimed at concluding a contract, the provision of your data is required and mandatory. If you do not provide the data, it will not be possible to conclude or execute a contract or process the inquiry. The other data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems. We delete the data collected in the course of establishing and processing contact after processing is no longer necessary – usually two years after the end of communication – or, if necessary, restrict processing to compliance with existing mandatory statutory retention obligations.

You can object to the processing if the processing is based on the legal basis pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR. You have the right to object on grounds relating to your particular situation. You can send us your objection using the contact details provided in the “Controller” section.

On our website, you also have the option of selecting and individually arranging personal consultation appointments. For the simple digital booking of an appointment, we use the appointment booking tool “Microsoft Bookings” from Microsoft Ireland Operations Limited (One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland and Microsoft Coporation, One Microsoft Way, Redmond, WA 98052-6399, USA; hereinafter: “Microsoft”). “Microsoft” uses so-called “cookies”, which are stored on your end device for recognition, as well as similar tracking methods for recognizing end devices, such as tracking pixels, to process information from your end device. With the help of these technologies, “Microsoft” processes the information generated about the use of our website by your end device as well as access data for the purpose of statistical analysis – e.g. access to a specific web page, number of unique visitors, entry and exit pages, length of stay, click, swipe and scroll behavior, activation of buttons, bounce rates and similar user interactions. As soon as you call up the Microsoft Bookings application and start the appointment scheduling, the (access) data mentioned in the section “Use of our website” is transmitted to Microsoft – even if you cancel the appointment booking in the meantime or ultimately do not book an appointment. Furthermore, your first and last name, e-mail address or telephone number, your preferred form of communication and, if applicable, information from the free text field will be processed. This information is required to complete the booking and is mandatory, as otherwise we will not be able to contact you in accordance with your request. After booking an appointment, you will receive an automatically generated confirmation email with the data you entered, including the calendar invitation. The purpose of using Microsoft Bookings is to make it easier to book appointments. The legal basis for processing in connection with the appointment booking is Art. 6 para. 1 sentence 1 lit. b) GDPR. If you do not wish to make an appointment with us via Microsoft, please contact us using the contact details provided in the “Controller” section. Microsoft also processes some of the data in the USA. The EU Commission has issued an adequacy decision for data transfers to the USA. Microsoft, Inc. is certified under this. In addition, so-called standard contractual clauses have been concluded with Microsoft in order to commit Microsoft to an appropriate level of data protection. A copy of the standard contractual clauses can be found at https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA or can be obtained on request at https://go.microsoft.com/fwlink/p/?linkid=2126612. Further information on the purpose and scope of processing, in particular the duration of storage by Microsoft, can be found at https://www.microsoft.com/de-de/privacy/privacystatement.

As part of the application process, we process in particular the personal data provided by you in the application form, such as first name/surname, address, e-mail address, telephone number(s), data from your application documents and attached documents, e.g. in particular certificates, CV, cover letter, date of birth, photos and the information provided in the free text field as well as other information provided, e.g. desired recruitment dates. The purpose of the processing is to check your suitability for a position in our company and to consider your application as part of the application process. In the case of an (unsolicited) application by e-mail, we also process metadata from your e-mail, such as the date and time of receipt on our e-mail server, to ensure quality and to secure communication as part of the application process. If you apply via our application form on our website, the access data mentioned in the section “Use of our website” will also be processed in order to process your application documents and other documents digitally within the application process and to forward them internally to the responsible departments. Further details, in particular on the application process, can be found in our data protection information for applicants.

The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b) GDPR in conjunction with § 26 para. 1 BDSG, insofar as the data processing is necessary for the establishment and execution of the employment relationship The provision of your data is necessary and mandatory for the conclusion and execution of the contract. If you do not provide your data, we cannot guarantee that your application will be considered.

When processing special categories of personal data that may be the subject of your application or that you send us via the contact form on the website, the legal basis is Art. 9 para. 2 lit. b) GDPR in conjunction with Section 26 para. 3 BDSG.

We store your data for as long as it is required in connection with the application process. As a rule, we delete your personal data as soon as it is no longer required for the above-mentioned purposes and unless otherwise required by law. In particular, we retain personal data for as long as we need it to assert legal claims or defend against claims. Accordingly, we delete the data of applicants in the event of rejection no later than six months after sending the rejection notification. The legal basis for processing for the purposes of legal prosecution is Art. 6 para. 1 lit. b) GDPR in conjunction with Section 26 para. 1 BDSG. When processing special categories of personal data, in particular any severe disabilities in connection with your application, the legal basis is Art. 9 para. 2 lit. b) GDPR in conjunction with Section 26 para. 3 BDSG or Art. 9 para. 2 lit. f) GDPR.

If an application is accepted, we store your data for the subsequent employment relationship within our employee administration.

If we do not have a vacancy to fill, but are generally interested in working with you, we will process your application documents in our applicant pool on the basis of your consent so that we can contact you in the event of a vacancy. We will contact you separately to obtain your consent. The legal basis is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a) GDPR. The data in the applicant pool will be deleted after two years, unless you have consented to a longer storage period.

You can withdraw your consent to processing at any time by sending a message to us using the contact details provided under “Controller”. The legality of the processing remains unaffected until the revocation is exercised.

