Privacy policy

We are pleased that you are interested in our company. Our business is also characterized by data processing. In accordance with our Privacy Policy, we take the protection of your personal information very seriously and always treat your personal information confidentially and in accordance with the applicable data protection regulations.

With the following information, we would like to give you an overview of when, why and how we collect, use and process certain data from you and what rights you have in this regard. In the following, we have compiled the information according to the different categories of affected persons (business partners, employees, applicants).

Modification of this privacy policy

We revise this Privacy Notice in the event of changes in data processing or other occasions that require it. The current version can always be found on this website.

As of: 05.08.2021


contact

The responsible body for data processing with personal data is the

PROLOGA Energy GmbH
Walter-Hülse-Straße 5
06120 Halle (Saale)

T: +49 441 779 359-0
F: +49 441 779 359-20
I:  
www.prologa-energy.com
E:  
This email address is being protected from spambots. You need JavaScript enabled to view it.

If you have any questions about data protection in our company, please contact our Data Protection Officer at:

kelobit IT-Experts GmbH
Dr. Andreas Melzer
Thüringer Straße 31
06112 Halle (Saale)

T: 0345 132553-80
E:
This email address is being protected from spambots. You need JavaScript enabled to view it.


Right to object

Case-by-case right to object

You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you, which is carried out on the basis of Article 6 (1) lit. f GDPR (data processing based on a balance of interests). This also applies to profiling based on that provision within the meaning of Article 4(4) GDPR. If you object, we will no longer process your personal data unless we can prove compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Recipient of an opposition

The objection can be made without form by post or e-mail with the subject "opposition" stating your name and address or company affiliation and should be addressed to:

PROLOGA Energy GmbH
Walter-Hülse-Straße 5
06120 Halle (Saale)


Website visitors

1. An overview of data protection

General information

The following information will provide you with an easy to navigate overview of what will happen with your personal data when you visit this website. The term “personal data” comprises all data that can be used to personally identify you. For detailed information about the subject matter of data protection, please consult our Data Protection Declaration, which we have included beneath this copy.

Data recording on this website

Who is the responsible party for the recording of data on this website (i.e., the “controller”)?

The data on this website is processed by the operator of the website, whose contact information is available under section “Information about the responsible party (referred to as the “controller” in the GDPR)” in this Privacy Policy.

How do we record your data?

We collect your data as a result of your sharing of your data with us. This may, for instance be information you enter into our contact form.

Other data shall be recorded by our IT systems automatically or after you consent to its recording during your website visit. This data comprises primarily technical information (e.g., web browser, operating system, or time the site was accessed). This information is recorded automatically when you access this website.

What are the purposes we use your data for?

A portion of the information is generated to guarantee the error free provision of the website. Other data may be used to analyze your user patterns.

What rights do you have as far as your information is concerned?

You have the right to receive information about the source, recipients, and purposes of your archived personal data at any time without having to pay a fee for such disclosures. You also have the right to demand that your data are rectified or eradicated. If you have consented to data processing, you have the option to revoke this consent at any time, which shall affect all future data processing. Moreover, you have the right to demand that the processing of your data be restricted under certain circumstances. Furthermore, you have the right to log a complaint with the competent supervising agency.

Please do not hesitate to contact us at any time if you have questions about this or any other data protection related issues.

2. Hosting

External Hosting

This website is hosted by an external service provider (host). Personal data collected on this website are stored on the servers of the host. These may include, but are not limited to, IP addresses, contact requests, metadata and communications, contract information, contact information, names, web page access, and other data generated through a web site.

The host is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of secure, fast, and efficient provision of our online services by a professional provider (Art. 6(1)(f) GDPR).

Our host will only process your data to the extent necessary to fulfil its performance obligations and to follow our instructions with respect to such data.

We are using the following host:

1&1 AG
Wilhelm-Röntgen-Straße 1-5
63477 Maintal

3. General information and mandatory information

Data protection

The operators of this website and its pages take the protection of your personal data very seriously. Hence, we handle your personal data as confidential information and in compliance with the statutory data protection regulations and this Data Protection Declaration.

Whenever you use this website, a variety of personal information will be collected. Personal data comprises data that can be used to personally identify you. This Data Protection Declaration explains which data we collect as well as the purposes we use this data for. It also explains how, and for which purpose the information is collected.

We herewith advise you that the transmission of data via the Internet (i.e., through e-mail communications) may be prone to security gaps. It is not possible to completely protect data against third-party access.

Information about the responsible party (referred to as the “controller” in the GDPR)

The data processing controller on this website is:

PROLOGA Energy GmbH
Wallstraße 11
26122 Oldenburg

Phone: +49 441 779 359-0
E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

The controller is the natural person or legal entity that single-handedly or jointly with others makes decisions as to the purposes of and resources for the processing of personal data (e.g., names, e-mail addresses, etc.).

Storage duration

Unless a more specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for which it was collected no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods); in the latter case, the deletion will take place after these reasons cease to apply.

Designation of a data protection officer as mandated by law

We have appointed a data protection officer for our company.

Dr. Andreas Melzer
kelobit IT-Experts GmbH

Telefon: +49 345 132553-80
E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

Information on data transfer to the USA and other non-EU countries

Among other things, we use tools of companies domiciled in the United States or other from a data protection perspective non-secure non-EU countries. If these tools are active, your personal data may potentially be transferred to these non-EU countries and may be processed there. We must point out that in these countries, a data protection level that is comparable to that in the EU cannot be guaranteed. For instance, U.S. enterprises are under a mandate to release personal data to the security agencies and you as the data subject do not have any litigation options to defend yourself in court. Hence, it cannot be ruled out that U.S. agencies (e.g., the Secret Service) may process, analyze, and permanently archive your personal data for surveillance purposes. We have no control over these processing activities.

Revocation of your consent to the processing of data

A wide range of data processing transactions are possible only subject to your express consent. You can also revoke at any time any consent you have already given us. This shall be without prejudice to the lawfulness of any data collection that occurred prior to your revocation.

Right to object to the collection of data in special cases; right to object to direct advertising (Art. 21 GDPR)

IN THE EVENT THAT DATA ARE PROCESSED ON THE BASIS OF ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO AT ANY TIME OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA BASED ON GROUNDS ARISING FROM YOUR UNIQUE SITUATION. THIS ALSO APPLIES TO ANY PROFILING BASED ON THESE PROVISIONS. TO DETERMINE THE LEGAL BASIS, ON WHICH ANY PROCESSING OF DATA IS BASED, PLEASE CONSULT THIS DATA PROTECTION DECLARATION. IF YOU LOG AN OBJECTION, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA, UNLESS WE ARE IN A POSITION TO PRESENT COMPELLING PROTECTION WORTHY GROUNDS FOR THE PROCESSING OF YOUR DATA, THAT OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS OR IF THE PURPOSE OF THE PROCESSING IS THE CLAIMING, EXERCISING OR DEFENCE OF LEGAL ENTITLEMENTS (OBJECTION PURSUANT TO ART. 21(1) GDPR).

