Tengelmann Energie GmbH (hereinafter referred to as “TEG”, “we” or “us”) attaches great importance to data protection, in particular the protection of your personal data. We are therefore informing you in the following sections in accordance with Section 13 of the EU General Data Protection Regulation (GDPR) or in accordance with Article 14 GDPR provided data are not collected directly.
Below we would like to explain to you which data we process, and the purpose of such processing, and the rights you have in that respect.
Controller and Data Protection Officer
The controller within the meaning of Article 4, No. 7, GDPR, is
Tengelmann Energie GmbH
Jakob-Funke-Platz 2
D-45127 Essen
Tel.: +49 (0) 201 / 56 57 – 6100
E-mail: info(at)tengelmann-energie.de
You can find more information about the controller in the imprint. If you have any questions about data protection, please contact our external data protection officer:
Tengelmann Audit GmbH
Data Protection Officer
An der Pönt 45
D-40885 Ratingen
E-mail: datenschutz(at)t-audit.de
Legal Bases and Principles of the Processing
As a matter of principle, personal data are only processed provided this is necessary for the respective purpose, and a corresponding legal basis applies, or you have granted your consent to us in that respect. Personal data may normally be processed based on the following legal bases
- Article 6(1), Point a., GDPR, and, where applicable, Article 49(1), Point a., GDPR, (consent of the data subject and, where applicable, consent to the transfer of personal data to a third country in which an adequate level of data protection cannot be guaranteed).
- Article 6(1), Point b., GDPR, (executing a contractual relationship with the data subject, pre-contractual measures following an enquiry by the data subject)
- Article 6(1), Point c., GDPR, (complying with a legal obligation of our company)
- Article 6(1), Point f., GDPR, (exercising a legitimate interest pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (weighing up of interests)).
Where consent serves as the legal basis for the processing, you may withdraw your consent at any time without stating reasons for such action. As a matter of principle, the withdrawal only applies to the future. This means that as a result of the withdrawal of the declaration of consent, the processing to date will not become legally valid up until receipt of withdrawal of the consent.
It is taken for granted that we should provide complete protection of your personal data on this website. Unfortunately in the case of electronic data transmissions via the internet it can never be completely ruled out that security gaps may occur irrespective of all the technical and organisational measures we adopt.
Where nothing to the contrary is stated by us, TEG shall neither sell your personal data to third parties nor otherwise market them. All personal data that arise as part of the TEG web services are processed with consideration given to the respective valid requirements, and in general only for the purpose of executing and/or processing the contract and to safeguard justified business interests. Once the purpose has been honoured your data shall be deleted provided this does not conflict with statutory storage periods.
Where nothing to the contrary is stated in the following passages, the forwarding of personal information to third countries or to international organisations is not intended.
Furthermore, we do not use any procedures for automated decision-making, including profiling.
Data Subjects´ Rights
Where we process your personal data, in dealings with us in relation to the processing of your personal data you shall have the following rights, which you may exercise against us at any time. In detail you may exercise the following rights:
- Information
- Rectification of data
- Restriction of processing
- Erasure of data
- Data portability.
Insofar as we process your personal data on the basis of legitimate interests (Article 6(1), Point f., GDPR), you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation. We shall then no longer process your data for this purpose/these purposes, unless our interests merit protection or the processing serves the assertion, exercise or defence of legal claims. Irrespective of the above, in the case of direct marketing, you may object to the processing of your personal data at any time without giving reasons.
In addition, you have the right to lodge a complaint with a supervisory authority responsible for data protection about the processing of your personal data by us.
Insofar as the processing is based on granted consent, you have the right to withdraw the consent at any time without such action affecting the legality of the processing that applies on the basis of the consent up until withdrawal.
If you wish to exercise your rights against us, please use the details stated above to contact the controller.
If you assert your rights against us, we shall process your personal data collected in this context to process your request. Your personal data are processed to honour a legal obligation on the basis of Article 6(1), Point c., GDPR.
How are your personal data processed on the EnerBoard Website?
During every visit, data within the meaning of Section 25(2), No. 2, TTDSG (German Telecommunications and Telemedia Data Protection Act) are processed on our web server merely for statistical collections and to guarantee the security and stability of the system. Our justified interest in processing personal data in this context in accordance with Article 6, Point f., GDPR, which simultaneously serves as the legal basis, also applies to the aforementioned purposes. Provided nothing to the contrary is stated, data are only forwarded as part of technical necessities to the service providers commissioned with the task of supporting the homepage.
