Data Protection

As a matter of principle, personal data are only processed provided this is necessary for the respective purpose, and a corresponding legal basis applies, or you have granted your consent to us in that respect. Personal data may normally be processed based on the following legal bases

• Article 6(1), Point a., GDPR, and, where applicable, Article 49(1), Point a., GDPR, (consent of the data subject and, where applicable, consent to the transfer of personal data to a third country in which an adequate level of data protection cannot be guaranteed).
• Article 6(1), Point b., GDPR, (executing a contractual relationship with the data subject, pre-contractual measures following an enquiry by the data subject)
• Article 6(1), Point c., GDPR, (complying with a legal obligation of our company)
• Article 6(1), Point f., GDPR, (exercising a legitimate interest pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (weighing up of interests)).

Insofar as consent serves as the legal basis for processing, you may revoke your consent at any time without giving reasons. The revocation is generally only effective for the future. This means that the revocation of the declaration of consent does not render the previous processing inadmissible until receipt of the revocation of consent.

Information on the relevant (or also supplementary) legal bases in each individual case is provided in the following sections of this data protection declaration.

It is a matter of course for us to ensure complete protection of your personal data on this website. Unfortunately, in the case of electronic data transmissions via the Internet – despite all the technical and organisational measures we have taken – it can never be completely ruled out that security gaps may occur.

Unless otherwise stated by us, TEG will neither sell your personal data to third parties nor market it in any other way. Personal data is always processed in accordance with the applicable regulations and generally only for the legitimate purposes described in each case. Your data will be deleted once the purpose has been fulfilled, unless this conflicts with statutory retention periods.

Unless otherwise stated in the following passages, the transfer of personal data to third countries or international organisations is not intended.

Where we process your personal data, in dealings with us in relation to the processing of your personal data you shall have the following rights, which you may exercise against us at any time. In detail you may exercise the following rights:

• Information
• Rectification of data
• Restriction of processing
• Erasure of data
• Data portability.

Insofar as we process your personal data on the basis of legitimate interests (Article 6(1), Point f., GDPR), you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation. We shall then no longer process your data for this purpose/these purposes, unless our interests merit protection or the processing serves the assertion, exercise or defence of legal claims. Irrespective of the above, in the case of direct marketing, you may object to the processing of your personal data at any time without giving reasons.

In addition, you have the right to lodge a complaint with a supervisory authority responsible for data protection about the processing of your personal data by us.

Insofar as the processing is based on granted consent, you have the right to withdraw the consent at any time without such action affecting the legality of the processing that applies on the basis of the consent up until withdrawal.

If you wish to exercise your rights against us, please use the details stated above to contact the controller.

If you assert your rights against us, we shall process your personal data collected in this context to process your request. Your personal data are processed to honour a legal obligation on the basis of Article 6(1), Point c., GDPR.

During every visit, data within the meaning of Section 25(2), No. 2, TTDSG (German Telecommunications and Telemedia Data Protection Act) are processed on our web server merely for statistical collections and to guarantee the security and stability of the system. Our justified interest in processing personal data in this context in accordance with Article 6, Point f., GDPR, which simultaneously serves as the legal basis, also applies to the aforementioned purposes. Provided nothing to the contrary is stated, data are only forwarded as part of technical necessities to the service providers commissioned with the task of supporting the homepage.

The processed personal data include your IP address, the individual pages that you have viewed on the TEG website and the data quantities that were forwarded during your visit. To that end the date and duration of your visit and the website or the link via which you gained access to our website are stored, including by way of a so-called Session Cookie. This is aimed at identifying you as a user in a technical sense during each Website visit. Such data do not enable us to draw any conclusions about your person. The Session Cookie is automatically deleted when you leave the website. Furthermore, you have the option of controlling the use and storage of Cookies via your browser settings. You can find more detailed information about all Cookies, including from third party suppliers, in “Cookie Information”.

We adopt technical, up-to-date, measures to protect your data from unintentional or intentional manipulation, loss, destruction or access by unauthorised third persons. TEG consistently further develops and improves these technical and organisational measures.

To prevent misuse of the data by third parties, in the aforementioned cases your data are transmitted in a secure, encrypted, form. The Tengelmann Energie website uses the 256-Bit-TLS 1.2 encryption (Transport Layer Security 1.2). Such encryption of the connection ensures the best possible security when transmitting data between a client and a server.

So-called Cookies are used on our homepage. Cookies are text files that are stored by a website in the browser of the person visiting that website and used to exchange information with the homepage server.

