Privacy policy

We are pleased that you are interested in our company. Our business is also characterized by data processing. In accordance with our Privacy Policy, we take the protection of your personal information very seriously and always treat your personal information confidentially and in accordance with the applicable data protection regulations.

With the following information, we would like to give you an overview of when, why and how we collect, use and process certain data from you and what rights you have in this regard. In the following, we have compiled the information according to the different categories of affected persons (business partners, employees, applicants).

Modification of this privacy policy

We revise this Privacy Notice in the event of changes in data processing or other occasions that require it. The current version can always be found on this website.

As of: 04.06.2021 

This is a translation. The agreed conditions are those in the original German statement “Datenschutzerklärung”.


contact

The responsible body for data processing with personal data is the

PROLOGA Energy GmbH
Walter-Hülse-Straße 5
06120 Halle (Saale)

T: +49 441 779 359-0
F: +49 441 779 359-20
I:  www.prologa-energy.com
E:  This email address is being protected from spambots. You need JavaScript enabled to view it.

If you have any questions about data protection in our company, please contact our Data Protection Officer at:

kelobit IT-Experts GmbH
Dr. Andreas Melzer
Thüringer Straße 31
06112 Halle (Saale)

T: 0345 132533-81
E: This email address is being protected from spambots. You need JavaScript enabled to view it.


Right to object

Case-by-case right to object

You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you, which is carried out on the basis of Article 6 (1) lit. f GDPR (data processing based on a balance of interests). This also applies to profiling based on that provision within the meaning of Article 4(4) GDPR. If you object, we will no longer process your personal data unless we can prove compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Recipient of an opposition

The objection can be made without form by post or e-mail with the subject "opposition" stating your name and address or company affiliation and should be addressed to:

PROLOGA Energy GmbH
Walter-Hülse-Straße 5
06120 Halle (Saale)


Website visitors

General Notes

How do we collect your data?

Your data is collected on the one hand by you providing it to us. This can be, for example, data that you send us by e-mail request.

Other data is automatically collected by our IT systems when we visit the website. These are mainly technical data (e.B. Internet browser, operating system or time of page view). The collection of this data takes place automatically as soon as you enter our website.

What do we use your data for?

Some of the data is collected to ensure that the website is provided without errors. Other data may be used to analyze your user behavior.

E-mail security

We would like to point out that data transmission over the Internet (e.B. when communicating via e-mail) may have security gaps. Complete protection of data against access by third parties is not possible.

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as requests you send to us as a site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by changing the address line of the browser from "http://" to "https://" and by the lock icon in your browser line.

If SSL or TLS encryption is enabled, the data you submit to us cannot be read by third parties.

Webhosting by IONOS

This site uses the product "Webhosting" from IONOS. 1&1 IONOS SE, has its headquarters in 56410 Montabaur, Elgendorfer Str. 57.

What data of my website visitors does IONOS store?

The following data is collected from website visitors, which is anonymized directly during the survey:

  • Referrer (previously visited website)
  • Requested web page or file
  • Browser type and browser version
  • Operating system used
  • Device type used
  • Time of access
  • IP address in anonymized form (used only to determine the location of access) 

In addition, processing by WebAnalytics takes place.

For what purpose is  the data collected?

The data is collected out of legitimate interest in order to ensure the security and stability of the offer and to be able to provide website visitors with the highest level of quality.

How long is the visitor data stored?

The data is stored for 8 weeks.

Will visitor data be passed on to third parties?

No, your data will not be passed on to third parties.

Is there a transfer of visitor data to third countries outside the EU?

No, there is no transfer to third countries.

Data collection on our website

Cookies

The websites sometimes use so-called cookies. Cookies do not cause any damage to your computer and do not contain viruses. Cookies are used to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and stored by your browser.

Most of the cookies we use are so-called "session cookies". They will be deleted automatically after the end of your visit. Other cookies remain stored on your device until you delete them. These cookies allow us to recognize your browser the next time you visit.

You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or ingeneral,  as well as enable the automatic deletion of cookies when the browser is closed. When disabling cookies, the functionality of this website may be limited.

Cookies that are necessary to carry out the electronic communication process or to provide certain functions that you wish to use are stored on the basis of Art. 6 sec. 1 lit. f GDPR. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of its services. Insofar as other cookies (e..B. cookies for the analysis of your browsing behaviour) are stored, these are treated separately in this data protection declaration.

Server Log Files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and browser version
  • operating system used
  • Referrer URL
  • Host name of the accessing machine
  • Time of server request
  • IP address

This data is not merged with other data sources.

The collection of this data is based on Art. 6 sec. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website – for this purpose, the server log files must be recorded.

Requests by e-mail, phone, fax or via the App Center on SAP Store

If you contact us by e-mail, telephone or fax, or if sap provides us with data via the App Center on SAP Store, your request, including any personal data (name, request) that results from it, will be stored and processed by us for the purpose of processing your request. We do not share this data without your consent.

The processing of this data is carried out on the basis of Art. 6 sec. 1 lit.b GDPR, provided that your request is related to the fulfilment of a contract with you as a contractual partner or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interests (Art. 6 sec. 1 lit. f GDPR), as we have a legitimate interest in the effective processing of the requests addressed to us.

