Data protection declaration

General

This data protection declaration informs you as a visitor or user of our online offer about how we process your personal data when you use our digital offers via PC, smartphones, tablets and other internet-enabled mobile devices.

The declaration gives you an overview of how we guarantee data protection, what kind of data is collected and processed for what purpose and on what legal basis. Your personal data will be processed in accordance with the provisions of the EU General Data Protection Regulation (hereinafter: “DSGVO”), national data protection laws and other data protection regulations.

Our digital offers may contain links to other websites or other online presences of third party service providers to which this data protection declaration does not apply.

1. Responsible authority

Responsible according to Art. 4 para. 7 DSGVO are we, the
ATHION GmbH
Im Klapperhof 33
D-50670 Cologne
E-Mail: datenschutz@athion.de (see also our imprint).

You can reach our data protection officer at the above address with the addition “To the data protection officer” or at the e-mail address datenschutz@athion.de. When using this e-mail address, your mail’s content may be noted by parties other than our data protection officer. If you would like to exchange confidential information, please contact us at datenschutz@athion.de with the request to switch to confidential communication. Our data protection officer will then contact you.

2. Definitions

The data protection declaration is based on the terms used in the DSGVO. In order to improve the readability and comprehensibility of the data protection declaration, the terms used are briefly explained in advance:

  • Personal data are all information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”). A natural person is identifiable if he can be identified in particular by assignment to an identification such as a name, an identification number, to location data, to an online identification or to one or more special characteristics which are an expression of his identity.
  • Processing of personal data means any operation carried out with or without the aid of automated procedures or any such series of operations as the gathering, collection, organisation, sorting, storage, adaptation or alteration, reading, retrieval, use, disclosure by transmission, dissemination or any other form of provision, reconciliation or linking, restriction, erasure or destruction of data.
  • The person responsible is the natural or legal person, authority, institution or other body which alone or together with others decides on the purposes and means of processing personal data.
  • Consent of the data subject is any voluntary declaration of intent in the specific case, in an informed and unequivocal manner, in the form of a declaration or other clear affirmative act, with which the data subject indicates his or her consent to the processing of personal data concerning him or her.
3. Processing of data

In accordance with Art. 13 DSGVO, we are obliged to inform you which legal basis allows us to process your data. If the legal basis is not explicitly stated in the data protection declaration, the following must be observed:

  • If we obtain your consent, Art. 6 para. 1 lit. a and Art. 7 DSGVO is the legal basis for this.
  • Insofar as we process data in order to be able to provide services in the future, to carry out contractual measures or to answer your enquiries, Art. 6 para. 1 lit. b DSGVO is the legal basis.
  • If processing is necessary in order to fulfil our legal obligations, this shall be in accordance with Art. 6 para. 1 lit. c DSGVO.
  • If we protect our legitimate interests with the processing, this happens in accordance with Art. 6 Para. 1 lit. f DSGVO.
  • In the event that vital interests make processing necessary, Art. 6 para. 1 lit. d DSGVO serves as the legal basis.
3.1 General information on the collection of personal data

Only the data that we receive from you when you visit our website or as a user of our portals and the services we offer are processed. Below you will find all information regarding the type, scope and purpose of the collection, the duration of storage and the legal basis for processing your personal data.

3.2 Collection of data when visiting the websites

When you visit the websites for which we are responsible, the following information is transmitted through the respective Internet browser and automatically stored in log files:

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • The amount of data transferred in each case
  • Website from which the request comes
  • Browser
  • Operating system and its interface, resolution
  • Language and version of the browser software.

We cannot assign this data to individual persons. The IP addresses of the users are deleted or made anonymous after the end of use. This data is not merged with other data sources. The log files are statistically evaluated anonymously in order to improve the use and stability of our or the respective website. The legal basis for processing for this purpose is Art. 6 para. 1 sentence 1 lit. f DSGVO, whereby our legitimate interest arises from the aforementioned purpose. The data will be deleted automatically after 3 months. It is not passed on to third parties. Only by order of competent state authorities can we be obliged in individual cases to surrender personal data if this is necessary for danger prevention, criminal prosecution or for other legally regulated reasons.

