Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6 sentence 1 (1) (a) EU General Data Protection Regulation (GDPR) serves as the legal basis.

In the case of the processing of personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) sentence 1 (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.

Insofar as the processing of personal data is necessary to comply with a legal obligation to which our company is subject, Art. 6 para. 1 sentence 1 lit. c GDPR serves as the legal basis.

In the event that the vital interests of the data subject or another natural person necessitate the processing of personal data, Art. 6 (1) sentence 1 (d) GDPR serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) sentence 1 (f) GDPR serves as the legal basis for the processing.

The following categories of personal data may be processed by us:

• Master data such as first name, last name, gender, date of birth, address, customer number
• Communication data such as telephone number, fax number, e-mail address, communication content (especially from e-mails)
• Financial data such as bank or account details, credit card data, creditworthiness
• Usage data such as IP address, login data, log files, password, location of access
• Telemetry data such as GPS data, diagnostic data
• Information about the nature and content of our business relationship, e.g. contract data, order data, sales and receipt data, customer histories, consulting documents, motor vehicle data
• Advertising and sales data, including the data that is generated when you respond to our (direct) marketing activities (e.g. access to a newsletter, recording of click behaviour)
• Data that we have received in the course of our business relationship (e.g. in customer meetings) as well as data that we generate ourselves from the master/contact details as well as other data, such as by means of customer needs and customer potential analyses

In the following, we would like to inform you about which personal data we process and for what purposes this is done when our services and products are used or when we are contacted.

a)     Diermeier Energie eShop and guest orders

Description of the processing

In the Diermeier Energie online shop, we offer users the opportunity to register and create a Diermeier online account by providing personal data. The data is entered into an input mask and transmitted to us and stored. The data will not be passed on to third parties. As part of the registration process, first name, last name, e-mail address and a password of at least 8 digits are collected. At the time of registration, the user’s IP address and the date and time of registration are also stored.

Registration with the Energy Shop is voluntary and not required to order a product online. We also offer guest orders without registration; this allows the order to be placed without creating a customer account.

Legal basis for processing

Art. 6 Abs. 1 lit. a DS-GVO

Deletion of the online customer account is possible at any time, please contact info@diermeier-energie.de by e-mail.

Data recipients

We also use hosting and maintenance service providers to provide the service.

b)     Account

Description of the processing

It is possible to set up a customer account via an account opening application. After a credit check has been carried out, we set up a credit line, which enables purchase on account. If it is necessary for the business relationship, we obtain a bank report and a land register report.

 Legal basis for processing

Art. 6 para. 1 sentence 1 lit. a GDPR for the opening of the customer account, the obtaining of a bank information and a land register information.

Art. 6 para. 1 sentence 1 lit f GDPR for credit checks (see also the section “Conducting credit checks”). Our legitimate interest is to protect ourselves from payment defaults.

 Data recipients

For the above-mentioned purposes, we may transmit your data to credit agencies, banks, IT service providers and authorities.

c)     Process and offer optimization

Description of the processing

In order to improve the quality of processes and services and to optimise our customer service, we carry out potential analyses in the form of evaluations and reports on the future use of our goods and services using probability values. This also serves to be able to set sales targets for our company. In order to carry out the potential analyses, our customers are grouped according to certain criteria. These criteria include, in particular, order history, sales and statistics.

 If users are logged in to their online customer account, their click behavior can be tracked. This serves to improve the customer experience when accessing our website.

 Legal basis for processing

Art. 6 para. 1 lit. f GDPR, as we have a legitimate interest in showing customers products that may be of interest to them and thus improving the shopping experience for registered customers.

 If you do not want registered and logged in customers of the online portal to be shown personalized content, you can object to this by sending an e-mail to info@diermeier-energie.de.

 Art. 6 para. 1 sentence 1 lit f. GDPR: our legitimate interest is to improve our services and to continuously develop our products/services. In addition, we have a legitimate interest in increasing customer satisfaction and responding optimally to the needs of individual customers.

d)     Customer-Database

Description of the processing

We maintain a customer database to optimize the data quality of existing customer data (duplicates, cleanup, moved/deceased license plates, address correction) as well as to improve customer service. The data can be used for personalized direct marketing campaigns (e.g. newsletters), for targeted online marketing and personalized online shop design.

