Privacy

The following privacy policy applies for the use of the website energisto.com as well as energisto.ph. This online platform is a service provided by ENERGISTO eG, Sudetenstrasse 1, D-85635 Höhenkirchen (hereafter “provider”). Please refer to our Imprint for further contact details.

This privacy policy informs you of the nature, scope and purpose of the collection and use of personal data on our online platform mentioned above (hereafter “website”).

The protection of your privacy is very important to us, and we treat your personal data as confidential in accordance with the statutory regulations.

The use of our website is generally possible without providing personal data. In this context, personal data is all data that can be connected with your personal identity, such as name, address, email address, website visits. If personal data is collected directly on our website (e.g. via the contact form), this always occurs on a voluntary basis as far as possible. This data will not be forwarded to third parties without your express consent. Under no circumstances will the collected data be sold or transferred to third parties except where legally required.

Since changes may be made to this privacy policy due to new technologies and the continuing development of this website, we recommend that you re-read this privacy policy at regular intervals.

For definitions of the terms used (e.g. “personal data” or “processing”), please consult Art. 4 of the EU General Data Processing Regulation (GDPR).

Logfiles

When you visit our website, unless you transmit information to us in another way, we only collect the personal data your browser transmits to our server. This information is temporarily stored in a so-called server logfile. The following information will be automatically recorded without any action on your part and stored on our server until it is automatically deleted:

• IP address of the requesting computer
• Client file request
• Http response code
• The website from which you visit us (referrer URL)
• The time of the server request
• Browser type and version
• Operating system used by the requesting computer

The above data is collected for the purpose of displaying our website to you while guaranteeing stability and security. The legal basis for this is Art. 6 (1)(f) GDPR. Our legitimate interest is derived from the stated purpose of data collection.

Person-related analysis of the server log files is not conducted. We will never attribute this data to specific people. This data will not be aggregated with other data sources.

We also use cookies as well as web analysis services. For more detailed clarifications in this regard, as well as information about data processing when using any social media applications, please consult the relevant sections of this privacy policy (Section 4: Cookies, Section 5: Web Analysis, Reach Measurement, Section 6: Social Media).

Contact form and email contact

(1) Subject to your consent, the following information will be stored when you use our contact form:

• Email address
• First and last name
• Information about your company, such as the company name and your position in the company
• Phone number
• Subject of your enquiry as well as your enquiry (your message)
• IP address (automatic)
• Date and time (automatic)
• Browser and version used (automatic)

Some of the information on our contact form is mandatory (marked as such on the contact form) for purposes of addressing you personally, attributing the enquiry to you as well as responding to your enquiry. Entering additional data (such as phone number, company) is voluntary and will be used to assign your enquiry more precisely (for instance, in case of follow-up questions) or to contact you by phone if you so desire. The data collected as per above will be used to make our online service more secure and to allow for optimisation.
You are free to use our contact form at any time. Alternatively, you can of course contact us by phone, mail or email.

(2) When you contact us (e.g. via the contact form or email), we will process your details in order to handle the enquiry and in case subsequent questions arise.

If data processing occurs at your request in order to take steps prior to entering into a contract, or if you are already in a contractual relationship with us, in order to implement the contract, the legal basis for such data processing is Art. 6 (1)(b) GDPR.

We will only process additional personal data if you give your consent to this processing (Art. 6 (1)(a) GDPR) or we have a legitimate interest in the processing of your data (Art. 6 (1)(f) GDPR). For instance, we have a legitimate interest in answering your email.

The transfer of personal data to third parties will not occur for reasons other than the following purposes. We will only transfer your data to third parties if:

• You have given your express consent (Art. 6 (1)(a) GDPR),
• Transfer is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have a prevailing legitimate interest in the non-disclosure of your data (Art. 6 (1)(f) GDPR),
• If there is a legal obligation to carry out the transfer (Art. 6 (1)(c) GDPR).

In addition to the data outlined in Section 2 of this Privacy Policy, when you use our website, cookies will be stored on your device (desktop, laptop, tablet, smartphone, TV or other device). Cookies are small files that your browser generates automatically and that are stored on your device when you visit our website. Information is stored in the cookie relating to the specific device and browser you are using. This does not mean that we obtain direct knowledge of your identity in this way. Additionally, cookies cannot run programs or transmit viruses to your computer. They are used to make the internet service more user-friendly and effective as a whole.

The following data and information is stored in the cookies, for example:

• Login information
• Language settings
• Search terms entered
• Information about the number of visits to our website as well as the use of individual features on our internet platform.

In this context, our website uses the following types of cookies:

• (1) Transient cookies are automatically deleted when you close your browser. These especially include session cookies. These cookies store a so-called session ID which makes it possible to attribute various requests from your browser over the entire session. This makes it possible to recognize your computer when you return to our website.
• (2) Persistent cookies are automatically deleted after a predefined period of time which varies depending on the cookie. We use this type of cookie to statistically measure the use of our website and to optimize our services. These cookies enable us to automatically recognize that you have visited us previously when you visit our website again.

The data processed using cookies is necessary for the stated purpose of preserving our legitimate interest pursuant to Art. 6 (1)(f) GDPR.

You can configure your browser settings at any time according to your wishes and, for instance, reject third-party cookies or all cookies as a rule. We wish to inform you that if you reject cookies, you may not be able to use all features of this website to their full extent.