We also process personal data for the establishment, exercise or defense of legal claims. The legal basis for the processing is Art. 6 para. 1 lit. c) GDPR and Art. 6 para. 1 lit. f) GDPR. In these cases, we have a legitimate interest in asserting or defending against claims.

You can object to the processing. You have the right to object on grounds relating to your particular situation. You can send us your objection using the contact details provided in the “Controller” section.

We may also process the aforementioned personal data to fulfill other legal obligations, in particular if we have an enforceable official or court order or if we are required by law to process the data. The legal basis in these cases is Art. 6 para. 1 sentence 1 lit. c) GDPR.

If we do not receive the personal data mentioned and processed within the scope of this data protection information directly from you, we obtain it within the scope of the contractual relationship from the following sources in particular:

  • Market master data register,
  • Sales partners in the context of customer support (see further information in the section “Processing in the context of joint responsibility” of this privacy policy),
  • Plant-specific control systems.

In order to use the customer portal on our website, you must register in the customer portal with your e-mail address and a password of your choice. There is no obligation to use a clear name; you are free to use a pseudonym. Furthermore, your IP address is processed at the time of registration.

For registration and login management in the customer portal, we use an extended multi-factor authentication process using a one-time code with time expiry (“one-time code”), which is required for each session to verify you as a customer. After you have submitted the data required for registration via the input masks, you will be asked to enter a one-time code for verification of your end device and for security purposes, which you can enter either using the external services “Google Authenticator” (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland) or “FreeOTP Authenticator” (Red Hat, Inc., 100 East Davie Street, Raleigh, North Carolina 27601, USA and Red Hat Ltd, 6700 Cork Airport Business Park, Phase II 1st Floor, Cork, Ireland; hereinafter: “RedHat”) from the common app stores (Google Play: Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland or Apple App Store: Apple Inc, 1 Infinite Loop, Cupertino, CA 95014, USA) or through a program to be installed locally on the respective end device, “2fast – Two Factor Authenticator” from the provider Jan Philipp Weber & Malte Hellmeier via the Microsoft App Store (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA), even without an internet connection. The verification procedure is carried out using the aforementioned software or apps. For this purpose, a one-time valid code is sent to the end device registered or used in the login process, which must be entered in the customer portal on the website to verify the end device. When downloading the mobile apps from the aforementioned app stores, the required information and the data you enter in the process are also transmitted to the app store you have selected, in particular your user name, email address and customer number of your accounts, time of download, payment information and the individual device identification number. We have no influence on this data processing via the app stores mentioned and are not responsible for this.

If you register via the smartphone apps mentioned above, you can either scan the QR code provided by us from the login screen to set up your account or have a character string displayed that you enter in the selected authenticator app. Access to your customer account will only be created and registration successfully completed once the respective code has been activated and entered in the field provided for this purpose on our website. For subsequent logins, the access data (user ID and password) you selected when you first logged in and the unique code to be generated for each session must be entered.

The data processed by you in connection with the customer portal will be deleted as soon as it is no longer required to achieve the purpose of the processing. This is the case for the data collected during the registration process if the registration on the website is canceled or modified.

The following functions are available in the login area:

  • Master data overview,
  • Creating and editing energy generation and control energy forecasts,
  • Reporting of system failures,
  • Viewing marketing revenues,
  • Sending contact requests.

If you use the customer portal, e.g. to report system failures and update forecasts, we also process the personal data required to initiate or fulfill the contract, in particular address data.

The legal basis for processing within the scope of the customer portal is Art. 6 para. 1 sentence 1 lit. b) GDPR. The provision of your data is necessary and mandatory for the conclusion and performance of the contract. If you do not provide your data, you will not be able to register or use the customer portal, i.e. it will not be possible to conclude and/or execute a contract. Your data will be deleted as soon as it is no longer required for the purpose of processing. This is the case after deletion of the customer account, unless we are required by law to retain the data processed in this context. In this case, we restrict the processing. Due to mandatory commercial and tax regulations, we are obliged to store your address, payment and order data for a period of up to ten years. By offering multi-factor authentication, we fulfill the legal obligations under Art. 32 GDPR.

We use the “Salesforce Sales Cloud” service from the provider Salesforce (salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich, Germany and salesforce.com inc, Salesforce Tower, 415 Mission Street, San Francisco, CA 94105, USA; hereinafter referred to as “Salesforce CRM”) for our customer management and the administration of sales and communication processes: Salesforce CRM). The CRM system is used for the complete planning, control and execution of all interactive processes with customers and enables us to develop target group-oriented marketing based on a customer database. The data processed by Salesforce CRM and us in this context includes, in particular, information from contact forms available on our website, such as address, name, email address, profile data, contact history, communication data, data on interests, contract data, transaction data, sales data and action and reaction data. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f) GDPR or Art. 6 para. 1 sentence 1 lit. b) GDPR, if and insofar as the processing serves to initiate and execute a contract. Our legitimate interests lie in effective process management and the support of our contacts and customers. We delete the data arising in this context after processing is no longer necessary or, if necessary, restrict processing to compliance with existing mandatory statutory retention obligations. Salesforce CRM also processes your data in the USA. For data transfer to the USA, there is an adequacy decision by the EU Commission under which Salesforce is certified. In addition, so-called standard contractual clauses have been concluded with Salesforce in order to commit Salesforce to an appropriate level of data protection. You can access a copy of the standard contractual clauses at https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Agreements/scc-amendment.pdf. Further information on data protection and the storage period at Salesforce can be found at https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Agreements/data-processing-addendum.pdf and https://www.salesforce.com/company/legal/privacy/.