 We also use our customer database for business management measures and further development of services and products. The purpose of this data processing is the further development of established internal IT systems, including the testing of new functionalities in compliance with appropriate technical and organizational measures. Master data, communication data, information about the business relationship as well as advertising/sales data may be processed for the aforementioned purposes.

 Legal basis for processing

Art. 6 para. 1 sentence 1 lit. f GDPR, as we have an interest in participating group companies – which serve the same customers – being able to use information about these customers across organisations. Data is stored separately on a company-by-company basis, with BayWa AG providing the database to participating Group companies as a service provider.

In addition, customers should always be provided with the most up-to-date and relevant information.

Receiver

We use hosting and maintenance service providers to provide the database.

a)        Business management and further development

Description of the processing

We carry out measures for business management and further development of services and products. This includes the further development of established internal IT systems, including the testing of new functionalities in compliance with technical and organizational measures. In the course of this, personal data that has been made available to us in the context of business relationships may be processed.

 Legal basis for processing

Art. 6 para. 1 sentence 1 lit. f GDPR, as we have an interest in further developing our business processes.

 Receiver

For the purposes mentioned, we may consult consultant service providers.

b)     Logistics

Description of the processing

For the delivery of goods or the provision of services, we process master and address data (e.g. in freight documents). In order to ensure a smooth process, we use logistics tools in which customer and order data (e.g. order status) are processed.

 Legal basis for processing

Art. 6 (1) (b) GDPR for the contractually agreed logistics service

 Receiver

For some logistics tasks, we are supported by freight forwarders. We use shipping service providers for deliveries of goods.

c)     Supplier Management

Description of the processing

Regular supplier assessments are carried out to identify vulnerabilities and solutions to prevent errors. These assessments can identify potential risks in the supply chain, improve the quality of our products and services, and make our supplier selection measurable/transparent.  In the course of this process, personal data of the suppliers may also be processed. This usually includes master data, communication data and information about the type and content of our business relationship, information about the type and content of our business relationship as well as data that we have collected in the course of our business relationship.

 Legal basis for processing

Art. 6 para. 1 sentence 1 lit. f GDPR, as we have an interest in optimizing the cooperation with our suppliers and maintaining it in the long term.

Description of the processing

When data subjects enter into a contract with us, we process the data necessary for the conclusion, performance or termination of the contract. This usually involves master data, financial data and information about the nature and content of the business relationship.

We process the payment information for the purpose of payment processing, e.g. when a product and/or service is purchased or used via our website.

When making a purchase in an online shop, we are obliged to send an electronic order confirmation due to legal requirements in the German Civil Code (BGB).

We are also obliged to share data with personal sanctions lists or embargo lists (esp. financial sanctions against listed persons) in order to provide the listed persons with non-economic resources or financial resources and to ensure compliance with foreign trade law.

 Legal basis for processing

Art. 6 (1) (b) GDPR for the processing of data for the execution of a contract or for the implementation of pre-contractual measures

Art. 6 (1) sentence 1 (c) GDPR in conjunction with Section 312 (1) sentence 1 BGB for the obligation to send an order confirmation

Art. 6 (1) sentence (c) GDPR in conjunction with Section 34 (4) and (7) of the Foreign Trade and Payments Act for comparison with sanctions lists

6 (1) sentence 1 (f) GDPR, as we have an interest in avoiding our own financial or legal disadvantages due to a violation of sanctions lists.

Receiver

We use payment service providers (e.g. credit card service providers). For the delivery of ordered goods, we work together with logistics service providers. The following data may be passed on to them for the purpose of delivery of the ordered goods and – if necessary – for their announcement: first name, last name, postal address, e-mail address, telephone number (e.g. for forwarding announcements).

If an order requires a calculation / quotation in a manufacturer’s portal (e.g. from a window supplier), then manufacturers can also be recipients of your data.

a)        E-mail newsletter

Description of the processing

On our website and on various forms (e.g. as part of a competition, in the case of a data usage declaration) it is possible to subscribe to a free newsletter. In order to deliver the newsletter, we need your e-mail address. In addition, the IP address of the accessing computer as well as the date and time of registration are collected during registration.

The collection of other personal data as part of the registration process serves to prevent misuse of the services or the e-mail address used.