IF YOUR PERSONAL DATA IS BEING PROCESSED IN ORDER TO ENGAGE IN DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR AFFECTED PERSONAL DATA FOR THE PURPOSES OF SUCH ADVERTISING AT ANY TIME. THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS AFFILIATED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR DIRECT ADVERTISING PURPOSES (OBJECTION PURSUANT TO ART. 21(2) GDPR).

Right to log a complaint with the competent supervisory agency

In the event of violations of the GDPR, data subjects are entitled to log a complaint with a supervisory agency, in particular in the member state where they usually maintain their domicile, place of work or at the place where the alleged violation occurred. The right to log a complaint is in effect regardless of any other administrative or court proceedings available as legal recourses.

Right to data portability

You have the right to demand that we hand over any data we automatically process on the basis of your consent or in order to fulfil a contract be handed over to you or a third party in a commonly used, machine readable format. If you should demand the direct transfer of the data to another controller, this will be done only if it is technically feasible.

SSL and/or TLS encryption

For security reasons and to protect the transmission of confidential content, such as purchase orders or inquiries you submit to us as the website operator, this website uses either an SSL or a TLS encryption program. You can recognize an encrypted connection by checking whether the address line of the browser switches from “http://” to “https://” and also by the appearance of the lock icon in the browser line.

If the SSL or TLS encryption is activated, data you transmit to us cannot be read by third parties.

Information about, rectification and eradication of data

Within the scope of the applicable statutory provisions, you have the right to at any time demand information about your archived personal data, their source and recipients as well as the purpose of the processing of your data. You may also have a right to have your data rectified or eradicated. If you have questions about this subject matter or any other questions about personal data, please do not hesitate to contact us at any time.

Right to demand processing restrictions

You have the right to demand the imposition of restrictions as far as the processing of your personal data is concerned. To do so, you may contact us at any time. The right to demand restriction of processing applies in the following cases:

  • In the event that you should dispute the correctness of your data archived by us, we will usually need some time to verify this claim. During the time that this investigation is ongoing, you have the right to demand that we restrict the processing of your personal data.
  • If the processing of your personal data was/is conducted in an unlawful manner, you have the option to demand the restriction of the processing of your data in lieu of demanding the eradication of this data.
  • If we do not need your personal data any longer and you need it to exercise, defend or claim legal entitlements, you have the right to demand the restriction of the processing of your personal data instead of its eradication.
  • If you have raised an objection pursuant to Art. 21(1) GDPR, your rights and our rights will have to be weighed against each other. As long as it has not been determined whose interests prevail, you have the right to demand a restriction of the processing of your personal data.

If you have restricted the processing of your personal data, these data – with the exception of their archiving – may be processed only subject to your consent or to claim, exercise or defend legal entitlements or to protect the rights of other natural persons or legal entities or for important public interest reasons cited by the European Union or a member state of the EU.

4. Recording of data on this website

Cookies

Our websites and pages use what the industry refers to as “cookies.” Cookies are small text files that do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or they are permanently archived on your device (permanent cookies). Session cookies are automatically deleted once you terminate your visit. Permanent cookies remain archived on your device until you actively delete them, or they are automatically eradicated by your web browser.

In some cases, it is possible that third-party cookies are stored on your device once you enter our site (third-party cookies). These cookies enable you or us to take advantage of certain services offered by the third party (e.g., cookies for the processing of payment services).

Cookies have a variety of functions. Many cookies are technically essential since certain website functions would not work in the absence of the cookies (e.g., the shopping cart function or the display of videos). The purpose of other cookies may be the analysis of user patterns or the display of promotional messages.

Cookies, which are required for the performance of electronic communication transactions (required cookies) or for the provision of certain functions you want to use (functional cookies, e.g., for the shopping cart function) or those that are necessary for the optimization of the website (e.g., cookies that provide measurable insights into the web audience), shall be stored on the basis of Art. 6(1)(f) GDPR, unless a different legal basis is cited. The operator of the website has a legitimate interest in the storage of cookies to ensure the technically error free and optimized provision of the operator’s services. If your consent to the storage of the cookies has been requested, the respective cookies are stored exclusively on the basis of the consent obtained (Art. 6(1)(a) GDPR); this consent may be revoked at any time.

You have the option to set up your browser in such a manner that you will be notified any time cookies are placed and to permit the acceptance of cookies only in specific cases. You may also exclude the acceptance of cookies in certain cases or in general or activate the delete function for the automatic eradication of cookies when the browser closes. If cookies are deactivated, the functions of this website may be limited.

In the event that third-party cookies are used or if cookies are used for analytical purposes, we will separately notify you in conjunction with this Data Protection Policy and, if applicable, ask for your consent.

Server log files

The provider of this website and its pages automatically collects and stores information in so-called server log files, which your browser communicates to us automatically. The information comprises:

  • The type and version of browser used
  • The used operating system
  • Referrer URL
  • The hostname of the accessing computer
  • The time of the server inquiry
  • The IP address

This data is not merged with other data sources.

This data is recorded on the basis of Art. 6(1)(f) GDPR. The operator of the website has a legitimate interest in the technically error free depiction and the optimization of the operator’s website. In order to achieve this, server log files must be recorded.

Request by e-mail, telephone, or fax

If you contact us by e-mail, telephone or fax, your request, including all resulting personal data (name, request) will be stored and processed by us for the purpose of processing your request. We do not pass these data on without your consent.

These data are processed on the basis of Art. 6(1)(b) GDPR if your inquiry is related to the fulfillment of a contract or is required for the performance of pre-contractual measures. In all other cases, the data are processed on the basis of our legitimate interest in the effective handling of inquiries submitted to us (Art. 6(1)(f) GDPR) or on the basis of your consent (Art. 6(1)(a) GDPR) if it has been obtained.

The data sent by you to us via contact requests remain with us until you request us to delete, revoke your consent to the storage or the purpose for the data storage lapses (e.g. after completion of your request). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

Registration on this website

You have the option to register on this website to be able to use additional website functions. We shall use the data you enter only for the purpose of using the respective offer or service you have registered for. The required information we request at the time of registration must be entered in full. Otherwise, we shall reject the registration.