3.3 Data processing for the provision of contractual and pre-contractual services

We process your data in order to implement a contractual relationship with you and to fulfil our services and to be able to submit suitable contractual offers to you. The data is collected in particular when contracts are concluded for our energy-related products and services.

For all forms, you are only obliged to provide the personal data that is absolutely necessary to process the contractual relationships or to request information from us. We have marked this information with an asterisk. You decide on a voluntary basis whether you want to provide us with further information that we may use to improve our products.

Processing is carried out on the basis of Art. 6 para. 1 sentence 1 lit. b DSGVO.

3.4 Data processing in our exchange and customer portals

Our portals enable you to view, manage and change your contractual data password-protected. To use our portals, you must log in using your user ID and password. The registration data sent to you is valid for 48 hours. If your confirmation is not received within 48 hours, your registration will be automatically deleted from our database.

If you use our portal, we store your data necessary for contract fulfilment, including information on the method of payment, until you finally delete your access. Furthermore, we store the voluntary data provided by you for the duration of your use of the portal, unless you delete it beforehand. You can manage and change all information in the protected customer area. The legal basis is Art. 6 para. 1 sentence 1 lit. b DSGVO.

In order to prevent unauthorized access to your personal data, especially financial data, the connection is secured using TLS 1.2 encryption.

3.5 Data processing for communication (e.g. contact form)

When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, your name, your telephone number and, if applicable, your energy-related data) will be stored by us in order to answer your questions. At least a valid e-mail address is required in order to be able to answer your inquiry. Further information can be provided voluntarily. The legal basis for processing for this purpose is Art. 6 para. 1 sentence 1 lit. b DSGVO and your consent to the processing of your personal data for this purpose given by sending the contact form. The data will be deleted by us immediately if the storage is no longer necessary for answering the inquiry and there are no legal storage obligations to the contrary.

3.6 Data processing for advertising purposes

We use your postal and e-mail address for direct advertising regarding our products and the products of our group and parent companies. Group companies and parent companies are involved:

  • Viessmann Werke GmbH & Co. KG
  • Viessmann Germany GmbH
  • Viessmann PV + E-Systeme GmbH
  • VC/O GmbH
  • Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
  • Digital Energy Solutions GmbH & Co. KG

In this way, we would like to provide you with product recommendations from our portfolio and that of our group and parent companies, which might be of interest to you on the basis of your last purchases from us. The legal basis for such processing is Art. 6 para. 1 lit. f DSGVO.

If you do not wish to receive a product recommendation or any advertising from us and our group and parent companies, you can object to this at any time. It is sufficient to send a short message (e-mail or letter) to the responsible body named under item 1.

In addition, we use your data for advertising purposes for our products and products of our cooperation partners only if you have given your consent. When we obtain your consent, we will then inform you which data we use for advertising purposes and which of our cooperation partners may use this data for advertising purposes.

The legal basis for processing is Art. 6 para. 1 lit. a) DSGVO. You can revoke your consent at any time. The legality of the data processing already carried out remains unaffected by the revocation.

3.7 Market research and opinion polling

We and our group and parent companies also use your postal and e-mail addresses for market and opinion research. This is done to improve the business relationship with you and to improve our service and product portfolio so that they are even more in line with your wishes. Group companies and parent companies are involved:

  • Viessmann Werke GmbH & Co. KG
  • Viessmann Germany GmbH
  • Viessmann PV + E-Systeme GmbH
  • VC/O GbmH
  • Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
  • Digital Energy Solutions GmbH & Co. KG

Your answers to surveys will not be passed on or published to other third parties.

The basis for data processing is Art. 6 para. 1 lit. f DSGVO, which permits the processing of data to protect the legitimate interests of the data controller, provided that the interests or fundamental rights and freedoms of the data subject do not prevail.

If you do not want your data to be used for the above-mentioned purposes of market and opinion research, you can object to this at any time. It is sufficient to send a short message (e-mail or letter) to the responsible body named under item 1.