You can object to the processing if the processing is based on the legal basis pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR. You have the right to object on grounds relating to your particular situation. You can send us your objection using the contact details provided in the “Controller” section.

Existing customer acquisition

We reserve the right to use the e-mail address provided by you during registration within the customer portal or the existing customer relationship in this respect in accordance with the statutory provisions in order to send you the following content by e-mail, provided that you have not already objected to this processing of your e-mail address:

  • Interesting offers from our portfolio, especially in relation to market reports, electricity marketing, marketing options, optimization, etc.,
  • Special offers / time-limited offers,
  • Technical information,
  • New service offers for our products and services,
  • Invitations to events organized by our company,
  • Individual customer advisory services,
  • Requests for customer feedback / customer satisfaction,
  • Overviews of system-specific feed-in forecasts and technical measured values,
  • Overview of current developments on electricity trading markets.

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interests in the aforementioned processing lie in increasing and optimizing our services, sending direct advertising and ensuring customer satisfaction. We delete your data when you end the usage process, but no later than three years after termination of the contract.

We would like to point out that you can object to the receipt of direct advertising and processing for the purpose of direct advertising at any time without incurring any costs other than the transmission costs according to the basic tariffs. You have a general right to object without giving reasons (Art. 21 (2) GDPR). To do this, click on the unsubscribe link in the respective email or send us your objection to the contact details given in the “Controller” section.

E-mail marketing service

We use the following e-mail marketing service:

  • “CleverReach of the provider CleverReach GmbH & Co KG (CRASH Building, Schafjückenweg 2, 26180 Rastede, Germany; hereinafter: “CleverReach”); further information can be found in the privacy policy of “CleverReach” at https://www.cleverreach.com/de-de/datenschutz/.

If you have registered for the newsletter, the data provided during registration and the data processed during the use of our newsletter service will be processed on the servers of our aforementioned email marketing service. The email marketing service acts as our processor and is contractually limited in its authority to use your personal data for purposes other than providing services to us in accordance with the applicable data processing agreement.

Block list

If you unsubscribe by withdrawing your declaration of consent or by exercising your right to object in the case of existing customer advertising, we will process your data, in particular your email address, to ensure that you do not receive any further newsletters from us. For this purpose, we add your email address to a so-called “blacklist”, which prevents you from receiving any further newsletters from us. The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. c) GDPR in order to comply with our obligations to provide evidence, otherwise Art. 6 para. 1 sentence 1 lit. f) GDPR. In this case, our legitimate interests consist in complying with our legal obligations to reliably stop sending you newsletters.

You can object to the processing. You have the right to object on grounds relating to your particular situation. You can send us your objection using the contact details provided in the “Controller” section.

To ensure that you can access our online content quickly, we use a content delivery network (hereinafter: “CDN”). When you visit our website, a library is loaded from our CDN and temporarily stored on your end device in order to enable faster provision of the content and to avoid reloading. In particular, your IP address as well as information from the respective server request, browser information and other information from the section “Use of our website” is processed by the provider of the respective CDN. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. By using a CDN, we pursue the legitimate interest of faster retrievability and a more effective and improved presentation of our online offer.

You can object to the processing. You have the right to object on grounds relating to your particular situation. You can send us your objection using the contact details provided in the “Controller” section.
We use the following service provider(s) as a CDN:

  • Cloudflare Germany GmbH (Rosental 7, 80331 Munich, Germany) and Cloudflare, Inc. (101 Townsend St., San Francisco, CA 94107, USA). Some of these service providers process your data on servers in the USA. The EU Commission has issued an adequacy decision for data transfer to the USA. Cloudflare, Inc. is certified under this. In addition, so-called standard contractual clauses have been concluded with Cloudflare, Inc. in order to commit Cloudflare, Inc. to an appropriate level of data protection. You can view a copy of the standard contractual clauses at https://www.cloudflare.com/de-de/cloudflare-customer-dpa/. Further information on data protection and the storage period can be found at: https://www.cloudflare.com/de-de/privacypolicy/.

Third-party content, such as videos from other websites, is integrated on the websites. This integration always presupposes that the providers of this content (“third-party providers”) are aware of the IP addresses of the users. Without the IP address, they cannot send the content to the respective user’s browser. The IP address is therefore required to display this content. We also use third-party services for statistical, analytical and marketing purposes. This enables us to provide you with a user-friendly, optimized use of the website. The third-party providers use “cookies”, “pixels”, “browser fingerprinting” or other tracking technologies to control their services. We will inform you below about the services of external providers currently used on our website as well as about the respective processing in individual cases and about your existing options for objection or revocation. Some of the third-party providers may process data outside the European Union. These third-party services are used for the following purposes:

  • Statistical analysis: This includes the processing and presentation of data on user actions and interactions on websites and apps (e.g. number of page visits, number of unique visitors, number of returning visitors, entry and exit pages, dwell time, bounce rate, button clicks) and, if applicable, the classification of users into groups based on technical data on the software settings used (e.g. browser type, operating system, language setting, screen resolution).
  • Individualized advertising: Certain functions of websites and apps are used to display personalized advertising material (ads or commercials) to users in other contexts, for example on other websites, platforms or apps. For this purpose, demographic data, search terms used, context-related content, user behavior on websites and in apps or the location of users are used to draw conclusions about the interests of users. Based on these interests, advertising media will be selected and displayed by other providers of online content in the future.
  • Reach measurement: This is used to evaluate visitor actions by analyzing user behavior in relation to the identification of certain user actions and measuring the effectiveness of online advertising. The number of visitors who have reached websites or apps by clicking on advertisements, for example, is measured. In addition, the rate of users who perform a specific action (e.g. registering for the newsletter, booking a stay) can be measured.

We use Google Tag Manager from Google (Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland and Google, LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA; hereinafter: “Google” and “Google Tag Manager”) on our website. Google Tag Manager is a solution with which website tags and other elements from third-party providers can be managed via an interface.

On the one hand, an http request is sent to Google when you access the website with Google Tag Manager. This transmits end device information and personal data such as your IP address and information about your browser settings to Google. We use Google Tag Manager for the purpose of facilitating electronic communication by transferring information to third-party providers via programming interfaces, among other things. The respective tracking codes of the third-party providers are implemented in the Google Tag Manager without us having to make extensive changes to the source code of the website ourselves. Instead, the integration takes place via a container that places a so-called “placeholder” code in the source code. In addition, Google Tag Manager allows the data parameters of users to be exchanged in a specific order, in particular by ordering and systematizing the data packets. In some cases, your data is also transferred to the USA. The EU Commission has issued an adequacy decision for the transfer of data to the USA. In addition, so-called standard contractual clauses have been concluded with Google, LLC in order to oblige Google, LLC to an appropriate level of data protection. You can obtain a copy of the standard contractual clauses at https://cloud.google.com/terms/sccs. The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interests in the processing lie in the facilitation and execution of electronic communication by identifying communication endpoints, control options, exchanging data elements in a defined sequence and identifying transmission errors. The Google Tag Manager does not initiate any data storage. Further information on data protection at “Google” can be found at: http://www.google.de/intl/de/policies/privacy.

You can objection to the processing, provided that this to Art. 6 para. 1 sentence 1 lit. f) GDPR is based. Your right to object exists for reasons arising from your particular situation. You can send us your objection using the contact details provided in the “Controller” section.

You can prevent processing by deleting the history and website data in the settings of your browser software or by opening the browser used in “private mode”.

On the other hand, Google Tag Manager integrates third-party tags such as tracking codes or counting pixels on our website. The tool triggers other tags, which in turn collect your data; we will inform you about this separately as part of this data protection information (see section “Services for statistical, analysis and marketing purposes”). The Google Tag Manager itself does not evaluate the end device information and personal data of users collected by the tags. Rather, your data is forwarded to the respective third-party service for the purposes specified in our consent management tool (“cookie banner”). We have coordinated the Google Tag Manager with our consent management tool in such a way that the triggering of certain third-party services in the Google Tag Manager is made dependent on your selection in our consent management tool, so that only those third-party tags trigger data processing for which you have given your consent. The use of Google Tag Manager is covered by the consent for the respective third-party service. The legal basis for the processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR. Google also processes some of the data in the USA. The EU Commission has issued an adequacy decision for data transfer to the USA. In addition, so-called standard contractual clauses have been concluded with Google, LLC in order to oblige Google, LLC to an adequate level of data protection. You can obtain a copy of the standard contractual clauses at https://cloud.google.com/terms/sccs. The storage period of your data can be found in the following descriptions of the individual third-party services. Further information on data protection at “Google” can be found at: http://www.google.de/intl/de/policies/privacy.

You can withdraw your consent to processing at any time by moving the slider in the “Manage services of the consent tool for the respective third-party provider. The legality of the processing remains unaffected until the revocation is exercised.

We use third-party services for statistical, analytical and marketing purposes. This enables us to provide you with a user-friendly, optimized use of the website. The third-party providers use cookies, pixels, browser fingerprinting or other tracking technologies to control their services. We will inform you below about the services of external providers currently used on our website as well as about the respective processing in individual cases and about your existing revocation options.

Google Analytics 4

We use “Google Analytics”, a web analysis service from “Google” (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland and Google, LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA; hereinafter: “Google” and “Google Analytics 4”) in order to be able to optimally tailor our website to user interests. “Google Analytics 4” uses so-called “cookies”, which are stored on your end device for recognition, as well as similar tracking methods for recognizing end devices such as tracking pixels, device fingerprinting and programming interfaces (e.g. APIs and SDKs) to process information from your end device. For this purpose, your end device is assigned a randomly generated identification number (cookie ID/device ID).

With the help of these technologies, “Google” processes the information generated about the use of our website by your end device as well as access data for the purpose of statistical analysis – e.g. access to a specific website, number of unique visitors, entry and exit pages, length of stay, click, swipe and scroll behavior, activation of buttons, registration for the newsletter, bounce rate and similar user interactions. For this purpose, it can also be determined whether different end devices belong to you or your household. The access data includes, in particular, the IP address, browser and device information, cookie ID/device ID, the previously visited website and the date and time of the server request.

