Data privacy policy

Data privacy policy

from Entelios AG

Thank you for visiting our website and for your interest in Entelios AG. Not only energy solutions for a sustainable future are important to us, but also the data protection compliant handling of your personal data. With this privacy policy we inform you about how, to what extent and for what purposes we process personal data when using our website and beyond.

The subject of data protection is personal data. According to Art. 4 GDPR, personal data means any information relating to an identified or identifiable natural person. This includes, for example, details such as name, address, e-mail address or telephone number, but also usage data such as your IP address or content data such as the messages you have written that you send to us via forms. We process personal data only in accordance with the legal regulations, in particular the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).

1.     Controller

Controller is:

Entelios AG

Werinherstrasse 81

81541 Munich

Phone: +49 (0) 89 552 9968-0

E-mail: info(at)entelios.com

2.     Data Protection Officer

Our data protection officer is:

Ann-Katrin Meißner

Meißner Datenschutz GmbH

Markt 31

25821 Bredstedt

Phone: +49 (0) 4671 93 10 31

Fax: +49 (0) 4671 93 10 33

E-Mail: dsb(at)mds.legal

3.     General Information

Insofar as we obtain your consent for processing operations of personal data, Art. 6 para. 1 sentence 1 lit. a GDPR serves as the legal basis.

When processing your personal data that is necessary for the performance of a contract between you and Entelios AG, Art. 6 para. sentence 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.

If processing of personal data is necessary for compliance with a legal obligation to which Entelios AG is subject, Art. 6 para. sentence 1 lit. c GDPR serves as the legal basis.

If the processing is necessary to protect a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. sentence 1 lit. f GDPR serves as the legal basis.

4.     Data Collection on our Website

Within the scope of the informative use of our website, e.g. if you otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to visit our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR. As the website operator, we have a legitimate interest in the technically error-free display and optimization of our website - for this purpose, the following server log files must be collected:

·       IP address of the requesting computer,

·       Date and time of access,

·       Name and URL of the accessed file,

·       Website from which the access is made (referrer URL),

·       Browser used and, if applicable, the operating system of your computer, as well as the name of your access provider.

4.1.  Cookies

This website uses cookies. Cookies are used to make our website more user-friendly and to enable the use of certain functions. Cookies are small text files that are stored on your terminal device and saved by your browser. Some of the cookies we use are so-called "session cookies". They are automatically deleted after the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us or our partner companies (third-party cookies) to recognize your browser on your next visit (so-called "persistent cookies"). You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of our website may be limited.

The legal basis for the use of cookies is Art. 6 para. 1 sentence 1 lit. f GDPR. We as the website operator have a legitimate interest in storing cookies for the technically error-free and optimized provision of our website. Insofar as other cookies (e.g. cookies for analyzing your surfing behavior) are stored, these are treated separately.

4.2. Cookie Consent Tool Cookiebot

This website uses the cookie consent tool Cookiebot. The service provider is Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark. This allows data subjects to manage the use of cookies. In addition, we as website operators can obtain your consent to the storage of certain cookies in your browser and document this in accordance with data protection law. Cookiebot shows the data subjects a list of cookies categorized by function groups, explains the purpose of the function groups and the individual cookies as well as their storage duration. The use of Cookiebot makes the storage of a cookie in your browser technically necessary.

When you access our website for the first time, the website displays the cookie consent tool Cookiebot as a pop-up window. In it, you can activate or deactivate the cookies categorized by function groups (preferences, statistics, marketing, unclassified) by clicking the corresponding checkbox. The technical (necessary) cookies are already stored when you access the website. The corresponding checkbox is preset and thus activated. You can accept cookies either by clicking on the "Allow selection" or "Allow cookies" button. If technical cookies are deactivated, the use of the website or individual functions on the website may be restricted or impossible. If you click on the "Only necessary cookies" button, only technically necessary cookies will be used.

Cookiebot is used to obtain and document legally required consent for the use of cookies. The legal basis is Art. 6 para. 1 sentence 1 lit. c GDPR.