To notify you of any important changes to the scope of our portfolio or in the event of technical modifications, we shall use the e-mail address provided during the registration process.

We shall process the data entered during the registration process on the basis of your consent (Art. 6(1)(a) GDPR).

The data recorded during the registration process shall be stored by us as long as you are registered on this website. Subsequently, such data shall be deleted. This shall be without prejudice to mandatory statutory retention obligations.

5. Plug-ins and Tools

YouTube with expanded data protection integration

Our website embeds videos of the website YouTube. The website operator is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in the expanded data protection mode. According to YouTube, this mode ensures that YouTube does not store any information about visitors to this website before they watch the video. Nevertheless, this does not necessarily mean that the sharing of data with YouTube partners can be ruled out as a result of the expanded data protection mode. For instance, regardless of whether you are watching a video, YouTube will always establish a connection with the Google DoubleClick network.

As soon as you start to play a YouTube video on this website, a connection to YouTube’s servers will be established. As a result, the YouTube server will be notified, which of our pages you have visited. If you are logged into your YouTube account while you visit our site, you enable YouTube to directly allocate your browsing patterns to your personal profile. You have the option to prevent this by logging out of your YouTube account.

Furthermore, after you have started to play a video, YouTube will be able to place various cookies on your device or comparable technologies for recognition (e.g. device fingerprinting). In this way YouTube will be able to obtain information about this website’s visitors. Among other things, this information will be used to generate video statistics with the aim of improving the user friendliness of the site and to prevent attempts to commit fraud.

Under certain circumstances, additional data processing transactions may be triggered after you have started to play a YouTube video, which are beyond our control.

The use of YouTube is based on our interest in presenting our online content in an appealing manner. Pursuant to Art. 6(1)(f) GDPR, this is a legitimate interest. If a corresponding agreement has been requested, the processing takes place exclusively on the basis of Art. 6(1)(a) GDPR; the agreement can be revoked at any time.

For more information on how YouTube handles user data, please consult the YouTube Data Privacy Policy under: https://policies.google.com/privacy?hl=en.

Google Web Fonts

To ensure that fonts used on this website are uniform, this website uses so-called Web Fonts provided by Google. When you access a page on our website, your browser will load the required web fonts into your browser cache to correctly display text and fonts.

To do this, the browser you use will have to establish a connection with Google’s servers. As a result, Google will learn that your IP address was used to access this website. The use of Google Web Fonts is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in a uniform presentation of the font on the operator’s website. If a respective declaration of consent has been obtained (e.g., consent to the archiving of cookies), the data will be processed exclusively on the basis of Art. 6(1)(a) GDPR. Any such consent may be revoked at any time.

If your browser should not support Web Fonts, a standard font installed on your computer will be used.

For more information on Google Web Fonts, please follow this link: https://developers.google.com/fonts/faq and consult Google’s Data Privacy Declaration under: https://policies.google.com/privacy?hl=en.

SoundCloud

We may have integrated plug-ins of the social network SoundCloud (SoundCloud Limited, Berners House, 47-48 Berners Street, London W1T 3NF, Great Britain) into this website. You will be able to recognize such SoundCloud plug-ins by checking for the SoundCloud logo on the respective pages.

Whenever you visit this website, a direct connection between your browser and the SoundCloud server will be established immediately after the plug-in has been activated. As a result, SoundCloud will be notified that you have used your IP address to visit this website. If you click the “Like” button or the “Share” button while you are logged into your Sound Cloud user account, you can link the content of this website to your SoundCloud profile and/or share the content. Consequently, SoundCloud will be able to allocate the visit to this website to your user account. We emphasize that we as the provider of the websites do not have any knowledge of the data transferred and the use of this data by SoundCloud.

Data are stored and analyzed on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the highest possible visibility on social media. If a respective declaration of consent has been obtained (e.g. consent to the archiving of cookies), the data will be processed exclusively on the basis of Art. 6(1)(a) GDPR. Any such consent may be revoked at any time.

For more information about this, please consult SoundCloud’s Data Privacy Declaration at: https://soundcloud.com/pages/privacy.

If you prefer not to have your visit to this website allocated to your SoundCloud user account by SoundCloud, please log out of your SoundCloud user account before you activate content of the SoundCloud plug-in.


business partner

What sources and data do we use?

We process the data necessary in connection with the establishment, execution and/or termination of our business relationships. We generally collect this data from you directly, e.B g. in the context of an offer request or order, as well as by contacting you via our website, by e-mail, at trade fairs or similar events.

Sometimes we may first receive your data from someone else, e.g.B a colleague in your company who names you as the contact person. If this happens, we will let you know our source at the first communication.

Personal data we process include:

  • Name, first name and gender (for the salutation)
  • Company affiliation and company address
  • usually two contact options in your company (e.B. phone number and e-mail address)
  • records of transactions and the respective correspondence

What do we process your data for (purpose of processing) and on what legal basis?

We use the above data to prepare and fulfill business operations and to establish and maintain effective business communications. The legal basis for these processing operations is art. 6 sec. 1 lit. f GDPR if you, as our business partner, represent another organization. Our legitimate interest is to achieve the above purposes. If you as a person are directly our contractual partner, we process your data instead on the basis of Art. 6 sec. 1 lit b GDPR, which allows the processing of personal data for the performance of a contract or pre-contractual measures.

We may wish to collect further information from you at a later date or use it in any other way. Should this happen, we will ask for your consent in accordance with Art. 6 sec. 1 lit. a i.V.m Art. 7 GDPR and inform you accordingly. If you give us this consent, this can be revoked informally at any time. The legality of the use of your data up to the objection remains unaffected by the objection.

Should your data be necessary for legal proceedings, processing may be carried out in order to exercise our legitimate interests in accordance with Art. 6 sec. 1 lit. f GDPR. Our interest then is in asserting or defending claims, for example in the context of the obligation to provide evidence in a procedure.

Who gets my data?

In our company, only those persons who need it for the smooth execution of our business relationship have access to your data. There may also be several specialist departments in our company, depending on which services or products you receive from us. Furthermore, our IT department has access to your data for only technical processing.

Service providers used by us may also be recipients of data about you in the context of order processing in accordance with Art. 28 GDPR.

In the course of processing your orders, it is partly necessary that we transmit certain data to our respective suppliers or other business partners, who are based in Germany, the European foreign countries or.dem European Economic Area. This is e.B. your name, if necessary Your first name and organizational affiliation, as well as your contact details in your organization.

We may be required to disclose certain data to the appropriately authorised bodies within the scope of our legal obligations.