After registration, interested parties will receive an e-mail from us with a link that must be clicked to complete the registration. The purpose of this is to prevent the misuse of e-mail addresses (“double opt-in”). 

We also process data about the usage behavior of recipients (such as opening links) in order to tailor the content of the information in future newsletters to the needs of the users.

Legal basis for processing

Art. 6 Abs. 1 S.1 lit. a DS-GVO

The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose, there is a corresponding link in every newsletter. Alternatively, you can contact the service center mentioned above.

Receiver

To send the newsletter, we use marketing service providers as part of order processing.

b)     Marketing and direct mail

Purposes of processing

We carry out various measures for advertising purposes, for customer loyalty, for the optimisation of customer offers as well as for market and opinion research.

Our marketing measures also include competitions, which are regularly subject to separate terms and conditions of participation. If you take part in one of our competitions, we process personal data that has been provided to us by competition participants (usually by entering them in a relevant entry form on our website or at a location or event) for the purpose of participating in the competition, insofar as this is necessary for the implementation and processing of the competition.

We process the e-mail address that we have received from customers in connection with the sale of a product or service for the purpose of direct advertising for our own similar goods or services (cf. § 7 para. 3 UWG).

Data subjects can object to the use of personal data for advertising purposes at any time, either in whole or for individual measures, without incurring any costs other than the transmission costs according to the basic tariffs (e.g. internet connection costs, postage). Affected persons should contact the service center mentioned in No. 1.

Rechtsgrundlage der Verarbeitung

Legal basis for processing

Art. 6 para. 1 sentence 1 lit. a GDPR for advertising measures that require explicit prior consent

Art. 6 para. 1 sentence 1 lit. f GDPR for data processing for the purpose of direct marketing that does not require explicit prior consent. We have a legitimate interest in winning you over to our offers and establishing a sustainable customer relationship.

Receiver

For the above-mentioned purposes, we may involve marketing service providers.

c)     Contact form and e-mail contact

Description of the processing

There is a contact form on our website, which can be used for electronic contact. If a user takes advantage of this option, the corresponding data will be transmitted to us and stored. This data is: name and e-mail address. At the time the message is sent, the user’s IP address as well as the date and time are also stored

Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail will be stored.

Legal basis for processing

Art. 6 Abs. 1 lit. a DS-GVO

Art. 6 (1) (b) GDPR if the contact is aimed at concluding a contract.

Art. 6 (1) (f) GDPR for the processing of the data transmitted when contacting us or for the prevention of misuse and security of our information technology systems

Receiver

In this context, the data will not be passed on to third parties. The data is used exclusively for the processing of the conversation.

Please note that both the sending of unencrypted e-mails and, if applicable, the sending of faxes are to be regarded as insecure, as unauthorized persons can take note of the content of the e-mail or fax and, if necessary, manipulate it. Therefore, we advise you not to send any sensitive data by e-mail or fax when communicating with us.

If it is necessary to send sensitive data by e-mail, please use a content encryption option.

As an applicant, please use our applicant portal, as your application documents will be transferred there in a secure way.

d)     Customer service

Description of the processing

Data subjects can contact our customer service by phone, e-mail, contact form and traditional mail. Depending on the reason for the request, we process master data, communication data or contract data in this context. Incoming letter mail (e.g. invoices) can be digitised and redistributed in internal mailroom.

Legal basis for processing

Art. 6 (1) (b) GDPR for the processing of contractually agreed warranty services

Art. 6 (1) (c) GDPR for claims arising from the statutory warranty

Art. 6 para. 1 lit. f GDPR for the improvement of our services.

Receiver

The above-mentioned customer service is partly provided by BayWa CS GmbH within the framework of order processing.

a)     Fraud prevention webshops

Description of the processing

During the ordering process on our websites and apps, data may be processed with the help of cookies and other technologies (→ see Cookies and Similar Technologies). This is data to determine the end device used by the user and the usage behavior. Thus, suspicious website usages can be identified.

Legal basis for processing

Article 6 (1) sentence 1 (f) GDPR, as we have a vested interest in protecting ourselves against payment defaults and fraud.

Receiver

The recipients of the aforementioned data are IT service providers.

b)     (IT-) Safety

Description of the processing

To ensure the safety of our facilities, goods and systems, we have implemented various security measures. For example, alarm systems are used to protect our locations from vandalism and burglaries or to be able to document such offences for further prosecution.

