Data Privacy

Persons responsible for data processing

In connection with our website www.we-bioenergy.com we, the

WegscheidEntrenco GmbH

Frankenstrasse 9

93059 Regensburg

Telephone: + 49 (0) 941 89796693

E-mail: info@we-bioenergy.com

 

Managing director and editor in charge: Egbert Freiherr von Cramm

Commercial register: Regensburg Local Court HRB 17110

Sales tax identification number: DE322271052

 

Name and address of the data protection officer

The data protection officer of the controller is:
HBSN GmbH
Schloßbergstraße 28
38315 Hornburg
Telephone: 05334 / 9488467
E-Mail: datenschutz@hbsn-gruppe.de

If you have any questions or suggestions regarding data protection, you can contact our data protection officer at any time.

 

Data that we process automatically

You can use our website without disclosing much personal data. However, each time you or another user (hereinafter referred to as “user” for reasons of simplification) use our website, we automatically process individual personal data (e.g. the IP address) as well as other technical information (e.g. version of the operating system). We need your IP address, for example, to make the operation of our website technically possible at all (Art. 6 para. 1 letter b DSGVO).

However, we cannot identify you directly with this data.

 

Data that you provide to us voluntarily

Beyond that, you do not have to provide any personal information. Only if you want to use further functions of our website or contact us voluntarily, we need further personal data from you. As soon as you enter personal data on our website (such as name, address, e-mail address), this is done on a voluntary basis.

Personal data is processed, for example, when you contact us, e.g. by requesting a consultation and filling out one of our forms for this purpose, or when you request that we send you information (e.g. our white paper via the subpage https://we-bioenergy.com/bhkw-hotellerie/). If you provide personal data for the above reasons, we will use it to process your request (Art. 6 para. 1 letter b DSGVO).

We also process data about your usage behavior in order to continuously improve our website, if you consent to this processing (Art. 6 para. 1 letter a DSGVO). With such data we can improve our site, because with their help we determine, for example, how many users access our website at the same time, which functions they use and which areas and functions of our website are particularly popular. These usage profiles are pseudonymized. Under normal circumstances, we are therefore unable to draw any conclusions about you and your use of our website. We also process this data in order to play personalized/targeted advertising to you from our advertising partners. However, we also only do this with your consent (Art. 6 para. 1 letter a DSGVO).

For these purposes, we use cookies and other technologies.

We sometimes work with partners who process data for us on our behalf. These partners process this data partly outside the European Economic Area, in particular in the United States of America.

 

Your rights

We will be happy to inform you free of charge about the data we have stored about you and delete or correct it if you wish. In principle, you can object to data processing by us and you can, of course, revoke your consent at any time. Simply contact us with your request and please inform yourself in detail about your rights in the following.

We will of course ensure that you can effectively use all your rights.

If you believe that your data has been processed improperly, you can complain to the competent supervisory authority.

 

Further information

To ensure that you always have full control over your data and know exactly how and for what purpose your data is processed and by whom, we provide you with even more detailed information on the individual topics below. Therefore, please also read the following information carefully:

1. General information on data processing

1.1 Important terms
1.2 Legal basis
1.3 Cooperation with processors and third parties
1.4 Data transfers to third countries
1.5 Deletion of data
1.6 Data security

2. Technically necessary data processing
3. Hosting (GoDaddy)
4. Communication
5. Cookies
6. Data processing by third parties

6.1 Google Analytics and Google Tag Manager
6.2 Font Awesome / Fonticons
6.3 Poptin
6.4 Calendly
6.5 Salesforce
6.6 Zapier
6.7 CloudFare
6.8 Vimeo

7. Right of objection
8. Right of revocation
9. Data subject rights

9.1 Information
9.2 Completion and correction
9.3 Deletion and restriction
9.4 Data portability
9.5 Right of appeal

10. Amendment of the privacy policy

 

1. General information on data processing

1.1 Important terms

“Personal data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing” means any operation or set of operations which is performed upon personal data, whether or not by automatic means. This term practically covers most cases where data are used in some way.

“Controller” means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.

