The Data Privacy Statement describes how and for what purpose SEFE Energy GmbH, Königstor 20, 34117 Kassel, Germany (hereinafter also referred to as “SEFE Energy” or “we”) processes personal data of its business partners and their employees.
You can find the Data Privacy Statement here.
I. General information
1. Controller
The controller responsible for processing your personal data is:
SEFE Energy GmbH
Königstor 20
34117 Kassel
Germany
2. Data Protection Officer
You can contact our Data Protection Officer at:/ our Data Protection team at:
SEFE Securing Energy for Europe GmbH, Data Protection, Markgrafenstr. 62, 10969 Berlin, Germany;
Email: dataprivacy@sefe.eu
3. What data do we process and from what sources?
We process personal data you provide voluntarily or is gathered as part of use of our website.
You can find more information on this subject in Section II “Processing of personal data.”
4. For what purpose do we process your data and what is the legal basis for that?
We process your personal data in compliance with the relevant data protection regulations, in particular the General Data Protection Regulation (GDPR) and national data protection legislation (for Germany e.g. the German Data Protection Act BDSG) and the Telecommunications Telemedia Data Protection Act (TTDSG), for various purposes.
In principle, the purposes for which we process your data are: to perform contractual obligations (Article 6 paragraph 1 point (b) GDPR), to safeguard legitimate interests (Article 6 paragraph 1 point (f) GDPR), for processing subject to your prior consent (Article 6 paragraph 1 point (a) GDPR) and/or to comply with statutory obligations (Article 6 paragraph 1 point (c) GDPR).
You can find more information on this subject in Section II “Processing of personal data.”
5. Who obtains my data?
5.1 Web hosting by processor
We use Microsoft Azure as our web hosting provider. Azure acts as a processor in accordance with Art. 4 No. 8 and Art. 28 GDPR. Microsoft Ireland Operations Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, hosts this website on our behalf. The processing of personal data occurs when users visit our website and is based on our legitimate interest in providing a secure and reliable online presence (Art. 6 (1) (f) GDPR). We have entered into a Data Processing Agreement with Microsoft to ensure compliance with GDPR and the protection of data subject rights.
Azure provides
• Data residency control: UK and Europe
• Subprocessor transparency: Microsoft lists all subprocessors and their roles.
• Encryption at rest and in transit: Azure uses AES-256 and FIPS 140-2 compliant protocols.
• No data mining or advertising use: Azure does not use customer data for marketing.
5.2 Disclosure of data to third parties
We will only transfer your personal data to third parties if:
If there is a legitimate interest pursuant to Art. 6 (1) f GDPR and in compliance with the statutory regulations, SEFE Energy may transfer personal data to affiliated companies within the meaning of Section 15 of the German Stock Corporation Act (AktG) within the European Economic Area to the extent permitted. The transfer is made in particular due to our legitimate interest in improving and coordinating our internal administration and for the use of shared data resources for jointly used infrastructures and services. Transfers are made to the following companies: SEFE Energy Holding GmbH and, if applicable, other SEFE Securing Energy for Europe GmbH Group companies.
You can find more information on this in Section II - Processing of personal data.
5.3 Third country transfer
A transfer of personal data to a third country or an international organisation will only take place if we inform you of this and if the conditions of Art. 44 et seqq. GDPR are given.
A third country is defined as a country outside the European Economic Area (EEA) in which the GDPR is not directly applicable. A third country is deemed to be unsafe if the EU Commission has not issued an adequacy decision for this country in accordance with Art. 45 (1) GDPR, confirming that adequate protection for personal data exists in the country.
The USA is a so-called unsafe third country. This means, that the US does not offer a level of data protection comparable to that in the EU. The risks involved in transferring personal data to the US are as follows: There is a risk that US authorities may gain access to personal data on the basis of the PRISM and UPSTREAM surveillance programmes based on Section 702 of the FISA (Foreign Intelligence Surveillance Act), and on the basis of Executive Order 12333 or Presidential Police Directive 28. EU citizens have no effective means of redress against such access in the US or the EU.
We will inform you in this privacy policy when and how we transfer personal data to the USA or other unsafe third countries. We will only transfer your personal data if
Safeguards under Art. 46 GDPR can be so-called standard contractual clauses. In these standard contractual clauses, the recipient assures to protect the data sufficiently and thus to ensure a level of protection comparable to that provided by the GDPR.
