DATA PROTECTION
Thank you for your interest.

Tengelmann Energie GmbH (hereinafter referred to as “TEG”, “we” or “us”) attaches great importance to data protection, in particular the protection of your personal data. We are therefore informing you in the following sections in accordance with Section 13 of the EU General Data Protection Regulation (GDPR) or in accordance with Article 14 GDPR provided data are not collected directly.

Below we would like to explain to you which data we process, and the purpose of such processing, and the rights you have in that respect.

Controller and Data Protection Officer

The controller within the meaning of Article 4, No. 7, GDPR, is

Tengelmann Energie GmbH
Jakob-Funke-Platz 2
D-45127 Essen

Tel.: +49 (0) 201 / 56 57 – 6100
E-mail: info(at)tengelmann-energie.de

You can find more information about the controller in the imprint.

If you have any questions about data protection, please contact our external data protection officer:

Tengelmann Audit GmbH
Data Protection Officer
An der Pönt 45
D-40885 Ratingen

E-mail: datenschutz(at)t-audit.de

Legal Bases and Principles of the Processing

As a matter of principle, personal data are only processed provided this is necessary for the respective purpose or you have granted your consent to us in that respect. As a matter of principle personal data may be processed based on the following legal bases:

  • Article 6(1), letter a, GDPR (consent of the data subject)
  • Article 6(1), letter b, GDPR (executing a contractual relationship with the data subject, pre-contractual measures following an enquiry by the data subject)
  • Article 6(1), letter c GDPR (complying with a legal obligation of our company)
  • Article 6(1), letter d, GDPR (protecting vital interests of the data subject or of another natural person)
  • Article 6(1), letter e, GDPR (performing a task in the public interest or in the exercise of official authority)
  • Art. 6 Abs. 1 lit. f DSGVO (exercising a legitimate interest pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (weighing up of interests)).

Where consent serves as the legal basis for the processing, you may withdraw your consent at any time without stating reasons for such action. As a matter of principle, the withdrawal only applies to the future. This means that as a result of the withdrawal of the declaration of consent, the processing to date will not become legally valid up until receipt of withdrawal of the consent.

It is taken for granted that we should provide complete protection of your personal data on this website. Unfortunately in the case of electronic data transmissions via the internet it can never be completely ruled out that security gaps may occur irrespective of all the technical and organisational measures we adopt.

Where nothing to the contrary is stated by us, TEG shall neither sell your personal data to third parties nor otherwise market them. All personal data that arise as part of the Tengelmann Energie web services are processed with consideration given to the respective valid requirements, and in general only for the purpose of executing and/or processing the contract and to safeguard justified business interests, e.g. storage of questions for subsequent enquiries for approximately six months. Once the purpose has been honoured your data shall be deleted provided this does not conflict with statutory storage periods.

Where nothing to the contrary is stated in the following passages, the forwarding of personal information to third countries or to international organisations is not intended. Furthermore, we do not use any procedures for automated decision-making, including profiling.

Data Subjects’ Rights

Where we process your personal data, in dealings with us in relation to the processing of your personal data you shall have the following rights, which you may exercise against us at any time. In detail you may exercise the following rights:

  • Information
  • Rectification of data
  • Restriction of processing
  • Erasure of data
  • Data portability
  • Objection to processing

In addition, you have the right to lodge a complaint with a supervisory authority responsible for data protection about the processing of your personal data by us.

Insofar as the processing is based on granted consent, you have the right to withdraw the consent at any time without such action affecting the legality of the processing that applies on the basis of the consent up until withdrawal.

If you wish to exercise your rights against us, please use the details stated above to contact the controller.

How are Your Personal Data Processed on the Tengelmann Energie Website?

During every visit, data are processed on our web server merely for statistical collections and to guarantee the security and stability of the system. Our justified interest in accordance with Article 6, letter f, GDPR, which simultaneously serves as the legal basis, also applies to the aforementioned purposes. Provided nothing to the contrary is stated, data are only forwarded as part of technical necessities to the service providers commissioned with the task of supporting the homepage.

