content, as well as online presence, such as our social media profile (hereinafter collectively referred to as “online offering”). We refer to the definitions presented in Article 4 of the General Data Protection Regulation (GDPR), when
referring to terms, i.e. “processing” or “controller”.
ENERGY GLOBE Foundation
4814 Neukirchen, Austria
link to imprint
Forms of the data processed
- Inventory data (e.g., personal data, name or address)
- Contact information (e.g., e-mail, phone numbers).
- Content data (e.g., text input, photos, videos).
- Usage data (e.g., websites visited, interest in content, access times).
- Meta / communication data (e.g., device information, IP addresses).
Categories of data subjects
Visitors and users of the online offering (hereinafter collectively referred to as „users”)
Purposes of processing
- Providing online offering, its features and content
- Answering contact requests and communication with users.
- Safety measures.
- Reach measurement / Marketing
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter ‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference
to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. The term is broad and includes virtually every handling of data.
“Pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information
is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
“Profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that
natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
“Controller’ refers to the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
“Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
In accordance with Art. 13 GDPR, we inform you about the legal basis of our data processing.
The following applies to users within the scope of the General Data Protection Regulation (DSGVO), i.e. the EU and the EEC, unless the legal basis in the data protection declaration is mentioned:
The legal basis for obtaining consent is GDPR Article 6 (1) (a) and Article 7;
The legal basis for the processing for the performance of our services and the execution of contractual measures as well as the answer to inquiries is GDPR Article 6 (1) (b);
The legal basis for processing to compliance with our legal obligations is GDPR Article 6 (1) (c);
In the event that vital interests of the data subject or another natural person require the processing of personal data, the legal basis is GDPR Article 6 (1) (d).
The legal basis for the processing for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller is GDPR Article 6 (1) (e).
The legal basis necessary for the purposes of our legitimate interests is GDPR Article 6 (1) (f).
The processing of data for purposes other than those to which they have been granted is governed by the provisions of GDPR Article 6 (4).
We take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk, in accordance with legal requirements within the legal limits considering the state of the art, implementation costs and
nature, scope, circumstances and purposes of the processing, and different likelihood and seriousness of risk for the rights and freedoms of individuals.
Measures include ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as their access, input, disclosure, availability and separation. Furthermore, we have set up procedures
that ensure awareness of rights of the data subject, data deletion and danger to the data. We also consider the protection of personal data already in the development, or selection of hardware and software, as well as procedures, in
compliance with the principle of data protection through technology design and privacy-friendly default settings.
Collaboration with contract processors, joint controllers and others
If during processing we disclose data to other persons and companies (contract processors, joint controllers, jurors or third parties), transmit data to them or grant them access to the data, this is only done based on a legal basis (i.e.
if a transmission of data to the third party, i.e. jurors for the evaluation, for the fulfillment of a contract is required), users have consented to it, a legal obligation allows for it or based on our legitimate interests (i.e.
appointment of agents, web hosts etc.).
If we disclose data to other companies or partners or transmit data to them, it is always just the absolutely necessary data. In particular this is done for administrative purposes as legitimate interest and based on legal specifications.
Transfers to third countries
If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA) or the Swiss Confederation) or it happens during the use of third party services or disclosure, or transfer of data to other
persons or companies, this only happens if our (pre)contractual obligations, based on you consent, based on a legal obligation or based on our legal requirements. Subject to legal or contractual permissions, we process or leave data in a
third country only in the presence of legal requirements. That means that the processing happens, i.e. based on special guarantees, such as the officially recognized level of data protection (i.e. for the US through “Privacy shield”) or
in compliance with officially recognized special contractual obligations.
Rights of a data subject
You have the right to ask for confirmation as to whether the data in question is being processed and for information about this data as well as for further information and a copy of the data in accordance with legal standards.
According to legal standards you have the right to demand the integration of the personal data or the correction of the incorrect personal data.
In accordance with the statutory regulations, you have the right to demand the relevant data to be deleted immediately or demand a restriction of the processing in compliance with statutory regulations.
You have the right to request that the personal data that you have provided to us in compliance with legal standards and data transmission to other controllers.
You also have a right, in accordance with the legal requirements, to submit a complaint to the competent supervisory authority.
Submitters explicitly agrees to the publication of pictures and descriptive information. Submitters assure that this does not violate any rights of third parties, particularly copyrights. Submitters agree that photos / videos produced
during the events of Energy Globe Foundation showing their persons partially or as a whole, can be used unrestricted and for an unlimited period.
Right of revocation
You have the right to withdraw granted consent with effect for the future.
Right to object
You have the right to object the future processing of personal data in compliance with legal requirements at any time. The objection may in particular be made against processing for direct marketing purposes.
Cookies and right to object by direct marketing
"Cookies" are small amount of data that are stored on users' computers. Different information can be stored within the cookies. A cookie is primarily used to store the information about a user (or the device on which the cookie is stored)
during or after his/her visit of an online offering.