We have also implemented state-of-the-art IT security measures on our websites and systems (e.g. access control/logging, anti-virus program, etc.).

Legal basis for processing

Art. 6 para. 1 sentence 1 lit. f GDPR, as we have a legitimate interest in preventing property crime and vandalism as well as financial damage and avoiding reputational damage.

Receiver

The recipients of the aforementioned data are IT service providers and security companies.

c)     Business Partner Screening

Description of the processing

In order to exclude compliance risks (e.g. corruption, money laundering, etc.) and to avoid the resulting reputational damage and economic disadvantages, we carry out risk-based business partner screenings for (potential) business partners using publicly available lists. Master and communication data may be processed for this purpose.

Legal basis for processing

Art. 6 para. 1 sentence 1 lit. f GDPR, as we have a legitimate interest in protecting ourselves from reputational damage and economic disadvantages.

Receiver

The recipients of the aforementioned data are IT service providers.

d)     Sanctions and terror list screening

Description of the processing

In order to comply with our legal obligations (general or country-specific EU embargo regulations, EU regulations on combating terrorism) and to reduce compliance risks, we are required to check customers, suppliers and recipients of deliveries abroad (customs export controls). To this end, master and communication data are compared with current terror and sanctions lists.

Legal basis for processing

Art. 6 (1) sentence (c) GDPR in conjunction with Section 34 (4) and (7) of the Foreign Trade and Payments Act for comparison with sanctions lists

Receiver

Recipients of the mentioned data are screening tool providers.

e)     Enforcement or defence of legal claims

Description of the processing

We process personal data to protect and defend our rights if we are involved in a dispute or if we are legally obliged to do so. This may be the case, for example, if we need to make claims or defend ourselves against claims, or if we need to participate in legal proceedings.

In the event that open invoices / instalments are not paid despite repeated reminders, we can provide the necessary data (esp. master, contract and payment data) to a debt collection service provider. In this way, we want to minimize our risk of payment defaults and avoid further legal action.

Legal basis for processing

Art. 6 (1) sentence (c) GDPR for the fulfilment of legal obligations.

Art. 6 para. 1 sentence lit. c GDPR, as we have a legitimate interest in enforcing and defending legal claims.

Receiver

We may disclose personal data to third parties involved in the litigation, such as courts, authorities, lawyers, experts or witnesses. We may also share personal data with other third parties who assist us in managing or settling the dispute, such as IT service providers, insurance companies- As part of the provision of debt collection services, we work together with debt collection agencies (Bayerischer Inkasso Dienst; EOS Inkasso Deutschland GmbH).

Description of the processing

If you as a commercial or private customer submit an application to open an account for supplies and services (“Account Opening Application”), we will create a customer account for you and, provided you have a corresponding creditworthiness, grant you a credit limit for deliveries and services, which allows you to purchase on account. Such an active customer account represents a continuing obligation with creditor risk for us, which is why we have a legitimate interest in being informed about changes in your creditworthiness – by setting up a permanent account with the credit agency or obtaining information at certain intervals or in the event of special incidents such as late payment.

If you register and shop exclusively with one of our online shops as a commercial or private customer (“online customer”), we will only obtain the aforementioned credit information if you have selected an insecure payment method (purchase on account, direct debit) at check-out. 

Diermeier transmits personal data collected in the context of our contractual relationships regarding the initiation of the contract, the application, the implementation and termination of this business relationship, as well as data on non-contractual conduct or fraudulent behaviour, to the following credit agencies:  SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden, Bisnode Deutschland GmbH, Robert-Bosch-Straße 11, 64293 Darmstadt, Coface Central Europe Holding AG, Stubenring 24, A-1010 Wien, CRIF Bürgel GmbH, Leopoldstraße 244, 80807 München, CRIF GmbH, Diefenbachgasse 35, AT-1150 Wien , Creditreform, Machtlfinger Straße 13, 81302 München, EOS Deutschland GmbH, Gottlieb-Daimler-Ring 7-9, 74906 Bad Rappenau, Euler Hermes AG, Grasstraße 29, 22761 Hamburg, R+V Allgemeine Versicherung, Raiffeisenplatz 1, 65189 Wiesbaden. The legal basis for these transfers is Article 6(1)(b) and Article 6(1)(f) of the General Data Protection Regulation (GDPR). Transfers on the basis of Article 6 (1) (f) GDPR may only take place if this is necessary to safeguard the legitimate interests of Diermeier Energie GmbH or third parties and does not outweigh the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data. The exchange of data with these credit agencies also serves to prevent fraud and verify identity. Diermeier Energie GmbH can use the match rates transmitted by the credit agency and, if applicable, On the basis of a reference to an ID-based legitimation check carried out in the past at the credit agency or another business partner, it can be seen whether a person is stored in the credit agency’s database at the address provided by the customer.