Google Analytics

On our website, we use Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses cookies (see Section 4 of this Privacy Policy) that are stored on your computer, making it possible to analyze your use of our website. The information generated by the cookie about your use of this website is generally transferred to a Google server in the USA and stored there. This data could include:

• IP address
• Date and time of the request
• Website from which the request comes
• Country from which the request comes
• Browser
• Operating system

We use Google Analytics with the extension “_anonymizeIp()”. This means that before the transfer, your IP address will be truncated by Google within the member states of the European Union or in other states which are party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. Google will use this information to analyze your use of the website on our behalf, to compile reports about website activity and to perform other services associated with website use and internet use on our behalf. In this process, the IP address transmitted by your browser will not be linked with other data held by Google. You can prevent the storage of cookies by changing your browser settings accordingly. However, we wish to inform you that in this case it may not be possible to use all features of this website to their full extent. You can also prevent the collection of the data generated by the cookie concerning your use of this website (incl. your IP address) as well as the processing of this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

We use Google Analytics to analyze the use of our website and regularly optimize the website. Statistics acquired in this way allow us to improve our services and make them more compelling for you as a user. In exceptional cases where personal data (e.g. your IP address before truncation) is transferred to the USA, Google has committed to the EU-US Privacy Shield framework, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 (1)(f) GDPR.

Details of the service provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of use: http://www.google.com/analytics/terms/de.html, Overview regarding privacy: http://www.google.com/intl/de/analytics/learn/privacy.html, as well as the privacy policy: http://www.google.de/intl/de/policies/privacy.

Embedded YouTube Videos

We have embedded YouTube videos in our online platform that are stored on YouTube (a video service of “Google”) and can be directly played from our website and/or which play automatically.

When you visit the website, YouTube will be informed that you have accessed the corresponding page or subpage of our website. Additionally, the data listed under Section 2 of this Privacy Policy (see Logfiles) will be transmitted. This occurs regardless of whether you have a YouTube (or Google) account and are logged in to that account, or whether you do not have an account. If you are logged into YouTube, your data will be directly attributed to your account. If you do not want data to be attributed to your YouTube profile, you must log out of your Google user account before activating, that is, using the video (e.g. by clicking the “Play” button or using additional control elements on the video). YouTube stores your data as a usage profile and uses this profile for the purposes of advertising, market research and/or needs-oriented design of its website. Such an analysis is conducted in particular to display targeted advertising and to inform other users of the social network of your activities on our website. The provider will perform analysis even if you don’t have a Google account or are not logged in. You have the right to object to the formation of this profile; to exercise this right, you must contact YouTube (Google).

For more information about the purpose and scope of data collection and its processing by YouTube, please see the provider’s privacy policy. There, you will also obtain more information regarding your rights in this regard and configuration options to protect your privacy: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has committed to the EU-US Privacy Shield agreement, https://www.privacyshield.gov/EU-US-Framework.

Additional social media plug-ins and links to social media websites

Other than the plug-ins named in this Privacy Policy, we do not implement any other social media plug-ins on our website. However, we expressly reserve the right to integrate additional plug-ins and services into our website in order to preserve our legitimate interests and the interests of third parties pursuant to Art. 6 (1)(f) GDPR without advance notice. Of course we will inform you in this Privacy Policy about the purpose and scope of any associated processing of personal data.

We would also like to note that we may provide external links to social media services that may be linked with our profiles or the profiles of our employees, subject to their consent within the company. This enables you to contact us using additional channels outside of our website, obtain more information about us or follow us. On these external social media platforms, we have no influence over the data collected or data processing operations of these services or any user accounts these services make available to you, nor do we have any knowledge of the full scope of data collection, the purposes of processing or the duration of storage. We do not have any information about the deletion of the data collected by the plug-in provider either. You can obtain more information regarding the purpose and scope of data collection and data processing by social media services on their platforms in the privacy statements released by these providers. From these, you will also obtain more information regarding your rights in this regard and configuration options to protect your privacy.

Unless specifically indicated otherwise, we only store personal data for as long as necessary to fulfil the pursued purposes.

In some cases, the legislature provides for the retention of personal data, for instance relating to tax law or commercial law. In these cases, we will only continue to store the data for these statutory purposes, without processing the data in other ways, and the data will be deleted after the statutory retention period has elapsed.

We make every effort to ensure the security of your data in the framework of the applicable data protection laws and technical possibilities.

On our website, your personal data is transmitted in encrypted form. We use SSL/TLS encryption (Secure Socket Layer / Transport Layer Security), however please note that data transmission online (e.g. communication by email) may involve security vulnerabilities. Complete protection against access by third parties cannot be guaranteed.

To safeguard your data, we implement technical and organisational security measures pursuant to Art. 32 GDPR, always adapting these measures to the state of the art. Furthermore, we cannot guarantee that our services will be available at specific times. Disruptions, interruptions or breakdowns cannot be ruled out. The servers we use are regularly and carefully backed up.

Your rights as a data subject

In relation to us, you are entitled to the following rights with respect to your personal data:

• Right to access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)

Right to object

Insofar as we justify the processing of your personal data by the pursuit of our legitimate interests (Art. 6 (1)(f) GDPR), you may object to this processing. When filing an objection, we request you to provide grounds demonstrating why the processing should not be carried out as conducted by us. If you file a justified objection, we will review the factual circumstances and either stop or adjust data processing, or indicate to you our overriding legitimate interests that lead us to continue processing.

Of course, you can object to the processing of your personal data for the purposes of advertising and data analysis at any time.

You can inform us of your objection using the contact data listed under Legal Information.

Withdrawal

You have the right to withdraw consent at any time after granting it to us (Art. 7 (3) GDPR). As a consequence, we will not be allowed to continue with the data processing related to this consent in the future.

Complaint

You also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your workplace or the location of the suspected breach of data privacy if you believe that the processing of your personal data is unlawful.

Third-party use of the contact data published in the Legal Information or similar statements, such as mailing addresses, phone numbers and fax numbers or email addresses, in order to send information that has not been expressly requested, is not permitted. We reserve the right to take legal action against senders of so-called spam emails in case of violations of this restriction.