During every visit, data within the meaning of Section 25(2), No. 2, TTDSG (German Telecommunications and Telemedia Data Protection Act) are processed on our web server merely for statistical collections and to guarantee the security and stability of the system. Our justified interest in processing personal data in this context in accordance with Article 6, Point f., GDPR, which simultaneously serves as the legal basis, also applies to the aforementioned purposes. Provided nothing to the contrary is stated, data are only forwarded as part of technical necessities to the service providers commissioned with the task of supporting the homepage.
What security does the EnerBoard Website provide?
We adopt technical, up-to-date, measures to protect your data from unintentional or intentional manipulation, loss, destruction or access by unauthorised third persons. TEG consistently further develops and improves these technical and organisational measures.
To prevent misuse of the data by third parties, in the aforementioned cases your data are transmitted in a secure, encrypted, form. The Tengelmann Energie website uses the 256-Bit-TLS 1.2 encryption (Transport Layer Security 1.2). Such encryption of the connection ensures the best possible security when transmitting data between a client and a server.
Cookie information
So-called Cookies are used on our homepage. Cookies are text files that are stored by a website in the browser of the person visiting that website and used to exchange information with the homepage server.
On our homepage we use the following Cookies that are necessary in a technical sense within the meaning of Section 25(2), No. 2, TTDSG, so that all essential functions of the site can be correctly delivered and displayed to you (the legal basis for the processing of personal data using Cookies is Article 6(1), Point f., GDPR):
- Name: Borlabs Cookie; Storage period: 1 year; Description: Stores your selection in respect of the optional Cookies
You can prevent the use of Cookies in your browser settings for customary use. If the Cookies that are required in a technical sense are prevented, it may however be the case that our site can no longer be displayed in full and correctly.
Furthermore, optional Cookies are used on our site by the service providers described below and are only set based on your consent in accordance with Section 25(1), TTDSG. Processing personal data collected in this way is based on your consent in accordance with Article 6(1), Point a., GDPR, and/or, where applicable, in accordance with Article 49(1), Point a., GDPR, insofar as such data are forwarded to the US by our service partners. When you view the settings for these Cookies, and potentially amend them (in particular withdraw your consent), you can use the following link to again call up the settings you have made:
Use of Google Tag Manager
With your consent, we use the Google Tag Manager from Google Ireland, as a tool to manage and control Cookies, conversion pixels or tracking codes from programmes such as Google Analytics or Bing Ads.
In view of the fact that Tag Manager is integrated by a Google server, this means a transfer of personal data in the form of the IP address from the website to Google as soon as you visit our website. The data are forwarded within the Google Group such that the data are essentially processed by Google LLC in the US.
Insofar as data are processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have entered into EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. Transfer of data to the US and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not have any legal remedies against access by authorities.
The legal basis for this data processing is your consent in accordance with Section 25(1), TTDSG, in conjunction with Article 6(1), Point a., GDPR and, where applicable, Article 49(1), Point a., GDPR.
You can cancel your consent at any time with effect for the future by calling up the Cookie settings in this policy and changing your selection there. This does not affect the lawfulness of the processing performed on the basis of the consent up to the withdrawal.
Use of Google Analytics
Soweit Sie Ihre Einwilligung erklärt haben, wird auf dieser Website Google Analytics 4 If you have given your consent, this website uses Google Analytics 4, a web analytics service provided by Google LLC of California, USA. The responsible entity for users in the European Union (EU)/European Economic Area (EEA) is Google Ireland Limited, Ireland (“Google”).
Google Analytics uses Cookies that enable an analysis of your use of our websites. Information collected by way of the Cookies about how you use this website is usually sent to, and stored on a server operated by, Google and located in the USA.
In Google Analytics 4, the anonymisation of IP addresses is activated by default. Due to IP anonymisation, your IP address shall be shortened by Google within member states of the EU or in other EEA contracting states. Only in exceptional cases shall the full IP address be forwarded to a Google server in the US and shortened there.
During your visit to the website, your user behaviour is recorded in the form of “events”. Events may include
- Page views
- First visit to the website
- Start of session
- Your “click path”, interaction with the website
- Scrolls (whenever a user scrolls to the bottom of the page (90%))
- Clicks on external links
- Internal search queries
- Interaction with videos
- File downloads
- Ads seen / clicked on
- Language setting
Also recorded:
- Your approximate location (region)
- Your IP address (in shortened form)
- Technical information about your browser and the end devices you use (e.g. language setting and screen resolution)
- Your internet provider
- The referrer URL (via which website/advertising medium you came to this website)
Google shall use this information on our behalf to evaluate your use of the website, compile reports on website activity and render other services relating to website activity. The reports provided by Google Analytics are used to analyse the performance of our website and the success of our marketing campaigns.