If we have obtained creditworthiness data about you from a credit agency within the scope of legal permissibility, we store this in a system to which the Group companies participating in BayWa Credit Management have access. The aim of this is to make it easier for joint customers to process transactions and to identify financial default risks. Access to the creditworthiness database is only granted if there is a legitimate interest for the respective group company.

The credit agencies process data and also use it for the purpose of profiling (scoring) in order to provide their contractual partners in the European Economic Area and Switzerland and, if applicable, other third countries (if there is an adequacy decision by the European Commission on these), with information on the assessment of the creditworthiness of natural persons, among other things. More information on the activities of SCHUFA can be viewed online at www.schufa.de/datenschutz . The data protection information of the other credit agencies mentioned can also be viewed online on their websites.

Legal basis for processing

Art. 6 para. 1 sentence 1 lit. b and f GDPR. Our legitimate interest in processing personal data for credit checks is that we want to protect ourselves against payment defaults in business transactions with creditor risk.

Receiver

For the purpose described, we transmit the data to credit agencies.

a)        Invitation and event participant management

Description of the processing

When interested parties register for a Diermeier event, we process personal data in order to confirm the registration, send information about the event and to run the event smoothly. In the course of this, master, communication and usage data (for online events) may be processed.

Legal basis for processing

Art. 6 para. 1 sentence 1 lit. f GDPR for the invitation to our events, as we have a legitimate interest in binding our customers to us, informing them about current developments and attracting new customers.

Art. 6 para. 1 sentence 1 lit. a GDPR if consent has been given to participation in an event.

Receiver

For the purpose described, data may be transmitted to event platforms or service providers.

b)     Photos/videos/sound recordings at events

Description of the processing

If an event is attended that is organized or sponsored by us, we may take photos of people or the event to post on our website or social media. We use photos to cover the event, document and promote our activities, and to communicate with our target audience. We pay attention to the protection of personal rights and avoid the publication of photos that depict people in an unflattering or discriminatory way.

Data subjects have the right to object to the use of their photos at any time. If we do not want us to take or publish photos of people, they can let us know before or during the event. We will then make sure that these people are not photographed or that we do not use these photos. If affected persons only discover after the event that we have published photos of them, they can contact us and ask us to delete the photos. We will then remove the photos from our website and social media as soon as possible. We draw attention to this right of objection at events by means of appropriate signs.

Legal basis for processing

Art. 6 para. 1 sentence 1 lit. f GDPR, as we have a legitimate interest in making our events public and improving our public relations work.

Art. 6 para. 1 sentence 1 lit. a GDPR if consent has been given to the photo/video/sound recordings.

Receiver

Recordings can be submitted to social media platforms.

Description of the processing

We are required to process data in different cases for the purpose of complying with different legal obligations. Relevant regulations in this area are the German Commercial Code and the German Fiscal Code with regard to the storage of (tax) relevant documents (§ 147 AO or § 257 HGB), money laundering provisions (§ 10 GwG), product-specific regulations such as the Hazardous Substances Ordinance and the examination against EU sanctions lists for the purpose of ensuring foreign trade compliance.

In the event of inquiries from the police, we may be obliged to provide information according to certain regulations (e.g. the Code of Criminal Procedure). We are also obliged to set up a complaint procedure in accordance with Section 8 of the Supply Chain Due Diligence Act.

Legal basis for data processing

The legal basis for the processing of personal data is Art. 6 (1) (c) GDPR in conjunction with the respective legal regulation.

Since we are legally obliged to process the data in accordance with the respective provision, you do not have the right to object.

Receiver

Recipients of the data must be competent authorities (e.g. tax offices), external auditors or auditors.