4.3. Content Delivery Network (CDN)

We use a network of servers connected regionally or internationally and via the Internet (Content Delivery Network) for the proper provision of content on our website. CDN is a service for maintaining the functionality and availability of graphics or scripts and helps to ensure optimal data throughput, for example of large media files, even during peak loads. By accessing this content, you establish a connection to the servers of the respective service provider. As a result, your IP address and possibly other identification features such as your user agent are transmitted. We use the following CDN and service providers:

4.3.1.     Cookiebot CDN

The service provider is Cookiebot A/S. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR. As the website operator, we have a legitimate interest in the secure and efficient provision and optimization of our website offering. We have no influence on this processing activity. For more information on data processing by Cookibot CDN, please visit: https://www.cookiebot.com/de/privacy-policy/.

4.3.2.     Hotjar CDN

The service provider is Hotjar Ltd, Level 2, St Julians Business Centre 3 Elia Zammit Street St Julians STJ 3155 Malta. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR. As the website operator, we have a legitimate interest in the secure and efficient provision and optimization of our website offering. We have no influence on this processing activity. You can find more information on data processing by Hotjar CDN at: https://www.hotjar.com/privacy/.

4.3.3.     Google CDN

The service provider is Google. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR. As the website operator, we have a legitimate interest in the secure and efficient provision and optimization of our website offering. We base the transfer of data to the USA on the model contracts of the EU Commission for the transfer of personal data to third countries (standard contractual clauses). We have no influence on this processing activity. You can find more information on data processing by Google at: https://policies.google.com/privacy.

4.3.4.     LinkedIn CDN

The service provider is LinkedIn Corporation (LinkedIn), Sunnyvale, California, USA. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR. As the website operator, we have a legitimate interest in the secure and efficient provision and optimization of our website offering. We base the transfer of data to the USA on the standard contractual clauses. We have no influence on this processing activity. You can find more information on data processing by LinkedIn at: https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.

4.4.  Google Analytics

This website uses the Google Analytics analysis service for the statistical evaluation of our website offering. The service provider is Google Ireland Limited (Google) Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies and other browser technologies to evaluate visitor behavior and recognize visitors. The analysis includes, for example, the number of times our website is accessed, sub-pages visited and the length of time visitors spend on the site. We use this information to compile reports on the activity of our website. The information generated by the cookie about your surfing behavior is usually transmitted to servers of Google LLC. in the USA.

The processing is based on your consent. You give your consent via the cookie consent tool. The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR or Art. 49 para. 1 sentence 1 lit. a GDPR. We have no influence on this processing activity. You can find more information on data processing by Google at: https://support.google.com/analytics/answer/6004245?hl=de.

4.4.1.     IP-Anonymisierung

This website uses the IP anonymization function. As a result, Google shortens your IP address within member states of the European Union (EU) or in other contracting states of the Agreement on the European Economic Area (EEA) before transferring it to the USA. However, there is the possibility that, exceptionally, your full IP address is transmitted to servers of Google LLC. in the USA and shortened there.

4.4.2.     Browser Plugin

You can use the browser plugin to prevent Google from collecting and processing your data. You can find more information (download etc.) at: https://tools.google.com/dlpage/gaoptout?hl=de.

4.4.3.     Storage Period

Data stored as part of Google Analytics will be anonymized or deleted after 14 months. You can find more information at: https://support.google.com/analytics/answer/7667196?hl=de.

4.5.  DoubleClick by Google

This website uses DoubleClick by Google (DoubleClick) to display advertising to you. The service provider is Google. With DoubleClick, we can optimize our advertising and thus target it to the interests of each visitor. Our advertising may be displayed in Google search results or in advertising banners if they are linked to DoubleClick. DoubleClick uses cookies, which are necessary for the technical process. DoubleClick thus recognizes the visitor again, as well as websites visited by him, clicks and other information on surfing behavior. The information thus collected is then combined into a pseudonymous user profile. The aim here is to display interest-based advertising to the visitor. The information generated by the cookie is usually transmitted to servers of Google LLC. in the USA and stored there.

