Privacy statement
(Last updated: February 2024)
We, the Deutsche Energie-Agentur GmbH (dena) – the German Energy Agency – are pleased to provide you with information on the processing of your personal data in accordance with the General Data Protection Regulation (GDPR) and the Federal Data Protection Act.
-
‘Personal data’ means any information relating to an identified or identifiable natural person (e.g., name, address, telephone number, date of birth, email address or user behaviour).
‘Processing’ means any operation or set of operations that is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
-
Purpose of processing, categories of data and legal basis
Online service provision (including functions and content)
When using the website for informational purposes only, i.e., if you do not register or otherwise provide us with information, we collect the data that is technically necessary for us to display our website to you and to ensure stability and security (legal basis: Art. 6(1) sentence 1(f) of the GDPR). This includes:
- IP address
- Date, time and time zone of the enquiry
- Content of the request (specific page)
- HTTP status code
- Operating system including version
- Language and version of the browser software.
This data (and log files) will not be attributed to specific persons. For security reasons and troubleshooting purposes, this data will be stored for a maximum of 30 weeks and then deleted. However, if the retention of these data is necessary for evidentiary purposes (for example, in the context of investigating acts of improper use or fraud), it will not be deleted until the respective incident has been resolved.
Cookies for web analysis
We use technically necessary cookies to provide the website. Without these cookies, the website cannot function properly (legal basis: Art. 6(1) sentence 1(f) of the GDPR). We also use cookies to make the website more user-friendly and effective and to analyse the website (legal basis: Art. 6(1) sentence 1(a) of the GDPR and Art. 7 of the GDPR). Please see our cookie policy for detailed information.
Website forms (contact forms, surveys, etc.)
Personal data that you provide to us voluntarily, such as you first name and surname, e-mail address and telephone number, is used to process and complete your contact enquiry or survey (legal basis: Art. 6(1) sentence 1(b) of the GDPR).
Usage analysis and surveys with Hotjar
(1) This website uses Hotjar behaviour analytics software. The provider is Hotjar Inc. headquartered at Level 2, St. Julian’s Business Centre, 3, Elia Zammit Street, St. Julian’s STJ 1000, Malta.
(2) We use Hotjar for surveys and analysis purposes to analyse and regularly improve the use of our website. The statistics we obtain may be used to improve our online presence and create a more interesting user experience. Under our instructions, Hotjar will use this information to analyse use of the website, compile reports on website activity, and provide other services associated with website and Internet use. Information that the cookie collects about your use of this website is normally transferred to and stored on a Hotjar server.
(3) We use the Hotjar anonymisation feature on this website. This means that your IP address is truncated, ensuring that data collected for analysis purposes cannot be attributed to you in person. This data is not merged with any personal data.
(4) We only use the tool with your consent, which can be provided using the Consent Manager or as part of the surveys (legal basis: Art. 6(1) sentence 1(a) of the GDPR). You can also opt out of analytics, simply by enabling ‘Do Not Track’ in your browser as the default setting. If you do so, there will be no processing of your personal data as described above. You can find out how to activate the ‘Do not track’ feature here: www.hotjar.com/legal/compliance/opt-out/.
Newsletter
You can subscribe to our newsletter, which we use to inform you about our current projects and events, by giving us your consent.
We use the double opt-in procedure when registering for our newsletter. This means that after you register your information with us, we will send you an email, in which we ask you to confirm that you wish to receive the newsletter, to the email address you have provided. If you do not confirm your registration within 48 hours, your information will be blocked and automatically deleted. In addition, we store the IP addresses you use and the times of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.
The only mandatory information for sending the newsletter is your email address. The provision of further data, which will be indicated separately, is voluntary and is used to be able to address you personally. After your confirmation, we will save your email address for the purpose of sending you the newsletter. The legal basis is Art. 6(1) sentence 1(a) of the GDPR and Art. 7 of the GDPR, in conjunction with Section 7(2) no. 3 of the German Act Against Unfair Competition.