The data you send to us via contact requests will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage is omitted (e.B. after your request has been completed). Mandatory statutory provisions, in particular statutory retention periods, remain unaffected.

Plug-ins and Tools

Google Web Fonts

This page uses so-called web fonts provided by Google to provide uniform appearance of fonts. When you visit a page, your browser loads the required web fonts into their browser cache to display text and fonts correctly.

For this purpose, the browser you are using must connect to Google's servers. This will make Google aware that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Article 6 (1) lit. f GDPR.

If your browser does not support Web Fonts, a default font will be used by your computer.

For more information about Google Web Fonts, see https://developers.google.com/fonts/faq and Google's Privacy Policy: https://policies.google.com/privacy?hl=de.


business partner

What sources and data do we use?

We process the data necessary in connection with the establishment, execution and/or termination of our business relationships. We generally collect this data from you directly, e.B g. in the context of an offer request or order, as well as by contacting you via our website, by e-mail, at trade fairs or similar events.

Sometimes we may first receive your data from someone else, e.g.B a colleague in your company who names you as the contact person. If this happens, we will let you know our source at the first communication.

Personal data we process include:

  • Name, first name and gender (for the salutation)
  • Company affiliation and company address
  • usually two contact options in your company (e.B. phone number and e-mail address)
  • records of transactions and the respective correspondence

What do we process your data for (purpose of processing) and on what legal basis?

We use the above data to prepare and fulfill business operations and to establish and maintain effective business communications. The legal basis for these processing operations is art. 6 sec. 1 lit. f GDPR if you, as our business partner, represent another organization. Our legitimate interest is to achieve the above purposes. If you as a person are directly our contractual partner, we process your data instead on the basis of Art. 6 sec. 1 lit b GDPR, which allows the processing of personal data for the performance of a contract or pre-contractual measures.

We may wish to collect further information from you at a later date or use it in any other way. Should this happen, we will ask for your consent in accordance with Art. 6 sec. 1 lit. a i.V.m Art. 7 GDPR and inform you accordingly. If you give us this consent, this can be revoked informally at any time. The legality of the use of your data up to the objection remains unaffected by the objection.

Should your data be necessary for legal proceedings, processing may be carried out in order to exercise our legitimate interests in accordance with Art. 6 sec. 1 lit. f GDPR. Our interest then is in asserting or defending claims, for example in the context of the obligation to provide evidence in a procedure.

Who gets my data?

In our company, only those persons who need it for the smooth execution of our business relationship have access to your data. There may also be several specialist departments in our company, depending on which services or products you receive from us. Furthermore, our IT department has access to your data for only technical processing.

Service providers used by us may also be recipients of data about you in the context of order processing in accordance with Art. 28 GDPR.

In the course of processing your orders, it is partly necessary that we transmit certain data to our respective suppliers or other business partners, who are based in Germany, the European foreign countries or.dem European Economic Area. This is e.B. your name, if necessary Your first name and organizational affiliation, as well as your contact details in your organization.

We may be required to disclose certain data to the appropriately authorised bodies within the scope of our legal obligations.

Is data transferred to a third country or to an international organisation?

Data transfers to agencies outside the European Economic Area (so-called third countries) usually do not take place. Nevertheless, data transfer in third countries may take place in individual cases, provided that:

  • it is required by law to:
  • you have given us your consent or
  • this is legitimised by the legitimate interest in data protection law and does not prevent the higher interests worthy of protection of the data subject.

In addition, we do not transfer personal data to agencies in third countries or international organizations.

However, we use service providers for certain tasks, which usually also use service providers who may have their registered office, parent company or data centers in a third country. A transfer is permitted if the European Commission has decided that there is an adequate level of protection in a third country (Article 45 GDPR). If the Commission has not taken such a decision, we or our service providers may only transfer personal data to a third country if appropriate safeguards exist (e.B. standard data protection clauses adopted by the EU Commission or the supervisory authority in a particular procedure) and enforceable rights and effective remedies are available.

An example of this is our use of Microsoft Office 365 as an enterprise-wide communication system. Although Microsoft also operates servers within the EU, it cannot be ruled out that your data may be transferred to and processed in a third country (e.B. the UNITED States).

We have concluded a contract processing agreement with Microsoft under Article 28 GDPR with EU clauses in order to maintain an adequate level of data protection. If necessary, please contact us for further information under the contact details above.

We have concluded corresponding order processing contracts with our service providers and have also contractually agreed that there must always be guarantees on data protection with their contractual partners in compliance with the European data protection level.

How long will my data be stored?

We store your data throughout the entire continuous business contact between us and your organization, including in particular the existence of a contract or pre-contractual measures.

In addition, we store your data to the extent and to the extent that we are obliged to do so due to mandatory legal regulations, such as.B. commercial or tax retention periods. This applies to a period of 10 years. Insofar as we no longer need your data for the purposes described above, it will be stored separately during the respective statutory retention period and will not be processed for other purposes. After expiry of the statutory retention periods, all remaining data will be safely deleted or destroyed immediately.

Is there an obligation to provide data?