The processed personal data include your IP address, the individual pages that you have viewed on the Tengelmann Energie GmbH website and the data quantities that were forwarded during your visit. To that end the date and duration of your visit and the website or the link via which you gained access to our website are stored, including by way of a so-called Session Cookie. This is aimed at identifying you as a user in a technical sense during each website visit. Such data do not enable us to draw any conclusions about your person. The Session Cookie is automatically deleted when you leave the website. Furthermore, you have the option of controlling the use and storage of Cookies via your browser settings. You can find more detailed information about all Cookies, including from third party suppliers, in “Cookie Information”.

What Security Does the Tengelmann Energie Website Provide?

We adopt technical, up-to-date, measures to protect your data from unintentional or intentional manipulation, loss, destruction or access by unauthorised third persons. Tengelmann Energie GmbH consistently further develops and improves these technical and organisational measures.

To prevent misuse of the data by third parties, in the aforementioned cases your data are transmitted in a secure, encrypted, form. The Tengelmann Energie website uses the 256-Bit-TLS 1.2 encryption (Transport Layer Security 1.2). Such encryption of the connection ensures the best possible security when transmitting data between a client and a server.

Cookie Information

So-called Cookies are used on our homepage. Cookies are text files that are stored by a website in the browser of the person visiting that website and used to exchange information with the homepage server.

On our homepage, we use the following Cookies that are necessary in a technical sense so that all the key functions of the page can be correctly provided and displayed to you (based on our justified interest in accordance with Article 6(1), letter f, GDPR as the legal basis):

Name Storage period Description
     
Borlabs Cookie 1 Year Stores your selection in respect of the optional Cookies
PHPSESSID End of the session So-called Session Cookie. Contains anonymous user ID to allocate several enquiries of a user of the same HTTP session.
REMEMBERME The cookie is valid for 2 weeks. This cookie serves to restore an expired session. The cookie is absolutely necessary for correct functionality of the website.

You can prevent the use of Cookies in your browser settings for customary use. If the Cookies that are required in a technical sense are prevented, it may however be the case that our site can no longer be displayed in full and correctly.

Furthermore, optional Cookies are used on our site by the service providers described below and are only set based on your consent in accordance with Article 6(1), letter a, GDPR. When you view the settings for these Cookies, and potentially amend them (in particular withdraw your consent), you can use the following link to again call up the settings you have made (below is an external link):

Change Cookies settings

Use of YouTube

We incorporate YouTube videos on our website. The YouTube operator is Google Ireland Limited (“Google”). We use YouTube in an extended data protection mode. This means that YouTube is unable to store any information about the website visitors before the video is viewed. The forwarding of data to YouTube partners is not automatically ruled out by way of the extended data protection mode. YouTube establishes a connection to the Google DoubleClick network including without the video being viewed. As soon as you start a YouTube video on the page, a connection is established to the YouTube servers. In that respect, details of the pages on our website that you have visited are forwarded.

Furthermore, YouTube can set various Cookies on your terminals following the start of a video. In this manner YouTube can obtain information about website visitors. This information is used to collate video statistics, improve user friendliness and prevent attempted fraud. Where applicable, following the start of YouTube, further data processing operations may begin upon which we have no influence.

As part of use of YouTube, it cannot be ruled out that data are transferred to the USA and stored there. In respect of data protection law, the USA is classified as a so-called third country where other statutory data protection provisions apply and therefore the data protection level specified by law may be lower than the one that applies in the European Union.

YouTube is used in the interest of an appealing presentation of our online programme. This constitutes a justified interest within the meaning of Article 6(1), letter f, GDPR. Insofar as corresponding consent has been requested, data are processed exclusively on the basis of your consent. The consent may be withdrawn at any time for the future via our Cookie settings.