In addition, we only use your data for market and opinion research if you have given your consent. When we obtain your consent, we will then inform you which data we use ourselves for market and opinion research and which of our cooperation partners may use this data for advertising purposes.

The legal basis for processing is Art. 6 para. 1 lit. a) DSGVO. You can revoke your consent at any time. The legality of the data processing already carried out remains unaffected by the revocation.

3.8 Cookies and right of objection

To make visiting this website attractive and to enable the use of certain functions, so-called cookies are used on various pages. These are small text files that are stored on your mobile device. Some of the cookies used are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your end device and enable your browser to recognize your next visit (persistent cookies). You can set your browser in such a way that you are informed about the setting of cookies and decide individually about their acceptance or exclude the acceptance of cookies for certain cases or generally. If cookies are not accepted, the functionality of this website may be limited.

In addition, a general objection to the use of cookies for online marketing purposes on a large number of services, in particular in the case of tracking, can be declared via the website (USA) http://www.aboutads.info/choices/ or the website (EU) http://www.youronlinechoices.com/.

We also use HTML5 storage objects that are stored on your mobile device. These objects store the required data independently of your browser and do not have an automatic expiry date. You can prevent the use of HTML5 storage objects by setting your browser to private mode. We also recommend that you regularly delete your cookies and your browser history manually.

3.9 Google Analytics

This website uses Google Analytics, a web analysis service of Google Inc. “(“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there.

However, if IP anonymisation is activated on this website, Google will reduce your IP address within Member States of the European Union or in other states party to the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with further services associated with website and Internet use.

The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.

This website uses Google Analytics with the extension “_anonymizeIp()”. As a result, IP addresses are further processed in abbreviated form, so that a personal relationship can be ruled out. As far as the data collected about you is personal, it will be excluded immediately and the personal data will be deleted immediately.

We use Google Analytics to analyse and regularly improve the use of our website. We can improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 Par. 1 sentence 1 lit. f DSGVO.

Third Party Information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of Use: http://www.google.com/analytics/terms/de.html, Privacy Policy: http://www.google.com/intl/de/analytics/learn/privacy.html, and Privacy Policy: http://www.google.de/intl/de/policies/privacy.

3.10 Google Maps

On our website we use the offer of Google Maps. This allows us to offer you interactive maps directly on the website and enables you to use the map function conveniently.

By visiting the website, Google receives the information that you have called up the corresponding subpage of our website. In addition, the data mentioned under point 3.2 will be transmitted. This is regardless of whether Google provides a user account that you are logged in with or whether no user account exists. If you are logged in to Google, your information will be directly associated with your account. If you do not wish to be associated with your profile on Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such evaluation takes place in particular (even for unlogged-in users) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.

For more information about the purpose and scope of data collection and its processing by Google Maps, please refer to the privacy policy of the provider. There you will also find further information about your rights in this regard and setting options for the protection of your privacy: http://www.google.de/intl/de/policies/privacy.  Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Maps is Art. 6 para. 1 sentence 1 lit. f DSGVO.

4. Disclosure of information 

Your personal data will not be transmitted to third parties for purposes other than those listed below. We will only pass on your personal data to third parties in the following cases,

  • You have given your express consent pursuant to Art. 6 para. 1 sentence 1 lit. a DSGVO.
  • the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f DSGVO is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data
  • It is the case that a legal obligation exists for the transmission according to Art. 6 para. 1 sentence 1 lit. c DSGVO
  • The transfer is legally permissible and required for the processing of contractual relationships with you pursuant to Art. 6 para. 1 sentence 1 lit. b DSGVO.
4.1 Transfer to Group and parent companies

In certain cases (for example for the purpose of direct advertising) we transmit data to group and parent companies of us. The individual cases are listed in Section 3.

4.2 Cooperation with contract processors and third parties

Within the scope of our processing, we will only disclose, transfer data to other persons and companies (contract processors or third parties) or grant them other access if we have legal permission. This is, for example, the case within the scope of the credit assessment, which is necessary for the fulfilment of the contract according to Art. 6 para. 1 lit. b DSGVO. Such a case also exists if you have consented, if a legal obligation provides for the transmission or if this takes place on the basis of our legitimate interests.