The provision of your personal data is not required by law or contract at first, nor are you obliged to provide such data.

However, if you yourself are in a direct business relationship with us, you must provide the personal data necessary for the establishment and execution of a business relationship and the fulfilment of the associated contractual obligations. Without this data, we will usually have to refuse to conclude the contract or execute the order, or we will no longer be able to carry out an existing contract and, if necessary, terminate it.

If this is a business relationship with a company you represent to us, you must provide us with the personal data necessary for the establishment and execution of a representation/authorisation and the fulfilment of the associated contractual obligations. Without this data, we usually have to reject you as a personentitled to represent/authorised persons, or we must revoke an existing right of representation/authorisation.

To what extent is there automated decision-making?

We do not use automatic decision-making in accordance with Article 22 GDPR to establish, execute and terminate the business relationship. Should we use these procedures in individual cases, we will inform you about this and your rights in this regard separately, if this is required by law.

Is profiling taking place?

We do not process your data with the aim of evaluating certain personal aspects automatically.


employees

What sources and data do we use?

We process personal data that we have received from you to the extent necessary for the purposes of hiring, fulfilling the employment contract and terminating the employment relationship. In addition, we process personal data from our employees and other comparable data subjects that are regularly incurred in the context of the employment relationship.

This personal data includes in particular:

  • Personal details (e.B. name, address and contact details; birthday and place and nationality, passport/identity card data, driving licence data)
  • family data (e.B. marital status and information on children)
  • Religion
  • Health data (e.B. incapacity reports and others, if relevant to the employment relationship, e.B. in the case of severe disability)
  • Tax identification number
  • Information on qualifications and employee development (e.B. training, professional experience, language skills and further training)
  • Information on the employment relationship (e.B. date of entry and name of activity and title)
  • Payroll tax-relevant data from the fulfilment of contractual obligations (e.B. salary payment)
  • Information on the financial situation of employees (e.B. loan liabilities and salary attachments, if applicable)
  • Social security data
  • Data on pensions and pension funds
  • data on working time (e.B. recording of workingtime, leave and sickness; data relating to missions)
  • Access data
  • Authorization data (e.B. access and access rights)
  • Image and sound data (e.B. ID photo and video and telephone recordings)
  • Employee evaluation data
  • and other data comparable to those categories.

What do we process your data for (purpose of processing) and on what legal basis?

We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG (new)):

In order to fulfil contractual obligations (Section 26 BDSG)

The processing of data is carried out for the establishment, execution or termination of the employment relationship within the framework of the existing contract with you or for the implementation of pre-contractual measures, which take place on request. If you use additional benefits (e.g. childcare allowance.B, retirement provision), your data will be processed to fulfill these additional benefits, if this is necessary.

In the context of the balance of interests (Art. 6 sec. 1 f GDPR)

If necessary, we process your data beyond the actual performance of the contract in order to safeguard legitimate interests of us or third parties. Examples of such cases are:

  • Personnel development planning measures
  • Measures to protect employees and customers and to protect the company's property
  • Evaluation of work processes for work control and improvement of processes (e.B. evaluations of the number of work certificates or processing time of services for customers)
  • Publication of contact details on the intranet and internal telephone book and on the website
  • Records of employee interviews (e.B. documentation of defined goals and achievement of goals)
  • Recording of security checks (e.B. retrieval of certificates of leadership, criminal records, etc.)

On the basis of your consent (Art. 6 sec. 1 a GDPR in conjunction with Art. 88 GDPR and Section 26 (2) BDSG (new))

If you have given us your consent to the processing of your personal data, processing will only be carried out in accordance with the purposes specified in the declaration of consent and to the extent agreed therein. Consent given may be revoked at any time with effect for the future. This also applies to the revocation of declarations of consent given to us before the GDPR is applicable, i.e. before 25 May 2018. The revocation of consent only works for the future and does not affect the legality of the data processed up to the revocation.

This applies to:

  • Use and, if necessary, publication of employee images

Due to legal requirements (Art. 6 sec. 1 c GDPR as well as Art. 88 GDPR and Section 26 BDSG (new))

As a company, we are subject to various legal obligations, i.e. legal requirements (e.B. social security law, occupational safety, tax laws). The purposes of the processing include, but are not only for verification of identity, the fulfilment of social security and tax control, reporting or documentation obligations, and the management of risks in the company.

Insofar as special categories of personal data are processed in accordance with Art. 9 sec. 1 GDPR, this serves in the context of the employment relationship the exercise of rights or the fulfilment of legal obligations under labour law, social security law and social protection (e.B. disclosure of health data to the health insurance fund, recording of the severe disability due to additional leave and determination of the severely disabled levy). This is done on the basis of Article 9(2) b GDPR i.V.m. Section 26 (3) of the German German Data Protection Act (BDSG). In addition, the processing of health data may be necessary for the assessment of their ability to work in accordance with Article 9 (2) h in the .m. Section 22 (1) b of the German Federal Data Protection Act (BDSG). In addition, the processing of special categories of personal data may.B be re-based on consent in accordance with Article 9(2) a GDPR i.V..m . .

Who gets my data?

