Data protection

Privacy Policy

We are pleased that you are interested in our company. The management of energenta AG takes data protection very seriously. It is perfectly possible to use the energenta AG websites without entering any personal data. However, if a data subject wishes to take advantage of specific services offered by our company through our website, personal data may need to be processed. If personal data needs to be processed and if there is no statutory basis for such processing, we generally obtain the data subject’s consent.

Personal data such as a data subject’s name, address, email address or telephone number is always processed in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection provisions applicable to energenta AG. The purpose of this Privacy Policy is to enable our company to notify the public about the type, scope and purpose of the personal data we collect, use and process. Additionally, this Privacy Policy explains the rights accruing to data subjects.

As the controller, energenta AG has implemented a number of technical and organisational measures to guarantee that the personal data processed via this website is protected as comprehensively as possible. At the same time, transferring data via the Internet may be prone to security holes, so that absolute protection cannot be guaranteed. For that reason, each data subject may choose to supply personal data to us via alternative channels, such as by telephone.

1. Name and address of the controller

The controller as defined in the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions related to data protection is:

energenta AG
Ermlandweg 14
48159 Münster

Tel: +49 (0) 251 5085 3949
Fax: +49 (0) 251 5085 3941

Email: info@energenta.ag

2. Data protection officer

You can contact our data protection officer at: datenschutz@energenta.ag

3. Cookies and third-party services

The websites of energenta AG use cookies. Cookies are text files that an Internet browser places and stores on a computer system.

A large number of websites and servers use cookies. Many cookies contain what is known as a cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters via which websites and servers can be assigned to the specific Internet browser in which the cookie was stored. This enables the visited websites and servers to differentiate the data subject’s individual browser from other Internet browsers that contain other cookies. A specific Internet browser can be recognised and identified via a unique cookie ID.

Using cookies enables energenta AG to provide more user-friendly services to the users of this website that would not be possible without the cookie.

Cookies mean that the information and offers on our website can be optimised for the user’s benefit. As already mentioned, cookies enable us to recognise the users of our website. By recognising our users, we can make it easier for them to use our website. For example, the user of a website that uses cookies does not have to re-enter their access data each time they visit the website because this is managed by the website and the cookie placed on the user’s computer system. A further example is a shopping cart cookie in an online shop. The online shop uses a cookie to remember the items that a customer has placed in the virtual shopping cart.

The data subject can prevent cookies from being placed by our website at any time by making a corresponding setting in their Internet browser, which constitutes a permanent objection to the placement of cookies. Further, cookies that have already been placed can be deleted at any time via an Internet browser or other software programs. This is possible in all standard Internet browsers. If the data subject deactivates the placing of cookies in the Internet browser they use, they may not be able to utilise all functions of our website in full.

3.1. Use of Google Analytics

This website uses Google Analytics, a web analytics service from Google Inc. (‘Google’). Google Analytics uses what are known as ‘cookies’, text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of the website is usually transferred to one of Google’s servers in the USA and stored there. If IP anonymisation is activated on this website, your IP address will be shortened by Google beforehand within the Member States of the European Union or other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to one of Google’s servers in the USA and shortened there. Google uses this information on behalf of the operator of this website to analyse your usage of the website, to compile reports on your website activity and to provide further services connected to the use of the website and Internet for the benefit of the website operator.

Google will not merge your browser’s IP address transmitted by Google Analytics with any other Google data.

You can prevent the storage of cookies by making a corresponding setting in your browser software; however, note that in this case you may not be able to use the full functionality of this website. Further, you can prevent the information generated by the cookie about your use of the website (including your IP address) from being transmitted to and processed by Google by downloading and installing the browser plug-in available from the following link: https://tools.google.com/dlpage/gaoptout?hl=de

Alternatively, you can click the following link to place an opt-out cookie, which will prevent all future data collection by Analytics when visiting this website: Disable Google Analytics (requires JavaScript to be enabled).

This website uses Google Analytics with the ‘_anonymizeIp()’ extension. This means that all IP addresses are processed in a truncated form so that they cannot be traced back to individual persons. If the collected data concerning you enables you to be traced as an individual person, the possibility for such tracing is immediately excluded and the personal data deleted without undue delay.

We use Google Analytics to analyse the use of our website and regularly improve it. The statistics obtained enable us to improve our offering and make it more interesting for you as a user. In exceptional cases in which personal data is transferred to the USA, Google complies with the EU-U.S. Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6(1)(1)(f) GDPR.

Information about the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, fax: +353 (1) 436 1001. Terms of service: https://www.google.com/analytics/terms/de.html, overview of data protection: https://www.google.com/intl/de/analytics/learn/privacy.html and the privacy policy: https://www.google.de/intl/de/policies/privacy.

