ControllerENERGY GLOBE Foundation
4814 Neukirchen, Austria
Link zum Impressum
Forms of the data processed
- Inventory data (e.g., personal data, name or address)
- Contact information (e.g., e-mail, phone numbers).
- Content data (e.g., text input, photos, videos).
- Usage data (e.g., websites visited, interest in content, access times).
- Meta / communication data (e.g., device information, IP addresses).
Categories of data subjectsVisitors and users of the online offering (hereinafter collectively referred to as „users”)
Purposes of processing
- Providing online offering, its features and content
- Answering contact requests and communication with users.
- Safety measures.
- Reach measurement / Marketing
Terms used“Personal data” means any information relating to an identified or identifiable natural person (hereinafter ‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. The term is broad and includes virtually every handling of data. “Pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person. “Profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements. “Controller’ refers to the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. “Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Legal basesIn accordance with Art. 13 GDPR, we inform you about the legal basis of our data processing. The following applies to users within the scope of the General Data Protection Regulation (DSGVO), i.e. the EU and the EEC, unless the legal basis in the data protection declaration is mentioned: The legal basis for obtaining consent is GDPR Article 6 (1) (a) and Article 7; The legal basis for the processing for the performance of our services and the execution of contractual measures as well as the answer to inquiries is GDPR Article 6 (1) (b); The legal basis for processing to compliance with our legal obligations is GDPR Article 6 (1) (c); In the event that vital interests of the data subject or another natural person require the processing of personal data, the legal basis is GDPR Article 6 (1) (d). The legal basis for the processing for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller is GDPR Article 6 (1) (e). The legal basis necessary for the purposes of our legitimate interests is GDPR Article 6 (1) (f). The processing of data for purposes other than those to which they have been granted is governed by the provisions of GDPR Article 6 (4).
Security measuresWe take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk, in accordance with legal requirements within the legal limits considering the state of the art, implementation costs and nature, scope, circumstances and purposes of the processing, and different likelihood and seriousness of risk for the rights and freedoms of individuals. Measures include ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as their access, input, disclosure, availability and separation. Furthermore, we have set up procedures that ensure awareness of rights of the data subject, data deletion and danger to the data. We also consider the protection of personal data already in the development, or selection of hardware and software, as well as procedures, in compliance with the principle of data protection through technology design and privacy-friendly default settings.
Collaboration with contract processors, joint controllers and othersIf during processing we disclose data to other persons and companies (contract processors, joint controllers, jurors or third parties), transmit data to them or grant them access to the data, this is only done based on a legal basis (i.e. if a transmission of data to the third party, i.e. jurors for the evaluation, for the fulfillment of a contract is required), users have consented to it, a legal obligation allows for it or based on our legitimate interests (i.e. appointment of agents, web hosts etc.). If we disclose data to other companies or partners or transmit data to them, it is always just the absolutely necessary data. In particular this is done for administrative purposes as legitimate interest and based on legal specifications.
Transfers to third countriesIf we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA) or the Swiss Confederation) or it happens during the use of third party services or disclosure, or transfer of data to other persons or companies, this only happens if our (pre)contractual obligations, based on you consent, based on a legal obligation or based on our legal requirements. Subject to legal or contractual permissions, we process or leave data in a third country only in the presence of legal requirements. That means that the processing happens, i.e. based on special guarantees, such as the officially recognized level of data protection (i.e. for the US through “Privacy shield”) or in compliance with officially recognized special contractual obligations. Rights of a data subject You have the right to ask for confirmation as to whether the data in question is being processed and for information about this data as well as for further information and a copy of the data in accordance with legal standards. According to legal standards you have the right to demand the integration of the personal data or the correction of the incorrect personal data. In accordance with the statutory regulations, you have the right to demand the relevant data to be deleted immediately or demand a restriction of the processing in compliance with statutory regulations. You have the right to request that the personal data that you have provided to us in compliance with legal standards and data transmission to other controllers. You also have a right, in accordance with the legal requirements, to submit a complaint to the competent supervisory authority.
To submittersSubmitters explicitly agrees to the publication of pictures and descriptive information. Submitters assure that this does not violate any rights of third parties, particularly copyrights. Submitters agree that photos / videos produced during the events of Energy Globe Foundation showing their persons partially or as a whole, can be used unrestricted and for an unlimited period.
Right of revocationYou have the right to withdraw granted consent with effect for the future.
Right to objectYou have the right to object the future processing of personal data in compliance with legal requirements at any time. The objection may in particular be made against processing for direct marketing purposes.
Provision of our statutory and business servicesWe process the data of our members, supporters, prospects, customers or other persons according to GDPR Article 6 (1) (b), if we offer them contractual services or in the context of an existing business relationship, e.g. with members, or we ourselves are recipients of services and benefits. Otherwise, we process the data of data subjects according to GDPR Article 6 (1) (f) based on our legitimate interests, e.g. when it comes to administrative tasks or public relations. The data processed, the nature, scope and purpose and necessity of their processing are determined by the underlying contractual relationship. This includes in principle inventory and master data of the persons (e. g., name, address, etc.), as well as the contact data (e.g., e-mail address, phone number, etc.), the contract data (e.g., services used, communicated contents and information, names of contact persons). We delete data that are no longer required for our statutory and business purposes. This is determined according to the respective tasks and contractual relationships. In the case of processing for business, we retain the data for as long as they may be relevant to the transaction, or any warranty or liability obligations. The necessity of keeping the data is checked every three years; otherwise the statutory storage obligations apply.