Description of the processing

Every time our website is accessed purely for informational purposes – without entering any data – our system automatically collects data and information from the computer system of the accessing computer.

Usage data (e.g. date and time of access, IP address) and metadata are collected.

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user. The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. For this purpose, the user’s IP address must be stored for the duration of the session.

The data is stored in log files to ensure the functionality of the website. In addition, the data is used for the technical optimization of the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this is possible. In this case, the IP addresses of the users are deleted or alienated so that it is no longer possible to assign the calling client.

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

Legal basis for processing

Art. 6 Abs. 1 lit. f DS-GVO

Our legitimate interest in processing data via our website is to ensure functionality, to optimise our website and thus to offer our customers the best possible services and to increase customer satisfaction.

Data recipients

We use hosting and maintenance service providers to provide the website.

Description of the processing

Our website uses cookies and similar technologies. Cookies are small text files that are copied from a web server to your device and are assigned to the browser you are using, so that certain information can flow to the place that sets the cookie. This cookie contains a characteristic string of characters that allows the browser to be uniquely identified when you return to the website Cookies cannot run programs or place viruses on your computer.

We set technically necessary cookies. These are used to store and transmit data such as language preferences, items in a shopping cart or log-in information. This serves the purpose of making our website functional and enabling users to use websites. Some elements of our website require that the accessing browser can be identified even after a page has changed.

We also use cookies on our website that enable an analysis of users’ surfing behaviour. In this way, data such as entered search terms, frequency of page views and the use of website functions can be transmitted. The analysis cookies are used for the purpose of improving the quality of our website and its content. The analysis cookies tell us how the website is used and can thus constantly optimise our offer.

When accessing our website, the user is informed about the use of cookies for analysis purposes and their consent to the processing of the personal data used in this context is obtained. In this context, reference is also made to this privacy policy.

By changing the settings in your internet browser, you can disable or limit the storage of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.

Legal basis for processing

The legal basis for the processing of personal data using technically necessary cookies within the meaning of Section 25 (2) TTDSG is Art. 6 (1) (f) GDPR.

Otherwise, the legal basis for the processing of personal data using technically necessary cookies is Art. 6 (1) (f) GDPR.

For cookies that are not absolutely necessary for the provision of online services, the legal basis can be found in Art. 6 (1) (a) GDPR.

We provide Borlabs Consent Management on our website  . This enables website users to find out about the cookies and tracking technologies offered and to consent to the use of individual cookies/tracking technologies in a personalised manner.

In addition to the  solutions listed in Usercentrics Consent Management, we or third parties can also integrate other technologies to make our offer attractive (e.g. videos in articles). The content may be embedded via so-called plugins, iframes or similar technical means. When executing the respective content, data, such as your IP address, may be transmitted to the respective service. For data protection reasons, however, the data is only transmitted when you use the respective service by actively clicking on it.

The following services are integrated into our websites:

Google Maps
When using Google Maps, Google (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) processes data about the use of the map functions (date and time of visit, location information, IP address, URL, usage data). However, the content of Google Maps is only loaded when the user actively uses the map service (consent pursuant to Art. 6 para. 1 lit. a GDPR). You can find more information about data processing by Google in the Google Privacy Notice (https://policies.google.com/privacy?hl=de). There you can also change your personal data protection settings in the Data Protection Center.

Google reCAPTCHA
On our pages we also use the reCAPTCHA function of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). This function is primarily used to distinguish whether an input is made by a natural person or is improperly made by machine and automated processing. We use the service on the basis of our legitimate interests in accordance with Art. 6 (1) (f) GDPR in the security and prevention of misuse of our offer. The service includes the sending of the IP address and, if applicable, other data required by Google for the reCAPTCHA service to Google and is carried out in accordance with Art. 6 (1) (f) GDPR on the basis of our legitimate interest in determining the individual will of actions on the Internet and avoiding abuse and spam. Further information on Google reCAPTCHA and Google’s privacy policy can be found at: https://www.google.com/intl/de/policies/privacy/.