On our homepage we use the following Cookies that are necessary in a technical sense within the meaning of Section 25(2), No. 2, TTDSG, so that all essential functions of the site can be correctly delivered and displayed to you (the legal basis for the processing of personal data using Cookies is Article 6(1), Point f., GDPR):

You can prevent the use of Cookies in your browser settings for customary use. If the Cookies that are required in a technical sense are prevented, it may however be the case that our site can no longer be displayed in full and correctly.

Furthermore, optional Cookies are used on our site by the service providers described below and are only set based on your consent in accordance with Section 25(1), TTDSG. Processing personal data collected in this way is based on your consent in accordance with Article 6(1), Point a., GDPR, and/or, where applicable, in accordance with Article 49(1), Point a., GDPR, insofar as such data are forwarded to the US by our service partners. When you view the settings for these Cookies, and potentially amend them (in particular withdraw your consent), you can use the following link to again call up the settings you have made:

With your consent, we use the Google Tag Manager from Google Ireland, as a tool to manage and control Cookies, conversion pixels or tracking codes from programmes such as Google Analytics or Bing Ads.

In view of the fact that Tag Manager is integrated by a Google server, this means a transfer of personal data in the form of the IP address from the website to Google as soon as you visit our website. The data are forwarded within the Google Group such that the data are essentially processed by Google LLC in the US.

Insofar as data are processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have entered into EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. Transfer of data to the US and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not have any legal remedies against access by authorities.

The legal basis for this data processing is your consent in accordance with Section 25(1), TTDSG, in conjunction with Article 6(1), Point a., GDPR and, where applicable, Article 49(1), Point a., GDPR.
You can cancel your consent at any time with effect for the future by calling up the Cookie settings in this policy and changing your selection there. This does not affect the lawfulness of the processing performed on the basis of the consent up to the withdrawal.

If you have given your consent, this website uses Google Analytics 4, a web analytics service provided by Google LLC of California, USA. The responsible entity for users in the European Union (EU)/European Economic Area (EEA) is Google Ireland Limited, Ireland (“Google”).

Google Analytics uses Cookies that enable an analysis of your use of our websites. Information collected by way of the Cookies about how you use this website is usually sent to, and stored on a server operated by, Google and located in the USA.

In Google Analytics 4, the anonymisation of IP addresses is activated by default. Due to IP anonymisation, your IP address shall be shortened by Google within member states of the EU or in other EEA contracting states. Only in exceptional cases shall the full IP address be forwarded to a Google server in the US and shortened there.

During your visit to the website, your user behaviour is recorded in the form of “events”. Events may include

• Page views
• First visit to the website
• Start of session
• Your “click path”, interaction with the website
• Scrolls (whenever a user scrolls to the bottom of the page (90%))
• Clicks on external links
• Internal search queries
• Interaction with videos
• File downloads
• Ads seen / clicked on
• Language setting

Also recorded:

• Your approximate location (region)
• Your IP address (in shortened form)
• Technical information about your browser and the end devices you use (e.g. language setting and screen resolution)
• Your internet provider
• The referrer URL (via which website/advertising medium you came to this website)

Google shall use this information on our behalf to evaluate your use of the website, compile reports on website activity and render other services relating to website activity. The reports provided by Google Analytics are used to analyse the performance of our website and the success of our marketing campaigns.

The data are forwarded within the Google Group such that the data are essentially processed by Google LLC in the US.

Insofar as data are processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have entered into EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. Transfer of data to the US and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not have any legal remedies against access by authorities.

The data sent by us and linked to Cookies are automatically deleted after 2 months. Data for which the retention period has been reached are automatically deleted once a month.

The legal basis for this data processing is your consent in accordance with Section 25(1), TTDSG, in conjunction with Article 6(1), Point a., GDPR and, where applicable, Article 49(1), Point a., GDPR.

You can cancel your consent at any time with effect for the future by calling up the Cookie settings in this policy and changing your selection there. This does not affect the lawfulness of the processing performed on the basis of the consent up to the withdrawal.

In addition to not giving your consent, you may also prevent the storage of Cookies from the outset by setting your browser software accordingly. However, if you configure your browser to reject all Cookies, this may result in limited functionality on this and other websites.

Please use the following links for more information on the terms and conditions of use of Google Analytics and data protection at Google:

https://marketingplatform.google.com/about/analytics/terms/de/

https://policies.google.com/?hl=de.