Within the company, those agencies that need it to fulfil contractual, legal and regulatory obligations as well as to safeguard legitimate interests, e.B. human resources department.

Service providers and vicarious agents used by us may also receive data for these purposes, provided that they need the data for the performance of their respective services. These are e.B. companies in the categories of tax advice for payroll, training providers and IT services. All service providers are contractually obliged to treat your data confidentially.

With regard to the transfer of data to recipients outside our company, it should first be noted that we, as an employer, only pass on necessary personal data in compliance with the applicable data protection regulations. In principle, we may only disclose information about our employees if this is required by law, if you have consented or if we are otherwise authorised to disclose it.

Under these conditions, recipients of personal data may be, for example.B:

  • Social security institutions
  • Health insurance
  • Utilities
  • Tax authorities
  • Trade associations
  • public and public bodies (e.B. tax authorities and law enforcement authorities) in the event of a legal or regulatory obligation
  • other companies for the processing of salary payments or similar entities to which we transmit personal data for the execution of the contractual relationship (e.B. for salary payments)
  • Business and payroll tax auditors
  • Service providers in the context of order processing relationships

Other data recipients may be the bodies for which you have given us your consent to transfer data or to which we are authorised to transfer personal data on the basis of a balance of interests.

Is data transferred to a third country or to an international organisation?

Data transfers to agencies outside the European Economic Area (so-called third countries) usually do not take place. Nevertheless, data transfer in third countries may take place in individual cases, provided that:

  • it is required by law to:
  • you have given us your consent or
  • this is legitimised by the legitimate interest in data protection law and does not prevent the higher interests worthy of protection of the data subject.

In addition, we do not transfer personal data to agencies in third countries or international organisations.

However, we use service providers for certain tasks, which usually also use service providers who may have their registered office, parent company or data centers in a third country. A transfer is permitted if the European Commission has decided that there is an adequate level of protection in a third country (Article 45 GDPR). If the Commission has not taken such a decision, we or our service providers may only transfer personal data to a third country if appropriate safeguards exist (e.B. standard data protection clauses adopted by the EU Commission or the supervisory authority in a particular procedure) and enforceable rights and effective remedies are available.

An example of this is our use of Microsoft Office 365 as an enterprise-wide communication system. Although Microsoft also operates servers within the EU, it cannot be ruled out that your data may be transferred to and processed in a third country (e.B. the UNITED States).

We have concluded a contract processing agreement with Microsoft under Article 28 GDPR with EU clauses in order to maintain an adequate level of data protection. If necessary, please contact us for further information under the contact details above.

We have concluded corresponding order processing contracts with our service providers and have also contractually agreed that there must always be guarantees on data protection with their contractual partners in compliance with the European data protection level.

How long will my data be stored?

We process and store your personal data as long as this is necessary for the fulfilment of our contractual and legal obligations. It should be noted that the employment relationship is a permanent debt relationship, which is intended for a longer period of time.

If the data is no longer necessary for the fulfilment of contractual or legal obligations, these data are regularly deleted, unless their - temporary - further processing is required for the following purposes:

  • Fulfilment of statutory retention obligations, which may arise .B from: Social Code (SGB IV), Commercial Code (HGB) and Tax Code (AO). The retention or documentation deadlines set there are usually six to ten years.
  • Preservation of evidence within the framework of the statutory limitation regulations. Pursuant to Sections 195 ff of the Civil Code (BGB), these limitation periods can be up to 30 years, with a regular limitation period of 3 years.

If the data processing is carried out in the legitimate interest of us or a third party, the personal data will be deleted as soon as this interest no longer exists. The above exceptions apply. The same applies to data processing on the basis of consent given. As soon as this consent is revoked by you for the future, the personal data will be deleted, unless there are one of the above exceptions.

Is there an obligation to provide data?

Within the scope of the employment relationship, you must provide the personal data necessary for the establishment, execution and termination of an industrial relationship and for the fulfilment of the associated contractual obligations or which we are legally obliged to collect. Without this data, we will generally not be able to enter into or execute the contract with you.

To what extent is there automated decision-making?

We do not use automatic decision-making in accordance with Article 22 GDPR to establish, implement and terminate the working relationship. Should we use these procedures in individual cases, we will inform you about this and your rights in this regard separately, if this is required by law.

Is profiling taking place?

We do not process your data with the aim of evaluating certain personal aspects automatically.


applicant

What sources and data do we use?

We process the data you have sent us in connection with your application in order to check your suitability for the position (or any other open positions in our companies) and to carry out the application process.

This personal data includes in particular:

  • Personal details (e..B. name, address and contact details)
  • Information on qualifications (e.B. training, professional experience, language skills and further training)

What do we process your data for (purpose of processing) and on what legal basis?

The legal basis for the processing of your personal data in this application procedure is primarily Section 26 of the German Data Code (BDSG). It allows the processing of data necessary in connection with the decision to establish an employment relationship.

Insofar as an employment relationship between you and us arises, we may, in accordance with Section 26 (1) of the German Data Protection Act (BDSG), process the personal data already received from you for the purposes of the employment relationship, if this is necessary for the performance or termination of the employment relationship or for the exercise or fulfilment of the rights and obligations arising from a law.

