Data Protection Declaration of SEFE Securing Energy for Europe GmbH, Austrian branch, according to Art. 13, 14 and 21 GDPR
Status: July 2022
This Data Protection Declaration applies to the collection, processing and use of your personal data when using our website www.haidach.sefe-group.at.
1. Responsibility for data processing and contact details
Responsible for the processing of your personal data is:
SEFE Securing Energy for Europe GmbH
You can contact our Data Protection Officer (DPO) at the above address, in the name of the DPO, or at firstname.lastname@example.org.
2. The nature of the processing of personal data and the purposes for which it is carried out
You can access our website without having to disclose any information about your identity. The browser used on your end device only automatically sends information to our web server (e.g. browser type and version, date and time of access) to enable the website to establish a connection. This also includes the IP address of your requesting end device. This is temporarily stored in a so-called log file, anonymised after 24 hours (by changing the last digit before the storage process to "0") and automatically deleted after 28 days at the latest:
The IP address is processed for technical and administrative purposes of connection establishment and stability, in order to ensure the security and functionality of our website and to be able to pursue any illegal attacks on it if necessary.
The legal basis for the processing of the IP address is Art. 6 (1) (f) GDPR. Our legitimate interest follows from the aforementioned security interest and the necessity of a trouble-free provision of our website.
We cannot draw any direct conclusions about your identity from the processing of the IP address and other information in the log file.
Only authorised agency personnel involved in server maintenance are authorised to access the data. Since there is no personal allocation, the data records are only kept in anonymous form for statistical evaluation by deleting the last character block of the IP address.
3. Recipients or categories of recipients
Your personal data may be disclosed to the following recipients or categories of recipients:
We use service providers who process personal data on our behalf (so-called processors, cf. Art. 4 No. 8 and 28 GDPR). These include service providers in the areas of IT, telecommunications and business services.
The web host of this website is Online Now! GmbH, Reichsstraße 100, 14052 Berlin, www.online-now.de (hereinafter "Online Now!"). The use of the service by Online Now! as a processor is carried out in accordance with Art. 6 (1) (f) GDPR due to our legitimate economic interest in providing our offer on this website.
3.2 Disclosure to third parties
Except in the aforementioned cases of commissioned processing, we disclose your personal data to third parties if:
- you have given your express consent to this pursuant to Art. 6 (1) (a) GDPR;
- this is necessary for the fulfilment of a contract with you pursuant to Art. 6 (1) (b) GDPR,
- there is a legal obligation for the disclosure pursuant to Art. 6 (1) (c) GDPR.
The data disclosed may be used by the third party exclusively for the purposes stated.
4. Transfer of data to a third country or to an international organisation
- A transfer of your personal data to a third country or an international organisation will only take place if this is necessary within the framework of commissioned processing and the conditions according to Art. 44 et seq. GDPR are given.
We only transmit your personal data when
- sufficient guarantees are provided by the recipient in accordance with Article 46(1) of the GDPR for the protection of the personal data,
- you have expressly consented to the transfer, after which we have informed you of the risks, in accordance with Art. 49 (1) (a) GDPR,
- the transfer is necessary for the performance of contractual obligations between you and us (Art. 49 (1) (b) GDPR) or
- another exception from Art. 49 GDPR applies.
Guarantees according to Art. 46 GDPR can be so-called standard contractual clauses. In these standard contractual clauses, the recipient assures to sufficiently protect the data and thus to guarantee a level of protection comparable to the GDPR.
A "third country" is a country outside the European Economic Area (EEA) in which the GDPR is not directly applicable. A third country is considered "insecure" if the EU Commission has not issued an adequacy decision for that country pursuant to Art. 45 (1) GDPR confirming that adequate protection for personal data exists in the country.
5. Data security
We use technical and organisational security measures to protect your personal data from accidental or intentional manipulation, loss, destruction or access by unauthorised persons. In the case of collection and processing of personal data, the information is transmitted in encrypted form to prevent misuse of the data by third parties. Our security measures are continuously revised in line with technological developments.
All data transmitted by you is encrypted using the generally accepted and secure standard TLS (Transport Layer Security). TLS is a tried and tested standard that is also used, for example, for online banking. You can recognise a secure TLS connection, among other things, by the appended s at the http (i.e. ...) in the address bar of your browser or by the lock symbol in the lower area of your browser.
No cookies are used.
6. Your rights
You have the right:
- to withdraw your consent at any time in accordance with Art. 7 (3) GDPR. This has the consequence that we may no longer continue the data processing based on this consent for the future;
- to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
- to demand the correction of incorrect or incomplete personal data stored by us without delay in accordance with Art. 16 GDPR;
- to request the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
- to request the restriction of the processing of your personal data in accordance with Art. 18 GDPR, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims or you have objected to the processing in accordance with Art. 21 GDPR;
- in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller; and
- to complain to a supervisory authority in accordance with Art. 77 GDPR, as a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.
Please address the withdrawal of consent to the addresses mentioned in point 1 above (Responsibility for data processing and contact details).
In addition, you have a right of objection:
Information about your right to object according to Art. 21 GDPR
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(f) GDPR (data processing on the basis of a balance of interests); this also applies to any profiling based on this provision within the meaning of Article 4(4) GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
The objection can be made without any formalities and should, if possible, be directed to the addresses mentioned in point 1 above (Responsibility for data processing and contact details).
7. Up-to-dateness and amendment of this Data Protection Declaration
This data protection notice is currently valid and has the status July 2022.
Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this Data Protection Declaration.