We incorporate YouTube videos on our website. The YouTube operator is Google Ireland Limited, Ireland, (“Google”). By integrating YouTube in our website, we also make use of further services from Google, Google Fonts as well as Google Photos, to create an appealing video preview. We use YouTube in an extended data protection mode. This means that YouTube is unable to store any information about the website visitors before the user clicks on the video to view it. The forwarding of data to YouTube partners is not automatically ruled out by way of the extended data protection mode. YouTube establishes a connection to the Google DoubleClick network including without the video being viewed. As soon as you start a YouTube video on the page, a connection is established to the YouTube servers. Among other things, your IP address is forwarded, the pages on our website that you have visited, your device configurations (e.g. browser, operating system, resolution, etc.) and how you watched the video.

Furthermore, YouTube can set various Cookies on your terminals following the start of a video. In this manner YouTube can obtain information about website visitors. This information is used to collate video statistics, improve user friendliness and prevent attempted fraud. Where applicable, following the start of YouTube, further data processing operations may begin upon which we have no influence.

If you are logged in with a Youtube or Google account or log in there, it cannot be ruled out that Google or Youtube will link your interactions on our site to the respective profile.

As part of the incorporation described above and use of YouTube, it cannot be ruled out that data are transferred to the USA and stored there. The US is classified as a so-called third country for data protection purposes, in which different legal data protection provisions apply compared to the European Union and therefore the legally required level of data protection may be lower than that of the European Union.

The legal basis for processing your personal data by YouTube and the other services Google Fonts and Google Photos is the consent you give in the Cookie settings. You may withdraw your granted consent at any time in the settings to take effect in the future. The use of YouTube on our site as described above, including the possible forwarding of your personal data to third countries, is based on your consent (Section 25(1), TTDSG, for the use of Cookies, Article 6(1), Point a., GDPR, Article 49(1), Point a., GDPR, for the basic processing of your personal data and the possible transfer to third countries). The consent may be withdrawn at any time for the future via our Cookie settings. If the data are transferred to the US, in addition to YouTube, authorities may also gain access to such data under the legal requirements in accordance with American law. TEG has no influence on the scope of the data processed by YouTube, the type of processing or use or the transfer of such data to third parties. We also have no effective means of control in this respect. You can find more information about data protection at YouTube in its data protection policy (below is an external link): https://policies.google.com/privacy?hl=de

We use the so-called LinkedIn Insight Tag of the LinkedIn platform operated by LinkedIn Ireland Unlimited Company, Ireland. We process the data obtained by the LinkedIn Insight Tag to evaluate or campaigns, where applicable improve them and collect information about the website visitors who have gained access to our campaigns on LinkedIn. To that end the LinkedIn Insight Tag is integrated in our pages and a Cookie is set on your terminal by LinkedIn.

By way of this technology we can draw up reports on the performance of our advertisements and information about website interaction. The LinkedIn Insight Tag is incorporated in this website for that reason, for which a connection is established with the LinkedIn server.
The LinkedIn Insight Tag facilitates the collection of data about the visitors on our website, including URL, referrer URL, IP address, device and browser features (User Agent) and the time stamp. The IP addresses are shortened or (if they are used to reach members on a device-wide basis) hashing is used to render them anonymous. The direct identification of the members is removed within seven days to render the data anonymous. The remaining data that are rendered anonymous are then deleted within 180 days.

We do not receive any data from LinkedIn that we can attribute to individual persons but rather we only receive reports (in which you are not identified) about the website target group and the advertisement performance. In addition, LinkedIn offers retargeting for website visitors so that by way of these data we can place targeted adverts outside this website.

We store your data until as long as we require such data for the respective purpose (campaign evaluation) or you have not objected to the storage of your data or have not withdrawn your consent.

In addition, LinkedIn may forward personal data for processing to so-called third countries, in particular the USA. Third countries are countries outside the EU or the European Economic Area where different legal data protection provisions apply compared to the European Union and thus the legally required level of data protection may be lower than in the EU. To nevertheless provide a corresponding data protection level, LinkedIn uses corresponding legal mechanisms such as standard contract clauses authorised by the European Commission.

Use of LinkedIn Insight Tags on our site, including the possible forwarding of your personal data to third countries, is based on your consent (Section 25(1), TTDSG, for the use of Cookies, Article 6(1), Point a., GDPR, Article 49(1), Point a., GDPR, for the basic processing of your personal data and the possible transfer to third countries). The consent may be withdrawn at any time for the future via our Cookie settings. If the data are transferred to the US, in addition to LinkedIn, authorities may also gain access to such data under the legal requirements in accordance with American law. TEG has no influence on the scope of the data processed by LinkedIn, the type of processing or use or the transfer of such data to third parties. We also have no effective means of control in this respect.