You can find more information about data protection at YouTube in its data protection policy (below is an external link): https://policies.google.com/privacy?hl=de

Use of Google Analytics

We use Google Analytics, a web analysis services of Google Inc. (“Google”). Google Analytics uses Cookies that are stored on your computer for 1 minute or 2 years and which facilitate the analysis of your use of the website and, where applicable, curtail simultaneous enquiries by users.

The information generated by the Cookie regarding your use of this website is usually sent to and stored on a server operated by Google and located in the USA. In respect of data protection law, the USA is classified as a so-called third country where other statutory data protection provisions apply and therefore the data protection level specified by law may be lower than the one that applies in the European Union.

We only use Google Analytics if IP data is rendered anonymous. This means the IP address of the users shortened by Google in Member States of the European Union or in other contracting states to the Agreement on the European Economic Area as a result of which drawing conclusions about a certain person can be ruled out. Only in exceptional cases will the entire IP address be sent to a Google server in the USA and then shortened there. By order of the operator of this website, Google will use this information to analyse your use of the website, draw up reports on the website activities and provide additional services associated with use of the website and the Internet in dealings with the website operator. The IP address forwarded as part of Google Analytics from your browser shall not be grouped together with other data from Google.

The legal basis for the processing of your personal data by Google Analytics is the consent granted by you in the Cookie settings. You may withdraw your granted consent at any time in the settings to take effect in the future. The forwarding to the USA described above therefore similarly applies only following your express consent.

Use of Facebook Pixel and LinkedIn Insight Tag

Facebook Pixel

On our website we use the so-called “Facebook Pixel” of the company Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland).

We use Facebook Pixel to measure the success of our social media marketing campaigns, to optimise these and where applicable form so-called Custom Audiences.  As a result, users of our website can be presented with interest-related advertisements (Facebook Ads) as part of visiting Facebook or other websites that similarly use this procedure. By way of the Facebook Pixel, Facebook is able to identify the visitors to our website as a target group for the presentation of advertisements in the Facebook social network. As a result we are in a position to place targeted advertisements. So-called Cookies are also used as part of the use of the Facebook Pixel Code.

The Facebook Pixel implemented on our page is used to establish a direct link to the Facebook servers. In that respect, information about what you have visited on our website and the pages you have selected is forwarded to the Facebook servers. Furthermore, individual information and parameters that are required to optimise our advertisements, increase the relevance and measure the success are forwarded. In that respect this entails, in particular, information about so-called Conversion Events on the TEG page (e.g. whether or not contact with us has been established). We are unable to view the data recorded by Facebook (e.g. IP addresses, information about the web browser, the location of the website, clicked buttons, where applicable pixel IDs and additional features). We can only use such data as part of placing certain advertisements.

If you have a Facebook account and are registered, the visit to this website will be allocated to your Facebook user account. If you are not registered with Facebook or are not logged in, it may be the case that the provider will gain knowledge of, and store, your IP address and additional identification features.

We store your data as long as we require it for the respective purpose (display of interest-based advertising) or you have not objected to the storage of your data or have not withdrawn your consent. The part of the Pixel that is set as a Cookie remains on your device for up to 24 hours.

In addition, Facebook may forward personal data for processing to so-called third countries, in particular the USA. Third countries are countries outside the EU or the European Economic Area where other statutory data protection provisions apply and therefore the data protection level specified by law may be below that of the EU. To nevertheless provide a corresponding data protection level, Facebook uses standard contract clauses authorised by the European Union in respect of data transmissions from the European Economic Area to the USA and other countries and, where applicable, sets adequacy decisions issued by the European Commission for certain countries.

The use of Facebook Pixel on our site, including the possible transfer of your personal data to third countries, applies on the basis of your consent (Article 6(1), letter a, GDPR. The consent may be withdrawn at any time for the future via our Cookie settings. Furthermore, it is not ruled out that Facebook uses the data for its own purposes, on which TEG has no influence whatsoever.

You can find further information regarding the collection and use of data by Facebook as well as regarding your rights and the possibilities of protecting your privacy in Facebook’s data protection notices at https://www.facebook.com/about/privacy/ (external link). You can obtain special information about Facebook Pixel at https://www.facebook.com/business/learn/facebook-ads-pixel (external link).

