Date: August 2022
Within the use of this website, your personal data will be processed, collected and stored by us, as the data controller for the time necessary to fulfil the specified purposes and legal obligations. In the following we will inform you about what data is involved, how it is processed and what rights you have in this respect.
According to Art. 4 No. 1 of the General Data Protection Regulation (GDPR), personal data is any information relating to an identified or identifiable natural person.
3. Recipients and categories of recipients
Your personal data may be disclosed to the following recipients or categories of recipients:
3.1 DATA PROCESSORS
We use service providers who process personal data on our behalf (so-called data processors, cf. Art. 4 No. 8 and 28 GDPR). These include service providers in the areas of IT, telecommunications and business services.
The web host of this website is Online Now! GmbH, Reichsstraße 100, 14052 Berlin, www.online-now.de. The use of the service by Online Now! as a processor is carried out in accordance with Art. 6 (1) (f) GDPR due to our legitimate economic interest in providing our offer on this website.
3.2 DISCLOSURE TO THIRD PARTIES
Except in the aforementioned cases of processing on our behalf, we disclose your personal data to third parties if:
- you have given your express consent to this pursuant to Art. 6 (1) (a) GDPR;
- this is necessary for the fulfilment of a contract with you pursuant to Art. 6 (1) (b) GDPR,
- there is a legal obligation for the disclosure pursuant to Art. 6 (1) (c) GDPR.
The data disclosed may be used by the third party exclusively for the purposes stated.
1. Responsibility for data processing and contact details
SEFE Securing Energy for Europe GmbH
Phone: +49 (0)30 20195 0
(hereinafter “SEFE“ or „we“)
You can contact our data protection officer at any time if you have any questions regarding data protection law or your rights as a data subject at the above address, for the attention of the data protection officer, or at firstname.lastname@example.org.
2. Processing of personal data and purposes of processing
For the hosting of this website we use the web hosting service of Online Now! GmbH, Reichsstraße 100, 14052 Berlin, www.online-now.de (hereinafter “Online Now!”).
In order to offer a website, it is necessary to commission a web hosting service. In accordance with Art. 6 para. 1 sentence 1 lit. f GDPR the web hosting service is used because of our legitimate economic interest in making our services available on this website. In connection with the hosting service, Online Now! processes personal data on our behalf, which are generated while using the website.
We have concluded a data processing agreement with Online Now!. Through this agreement, the service provider assures that it processes the data in accordance with GDPR and guarantees the protection of the rights of the data subject.
Online Now! uses the Public Cloud platform service of OVH GmbH, Christophstraße 19, 50670 Köln, Deutschland Google Cloud Platform service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “OVHcloud”) to host our website. The information regarding the use of our website is transferred to OVHcloud servers in Germany and processed there. The data transferred are purely pseudonyms, it is not possible to draw conclusions from the data about your name. The transfer between Online Now! and OVHcloud is based on a data processing agreement in accordance with cf. Art. 4 No. 8 and 28 GDPR.
VISITING THE WEBSITE
You can access our website without revealing your identity. The browser used on your end device will automatically send information to our web server (e.g. browser type and version, date and time of access) to enable the website to establish a connection. This also includes the IP address of your requesting end device. This is temporarily stored in a so-called log file, anonymised after 24 hours (by changing the last digit before the storage process to "0") and automatically deleted after 28 days at the latest.
The IP address is processed for technical and administrative purposes of establishing and maintaining the connection, in order to ensure the security and functionality of our website and to be able to trace any illegal attacks on it if necessary. Only authorised agency personnel involved in server maintenance are authorised to access the data. Since there is no personal allocation, the data records are only kept in anonymous form for statistical evaluation by deleting the last character block of the IP address. We cannot draw any direct conclusions about your identity from the processing of the IP address and other information in the log file.
The legal basis for the processing of the IP address is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows from the aforementioned security interest and the need to ensure that our website is available without disruption.
4. Transfer of data to a third country or to an international organisation
A transfer of your personal data to a third country or an international organisation will only take place if this is necessary within the framework of commissioned processing and the conditions according to Art. 44 et seq. GDPR are given.
We only transmit your personal data when
- sufficient guarantees are provided by the recipient in accordance with Article 46(1) of the GDPR for the protection of the personal data,
- you have expressly consented to the transfer in accordance with Art. 49 (1) (a) GDPR, after we have informed you of the respective risks,
- the transfer is necessary for the performance of contractual obligations between you and us (Art. 49 (1) (b) GDPR) or
- another exception from Art. 49 GDPR applies.
Guarantees according to Art. 46 GDPR can be so-called standard contractual clauses. In these standard contractual clauses, the recipient assures to sufficiently protect the data and thus to guarantee a level of protection comparable to the GDPR.
A "third country" is a country outside the European Economic Area (EEA) in which the GDPR is not directly applicable. A third country is considered "insecure" if the EU Commission has not issued an adequacy decision for that country pursuant to Art. 45 (1) GDPR confirming that adequate protection for personal data exists in the country.
5. Cookies, tracking pixels, web analysis
6. Data security
We use technical and organisational security measures to protect your personal data from accidental or intentional manipulation, loss, destruction or access by unauthorised persons. In the case of collection and processing of personal data, the information is transmitted in encrypted form to prevent misuse of the data by third parties. Our security measures are continuously revised in line with technological developments.
All data transmitted by you is encrypted using the generally accepted and secure standard TLS (Transport Layer Security). TLS is a tried and tested standard that is also used, for example, for online banking. You can recognise a secure TLS connection, among other things, by the appended s at the http (i.e. ...) in the address bar of your browser or by the lock symbol in the lower area of your browser.
7. Data subject rights
You have the right:
- to withdraw your consent at any time in accordance with Art. 7 (3) GDPR. This has the consequence that we may no longer continue the data processing based on this consent for the future;
- to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
- to demand the correction of incorrect or incomplete personal data stored by us without delay in accordance with Art. 16 GDPR;
- to request the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
- to request the restriction of the processing of your personal data in accordance with Art. 18 GDPR, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims or you have objected to the processing in accordance with Art. 21 GDPR;
- in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller; and
- to complain to a supervisory authority in accordance with Art. 77 GDPR, as a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.
In addition, you have a right to object:
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(f) GDPR (data processing on the basis of a balance of interests); this also applies to any profiling based on this provision within the meaning of Article 4(4) GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
To exercise your data subject rights or to object to data processing by us please contact us at email@example.com.