You can find LinkedIn’s data protection guideline at https://www.linkedin.com/legal/privacy-policy (external link), where you can also find more detailed information about transfers to third countries. LinkedIn members can additionally control the use of their personal data for advertising purposes in their account settings.

On our website we have incorporated linked graphics/pictograms to our content on social media or career platforms (LinkedIn and Xing). You are forwarded to our corresponding company website on the respective platform via the respective link. To ensure that you have complete control of the data, contact is initially established with the respective social network and you when you actively click on the respective link. The respective platforms and external content suppliers, which are accessed via our links, render these services and the processing of your data at their own responsibility.

If you click on the links, the respective provider shall process certain data that apply to you. This may include the following data:

• IP address
• Browser information
• Access time and date.

You can find the precise scope and further information that is relevant to data protection in the data protection policies of the respective controllers.

In addition, we draw attention to the fact that personal data that are processed during the course of your visit to the respective platform may also be forwarded to so-called third countries (countries outside the European Union and the European Economic Area) where other statutory data provisions apply and therefore the data protection level specified by law may be lower than that in the European Union. For further information about forwarding to third countries and the appertaining data protection measures please see the data protection policies of the respective controller.

In different sections our homepage provides information about establishing contact with us. The details of the respective contact points on our homepage are aimed at enabling (potential) business partners to better direct their concerns to us.

In addition, we offer interested parties the opportunity to apply for our advertised positions by submitting an online application. If you wish to apply to us for a vacant position, please use our applicant portal to forward personal data.

In the case of contact or communication in the context of a pre-contractual contract initiation or implementation of a contract, the legal basis for the processing is Article 6(1), Point b., GDPR. In relation to forwarded data, Article 6(1), Point f., GDPR, can also be used as the legal basis. The personal data you enter shall only be used to contact you or to adequately process your request. We therefore have the necessary justified interest in the processing. If establishing contact is based on your consent, the legal basis for the processing is Article 6(1), Point a., GDPR. You are entitled, at any time, to withdraw your consent without stating reasons for such action. These legal principles apply regardless of the chosen form of communication platform (e-mail, contact form, applicant portal, telephone call or Microsoft Teams), by which the corresponding communication takes place.

Personal data shall not be forwarded to third parties unless they are intended to be forwarded or this is technically necessary for the communication. Please note that content from such an exchange and in the case of personal meetings used for discussions frequently serve the purpose of communicating information to business partners, interested parties or third parties and are therefore earmarked for forwarding.
Following cessation of the purpose, your data shall be deleted provided this does not conflict with legitimate reasons, e.g. statutory obligations (Article 6(1), Point c., GDPR) or a justified interest in accordance with Article 6(1), Point f., GDPR, (e.g. processing potential enquiries or reviewing, asserting, exercising or defending legal claims).

Contact by e-mail or contact form

When using our contact forms, there are two mandatory fields (e-mail and name), without which we are unfortunately unable to process your request. All data you disclose when establishing contact with us (irrespective of by e-mail or via the contact form, such as your e-mail address and, where applicable, your name or telephone number) shall be processed by us to reply to your concern/enquiry. In this respect, only the number of different IP addresses, which are rendered anonymous, shall be processed in a technical sense.
You can use the Log-In button to access our log-in area. In this respect we also ensure that the transmission of your data is secure (in this respect see the section “What Security Does the Tengelmann Energie Website Provide?”).

Contact via Microsoft Teams

We use the Microsoft Teams tool to conduct telephone calls, video conferences or even training sessions and, where necessary, exchange documents and other content. The following categories of personal data may be processed during the use of Microsoft Teams:

• Details about the user (e.g. name/display name and e-mail address)
• Meta data (e.g. data, time, meeting ID, IP address and telephone number)
• Data from text, audio and video data and other forwarded files.

With regard to the processing of personal data in the context of electronic communication, Microsoft Corporation with Microsoft Teams as an OTT service (over-the-top service or interpersonal telecommunications service) is subject to data protection and privacy in telecommunications (“telecommunications secrecy”) in accordance with Part 2 of TTDSG, and is accordingly responsible in that respect.