Is data transferred to a third country or to an international organisation?

Data transfers to agencies outside the European Economic Area (so-called third countries) usually do not take place. Nevertheless, data transfer in third countries may take place in individual cases, provided that:

  • it is required by law to:
  • you have given us your consent or
  • this is legitimised by the legitimate interest in data protection law and does not prevent the higher interests worthy of protection of the data subject.

In addition, we do not transfer personal data to agencies in third countries or international organizations.

However, we use service providers for certain tasks, which usually also use service providers who may have their registered office, parent company or data centers in a third country. A transfer is permitted if the European Commission has decided that there is an adequate level of protection in a third country (Article 45 GDPR). If the Commission has not taken such a decision, we or our service providers may only transfer personal data to a third country if appropriate safeguards exist (e.B. standard data protection clauses adopted by the EU Commission or the supervisory authority in a particular procedure) and enforceable rights and effective remedies are available.

An example of this is our use of Microsoft Office 365 as an enterprise-wide communication system. Although Microsoft also operates servers within the EU, it cannot be ruled out that your data may be transferred to and processed in a third country (e.B. the UNITED States).

We have concluded a contract processing agreement with Microsoft under Article 28 GDPR with EU clauses in order to maintain an adequate level of data protection. If necessary, please contact us for further information under the contact details above.

We have concluded corresponding order processing contracts with our service providers and have also contractually agreed that there must always be guarantees on data protection with their contractual partners in compliance with the European data protection level.

How long will my data be stored?

We store your data throughout the entire continuous business contact between us and your organization, including in particular the existence of a contract or pre-contractual measures.

In addition, we store your data to the extent and to the extent that we are obliged to do so due to mandatory legal regulations, such as.B. commercial or tax retention periods. This applies to a period of 10 years. Insofar as we no longer need your data for the purposes described above, it will be stored separately during the respective statutory retention period and will not be processed for other purposes. After expiry of the statutory retention periods, all remaining data will be safely deleted or destroyed immediately.

Is there an obligation to provide data?

The provision of your personal data is not required by law or contract at first, nor are you obliged to provide such data.

However, if you yourself are in a direct business relationship with us, you must provide the personal data necessary for the establishment and execution of a business relationship and the fulfilment of the associated contractual obligations. Without this data, we will usually have to refuse to conclude the contract or execute the order, or we will no longer be able to carry out an existing contract and, if necessary, terminate it.

If this is a business relationship with a company you represent to us, you must provide us with the personal data necessary for the establishment and execution of a representation/authorisation and the fulfilment of the associated contractual obligations. Without this data, we usually have to reject you as a personentitled to represent/authorised persons, or we must revoke an existing right of representation/authorisation.

To what extent is there automated decision-making?

We do not use automatic decision-making in accordance with Article 22 GDPR to establish, execute and terminate the business relationship. Should we use these procedures in individual cases, we will inform you about this and your rights in this regard separately, if this is required by law.

Is profiling taking place?

We do not process your data with the aim of evaluating certain personal aspects automatically.


employees

What sources and data do we use?

We process personal data that we have received from you to the extent necessary for the purposes of hiring, fulfilling the employment contract and terminating the employment relationship. In addition, we process personal data from our employees and other comparable data subjects that are regularly incurred in the context of the employment relationship.

This personal data includes in particular:

  • Personal details (e.B. name,  address and contact details; birthday and place and nationality, passport/identity card data, driving licence data)
  • family data (e.B. marital status and information on children)
  • Religion
  • Health data (e.B. incapacity reports and others, if relevant to the employment relationship, e.B. in the case of severe disability)
  • Tax identification number
  • Information on qualifications and employee development (e.B. training, professional experience, language skills and further training)
  • Information on the employment relationship (e.B. date of entry and name of activity and title)
  • Payroll tax-relevant data from the fulfilment of contractual obligations (e.B. salary payment)
  • Information on the financial situation of employees (e.B. loan liabilities and salary attachments, if applicable)
  • Social security data
  • Data on pensions and pension funds
  • data on working time (e.B. recording of workingtime, leave and sickness; data relating to missions)
  • Access data
  • Authorization data (e.B. access and access rights)
  • Image and sound data (e.B. ID photo and video and telephone recordings)
  • Employee evaluation data
  • and other data comparable to those categories.

What do we process your data for (purpose of processing) and on what legal basis?

We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG (new)):

In order to fulfil contractual obligations (Section 26 BDSG)

The processing of data is carried out for the establishment, execution or termination of the employment relationship within the framework of the existing contract with you or for the implementation of pre-contractual measures, which take place on request. If you use additional benefits (e.g. childcare allowance.B, retirement provision), your data will be processed to fulfill these additional benefits, if this is necessary.

In the context of the balance of interests (Art. 6 sec. 1 f GDPR)

If necessary, we process your data beyond the actual performance of the contract in order to safeguard legitimate interests of us or third parties. Examples of such cases are:

  • Personnel development planning measures
  • Measures to protect employees and customers and to protect the company's property
  • Evaluation of work processes for work control and improvement of processes (e.B. evaluations of the number of work certificates or processing time of services for customers)
  • Publication of contact details on the intranet and internal telephone book and on the website
  • Records of employee interviews (e.B. documentation of defined goals and achievement of goals)
  • Recording of security checks (e.B. retrieval of certificates of leadership, criminal records, etc.)

On the basis of your consent (Art. 6 sec. 1 a GDPR in conjunction with Art. 88 GDPR and Section 26 (2) BDSG (new))

If you have given us your consent to the processing of your personal data, processing will only be carried out in accordance with the purposes specified in the declaration of consent and to the extent agreed therein. Consent given may be revoked at any time with effect for the future. This also applies to the revocation of declarations of consent given to us before the GDPR is applicable, i.e. before 25 May 2018. The revocation of consent only works for the future and does not affect the legality of the data processed up to the revocation.

This applies to:

  • Use and, if necessary, publication of employee images

Due to legal requirements (Art. 6 sec. 1 c GDPR as well as Art. 88 GDPR and Section 26 BDSG (new))

As a company, we are subject to various legal obligations, i.e. legal requirements (e.B. social security law, occupational safety, tax laws). The purposes of the processing include, but are not only for verification of identity, the fulfilment of social security and tax control, reporting or documentation obligations, and the management of risks in the company.