Establishing contactWhen receiving a contact request (e.g., through the contact form, e-mail, phone or via social media), for processing a contact request the information of the user will be processed according to GDPR Article 6 (1) (b) (in the context of contractual / pre-contractual relationships), Article 6 (1) (f) (other requests). The user information can be stored in a customer relationship management system (“CRM” system) or a similar request organization tool.
SSL encryptionThis site uses SSL encryption for security reasons and to protect the transmission of sensitive content, such as the requests you send to us as the site operator. You can recognize an encrypted connection by changing the address line of the browser from "http: //" to "https: //" and the lock symbol in your browser line. If SSL encryption is enabled, the data you submit to us can not be read by third parties.
NewsletterWith the following information we inform you about the contents of our newsletter as well as the registration, sending and statistical evaluation procedures as well as your right of objection. By subscribing to our newsletter, you agree to its reception and the described procedures. Content of the newsletter: We send newsletters, e-mails and other electronic notifications with advertising information (hereinafter "newsletter") only with the consent of the recipient or a legal permission. If by subscription to a newsletter, its contents are concretely described, they are authoritative for the consent of the users. Double opt-in and logging: Registration for our newsletter is done in a so-called double-opt-in procedure. This means that after the registration you receive an e-mail asking you to confirm your registration. This confirmation is necessary so that nobody can register with a third-party e-mail address. The registration for the newsletter will be logged in order to be able to demonstrate the registration process according to the legal requirements. This includes the storage of the login and the confirmation time, as well as the IP address. Likewise, changes to your data stored with the email marketing service provider will be logged. Credentials: It is sufficient to provide your e-mail address to subscribe for the newsletter. Optionally, for personal address in the newsletter, we ask you to provide your name. The sending of the newsletter and the associated performance measurement are based on a consent of the recipients according to GDPR Article 6 (1) (a), Article 7 in conjunction with Telecommunications Act § 107 (2), or in case the consent is not required, GDPR Article 6 (1) (f), in conjunction with Telecommunications Act § 107 (2), (3). The logging of the registration process is based on our legitimate interests according to GDPR Article 6 (1) (f). Our interest lies in the use of a user-friendly and secure newsletter system, which serves both our business interests and the expectations of the users and allows us to demonstrate consent. Termination / Revocation: You may terminate the reception of our newsletter at any time, i.e. revoke your consent. A link to cancellation of the newsletter can be found at the end of each newsletter. To demonstrate formerly given consent, we may save the submitted email addresses for up to three years based on our legitimate interests. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for cancellation is possible at any time, provided that at the same time the former existence of a consent is confirmed.
Hosting and sending e-mail dispatchThe hosting services we use for the purposes of providing this online offering provide following services: infrastructure and platform services, computing capacity, storage and database services, e-mailing, security and technical maintenance services. In doing so, we, or our hosting provider, process inventory data, contact data, content data, usage data, meta and communication data of customers, prospects and visitors of this online offering based on our legitimate interests for an efficient and secure provision of this online offering according to GDPR Article 6 (1) (f) in conjunction with GDPR Article 28 (conclusion of contract processing contract).
Collection of access data and log filesBased on our legitimate interests according to GDPR Article 6 (1) (f), we, or our hosting provider collect data about each access to the server, on which the service is located (so-called server log files). The access data includes name of the retrieved web page, file, date and time of retrieval, amount of data transferred, message about successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider. For security purposes (i.e. solving abuse or fraudulent activities), log file information is stored for 7 days and then deleted. Data whose further retention is required for evidential purposes shall be exempted from the deletion until final clarification of the incident.
Online presence in social mediaWe maintain online presence within social networks and platforms in order to communicate with customers, prospects and users active there and to inform them about our services. In doing so we point out that the data of the users can be processed outside the area of the European Union. This may result in risks for the users because e.g. enforcement of user rights could be made more difficult. With respect to US providers certified under the Privacy Shield, we point out that they are committed to respecting EU privacy standards. Furthermore, the data of the users are usually processed for market research and advertising purposes. Thus, e.g. user profiles can be created from the user behavior and the resulting interests of the users. The usage profiles can in turn be used to e.g. place advertisements inside and outside the platforms that are allegedly in line with users' interests. For these purposes, cookies are usually stored on the computers of the users, in which the user behavior and the interests of the users are stored. Furthermore, data independent of the device used by the users can be saved in the usage profiles (especially if the users are members of the respective platforms and are logged into them). The processing of the personal data of users is based on our legitimate interests of users’ effective information and communication with users according to GDPR Article 6 (1) (f). If the users are asked for a consent to the data processing by the respective providers (that is, they declare their agreement, for example, by ticking a check box or confirming a button), the legal basis of the processing is GDPr Article 6 (1) (a), Article 7. For a detailed description of the respective processing and the possibilities of objection (opt-out), we refer to the following linked information of the provider. In the case of requests for information and the assertion of user rights, we also point out that these can be claimed most effectively from the providers. Only the providers have access to the data of the users and can directly take appropriate measures and provide information. If you still need help, then you can contact us.