TEG is responsible for any further processing resulting from communication via Microsoft Teams (e.g. via the invitation function, video recordings or document exchange). We therefore draw your attention to the following functions and possibilities:

• During a Teams session you may decide at any time whether or not the camera and/or the microphone should be switched on or off. Furthermore, you are free to share content or not, whereby you may withdraw the sharing of content at any time.
• If you use the chat function, your personal data contained in the chat function shall be processed and the other participants shall gain knowledge of such content.
• In a technical sense it may be the case that participants make a recording of an online meeting while it is being conducted. In such a case, you shall be immediately notified of the recording and you may raise your objections to this with the meeting participants. The recording is saved in Microsoft Teams after the online meeting. The recording can then be shared with other participants.

As a matter of principle, processing personal data as part of using Teams in third countries (countries outside the European Union and the European Economic Area) is not intended because we have placed the Microsoft Corporation under obligation to limit the storage location to computer centres in the European Union. However, we cannot rule out that the routing of data applies via servers that are located outside the EU. This may be the case, in particular, if participants in a meeting are located in a third country.

The Microsoft Corporation uses EU standard contract clauses to guarantee a reasonable data protection level for the processing/transfer of personal data to third countries (or the US). We nevertheless draw attention to the fact that the USA is classified as a so-called third country where contrary statutory data protection provisions apply and therefore the data protection level specified by law may be lower than the one that applies in the European Union. If the data are transferred to the US, in addition to Microsoft, authorities may also gain access to such data under the legal requirements in accordance with American law. TEG has no influence on the scope of the data processed by Microsoft, the type of processing or use or the transfer of such data to third parties. We also have no effective means of control in this respect.

Insofar as you do not wish to use Microsoft Teams, please notify us by e-mail so that we can jointly agree on other means of communication.

You can find more information about the data protection provisions of Microsoft on the Microsoft Corporation homepage (external link):

https://privacy.microsoft.com/de-de/privacystatement

If you would like to receive the Newsletter offered on the website, we need you to provide us with an e-mail address and information that enables us to check that you are the owner of the stated e-mail address or that the owner consents to receiving the Newsletter. By way of the Newsletter, we inform you each week about the development of electricity and gas prices.
We use the so-called Double-Opt-In procedure to guarantee the forwarding of the Newsletter by consent. During the course of this the potential recipient can be incorporated in a distribution list. The user is subsequently granted via a confirmation e-mail the option of confirming the registration by way of legal security. The address is only actively incorporated in the distribution list following confirmation. If this confirmation is not received, your data shall be completely deleted after 7 days.
We use such data exclusively for sending the requested information and offers.

Sendinblue is used as the Newsletter software. In that respect, your data are forwarded to Sendinblue GmbH, Berlin. In that respect, Sendinblue is prohibited from selling your data and using them for purposes other than sending Newsletters. Sendinblue is a German, certified provider, which was selected in accordance with the requirements of GDPR and BDSG (German Federal Data Protection Act) and by our order. You can find more information here (external link):

https://de.sendinblue.com/informationen-newsletter-empfaenger/?rtype=n2go

The legal basis for processing the data after registering for the Newsletter is your consent in accordance with Article 6(1), Point a., GDPR. You may at any time withdraw granted consent for the storage of data, the e-mail address and its use to send the Newsletter, for example via the Unsubscribe link in the Newsletter (see also below Data Subjects’ Rights).

We use the Hotjar analysis tool from Hotjar Ltd, Malta (Hotjar) on certain sub-pages of our website to evaluate online behaviour (including clicks, scroll heights, mouse movements) when these pages are visited. The data obtained in this way enables us to adapt and improve the functionality and user-friendliness of our website in order to increase our “conversion rate”.

Hotjar uses Cookies and tracking codes to collect certain user data on our website. Specifically, this involves the following personal data:

• IP address of the end device (anonymised storage)
• Type of end device and its screen size, operating system and browser used
• Geographical location (country only)
• Language used on the website
• Referring domain
• Visited (sub-)websites
• Date and time of website visits

These data are forwarded to Hotjar and generally processed within the European Union or the European Economic Area. If data are forwarded to a so-called third country, Hotjar uses EU standard contractual clauses to ensure an appropriate level of data protection when processing/transferring personal data to third countries (or the USA). Nevertheless, we would like to point out that the USA is classified as a so-called third country under data protection law, in which different data protection regulations apply compared to the European Union and, therefore, the required level of data protection may be lower than in the EU. If the data are transferred to the US, in addition to Microsoft, authorities may also gain access to such data under the legal requirements in accordance with American law. Hotjar is prohibited from using your data for purposes other than those mentioned above. You can find more information here (external link):

https://www.hotjar.com/privacy/

The legal basis for setting the Cookie is your consent in accordance with Section 25(1),l TTDSG, for the processing of personal data it is your consent in accordance with Article 6(1), Point a., GDPR, or, where applicable, Article 49(1), Point a., GDPR. You may withdraw the consent granted for the processing of your user data at any time in the Cookie settings (see above, “Cookie information” paragraph).