Insofar as special categories of personal data are processed in accordance with Art. 9 sec. 1 GDPR, this serves in the context of the employment relationship the exercise of rights or the fulfilment of legal obligations under labour law, social security law and social protection (e.B. disclosure of health data to the health insurance fund, recording of the severe disability due to additional leave and determination of the severely disabled levy). This is done on the basis of Article 9(2) b GDPR i.V.m. Section 26 (3) of the German German Data Protection Act (BDSG). In addition, the processing of health data may be necessary for the assessment of their ability to work in accordance with Article 9 (2) h in the .m. Section 22 (1) b of the German Federal Data Protection Act (BDSG). In addition, the processing of special categories of personal data may.B be re-based on consent in accordance with Article 9(2) a GDPR i.V..m . .

Who gets my data?

Within the company, those agencies that need it to fulfil contractual, legal and regulatory obligations as well as to safeguard legitimate interests, e.B. human resources department.

Service providers and vicarious agents used by us may also receive data for these purposes, provided that they need the data for the performance of their respective services. These are e.B. companies in the categories of tax advice for payroll, training providers and IT services. All service providers are contractually obliged to treat your data confidentially.

With regard to the transfer of data to recipients outside our company, it should first be noted that we, as an employer, only pass on necessary personal data in compliance with the applicable data protection regulations. In principle, we may only disclose information about our employees if this is required by law, if you have consented or if we are otherwise authorised to disclose it.

Under these conditions, recipients of personal data may be, for example.B:

  • Social security institutions
  • Health insurance
  • Utilities
  • Tax authorities
  • Trade associations
  • public and public bodies (e.B. tax authorities and law enforcement authorities) in the event of a legal or regulatory obligation
  • other companies for the processing of salary payments or similar entities to which we transmit personal data for the execution of the contractual relationship (e.B. for salary payments)
  • Business and payroll tax auditors
  • Service providers in the context of order processing relationships

Other data recipients may be the bodies for which you have given us your consent to transfer data or to which we are authorised to transfer personal data on the basis of a balance of interests.

Is data transferred to a third country or to an international organisation?

Data transfers to agencies outside the European Economic Area (so-called third countries) usually do not take place. Nevertheless, data transfer in third countries may take place in individual cases, provided that:

  • it is required by law to:
  • you have given us your consent or
  • this is legitimised by the legitimate interest in data protection law and does not prevent the higher interests worthy of protection of the data subject.

In addition, we do not transfer personal data to agencies in third countries or international organisations.

However, we use service providers for certain tasks, which usually also use service providers who may have their registered office, parent company or data centers in a third country. A transfer is permitted if the European Commission has decided that there is an adequate level of protection in a third country (Article 45 GDPR). If the Commission has not taken such a decision, we or our service providers may only transfer personal data to a third country if appropriate safeguards exist (e.B. standard data protection clauses adopted by the EU Commission or the supervisory authority in a particular procedure) and enforceable rights and effective remedies are available.

An example of this is our use of Microsoft Office 365 as an enterprise-wide communication system. Although Microsoft also operates servers within the EU, it cannot be ruled out that your data may be transferred to and processed in a third country (e.B. the UNITED States).

We have concluded a contract processing agreement with Microsoft under Article 28 GDPR with EU clauses in order to maintain an adequate level of data protection. If necessary, please contact us for further information under the contact details above.

We have concluded corresponding order processing contracts with our service providers and have also contractually agreed that there must always be guarantees on data protection with their contractual partners in compliance with the European data protection level.

How long will my data be stored?

We process and store your personal data as long as this is necessary for the fulfilment of our contractual and legal obligations. It should be noted that the employment relationship is a permanent debt relationship, which is intended for a longer period of time.

If the data is no longer necessary for the fulfilment of contractual or legal obligations, these data are regularly deleted, unless their - temporary - further processing is required for the following purposes:

  • Fulfilment of statutory retention obligations, which may arise .B from: Social Code (SGB IV), Commercial Code (HGB) and Tax Code (AO). The retention or documentation deadlines set there are usually six to ten years.
  • Preservation of evidence within the framework of the statutory limitation regulations. Pursuant to Sections 195 ff of the Civil Code (BGB), these limitation periods can be up to 30 years, with a regular limitation period of 3 years.

If the data processing is carried out in the legitimate interest of us or a third party, the personal data will be deleted as soon as this interest no longer exists. The above exceptions apply. The same applies to data processing on the basis of consent given. As soon as this consent is revoked by you for the future, the personal data will be deleted, unless there are one of the above exceptions.

Is there an obligation to provide data?

Within the scope of the employment relationship, you must provide the personal data necessary for the establishment, execution and termination of an industrial relationship and for the fulfilment of the associated contractual obligations or which we are legally obliged to collect. Without this data, we will generally not be able to enter into or execute the contract with you.

To what extent is there automated decision-making?

We do not use automatic decision-making in accordance with Article 22 GDPR to establish, implement and terminate the working relationship. Should we use these procedures in individual cases, we will inform you about this and your rights in this regard separately, if this is required by law.

Is profiling taking place?

We do not process your data with the aim of evaluating certain personal aspects automatically.


applicant

What sources and data do we use?

We process the data you have sent us in connection with your application in order to check your suitability for the position (or any other open positions in our companies) and to carry out the application process.

This personal data includes in particular:

  • Personal details (e..B. name,  address and contact details)
  • Information on qualifications (e.B. training, professional experience, language skills and further training)

What do we process your data for (purpose of processing) and on what legal basis?

The legal basis for the processing of your personal data in this application procedure is primarily Section 26 of the German Data Code (BDSG). It allows the processing of data necessary in connection with the decision to establish an employment relationship.

Insofar as an employment relationship between you and us arises, we may, in accordance with Section 26 (1) of the German Data Protection Act (BDSG), process the personal data already received from you for the purposes of the employment relationship, if this is necessary for the performance or termination of the employment relationship or for the exercise or fulfilment of the rights and obligations arising from a law.

It may happen that we cannot take you into account directly when filling a position, but still want to keep your application so that we can contact you quickly if necessary. Should this happen, we will ask for your consent in accordance with Section 26 (2) of the German German Environmental Protection Act (BDSG) in order to be able to include your application in our application pool for a certain period of time. If you give us this consent, this can be revoked informally at any time.

Should your data be necessary for legal proceedings after the application process has been completed, processing may be carried out on the basis of the requirements of Art. 6 GDPR, in particular for the protection of legitimate interests under Art. 6 sec. 1 lit. f GDPR. Our interest then is in asserting or defending claims, for example in the context of the obligation to provide evidence in proceedings under the General Equal Treatment Act (AGG).

Who gets my data?

Your applicant data will be screened by the HR department upon receipt of your application. Appropriate applications are then forwarded internally to the department managers for the respective open position. The further process is then reconciled. In the company, only the persons who need it for the proper conduct of our application process have access to your data.

