Data Protection Declaration

(Effective: February 2024)

We, the Deutsche Energie-Agentur GmbH (dena) – the German Energy Agency – are pleased to provide you with information on the processing of your personal data in accordance with the General Data Protection Regulation (GDPR) and the Federal Data Protection Act.

‘Personal data’ is all information that relates to an identified or identifiable natural entity (e.g. name, address, telephone number, date of birth, e-mail address or usage behaviour).

‘Processing’ means any operation or set of operations, with or without the aid of automated methods, in connection with personal data, such as the collection, recording, organisation, ordering, storage, adaptation or alteration, read-out, querying, usage, disclosure through transmission, distribution or other form of provision, comparison or linkage, restriction, deletion, or destruction.

The ‘controller’ is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

 

Purpose of processing, categories of personal data and legal basis

Provision of our online offer (incl. functions and content)

When the website is used for purely informational purposes, i.e., when you do not register or transfer any other information to us, we collect the following data in order to display our website to you and to guarantee stability and security (the legal basis is Art. 6, Section 1, p. 1 lit. f GDPR):

  • IP address
  • Date and time of the query
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Operating system and its interface
  • Language and version of the browser software

The above data (or ‘log files’) is stored for a maximum of 30 weeks for security reasons and for the detection of faults. The log files are then deleted. If, however, the storage of this information is required for the purpose of providing evidence (e.g. during investigation into misuse or fraud), it is not deleted until the investigation of the respective incident has been concluded.

Web analysis

On the basis of our justified interest in accordance with Art. 6, Section 1 lit. f) GDPR (interest in improving our online offer), we use tools for analysing the use of our website.
For detailed information, see our cookie guideline.

Website forms (contact forms, surveys etc.)

Personal data that you provide to us voluntarily (such as first and second name, email address, telephone number) is used to process and complete your contact enquiry or survey (legal basis Art. 6 para. 1 sentence 1 point b) GDPR).

Analytics using Hotjar

(1) This website uses Hotjar behaviour analytics software. The provider is Hotjar Inc. headquartered at Level 2, St. Julian’s Business Centre, 3, Elia Zammit Street, St. Julian’s STJ 1000, Malta.

(2) We use Hotjar to analyse the use of our website and make regular improvements to it. The statistics we obtain may be used to improve our online presence and create a more interesting user experience. Under our instructions, Hotjar will use this information to analyse use of the website, compile reports on website activity, and provide other services associated with website and Internet use. Information that the cookie collects about your use of this website is normally transferred to and stored on a Hotjar server.

(3) We use the Hotjar anonymisation feature on this website. This means that your IP address is truncated, ensuring that data collected for analysis purposes cannot be attributed to you in person. This data is not merged with any personal data.

(4) We can only use this tool with your consent, which can be provided using the Consent Manager. The legal basis is Article 6(1), first sentence, letter (a) GDPR. You can also opt out of analytics, simply by enabling ‘Do Not Track’ in your browser as the default setting. If you do so, there will be no processing of your personal data as described above. To find out how to enable ‘Do Not Track’, please following this link: www.hotjar.com/legal/compliance/opt-out/.

Newsletter

With your consent, you can subscribe to our newsletter, in which we inform you about our current offers. The goods and services purchased are listed in the declaration of consent.
For registration for our newsletter, we use the ‘double opt-in’ method. This means that after you register, we send you an e-mail to the e-mail address given by you, in which we request your confirmation that you wish to receive the newsletter. If you do not confirm your registration within 48 hours, your information will be blocked and automatically deleted. We additionally store your respective IP addresses used and the points in time of registration and confirmation. The purpose of the method is to provide evidence of your registration and if necessary, to be able to investigate possible misuse of personal data.

The only mandatory information for the dispatch of the newsletter is your e-mail address. The provision of other data, which is marked separately, is voluntary, and is used in order to address you in person. Following your confirmation, we store your e-mail address for the purpose of dispatching the newsletter. The legal bases are Art. 6, Section 1 p. 1 lit. a GDPR, Art. 7 GDPR in conjunction with § 7, Section 1, No. 3 of the German Fair Trade Practices Act (UWG).

You can revoke your consent to the dispatch of the newsletter at any time via the unsubscribe link contained in the newsletter and unsubscribe from the newsletter.

Job applications submitted through our online recruitment platform

Our online recruitment platform allows you to provide us with your name, address, other contact details (e.g. email, telephone number), information on your qualifications and career history, CV and certificates. If you use our online recruitment platform to respond to the jobs advertised there, we will collect and then process your data. The legal basis for doing so is the performance of measures at the request of the data subject prior to entering into a contract (Art. 6 para. 1 sentence 1 point b) GDPR). Your personal data will only be processed in order to complete the applications procedure. If you are recruited, we will add the data you provided to your personnel file and process it in accordance with Art. 6 para. 1 sentence 1 point b) GDPR for the performance of the contract. Data provided by applicants who are not recruited will be stored for another 6 months following the rejection in order to protect dena’s legitimate interests in accordance with Art. 6 para. 1 point f) GDPR and then erased, unless you have expressly consented to this data being stored for a longer period in order to be considered for other job openings (legal basis Art.6 para. 1 point a) GDPR) and/or if dena needs this data in order to establish, exercise or defend a legal claim.