You can revoke your consent to the sending of the newsletter at any time via the unsubscribe link contained in the newsletter and unsubscribe from the newsletter.
Job applications submitted through our online recruitment platform
Our online recruitment platform allows you to provide us with your name, address, other contact details (e.g. email, telephone number), information on your qualifications and career history, CV and certificates. If you use our online recruitment platform to respond to the jobs advertised there, we will collect and then process your data. The legal basis for doing so is the performance of measures at the request of the data subject prior to entering into a contract (Art. 6(1) sentence 1(b) of the GDPR). Your personal data will only be processed in order to complete the applications procedure. If you are recruited, we will add the data you provided to your personnel file and process it in accordance with Art. 6(1) sentence 1(b) of the GDPR for the performance of the contract. Data provided by applicants who are not recruited will be stored for another 6 months following the rejection in order to protect dena’s legitimate interests in accordance with Art. 6(1) sentence 1(f) of the GDPR and then erased, unless you have expressly consented to this data being stored for a longer period in order to be considered for other job openings (legal basis Art. 6(1) sentence 1(a) of the GDPR) and/or if dena needs this data in order to establish, exercise or defend a legal claim.
Integration of third-party services and content
Links to third-party providers are used on our website to integrate videos or fonts, for example. This is done on the basis of Art. 6(1) sentence 1(f) of the GDPR.
YouTube
We use the YouTube platform to integrate our videos: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, represented by Sundar Pichai (Chief Executive Officer). According to their privacy statement, you have the option to object to the processing of your personal data by the platform (opt-out): adssettings.google.com/authenticated.
X
We use links to profiles on X (Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07
Ireland) on our website. If the user is a member of Twitter, Twitter can assign access to the abovementioned content and functions to the user’s profile there. According to their privacy statement, you have the option to object to the processing of your personal data (opt-out): x.com/settings/account/personalization.
LinkedIn
We use links to LinkedIn (LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA) on our website and in our mailings. If you are a member of LinkedIn, LinkedIn can assign access to the content and functions on our website and in our mailings to your profile there. According to their privacy statement, you have the option to object to the processing of your personal data by LinkedIn (opt-out): www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
We use links to LinkedIn (LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA) on our website and in our mailings. If you are a member of LinkedIn, LinkedIn can assign access to the content and functions on our website and in our mailings to your profile there. According to their privacy statement, you have the option to object to the processing of your personal data by LinkedIn (opt-out): www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Further information can be found in LinkedIn’s privacy statement: LinkedIn privacy statement
Google Maps
We integrate maps from the Google Maps service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, represented by Sundar Pichai (Chief Executive Officer). According to their privacy statement, you have the option to object to the processing of your personal data by Google LLC (opt-out): https://adssettings.google.com/authenticated.
Google Fonts
We integrate the fonts of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, represented by Sundar Pichai (Chief Executive Officer). According to their privacy statement, you have the option to object to the processing of your personal data (opt-out): adssettings.google.com/authenticated.
Links to third party sites
Our website also contains links to third-party websites. We no longer have any influence on the collection, storage and processing of your personal data (e.g., IP address or URL of the page on which the link is located) once you have clicked the respective link.
Facebook
We use links to Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) on our website. Privacy statement: www.facebook.com/privacy/policy/
X
We use links to profiles on X (Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland) on our website. If the user is a member of Twitter, Twitter can assign access to the abovementioned content and functions to the user’s profile there. According to their privacy statement, you have the option to object to the processing of your personal data (opt-out): x.com/settings/account/personalisation.