1.2 Legal basis

According to Art. 13 DSGVO, the legal basis for our data processing shall be communicated to you. If the legal basis is not mentioned in this privacy policy, the following applies:

The legal basis for data processing based on consent is Art. 6(1)(a) and Art. 7 DSGVO, the legal basis for processing for the performance of our services and implementation of contractual measures and responding to requests is Art. 6(1)(b) DSGVO, the legal basis for processing for the performance of our legal obligations is Art. 6(1)(c) DSGVO, and the legal basis for processing for the performance of our legal obligations is Art. 6(1)(d) DSGVO. c DSGVO, and the legal basis for processing based on our legitimate interests is Art. 6 para. 1 lit. f DSGVO. In the event that vital interests of a data subject or another natural person require data processing of personal data, we base such data processing on Art. 6 (1) (d) DSGVO.

1.3 Cooperation with Processors and Third Parties

If, in the course of our data processing, we disclose data to other persons and companies, transfer it to them or grant them access in any other way, this will only be done on the basis of legal permission. For example, if we transfer your data to a service provider who helps us to offer you our initial consultation form on our website, this serves to process your initial consultation request and is covered by Art. 6 (1) b DSGVO. Data may also be transferred if you have consented to this (Art. 6 (1) (a) DSGVO), a legal obligation provides for a transfer (Art. 6 (1) (c) DSGVO) or we can rely on our legitimate interests (Art. 6 (1) (f) DSGVO).

In some cases, we use other companies as processors. For this purpose, we conclude “order processing agreements” on the basis of Art. 28 DSGVO.

1.4 Data transfer to third countries

In some cases, data is also processed by our service providers in so-called third countries. These are countries outside the European Union (EU) or the European Economic Area (EEA). This happens either for the fulfillment of our (pre)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. However, such processing only takes place if the specific requirements of Art. 44 et seq. DSGVO are fulfilled.

1.5 Deletion of data

We delete or restrict the processing of personal data in accordance with Art. 17 and 18 DSGVO. Stored data is generally deleted when it is no longer needed for its intended purpose, unless the deletion conflicts with legal retention obligations. We restrict data processing if the data cannot be deleted because, for example, it is to be used for other and legally permissible purposes. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law.

In Germany, data is retained in particular for 6 years in accordance with Section 257 (1) HGB (commercial books, inventories, opening balances, annual financial statements, commercial letters, accounting vouchers, etc.) and for 10 years in accordance with Section 147 (1) AO (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.).

Insofar as you are expressly informed in our data protection provisions when data will be deleted, this specific statement on the deletion date shall of course apply.

 

1.6 Data security

All data transfers between your end device and our servers or the servers of our service providers are encrypted. We use standard encryption techniques for this purpose so that the data transfer is secure. We also follow the principle of data economy and try to collect and store only as much of your personal data as is necessary for the provision of our service.

 

2. Technically necessary data processing

In the course of providing our services, technically necessary data processing takes place. This includes e.g. server logs, etc. for example at our hosting partner GoDaddy. Within the scope of these logs, basic connection data is stored, namely:

  • Your IP address
  • your operating system
  • the URL you are accessing
  • the time of your visit
  • size of the page you are accessing
  • from which other page you have reached our web pages
  • Response status code
  • request method
  • http protocol version

This data processing is based on our legitimate interests (Art. 6 para. 1 lit. f DSGVO). The collection of this data serves IT security and protection against unauthorized use. In this respect, we reserve the right to check this data subsequently if we become aware of concrete indications of unlawful use. This data will not be merged with other data sources. This data is deleted within a maximum of two months after data collection, unless its continued storage is necessary until a specific incident has been clarified.

 

3. Hosting (GoDaddy)

We use the services of GoDaddy.com LLC (Corporate Headquarters, 2155 E. GoDaddy Way, Tempe, AZ 85284, USA, phone: 089 21 094 807, fax: (480) 624-2546. email address: HQ@godaddy.com).

GoDaddy cannot associate this data with specific individuals. This data is not merged with other data sources. The data is processed after a statistical analysis . Further information can be found in GoDaddy’s order processing agreement: https://www.godaddy.com/de-de/legal/agreements/data-processing-addendum.

 

4. Communication

If you contact us directly and you have questions or comments about our offers, the data processing takes place for the fulfillment or initiation of a contractual relationship (Art. 6 para. 1 letter b DSGVO). For other topics, the legal basis is our legitimate interest in being able to respond to you appropriately in the case of general inquiries (Art. 6 (1) (f) DSGVO). Unless we have specified otherwise in the following notes on special technical services, your data will be deleted as soon as the respective request has been dealt with and there are no legal retention obligations.

 

5. Cookies

The website uses cookies. Cookies are text files that are stored on a computer system via an Internet browser

This website uses the following types of cookies, the scope and functionality of which are explained below:

Transient cookies (temporary cookies).
Transient cookies are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.