On Facebook logged in users can additionally deactivate functionalities in respect of individualised advertisements at https://www.facebook.com/settings/?tab=ads# (external link).

 

LinkedIn Insight Tag

We use the so-called LinkedIn Insight Tag of the LinkedIn platform operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. We process the data obtained by the LinkedIn Insight Tag to evaluate or campaigns, where applicable improve them and collect information about the website visitors who have gained access to our campaigns on LinkedIn. To that end the LinkedIn Insight Tag is integrated in our pages and a Cookie is set on your terminal by LinkedIn.

By way of this technology we can draw up reports on the performance of our advertisements and information about website interaction. The LinkedIn Insight Tag is incorporated on this website for that reason, for which a connection is established with the LinkedIn server.

The LinkedIn Insight Tag facilitates the collection of data about the visitors on our website, including URL, referrer URL, IP address, device and browser features (User Agent) and the time stamp. The IP addresses are shortened or (if they are used to reach members on a device-wide basis) they are hashed The direct identification of the members is removed within seven days to render the data anonymous. The remaining data that are rendered anonymous are then deleted within 180 days.

We do not receive any data from LinkedIn that we can attribute to individual persons but rather we only receive reports (in which you are not identified) about the website target group and the advertisement performance. In addition, LinkedIn offers retargeting for website visitors so that by way of these data we can place targeted adverts outside this website.

We store your data until as long as we require such data for the respective purpose (campaign evaluation) or you have not objected to the storage of your data or have not withdrawn your consent.

In addition, LinkedIn may forward personal data for processing to so-called third countries, in particular the USA. Third countries are countries outside the EU or the European Economic Area where other statutory data protection provisions apply and therefore the data protection level specified by law may be below that of the EU. To nevertheless provide a corresponding data protection level, LinkedIn uses corresponding legal mechanisms such as standard contract clauses authorised by the European Commission.

Use of the LinkedIn Insight Tag on our site, including the possible transfer of your personal data to third countries, applies on the basis of your consent (Article 6(1), letter a, GDPR). The consent may be withdrawn at any time for the future via our Cookie settings. Furthermore, it is not ruled out that LinkedIn uses the data for its own purposes, on which TEG has no influence whatsoever.

You can find LinkedIn’s data protection guideline at https://www.linkedin.com/legal/privacy-policy (external link), where you can also find more detailed information about transfers to third countries. LinkedIn members can additionally control the use of their personal data for advertising purposes in their account settings.

Social Media Pages

On our website we have incorporated linked graphics/pictograms to our content on social media or career platforms (LinkedIn and Xing). You are forwarded to our corresponding company website on the respective platform via the respective link. To ensure that you have complete control of the data, contact is initially established with the respective social network and you when you actively click on the respective link. The respective platforms and external content suppliers, which are accessed via our links, render these services and the processing of your data at their own responsibility.

If you click on the links, the respective provider shall process certain data that apply to you. This may include the following data:

  •  IP address
  •  Browser information
  •  Access time and date.

You can find the precise scope and further information that is relevant to data protection in the data protection policies of the respective controllers.

In addition, we draw attention to the fact that personal data that are processed during the course of your visit to the respective platform may also be forwarded to so-called third countries (countries outside the European Union and the European Economic Area) where other statutory data provisions apply and therefore the data protection level specified by law may be lower than that in the European Union. For further information about forwarding to third countries and the appertaining data protection measures please see the data protection policies of the respective controller.

Establishing Contact/Communication

In different sections our homepage provides information about establishing contact with us. The details of the respective contact points on our homepage are aimed at enabling (potential) business partners to better direct their concerns to us.

If you wish to apply to us for a vacant position as an employee, please use our applicant portal to forward personal data.