On this website, data are collected and stored for marketing, market research and optimisation purposes using the SalesViewer® technology of SalesViewer^® GmbH, Bochum, on the basis of the legitimate interests of the website operator (Article 6(1), Point f., GDPR).

For this purpose, a javascript-based code is used to collect company-related data and the corresponding use. The data collected using this technology are encrypted via a non-reversible one-way function (so-called hashing). The data are immediately pseudonymised and not used to personally identify the visitor to this website.

The data stored within the framework of SalesViewer shall be deleted as soon as they are no longer required for the intended purpose and there are no legal obligations to retain data to prevent the deletion of such data.

You can object to the collection and storage of data at any time with future effect by clicking on this link https://www.salesviewer.com/opt-out to prevent the collection of data by SalesViewer within this website in the future. In that respect, an Opt-Out Cookie shall be placed on your device. IF you delete your Cookies in this browser, you will need to click on the link again.

On this website, data are collected and stored for marketing, market research and optimisation purposes using the SalesViewer® technology of SalesViewer® GmbH, Bochum, on the basis of the legitimate interests of the website operator (Article 6(1), Point f., GDPR).

For this purpose, a javascript-based code is used to collect company-related data and the corresponding use. The data collected using this technology are encrypted via a non-reversible one-way function (so-called hashing). The data are immediately pseudonymised and not used to personally identify the visitor to this website.

The data stored within the framework of SalesViewer shall be deleted as soon as they are no longer required for the intended purpose and there are no legal obligations to retain data to prevent the deletion of such data.

You can object to the collection and storage of data at any time with future effect by clicking on this link https://www.salesviewer.com/opt-out to prevent the collection of data by SalesViewer within this website in the future. In that respect, an Opt-Out Cookie shall be placed on your device. IF you delete your Cookies in this browser, you will need to click on the link again.

On our website you have the opportunity to make appointments with us. We also use the “Calendly” tool for booking appointments. The provider is Calendly LLC, USA (hereinafter “Calendly”). Calendly acts as an order processor on our behalf.

You enter the requested data and the desired date in the window provided to book an appointment. The data you enter shall be used to plan, execute and, where necessary, follow-up the appointment. For this purpose, you usually provide us with general business contact and appointment data, such as your first and last name, e-mail address or the agreed date and time. In addition, technical information, such as the IP address at the time of the appointment, is forwarded.

The appointment data are processed on our behalf by Calendly in the US, among others, whose data protection policy you can view here (external link): https://calendly.com/de/pages/privacy. We would like to point out that the USA is a so-called third country under data protection law. Third countries are countries outside the EU or the European Economic Area in which different legal data protection provisions apply compared to the European Union and therefore the legally required level of data protection may be lower than in the European Union. If the data are transferred to the US, in addition to Calendly, authorities may also gain access to such data under the legal requirements in accordance with American law. TEG has no influence on the scope of the data processed by Calendly, the type of processing or use or the transfer of such data to third parties. We also have no effective means of control in this respect.

Forwarding data to the US is based on the standard contractual clauses of the EU Commission. Further details can be found here (external link to the provider in the USA): https://calendly.com/pages/dpa.

We shall retain the data you enter until you ask us to delete it, withdraw any consent you may have given to store it, or until the purpose for storing the data no longer applies. This does not affect compulsory statutory provisions – in particular storage periods.

Article 6(1), Point f., GDPR, forms the legal basis in respect of the processing. We have a legitimate interest in making appointments with interested parties and customers as uncomplicated as possible. If consent has been requested, Article 6(1), Point a., GDPR, or Article 49(1), Point a., GDPR, is the legal basis for data processing. Consent may be withdrawn at any time with effect for the future. We expressly point out that you do not undertake to use this service to make an appointment. You may also use the other options we have provided under contact.

We reserve the right to amend security and data protection measures provided this is necessary for example as a result of technical developments. In such cases we shall also adjust our data protection notices accordingly.