• EN
  • Privacy Statement

    Protection of data privacy: Your right – our obligation

    We attach great importance to protecting personal data. Therefore, we process your data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the other applicable statutory provisions on the protection of personal data and data security.

    The following information applies to our Internet presence (hereinafter referred to as “website”). It provides you with an overview of what personal data we collect from you through our website, and for what purposes and in what way we use such data. In addition, we provide you with information about the rights you have in relation to your personal data.

    1. CONTROLLER UNDER DATA PROTECTION LAW

    STEAG Energy Services GmbH
    Rüttenscheider Str. 1-3
    45128 Essen
    Germany

    energyservices@steag.com 
    www.steag-energyservices.com 

    2. CONTACT DETAILS OF OUR DATA PROTECTION OFFICER

    STEAG GmbH
    Group Data Protection Officer
    Rüttenscheider Str. 1–3
    45128 Essen
    Germany

    datenschutz@steag.com 
     

    3. PROCESSING OF YOUR DATA

    We process personal data whenever this is necessary for the provision of a functioning service or offering on our website. Any further processing of personal data will only take place with your consent. In the text below, we will inform you about which of our offerings, functionalities or services that you will find on our pages require processing of personal data and which we only provide to you on the basis of your consent.

    4. LEGAL BASIS AND PURPOSES OF PROCESSING

    4.1 Use of the website
    Each time you visit our website, our system automatically collects data and information from the computer system of your terminal device in so-called server log files, which your browser automatically transmits to us. When you access a website, your IP address is anonymized by our website hosting service provider. Data recorded includes:

    • the browser type and browser version used
    • the operating system
    • date and time of the server request
    • status and error codes with execution time
    • website from which the request originates (referrer page)
    • IP address (anonymized before recording)
    • URL/address of the elements to be loaded • type of request (GET or POST)

    Some of this data is automatically transmitted to us due to the settings of your terminal device. In part they are necessary to display our website correctly and to make it secure, as well as to detect and correct possible technical problems (Section 25 para. 2 no. 2 TTDSG). Insofar as we use this data to make our website more usable and attractive, we have a legitimate interest pursuant to GDPR Art. 6 para. 1 sentence 1 lit. f). Your server log data will be deleted after two months at the latest. Since the collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website, you do not have an option to object. Your data will be passed on to our hosting service provider.

    4.2 Information provided by you
    If you use our general contact form, we will receive your message at info@steag.com. We process the data you provide for the purpose specified by you on the basis of your consent (legal basis GDPR Art. 6 para. 1 sentence 1 lit. a). We store information that you send to us via the contact form. The information provided is used for the purpose of processing your request. Your data will be deleted after your request has been processed. You can withdraw your consent at any time with effect for the future, details can be found in section 6 “Your rights”.

    If you request information material through specific contact forms on our website, we process the data you provide using hubspot. See section 4.3.3.

    4.3 Cookies
    In certain areas of our Website, we also use cookies. Cookies are small data elements which a webserver can send to your computer. They store information about the visit to our site.

    Our Website uses different types of cookies. Some cookies ensure the correct functioning of the website (necessary cookies). Others enhance your experience when you visit our website, for example, by not requiring you to set your preferences again when you return to our website. And some give us information about your user behavior on our website so that we can improve the performance of our website.

    The law allows us to store cookies on your device if they are absolutely necessary for the operation of our website. We provide details of all other cookies below, including the purpose and legal basis for their use (legitimate interest or your consent). Some cookies are placed by third parties that appear on our pages; we also indicate this separately below.

    The first time you visit our website, you will be asked if you wish to actively consent to the use of cookies.


    4.3.1 Google Analytics
    If you have given your consent (GDPR Art. 6 para. 1 sentence 1 lit. a), this website uses Google Analytics, a web analytics service provided by Google LLC. The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

    Scope of processing
    Google Analytics uses cookies that enable an analysis of your use of our websites. The information gathered by means of the cookies about your use of this website is usually transmitted to a Google server in the USA and stored there.

