Privacy and data protection
Thank you for visiting our website and for your interest in our agency. We are committed to protecting your personal data. Below you will find information on how your personal data are handled when you use our web presence.
1. Privacy and data protection at a glance
General information
The following information gives you an overview of what happens with your personal data when you visit this website. Personal data are all data with which you can be personally identified. You will find further details on privacy and data protection in the rest of our Privacy Policy.
Data collection on this website
Who is responsible for data collection on this website?
The data collected on this website are processed by the website operator. The relevant contact details are contained in the “Information on the controller” section of this Privacy Policy.
How do we collect your data?
Some data are collected when you provide them to us, such as data that you enter in a contact form.
Other data are collected, either automatically or following your consent, by our IT systems when you visit the website. These are primarily technical data (e.g. browser, operating system or time of site visit). These data are collected automatically as soon as you access this website.
For what do we use your data?
Some of the data are collected to guarantee the faultless provision of the website. Other data may be used to analyse your user behaviour.
What are your rights in respect of your data?
You have the right to obtain information about the origin, recipients and purpose of your stored personal data at any time, free of charge. You also have the right to obtain the rectification or erasure of these data. If you have consented to data processing, you may withdraw this consent at any time with effect for the future. You also have the right to obtain the restriction of processing of your personal data under certain circumstances. Furthermore, you have the right to lodge a complaint with the relevant supervisory authority.
You may contact us at any time regarding these and other matters relating to privacy and data protection.
Analytics and third-party tools
Your surfing behaviour may be statistically analysed when you visit this website. This happens mainly through the use of analytics programs.
Detailed information on these analytics programs is provided further below in the Privacy Policy.
2. Hosting
Mittwald
Our website is hosted by Mittwald. The hosting service is provided by Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp (hereinafter: Mittwald).
For details, please refer to the Mittwald Privacy Policy (only available in German): https://www.mittwald.de/datenschutz.
Mittwald is used on the basis of Art. 6(1)(f) of the EU General Data Protection Regulation (GDPR). We have a legitimate interest in ensuring that our website is presented as reliably as possible. If the relevant consent has been requested, the processing is conducted solely on the basis of Art. 6(1)(a) GDPR and Section 25(1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG), provided the consent includes the storage of cookies or accessing of information on the user’s device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent may be withdrawn at any time.
Commissioned processing
We have concluded a commissioned processing agreement (CPA) with the aforementioned provider. This is an agreement prescribed by data protection law that ensures that the provider processes the personal data of our website visitors solely in accordance with our instructions and in compliance with the GDPR.
3. General and mandatory information
Privacy and data protection
The operators of this website take the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with data protection laws and this Privacy Policy.
Various personal data are collected when you use this website. Personal data are data with which you can be personally identified. This Privacy Policy explains which data we collect and what we use them for. It also explains how and why this is done.
Please note that security vulnerabilities may arise when transmitting data over the Internet (e.g. email communication). It is not possible to completely protect data against third-party access.
Information on the controller
The data controller for this website is:
NRW.Energy4Climate GmbH
Kaistraße 5
40221 Düsseldorf
Phone: +49 211 822086-430
Email: kontakt@energy4climate.nrw
The controller is the natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g. names, email addresses and so on).
Storage period
Unless a specific storage period is mentioned in this Privacy Policy, we retain your personal data until the purpose of the data processing no longer applies. If you make a legitimate request for erasure or withdraw your consent to data processing, your data are erased unless we have any other legally permissible grounds for storing your personal data (such as retention periods set out under tax or commercial law); in the case of the latter, the data are erased as soon as these grounds no longer exist.
General information on the legal basis for the data processing on this website
If you have consented to the data processing, we process your personal data on the basis of Art. 6(1)(a) GDPR or on the basis of Art. 9(2)(a) GDPR if special categories of data are processed in accordance with Art. 9(1) GDPR. If you have consented to the storage of cookies or accessing of information on your device (e.g. via device fingerprinting), the data are also processed on the basis of Section 25(1) TTDSG. Consent may be withdrawn at any time. If your data are necessary for the performance of a contract or in order to take steps prior to entering into a contract, we process your data on the basis of Art. 6(1)(b) GDPR. Furthermore, if your data are necessary to comply with a legal obligation, we process them on the basis of Art. 6(1)(c) GDPR. In addition, the data may be processed on the basis of our legitimate interest pursuant to Art. 6(1)(f) GDPR. Information on the relevant legal basis in each individual case is provided in the following sections of this Privacy Policy.