It may happen that we cannot take you into account directly when filling a position, but still want to keep your application so that we can contact you quickly if necessary. Should this happen, we will ask for your consent in accordance with Section 26 (2) of the German German Environmental Protection Act (BDSG) in order to be able to include your application in our application pool for a certain period of time. If you give us this consent, this can be revoked informally at any time.

Should your data be necessary for legal proceedings after the application process has been completed, processing may be carried out on the basis of the requirements of Art. 6 GDPR, in particular for the protection of legitimate interests under Art. 6 sec. 1 lit. f GDPR. Our interest then is in asserting or defending claims, for example in the context of the obligation to provide evidence in proceedings under the General Equal Treatment Act (AGG).

Who gets my data?

Your applicant data will be screened by the HR department upon receipt of your application. Appropriate applications are then forwarded internally to the department managers for the respective open position. The further process is then reconciled. In the company, only the persons who need it for the proper conduct of our application process have access to your data.

Is data transferred to a third country or to an international organisation?

Data transfers to agencies outside the European Economic Area (so-called third countries) usually do not take place. Nevertheless, data transfer in third countries may take place in individual cases, provided that:

  • it is required by law to:
  • you have given us your consent or
  • this is legitimised by the legitimate interest in data protection law and does not prevent the higher interests worthy of protection of the data subject.

In addition, we do not transfer personal data to agencies in third countries or international organisations.

However, we use service providers for certain tasks, which usually also use service providers who may have their registered office, parent company or data centers in a third country. A transfer is permitted if the European Commission has decided that there is an adequate level of protection in a third country (Article 45 GDPR). If the Commission has not taken such a decision, we or our service providers may only transfer personal data to a third country if appropriate safeguards exist (e.B. standard data protection clauses adopted by the EU Commission or the supervisory authority in a particular procedure) and enforceable rights and effective remedies are available.

An example of this is our use of Microsoft Office 365 as an enterprise-wide communication system. Although Microsoft also operates servers within the EU, it cannot be ruled out that your data may be transferred to and processed in a third country (e.B. the UNITED States).

We have concluded a contract processing agreement with Microsoft under Article 28 GDPR with EU clauses in order to maintain an adequate level of data protection. If necessary, please contact us for further information under the contact details above.

We have concluded corresponding order processing contracts with our service providers and have also contractually agreed that there must always be guarantees on data protection with their contractual partners in compliance with the European data protection level.

How long will my data be stored?

We will retain your personal data for as long as is necessary to decide on your application. If you are awarded a job as part of the application process, your applicant data will be transferred to our personnel information system.

If we are unable to take you into account directly for filling a position and you consent to further storage of your personal data, we will transfer your data to our applicant pool. There, your data will be deleted after the agreed period (usually 12 months) or after your withdrawal of consent.

Insofar as an employment relationship between you and us does not arise, we may also store data insofar as this is necessary to defend against possible legal claims. This usually includes six months after the announcement of the cancellation or until the final decision in a pending litigation.

Is there an obligation to provide data?

The provision of your personal data is neither required by law nor contract, nor is you obligated to provide such data. However, the provision of this data is necessary for the examination of a possible employment relationship  with us. Without this data, we will not be able to perform this check in order to: to enter into or perform an employment relationship with you.

To what extent is there automated decision-making?

We do not use automatic decision-making in accordance with Article 22 GDPR to establish, implement and terminate the working relationship. Should we use these procedures in individual cases, we will inform you about this and your rights in this regard separately, if this is required by law.

Is profiling taking place?

We do not process your data with the aim of evaluating certain personal aspects automatically.


Microsoft Teams

Note:

MS Teams is a microsoft Ireland Ltd. service ("Microsoft"). It cannot be ruled out that data may be transferred to Microsoft Corporation, One Microsoft Way Redmond, WA 98052-6399, USA in the USA. Microsoft can also perform remote maintenance access from other third countries. We have concluded the European Commission's standard data protection clauses with Microsoft. For more information, see point 4.

If you visit the MS Teams or Microsoft website, Microsoft is responsible for data processing. However, a visit to the website is only necessary to use MS Teams in order to download the software for the use of MS Teams.

If you don't want or can't use the MS Teams app, you can also use MS Teams through your browser. The service is then also provided via the WEBSITE of MS Teams.

What data is being processed?

When using MS Teams, different types of data are processed. The amount of data also depends on what data you enter before or when you participate in an online meeting. The following personal data are the subject of processing:

User information:

e.B. display name ("display name"), e-mail address, profile picture (optional), preferred language

Meeting metadata:

e.B. date, time, meeting ID, phone numbers, location

Text, audio and video data:

You may have the option to use the chat function in an online meeting. In this respect, the text entries you make will be processed to display in the online meeting. To enable video to be displayed and audio played, the data from your device's microphone and any video camera from the device will be processed accordingly during the duration of the meeting. You can turn off or mute the camera or microphone yourself via the MS Teams applications at any time.

What do we process your data for (purpose of processing) and on what legal basis?

Scope of processing

We use MS Teams to conduct online meetings, telephone and video conferencing, webcasts, etc. To participate in an online meeting or enter the "meeting room", you can also use a pseudonym.