6. Security
We use technical and organizational security measures to ensure that the personal data you supply us with is protected against accidental or deliberate manipulation, loss, destruction and/or access by unauthorized persons. Whenever we collect and process personal data, the information is transmitted in encrypted form to prevent misuse of this data by third parties. Our security measures are subject to continual further development in line with technical advances.
All data transmitted by you personally is encrypted using the generally accepted and secure standard TLS (Transport Layer Security). TLS is a secure and proven standard that can also be used for online banking. You can recognize a secure TLS connection by the s attached to the http (https://..) in the address bar of your browser or by the lock symbol at the bottom of your browser.
II. Processing of personal data
1. Cookies
We use cookies on various pages to make your visit to our website appealing and enable you to use certain functions. Cookies are small text files that are stored on your device. They can be sent to a page when it is accessed and thus allow identification of the user. Cookies help make Internet sites more user-friendly. Some of the cookies used are deleted when the browser session is over, i.e. when you close your browser. They are termed session cookies. Other cookies remain on your device and enable us to recognize your browser again the next time you visit the website. They are termed persistent cookies.
You can set your browser so that you are notified when cookies are placed and can decide whether to accept them on a case-by-case basis or to exclude acceptance of cookies for specific cases or in general. You can delete cookies that have already been placed. If you do not accept cookies, the features of our website may be restricted.
We process the following personal data and categories of data using cookies:
This website uses cookies.
These sites use tracking technologies, including those of third parties, to analyze and improve the use and functionality of them and to provide you an appropriate advertising based on your surfing habits and profile, e.g. on social media platforms/other websites.
Attention: If you agree to the use of tracking technologies, you also agree that your personal data will be transferred to the USA. The USA is an insecure third country in which there is no level of data protection comparable to EU standards. In case of certain providers, such as YouTube, no other guarantees are offered to compensate for this deficit. There is therefore a risk that the transmission of your personal data may result in state authorities accessing your personal data without you being legally protected.
By clicking on the "allow cookies" button, you agree to this. You can customize, reject, revoke or change your consent any time under "More"/"Settings". Any change will stay valid in the future. Further information on tracking technologies and the transfer of data to third countries can be found under Privacy Policy. Here you will find our Legal Notice.
Cookies are small text files that can be used by websites to make a user's experience more efficient.
The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission.
This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.
You can at any time change or withdraw your consent from the Cookie Declaration on our website.
Learn more about who we are, how you can contact us and how we process personal data in our Privacy Policy.
Please state your consent ID and date when you contact us regarding your consent.
Your consent applies to the following domains: www.sefe-energy.eu
Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
| Name | Provider | Purpose | Maximum Storage Duration | Type |
| __cf_bm | fonts.net |
This cookie is used to distinguish between humans and bots. This is necessary ensure a secure operation of the website. |
1 day | HTTP Cookie |
|
CookieConsent |
Civic Cookies | Stores the user's cookie consent state for the current domain | 1 year | HTTP Cookie |
Statistics (1)
Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
| Name | Provider | Purpose | Maximum Storage Duration | Type |
| _dc_gtm_UA-# | Used by Google Tag Manager to control the loading of a Google Analytics script tag. | 1 day | HTTP Cookie |
Marketing (11)
Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.