    Use of the analytics service includes the Universal Analytics mode: This makes it possible to link data, sessions, and interactions across multiple devices to a pseudonymous user ID and thus analyze a user's activities across devices.

    We use the ‘anonymizeIP’ function (so-called IP masking): Due to the activation of IP anonymization on this Website, your IP address will be truncated by Google within EU member states or in other states party to the Agreement on the European Economic Area. According to information provided by Google, the IP address transmitted by your browser as part of Google Analytics will not be aggregated with other data of Google.

    During your visit to the website, Google Analytics collects the following data, among others:

    • • the pages accessed, in the order viewed (your click path) • achievement of “website goals” (e.g. newsletter sign-ups, downloads) • your user behavior (for example, clicks, length of stay, bounce rates) • your approximate location (city, country) • your IP address (in truncated form) • technical information about your browser and the end devices you use (e.g. language setting, screen resolution) • your Internet provider • website from which the request originates (referrer page)

    Purposes of processing
    On behalf of the operator of this Website, Google will use this information for the purpose of evaluating your use of the Website and compiling reports on Website activity. The reports provided by Google Analytics are used to analyze the performance of our app and the success of our marketing campaigns.

    Recipient
    The recipient of the data is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland as a data processor. For this purpose, we have concluded a data processing agreement with Google. Google has confirmed to us that they process your data in the European Economic Area. We cannot rule out the possibility that Google LLC, based in California, USA, and possibly US authorities may access the data stored by Google. Please also read our risk notice in section 5 “Recipients of your data”.

    Storage period
    The data is automatically deleted after 14 months. The deletion of data whose retention period has expired takes place automatically once a month.

    Legal basis and withdrawal of consent
    Your consent, GDPR Art. 6 para.1 first sentence lit. a) is a prerequisite for such processing of data. You can withdraw your consent at any time with effect for the future. To do so, follow the link provided in section 4.3 “Cookies”.

    You can find more information on the terms of use of Google Analytics and on Google's data protection policy at https://marketingplatform.google.com/about/analytics/terms/de and at https://policies.google.com/?hl=en.

    4.3.2 SalesViewer®-technology
    We use SalesViewer® to improve our website.

    Scope of processing
    SalesViewer® uses a javascript-based tracking code on our website, which is used to acquire the following information (hereinafter referred to as company data) through the process described in more detail here (https://www.salesviewer.com/en/privacy):

    • name, origin and industry of the visiting company
    • website from which the request originates (referrer page)
    • keyword on the referrer page
    • Visitor behavior (e.g. (sub)pages accesses, time of access, duration of visit)

    Purposes of processing
    We use the data collected for marketing, market research and optimization purposes. This means that only company data is collected and processed.


    Recipient
    SalesViewer® uses as subcontractors Hetzer Online GmbH, Industriestr. 25, 91710, Gunzenhausen for server hosting (SalesViewer® infrastructure) and Host Europe GmbH, Welserstr. 14, 51149 Cologne for provision of DNS servers for SalesViewer®. We have concluded a data processing agreement with SalesViewer®.


    Storage period
    The application does not collect any personal user data.


    Legal basis and withdrawal of consent
    Using the technology provided by SalesViewer® GmbH, we collect and store data for marketing, market research and optimization purposes on the basis of legitimate interests (GDPR Art. 6 para.1 sentence 1 lit. f).

    You can object to the collection and storage of data at any time with effect for the future by clicking on this link https://www.salesviewer.com/en/opt-out to prevent the collection of data by SalesViewer® through this website in the future. When you do this, an opt-out cookie for this Website will be placed on your device. If you delete your cookies in this browser, you must click this link again.

    4.3.3 HubSpot
    We use HubSpot for our online marketing activities. We offer you information material using specifically designed forms.

    • first name
    • last name
    • e-mail

    During the registration process, your consent is obtained for the processing of the data and reference is made to this Privacy Statement. You will then receive a confirmation request by e-mail (double opt-in). We need your contact information to provide you with

    • newsletter
    • download services incl. documentation and evaluation
    • social media publications and their evaluation (e.g. traffic sources, accesses, etc. ...).