If we commission third parties with the processing of data on the basis of a so-called “order processing contract”, this is done on the basis of Art. 28 DSGVO.

4.3 Transfers to third countries

Data will only be processed by us in third countries (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or disclosed, transmitted or used in the context of the use of services of third parties if this is necessary to fulfil our (pre)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Data will only be processed in a third country if the special requirements of Art. 44 ff. DSGVO hold true. Processing then takes place, for example, on the basis of special guarantees, such as the officially recognised determination of a data protection level corresponding to the EU (e.g. for the USA by the “Privacy Shield”) or compliance with officially recognised special contractual obligations (so-called “standard contractual clauses”).

5. Deletion and storage of data

In principle, we delete your data immediately if it is no longer required for the above-mentioned purposes. Anything to the contrary shall only apply if temporary storage remains necessary. We store your data on the basis of legal proof and storage obligations, which result among other things from the German Commercial Code (e.g. Art. 257 HGB) and the Tax Code (e.g. Art. 147 AO). The storage periods are then up to ten full years. We also keep your data for as long as claims can be asserted against our company (statutory limitation period of three or up to thirty years). For the purposes of direct marketing and market research, your personal data will be stored for as long as we have a predominant legal interest in accordance with the relevant legal provisions, but for a maximum period of two years.

6. Your rights

You have the following rights:

  • Right to information (Art. 15 DSGVO): You can ask us to confirm whether personal data concerning you will be processed by me.
  • Right to rectification (Art. 16 DSGVO): You may immediately request us to rectify or complete any inaccurate personal data concerning you.
  • Right of deletion (Art. 17 DSGVO): You have the right to demand the immediate deletion of your personal data and we are obliged to delete this data immediately, unless one of the reasons stated in Art. 17 para. 1 lit. a) to f) DSGVO does not conflict with this.
  • Right to limitation of processing (Art. 18 DSGVO): Under the conditions set out in Art. 18 para. 1 DSGVO, you may request that the processing of your personal data be restricted.
  • Right to data transferability (Art. 20 DSGVO): You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format and you have the right to transmit this data to another person responsible without my interference, provided that the conditions set out in Art. 20 DSGVO are met.
  • Right of objection (Art. 21 DSGVO): You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you, which is based on data processing on the basis of a balance of interests (Art. 6 para. 1 lit. f DSGVO). In this case, we will no longer process the personal data unless we can prove compelling grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
  • Right of appeal to a supervisory authority (Article 77 DSGVO): Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State where you are staying, working or suspected of having infringed the DSGVO, if you believe that the processing of personal data concerning you is contrary to it.
  • Revocation of the consent to the data protection declaration: You can revoke your data protection declaration of consent at any time. This also applies to the declarations of consent issued to us before 25 May 2018. The revocation is valid for the future. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation.

In the above-mentioned cases, please contact the responsible body in accordance with Section 1.

In addition, you always have the option of contacting the responsible data protection supervisory authority. Responsible for us:
State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
PO Box 20 04 44
D-40102 Düsseldorf
Phone: 0211/38424-0
Fax: 0211/38424-10
E-mail: poststelle@ldi.nrw.de

7. Data security

The most common SSL (Secure Socket Layer) method is used in conjunction with the highest level of encryption supported by your browser. Whether a single page of this website is transmitted in encrypted form can be seen from the closed display of the key or lock symbol in the upper status bar of your browser. In addition, we use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. The security measures are continuously improved in line with technological developments. When communicating by e-mail, complete data security cannot be guaranteed, so we recommend that you send confidential information by post.

8. Timeliness and amendment of this data protection declaration

This privacy policy is currently valid and as of May 2018 and we reserve the right to amend it from time to time so that it always complies with current legal requirements or to implement changes to our services in the privacy policy, e.g. when introducing new services. The new data protection declaration will then apply for your next visit. You can access and print out the current data protection declaration at any time on the website under https://www.athion.de/en/privacy/.

Menu