No individual IP addresses are logged or stored in “Google Analytics 4” systems. At the moment the IP address is recorded by Google in special local data centers in the EU, your IP address is used to determine location information. The IP address is then deleted before the access data is stored in a data center or on a server for “Google Analytics”. In “Google Analytics 4”, no precise data on the geographical location is provided, but only general location information such as the region and city of the location of the end device, which is derived from the IP address. “Google will process this information for the purpose of evaluating your use of the website, compiling reports on website activity for us and, where we indicate otherwise, providing us with other services relating to website activity and internet usage. If you are registered with a Google service, “Google” can assign the website visit to your user account and create and evaluate cross-application user profiles.

There is also a cross-platform analysis of user behavior on websites and apps that use “Google Analytics 4” technologies. This allows user behavior in different environments to be recorded, measured and compared in the same way. For example, user scroll events are automatically recorded to enable a better understanding of the use of websites and apps. Different cookie IDs/device IDs are used for different end devices for this purpose. We are then provided with anonymized statistics on the use of the various platforms, compiled according to selected criteria.

Google Analytics 4″ is used to automatically create target groups for specific cookie IDs/device IDs or mobile advertising IDs, which are later used for individualized advertising. Target group criteria include, for example: Users who have viewed products but not added them to a shopping cart or added them to a shopping cart but not completed the purchase OR users who have purchased certain items. A target group comprises at least 100 users. The Google Ads tool can then be used to display interest-based ads in search results. Likewise, users of websites can be recognized on other websites within the “Google” advertising network (in Google search, on “YouTube”, so-called “Google ads” or on other websites) and presented with tailored advertisements based on the defined target group criteria.
With regard to the storage of and access to information in your end device, your consent is the legal basis in accordance with Section 25 (1) TDDDG; for further processing, your consent is also the legal basis in accordance with Art. 6 (1) sentence 1 lit. a) GDPR. “Google” also processes some of the data in the USA. The EU Commission has issued an adequacy decision for data transfer to the USA. Google, LLC is certified under this. In addition, so-called standard contractual clauses have been concluded with Google, LLC in order to commit Google, LLC to an appropriate level of data protection. You can obtain a copy of the standard contractual clauses at https://cloud.google.com/terms/sccs. Your data in connection with “Google Analytics 4” will be deleted after 26 months at the latest. Further information on data protection at “Google” can be found at: http://www.google.de/intl/de/policies/privacy.
You can withdraw your consent to processing at any time by moving back the slider in the Manage Services section of the consent tool. This does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Google Ads Remarketing

We use the “Google Ads” tool with the “Dynamic Remarketing” function from “Google” (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland and Google, LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA; hereinafter: “Google” and “Google Ads”). With the “Dynamic Remarketing” function, we can recognize users of our website on other websites within the “Google” advertising network (in the “Google” search or on “YouTube”, so-called “Google Ads” or on other websites) and present advertisements tailored to their interests. The advertisements may also relate to products and services that you have already viewed on our website. For this purpose, the interaction of users on our website is analyzed, e.g. which offers the user was interested in, in order to be able to display targeted advertising to users on other sites even after they have visited our website. If you visit our website, “Google Ads” will store a cookie on your end device. With the help of the cookies, “Google” processes the information generated by your device about the use of our website and interactions with our website as well as the data mentioned in the section “Use of our website”, in particular your IP address, browser information, the previously visited website and the date and time of the server request, for the purpose of displaying personalized advertisements. For this purpose, it can also be determined whether different end devices belong to you or your household. Due to the marketing tools used, your browser automatically establishes a direct connection with the “Google” server. If users are registered with a “Google” service, “Google” can assign the visit to the user account and create and evaluate user profiles across applications. With regard to the storage of and access to information in your terminal device, your consent is the legal basis pursuant to Section 25 (1) TDDDG; for further processing, your consent is also the legal basis pursuant to Art. 6 (1) sentence 1 lit. a) GDPR. “Google” also processes some of the data in the USA. The EU Commission has issued an adequacy decision for data transfer to the USA. Google, LLC is certified under this. In addition, so-called standard contractual clauses have been concluded with Google, LLC in order to commit Google, LLC to an appropriate level of data protection. You can obtain a copy of the standard contractual clauses at https://cloud.google.com/terms/sccs. The storage period at “Google” is a maximum of 24 months. Further information on data protection and the storage period at “Google” can be found at: https://policies.google.com/privacy.
You can withdraw your consent to processing at any time by using the slider in the “Manage services” of the consent tool. The legality of the processing remains unaffected until the revocation is exercised.