When using our contact forms, two compulsory fields apply (e-mail and name) without which we will unfortunately be unable to process the enquiry (the processing constitutes our justified interest in accordance with Article 6(1), letter f, GDPR). All data you disclose when establishing contact with us (irrespective of by e-mail or via the contact form, such as your e-mail address and, where applicable, your name or telephone number) shall be processed by us to reply to your concern/enquiry. In this respect, only the number of different IP addresses, which are rendered anonymous, shall be processed in a technical sense.

If establishing contact is geared towards the pre-contract initiation of contracts or executing a contract, the legal basis for the processing is Article 6(1), letter b, GDPR. With regard to data that are also transmitted, in addition Article 6(1), letter f, GDPR, may also be cited as the legal basis.

The personal data that you enter shall only be used to contact you or adequately process your concern. We therefore have the necessary justified interest in the processing.

If establishing contact is based on your consent, the legal basis for the processing is Article 6(1), letter a, GDPR. You are entitled, at any time, to withdraw your consent without stating reasons for such action.

You can use the Log-In button to access our log-in area. In this respect we also ensure that the transmission of your data is secure (in this respect see the section “What Security Does the Tengelmann Energie Website Provide?”).

Communication with Microsoft Teams

We use the Tool Microsoft Teams tool to conduct telephone conversations, video conferences and training sessions. In such cases, the Microsoft Corporation processes personal data subject to our order.

The following categories of personal data may be processed during the use of Microsoft Teams:

  • Details about the user (e.g. name/display name and e-mail address)
  • Communication meta data (e.g. data, time, meeting ID, IP address and telephone number)
  • Contact data from text, audio and video data and other forwarded files.

During a Teams session you may decide at any time whether or not the camera and/or the microphone should be switched on or off. Furthermore, you are free to share content or not, whereby you may withdraw the sharing of content at any time. If you use the chat function, your personal data contained in the chat function shall be processed and the other participants will gain knowledge of such content. In a technical sense it may be the case that participants make a recording of an online meeting while it is being conducted. In such a case you shall be notified of the recording and you may raise your objections to this with the meeting participants. Following the online meeting, the recording shall be stored in Microsoft Teams. The recording may be released to other participants.

As a matter of principle, processing personal data as part of using Teams in third countries (countries outside the European Union and the European Economic Area) is not intended because we have placed the Microsoft Corporation under obligation to limit the storage location to computer centres in the European Union. However, we cannot rule out that the routing of data applies via servers that are located outside the EU. This may be the case, in particular, if participants in a meeting are located in a third country.

The Microsoft Corporation uses EU standard contract clauses to guarantee a reasonable data protection level for the processing/transfer of personal data to third countries (or the USA). We nevertheless draw attention to the fact that the USA is classified as a so-called third country where other statutory data protection provisions apply and therefore the data protection level specified by law may be lower than the one that applies in the European Union.

The data are encrypted during transmission via the internet and are therefore protected against unauthorised access by third parties.

The purpose of the processing of personal data is in our justified interest in processing a matter that concerns you, us or a third party and communicating with the corresponding partners. Furthermore, we have a justified interest in communicating or exchanging information in a manner that is, as far as possible, free of technical malfunctions and characterised by high quality and efficiency.

Your consent in accordance with Article 6(1), letter a, GDPR, may serve as the legal basis for the processing of the personal data (in relation to the potential forwarding of data to the USA in accordance with Article 49(1), letter a, GDPR), in particular if you are not already a customer/user of the Microsoft Corporation in relation to Microsoft Teams. Insofar as you do not grant consent in such a case, and therefore do not wish to use Microsoft Teams, please notify us by e-mail so that we can jointly agree on other means of communication.

In the event of granted consent, you may withdraw your consent at any time without stating reasons for such action by no longer using Microsoft Teams in conjunction with us and/or notify us of this by e-mail. As a matter of principle, the withdrawal only applies to the future. This means that as a result of the withdrawal of the declaration of consent, the processing to date will not become legally valid up until receipt of withdrawal of the consent.