The processing is based on your consent. You give your consent via the cookie consent tool. The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR or Art. 49 para. 1 sentence 1 lit. a GDPR. We have no influence on this processing activity. You can find more information on data processing by Google at: https://policies.google.com/privacy.

4.6.  Google Tag Manager

This website uses the Google Tag Manager. The service provider is Google. With Google Tag Manager, we manage website tags and can integrate services such as tracking or statistics tools and other technologies on our website. This allows us to evaluate visitors' access to our website. The information generated by the cookie is usually transmitted to servers of Google LLC. in the USA.

The processing is based on your consent. You give your consent via the cookie consent tool. The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR or Art. 49 para. 1 sentence 1 lit. a GDPR. We have no influence on this processing activity.

4.7.  Google Ads

This website uses Google Ads to display targeted advertising to visitors. The service provider is Google. Google uses cookies and other browser technologies to evaluate visitor behavior and recognize visitors. If the user enters search terms in the Google search engine, we can display advertisements in the Google search engine or on third-party websites as part of Google Ads. Google Ads delivers targeted advertising based on surfing behavior and geographical location (location data). As a result, your IP address and other identifiers such as your user agent are transmitted to Google. The information generated by the cookie is usually transmitted to servers of Google LLC. in the USA.

The processing is based on your consent. You give your consent via the cookie consent tool.  The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR or Art. 49 para. 1 sentence 1 lit. a GDPR. You can find more information on data processing by Google at: https://polcies.google.com/privacy?hl=de.

4.8.  Google Adsense

This website uses Google Adsense. The service provider is Google. With Google Adsense, we integrate targeted third-party advertisements. The content of the advertisements is geared to your interests, which Google determines based on your surfing behavior. When selecting the targeted advertising, other information such as your location, the content of the website you visited or the Google search terms you entered are also processed. Google AdSense uses cookies, web beacons (invisible graphics) and other recognition technologies. This allows us to evaluate visitor traffic.

The information generated by the cookie is usually transmitted to servers of Google LLC. in the USA and stored there. The processing is based on your consent. You give your consent via the cookie consent tool.  The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR or Art. 49 para. 1 sentence 1 lit. a GDPR. We have no influence on this processing activity.

4.9.  Google Fonts

This website uses so-called Google Fonts for the uniform and appealing display of fonts. The service provider is Google. When you call up a page, your browser loads the required Google Fonts into your browser cache in order to display texts and fonts correctly. For this purpose, the browser you are using must connect to Google's servers. This may also result in the transmission of personal data to the servers of Google LLC. in the USA. This gives Google knowledge that you have visited our website via your IP address.

The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR. As the website operator, we have a legitimate interest in a uniform display of fonts. We base the data transfer to the USA on the standard contractual clauses. We have no influence on this processing activity. You can find more detailed information on data processing by Google at: https://developers.google.com/fonts/faq and more detailed information on data processing by Google at: https://www.google.com/policies/privacy/.

4.10.      Leadfeeder

We use Leadfeeder on our website as a service for the "Customer Intelligence" process. The service provider is Leadfeeder, Inc, 3 Warren Street, Suite 2, Glens Falls, NY 12801, USA. Leadfeeder tracks business IP addresses to provide them for lead classification. Leadfeeder identifies website visitors (businesses), supplements existing contact information, or provides complete contact information, providing transparency into the visit history. Leadfeeder uses cookies and other browser technologies to analyze visitor behavior and recognize visitors. Leadfeeder determines which visitors have visited our website, the course of the visit to our website, all pages visited and the length of the visit.

The processing is based on your consent. You give your consent to the use of cookies via the cookie consent tool. The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR or Art. 49 para. 1 sentence 1 lit. a GDPR. We have no influence on this processing activity.  For more information on data processing by Leadfeeder, Inc, please visit: https://www.leadfeeder.com/privacy/.