The chat content is logged when using MS Teams. We store the chat content for a period of one month. If it is necessary for the purpose of logging the results of an online meeting, we can also log the chat content for an extended period of time, but at the latest until the intended purpose is fulfilled. However, this will not usually be the case.

If we wish to record meetings, we will communicate this transparently in advance and, if necessary, ask for your consent. You'll also see the fact of recording in the Teams app or in the Web browser view. The organizer can also specify which participants are eligible to record.

In the case of webcasts, we may also process the questions asked by the participants for the purpose of recording and following up webcasts. You can also make use of the ability to share a share with your screen. In this case, we are aware of the data and content you share through your screen.

We have no influence on the system-side processing of technical information such as device or hardware information (e..B IP address, operating system data of the end device as well as time and date of access) by the service provider. Microsoft processes so-called telemetry data itself. The MS Teams and Microsoft Terms of Use are explained under https://privacy.microsoft.com/de-DE/privacystatement  and https://docs.microsoft.com/de-de/microsoftteams/teams-privacy?view=o365-worldwide and describe the processing of personal data.

legal bases

Insofar as personal data of employees of our company  is processed, Section 26 of the German Data Code (BDSG) is the legal basis for data processing. If, in connection with the use of MS Teams,  personal data is not necessary for the establishment, execution or termination of the employment relationship, but is nevertheless an elementary component in the use of MS Teams, Article 6 (1) lit. f GDPR is the legal basis for data processing. In these cases, we are interested in the effective conduct of online meetings.

Furthermore, the legal basis for data processing in the conduct of online meetings is Art. 6 sec. 1  lit.b  GDPR, insofar as the meetings are carried out in the context of contractual relations.

If there is no contractual relationship, the legal basis is Art. 6 sec. 1 lit. f GDPR. Here, too, we are interested in effectivelyconducting online meetings.

Who gets my data?

In our company, only those people who need it for the smooth running of the online meetings have access to your data, i.e. e.B. the organizers and participants in meetings from our company. There may also be several specialist departments in our company, depending on which services or products you receive from us. Furthermore, our IT department has access to your data for only technical processing.

Personal data that is processed in connection with participation in online meetings will not be passed on to third parties unless they are intended for disclosure. Please note that content from online meetings as well as at personal meeting meetings is often used precisely to communicate information with customers, interested parties or third parties and is therefore intended for distribution.

As a provider of MS Teams, Microsoft will necessarily become aware of the above-date data as far as this is provided for in our order processing agreement with MS Teams. Service providers used by us may also be recipients of data about you in the context of order processing in accordance with Art. 28 GDPR.

We may be required to disclose certain data to the appropriately authorised bodies within the scope of our legal obligations.

Is data transferred to a third country or to an international organisation?

Data processing outside the European Union (EU) does not, in principle, take place, as we have limited our location to data centres in the European Union. However, we cannot rule out the possibility that data is routed or stored via Internet servers located outside the EU. This may be the case in particular if participants are in an online meeting in a third country.

A secure level of data protection is ensured by the conclusion of complementary EU standard data protection clauses and technical-organisational measures. When using standard privacy clauses, we aim to implement additional measures to protect your data where necessary. For this purpose, the data is encrypted during transmission over the Internet and at rest and thus protected from unauthorized access by third parties. Microsoft uses standard technologies, such as TLS and SRTP, to encrypt all data during transmission between users' devices and Microsoft data centers, as well as between Microsoft data centers. This includes messages, files (video, audio, etc.), meetings and other content. Dormant corporate data in Microsoft data centers is also encrypted in a way that enables organizations to decrypt content when needed. MS Teams also uses TLS and MTLS to encrypt instant messages. All server-to-server traffic requires MTLS, whether traffic is limited to the internal network or exceeds the internal network perimeter. For more information on how Microsoft Teams encrypts the data, visit https://docs.microsoft.com/de-de/microsoftteams/teams-security-guide.

With regard to personal data stored by Microsoft in the United States and Europe, which may be subject to regulatory requests for information from u.S. authorities, Microsoft warrants in a statement dated July 20, 2020 that such injunctions will be challenged in court that would allow access to personal information. In addition, as part of a legal settlement, Microsoft has acquired the right to disclose transparent reports on the number of Us national security instructions addressed to Microsoft, and new guidelines have been introduced within the US government that have restricted the use of nondisclosure orders (see https://news.microsoft.com/de-de/stellungnahme-zum-urteil-des-eugh-was-wir-unseren-kunden-zum-grenzueberschreitenden-datentransfer-bestaetigen-koennen/). The level of data protection is considered sufficient in relation to the expected content of our MS Teams meetings, which usually do not contain any personal data outside the names of the persons participating in the videoconference.

However, we hereby expressly point out that MS Teams is a service provided by a provider from the United States. The processing of personal data thus also takes place in a third country, which is currently considered to be unsafe under data protection law within the meaning of the GDPR. This can create risks for users, as, for example, the enforcement of the rights concerned may be more difficult. Negotiations are being conducted at political, data protection and bilateral levels to resolve the situation. However, no results are available at this time. If you personally decide that you cannot be afforded sufficient protection in this legal situation (in accordance with the judgment of the ECJ), it is currently not possible to participate in an online meeting via MS Teams.

