Status: September 2023
While using our vendor portal, your personal data will be processed by us as the data controller and stored for the period of time required to fulfil the specified purposes and legal obligations. In the following, we inform you about what data is involved, how it is processed and what rights you have in this regard.
According to Art. 4 No. 1 of the General Data Protection Regulation (GDPR), personal data is any information relating to an identified or identifiable natural person.
SEFE Securing Energy for Europe GmbH, Markgrafenstraße 23, 10117 Berlin, Germany
Phone: +49 30 20195 0
You can reach our data protection officer or our data protection team at the following contact details: SEFE Securing Energy for Europe GmbH, Data Protection, Markgrafenstraße 23, 10117 Berlin, Germany; email: email@example.com.
Which personal data we process in detail and how it is used depends on whether you only visit our website or use the vendor portal as a business partner of the SEFE Group.
For the provision of this vendor portal website and application, we use the web hosting service of HCM CustomerManagement GmbH, Schwieberdinger Straße 60, 70435 Stuttgart, Germany, www.hcm.company (hereinafter "HCM").
The provision of the vendor portal requires the commissioning of a web hosting service as well as the provision and support of the application. These services are used in accordance with Art. 6 (1) sentence 1 lit. f GDPR on the basis of our legitimate economic interest in making our offer available on this website. In relation to hosting, HCM processes on our behalf personal data that is collected through the use of the vendor portal website.
We have concluded a data processing agreement with HCM. Through this agreement, the service provider assures that it processes the data in accordance with the GDPR and ensures the protection of the rights of the data subjects.
You can access our vendor portal website without having to disclose any information about your identity. The browser used on your end device only automatically sends information to our website server (e.g. browser type and version, date and time of access) to enable the website to establish a connection. This also includes the IP address of your requesting end device. This data is temporarily stored in a so-called log file and automatically deleted after less than 30 days, with the exception of IP addresses, which are not logged.
The log file data is processed for technical and administrative purposes of connection establishment and stability, in order to ensure the security and functionality of our website and to be able to pursue any illegal attacks on it if necessary. Only authorised personnel of our service provider who deal with the support of the web service and the application are entitled to access the data.
The legal basis for the processing of the logged data is Art. 6 para. 1 p. 1 lit. f GDPR. Our legitimate interest follows from the aforementioned security interest and the necessity of a trouble-free provision of our vendor portal website.
On various pages of the vendor portal you will find contact information (email address and telephone number) which can be used to contact us. If you contact us directly via email, we collect your email address as well as any personal data resulting from the text of the email. We also store your telephone number, your contact details and the necessary data provided if you use the telephone numbers to call us.
The processing is based on Article 6 (1) lit. b and f GDPR. The purpose of the data processing and our legitimate interest lie in the care of our business partners and in being able to answer the messages sent to us with your enquiries.
Our portal requires at least one contact person or portal user to be specified as part of the vendor registration process. If only one contact person is specified, this person will also be the so-called vendor administrator, who can create additional portal users or enter information as required, as well as receive email notifications from the portal.
The following data is collected during registration:
Company data of the vendor
Personal data of the portal users
Access data of the portal users
Your personal data is processed on the basis of Article 6 (1) lit. a and b GDPR for the purpose of registration in the vendor portal for you as a portal user in the context of initiating or executing a contract as a business partner of the SEFE Group.
Generally, your account will be kept for as long as necessary to fulfil the purposes for which it was created. After 2 years of inactivity, your account will be deleted. However, you/your company can deactivate your account at any time if you wish.
When using the vendor portal - after registration as a portal user - we process, depending on the transaction, various personal data from your user account and company information, such as data from credit agencies or market information, which may not be personal:
The data is processed in the form of server log files, which are regularly deleted (the duration is less than 30 days) and in which the IP addresses of the users are not logged. Without these log files, it is not possible to use the vendor portal.
The processing of personal data is based on Article 6 para. 1 lit. b and f GDPR. The purpose of the data processing and our legitimate interest lies in the documentation of the contract-relevant actions as well as the audit-proof documentation of the procedure.
Your personal data may be disclosed to the following recipients or categories of recipients.
We use service providers who process personal data on our behalf (so-called processors, cf. Art. 4 No. 8, Art. 28 GDPR). These include service providers in the areas of IT, telecommunications and business services. In these cases, we have concluded data processing agreements with the service provider.
The web host and application provider of our vendor portal website is HCM CustomerManagement GmbH. The use of the service by HCM as a processor is carried out in accordance with Art. 6 (1) sentence 1 lit. f GDPR due to our legitimate economic interest in providing our vendor portal for contract customers on this website.
Except in the aforementioned cases of commissioned processing, we disclose your personal data to third parties if:
The data disclosed may be used by the third party exclusively for the purposes stated.
A transfer of your personal data to a third country or an international organisation will only take place if this is necessary within the framework of order processing and the conditions according to Art. 44 et seq. GDPR are given.
We only transmit your personal data when
Guarantees according to Art. 46 GDPR can be so-called standard contractual clauses. In these standard contractual clauses, the recipient assures to sufficiently protect the data and thus to guarantee a level of protection comparable to the GDPR.
A "third country" is a state outside the European Economic Area (EEA) in which the GDPR is not directly applicable. A third country is considered "unsafe" if the EU Commission has not issued an adequacy decision for that country pursuant to Art. 45 (1) GDPR confirming that adequate protection for personal data exists in the country.
We use so-called cookies on our vendor portal website to make it technically available and to make its use more pleasant for you.
Cookies are data records that your browser automatically creates and that are stored on your end device (laptop, tablet, mobile or similar) when you visit our site. Cookies do not cause any damage to your end device and do not contain any viruses, Trojans or other malware. With the help of cookies, information is stored that is related to the specific end device used. However, this does not mean that we gain direct knowledge of your identity.
We only use technically necessary cookies. The so-called session cookies help us to recognise that you have already visited individual pages of our vendor portal during your session. These cookies are deleted when you log off or the session expires. The cookies used are classified as technically necessary in accordance with § 25 Paragraph 2 No. 2 of the German Telecommunications Telemedia Data Protection Act (TTDSG). They may therefore be stored on your device or the information stored therein accessed without your consent. The data collected through the technically necessary cookies are not used to create user profiles or analyses.
We base the processing of your data through the cookies used for the aforementioned technically necessary purposes pursuant to Art. 6 (1) lit. f GDPR on our legitimate interest in making our vendor portal website technically available and making its use more convenient for you.
We do not use your personal data for automated decision making including profiling.
We use technical and organisational security measures to protect your personal data from accidental or intentional manipulation, loss, destruction or access by unauthorised persons. In the case of collection and processing of personal data, the information is transmitted in encrypted form to prevent misuse of the data by third parties. Our security measures are continuously revised in line with technological developments.
All data transmitted by you is encrypted using the generally accepted and secure standard TLS (Transport Layer Security). TLS is a tried and tested standard that is also used, for example, for online banking. You can recognise a secure TLS connection by the appended "s" at the http (i.e. ...) in the address bar of your browser or by the lock symbol in the lower area of your browser.
You have the right:
In addition, you have a right to object in accordance with Art. 21 GDPR:
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(f) GDPR (data processing on the basis of a balance of interests); this also applies to any profiling based on this provision within the meaning of Article 4(4) GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If you wish to exercise your right of objection or object to data processing, please write to us at Procurement@sefe.eu.