Google Ads Conversions

We use the “Google Ads” service from “Google” (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland and Google, LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA; hereinafter: “Google” and “Google Ads”) to draw attention to our attractive offers on external websites with the help of advertising material (formerly known as “Google AdWords”). We can determine how successful the individual advertising measures are in relation to the advertising campaign data. These advertising materials are delivered by Google via so-called “ad servers”. For this purpose, we use cookies and API interfaces through which certain parameters for measuring reach, such as the display of ads or clicks by users, can be measured. If you access our website via a Google ad, Google will store a cookie on your device. With the help of the cookies, “Google” processes the information generated by your device about interactions with our advertising material (calling up a specific website or clicking on an advertising material), the data mentioned in the section “Use of our website”, in particular your IP address, location/language information, browser information, click ID, information on booking cancellations made, the previously visited website and the date and time of the server request for the purpose of analyzing and visualizing the reach measurement of our advertisements. For this purpose, it can also be determined whether different end devices belong to you or to your household. Due to the marketing tools used, your browser automatically establishes a direct connection with the “Google” server. If you are registered with a “Google” service, “Google” can assign the visit to your Google account. Even if you are not registered with “Google” or have not logged in, it is possible that the provider will find out your IP address and process it. We receive statistical evaluations from “Google” to measure the success of our advertising material. With regard to the storage of and access to information in your terminal device, your consent is the legal basis in accordance with Section 25 (1) TDDDG; for further processing, your consent is also the legal basis in accordance with Art. 6 (1) sentence 1 lit. a) GDPR. “Google” also processes some of the data in the USA. The EU Commission has issued an adequacy decision for data transfer to the USA. Google, LLC is certified under this. In addition, so-called standard contractual clauses have been concluded with Google, LLC in order to commit Google, LLC to an appropriate level of data protection. You can obtain a copy of the standard contractual clauses at https://cloud.google.com/terms/sccs. The storage period at “Google” is a maximum of twelve months. Further information on data protection and the storage period at “Google” can be found at: https://policies.google.com/privacy.
You can withdraw your consent to processing at any time by using the slider in the “Manage services” of the consent tool. The legality of the processing remains unaffected until the revocation is exercised.

Meta Pixel

On our website, we use the analysis functions of “Meta” (provider is Meta Platforms Ireland Limited, Meta Platforms Ireland Limited, Block J, Serpentine Avenue, Dublin 4, Ireland and Meta Platforms Inc. 1601 Willow Rd, Menlo Park, California, USA; hereinafter: “Meta”). For this purpose, we use the so-called Meta pixel to analyze the use of our website and Internet presence, e.g. in social networks such as Meta and Instagram, the interactions made by users on our website and Internet presence and the reach measurement of our advertisements. We use these findings to optimize our marketing and advertising campaigns and to form target groups, especially of meta users, to whom we can display interest-based advertisements. Your browser automatically establishes a direct connection to Meta’s server with the help of meta pixels, which are graphics that are also integrated into our website, are automatically loaded when you visit our website and enable user behavior to be tracked. By integrating the Meta pixels, Meta processes the information generated about the use of our website by your end device – e.g. that you have accessed a certain web page – and processes, among other things, the data mentioned in the section “Use of our website”, in particular IP address, browser information, the Meta ID, end device ID, language settings, date and time of the server request and event data such as page views, button views and other interactions for the purpose of analyzing our website and Internet presence, analyzing user interactions and measuring the reach of our advertisements. For these purposes, it can also be determined whether different end devices belong to you or your household. The information obtained with the help of the Meta pixel is used solely for statistical purposes, is transmitted to us anonymously by Meta as statistics and does not provide any information about the person of the user. If you are registered with a Meta service, Meta can assign the information collected to your account or to you as a user. Even if a user is not registered with Meta or is not logged in, it is possible for Meta to obtain and process the IP address and other identifying features. With regard to the storage of and access to information in your terminal device, your consent is the legal basis pursuant to Section 25 (1) TDDDG; for further processing, your consent is also the legal basis pursuant to Art. 6 (1) sentence 1 lit. a) GDPR. Meta also processes some of the data in the USA. An adequacy decision of the EU Commission exists for data transfer to the USA. Meta Platforms, Inc. is certified under this. In addition, standard data protection clauses have been concluded with Meta Platforms, Inc. in order to commit Meta Platforms Inc. to an appropriate level of data protection. You can request a copy of the standard data protection clauses from Meta at https://www.facebook.com/help/contact/341705720996035. The storage period of the information in the Meta cookies is 90 days. Further information on data protection and the storage period at Facebook can be found at: https://www.facebook.com/privacy/explanation and https://www.facebook.com/policies/cookies/

You can withdraw your consent to processing at any time by moving the slider in the “Manage services” of the consent tool for the respective third-party provider. The legality of the processing remains unaffected until the revocation is exercised.