How long will my data be stored?

We generally delete personal data if there is no requirement for further storage. A requirement may exist in particular if the data is still needed in order to fulfil contractual services, to check and grant or rebut warranty claims and, if necessary, guarantee claims. In the case of statutory retention obligations, deletion is only possible after the expiry of the respective retention obligation.

What data protection rights do I have?

Every data subject has the right to information under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restrict processing under Article 18 GDPR, the right to object under Article 21 GDPR and the right to data portability under Article 20 GDPR. In the case of the right of access and the right of cancellation, the restrictions under Sections 34 and 35 of the German Data Code (BDSG) apply. In addition, there is a right of appeal to a competent data protection supervisory authority (Article 77 GDPR).

You can revoke your consent to the processing of personal data at any time to us. This also applies to the revocation of declarations of consent given to us before the General Data Protection Regulation was applied, i.e. before 25 May 2018. Please note that the revocation will only work for the future. Processing carried out prior to revocation is not affected.

Is there an obligation to provide data?

The provision of your  personaldata  is not required by law or contract at first,  nor are you obliged to provide this data. To attend an online meeting   or enter the  meeting room, you must at least provide information about your name. If you do not wish to do so, your participation in our online meetings is unfortunately not possible.

To what extent is there automated  decision-making?

Automated decision-making in the form of Art. 22 GDPR is not used.

Is profiling taking place?

We do not process your data with the aim of evaluating certain personal aspects automatically.


Social media

Data processing through social networks

Social networks such as Xing, Youtube, Facebook, Twitter etc. can usually comprehensively analyse your user behaviour when you visit their website or a website with integrated social media content (e.g. .B like buttons or advertising banners). By visiting our social media presences, numerous data protection-relevant processing processes are triggered. In detail:

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies, which are stored on your terminal device or by collecting your IP address.

With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, you can see interest-based advertising inside and outside your social media presence. If you have an account with the respective social network, the interest-based advertisement may be displayed on all devices on which you are logged in or logged in.

Please also note that we cannot track all processing processes on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. Details of this can be found in the terms of use and data protection provisions of the respective social media portals.

legal basis

Our socialmedia presences are intended to ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Article 6 (1)  lit.f GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which must be indicated by the operators of the social networks (e.B. consent within the meaning of Art. 6 sec. 1  lit.a GDPR).

Responsible and assertion of rights

If you visit one of our socialmedia sites (e.g. Xing.B, we are jointly responsible for the data processing processes triggered during this visit together with the operator of the socialmedia platform. You can use your rights (information, rectification, deletion, restriction of processing, data portability and complaint, more details see separate entry) in principle both  withus and  .demoperator of the respective  socialmediaportal (e.B. ggü. Xing).

Please note that despite our joint responsibility with the socialmedia portal operators, we do not have a full influence on the data processing processes of the socialmedia portals. Our possibilities depend significantly on the company policy of the respective provider.

Storage time

The data collected directly by us via the socialmedia presence will be deleted from our systems as soon as the purpose for their storage is omitted, you ask us to delete it, revoke your consent to storage or the purpose for the data storage is omitted. Stored cookies remain on your device until you delete them. Mandatory legal provisions - in no matter retention periods remain unaffected.

We have no influence on the storage time of your data, which is stored by the operators of the social networks for their own purposes. For details, please contact the social network operators (e.B. in their privacy policy, see below).

Social networks in detail

Xing

We have a profile at XING. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. For details on how your personal data is handled, please refer to XING's privacy policy: https://privacy.xing.com/de/datenschutzerklaerung.

YouTube in particular

We use a YouTube channel owned by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

Please note that you use the YouTube channel offered here and its functions on your own responsibility. This applies in particular to the use of the "Discussion" function. Information about which data is processed by Google and for what purposes can be found in Google's privacy policy: https://policies.google.com/privacy?hl=de https://policies.google.com/privacy?hl=de&gl=de#infocollect

We have no influence on the type and scope of the data processed by Google, the way in which it is processed and used or the disclosure of such data to third parties. Nor do we have any effective means of monitoring in this respect.

Google collects, transmits, stores, discloses and uses your personal information, transferring, transferring, storing and using your personal information, regardless of your place of residence in the United States, Ireland and any other country in which Google does business. It is transmitted to Google-affiliated companies and to other trusted companies or individuals who process them on Google's behalf. On the one hand, Google processes your voluntarily entered data such as name and username, e-mail address, telephone number. Google also processes the content you create, upload or receive from others when you use the Services. For example, photos and videos that you save, documents and tables you create, and comments you write about YouTube videos.

On the other hand, Google also evaluates the content you share in order to determine the topics you are interested in, stores and processes confidential messages that you send directly to other users and can determine your location using GPS data, information about wireless networks or your IP address in order to send you advertisements or other content.