Trusted Shops Trustbadge
The Trusted Shops Trustbadge widget is integrated into this website to display the Trusted Shops seal of approval and the reviews that may have been collected, as well as to offer Trusted Shops products to buyers after placing an order.
This serves to safeguard our legitimate interests, which outweigh those in the context of a balancing of interests, in optimal marketing by enabling secure purchasing in accordance with Art. 6 (1) sentence 1 (f) GDPR. The Trustbadge and the services advertised with it are an offer of Trusted Shops AG, Subbelrather Str. 15C, 50823 Cologne. The Trustbadge is provided as part of order processing by a CDN provider (Content Delivery Network). Trusted Shops AG also uses service providers from the USA. An adequate level of data protection is ensured.
When the Trustbadge is accessed, the web server automatically stores a so-called server log file, which also contains your IP address, date and time of access, the amount of data transferred and the requesting provider (access data) and documents the access. Individual credentials are stored in a security database for vulnerability analysis. The log files are automatically deleted no later than 90 days after creation.
Further personal data will be transmitted to Trusted Shops AG if you decide to use Trusted Shops products after completing an order or have already registered for their use. The contractual agreement between you and Trusted Shops applies. For this purpose, personal data is automatically collected from the order data. Whether you as a buyer are already registered for product use is automatically checked using a neutral parameter, the e-mail address hashed by a cryptological one-way function. The e-mail address is converted into this hash value, which cannot be deciphered by Trusted Shops, before transmission. After checking for a match, the parameter is automatically deleted.
This is necessary for the fulfilment of our and Trusted Shops’ overriding legitimate interests in the provision of buyer protection linked to the specific order and the transactional valuation services in accordance with Art. 6 (1) sentence 1 (f) GDPR. Further details, including on the objection, can be found in the Trusted Shops privacy policy linked in the Trustbadge.

Video portal Vimeo
Plugins of the video portal Vimeo of Vimeo.com Inc. (330 West 34th Street, 10th Floor New York, New York 10001, USA) are integrated into our websites. Through interactions with the Vimeo plugins (click the start button), information about your visit and your IP address is transmitted to a Vimeo server in the USA and stored there (consent according to Art. 6 para. 1 lit. a GDPR). If you have a Vimeo user account and do not want Vimeo to collect data about you through this website and link it to your member data stored with Vimeo, you must log out of Vimeo before using the Vimeo video.
The privacy policy for Vimeo with more information on the collection and use of your data by Vimeo can be found under https://vimeo.com/privacy.
In addition, Vimeo calls up the tracker Google Analytics via an iFrame in which the video is accessed. This is Vimeo’s own tracking, to which we have no access. You can prevent tracking by Google Analytics by using the opt-out tools that Google offers for some internet browsers. Users can also prevent the collection of data generated by Google Analytics and related to their use of the website (including their IP address) by Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout

YouTube videos
The operator of the plugins for embedded YouTube videos is Google LLC, D/B/A YouTube 901 Cherry Ave., San Bruno, CA 94066, USA. If you start a post with an embedded YouTube plugin, a connection to YouTube servers is established (consent in accordance with Art. 6 para. 1 lit. a GDPR). YouTube is told which pages you visit. If you are logged in to your YouTube account, YouTube can assign your surfing behavior to you personally. You can prevent this by logging out of your YouTube account beforehand.
If a YouTube video is actively started by the user, the provider uses cookies that collect information about user behavior.
If you have deactivated the storage of cookies for the Google Ad program, you will not have to expect any such cookies when watching YouTube videos. However, YouTube also stores non-personal usage information in other cookies. If you want to prevent this, you must block the storage of cookies in the browser.
Further information on data protection at “YouTube” can be found in the provider’s privacy policy at: https://www.google.de/intl/de/policies/privacy/

We may, if necessary, share your information with the following categories of recipients:

• external service providers such as logistics companies, security companies, event organisers, subcontractors, in particular IT service providers for hosting and maintenance purposes and the secure operation of our systems. Advertising and address publishers for promotions.
• Internal recipient categories: Customer service, Group shareholdings
• Authorities, credit institutions, lawyers, credit agencies

We store personal data until the purpose for which the processing is based has ceased to exist. The basic criteria according to which we delete personal data are set out below.

Data processing for the performance of a contract

In order to fulfill contractual obligations, collected data may be retained for as long as the contract is in force. In addition, depending on the nature and scope of the contract, we may store data for a further 6 or 10 years in order to comply with the statutory retention obligations and to clarify any inquiries or claims after the expiry of the contract.

In addition, there are contracts for the supply of products and services that require longer retention periods, see also “Use for the examination of claims” below.