Meta Custom Audiences / Lookalike Audiences

Furthermore, our website uses the targeting function for advertisements called “Custom Audience via your website” from “Meta” (provider is Meta Platforms Ireland Limited, Block J, Serpentine Avenue, Dublin 4, Ireland and Meta Platforms Inc. 1601 Willow Rd, Menlo Park, California, USA; hereinafter: “Meta”). Web beacons, such as the Meta pixel, are used to collect information about your usage behavior on our website, which is processed by Meta. This allows visitors to our website to be matched with users on Meta. As a result, users of the website and users of Meta who belong to a comparable target group can be shown interest-based advertisements (“Meta Ads”) when visiting the Meta social network and their interactions with our website can be analyzed. In addition, we use Meta’s extended “Lookalike Audience” function to develop new groups of people/recipients based on an initial target group defined by us, to whom we can then display interest-based advertisements when they visit the Meta social network. Meta then uses this initial target group to determine new target groups based on the criteria we have predefined, e.g. interests (“lookalike audience”). Your browser automatically establishes a direct connection to Meta’s servers with the help of meta pixels (graphics that are also integrated into our website and are automatically loaded when you visit our website and enable user behavior to be tracked). By integrating the meta pixels, Meta processes the information generated about the use of our website by your end device – e.g. that you have called up a certain web page – and processes, among other things, the data mentioned in the section “Use of our website”, in particular IP address, browser information, the meta ID, end device ID, language settings, date and time of the server request and event data such as page and button views and other interactions for the purpose of displaying personalized advertisements. For this purpose, it can also be determined whether different end devices belong to you or your household. If you are registered with a Meta service, Meta can assign the information collected to your user account. Even if you are not registered with Meta or have not logged in, it is possible for the provider to find out and process your IP address and other identifying features. With regard to the storage of and access to information in your terminal device, your consent is the legal basis pursuant to Section 25 (1) TDDDG; for further processing, your consent is also the legal basis pursuant to Art. 6 (1) sentence 1 lit. a) GDPR. Meta also processes some of the data in the USA. An adequacy decision of the EU Commission exists for data transfer to the USA. Meta Platforms, Inc. is certified under this. In addition, standard data protection clauses have been concluded with Meta Platforms Inc. in order to commit Meta Platforms Inc. to an adequate level of data protection. You can request a copy of the standard data protection clauses from Meta at https://www.facebook.com/help/contact/341705720996035. The storage period of the information in the Facebook cookies is 90 days. For more information on data protection and the storage period at Meta, please visit: https://www.facebook.com/privacy/policy/ and https://www.facebook.com/policies/cookies/.

You can withdraw your consent to processing at any time by moving the slider in the “Manage services” of the consent tool for the respective third-party provider. The legality of the processing remains unaffected until the revocation is exercised.

When using the aforementioned Meta Business Tools, your personal data (“Business Tool Data”) will be processed both by us and by Meta. The processing of personal data described above in connection with the use of Meta Business Tools as well as the processing of your hashed contact information, browser information (e.g. user agent, language settings) and event data, i.e. information that arises in connection with the analysis of your interactions with our website or Internet presence (e.g. button/page views, etc.), is carried out by Meta. Internet presence (e.g. button/page views) together with online identifiers (e.g. device/advertising ID), is carried out under joint responsibility in accordance with Art. 26 GDPR, whereby the responsibility for fulfilling data protection obligations under the GDPR may vary depending on the processing phase. The purposes of the processing are the optimization of the respective marketing campaigns and analyses, in particular the comparison with Meta user IDs for the targeted display of advertisements, for the implementation of which we use the Meta Business Tools as a means.
We have entered into an agreement with Meta on joint responsibility pursuant to Art. 26 para. 1 sentence 2 GDPR and have determined who is responsible for the processing of the data in accordance with Art. 26 para. 1 sentence 1 GDPR. 2 GDPR and determined who fulfills the applicable obligations under the GDPR for each processing phase:
As Energy2market GmbH, we are independently responsible for processing the personal data processed in the business tools used for the purposes of carrying out analyses, measuring reach and creating campaign reports as well as comparing them with user IDs, including combining them with the event data determined.
We are jointly responsible with Meta Ireland Limited for the collection and transmission of event data and the meta pixels integrated on our website.
In addition, Meta is an independent controller pursuant to Art. 4 No. 7 GDPR, in particular for any downstream processing of personal data contained in the Meta Business Tools.
You can assert your rights as a data subject both against us and against Meta. We and Meta will inform each other immediately of any rights exercised by data subjects. We will provide each other with all information necessary to respond to the respective requests of data subjects. Irrespective of the responsibility for the respective processing phase in connection with the use of Meta Business Tools, we will provide the data subjects with the necessary information in accordance with Articles 13 and 14 of the GDPR and Art. 26 para. 2 GDPR free of charge within the framework of this data protection information in a precise, transparent, comprehensible and easily accessible form in clear and simple language. We and Meta will provide each other with all necessary information from their respective areas of responsibility.
The legal basis for the joint processing is your consent in accordance with Section 25 (1) TDDDG and for further processing Art. 6 (1) sentence 1 lit. a) GDPR. Further information on processing, in particular in the context of joint responsibility with Meta, can be found at https://www.facebook.com/legal/terms/businesstools_jointprocessing and https://www.facebook.com/legal/terms/businesstools/preview?_rdr and https://www.facebook.com/about/privacy. The agreement concluded with Meta regarding joint responsibility in connection with the Meta business tools can be found at https://www.facebook.com/legal/controller_addendum.