Persistent cookies (time-limited cookies).
Persistent cookies are automatically deleted after a specified duration, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.

Many cookies contain a unique identifier, the so-called cookie ID. Through this cookie ID, visited websites and servers can be assigned to the Internet browser used for this purpose, in which this cookie was stored. This enables the websites visited to distinguish the Internet browser of the person concerned from other Internet browsers that also contain other cookies. This makes it possible to recognize and identify a specific Internet browser and thus possibly a data subject.

The use of cookies enables us to present the information and offers of our website in an optimized way for the user. Cookies enable us to recognize the users of our website. The purpose of this recognition is to make it easier for users to use our website.

Cookies can also be stored by third-party providers on the device of the person concerned (third-party cookies). These cookies enable us to use external services of these third-party companies. These cookies are partly technically necessary, as certain functions of the website are otherwise not possible. The legal basis for storing these cookies is Art.6 Abs1. lit.f DSGVO in conjunction with §25 Abs.2 li.1 TTDSG. We only store other cookies that are not absolutely technically necessary with the consent of the user. The legal basis for this is Art.6 Abs1. Lit.a DSGVO in connection with §25 Abs.1 TTDSG.

The data subject can prevent the storage of cookies by our website at any time by changing the settings of the Internet browser used and thus permanently object to the storage of cookies. Cookies that have already been stored can be deleted at any time. This is possible in all common Internet browsers. By deactivating cookies by the person concerned, it may not be possible to fully use all functions of our websites.

 

6. Data processing by third parties

6.1 Google Analytics (Universal) and Google Tag Manager

On our website, we use Google Analytics in the Universal Analytics version (a service of Google Ireland Ltd, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”)). We use Google Analytics on the basis of your consent (Art. 6 para. 1 letter a DSGVO or § 25 para. 1 TTDSG). We thereby pursue the goal of improving our website and our customer approach.

Google Analytics works with the help of cookies and similar technologies. Different “events” (possibly the filling out of a form) and “screens” (screen views) are recorded.

We use these tools to recognize how you use our website, your interactions with the website (e.g. page views, links clicked, visitor flow), technical data (e.g. malfunctions) and some user characteristics (e.g. which device with which operating system you have and demographic user information such as your language).

Google will use this information on our behalf for the purpose of evaluating your use of our website, compiling reports on website activity and providing other services relating to website activity and internet usage. In doing so, pseudonymous usage profiles of the users are created from the processed data. The collected data will be deleted no later than 14 months after collection.

The information generated in this way is usually transferred to a Google server in the USA and stored there. In the USA, there is currently no level of data protection equivalent to that in the EU. We have concluded so-called EU standard contractual clauses with Google and agreed on further supplementary protective measures. However, this does not ensure that US authorities, for example, can access the collected data and that you have no effective legal protection against such data processing. With your consent to the use of Google Analytics, we therefore ask for your explicit consent to this data transfer as well – only then will the corresponding data processing and data transfer take place.

Through the IP anonymization procedure activated by us, the collected IP addresses are also shortened beforehand by Google within the European Union. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. The IP address transmitted by your terminal device as part of Google Analytics will not be merged with other data from Google.

You can prevent the collection and processing of information at any time with effect for the future by declaring your so-called “opt-out”. What is meant by this is that you revoke your consent to the collection and processing of data within the scope of these Google tools. If you do not want this data processing, you can click on this link to have a cookie placed in your browser that will prevent Google Analytics from collecting data in the future when you visit our website:

Please note that this will only prevent data collection in your currently used browser. Alternatively, you can also install a browser plug-in, which you can find here: https://tools.google.com/dlpage/gaoptout/. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

You can find more information about how Google handles the data we transmit here:

https://support.google.com/analytics/answer/6004245?hl=de
https://www.google.com/intl/de/policies/privacy/partners/

Google Tag Manager is also used on this website. Google Tag Manager (GTM) is a service that allows website operators to manage and implement tags or tracking codes on their website. GTM itself does not store any data, but allows integration with other tools that collect data on the website – for example, Google Analytics. However, Google Tag Manager does not access this data. If a deactivation has been made on domain or cookie level, it remains for all tracking tags, as far as they are implemented with Google Tag Manager.

 

6.2 Font Awesome

Our website uses the Font Awesome service provided by Fonticons (307 S. Main St., Suite 202, Bentonville, AR 72712, USA). We use this service to be able to display fonts (so-called web fonts) or icons in a suitable and consistent manner. We have integrated the used web fonts or icons on our web server. This prevents Fonticons from receiving personal data.