4.11.      DrawBridge

We use DrawBridge on our website to display targeted advertising to visitors. The service provider is Gimbal, Inc, 8605 Santa Monica Blvd #62545 West Hollywood, California 90069-4109, USA. DrawBridge uses cookies and other browser technologies to evaluate visitor behavior and recognize visitors. This information is used to optimize the display of advertising. DrawBridge delivers targeted advertising based on surfing behavior and geographical location (location data). As a result, the IP address and other identifiers such as the user agent are transmitted to Gimbal, Inc. In addition, web tracking technologies are used to create pseudonymized user profiles. This serves the segmentation of the advertisements.

The processing is based on your consent. You give your consent to the use of cookies via the cookie consent tool. The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR or Art. 49 para. 1 sentence 1 lit. a GDPR. We have no influence on this processing activity. You can find more information on data processing by Gimbal, Inc. at: https://gimbal.com/gdpr/.

4.12.      Hosting

We host our website with an external service provider (hoster). Personal data collected on this website is stored on the hoster's servers. This may include, for example, IP addresses, contact requests, meta and communication data, contract data, contact data, names, website accesses and other data generated via a website. The hoster is used for the purpose of fulfilling the contract with our potential and existing customers in accordance with Art. 6 para. sentence 1 lit. b GDPR and in the interest of a secure, fast and efficient provision of our website offering by a professional service provider. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR. The hoster processes your data only to the extent necessary to fulfill its obligations and follows our instructions.

4.13.      Contact Form

If you send us inquiries via a contact form, your information and personal data from the contact form will be processed for the purpose of processing the inquiry and, if necessary, for follow-up questions. The legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR, insofar as your inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In other cases, we base the processing on our legitimate interest in the effective processing of the inquiries directed to us pursuant to Art. 6 para. sentence 1 lit. f GDPR or on your consent pursuant to Art. 6 para. sentence 1 lit. a GDPR, provided we have obtained it.

4.14.      Google reCAPTCHA

We use Google reCAPTCHA on our website. The service provider is Google. With Google re-CAPTCHA, we can check whether the input of data, e.g. in a contact form, is done by a human or by an automated program. Google reCAPTCHA analyzes the visitor's behavior, e.g. by recording the visitor's dwell time and mouse movements. This analysis begins as soon as the visitor visits the website. By accessing this content, you establish a connection to Google's server. As a result, your IP address and, if applicable, other identification features such as your user agent are transmitted to Google.

The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR. As the website operator, we have a legitimate interest in protecting our website from abusive automated spying and from SPAM. We base the data transfer to the USA on the standard contractual clauses. We have no influence on this processing activity. You can find more information on data processing by Google reCAPTCHA at: https://policies.google.com/privacy?hl=en-US.

5.     Online Conference Tools

To communicate with you, we use, among others, online conference tools (e.g. Microsoft Teams). The service provider of the online conference tool collects and processes personal data of the participants, in particular e-mail address, telephone number, duration, number of participants, other "context information" in connection with the communication process (metadata). Furthermore, the service provider processes technical data that is required to process the communication as well as other service-related data. We have no influence on these processing activities.

We use the online conferencing tools to communicate with contractual partners for the execution of the contractual relationship or to be able to offer certain services to our customers. The legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR. In addition, the use of online conferencing tools serves to optimize communication with us or our group of companies. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest lies in being able to use functional online conferencing tools that are widely used in the business areas in order to communicate efficiently with external partners. Insofar as consent has been obtained, the tools in question are used exclusively on the basis of this consent. The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR. We have no influence on the storage period of your data, which is stored by the service providers of the online conference tools for their own purposes.

We use Microsoft Teams for this purpose. The service provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. We have engaged Microsoft as a processor and agreed to the standard contractual clauses. You can find morge information on data processing by Microsoft at: https://privacy.microsoft.com/de-de/privacystatement.