Is data transferred to a third country or to an international organisation?

Data transfers to agencies outside the European Economic Area (so-called third countries) usually do not take place. Nevertheless, data transfer in third countries may take place in individual cases, provided that:

  • it is required by law to:
  • you have given us your consent or
  • this is legitimised by the legitimate interest in data protection law and does not prevent the higher interests worthy of protection of the data subject.

In addition, we do not transfer personal data to agencies in third countries or international organisations.

However, we use service providers for certain tasks, which usually also use service providers who may have their registered office, parent company or data centers in a third country. A transfer is permitted if the European Commission has decided that there is an adequate level of protection in a third country (Article 45 GDPR). If the Commission has not taken such a decision, we or our service providers may only transfer personal data to a third country if appropriate safeguards exist (e.B. standard data protection clauses adopted by the EU Commission or the supervisory authority in a particular procedure) and enforceable rights and effective remedies are available.

An example of this is our use of Microsoft Office 365 as an enterprise-wide communication system. Although Microsoft also operates servers within the EU, it cannot be ruled out that your data may be transferred to and processed in a third country (e.B. the UNITED States).

We have concluded a contract processing agreement with Microsoft under Article 28 GDPR with EU clauses in order to maintain an adequate level of data protection. If necessary, please contact us for further information under the contact details above.

We have concluded corresponding order processing contracts with our service providers and have also contractually agreed that there must always be guarantees on data protection with their contractual partners in compliance with the European data protection level.

How long will my data be stored?

We will retain your personal data for as long as is necessary to decide on your application. If you are awarded a job as part of the application process, your applicant data will be transferred to our personnel information system.

If we are unable to take you into account directly for filling a position and you consent to further storage of your personal data, we will transfer your data to our applicant pool. There, your data will be deleted after the agreed period (usually 12 months) or after your withdrawal of consent.

Insofar as an employment relationship between you and us does not arise, we may also store data insofar as this is necessary to defend against possible legal claims. This usually includes six months after the announcement of the cancellation or until the final decision in a pending litigation.

Is there an obligation to provide data?

The provision of your personal data is neither required by law nor contract, nor is you obligated to provide such data. However, the provision of this data is necessary for the examination of a possible employment relationship  with us. Without this data, we will not be able to perform this check in order to: to enter into or perform an employment relationship with you.

To what extent is there automated decision-making?

We do not use automatic decision-making in accordance with Article 22 GDPR to establish, implement and terminate the working relationship. Should we use these procedures in individual cases, we will inform you about this and your rights in this regard separately, if this is required by law.

Is profiling taking place?

We do not process your data with the aim of evaluating certain personal aspects automatically.


Microsoft Teams

Note:

MS Teams is a microsoft Ireland Ltd. service ("Microsoft"). It cannot be ruled out that data may be transferred to Microsoft Corporation, One Microsoft Way Redmond, WA 98052-6399, USA in the USA. Microsoft can also perform remote maintenance access from other third countries. We have concluded the European Commission's standard data protection clauses with Microsoft. For more information, see point 4.

If you visit the MS Teams or Microsoft website, Microsoft is responsible for data processing. However, a visit to the website is only necessary to use MS Teams in order to download the software for the use of MS Teams.

If you don't want or can't use the MS Teams app, you can also use MS Teams through your browser. The service is then also provided via the WEBSITE of MS Teams.

What data is being processed?

When using MS Teams, different types of data are processed. The amount of data also depends on what data you enter before or when you participate in an online meeting. The following personal data are the subject of processing:

User information:

e.B. display name ("display name"), e-mail address, profile picture (optional), preferred language

Meeting metadata:

e.B. date, time, meeting ID, phone numbers, location

Text, audio and video data:

You may have the option to use the chat function in an online meeting. In this respect, the text entries you make will be processed to display in the online meeting. To enable video to be displayed and audio played, the data from your device's microphone and any video camera from the device will be processed accordingly during the duration of the meeting. You can turn off or mute the camera or microphone yourself via the MS Teams applications at any time.

What do we process your data for (purpose of processing) and on what legal basis?

Scope of processing

We use MS Teams to conduct online meetings, telephone and video conferencing, webcasts, etc. To participate in an online meeting or enter the "meeting room", you can also use a pseudonym.

The chat content is logged when using MS Teams. We store the chat content for a period of one month. If it is necessary for the purpose of logging the results of an online meeting, we can also log the chat content for an extended period of time, but at the latest until the intended purpose is fulfilled. However, this will not usually be the case.

If we wish to record meetings, we will communicate this transparently in advance and, if necessary, ask for your consent. You'll also see the fact of recording in the Teams app or in the Web browser view. The organizer can also specify which participants are eligible to record.

In the case of webcasts, we may also process the questions asked by the participants for the purpose of recording and following up webcasts. You can also make use of the ability to share a share with your screen. In this case, we are aware of the data and content you share through your screen.

We have no influence on the system-side processing of technical information such as device or hardware information (e..B IP address, operating system data of the end device as well as time and date of access) by the service provider. Microsoft processes so-called telemetry data itself. The MS Teams and Microsoft Terms of Use are explained under https://privacy.microsoft.com/de-DE/privacystatement  and https://docs.microsoft.com/de-de/microsoftteams/teams-privacy?view=o365-worldwide and describe the processing of personal data.

legal bases

Insofar as personal data of employees of our company  is processed, Section 26 of the German Data Code (BDSG) is the legal basis for data processing. If, in connection with the use of MS Teams,  personal data is not necessary for the establishment, execution or termination of the employment relationship, but is nevertheless an elementary component in the use of MS Teams, Article 6 (1) lit. f GDPR is the legal basis for data processing. In these cases, we are interested in the effective conduct of online meetings.

Furthermore, the legal basis for data processing in the conduct of online meetings is Art. 6 sec. 1  lit.b  GDPR, insofar as the meetings are carried out in the context of contractual relations.

If there is no contractual relationship, the legal basis is Art. 6 sec. 1 lit. f GDPR. Here, too, we are interested in effectivelyconducting online meetings.

Who gets my data?

In our company, only those people who need it for the smooth running of the online meetings have access to your data, i.e. e.B. the organizers and participants in meetings from our company. There may also be several specialist departments in our company, depending on which services or products you receive from us. Furthermore, our IT department has access to your data for only technical processing.

Personal data that is processed in connection with participation in online meetings will not be passed on to third parties unless they are intended for disclosure. Please note that content from online meetings as well as at personal meeting meetings is often used precisely to communicate information with customers, interested parties or third parties and is therefore intended for distribution.