Use to Verify Claims

Data that we determine will be necessary to investigate or defend against claims against us, or to bring criminal proceedings or make claims against data subjects, us or third parties may be retained by us for as long as appropriate proceedings could be initiated under national law.

Use for customer support and marketing purposes

We store data of interested parties, for example when requesting an offer without a contract being concluded, for 3 years. For customer service and marketing purposes, the collected data may be stored for 3 to 10 years after collection, unless data subjects request the deletion of this data and there are no contractual or statutory retention obligations that preclude this deletion request.

When shopping in the online shop, we can decide by using an automated process as part of the selection of the payment method / credit check whether the desired insecure payment method (instalment/invoice purchase) is granted. For example, if a credit agency transmits a negative credit report or calculates an insufficient score value as part of internal scoring, the desired payment method can be automatically rejected.

In this case, data subjects may assert against us the right to have us carry out a manual review of the automated decision. In addition, data subjects have the right to express their own point of view and the right to contest the decision.

Apart from that, we do not carry out any automated decision-making in the data processing described above.

In some cases, we process data automatically with the aim of evaluating certain personal aspects (profiling). In order to be able to make offers that could be of interest to data subjects, as well as to optimize our customer service, we classify our customers according to certain criteria, such as order history and sales, as part of relationship management.

This allows us to inform and advise customers about products in a targeted manner, which enables us to advertise in line with their needs, including tailored market and opinion research.

 This processing of customer interests constitutes profiling within the meaning of Art. 4 GDPR; automated decision-making does not take place.

Third countries are all countries outside the European Economic Area. The European Economic Area includes all countries of the European Union as well as the countries of the so-called European Free Trade Association (Norway, Iceland and Liechtenstein). The transfer to a third country is based on an adequacy decision of the European Commission. If there is no adequacy decision by the European Commission for the respective third country, the transfer to a third country takes place on the basis of suitable safeguards within the meaning of Art. 46 (2) GDPR, usually so-called standard data protection clauses of the European Union or intergovernmental data protection agreements. Copies of these guarantees can be obtained from us using the contact details of the Data Protection Officer set out above.

If personal data is processed, data subjects within the meaning of the GDPR have the following rights vis-à-vis the controller:

Right to information

Data subjects can request information about their personal data processed by us in accordance with Art. 15 GDPR. The request for information should specify concerns in order to make it easier for us to compile the necessary data. It should be noted that the right to information may be restricted under certain circumstances in accordance with the statutory provisions (in particular § 34 BDSG).

Right to rectification

If the information concerning them is not (or no longer) accurate, data subjects can request correction in accordance with Art. 16 GDPR. If personal data is incomplete, data subjects can request that it be completed.

Right to restriction of processing

Within the framework of the requirements of Art. 18 GDPR, data subjects have the right to demand a restriction of the processing of data concerning them.

Right to erasure

Data subjects can request the deletion of their personal data under the conditions of Art. 17 GDPR. The right to erasure depends, among other things, on whether the data in question is still required by us to fulfil our statutory tasks.

Right to information

If data subjects have asserted the right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obliged to notify all recipients to whom the personal data in question have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves disproportionate effort.

Data subjects have the right to be informed about these recipients vis-à-vis the controller.

Right to data portability

According to Art. 20 GDPR, data subjects have the right to have selected data stored by us transmitted to them in a common, machine-readable format, or to request that they be transmitted to another controller.

Right to object

According to Art. 21 GDPR, data subjects can object to the processing of their data at any time for reasons arising from their particular situation, provided that the data processing is based on your consent or on our legitimate interests or those of a third party. In this case, we will no longer process data. The latter does not apply if we can prove compelling legitimate grounds for the processing, the interests of the data subjects outweigh the interests or we need data to assert, exercise or defend legal claims.

Right to revoke the declaration of consent under data protection law

Data subjects have the right to revoke their declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent before the withdrawal.

Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their residence, place of work or place of the alleged infringement, if data subjects consider that the processing of personal data concerning them infringes the GDPR.

The supervisory authority to which the complaint was lodged informs the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.

If data subjects wish to assert any of the above-mentioned rights against us, it is best to contact info@diermeier-energie.de by e-mail. In case of doubt, we may request additional information to confirm your identity.