| Name | Provider | Purpose | Maximum Storage Duration | Type |
| _ga | Used to send data to Google Analytics about the visitor's device and behavior. Tracks the visitor across devices and marketing channels. | 2 years | HTTP Cookie | |
| _ga_# | Used to send data to Google Analytics about the visitor's device and behavior. Tracks the visitor across devices and marketing channels. | 2 years | HTTP Cookie | |
| _gid | Used to send data to Google Analytics about the visitor's device and behavior. Tracks the visitor across devices and marketing channels. | 1 day | HTTP Cookie | |
| _gat |
Google Analytics cookies used to collect information about how visitors use our website. We use the information to help us improve the website. The cookies collect information in a way that does not directly identify anyone, including the number of visitors to the website and blog, where visitors have come to the website from and the pages they visited. Read how Google safeguards your data here: https://support.google.com/analytics/answer/6004245 |
10 minutes | ||
| NID |
Cookie set by Google that contains a unique ID to remember your preferences and other information, such as your preferred language (e.g. English), how many search results you wish to have shown per page (e.g. 10 or 20), and whether or not you wish to have Google’s SafeSearch filter turned on. Read how Google safeguards your data here: https://support.google.com/analytics/answer/6004245 |
6 months | ||
| uMarketingSuiteAnalyticsVisitorId | UMarketing | Cookie used to record your browsing activity, with the purpose of displaying targeted content. | 1 year | |
| cdn.matomo.cloud | Matomo All URLs | Used to record browsing activity, for the purpose of improving the website journey. | 1 year | |
| SM | .c.clarity.ms | Track user behaviours | Session | |
| CLID | www.clarity.ms | Track user behaviours | 1 year | |
| Anonchk | .c.clarity.ms | Track user behaviours | 1 year | |
| collect | Used to send data to Google Analytics about the visitor's device and behavior. Tracks the visitor across devices and marketing channels. | Session | Pixel Tracker |
2. Automatic collection of access data/server log files
You can access our website without having to disclose any information about your identity. The browser used on your end device only automatically sends information to our website server (e.g. browser type and version, date and time of access) to enable the website to establish a connection. This also includes the IP address of your requesting end device. This is temporarily stored in a so-called log file, anonymised after 24 hours (by changing the last digit before the storage process to "0") and automatically deleted after 28 days at the latest:
The IP address is processed for technical and administrative purposes of connection establishment and stability, in order to ensure the security and functionality of our website and to be able to pursue any illegal attacks on it if necessary.
The legal basis for the processing of the IP address is Art. 6 (1)(f) GDPR. Our legitimate interest follows from the aforementioned security interest and the necessity of a trouble-free provision of our website.
We cannot draw any direct conclusions about your identity from the processing of the IP address and other information in the log file.
Only authorised agency personnel involved in server maintenance are authorised to access the data. Since there is no personal allocation, the data records are only kept in anonymous form for statistical evaluation by deleting the last character block of the IP address.
3. Google Marketing Platform
This website uses the Google Marketing Platform (e.g. Google Analytics, Google Tag Manager), web analytics services run by Google Ireland Limited, Gordon House, Barrow St, Dublin 4, Ireland (“Google”). Google Marketing Platform uses cookies, text files that are stored on your computer and enable analysis of how you use the website. The information on your use of this website generated by the cookie is usually transferred to a Google server in the USA and stored there.
However, if IP anonymization is activated on this website, your IP address will be abbreviated by Google beforehand within the Member States of the European Union or in other countries that are party to the Agreement on the European Economic Area. The complete IP address is sent to a Google server in the U.S. and truncated there only in exceptional cases. IP anonymization is enabled on this website.
On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activities and to provide other services for the website operator relating to website and Internet use.
In addition, we have signed an order processing contract with Google for the use of the Google marketing platform. Through this contract, Google warrants that it processes the data in accordance with the General Data Protection Regulation and that it safeguards the rights of the data subject.
You can also prevent storage of the cookies by making the appropriate setting in your browser software; however, we point out that if you do so, you might not be able to use all the functions of this website in full. You can also prevent recording of the data relating to your use of the website and generated by the cookie (including your IP address) by Google and processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
Processing of personal data using Google Marketing Platform is based on Article 6 (1)(a) GDPR. The purpose of processing your data and our legitimate interests are to analyze use of our website.
4.Vimeo
We use components (videos) of the company Vimeo.com Inc. (hereinafter "Vimeo") on our website.
We have integrated Vimeo videos in our online offering. The videos are stored at www.vimeo.com and can be played directly from our website. These videos are embedded in “extended data protection mode”, i.e. no data on you as the user will be transmitted to YouTube if you do not play the videos. The data specified in the following paragraph will only be transmitted when you play a video. We have no influence on the transmission of this data.
By playing the video, Vimeo is informed that you have visited the relevant sub-page of our Internet site. Data is also collected and sent to YouTube by your browser. It includes your IP address, the date and time of the request, the amount of data transferred, the operating system and its interface, and the language and version of the browser software.