Temporary cookies, or "session cookies" or "transient cookies", are cookies that are deleted after a user leaves an online service and closes his browser. Such cookie can store e.g. the content of a shopping cart in an online shop or a
The term "permanent" or "persistent" refers to cookies that remain stored even after the browser has been closed. This allows, e.g. to save the login status when users visit the site after several days. Such a cookie can also store
interests of users, which are used reach measurement or marketing purposes.
A "third-party cookie" refers to cookies that are offered by providers other than the controller that manages the online offering (otherwise, cookies of the controller are referred to as "first-party cookies").
If users do not want cookies stored on their computer, they will be asked to disable the option in the system settings of their browsers. Saved cookies can be deleted in the system settings of the browser. The exclusion of cookies can
lead to a limited functionality of this online offering.
http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by switching them off in the settings of the browser. Please note that not all features of this online offering may be used.
Deleting of data
The data processed by us will be deleted or restricted in accordance with legal requirements. The data stored by us are deleted as soon as they are no longer required for their purpose and the deletion does not conflict with any statutory
Data processing is restricted, unless the data are not deleted because they are required for other and lawful purposes. This means that data are blocked and not processed for other purposes. This applies, e.g. for data that must be kept
for commercial or tax reasons.
cooperation (e.g. consent) or other individual notification.
Provision of our statutory and business services
We process the data of our members, supporters, prospects, customers or other persons according to GDPR Article 6 (1) (b), if we offer them contractual services or in the context of an existing business relationship, e.g. with members, or
we ourselves are recipients of services and benefits. Otherwise, we process the data of data subjects according to GDPR Article 6 (1) (f) based on our legitimate interests, e.g. when it comes to administrative tasks or public relations.
The data processed, the nature, scope and purpose and necessity of their processing are determined by the underlying contractual relationship. This includes in principle inventory and master data of the persons (e. g., name, address,
etc.), as well as the contact data (e.g., e-mail address, phone number, etc.), the contract data (e.g., services used, communicated contents and information, names of contact persons).
We delete data that are no longer required for our statutory and business purposes. This is determined according to the respective tasks and contractual relationships. In the case of processing for business, we retain the data for as long
as they may be relevant to the transaction, or any warranty or liability obligations. The necessity of keeping the data is checked every three years; otherwise the statutory storage obligations apply.
When receiving a contact request (e.g., through the contact form, e-mail, phone or via social media), for processing a contact request the information of the user will be processed according to GDPR Article 6 (1) (b) (in the context of
contractual / pre-contractual relationships), Article 6 (1) (f) (other requests). The user information can be stored in a customer relationship management system (“CRM” system) or a similar request organization tool.
This site uses SSL encryption for security reasons and to protect the transmission of sensitive content, such as the requests you send to us as the site operator. You can recognize an encrypted connection by changing the address line of
the browser from "http: //" to "https: //" and the lock symbol in your browser line. If SSL encryption is enabled, the data you submit to us can not be read by third parties.
With the following information we inform you about the contents of our newsletter as well as the registration, sending and statistical evaluation procedures as well as your right of objection. By subscribing to our newsletter, you agree
to its reception and the described procedures.
Content of the newsletter: We send newsletters, e-mails and other electronic notifications with advertising information (hereinafter "newsletter") only with the consent of the recipient or a legal permission. If by subscription to a
newsletter, its contents are concretely described, they are authoritative for the consent of the users.
Double opt-in and logging: Registration for our newsletter is done in a so-called double-opt-in procedure. This means that after the registration you receive an e-mail asking you to confirm your registration. This confirmation is
necessary so that nobody can register with a third-party e-mail address. The registration for the newsletter will be logged in order to be able to demonstrate the registration process according to the legal requirements. This includes the
storage of the login and the confirmation time, as well as the IP address. Likewise, changes to your data stored with the email marketing service provider will be logged.
Credentials: It is sufficient to provide your e-mail address to subscribe for the newsletter. Optionally, for personal address in the newsletter, we ask you to provide your name.
The sending of the newsletter and the associated performance measurement are based on a consent of the recipients according to GDPR Article 6 (1) (a), Article 7 in conjunction with Telecommunications Act § 107 (2), or in case the consent
is not required, GDPR Article 6 (1) (f), in conjunction with Telecommunications Act § 107 (2), (3).
The logging of the registration process is based on our legitimate interests according to GDPR Article 6 (1) (f). Our interest lies in the use of a user-friendly and secure newsletter system, which serves both our business interests and
the expectations of the users and allows us to demonstrate consent.
Termination / Revocation: You may terminate the reception of our newsletter at any time, i.e. revoke your consent. A link to cancellation of the newsletter can be found at the end of each newsletter.
To demonstrate formerly given consent, we may save the submitted email addresses for up to three years based on our legitimate interests. The processing of this data is limited to the purpose of a possible defense against claims. An
individual request for cancellation is possible at any time, provided that at the same time the former existence of a consent is confirmed.