Incorporation of services and content of third parties

On our website, services of third parties are used in order to include e.g. videos or fonts. This is done on the basis of Art. 6, Section 1 lit f) GDPR.

YouTube
We use the ‘YouTube’ platform to embed videos:
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, represented by Sundar Pichai (Chief Executive Officer).
Data Protection Declaration: https://policies.google.com/privacy?hl=de&gl=de
Opt-out: https://adssettings.google.com/authenticated.

Google Maps
We link geographical maps provided by ‘Google Maps’, Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, represented by Sundar Pichai (Chief Executive Officer).
Data Protection Declaration: https://policies.google.com/privacy?hl=de&gl=de
Opt-out: https://adssettings.google.com/authenticated.

Google Fonts
We link fonts provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, represented by Sundar Pichai (Chief Executive Officer).
Data Protection Declaration: https://policies.google.com/privacy?hl=de&gl=de
Opt-out: https://adssettings.google.com/authenticated.

Linkage to third-party pages

Our website also contains links to third-party websites. These websites use the services of suppliers who are not connected to us. After you click on the link, we have no further influence on the collection, storage or processing of personal data transferred to third parties (e.g. IP address or the URL of the page on which the link is located).

Facebook
Within our website, we use links to Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland).
Data Protection Declaration: https://de-de.facebook.com/privacy/explanation

Twitter
Within our website, we use links to Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA) profiles. If the user is a member of Twitter, Twitter can assign the retrieval of the above contents and functions to its profiles of users.
Data Protection Declaration: https://twitter.com/de/privacy
Opt-out: https://twitter.com/personalization.

Xing
Within our website, we use a link to Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany). If the user is a member of Xing, Xing can assign the retrieval of the above contents and functions to its profiles of users.
Data protection declaration: https://www.xing.com/app/share?op=data_protection

Types of data processed

We process the following personal data from the contacts of collaborative partners, contracting authorities, project partners, contractors, public authorities and other business contacts (one business contact from each):

  • contact details such as first name and surname, business address/telephone number/fax/email address
  • information that has to be processed for a project, the drawing up of a contract or the establishment of a contrac-tual relationship with dena (including payment details), or which is provided voluntarily by business contacts, e.g. during enquiries, and
  • personal data obtained from publicly available sources, information databases or credit reference agencies

Purpose of and legal basis for processing

We process personal data in order to

  • plan, conduct, manage and conclude contractual relationships
  • communicate with business contacts about our events, services and products
  • maintain and safeguard the security of our products and services (including our web pages)
  • meet legal requirements (particularly obligations to comply with tax law and commercial law)
  • fulfil existing contracts and assert, exercise and defend legal rights, and
  • conduct satisfaction surveys, marketing campaigns, market analyses and run competitions

Unless otherwise expressly stated during the collection of personal data, processing occurs

  • with your express consent (Art. 6(1)(a) of the GDPR)
  • because of your need for information when entering into a contract (Art. 6, para 1, sentence 1, letter b of the GDPR)
  • in order to carry out and complete contracts (Art. 6, para 1, sentence 1, letter b of the GDPR)
  • in order to meet legal requirements (Art. 6, para 1, sentence 1, letter c of the GDPR), or
  • to protect dena’s legitimate interests (business contact management and marketing, Art. 6, para 1, sentence 1, letter f of the GDPR)

Your personal data is only disclosed, transferred or otherwise provided for access to third parties on the basis of a statutory permission (e.g. for the fulfilment of contract, following your consent, on the basis of our justified interests or in cases of legal obligation).

If third parties are commissioned with the processing of data on the basis of an order processing contract, they may only process this personal data according to our instructions, in accordance with Art. 28 GDPR.

Third country transfer

It is ensured that before forwarding personal data, either a suitable data protection level exists, or there is an agreement of so-called EU standard contractual clauses of the European Union between dena and the recipients, and/or sufficient approval has been provided by the data subject.

If you have consented to your personal data being processed, you can withdraw this consent at any time with future effect. To do so, you just send an email to Widerruf-Einwilligung(at)dena.de. The withdrawal will not affect the legitimacy of the data processed on the basis of the consent given prior to the withdrawal. Once consent has been withdrawn, we shall only be permitted to continue processing your personal data if there is another legal basis for doing so.

You may assert the following rights with regard to the personal data concerning you:

  • The right to information
  • The right to correction or erasure
  • The right to restriction of processing
  • The right to object to processing
  • The right to data portability

You also have the right to submit a complaint to a data protection supervisory authority regarding the processing of your personal data by us.

Your data is only stored for as long as is necessary for the provision of our services and the online offer, and no other statutory period of retention applies. Data that is subject to a statutory retention period is blocked until the corresponding retention period expires. This data is no longer available for further use.
 

You can contact our company data protection officer at datenschutz(at)dena.de or via our postal address, with the additional line: ‘z.H. betriebliche Datenschutzbeauftragte’ (‘For the company data protection officer’).