4. Collection of general data and information

Each time the energenta AG website is accessed by a data subject or an automated system, it collects a range of general data and information. This general data and information is stored in the server log files and may include the following:

(1) browser types and versions used,

(2) user’s operating system,

(3) user’s Internet service provider,

(4) the sub-web pages that are accessed via an accessing system on our website,

(5) the date and time of the access to the website,

(6) an Internet protocol address (IP address),

(7) the Internet service provider of the accessing system,

(8) other similar data and information that is used to avert risks in the case of attacks on our IT systems.

energenta AG does not use this general data and information to draw any conclusions about the data subject. Instead, this information is required in order to

(1) correctly deliver the content of our website,

(2) optimise the content of our website and the advertising of it,

(3) guarantee the permanent functionality of our IT systems and our website technology and

(4) provide the information that the law enforcement agencies require for a criminal investigation in the event of a cyberattack.

This anonymously collected data and information is analysed by energenta AG not only for statistical purposes, but also with the objective of improving data protection and data security in our company so that an optimum level of protection can ultimately be guaranteed for the personal data we process. The anonymous data from the server log files is stored separately from all personal data supplied by a data subject.

5. Contact form

Our website enables users to contact us by supplying personal data. The data is entered into an input form, transferred to us and stored. The data is not passed to third parties. The following data is collected during the contact process:

Surname, first name
Address*
Email address
Company*
Phone*

*Optional information.

The legal basis for processing the data is the grant of user consent pursuant to Art. 6(1)(a) GDPR.

Users need to register in order for the information they requested to be provided.

The data is deleted as soon as it is no longer required for achieving the purpose for which it was collected. This is true of the data collected during the registration process if the registration on our website is cancelled or amended.

6. Subscription to our newsletter

Our website offers the option to subscribe to a free newsletter. The data from the input form for registering for the newsletter is transferred to us.

The following data is also collected on registration:

(1) IP address of the accessing computer

(2) Date and time of registration

During the registration process, your consent to the processing of the data is obtained and you are referred to this Privacy Policy.

No data is passed to third parties in conjunction with the processing of data for the purpose of sending out newsletters. The data is used exclusively to send out the newsletter.

The legal basis for processing the data following subscription to the newsletter is the grant of user consent pursuant to Art. 6(1)(a) GDPR.

The purpose of collecting the user’s email address is to deliver the newsletter.

The purpose of collecting other personal data in the course of the registration is to prevent misuse of the services or the email address used.

The data is deleted as soon as it is no longer required for achieving the purpose for which it was collected. Accordingly, the user’s email address is stored for as long as the newsletter subscription is active.

The user in question may unsubscribe from the newsletter at any time. A link for this purpose can be found in each newsletter and on our website.

If you would like to subscribe to the newsletter offered on the website, we need an email address from you as well as information that enables us to verify that you are the owner of the specified email address and that you consent to receipt of the newsletter.

We use what is known as the double opt-in procedure to guarantee that the newsletter is sent with your consent. During this process, the potential recipient agrees to be included in a mailing list. A confirmation email then enables the user to confirm the registration in a legally compliant manner. The address is only included in the mailing list once the confirmation has been made.

We use this data exclusively to send the requested information and offers.

Sendingblue (ehemals sendingblue) (Newsletter2Go) is used as a newsletter software and your data is transferred to Sendinblue GmbH for that purpose. Sendinblue is not permitted to sell your data or to use it for purposes other than sending out newsletters. Newsletter2Go is a certified German provider that has been selected on the basis of the General Data Protection Regulation and the German Federal Data Protection Act.

You can find further information here: https://www.brevo.com/de/informationen-newsletter-empfaenger/?rtype=n2go

You may revoke the consent provided for the storage of the data and the email address as well as the use thereof to send out the newsletter at any time, for example via the ‘Unsubscribe’ link in the newsletter.

The measures under data protection law are constantly undergoing technical innovation, and for that reason we advise you to inform yourself of our data protection measures at regular intervals by viewing our Privacy Policy.

If a data subject contacts the controller by email or via a contact form, the personal data provided by the data subject is automatically stored. Such personal data that is provided voluntarily by a data subject to the controller is stored for purposes of processing or contacting the data subject. This personal data is not passed on to third parties.

7. Routine deletion and blocking of personal data

The controller will only process and store personal data concerning the data subject for such time as is necessary for achieving the purpose of the storage or as provided for under EU legislation or laws or rules of other legislators to which the controller is subject.