6.3 Poptin

For our website, we use the service provider Poptin, an Israeli company (whose data protection officer is Tomer Aharon, 18 Jerusalem Blvd, 7752311 Ashdod, Israel, Tel: +97235248444, Email: contact@poptin.com). We use this service provider to integrate pop up notifications into our website to display information to you. We use Poptin on the basis of your consent (Art. 6 para. 1 letter a DSGVO or § 25 para. 1 TTDSG).

When using this service, cookies are used and the following information is collected:

  • Your IP address,
  • information on how you use our website, in particular the web pages and links you access, the time you spend on them, mouse movements
  • from which other page you have reached our website
  • browser used
  • information about your terminal device
  • operating system and version
  • cookie settings

This data is not shared with third parties and is not used by Poptin for advertising or analysis purposes. The information collected .

More information about Poptin’s data processing can be found here: https://www.poptin.com/de/gdpr/

You can prevent the collection and processing of information at any time with effect for the future by declaring your so-called “opt-out”. What is meant by this is that you revoke your consent to the collection and processing of data by the Poptin service. Using your browser settings, you can prevent cookies from being set at any time. This also prevents cookies associated with Poptin from being stored on your end device. You can delete cookies that already exist on your end device.

6.4 Calendly

On our website we use Calendly, a service provided by Calendly LLC (BB&T Tower, 271 17th St NW, Atlanta, GA 30363, USA). If you are interested in our products, you can request further information and an initial consultation via our website. In order to provide you with information and other materials in a targeted manner, we provide forms that allow you to provide initial information about yourself, your concerns, and your contact information. We have created these forms with the help of Calendly.

The information you provide via these forms is processed by Calendly on our behalf. This data processing is done in order to be able to process your request properly (Art. 6 para. 1 letter b DSGVO).

Calendly does not use the data you provide for its own purposes. However, your data may be transferred to the USA and. In the USA (and possibly also in other third countries) there is currently no level of data protection equivalent to that in the EU. We have concluded so-called EU standard contractual clauses with Calendly and agreed on further supplementary protective measures. However, this does not ensure that US authorities, for example, can access the collected data and that you may not have effective legal protection against such data processing. – Only then will the corresponding data processing and the . Please note that you can only use our forms if you consent to this data transfer.

6.5 Salesforce

To manage customer data, we (hereinafter “Salesforce”) use salesforce.com Germany GmbH (Erika-Mann-Str. 31 80636 Munich, hereinafter “Salesforce”). , in order to learn more about our products or to instruct us, we manage information that you have provided to us in order to process your request as efficiently as possible, using Salesforce services (Art. 6 para. 1 letter b DSGVO).

Salesforce does not use the data you provide for its own purposes. However, your data may be transferred to third countries such as the USA and. In the USA (and possibly also in other third countries), there is currently no level of data protection equivalent to that in the EU. We have concluded so-called EU standard contractual clauses with Salesforce and agreed on further supplementary protective measures. However, this also does not ensure that US authorities, for example, can access the collected data and that you may not have effective legal protection against such data processing. Before you send us the form you have filled out, we therefore ask you for your explicit consent to the data transfer and the associated risks – only then will the corresponding data processing and data transfer take place. Please note that you can only use our forms if you consent to this data transfer.

For more information about Salesforce’s data processing, please click here: https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Agreements/data-processing-addendum.pdf

6.6 Zapier

You may wish to submit information to us using one of the forms on our website. To store this data automatically, we use services of Zapier Inc. (48 Market St #6241, San Francisco, CA 94104, USA, hereinafter “Zapier”). Zapier processes the from only if you consent to the data processing (Art. 6 para. 1 letter a DSGVO).

It is possible that Zapier transfers data that you have entered into a form on our website to third countries such as the USA. In the USA (and possibly also in other third countries), there is currently no level of data protection equivalent to that in the EU. We have concluded so-called EU standard contractual clauses with Salesforce and agreed on further supplementary protective measures. However, this also does not ensure that US authorities, for example, can access the collected data and that you may not have effective legal protection against such data processing. Before you send us the form you have filled out, we therefore ask you for your explicit consent to the data transfer and the associated risks – only then will the corresponding data processing and data transfer take place. Please note that you can only use our forms if you consent to this data transfer.