The data are forwarded within the Google Group such that the data are essentially processed by Google LLC in the US.
Insofar as data are processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have entered into EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. Transfer of data to the US and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not have any legal remedies against access by authorities.
The data sent by us and linked to Cookies are automatically deleted after 2 months. Data for which the retention period has been reached are automatically deleted once a month.
The legal basis for this data processing is your consent in accordance with Section 25(1), TTDSG, in conjunction with Article 6(1), Point a., GDPR and, where applicable, Article 49(1), Point a., GDPR.
You can cancel your consent at any time with effect for the future by calling up the Cookie settings in this policy and changing your selection there. This does not affect the lawfulness of the processing performed on the basis of the consent up to the withdrawal.
In addition to not giving your consent, you may also prevent the storage of Cookies from the outset by setting your browser software accordingly. However, if you configure your browser to reject all Cookies, this may result in limited functionality on this and other websites.
Please use the following links for more information on the terms and conditions of use of Google Analytics and data protection at Google:
Use of Vimeo
On our website, we embed videos from the external video portal Vimeo. The provider is Vimeo.com, Inc., 330 West 34th Street, 5th Floor, New York, New York 10001, USA.
By using the video player, cookies are used and connections to the servers of Vimeo in the USA are established, whereby personal data is also transferred. This personal data includes your IP address, technical information about your device (e.g. browser type, operating system, basic device information) or user statistics regarding the respective video.
For more information on the handling of personal data by Vimeo, please visit https://vimeo.com/privacy (external link).
We would like to point out that the USA is classified as a so-called third country in terms of data protection law, in which different legal data protection provisions apply compared to the European Union, and thus the legally required level of data protection may be below that of the European Union. Since the data is transferred to the USA, US authorities can also gain access to this data in addition to Vimeo according to US law under the legal requirements.
The video player will only be activated after your express consent. Accordingly, the legal basis for the processing of your personal data in this context on our website is your consent pursuant to Art. 6 (1) lit. a DSGVO and Art. 49 (1) lit. a DSGVO (for the basic processing of your personal data as well as the transfer to the USA) as well as pursuant to Section 25 (1) TTDSG (for the setting of the Vimeo cookies). The consents can be revoked at any time for the future via our cookie settings.
Social Media Pages
On our website we have incorporated linked graphics/pictograms to our content on social media or career platforms (LinkedIn and Xing). You are forwarded to our corresponding company website on the respective platform via the respective link. To ensure that you have complete control of the data, contact is initially established with the respective social network and you when you actively click on the respective link. The respective platforms and external content suppliers, which are accessed via our links, render these services and the processing of your data at their own responsibility.
If you click on the links, the respective provider shall process certain data that apply to you. This may include the following data:
- IP address
- Browser information
- Access time and date.
DYou can find the precise scope and further information that is relevant to data protection in the data protection policies of the respective controllers.
In addition, we draw attention to the fact that personal data that are processed during the course of your visit to the respective platform may also be forwarded to so-called third countries (countries outside the European Union and the European Economic Area) where other statutory data provisions apply and therefore the data protection level specified by law may be lower than that in the European Union. For further information about forwarding to third countries and the appertaining data protection measures please see the data protection policies of the respective controller.
Establishing Contact/Communication
In different sections our homepage provides information about establishing contact with us. The details of the respective contact points on our homepage are aimed at enabling (potential) business partners to better direct their concerns to us.
In addition, we offer interested parties the opportunity to apply for our advertised positions by submitting an online application. If you wish to apply to us for a vacant position, please use our applicant portal to forward personal data.
In the case of contact or communication in the context of a pre-contractual contract initiation or implementation of a contract, the legal basis for the processing is Article 6(1), Point b., GDPR. In relation to forwarded data, Article 6(1), Point f., GDPR, can also be used as the legal basis. The personal data you enter shall only be used to contact you or to adequately process your request. We therefore have the necessary justified interest in the processing. If establishing contact is based on your consent, the legal basis for the processing is Article 6(1), Point a., GDPR. You are entitled, at any time, to withdraw your consent without stating reasons for such action. These legal principles apply regardless of the chosen form of communication platform (e-mail, contact form, applicant portal, telephone call or Microsoft Teams), by which the corresponding communication takes place.
Personal data shall not be forwarded to third parties unless they are intended to be forwarded or this is technically necessary for the communication. Please note that content from such an exchange and in the case of personal meetings used for discussions frequently serve the purpose of communicating information to business partners, interested parties or third parties and are therefore earmarked for forwarding.