    Purposes of processing
    Our specific contact forms allow you, as a user of our website, to learn more about our company, download content, and provide us with your contact information and other demographic information. This information and the content of our website are processed and stored on servers of our software partner HubSpot. We use this information for getting in touch with you. We also use cookies to find out which of our company's services are of interest to you. For this purpose, we store information about your interaction with our website, such as documents downloaded, pages visited, date and time of retrieval (“usage data”), and whether and when you have opened marketing e-mails from STEAG.


    Recipient
    The recipient of the data is HubSpot, Inc. as processor. For this purpose, we have concluded a data processing agreement with Hubspot, Inc. Furthermore, we have agreed with the provider that your data will be stored exclusively on servers in the EU and that the email service for the newsletter will be handled via these servers.

    However, we cannot exclude with certainty that HubSpot, Inc, address: 25 First Street, Cambridge, Massachusetts A 02141 USA, and possibly US authorities can access the data stored by HubSpot. Please also read our risk notice in section 5 “Recipients of your data”.


    Where can I learn more about HubSpot?
    HubSpot is a software company from the USA with a branch office in Berlin (HubSpot Germany GmbH, Unter den Linden 26, 10117 Berlin).

    More information about the Privacy policy of HubSpot

    More information from HubSpot regarding the EU data protection regulations


    Storage period
    Your data will be deleted after 90 days.


    Legal basis and withdrawal of consent
    Your Individual consent, GDPR Art. 6 para.1 first sentence lit. a) is a prerequisite for such processing of data. For the services you select, HubSpot requests a double-opt-in in compliance with data protection regulations. You can withdraw your consent at any time with effect for the future. For this purpose, we provide a link in each notification email. Further details can be found in section 6 “Your rights”.

    4.3.4 Social networks and media
    Icons
    Our website has embedded social network icons from Youtube, LinkedIn, Instagram and Twitter. The icons only allow you to access these networks via an external link. The icons are not share-buttons but only hyperlinks.


    Podcast icon
    The podcast icon leads to an internal page with our podcast offering.

    We host our podcasts in Germany with the provider Podigee GmbH, Schlesische Str. 20, 10997 Berlin). For this purpose, we have concluded a data processing agreement with Podigee.

    When clicked, the podcasts are loaded by Podigee and output via iFrame on the STEAG website. You can also download the podcasts in various formats. If you choose this option, you will be redirected directly to Podigee.

    Podigee processes IP addresses and device information to enable podcast downloads/playbacks and to determine statistical data, such as view numbers. This data is anonymized or pseudonymized before being stored in Podigee’s database unless it is necessary for the provision of the podcasts. Further information and objection options can be found in Podigee’s privacy policy: https://www.podigee.com/en/about/privacy/


    YouTube embeds
    Furthermore, we use so-called embeds of the platform YouTube for videos that you can find on our website. YouTube is a service of Google Ireland Limited, Gordon House, Barrow Street Dublin 4 Ireland. The embedding is done through the technical process of so-called framing. Framing is the process of simply inserting an HTML link provided by YouTube into the code of a website to create a playback frame on our website (so-called third-party presence) and thus enable the video stored on YouTube servers to be played. We use the framing codes generated by YouTube in the so-called “extended data protection mode”. According to the information provided by YouTube, usage data is only transmitted when the user clicks on the play button and starts the video. If you visit our pages without using the video offer, no data is transmitted to YouTube. We offer videos in our legitimate interest to provide you with vivid insights into our company and to explain our products (GDPR Art. 6 para. 1 sentence 1 lit. f).

    For information on what data is processed by YouTube and for what purposes this data is used, please refer to YouTube’s privacy policy.


    Social media presence
    We maintain presences in social media. For more information, please refer to this page.

    4.3.5 OpenStreetMap / uMap
    On our Website we use the services of the uMap open-source project to provide individual maps with markers via an API (programming interface) of the OpenStreetMap map service. The purpose of this is to display interactive maps directly on the Website, to make it easy to find the places we indicate on the Website, and to enable you to use the map function conveniently. The service provider is the OpenStreetMap Foundation (OSMF for short), 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom.