For more information about data processing by Zapier, please click here: https://zapier.com/

 

6.7 CloudFlare

To secure our website and optimize loading times, we use the CloudFlare service as a so-called CDN (content delivery network). This is a service of Cloudflare Inc, 101 Townsend Street, San Francisco, California 94107, USA, hereinafter referred to as “CloudFlare”.

Through the standard contractual clauses, CloudFlare guarantees that the data protection requirements of the EU are also complied with when processing data in the USA.

The legal basis is Art. 6 para. 1 lit. f) DSGVO. Our legitimate interest lies in the secure operation of our website and its optimization.

If you access our website, your requests are routed via the server of CloudFlare. In this process, statistical access data about the visit to our website is collected and a cookie is stored by CloudFlare on your end device via your internet browser. The access data include

  • Your IP address,
  • the Internet page(s) of our website that you accessed,
  • the type and version of the Internet browser you are using,
  • the operating system you are using
  • the Internet page from which you accessed our website (referrer URL),
  • the time you spend on our website and
  • the frequency with which you visit our website.

The data is used by CloudFlare for the purpose of statistical evaluations of the accesses as well as for the security and optimization of the offer.

If you do not agree with this processing, you have the option to prevent the installation of cookies by making the appropriate settings in your Internet browser. Details on this can be found above under the item “Cookies”.

CloudFlare offers further information on the collection and use of data as well as your rights and options for protecting your privacy at https://www.cloudflare.com/privacypolicy/.

 

6.8 Vimeo

We use “Vimeo” on our website to display videos. This is a service of Vimeo, LL C, 555 West 18th Street, New York, New York 10011, USA, hereinafter referred to as “Vimeo”.

Partial processing of user data takes place on Vimeo servers in the USA. Through the standard contractual clauses, Vimeo guarantees that the data protection requirements of the EU are also complied with when processing data in the USA.

Videos via Vimeo are only displayed after your consent to the processing. The legal basis is Art. 6 para. 1 lit. a DSGVO.

If you visit a page of our website in which a video is embedded, a connection to the servers of Vimeo in the USA is established to display the video. For technical reasons, it is necessary that Vimeo processes your IP address. In addition, the date and time of your visit to our website are also recorded.

If you are logged in to Vimeo at the same time as you visit one of our websites in which a Vimeo video is embedded, Vimeo may assign the information collected in this way to your personal user account there. If you wish to prevent this, you must either log out of Vimeo before visiting our website or configure your user account with Vimeo accordingly.

For the purpose of functionality and usage analysis, Vimeo uses the web analytics service Google Analytics. Google Analytics stores cookies on your end device via your Internet browser and sends information about the use of our website, in which a Vimeo video is embedded, to Google. It cannot be ruled out that Google processes this information in the USA.

If you do not agree to this processing, you have the option to prevent the installation of cookies by making the appropriate settings in your Internet browser. Details on this can be found above under the item “Cookies”.

 

7. Right of objection

You can object to the processing of your personal data at any time in accordance with the legal requirements. Insofar as we provide you with an opt-out option in these data protection provisions or elsewhere on our website, you can simply exercise your right to object in this way.

 

8. Right of withdrawal of consent

You can revoke your consent at any time with effect for the future. For this purpose, an informal communication by e-mail to us is sufficient or you use an opt-out option provided by us, if applicable. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

 

9. Data subject rights

9.1 Information

You have the right to request information about whether and how data concerning you is processed, further information and a copy of the data in accordance with Art. 15 DSGVO.

9.2 Completion and correction

In accordance with Art. 16 DSGVO, you have the right to request the completion of data concerning you or the correction of incorrect data concerning you.

9.3 Deletion and restriction

In accordance with Art. 17 DSGVO, you have the right to demand that data concerning you be deleted without delay, or alternatively, in accordance with Art. 18 DSGVO, to demand restriction of the processing of the data.

9.4 Data portability

According to Art. 20 DSGVO, you have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

9.5 Right of appeal

If you suspect unlawful data processing, you are free to file a complaint with the competent supervisory authority. The competent supervisory authority for data protection issues is the State Data Protection Commissioner of the federal state in which our company is based.

 

10. Amendment of the privacy policy

The data protection provisions inform you in each case about the current data processing in connection with our website. If there are changes to our services or this data processing, or if the legal situation changes, we must adapt this data protection policy accordingly. However, this only applies with regard to this information on data processing. If your consent was required or parts of the data protection regulations concern our contractual relationship with you, we will of course not make any changes to this without your consent. Please inform yourself regularly about the content of these data protection provisions.