As a provider of MS Teams, Microsoft will necessarily become aware of the above-date data as far as this is provided for in our order processing agreement with MS Teams. Service providers used by us may also be recipients of data about you in the context of order processing in accordance with Art. 28 GDPR.

We may be required to disclose certain data to the appropriately authorised bodies within the scope of our legal obligations.

Is data transferred to a third country or to an international organisation?

Data processing outside the European Union (EU) does not, in principle, take place, as we have limited our location to data centres in the European Union. However, we cannot rule out the possibility that data is routed or stored via Internet servers located outside the EU. This may be the case in particular if participants are in an online meeting in a third country.

A secure level of data protection is ensured by the conclusion of complementary EU standard data protection clauses and technical-organisational measures. When using standard privacy clauses, we aim to implement additional measures to protect your data where necessary. For this purpose, the data is encrypted during transmission over the Internet and at rest and thus protected from unauthorized access by third parties. Microsoft uses standard technologies, such as TLS and SRTP, to encrypt all data during transmission between users' devices and Microsoft data centers, as well as between Microsoft data centers. This includes messages, files (video, audio, etc.), meetings and other content. Dormant corporate data in Microsoft data centers is also encrypted in a way that enables organizations to decrypt content when needed. MS Teams also uses TLS and MTLS to encrypt instant messages. All server-to-server traffic requires MTLS, whether traffic is limited to the internal network or exceeds the internal network perimeter. For more information on how Microsoft Teams encrypts the data, visit https://docs.microsoft.com/de-de/microsoftteams/teams-security-guide.

With regard to personal data stored by Microsoft in the United States and Europe, which may be subject to regulatory requests for information from u.S. authorities, Microsoft warrants in a statement dated July 20, 2020 that such injunctions will be challenged in court that would allow access to personal information. In addition, as part of a legal settlement, Microsoft has acquired the right to disclose transparent reports on the number of Us national security instructions addressed to Microsoft, and new guidelines have been introduced within the US government that have restricted the use of nondisclosure orders (see https://news.microsoft.com/de-de/stellungnahme-zum-urteil-des-eugh-was-wir-unseren-kunden-zum-grenzueberschreitenden-datentransfer-bestaetigen-koennen/). The level of data protection is considered sufficient in relation to the expected content of our MS Teams meetings, which usually do not contain any personal data outside the names of the persons participating in the videoconference.

However, we hereby expressly point out that MS Teams is a service provided by a provider from the United States. The processing of personal data thus also takes place in a third country, which is currently considered to be unsafe under data protection law within the meaning of the GDPR. This can create risks for users, as, for example, the enforcement of the rights concerned may be more difficult. Negotiations are being conducted at political, data protection and bilateral levels to resolve the situation. However, no results are available at this time. If you personally decide that you cannot be afforded sufficient protection in this legal situation (in accordance with the judgment of the ECJ), it is currently not possible to participate in an online meeting via MS Teams.

How long will my data be stored?

We generally delete personal data if there is no requirement for further storage. A requirement may exist in particular if the data is still needed in order to fulfil contractual services, to check and grant or rebut warranty claims and, if necessary, guarantee claims. In the case of statutory retention obligations, deletion is only possible after the expiry of the respective retention obligation.

What data protection rights do I have?

Every data subject has the right to information under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restrict processing under Article 18 GDPR, the right to object under Article 21 GDPR and the right to data portability under Article 20 GDPR. In the case of the right of access and the right of cancellation, the restrictions under Sections 34 and 35 of the German Data Code (BDSG) apply. In addition, there is a right of appeal to a competent data protection supervisory authority (Article 77 GDPR).

You can revoke your consent to the processing of personal data at any time to us. This also applies to the revocation of declarations of consent given to us before the General Data Protection Regulation was applied, i.e. before 25 May 2018. Please note that the revocation will only work for the future. Processing carried out prior to revocation is not affected.

Is there an obligation to provide data?

The provision of your  personaldata  is not required by law or contract at first,  nor are you obliged to provide this data. To attend an online meeting   or enter the  meeting room, you must at least provide information about your name. If you do not wish to do so, your participation in our online meetings is unfortunately not possible.

To what extent is there automated  decision-making?

Automated decision-making in the form of Art. 22 GDPR is not used.

Is profiling taking place?

We do not process your data with the aim of evaluating certain personal aspects automatically.


Social media

Data processing through social networks

Social networks such as Xing, Youtube, Facebook, Twitter etc. can usually comprehensively analyse your user behaviour when you visit their website or a website with integrated social media content (e.g. .B like buttons or advertising banners). By visiting our social media presences, numerous data protection-relevant processing processes are triggered. In detail:

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies, which are stored on your terminal device or by collecting your IP address.

With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, you can see interest-based advertising inside and outside your social media presence. If you have an account with the respective social network, the interest-based advertisement may be displayed on all devices on which you are logged in or logged in.

Please also note that we cannot track all processing processes on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. Details of this can be found in the terms of use and data protection provisions of the respective social media portals.

legal basis

Our socialmedia presences are intended to ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Article 6 (1)  lit.f GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which must be indicated by the operators of the social networks (e.B. consent within the meaning of Art. 6 sec. 1  lit.a GDPR).

Responsible and assertion of rights

If you visit one of our socialmedia sites (e.g. Xing.B, we are jointly responsible for the data processing processes triggered during this visit together with the operator of the socialmedia platform. You can use your rights (information, rectification, deletion, restriction of processing, data portability and complaint, more details see separate entry) in principle both  withus and  .demoperator of the respective  socialmediaportal (e.B. ggü. Xing).

Please note that despite our joint responsibility with the socialmedia portal operators, we do not have a full influence on the data processing processes of the socialmedia portals. Our possibilities depend significantly on the company policy of the respective provider.

Storage time

The data collected directly by us via the socialmedia presence will be deleted from our systems as soon as the purpose for their storage is omitted, you ask us to delete it, revoke your consent to storage or the purpose for the data storage is omitted. Stored cookies remain on your device until you delete them. Mandatory legal provisions - in no matter retention periods remain unaffected.

We have no influence on the storage time of your data, which is stored by the operators of the social networks for their own purposes. For details, please contact the social network operators (e.B. in their privacy policy, see below).

Social networks in detail

Xing

We have a profile at XING. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. For details on how your personal data is handled, please refer to XING's privacy policy: https://privacy.xing.com/de/datenschutzerklaerung.