If the storage purpose ceases to apply or if a storage period prescribed under EU legislation or other relevant legislation expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

8. Rights of data subjects

a) Right of confirmation

Each data subject has the right, granted under EU legislation, to request confirmation from the controller of whether the controller is processing relevant personal data. If a data subject wishes to exercise this right of confirmation, they may contact our data protection officer or another employee of the controller at any time for this purpose.

b) Right of access to information

You may request confirmation from the controller of whether we are processing personal data concerning you.

If such processing is taking place, you may request information from the controller about the following aspects:

(1) the purposes for which the personal data is being processed;

(2) the categories of personal data that is being processed;

(3) the recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed;

(4) the envisaged period for which the personal data concerning you will be stored or, if no specific information can be provided in this respect, criteria used to determine the storage duration;

(5) the existence of the right to rectification or erasure of personal data concerning the data subject or a right to restriction of processing of personal data by the controller or a right to object to such processing;

(6) the existence of a right to lodge a complaint with a supervisory authority;

(7) where the personal data is not collected from the data subject, any available information as to its source;

(8) the existence of automated decision-making, including profiling, referred to in Art. 22(1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to request information about whether the personal data concerning you is transferred to a third country or an international organisation. In this context you can ask to be informed about the appropriate safeguards under Art. 46 GDPR relating to the transfer.

If a data subject wishes to exercise this right of access to information, they may contact our data protection officer or another employee of the controller at any time for this purpose.

c) Right to rectification

Each data subject whose personal data is processed has the right granted under EU legislation to obtain the rectification of inaccurate personal data without undue delay. Further, the data subject also has the right to request the completion of incomplete personal data, taking the purposes of the processing into account, including by means of providing a supplementary statement.

If a data subject wishes to exercise this right of rectification, they may contact our data protection officer or another employee of the controller at any time for this purpose.

d) Right to erasure (‘right to be forgotten’)

Each data subject whose personal data is processed has the right granted under EU legislation to request from the controller the erasure of the personal data concerning them without undue delay, provided that one of the following grounds applies and the processing is not necessary:

(1) The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.

(2) The data subject withdraws their consent on which the processing is based pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR and there is no other legal basis for the processing.

(3) The data subject objects to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21(2).

(4) The personal data has been unlawfully processed.

(5) The personal data has to be erased for compliance with a legal obligation in European Union or Member State law to which the controller is subject.

(6) The personal data has been collected in relation to the offer of information society services referred to in Art. 8(1) GDPR.

If one of the above-mentioned reasons applies and a data subject wishes to effect the erasure of personal data stored by energenta AG, they may contact our data protection officer or another employee of the controller at any time for this purpose. The data protection officer of energenta AG or another employee will see to it that the erasure request is dealt with without undue delay.

If the personal data has been made public by energenta AG and if our company as the controller is under an obligation to erase the personal data pursuant to Art. 17(1) GDPR, energenta AG shall, taking account of the available technology and the implementation costs, implement appropriate measures, including of a technical nature, to notify other controllers who are processing the published personal data that the data subject has demanded that this other controller erase all links to this personal data or copies or replications of this personal data, unless the processing is necessary. The data protection officer of energenta AG or another employee will see to it that the necessary processes are initiated in the individual case.

e) Right to restriction of processing

Each data subject whose personal data is processed has the right granted under EU legislation to request the restriction of processing from the controller where one of the following grounds applies:

(1) The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.

(2) The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of the use of the personal data instead.

(3) The controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise or defence of legal claims.

(4) The data subject has objected to processing pursuant to Art. 21(1) GDPR pending verification of whether the legitimate grounds of the controller override those of the data subject.

If one of the above-mentioned preconditions applies and a data subject wishes to effect the restriction of the processing of personal data stored by energenta AG, they may contact our data protection officer or another employee of the controller at any time for this purpose. The data protection officer of energenta AG or another employee will see to it that the restriction of the processing is initiated.

f) Right to data portability

Each data subject whose personal data is processed has the right granted under EU legislation to receive the personal data concerning them that they have provided to a controller in a structured, commonly used and machine-readable format. They also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been supplied, provided that the processing is based on consent pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Additionally, in asserting their right to data portability pursuant to Art. 20(1) GDPR, the data subject has the right to have the personal data transmitted directly from one controller to another, provided this is technically feasible and this does not adversely affect the rights and freedoms of other persons.

To assert the right to data portability, the data subject may contact the data protection officer appointed by energenta AG or another employee at any time.

g) Right to object

Each data subject whose personal data is processed has the right granted under EU legislation to raise an objection to the processing of their personal data at any time on the basis of Art. 6(1)(e) or (f) GDPR on grounds relating to their specific situation. This also applies to profiling based on these provisions.

If an objection is raised, energenta AG will no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override the data subject’s interests, rights and freedoms or the processing is for the purposes of the establishment, exercise or defence of legal claims.