    Each time a user accesses a corresponding page, data for uMap is requested from OSM caching servers (usually the one closest to their location, list available at hardware.openstreetmap.org/#tile-caches) and servers in France and displayed in the browser. At the same time, data is also sent to these servers and temporarily processed in a log file. Specifically, the following data is stored for each access/request:

    • date and time of the request (timestamp) as well as the IP address of the accessing device or server,
    • request details and destination address (protocol version, HTTP method, referrer, UserAgent string),
    • name of the retrieved file and transferred data volume (requested URL incl. query string, size in bytes), and
    • message indicating whether the request was successful (HTTP status code).

    This log data is stored for a certain period of time. It is used for statistical evaluation, error analysis and defense against attacks. The processing of the IP address is necessary to enable communication on the Internet. OpenStreetMap’s privacy policy can be found at wiki.osmfoundation.org/wiki/Privacy_Policy and wiki.osmfoundation.org/wiki/Services_and_tile_users_privacy_FAQ.

    4.3.6 Our website
    We use IT and support service providers to provide the website. These service providers are carefully selected by us and act as processors for us.

    Our hosting provider is Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany.

    Our website agency is BOROS, Hofaue 63, 42103 Wuppertal, Germany.

    5. RECIPIENTS OF YOUR DATA / TRANSFER TO THIRD COUNTRIES

    The processing of data will be carried out generally within a member state of the European Union (EU) or within a member state of the European Economic Area (EEA). Transfer of personal data to a third country or access to such data from a third country shall only take place if the special requirements of Art. 44 ff. GDPR are satisfied (e.g., by agreement of Standard Contractual Clauses or if the recipient acts on a legal basis adopted by the European Commission pursuant to Art. 45 (1) GDPR (so-called “adequacy decision”)). For more details, please refer to the individual service providers mentioned in section 4 hereinabove.

    Note: Transfer of data to the USA
    With regard to the use of analysis cookies and third-party cookies (such as Google or YouTube), data transfer to the USA cannot be ruled out. Unfortunately, this is currently not possible in a data protection compliant manner. In this respect, please note this when you give us your consent regarding the setting of these cookies.

    We would like to point out that in its ruling of July 16, 2020 (Case C-311/18), the ECJ held the EU-US Privacy Shield agreement on the permissible transfer of data between the EU and the USA to be inadmissible and that personal data cannot currently be transferred to the USA in a data protection-compliant manner. The reason for this is existing legislation in the USA, which gives the security authorities far-reaching powers to monitor "foreign communications". We hereby expressly draw your attention to this risk.

    6. YOUR RIGHTS

    You have a right of access, i.e. you may request that we disclose to you all your personal information that we have collected and hold for a certain period of time (Art. 15 GDPR). Furthermore, you may also request rectification (Art. 16 GDPR) or erasure (Art. 17 GDPR) or restriction of processing (Art. 18 GDPR) and have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR in conjunction with Section 19 BDSG).

    Where we process your personal data on the basis of your consent, you can withdraw this consent at any time with effect for the future. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent prior to your withdrawal of consent, but prevents future processing.

    Notices of withdrawal of consent and other requests can be addressed to our Group Data Protection Officer..

    Of course, you can object to the processing of your personal data for purposes of advertising at any time with effect for the future. You can inform us of your objection to advertising using the following contact details: energyservices@steag.com.

    We take your inquiries and concerns very seriously and always endeavor to address them.

    Furthermore, you have the right to lodge a complaint with a data protection supervisory authority pursuant to Article 77 GDPR in conjunction with Section 19 BDSG. In North Rhine-Westphalia, the competent data protection supervisory authority is: Landesbeauftragte für Datenschutz und Informationsfreiheit (State Commissioner for Data Protection and Freedom of Information), North Rhine-Westphalia Kavalleriestr. 2 – 4, 40213 Düsseldorf, Germany.

     

    Last updated: January 2022