Data Protection Officer
We have appointed a Data Protection Officer for our company.
Vladimir Siemens
ecoprotec GmbH
Pamplonastraße 19
33106 Paderborn
Phone: +49 5251 877 888-303
Email: siemens@ecoprotec.de
Information on data transfer to the USA and other third countries
Among others things, we use tools of companies based in the USA or other third countries considered non-secure under data protection law. If these tools are enabled, your personal data may be transferred to these third countries and processed there. Please note that a level of data protection comparable to that in the EU cannot be guaranteed in those countries. For example, US companies are obligated to release personal data to security authorities without you as the data subject being able to take legal action to prevent this. The possibility cannot therefore be excluded that US authorities (e.g. intelligence services) may process, evaluate and permanently store your data on US servers for monitoring purposes. We have no influence over these processing activities.
Withdrawal of your consent to data processing
Many data processing procedures require your express consent. You may withdraw any consent already given at any time. The lawfulness of the data processing up to the point of the withdrawal remains unaffected by the withdrawal.
Right to object to data collection in special cases and for direct marketing (Art. 21 GDPR)
You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on art. 6(1)(e) or (f) GDPR, including profiling based on those provisions. To determine the legal basis on which any processing is based, please consult this privacy policy. If you object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims (objection pursuant to art. 21(1) GDPR).
Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object, your personal data will no longer be subsequently used for direct marketing purposes (objection pursuant to art. 21(2) GDPR).
Right to lodge a complaint with the relevant supervisory authority
In the event of an infringement of the GDPR, the data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State, of their habitual residence, place of work or place of the alleged infringement. This right to lodge a complaint exists without prejudice to any other administrative or judicial remedy.
In our case, the competent supervisory authority is:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
(North Rhine-Westphalia Commissioner for Data Protection and Freedom of Information)
Kavalleriestraße 2–4
40213 Düsseldorf
Phone: 02 11/384 24-0
Email: poststelle@ldi.nrw.de
Right to data portability
You have the right to receive or to have a third party receive data we automatically process based on your consent or in performance of a contract in a commonly used and machine-readable format. If you request that the data be transmitted directly to another controller, this is only done where technically feasible.
SSL/TLS encryption
This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content, such as orders and requests you send to us as the website operator. You can recognise an encrypted connection by the fact that the browser address line changes from http:// to https:// and by the lock icon in your browser line.
If SSL/TLS encryption is enabled, the data you transmit to us cannot be read by third parties.
Access, erasure and rectification
In accordance with the applicable legal provisions, you have the right, at any time and free of charge, to access information about your stored personal data, their origin and recipients, and the purpose of the data processing and, where applicable, the right to rectification and erasure of these data. You may contact us at any time regarding these and other matters relating to personal data.
Right to restriction of processing
You have the right to obtain the restriction of processing of your personal data. You may contact us at any time in relation to this. The right to restriction of processing exists in the following circumstances:
If you contest the accuracy of your personal data held by us, we generally need some time to verify this. You have the right to obtain restriction of processing of your personal data for the duration of this period.
If the processing of your personal data was/is unlawful, you may request the restriction of data processing as opposed to the erasure of the data.
If we no longer need your personal data but you require them for the establishment, exercise or defence of legal claims, you have the right to obtain restriction of processing of your personal data as opposed to their erasure.
If you have objected to processing pursuant to Art. 21(1) GDPR, the balance of your interests and ours has to be considered. Pending verification of which grounds override the others, you have the right to obtain restriction of processing of your personal data.
Where you have restricted processing of your personal data, such data will, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.