Adition

On our website, we also use the conversion and retargeting functions of “Adition” from the provider Virtual Minds GmbH (Ellen-Gottlieb-Str. 16, 79106 Freiburg im Breisgau; hereinafter: “Adition”) for the targeted evaluation and optimization of our advertisements. Adition uses technologies such as “tracking pixels” and “cookies” to collect information about usage and interaction behavior on our website in order to determine how successful our individual advertising measures are. With the help of the pixels, which are graphics that are also integrated on our website, are automatically loaded when our website is accessed and enable user behavior to be tracked, your browser automatically establishes a direct connection with the Adition server when you visit our website. By using Adition’s conversion tracking functions, we can determine in particular the extent to which the ads we have placed have influenced relevant actions on our website. By integrating the pixels, Adition is able to analyze the information generated via cookies about the use of our website by your end device – e.g. that you have accessed a certain web page – and in particular the data mentioned in the section “Use of our website” is processed, includingThis includes the shortened IP address, information on the device type and operating system, browser information (e.g. browser type, browser ID, timestamp), referrer URL, request ID, type of interaction (e.g. page view, pressing of buttons, etc.) and other data mentioned in the section “Use of our website”. In addition, Adition will assign an ID (browser ID) to your browser when you visit our website in order to process the interactions with our website and to display interest-based advertisements to you across devices. For these purposes, it can also be determined whether different end devices belong to you or your household. Adition may process the information received and any other identifying features for its own purposes. We can determine how successful the individual advertising measures are in relation to the advertising campaign data. These advertising materials are delivered by Adition via so-called ad servers. For this purpose, we use Adition ad server cookies, through which certain parameters for measuring reach – e.g. display of the ads, duration of viewing or clicks by users – can be measured. With regard to the storage of and access to information in your end device, your consent is the legal basis in accordance with Section 25 (1) TDDDG; for further processing, your consent is also the legal basis in accordance with Art. 6 (1) sentence 1 lit. a) GDPR. Your data will be stored by Adition for up to 90 days after your visit to our website and we have the option of retargeting. Further information on data protection and the storage period at Adition can be found at: https://virtualminds.com/privacy-center/.

You can withdraw your consent to processing at any time by moving the slider in the “Manage services” of the consent tool for the respective third-party provider. The legality of the processing remains unaffected until the revocation is exercised.

Background / purposes of processing

In order to place and market our products on the energy market, we use sales partners who are involved in direct contact with e2m customers and producers. With the help of sales partners, we are also able to provide intensive customer support and ensure the ongoing optimization of the development of the respective customer systems and the underlying forecast and generation data. Among other things, the sales partner acts as an intermediary for its customers regarding our products and thus the conclusion of contracts between us and the persons concerned, e.g. new customers.

For these purposes, sales partners process personal data (e.g. personal master data, company master data, contact persons) together with us, particularly in the context of our customer portal. Your data is therefore processed both by us and by sales partners of Energy2market GmbH. In this context, we are jointly responsible with our sales partners with regard to the processing of personal data for customer support, contract management, optimization of customer investment and for the purposes of direct and flexibility marketing in accordance with Art. 26 GDPR. Our sales partners collect personal data either directly from the customers concerned as part of the conclusion of the contract or customer support or receive it from us for the purpose of communication via our Energy2market customer portal. This is done for the purpose of communicating with producers, in particular to improve forecast quality, to ensure the provision and delivery of control services and to implement technical measures in connection with the remote controllability and flexibilization of systems. After transmission, sales partners also process your data for their own brokerage purposes.

Responsibilities / assertion of data subject rights

As part of this joint data processing in accordance with Art. 26 GDPR, we have entered into additional data protection agreements with our sales partners, in addition to concluding general sales partner agreements, regarding who fulfills the existing obligations towards data subjects under the GDPR, among other things. This applies in particular to the exercise of the rights of data subjects and the fulfillment of the information obligations under Articles 13 and 14 of the GDPR, which we provide to data subjects free of charge in a precise, transparent, comprehensible and easily accessible form in clear and simple language. In principle, you can assert your data subject rights within the scope of joint responsibility both against us and against the respective sales partners, whereby we as Energy2market GmbH act as the central point of contact or processing point for your request. The respective sales partners and we inform each other immediately about the assertion of data subject rights and provide each other with all information necessary for responding to requests for information.

Legal basis | Storage period

The legal basis for the joint processing of data in the context of customer management is Art. 6 para. 1 sentence 1 lit. b) GDPR. The provision of personal data is necessary for the conclusion of the contract and you are obliged to provide your personal data. If you do not provide your data, it will not be possible to conclude and/or execute the contract. Once the purpose has been achieved (e.g. termination of the customer contract), the personal data will be blocked for further processing or deleted, unless we are authorized to further processing on the basis of consent given by you (e.g. consent to the processing of the e-mail address for the receipt of electronic advertising mail), a contractual supplementary agreement, a legal authorization or on the basis of legitimate interests (e.g. retention for the enforcement of claims). Further information on data processing by the respective sales partner and the applicable storage period can be obtained directly on request from the sales partner responsible for you, whose contact details can be found in your customer portal.

Contact

If you have any questions in connection with joint data processing, you can contact the contact details given in the “Controller” section of this data protection notice.

Copyright by Spirit Legal

Contact
Linkedin-in Xing Youtube

Menü

Produkte & Leistungen

Unternehmen

Login Kundenportal

Karriere

Biogas

Solar

Wind

Speicher

Industrie

Energie­versorger

Co-Location

Über uns

Referenzen

News & Termine

Karriere

Kontakt

Menu

Products & Services

Company

Login customer portal

Career

About us

Case studies

News & Events

Career

Contact us

Biogas

Solar

Wind

Storage

Industry

Energy supplier

Co-location

Products & Services

Company