YouTube in particular

We use a YouTube channel owned by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

Please note that you use the YouTube channel offered here and its functions on your own responsibility. This applies in particular to the use of the "Discussion" function. Information about which data is processed by Google and for what purposes can be found in Google's privacy policy: https://policies.google.com/privacy?hl=de https://policies.google.com/privacy?hl=de&gl=de#infocollect

We have no influence on the type and scope of the data processed by Google, the way in which it is processed and used or the disclosure of such data to third parties. Nor do we have any effective means of monitoring in this respect.

Google collects, transmits, stores, discloses and uses your personal information, transferring, transferring, storing and using your personal information, regardless of your place of residence in the United States, Ireland and any other country in which Google does business. It is transmitted to Google-affiliated companies and to other trusted companies or individuals who process them on Google's behalf. On the one hand, Google processes your voluntarily entered data such as name and username, e-mail address, telephone number. Google also processes the content you create, upload or receive from others when you use the Services. For example, photos and videos that you save, documents and tables you create, and comments you write about YouTube videos.

On the other hand, Google also evaluates the content you share in order to determine the topics you are interested in, stores and processes confidential messages that you send directly to other users and can determine your location using GPS data, information about wireless networks or your IP address in order to send you advertisements or other content.

Google may use analysis tools such as Google Analytics for evaluation. PROLOGA Energy has no influence on the use of such tools by Google and has not been informed of such potential use. Should tools of this kind be used by Google for the PROLOGA Energy YouTube channel, PROLOGA Energy has not commissioned this or otherwise supported it in any way. Also, PROLOGA Energy will not be provided with the data obtained during the analysis. Only certain profiles of subscribers can be viewed for PROLOGA Energy via their account. Moreover, PROLOGA Energy has no way of preventing or shutting down the use of such tools on its YouTube channel. Finally, Google also receives information when you .B. view content, even if you haven't created an account. These so-called "log data" may be the IP address, browser type, operating system, information about the website you have previously accessed and the pages you have accessed, your location, your mobile operator, the device you use (including device ID and application ID), the search terms and cookie information you use. You can restrict the processing of your data in the general settings of your Google account.

In addition to these tools, Google also offers specific privacy settings for YouTube. Learn more in Google's Google Privacy Guide: https://policies.google.com/technologies/product-privacy?hl=de&gl=de

For more information on these issues, see Google's Privacy Policy under the term "Privacy Settings":  https://policies.google.com/privacy?hl=de&gl=de#infochoices

You can also request information via the Google Privacy Form:  https://support.google.com/policies/answer/9581826?visit_id=637054532384299914-2421490167&hl=de&rd=3

Data processed by PROLOGA Energy

PROLOGA Energy also processes your data when you communicate with us via YouTube. The processing is carried out for the purposes of PROLOGA Energy public relations work. The recipient of the data is first of all Google, where it may be passed on to third parties for its own purposes and under the responsibility of Google. The recipient of publications is also the public, i.e. potentially everyone. PROLOGA Energy itself does not collect data via its YouTube channel.

Also via the integration of the YouTube videos of PROLOGA Energy on its website (https://www.prologa.de or https://www.prologa-energy.de) the IP addresses of the page visitors are not transmitted to Google. In particular, there is no tracking on the website. However, the data you enter on YouTube, in particular your username and the content published under your account, will be processed by us insofar as we may reply to your publications under "Discussions". The data you freely publish and disseminate on YouTube will be included in PROLOGA Energy offer and made available to its followers.


Corona Contact Tracking

With the following information, we would like to give you an overview of the processing of your personal data by us and your rights under data protection law. Which data is processed in detail and in which manner is used depends to a large extent on the legal requirements of our federal state.

Purposes and legal bases of the processing

We collect your personal data in order to ensure the protection of our employees against infections that may be registered in the company and, on the other hand, to inform you of this circumstance in the event of infections detected later on in our employees, so that you can take further steps.

Your personal data will be lost on the basis of our legitimate interest in accordance with Art. 6 sec. 1. f GDPR for the identification of contact persons in the acute event of infection in individual cases in connection with SARS-CoV-2. In this case, the legitimate interests are the protection of our employees and the regulation of the infection in our company.

On this basis, we collect the following information: first and last name, full address, a contact option and the time of your visit.

Recipients or categories of recipients

In order to carry out this task, your data may only be passed on to the local health office in the event of infection. We do not transfer it to a third country. In addition, your data will only be passed on if there is a legal obligation to do so or if you have consented to it.

Duration of storage

The data will be kept by us for a period of four weeks and, if necessary.dem competent health department will be handed over in full upon request. After the retention period has expired, the data will be destroyed immediately.

What are your privacy rights?

Every data subject has the right to information under Article 15 GDPR, the right to rectification No under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restrict processing under Article 18 GDPR, the right to object under Article 21 GDPR and the right to data portability under Article 20 GDPR. In the case of the right of access and the right of cancellation, the restrictions under Sections 34 and 35 of the German Data Code (BDSG) apply. In addition, there is a right of appeal to a competent data protection supervisory authority (Article 77 GDPR).

You can revoke your consent to the processing of personal data at any time to us. This also applies to the revocation of declarations of consent given to us before the General Data Protection Regulation was applied, i.e. before 25 May 2018. Please note that the revocation will only work for the future. Processing carried out prior to revocation is not affected.

Is there an obligation to provide data?

There is no legal or contractual obligation on your part to provide your data. However, you may be denied access to our premises if you are not willing to provide us with this data.

To what extent is there automated decision-making?

Automated decision-making in the form of Art. 22 GDPR is not used.

Is profiling taking place?

We do not process your data with the aim of evaluating certain personal aspects automatically.


Other rights

Every data subject has the right to information under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restrict processing under Article 18 GDPR, the right to object under Article 21 GDPR and the right to data portability under Article 20 GDPR. In the case of the right of access and the right of cancellation, the restrictions under Sections 34 and 35 of the German Data Code (BDSG) apply.

In addition, there is a right of appeal to the supervisory authority responsible for data protection issues at your place of residence or work (Article 77 GDPR). The supervisory authority responsible for our company is:

State Commissioner for Data Protection Saxony-Anhalt
Pmail 1947
39009 Magdeburg

Phone: 0391 81803-0
Email:
 This email address is being protected from spambots. You need JavaScript enabled to view it.

A list of other supervisory authorities and their contact details can be found in the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

You can revoke your consent to the processing of personal data at any time to us. This also applies to the revocation of declarations of consent given to us before the General Data Protection Regulation was applied, i.e. before 25 May 2018. Please note that the revocation will only work for the future. Processing carried out prior to revocation is not affected.