Objection to advertising emails
We hereby object to the use of contact details published within the context of the obligation to provide a legal notice to send advertising and information material that has not been expressly requested. The website operators expressly reserve the right to take legal steps if unsolicited advertising, such as email spam, is sent.
4. Data collection on this website
Server log files
The website provider automatically collects and stores information in “server log files” that your browser automatically transmits to us. These are:
- Browser type and version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
These data are not merged with other data sources.
These data are collected on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in a presentation that is free of technical errors and in the optimisation of its website – the server log files are required to ensure this.
Contact form
If you submit queries to us via contact form, we store your information from the query form, including the contact details you provide there, for the purpose of processing your query and in case there are follow-up queries. These data are not shared without your consent.
These data are processed on the basis of Art. 6(1)(b) GDPR if your request is in connection with the performance of a contract or is necessary in order to take steps prior to entering into a contract. In all other cases, the processing is based on our legitimate interest in the effective processing of the queries submitted to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if this was requested.
We keep the data you enter in the contact form until you ask us to erase them, withdraw your consent to their storage or the purpose for which the data are stored no longer applies (e.g. once your query has been dealt with). Mandatory statutory provisions – especially retention periods – remain unaffected.
Queries via email, phone or fax
If you contact us via email, phone or fax, we store and process your query, including all of the personal data resulting from this (name, query), for the purpose of processing your query. These data are not shared without your consent.
These data are processed on the basis of Art. 6(1)(b) GDPR if your request is in connection with the performance of a contract or is necessary in order to take steps prior to entering into a contract. In all other cases, the processing is based on our legitimate interest in the effective processing of the queries submitted to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if this was requested.
We keep the data you send to us via contact queries until you ask that we erase them, you withdraw your consent to their storage or the purpose for which the data are stored no longer applies (e.g. once the matter has been dealt with). Mandatory statutory provisions – especially statutory retention periods – remain unaffected.
5. Newsletter
On our website, we use the newsletter service Microsoft Dynamics 365 Marketing, a service offered by Microsoft Ireland Operations Limited, based in Ireland; subsidiary of Microsoft Corporation, USA, (hereinafter "Microsoft"). The e-mail address you provide will be used to send the newsletter. The data will be processed within the European Union.
Purpose
We use the system to send e-mail messages (e.g. in connection with the provision of downloads), for event management (e.g. to manage event participants) and to provide landing pages and contact forms.
E-mail tracking
The statistical information collected also includes whether the newsletter was opened, when it was opened and which links you clicked on. In addition, your registration for the newsletter is logged in order to be able to prove the consent given in accordance with the GDPR. This includes the consent text, the storage of the registration and confirmation time, as well as the IP address. While this information can technically be assigned to individual newsletter recipients, the evaluation of personal data has been deactivated and information about newsletter recipients is only analyzed pseudonymously and cannot be decrypted and assigned to individual users.
Collection of data / Double-Opt-In
The registration for our newsletter is subject to a so-called double opt-in procedure. This means that after registering for our newsletter, you will receive an e-mail asking you to confirm your subscription. Such confirmation is necessary to ensure that people do not subscribe with someone else's e-mail address. The newsletter subscription is logged so that the subscription process can be verified in accordance with legal requirements. This includes the recording of the date and time of subscription and confirmation, as well as the IP address. The changes to your data stored by the email marketing service provider are also logged.
Legal basis
The use of Microsoft and the system, the collection and analysis of statistics and the logging of the registration process for email communication are based on your consent to receive email communication via Microsoft Dynamics 365 in accordance with Art. 6 (1)(a) GDPR, in accordance with Art. 6 (1)(f) GDPR when downloading whitepapers and in accordance with § 25 para. 1 TTDSG regarding the use of cookies. Consent can be revoked at any time for the future.
Recipient
In addition to NRW.Energy4Climate GmbH, the recipient of the data is Microsoft Dynamics 365 as an order processor. The data is processed within the European Union. The data protection supplement for Microsoft products and services applies, more information can be found at https://privacy.microsoft.com.
Unsubscription / revocation / storage period
You can revoke your consent to the storage of data, the e-mail address and its use for sending the newsletter at any time and unsubscribe from the newsletter. There is an unsubscribe link at the end of each newsletter. The personal data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe. Data stored by us for other purposes remains unaffected by this.