Following cessation of the purpose, your data shall be deleted provided this does not conflict with legitimate reasons, e.g. statutory obligations (Article 6(1), Point c., GDPR) or a justified interest in accordance with Article 6(1), Point f., GDPR, (e.g. processing potential enquiries or reviewing, asserting, exercising or defending legal claims).
Contact by e-mail or contact form
When using our contact forms, there are two mandatory fields (e-mail and name), without which we are unfortunately unable to process your request. All data you disclose when establishing contact with us (irrespective of by e-mail or via the contact form, such as your e-mail address and, where applicable, your name or telephone number) shall be processed by us to reply to your concern/enquiry. In this respect, only the number of different IP addresses, which are rendered anonymous, shall be processed in a technical sense.
You can use the Log-In button to access our log-in area. In this respect we also ensure that the transmission of your data is secure (in this respect see the section “What Security Does the EnerBoard Website Provide?”).
Contact via Microsoft Teams
We use the Microsoft Teams tool to conduct telephone calls, video conferences or even training sessions and, where necessary, exchange documents and other content. The following categories of personal data may be processed during the use of Microsoft Teams:
- Details about the user (e.g. name/display name and e-mail address)
- Meta data (e.g. data, time, meeting ID, IP address and telephone number)
- Data from text, audio and video data and other forwarded files.
With regard to the processing of personal data in the context of electronic communication, Microsoft Corporation with Microsoft Teams as an OTT service (over-the-top service or interpersonal telecommunications service) is subject to data protection and privacy in telecommunications (“telecommunications secrecy”) in accordance with Part 2 of TTDSG, and is accordingly responsible in that respect.
TEG is responsible for any further processing resulting from communication via Microsoft Teams (e.g. via the invitation function, video recordings or document exchange). We therefore draw your attention to the following functions and possibilities:
- During a Teams session you may decide at any time whether or not the camera and/or the microphone should be switched on or off. Furthermore, you are free to share content or not, whereby you may withdraw the sharing of content at any time.
- If you use the chat function, your personal data contained in the chat function shall be processed and the other participants shall gain knowledge of such content.
- In a technical sense it may be the case that participants make a recording of an online meeting while it is being conducted. In such a case, you shall be immediately notified of the recording and you may raise your objections to this with the meeting participants. The recording is saved in Microsoft Teams after the online meeting. The recording can then be shared with other participants.
As a matter of principle, processing personal data as part of using Teams in third countries (countries outside the European Union and the European Economic Area) is not intended because we have placed the Microsoft Corporation under obligation to limit the storage location to computer centres in the European Union. However, we cannot rule out that the routing of data applies via servers that are located outside the EU. This may be the case, in particular, if participants in a meeting are located in a third country.
The Microsoft Corporation uses EU standard contract clauses to guarantee a reasonable data protection level for the processing/transfer of personal data to third countries (or the US). We nevertheless draw attention to the fact that the USA is classified as a so-called third country where contrary statutory data protection provisions apply and therefore the data protection level specified by law may be lower than the one that applies in the European Union. If the data are transferred to the US, in addition to Microsoft, authorities may also gain access to such data under the legal requirements in accordance with American law. TEG has no influence on the scope of the data processed by Microsoft, the type of processing or use or the transfer of such data to third parties. We also have no effective means of control in this respect.
Insofar as you do not wish to use Microsoft Teams, please notify us by e-mail so that we can jointly agree on other means of communication.
You can find more information about the data protection provisions of Microsoft on the Microsoft Corporation homepage (external link):
Customer account
Contractual partners can create an account on this website (customer account). If the registration of a customer account is required, contracting partners will be referred to this as well as to the information required for registration. The “Log-In” button takes you to our log-in area. Here, too, we take care to ensure the secure transmission of your data (see the section “What security does the Tengelmann Energie website offer?”). In the log-in area you will also find the data protection information in the context of the customer account or you can access it here.
Tengelmann Energie Newsletter
If you would like to receive the Newsletter offered on the website, we need you to provide us with an e-mail address and information that enables us to check that you are the owner of the stated e-mail address or that the owner consents to receiving the Newsletter. By way of the Newsletter, we inform you each week about the development of electricity and gas prices.
We use the so-called Double-Opt-In procedure to guarantee the forwarding of the Newsletter by consent. During the course of this the potential recipient can be incorporated in a distribution list. The user is subsequently granted via a confirmation e-mail the option of confirming the registration by way of legal security. The address is only actively incorporated in the distribution list following confirmation. If this confirmation is not received, your data shall be completely deleted after 7 days.
We use such data exclusively for sending the requested information and offers.