Where your consent is not cited as the legal basis, the previously described justified interests in accordance with Article 6(1), letter f, GDPR, apply as such. Insofar as the communication by way of incorporating Teams serves the purpose of the pre-contract initiation of contracts or executing a contract, the legal basis for the processing is Article 6(1), letter b, GDPR.

As a matter of principle, personal data that are processed in conjunction with communication via Teams are not forwarded to third parties provided they are not, in particular, intended for forwarding. Please note that content from such communication and in the case of personal meetings used for discussions frequently serve the purpose of communicating information to business partners, interested parties or third parties and are therefore earmarked for forwarding.

Following the cessation of the purpose, your data shall be deleted provided this does not conflict with legitimate reasons, e.g. statutory storage periods (Article 6(1), letter c, GDPR) or a justified interest in accordance with Article 6(1), letter f, GDPR, (e.g. processing potential enquiries or reviewing, asserting, implementing or defending legal claims).

Where you call up the internet page of Microsoft Teams, the Microsoft Corporation is responsible for the data processing. Calling up the internet page for use of Microsoft Teams may be necessary to download the software to use Microsoft Teams.

If you do not wish to use the Microsoft Teams App, or cannot use it, Microsoft Teams can also be used via the browser. The service shall then, insofar, also be rendered via the Microsoft Teams website.

The Microsoft Corporation can, insofar, also process personal data in conjunction with use of the services for its own purposes. You can find more information about the data protection provisions of Microsoft on the Microsoft Corporation homepage (below is an external link):

https://privacy.microsoft.com/de-de/privacystatement

Tengelmann Energie Newsletter

If you would like to receive the Newsletter offered on the website, we need you to provide us with an e-mail address and information that enables us to review that you are the owner of the stated e-mail address or that the owner consents to receiving the Newsletter. By way of the Newsletter, we inform you each week about the development of electricity and gas prices.

We use the so-called Double-Opt-In procedure to guarantee the forwarding of the Newsletter by consent. During the course of this the potential recipient can be incorporated in a distribution list. The user is subsequently granted via a confirmation e-mail the option of confirming the registration by way of legal security. The address is only actively incorporated in the distribution list following confirmation.

We use such data exclusively for sending the requested information and offers.

Newsletter2Go is used as the Newsletter software. In that respect, your data are forwarded to Newsletter2Go GmbH. In that respect, Newsletter2Go is prohibited from selling your data and using them for purposes other than sending Newsletters. Newsletter2Go is a German, certified, provider, which was selected in accordance with the requirements of GDPR and BDSG (German Federal Data Protection Act). You can find more information here (below is an external link):

https://www.newsletter2go.de/informationen-newsletter-empfaenger/

The legal basis for processing the data after registering for the Newsletter is your consent in accordance with Article 6(1), letter a, GDPR. You may at any time withdraw granted consent for the storage of data, the e-mail address and its use to send the Newsletter, for example via the Unsubscribe link in the Newsletter (see also below Data Subjects’ Rights).

Sales Viewer

This website uses SalesViewer® technology from SalesViewer® GmbH on the basis of the website operator’s legitimate interests (Section 6 paragraph 1 lit.f GDPR) in order to collect and save data on marketing, market research and optimisation purposes.

In order to do this, a javascript based code, which serves to capture company-related data and according website usage. The data captured using this technology are encrypted in a non-retrievable one-way function (so-called hashing). The data is immediately pseudonymised and is not used to identify website visitors personally

The data stored by Salesviewer will be deleted as soon as they are no longer required for their intended purpose and there are no legal obligations to retain them.

The data recording and storage can be repealed at any time with immediate effect for the future, by clicking on https://www.salesviewer.com/opt-out in order to prevent SalesViewer® from recording your data. In this case, an opt-out cookie for this website is saved on your device. If you delete the cookies in the browser, you will need to click on this link again.

Reservation to Make Amendments

We reserve the right to amend security and data protection measures provided this is necessary for example as a result of technical developments. In such cases we shall also adjust our data protection notices accordingly.

Menü