Xing
We use a link to Xing (XING AG, Dammtorstraße 29–32, 20354 Hamburg, Germany) on our website. If the users are members of the Xing platform, Xing can assign the access to the abovementioned content and functions to the user’s profiles there. Privacy statement: www.xing.com/app/share
Use of survey tools
We use survey tools in our emails to obtain feedback from our users. The survey tool we use is called Lamapoll, provided by Lamano GmbH & Co. KG, Prenzlauer Allee 36G, 10405 Berlin, Germany. The following data is collected when you participate in surveys via Lamapoll: IP address, answers to survey questions, and any other information provided voluntarily.
This data is used exclusively for the purpose of improving our services and is not passed on to third parties. Lamapoll stores the collected data on servers in Germany and is subject to the data protection regulations of the European Union. Further information on data processing by Lamapoll can be found in Lamapoll’s privacy statement: www.lamapoll.de/Support/Datenschutz
-
Types of data processed
We process the following personal data from the contacts of collaborative partners, contracting authorities, project partners, contractors, public authorities and other business contacts (one business contact from each):
contact details such as first name and surname, business address/telephone number/fax/email address
information that has to be processed for a project, the drawing up of a contract or the establishment of a contractual relationship with dena (including payment details), or which is provided voluntarily by business contacts, e.g. during enquiries, and
personal data obtained from publicly available sources, information databases or credit reference agencies
Purposes and legal basis of processing
We process personal data in order to
- plan, conduct, manage and conclude contractual relationships
- communicate with business contacts about our events, services and products
- maintain and safeguard the security of our products and services (including our web pages)
- meet legal requirements (particularly obligations to comply with tax law and commercial law)
- fulfil existing contracts and assert, exercise and defend legal rights, and
- carry out satisfaction surveys, marketing campaigns, market analyses, competitions
Unless expressly stated otherwise when personal data is collected, it is processed on the basis of your express consent (Art. 6(1) sentence 1(a) of the GDPR),
- because of your need for information when entering into a contract (Art. 6(1) sentence 1(b) of the GDPR),
- in order to perform and execute contracts (Art. 6(1) sentence 1(b) of the GDPR),
- in order to meet legal requirements (Art. 6(1) sentence 1(c) of the GDPR) or
- to protect dena’s legitimate interests (business contact management and marketing, Art. 6(1) sentence 1(f) of the GDPR).
-
Your personal data will be only disclosed, transferred or otherwise made accessible to third parties where this is permitted under law (e.g., to fulfil contractual obligations, where you have given your consent, on the basis of our legitimate interests or where there is a legal obligation to do so).
Should third parties be commissioned with the processing of data on the basis of a commissioned data processing agreement, they may only do so according to our instructions pursuant to Art. 28 of the GDPR.
Transfer to third countries
It is ensured that there is either an adequate level of data protection before the transfer of personal data or that EU standard contractual clauses of the European Union have been agreed with the recipients or that the data subject has given sufficient consent.
-
If you have consented to your personal data being processed, you can withdraw this consent at any time with future effect. All you need to do is send an email to Widerruf-Einwilligung(at)dena.de. The withdrawal of consent will not affect the legitimacy of the data processed on the basis of the consent given prior to consent being withdrawn. Once consent has been withdrawn, we shall only be permitted to continue processing your personal data if there is another legal basis for doing so.
-
You have the following rights regarding your personal data subject to statutory regulations:
- the right of access pursuant to 15 of the GDPR
- the right to rectification or erasure pursuant to Art. 16 and 17 of the GDPR
- the right to restriction of processing pursuant to Art. 18 of the GDPR
- the right to object to processing pursuant to Art. 21 of the GDPR
- the right to data portability pursuant to Art. 20 of the GDPR
Additionally, you have the right to lodge a complaint to a data protection supervisory authority regarding our processing of your personal data.
-
Your data will only be stored for as long as is necessary for the provision of our services and online offering and unless there is statutory retention period to the contrary. Data that is subject to a statutory retention period is blocked until the corresponding retention period has expired. This data is no longer available for further use.
-
You can contact our company data protection officer at datenschutz(at)dena.de or at our postal address with the addition ‘Attn. Company data protection officer’.