Google may use analysis tools such as Google Analytics for evaluation. PROLOGA Energy has no influence on the use of such tools by Google and has not been informed of such potential use. Should tools of this kind be used by Google for the PROLOGA Energy YouTube channel, PROLOGA Energy has not commissioned this or otherwise supported it in any way. Also, PROLOGA Energy will not be provided with the data obtained during the analysis. Only certain profiles of subscribers can be viewed for PROLOGA Energy via their account. Moreover, PROLOGA Energy has no way of preventing or shutting down the use of such tools on its YouTube channel. Finally, Google also receives information when you .B. view content, even if you haven't created an account. These so-called "log data" may be the IP address, browser type, operating system, information about the website you have previously accessed and the pages you have accessed, your location, your mobile operator, the device you use (including device ID and application ID), the search terms and cookie information you use. You can restrict the processing of your data in the general settings of your Google account.

In addition to these tools, Google also offers specific privacy settings for YouTube. Learn more in Google's Google Privacy Guide: https://policies.google.com/technologies/product-privacy?hl=de&gl=de

For more information on these issues, see Google's Privacy Policy under the term "Privacy Settings":  https://policies.google.com/privacy?hl=de&gl=de#infochoices

You can also request information via the Google Privacy Form:  https://support.google.com/policies/answer/9581826?visit_id=637054532384299914-2421490167&hl=de&rd=3

Data processed by PROLOGA Energy

PROLOGA Energy also processes your data when you communicate with us via YouTube. The processing is carried out for the purposes of PROLOGA Energy public relations work. The recipient of the data is first of all Google, where it may be passed on to third parties for its own purposes and under the responsibility of Google. The recipient of publications is also the public, i.e. potentially everyone. PROLOGA Energy itself does not collect data via its YouTube channel.

Also via the integration of the YouTube videos of PROLOGA Energy on its website (www.prologa.de or www.prologa-energy.de) the IP addresses of the page visitors are not transmitted to Google. In particular, there is no tracking on the website. However, the data you enter on YouTube, in particular your username and the content published under your account, will be processed by us insofar as we may reply to your publications under "Discussions". The data you freely publish and disseminate on YouTube will be included in PROLOGA Energy offer and made available to its followers.


Corona Contact Tracking

With the following information, we would like to give you an overview of the processing of your personal data by us and your rights under data protection law. Which data is processed in detail and in which manner is used depends to a large extent on the legal requirements of our federal state.

Purposes and legal bases of the processing

We collect your personal data in order to ensure the protection of our employees against infections that may be registered in the company and, on the other hand, to inform you of this circumstance in the event of infections detected later on in our employees, so that you can take further steps.

Your personal data will be lost on the basis of our legitimate interest in accordance with Art. 6 sec. 1. f GDPR for the identification of contact persons in the acute event of infection in individual cases in connection with SARS-CoV-2. In this case, the legitimate interests are the protection of our employees and the regulation of the infection in our company.

On this basis, we collect the following information: first and last name, full address, a contact option and the time of your visit.

Recipients or categories of recipients

In order to carry out this task, your data may only be passed on to the local health office in the event of infection. We do not transfer it to a third country. In addition, your data will only be passed on if there is a legal obligation to do so or if you have consented to it.

Duration of storage

The data will be kept by us for a period of four weeks and, if necessary.dem competent health department will be handed over in full upon request. After the retention period has expired, the data will be destroyed immediately.

What are your privacy rights?

Every data subject has the right to information under Article 15 GDPR, the right to rectification No under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restrict processing under Article 18 GDPR, the right to object under Article 21 GDPR and the right to data portability under Article 20 GDPR. In the case of the right of access and the right of cancellation, the restrictions under Sections 34 and 35 of the German Data Code (BDSG) apply. In addition, there is a right of appeal to a competent data protection supervisory authority (Article 77 GDPR).

You can revoke your consent to the processing of personal data at any time to us. This also applies to the revocation of declarations of consent given to us before the General Data Protection Regulation was applied, i.e. before 25 May 2018. Please note that the revocation will only work for the future. Processing carried out prior to revocation is not affected.

Is there an obligation to provide data?

There is no legal or contractual obligation on your part to provide your data. However, you may be denied access to our premises if you are not willing to provide us with this data.

To what extent is there automated decision-making?

Automated decision-making in the form of Art. 22 GDPR is not used.

Is profiling taking place?

We do not process your data with the aim of evaluating certain personal aspects automatically.


Other rights

Every data subject has the right to information under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restrict processing under Article 18 GDPR, the right to object under Article 21 GDPR and the right to data portability under Article 20 GDPR. In the case of the right of access and the right of cancellation, the restrictions under Sections 34 and 35 of the German Data Code (BDSG) apply.

In addition, there is a right of appeal to the supervisory authority responsible for data protection issues at your place of residence or work (Article 77 GDPR). The supervisory authority responsible for our company is:

State Commissioner for Data Protection Saxony-Anhalt
Pmail 1947
39009 Magdeburg

Phone: 0391 81803-0
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

A list of other supervisory authorities and their contact details can be found in the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

You can revoke your consent to the processing of personal data at any time to us. This also applies to the revocation of declarations of consent given to us before the General Data Protection Regulation was applied, i.e. before 25 May 2018. Please note that the revocation will only work for the future. Processing carried out prior to revocation is not affected.