If energenta AG processes personal data for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data for such marketing. This includes profiling to the extent that it is related to such direct marketing. If the data subject objects to the processing by energenta AG for purposes of direct marketing, energenta AG shall no longer process the personal data for these purposes.

Additionally, where personal data is processed by energenta AG for scientific or historical research purposes or statistical purposes pursuant to Art. 89(1) GDPR, the data subject has the right to object to the processing of personal data concerning them on grounds relating to their particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

The data subject may assert the right to object by directly contacting the data protection officer of energenta AG or another employee at any time. In terms of the use of information society services, the data subject further has the option of exercising their right to object by automated means using technical specifications, notwithstanding Directive 2002/58/EC.

h) Right to revoke consent under data protection law

Each data subject whose personal data is processed has the right granted under EU legislation to revoke consent to the processing of personal data at any time.

If a data subject wishes to exercise their right to revoke consent, they may contact our data protection officer or another employee of the controller at any time for this purpose.

9. Data protection during applications and in the application process

The controller collects and processes the personal data from applicants for the purpose of managing the application process. The following personal data is processed during the application process: basic applicant data from the CV, qualifications, references and work samples where relevant. These are provided exclusively by the applicants. No research about applicants is done without their agreement. The processing may also be done electronically. This is the case especially where an applicant transmits corresponding application documents electronically, for instance by email. The data is only viewed by the HR department and the management of the department in question. If the controller enters into an employment contract with an applicant, the transmitted data will be stored for the purposes of managing the employment relationship, taking statutory provisions into account. If the controller does not enter into an employment contract with the applicant, the application documents will be automatically deleted two months after notification of the rejection decision, provided such a deletion is not precluded by other legitimate interests of the controller. Other legitimate interests in this context arise in particular where claims under the German General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz, AGG) are asserted. In this case, your personal data will be retained for six months. If a claim is brought under the AGG, we reserve the right to continue to retain your documents for the duration of the proceedings.

10. Legal basis of processing

Art. 6(1)(a) GDPR is the legal basis for our company’s processing operations where we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case for instance with processing operations that are required for the supply of goods or the provision of another service or service in return, the processing is based on Art. 6(1)(b) GDPR. The same applies to processing operations that are required for the performance of precontractual measures, such as in the case of queries about our products or services. If our company is subject to a legal obligation via which the processing of personal data becomes necessary, such as fulfilling fiscal obligations, the processing is based on Art. 6(1)(c) GDPR. The processing of personal data may become necessary in rare cases in order to protect the vital interests of the data subject or another natural person. This would be the case for instance if a visitor to our company was injured and as a result their name, age, health insurance details or other vital information needed to be passed to a doctor, a hospital or other third parties. In this case, the processing would be based on Art. 6(1)(d) GDPR. Finally, processing operations may be based on Art. 6(1)(f) GDPR. This is the legal basis for processing operations that are not covered by any of the above-mentioned legal bases if the processing is necessary to preserve a legitimate interest of our company or a third party, provided such interest is not overridden by the interests, basic rights and basic freedoms of the data subject. We are permitted to perform such processing operations in particular because they were specially mentioned by the European legislator. In this regard, the legislator was of the view that a legitimate interest is to be assumed if the data subject is a customer of the controller (recital 47 sentence 2 GDPR).

11. Legitimate interest in the processing pursued by the controller or another third party

If the processing of personal data is based on Art. 6(1)(f) GDPR, our legitimate interest consists of the performance of our commercial activity for the benefit of the well-being of all our employees and our shareholders.

12. Duration for which the personal data is stored

The criterion for the duration of the storage of personal data is the respective statutory retention period. The data in question is routinely deleted on expiry of the period, provided it is no longer required for the fulfilment or initiation of a contract.

13. Statutory or contractual stipulations on the provision of personal data; necessity for contractual conclusion; data subject’s obligation to provide the personal data; potential consequences of non-provision

Please be aware that the provision of personal data is required by law in some circumstances (for example tax rules) or may arise from contractual provisions (for example information about the contractual partner). Indeed, contracts are one area where a data subject may be required to provide personal data to us that we then need to process: the data subject has to provide personal data to us when our company enters into a contract with them. The consequence of non-provision of the personal data would be that the contract cannot be entered into with the data subject. The data subject must contact our data protection officer before they provide any personal data. Our data protection officer will explain to the data subject whether the provision of the personal data is prescribed by law or contractually or is necessary for the conclusion of a contract, whether there is an obligation to provide the personal data and what the consequences would be of a failure to provide the personal data.

14. Existence of automatic decision-making

As a responsible company we do not use automatic decision-making or profiling.