Hosting and sending e-mail dispatch
The hosting services we use for the purposes of providing this online offering provide following services: infrastructure and platform services, computing capacity, storage and database services, e-mailing, security and technical
In doing so, we, or our hosting provider, process inventory data, contact data, content data, usage data, meta and communication data of customers, prospects and visitors of this online offering based on our legitimate interests for an
efficient and secure provision of this online offering according to GDPR Article 6 (1) (f) in conjunction with GDPR Article 28 (conclusion of contract processing contract).
Collection of access data and log files
Based on our legitimate interests according to GDPR Article 6 (1) (f), we, or our hosting provider collect data about each access to the server, on which the service is located (so-called server log files). The access data includes name
of the retrieved web page, file, date and time of retrieval, amount of data transferred, message about successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and
the requesting provider.
For security purposes (i.e. solving abuse or fraudulent activities), log file information is stored for 7 days and then deleted. Data whose further retention is required for evidential purposes shall be exempted from the deletion until
final clarification of the incident.
We use Google Analytics, a web analytics services provided by Google LLC ("Google"), based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering within the meaning of GDPR
Google is certified under the Privacy Shield Agreement and therefore offers a guarantee to comply with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
On our behalf Google will use this information to evaluate the use of our online offering by users, to compile reports on the activities within this online offering and to provide us with further services related to the use of this online
offering and the internet usage. In this case, pseudonymous usage profiles of the users can be created from the processed data.We only use Google Analytics with activated IP anonymization. This means that the IP address of the users will
be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases the full IP address will be sent to a Google server in the US and
The IP address submitted by the user's browser will not be merged with other data provided by Google. Users can prevent the storage of cookies by changing the settings of their browser software accordingly. Users may also prevent that
Google collects the data generated by the cookie and related to their use of the online offering by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
The personal data of users will be deleted or anonymized after 14 months.
Online presence in social media
We maintain online presence within social networks and platforms in order to communicate with customers, prospects and users active there and to inform them about our services.
In doing so we point out that the data of the users can be processed outside the area of the European Union. This may result in risks for the users because e.g. enforcement of user rights could be made more difficult. With respect to US
providers certified under the Privacy Shield, we point out that they are committed to respecting EU privacy standards.
Furthermore, the data of the users are usually processed for market research and advertising purposes. Thus, e.g. user profiles can be created from the user behavior and the resulting interests of the users. The usage profiles can in turn
be used to e.g. place advertisements inside and outside the platforms that are allegedly in line with users' interests. For these purposes, cookies are usually stored on the computers of the users, in which the user behavior and the
interests of the users are stored. Furthermore, data independent of the device used by the users can be saved in the usage profiles (especially if the users are members of the respective platforms and are logged into them).
The processing of the personal data of users is based on our legitimate interests of users’ effective information and communication with users according to GDPR Article 6 (1) (f). If the users are asked for a consent to the data
processing by the respective providers (that is, they declare their agreement, for example, by ticking a check box or confirming a button), the legal basis of the processing is GDPr Article 6 (1) (a), Article 7.
For a detailed description of the respective processing and the possibilities of objection (opt-out), we refer to the following linked information of the provider.
In the case of requests for information and the assertion of user rights, we also point out that these can be claimed most effectively from the providers. Only the providers have access to the data of the users and can directly take
appropriate measures and provide information. If you still need help, then you can contact us.
http://www.youronlinechoices.com, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
Integration of services and contents of third parties
Based on our legitimate interests (i.e. interest of the analysis, optimization and economic operation of our online offering within the meaning of GDPR Article (1) (f), we use of content or services offered by third-party providers in
order to provide their content and services, i.e. videos or fonts (collectively referred to as "content").This always presupposes that the third-party providers of this content use the IP address of the users, since they could not send
the content to their browser without the IP address. The IP address is therefore required for the presentation of this content. We attempt to only use content whose respective providers use the IP address solely for the delivery of the
content. Third parties may also use so-called pixel tags (invisible graphics, also referred to as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the
pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may include, but is not limited to, technical information about the browser and operating system, referring web pages, visit time,
and other information regarding the use of our online offer.
We embed the country maps of the service „Google Maps” provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The processed data may include users’ IP addresses and location data, which are collected with their
Features and content of the Twitter service offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, may be incorporated in our online offering. Content i.e. images, videos, or text and buttons that allow
users to share content from this online offering within Twitter belong to such cases.
If the users are members of the platform Twitter, Twitter can assign contents and functions of the profiles. Twitter is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation
Features and content of the Instagram service offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA, may be incorporated in our online offering. Content i.e. images, videos, or text and buttons that allow users to share
content from this online offering within Twitter belong to such cases.
Sharing features of AddThis
Within the scope of our online offering we use the service “AddThis” " (1595 Spring Hill Rd Suite 300 Vienna, VA 22182, USA) for sharing contents of the online offering within the social network.
The use happens on the basis of our legitimate interests, which means of our interest in spreading our online offering according GDPR Article 6 (1) (f).
AddThis uses the personal information of the users for the provision and the execution of the sharing functions. In addition, AddThis may use pseudonymous information of users for marketing purposes. These data are stored on users'