6.     Visiting our Social Media Sites

We operate social media sites with the aim of informing visitors about our products and services and communicating with them. If you visit social networks such as Facebook, Instagram, YouTube, Xing, LinkedIn, etc. or websites with integrated social media content (e.g. like buttons or advertising banners), it is possible that social networks analyze your surfing behavior. Social networks can, for example, assign your visit to our social media presence to your user account, provided you are logged into your social media account. Irrespective of this, your personal data may also be collected if you do not have a social media account. The data collection can take place via cookies that are stored on your end device or by collecting your IP address. As a rule, your personal data is processed for market research and advertising purposes. Social networks can create usage profiles from your surfing behavior and resulting interests, which are used, for example, to display corresponding advertisements within and outside the social network. Please note that your data may be processed outside the EU or the EEA, e.g. in the USA. This may result in risks for you, as it could, among other things, make it more difficult to enforce your data subject rights. For information on data transfers to the USA, see our information on transfers to countries outside the EU or EEA. We are not able to track all processing activities of the social networks, in particular whether further processing activities are carried out. You can find more information on this in the terms of use and data protection provisions of the respective social network (see below).

With our social media presences, we want to ensure an extensive presence on the Internet. Our legitimate interest lies in providing effective information to users and communicating with users. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR. If a corresponding consent has been obtained (e.g. consent to store cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 sentence 1 lit. a GDPR or Art. 49 para. 1 sentence 1 lit. a GDPR.

6.1.      Controller and Enforcement of Data Subject Rights

We are jointly responsible with the operator of the social network for the data processing operations triggered during your visit. In principle, you can enforce your data subject rights both against us and against the social network. However, we would like to point out that despite the joint responsibility with the social networks, we do not have any comprehensive influence on the data processing operations. Our options for exerting influence are based on the corporate guidelines of the respective social network.

6.2.      Storage Period

We delete data that is directly collected by us via the social media site as soon as the purpose for storing it no longer applies, you request us to delete it or revoke your consent to store it. Mandatory legal provisions, e.g. retention periods, remain unaffected by this. We have no influence on the storage period of your data that is stored by the social networks for their own purposes.

6.3.      Social Networks in Detail:

·       Facebook (Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland), Facebook pages based on an agreement on joint processing of personal data at https://www.facebook.com/legal/terms/page_controller_addendum; More information on data processing: https://www.facebook.com/about/privacy/, Opt-Out: https://www.facebook.com/settings?tab=ads;

·       YouTube (Google) - More information on data processing: https://policies.google.com/privacy  Opt-Out: https://adssettings.google.com/authenticated;

·       LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland); Further information on data processing: https://www.linkedin.com/legal/privacy-policy, Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out;

·       Xing (XING SE, Dammtorstraße 30, 20354 Hamburg, Germany); More information on data processing / Opt-Out: https://privacy.xing.com/de/datenschutzerklaerung.

7. CRM System

We store your personal data in a customer relationship management system (CRM system). The service provider is Salesforce.com INC., Salesforce Tower, 415 Mission Street, 3rd Flor, San Francisco, CA 94105, USA. The purpose of the processing is the communication with contractual partners or pre-contractual contacts, processing of contact requests, communication, management and response to inquiries, maintenance of customer relationships and relationships with interested parties, as well as optimization and automation of sales processes.

The legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR insofar as the contact is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In other cases, the processing is based on your consent pursuant to Art. 6 para. sentence 1 lit. a GDPR and/or on our legitimate interests pursuant to Art. 6 para. sentence 1 lit. f GDPR, as we have a legitimate interest in effective communication with external parties and partners as well as in the effective processing of requests addressed to us. We base the data transfer to the USA on the standard contractual clauses, on Art. 49 para. 1 sentence 1 lit. a GDPR as well as on binding internal data protection rules of the service provider according to Art. 46 para. 2 b) GDPR and Art. 47 GDPR (so-called Binding Corporate Rules), for compliance with an adequate level of data protection outside the EU.

8.     Contact by E-Mail, Mail, Telephone, Fax, Social Media, etc.

When you contact us by e-mail, mail, telephone, fax, social media, etc., your personal data (e.g. name, inquiry) will be stored and used for the purpose of processing your request or for contacting you and the associated processing. The legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR, insofar as your contact is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In other cases, the processing is based on your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR and/or on our legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, as we have a legitimate interest in the effective processing of the inquiries addressed to us.