Sendinblue is used as the Newsletter software. In that respect, your data are forwarded to Sendinblue GmbH, Berlin. In that respect, Sendinblue is prohibited from selling your data and using them for purposes other than sending Newsletters. Sendinblue is a German, certified provider, which was selected in accordance with the requirements of GDPR and BDSG (German Federal Data Protection Act) and by our order. You can find more information here (external link):
https://de.sendinblue.com/informationen-newsletter-empfaenger/?rtype=n2go
The legal basis for processing the data after registering for the Newsletter is your consent in accordance with Article 6(1), Point a., GDPR. You may at any time withdraw granted consent for the storage of data, the e-mail address and its use to send the Newsletter, for example via the Unsubscribe link in the Newsletter (see also below Data Subjects’ Rights).
Sales Viewer
On this website, data are collected and stored for marketing, market research and optimisation purposes using the SalesViewer® technology of SalesViewer® GmbH, Bochum, on the basis of the legitimate interests of the website operator (Article 6(1), Point f., GDPR).
For this purpose, a javascript-based code is used to collect company-related data and the corresponding use. The data collected using this technology are encrypted via a non-reversible one-way function (so-called hashing). The data are immediately pseudonymised and not used to personally identify the visitor to this website.
The data stored within the framework of SalesViewer shall be deleted as soon as they are no longer required for the intended purpose and there are no legal obligations to retain data to prevent the deletion of such data.
You can object to the collection and storage of data at any time with future effect by clicking on this link https://www.salesviewer.com/opt-out to prevent the collection of data by SalesViewer within this website in the future. In that respect, an Opt-Out Cookie shall be placed on your device. IF you delete your Cookies in this browser, you will need to click on the link again.
Microsoft Advertising/Bing
On this website, data are collected and stored for marketing, market research and optimisation purposes using the SalesViewer® technology of SalesViewer® GmbH, Bochum, on the basis of the legitimate interests of the website operator (Article 6(1), Point f., GDPR).
For this purpose, a javascript-based code is used to collect company-related data and the corresponding use. The data collected using this technology are encrypted via a non-reversible one-way function (so-called hashing). The data are immediately pseudonymised and not used to personally identify the visitor to this website.
The data stored within the framework of SalesViewer shall be deleted as soon as they are no longer required for the intended purpose and there are no legal obligations to retain data to prevent the deletion of such data.
You can object to the collection and storage of data at any time with future effect by clicking on this link https://www.salesviewer.com/opt-out to prevent the collection of data by SalesViewer within this website in the future. In that respect, an Opt-Out Cookie shall be placed on your device. IF you delete your Cookies in this browser, you will need to click on the link again.
Calendly
On our website you have the opportunity to make appointments with us. We also use the “Calendly” tool for booking appointments. The provider is Calendly LLC, USA (hereinafter “Calendly”). Calendly acts as an order processor on our behalf.
You enter the requested data and the desired date in the window provided to book an appointment. The data you enter shall be used to plan, execute and, where necessary, follow-up the appointment. For this purpose, you usually provide us with general business contact and appointment data, such as your first and last name, e-mail address or the agreed date and time. In addition, technical information, such as the IP address at the time of the appointment, is forwarded.
The appointment data are processed on our behalf by Calendly in the US, among others, whose data protection policy you can view here (external link): https://calendly.com/de/pages/privacy. We would like to point out that the USA is a so-called third country under data protection law. Third countries are countries outside the EU or the European Economic Area in which different legal data protection provisions apply compared to the European Union and therefore the legally required level of data protection may be lower than in the European Union. If the data are transferred to the US, in addition to Calendly, authorities may also gain access to such data under the legal requirements in accordance with American law. TEG has no influence on the scope of the data processed by Calendly, the type of processing or use or the transfer of such data to third parties. We also have no effective means of control in this respect.
Forwarding data to the US is based on the standard contractual clauses of the EU Commission. Further details can be found here (external link to the provider in the USA): https://calendly.com/pages/dpa.
We shall retain the data you enter until you ask us to delete it, withdraw any consent you may have given to store it, or until the purpose for storing the data no longer applies. This does not affect compulsory statutory provisions – in particular storage periods.
Article 6(1), Point f., GDPR, forms the legal basis in respect of the processing. We have a legitimate interest in making appointments with interested parties and customers as uncomplicated as possible. If consent has been requested, Article 6(1), Point a., GDPR, or Article 49(1), Point a., GDPR, is the legal basis for data processing. Consent may be withdrawn at any time with effect for the future. We expressly point out that you do not undertake to use this service to make an appointment. You may also use the other options we have provided under contact.
Reservation to make Amendments
We reserve the right to amend security and data protection measures provided this is necessary for example as a result of technical developments. In such cases we shall also adjust our data protection notices accordingly.