Microsoft Privacy Policy
Further data protection information can be found in the Microsoft data protection declaration at: https://privacy.microsoft.com/en-US/privacystatement.
6. Plugins and Tools
Cleverreach
This website offers the option of using Cleverreach services. CleverReach GmbH & Co. KG (registered in the commercial register at the Oldenburg Local Court in Oldenburg (Oldb) under HRA 4020, Germany/Germany (for further details see imprint) offers and operates web-based services under the website address https://www.cleverreach.de. The contracting parties are the customer and CleverReach GmbH & Co. KG (hereinafter referred to as the "Provider").
If you register for the service, personal data such as your e-mail address, name, date of birth and place of residence will also be requested and processed during the registration process. In addition to the time and date of registration, your IP address is also recorded and stored on CleverReach servers. Web analysis data on your usage behavior with the newsletter (e.g. whether you click on a link) may also be processed.
You can find out more about the data processed through the use of CleverReach in the privacy policy at: https://www.cleverreach.com/en-de/privacy-policy/.
YouTube with enhanced privacy
This website contains YouTube videos. The pages are operated by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube with privacy-enhanced mode enabled. According to YouTube, this mode ensures that YouTube does not store any information about visitors to this website before they watch a video. However, the transfer of data to YouTube partners is not necessarily ruled out through privacy-enhanced mode. For example, YouTube establishes a connection to the Google DoubleClick network regardless of whether you watch a video.
As soon as you start a YouTube video on this website, a connection is established to YouTube’s servers. The YouTube server is then given information on which of our pages you visited. If you are logged into your YouTube account, you enable YouTube to directly assign your surfing behaviour to your personal profile. You can prevent this by logging out of your YouTube account.
Furthermore, once a video has started, YouTube can store various cookies on your device and use comparable recognition technology (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used in a number of ways, such as to gather video statistics, improve the user experience and prevent attempted fraud.
If necessary, further data processing operations over which we have no influence may be triggered after a YouTube video starts playing.
YouTube is used in the interest of making our website appealing. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. If the relevant consent has been requested, the processing is conducted solely on the basis of Art. 6(1)(a) GDPR and Section 25(1) TTDSG, provided the consent includes the storage of cookies or accessing of information on the user’s device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent may be withdrawn at any time.
More information on data protection at YouTube is contained in its privacy policy at: https://policies.google.com/privacy?hl=de.
OpenStreetMap
We have integrated the maps of the "OpenStreetMap" service, which are offered on the basis of the Open Data Commons Open Database License (ODbL) by the OpenStreetMap Foundation (OSMF). The user data is used by OpenStreetMap exclusively for the purpose of displaying the map functions and for caching the selected settings. This data may include, in particular, users' IP addresses and location data, which, however, are not collected without their consent (usually as part of the settings of their end devices or browsers); service provider: OpenStreetMap Foundation (OSMF); Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.openstreetmap.de
If you do not agree to the future transmission of your data in the context of the use of OpenStreetMap, you also have the option of completely deactivating the Google Maps web service by turning off the JavaScript application in your browser. Google Maps and thus also the map display on this website can then not be used.
You can view Google's terms of use at https://www.google.de/intl/de/policies/terms/regional.html, the additional terms of use for Google Maps can be found at https://www.google.com/intl/de_US/help/terms_maps.html.
Detailed information on data protection in connection with the use of OpenStreetMap can be found on: https://wiki.osmfoundation.org/wiki/Privacy_Policy.
Vimeo
(1) We have integrated videos from the provider Vimeo LLC, headquartered at 555 West 18th Street, New York, New York 10011.
(2) Some of our web pages contain videos from Vimeo. When you access such a page on our website, a connection to the Vimeo servers is established. This tells the Vimeo server which of our web pages you have visited. If you are logged in to Vimeo as a member, Vimeo assigns this information to your personal user account. When you click on the start button of a video, this information can also be assigned to an existing user account. You can prevent this assignment by logging out of your Vimeo user account before using our website and deleting the corresponding cookies from Vimeo.