9.     Processing of Prospective Customer, Customer and Contract Data

We process your personal data for the fulfillment of a contract and the related implementation of pre-contractual measures (e.g. to create and send an offer), or termination of our contract. The data processing is carried out upon your request and is necessary for the aforementioned purposes for the mutual fulfillment of obligations arising from the contract. The legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR.

10.  Data Processing Contact Data of Contact Persons etc.

We process contact data of contact persons, employees, service providers or vicarious agents of our contractual partners. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR. Processing pursuant to Art. 6 para. sentence 1 lit. f GDPR may only take place if this is necessary to protect the legitimate interests of us or third parties and if the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, do not override this. Business contacts (e.g. the name of a contact person, an employee, etc.) do not contain very sensitive data. It is therefore not apparent what legitimate interest contact persons, employees, etc. would have in not being contacted in the course of the business relationship. Our legitimate interest lies in the smooth handling of the business relationship and outweighs the interest of the contact persons, employees, service providers or vicarious agents.

11.  Data Processing Business Contacts, Trade Fairs, Events, etc.

We process your personal data that we have received from you, e.g. in the context of business contacts, a trade fair, event, etc. (e.g. handing over your business card and other data) for the purpose of fulfilling a contract and the related implementation of pre-contractual measures (e.g. preparation of an offer). The data processing is carried out upon your request and is necessary for the aforementioned purposes for the mutual fulfillment of obligations arising from the contract. The legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR.

12.  Data Processing within the Energy Group

We work closely within the energy group "Agder Energi" (www.ae.no) with the other companies. It may therefore be necessary for us to process your personal data within the existing or future group of companies. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest is the efficient design of business processes.

Your personal data will be processed within the existing or future group of companies to the extent necessary for the performance of a contract and the related implementation of pre-contractual measures. The data processing is carried out upon your request and is necessary for the aforementioned purposes for the mutual fulfillment of obligations arising from the contract. The legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR.

13.  Invitations to Events, Trade Fairs, etc.

We process your personal data in order to invite you to events, trade fairs, etc. by e-mail or by post. The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR, provided we have obtained your consent. In other cases, the processing is based on our legitimate interests pursuant to Art. 6 para. sentence 1 lit. f GDPR, as we have a legitimate interest in maintaining contact with our contacts and business partners and in carrying out advertising measures.

14.  Applicants

We commission service providers (hereinafter "recruiters") to carry out recruiting, in particular the pre-selection of applicants (hereinafter "applicants").

The services commissioned include, for example, the publication of job advertisements, the review of application documents, the conduct of interviews and the pre-selection of applicants. After selecting an applicant, the recruiter sends us the application documents, supplemented by an assessment if necessary. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR. Processing on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR may only take place insofar as this is necessary to protect the legitimate interests of us or third parties and does not override the interests or fundamental rights and freedoms of the data subject which require the protection of personal data. Our legitimate interest is the professional implementation of recruiting by commissioning recruiters qualified for this purpose.

We process the personal data for the further implementation of the application process. The legal basis for the processing of personal data is Art. 88 GDPR in conjunction with Section 26 BDSG. According to Section 26 BDSG, the processing of data required in connection with the decision on the establishment of an employment relationship is permissible.

We process personal data that we have received in connection with the application, such as title, first name, last name, e-mail address, address, telephone number, information on professional qualifications and school education, information on professional training and information about the previous career.

If the data should be required after completion of the application process, e.g. for legal prosecution, data processing may be carried out for the purpose of safeguarding legitimate interests pursuant to Art. 6 para. sentence 1 lit. f GDPR. The legitimate interest then consists of asserting or defending claims, for example, in proceedings under the General Equal Treatment Act (AGG).

We store the personal data of applicants as long as this is necessary for the decision on the application. The personal data or application documents are deleted six months after the end of the application process (e.g. notification of the rejection decision), unless longer storage is legally required or permitted.