This is done irrespectively of whether Vimeo offers a user account and you are logged into this account or you do not have a user account. If you are logged into Google, your data will be directly associated with your account. If you do not want Vimeo to associate your actions with your profile, you must log out of your account before activating the button. Vimeo stores your data as user profiles and uses it for the purposes of advertising, market research and/or designing its website to suit needs. Such an evaluation is conducted in particular (even for users who are not logged in) in order to provide advertising tailored to the user and to inform other users of the social network about your activities on our website. You must contact Google to exercise any rights, such as to object to creation of these user profiles.
You can find more information on the purpose and scope of the collection and processing of data by Vimeo in the Vimeo Privacy Policy.
The processing of personal data by Vimeo is based on Article 6 paragraph 1 point (f) GDPR, whereby our interest lies in the smooth integration of the videos and the resulting attractive design of our website.
6. Contacting us
Our Internet site may contain a form that you can use to contact us electronically. If there are several forms, they may serve several purposes, which you will be able to identify in each case. You may also contact us using the e-mail addresses or the telephone numbers provided. If you contact us using one of these channels, we collect the personal data you provide us with.
The personal data recorded comprises the master data you enter in the contact form if you use it (mandatory fields: form of address, name, address, email address; voluntary fields: title, company, telephone number and fax) and possibly further personal data you provide. If you contact us directly by e-mail, we record your e-mail address and, if applicable, any personal data from the e-mail’s text. We also save your number and contact details and provided necessary data, if you use the telephone numbers to call us.
If your contract request is addressed to a SEFE company other than SEFE Energy GmbH, we pass on your request to that SEFE company, which will then deal with it.
Data is processed on the basis of Article 6 paragraph 1 point (b), (c) and (f) GDPR. The purpose of processing your data and our legitimate interests are to provide customer care and support, as well as to be able to answer messages and mails sent to us.
6. Portal
Our website links to the SEFE Energy customer portal, this is a closed area where you can register and log-in. In this case, we will process you (username/e-mail and password) along with any technical data necessary to guarantee only authorized access to the portal.
Data is processed on the basis of Article 6 paragraph 1 point (b),/(c)/(f) GDPR. The purpose of processing your data and our legitimate interests are to provide access to the portal and allow a meaningful use of the portal.
7. Newsletter
Our customers can subscribe to a newsletter containing information on the most important developments in wholesale market prices.
We process your e-mail address and your status as a customer of SEFE Energy as part of administering your newsletter subscription.
Data is processed on the basis of Article 6 paragraph 1 point (a) and (f) GDPR. The purpose of processing your data and our legitimate interests are to provide customer care and support, as well as to conduct direct marketing, where permissible
8. Your application
If you are turning to us as an applicant, please take into account the more specific Data Privacy Statement for Applicants which you will find with the vacant positions.
9. Your rights
Every data subject has the right to access personal data and obtain information (Article 15 GDPR), the right to rectification of data (Article 16 GDPR), the right to erasure of data (Article 17 GDPR), the right to restriction of processing (Article 18 GDPR), and the right to data portability (Article 20 GDPR). You can get in touch with us under the contact data specified in Section I “General information”, No. 1 and No. 2, to exercise the aforementioned rights.
If you have given us consent to process your data, you can revoke it at any time without using a special form. Where possible, notice of revocation should be sent to us using the contact data specified in Section I “General information”, no. 1 or no. 2.
Under Article 77 paragraph 1 GDPR, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data concerning you infringes the law, in particular the General Data Protection Regulation (GDPR). In this case you have the right to turn to the supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement. Irrespective of your aforementioned rights please feel free to contact us directly regarding your concerns (for contact details see Section I “General information”, no. 1 and no. 2, of this Data Protection Declaration).
You also have a right to object to the processing of your data.
|
Information on your right to object to processing in accordance with Article 21 of the General Data Protection Regulation (GDPR) You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6 paragraph 1 point (f) GDPR (data processing based on a weighing of interests), including any profiling based on those provisions within the meaning of Article 4 No. 4 GDPR. If you object, we will no longer process the personal data concerning you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. Your objection can be submitted without using a special form and, where possible, should be sent using the contact data specified in Section I “General information”, No. 1 and No. 2, of this Data Protection Declaration. |