(3) We use this service within our online offering on the basis of a legitimate interest - in the analysis, optimization and economic operation of our online offering. The legal basis is Art. 6 para. 1 lit. f.) GDPR.
(4) Further information on data processing and information on data protection by Vimeo can be found at www.vimeo.com/privacy
(5) Vimeo also calls up the Google Analytics tracker via an iFrame in which the video is called up. This is Vimeo's own tracking, to which we have no access. You can prevent tracking by Google Analytics by using the deactivation tools that Google offers for some Internet browsers. Users can also prevent Google from collecting the data generated by Google Analytics and relating to their use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: www.tools.google.com/dlpage/gaoptout.
Momice
We have integrated the “Momice Event” Service. Momice uses user data exclusively for the purpose of organizing and inviting users to events. This data may include, in particular, the name, e-mail address and IP addresses of users, which are not collected without their consent (partly as settings of their end devices or browsers and partly by explicit consent).
Service provider: Momice B.V., with its principal place of business located on Hoogoorddreef 73, 1101 BB in Amsterdam and registered with the Dutch Chamber of Commerce under file number 83930175.
Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. a and f) GDPR); Website: https://www.Momice.com
Detailed information on data protection in connection with the use of “Momice Event” can be found on: https://www.momice.com/en/information-security.
Our social media presence
Data processing by social networks
We maintain publicly accessible profiles on social networks. The individual social networks we use can be found below.
Social networks such as LinkedIn, Twitter, etc. can generally analyse your user behaviour comprehensively if you visit their website or a website with integrated social media content (e.g. Like buttons or advertising banners). Visiting our social media presence triggers numerous processing operations with data protection relevance. Specifically:
If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, however, your personal data can also be collected even if you are not logged in or do not have an account with the respective social media portal. In this case, these data are collected using cookies stored on your device or by recording your IP address, for example.
Using the data thus collected, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, you can be shown targeted advertising within and outside of the respective social media presence. If you have an account with the respective social network, the targeted advertising can be displayed on all devices on which you are or were logged in.
Please also note that we cannot track all processing operations on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. For details on this, please refer to the terms of use and privacy provisions of the respective social media portals.
Legal basis
Our social media profiles are intended to ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6(1)(f) GDPR. The analysis processes initiated by the social networks may have differing legal bases that must be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6(1)(a) GDPR).
Controller and enforcement of rights
If you visit one of our social media profiles (e.g. on LinkedIn), we act as joint controller together with the operator of the social media platform in respect of the data processing operations triggered during this visit. In principle, you can enforce your rights (access, rectification, erasure, restriction of processing, data portability and complaint) vis-à-vis us and the operator of the respective social media portal (e.g. LinkedIn).
Please note that, despite joint controllership with the social media operators, we do not have complete influence over the data processing operations of the social media portals. Our options depend significantly on the corporate policy of the respective provider.
Storage period
The data collected directly by us via the social media presence are erased from our systems once you request their erasure, you withdraw your consent to their storage or the purpose for the data storage expires. Stored cookies remain on your device until you delete them. Mandatory statutory provisions – especially retention periods – remain unaffected.
We have no influence over the length of time for which your data are stored by operators of the social networks for their own purposes. For details on this, please refer directly to the operators of the social networks (e.g. the information in their privacy policy, see below).
Individual social networks
We have a profile on LinkedIn. This service is provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.
If you wish to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Data are transferred to the USA on the basis of the EU Commission’s Standard Contractual Clauses. Details are available here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.
For details on how LinkedIn handles your personal data, please refer to its Privacy Policy: https://www.linkedin.com/legal/privacy-policy.
YouTube
We have a profile on YouTube. This service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For details on how it handles your personal data, please refer to the YouTube Privacy Policy.
X. Amendments
We reserve the right to amend this Privacy Policy at any time. Any changes will be announced by publishing the amended Privacy Policy on our website. Unless otherwise specified, such amendments will take effect immediately. Therefore, please check this Privacy Policy regularly in order to view the latest version.
Last updated in November 2023.