We store personal data beyond this only to the extent that this is required by law or in the specific case for the assertion, exercise or defense of legal claims for the duration of a legal dispute. If you are accepted for a position during the application process, the data will be stored on our systems and transferred to your personnel file.

Applicants are not obliged to provide their personal data. However, the provision of personal data is necessary for the decision on an application. However, applicants should only provide personal data in their application that is required for the acceptance and execution of the application. If applicants do not provide us with personal data in an application, we cannot make a selection.

15.  Corporate Transaction

In the course of a corporate transaction, it may be necessary to transfer your personal data to a third party. This is the case at least in the case of an asset deal. In principle, anonymized or pseudonymized data is processed in the course of due diligence. However, in some cases it may be necessary to process personal data without anonymization or pseudonymization. In this case, the legal basis for the processing of your personal data is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest is based in the implementation of the corporate transaction.

16.  Categories of Personal Data and Source

We process the following categories of personal data: Contact data (e.g. name, e-mail address, telephone number), employee data, job or function titles (e.g. graduate engineer, managing director, etc.), personal master data, communication data, contract master data, contract billing and payment data, supplier data, information data (from third parties, e.g. credit agencies or from publicly available sources), etc. The list is not exhaustive.

17.  Transmission to Third Parties

In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored. As a rule, this is done on the basis of commissioned processing in accordance with Art. 28 GDPR. In addition, we only transfer personal data to third parties if this is permitted by law or if you have given your prior consent. A disclosure or transfer of your personal data takes place exclusively within the scope of the aforementioned purposes to the following recipients or categories of recipients:

·       IT service providers,

·       Credit institutions for the processing of payments,

·       Companies in the insurance industry in the course of settling claims,

·       Collection service providers and lawyers, e.g. to collect receivables and enforce claims in court,

·       Lawyers, notaries, banks, tax consultants, etc.,

·       Corporate buyers/interested parties in corporate transactions,

·       Persons in charge, order processors,

·       other authorized persons (e.g. authorities and courts), insofar as there is a legal obligation or authorization to do so,

·       depending on the order, to other recipients, which we may agree with you.

 

18.  Transfer to Countries outside the EU or the EEA

Insofar as we process data outside the EU or the EEA or this occurs in the context of the use of third-party services or disclosure or transmission of data to third parties, this will only occur if it is done to fulfill our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests.

Otherwise, we only transfer data to third countries if it is ensured that the recipient of the data guarantees an adequate level of data protection within the meaning of Chapter V of the GDPR and no other interests worthy of protection speak against the transfer of data. To ensure an adequate level of data protection at the recipient of the data, we use standard contractual clauses, base the transfer of data on so-called Binding Corporate Rules (internal data protection regulations) and check the existence of additional guarantees regarding the transfer of personal data to a third country, such as the USA. The standard contractual clauses are in principle still effective even after the ECJ ruling of July 16, 2020 (C-311/18) on the EU-US Privacy Shield. Furthermore, we check the existence of additional safeguards and obtain the consent of the data subjects for the data transfer pursuant to Art. 49 para. sentence 1 lit. a GDPR. 

We use tools or services from service providers based in the USA on our website and beyond. According to the case law of the European Court of Justice of 16 July 2020 (C-311/18) on the EU-US Privacy Shield, there is no adequate level of data protection in the USA. The USA is not a safe third country within the meaning of the GDPR. US service providers and their subsidiaries are subject to US laws and are obliged to hand over personal data to US authorities (e.g. intelligence agencies). Data subjects cannot take legal action against this. This means that it is possible for US authorities to access, process, evaluate and store personal data, e.g. for monitoring purposes. Within the meaning of the GDPR, this constitutes an impermissible disclosure of personal data. We cannot influence this processing activity.

19.  Duration of Storage

Your personal data will be stored for the aforementioned purposes for as long as is necessary for the fulfillment of these purposes. Thereafter (e.g. after the processing of your inquiry has been completed; when the facts concerned have been conclusively clarified; after completion of the order or termination of the business relationship, etc.), your personal data will be deleted, unless we are obliged to store it for a longer period of time due to legal requirements (e.g. obligations to maintain records under commercial or tax law). In this case, your personal data will initially be blocked and deleted upon expiration of the retention period.

Data may also be stored beyond this period if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which our company is subject. The data will be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data. In addition, storage may take place beyond this if you have given your consent in accordance with Art. 6 para. sentence 1 lit. a GDPR.

In the event of obligations to permanently observe objections, we reserve the right to store your personal data (contact data, e.g. e-mail address, telephone number, surname, first name, address, etc.) in a blocking list (so-called "denylist") for this purpose alone.

Applicants' data will be deleted after 6 months in the event of rejection. If you have agreed to further storage of your personal data, we will transfer your data to our applicant pool. There, the data will be deleted after two years.

Further information on the duration of storage and deletion of your personal data can be found in the individual data protection notes of this privacy policy.

20.  Data Subject Rights

Within the framework of the legal requirements, you have a right against us to the following

·       Confirmation as to whether your personal data is being processed by us and to information about the circumstances of the processing (Access) (Art. 15 GDPR),

·       Rectification insofar as your personal data is incorrect (Art. 16 GDPR),

·       Deletion of your personal data, insofar as there is no justification for the processing and no obligation to retain (more) (Art. 17 GDPR),

·       Restriction of processing if one of the conditions listed in Art. 18 para. a to d GDPR is met (Art. 18 GDPR),

·       Data portability of your personal data in a structured, common and machine-readable format (Art. 20 GDPR),

·       Complaint to a supervisory authority (Art. 77 GDPR).

Insofar as the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time in accordance with Art. 7 para. 3 GDPR, with the consequence that the processing of your personal data becomes unlawful for the future. However, this does not affect the lawfulness of the processing carried out on the basis of the consent until the withdrawal. The withdrawal of consent can be communicated informally by e-mail to dp(at)entelios.com or by mail to our postal address listed at the beginning of this privacy policy.

In addition, you may object to the processing in accordance with Art. 21 GDPR in the event of processing on the basis of a legitimate interest pursuant to Art. 6 para. sentence 1 lit. f GDPR, whereby you must present a special reason, except in the case of direct advertising. The objection can be communicated informally by e-mail to dp(at)entelios.com or by mail to our postal address listed at the beginning of this Privacy Policy.

21.  Obligation or Duty to provide Data

In the context of the performance of a contract and the related implementation of pre-contractual measures of contracts with you, it is necessary that you provide those personal data that are required for the establishment or the implementation of the contract and thus for the performance of the contractual obligations. You are not obliged to provide your personal data, but if you do not provide them, the establishment and performance of the contractual relationship is not possible.

22.  No Automated Individual Decision-Making including Profiling

We do not process your personal data for the purpose of automated individual decision-making including profiling pursuant to Art. 22 para. 1 and 4 GDPR.

23.  Links to other Websites

Our website contains links to other websites. Please note that our privacy policy does not apply to these other websites unless it is expressly stated.

24.  Data Security

We have taken the necessary technical and organizational measures to protect the personal data you provide against loss, destruction, manipulation and unauthorized access. All our employees or all persons involved in data processing are obliged to comply with the GDPR, the BDSG and other laws relevant to data protection and to handle personal data confidentially. Our employees are trained accordingly. Both internal and external audits ensure compliance with all data protection-relevant processes.

To protect the personal data of our users, we use a secure online transmission procedure, the so-called "Secure Socket Layer" (SSL) or "Transport Layer Security" (TSL) transmission. You can recognize this by the fact that an "s" is appended to the address component http:// ("https://") or a green, closed lock symbol is displayed in the browser. Clicking on the symbol provides information about the SSL certificate used. The appearance of the symbol depends on the browser version you are using. SSL encryption ensures the secure and complete transmission of your data.

25.  Change of the Privacy Policy

New legal requirements, business decisions or technical developments may require changes to our privacy policy. The privacy policy will then be adapted accordingly. You can find the latest version on our website.

Status: April 2021