(status 01. 10. 2021)We appreciate your visit to our website and your interest in Vattenfall InCharge, the e-mobility initiative of Vattenfall Smarter Living GmbH and InCharge AB. We take the protection of your data very seriously and want you to feel safe and comfortable when visiting our website.
This Privacy Notice informs you about the processing of your personal data when you use our website www. incharge. vattenfall. de.
User information and information obligations of Vattenfall Smarter Living GmbH and InCharge AB according to the General Data Protection Regulation (GDPR)
A) Information about the data processor
Jointly responsible persons
In the following, we provide you with all essential content, which we contractually assume in the course of a joint responsibility acc. to. Art. 26 para. 2 S. 2 GDPR for the processing of personal data in the context of the joint operation of the website www. incharge. vattenfall. de.
Vattenfall Smarter Living GmbH
Contact details of the Data Protection Officer:
What is the reason for joint responsibility?The reason for the joint responsibility agreement is the joint operation of the website, as well as the collection, storage and processing of access data and information collected and processed by cookies. This brings to an end the joint responsibility of the parties.
What have the companies agreed to and what does this mean for those affected?As part of our joint responsibility for data protection, we have agreed which of us fulfils which obligations under the GDPR. This concerns in particular the exercise of the rights of data subjects and the fulfilment of information obligations pursuant to Articles 13 and 14 GDPR.
Within the scope of joint responsibility
Vattenfall Smarter Living GmbH is responsible for collecting the data.
Vattenfall Smarter Living GmbH is responsible for the storage of the data.
Vattenfall Smarter Living GmbH is responsible for amending and deleting the data, restricting their processing and transferring them in accordance with Article 20 of the GDPR.
However, you are free to assert your data protection rights against each individual company. Data subjects will generally receive the information from the entity where the rights were asserted.
The companies shall inform each other without delay of any legal positions asserted by data subjects. They shall provide each other with all information necessary to respond to requests for information.
The companies shall jointly provide the data subjects with the information required in accordance with Art. 13 and Art. 14 of the GDPR. However, you are also welcome to contact our data protection officer if you have any questions.
B) Website visit and access dataWhen you visit our website, we only collect the personal data that your browser transmits to our server – so-called access data or log files. The access data includes the IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (i. e. name of the specifically accessed website), access status/HTTP status code, amount of data transmitted, referrer URL (previously visited page), operating system and its interface, language and version, and type browser software, type and version of mobile device, notification of successful retrieval. Each device needs a unique IP address to transmit data over the Internet. We store these temporarily for the purpose of data security (e. g. to investigate misuse or fraud) in order to ensure the stability and operational safety and accountability of our system. No personal evaluation takes place. A statistical evaluation of anonymized data sets remains reserved. Data will be passed on if it is necessary to assert, exercise or defend legal claims. Access data are only evaluated for the technical operation of the website and deleted within 30 days, unless they are further required for evidentiary purposes in legal proceedings.
The legal basis of the data processing is according to Art. 6 para. 1 bed. f GDPR, our overriding legitimate interest:
- Ensuring the functionality of the website, IT security and stability of our systems
- Asserting legal claims and defending legal disputes
Technically necessary cookies/tools
These tools are necessary for the smooth functioning of our websites and for IT security reasons and cannot be disabled in our systems, e.g., use of the cookie bar (cookie banner) on the website, storage of the user's consent status for cookies on the current domain, website hosting.
The use of the tools is based on Art. 6 para. 1 lit. f DSGVO.
Tools for statistical purposes
Statistical tools are used to be able to perform statistical analyses of user behavior on Internet pages. This serves to better understand which functions are useful and necessary for the user. For this purpose, statistics are generated that provide an overview of visits and access sources. This is done through the use of our own cookies (so-called first party cookies) and third-party cookies (so-called third party cookies). We thereby gain additional insights into the reach and design of our website. We can thus optimize actions and campaigns in a more targeted manner for our customers.
The data processing is based on Art. 6 para. 1 lit. a DSGVO: Your consent.
Tools for personalization or marketingOur website uses various tools and services to personalize and optimize the user experience as well as our advertising campaigns. By using tools for personalization, individual, promotional content can be displayed in a targeted manner. In this context, the data processing is based on Art. 6 para. 1 lit. a DSGVO: Your consent. The following operators and services and their associated cookies are used by us
Microsoft Azure is a scalable cloud computing platform from Microsoft that provides various cloud services for running websites and other services worldwide.
Microsoft BingWe use Microsoft Bing to measure whether a click on an ad placed by Bing resulted in a redirect to our website. We only learn the number of users who clicked on a Bing ad and were then redirected to our site. Information that makes personal identification possible is not transmitted.
Microsoft Dynamics 365 Marketing Cookies ("Dynamics").For the purpose of tracking contact form submissions, we use Microsoft Dynamics 365 Marketing forms that allow us to transfer captured data from the website directly to our marketing automation system or CRM system. When a form is submitted, Dynamics correlates the behavioral analytics cookie ID with the incoming contact data. Thus, the cookie ID is mapped to a Dynamics contact ID. From which we can identify who has visited the website. We use this data to analyze behavior on our website and provide you with a personalized experience. If you do not wish to allow these cookies, you will not be able to access the registration form to subscribe to our marketing mailings.
For the purpose of demand-oriented design and continuous optimization of our website, we use Google Analytics. In this context, pseudonymized usage profiles are created and cookies are used. The information generated by the cookies about your use of this website (including your abbreviated IP address) is transmitted to Google servers in the USA and stored there. The collected data is used by us to evaluate the use of the website. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. We would like to point out that on this website Google Analytics has been extended by the code "anonymizeIp" to ensure anonymized collection of IP addresses. For this purpose, the last octet of the IP address is replaced by a 0.
Through the use of Google Analytics, the following data is processed:
- 3 bytes of the IP address of the system called up
- the website visitor (anonymized IP address),
- the web page accessed,
- the website from which the user reached the accessed page of our website (referrer),
- the subpages accessed from the website,
- the time spent on the website
- the frequency with which the website is accessed.
Google Tag Manager
The Google Tag Manager is a technical tool for running tools or scripts on our website. In doing so, the Google Tag Manager uses the available information about we measure and optimize the success of various advertising measures and tailor advertising better to your needs.
For the purpose of tracking entries in contact forms, we use Google reCAPTCHA (hereinafter reCAPTCHA) a captcha service from Google. reCAPTCHA helps us to ensure that entries made on our website are actually made by a real person and not automated, for example, by software (so-called robots, bot). For example, for this purpose, a clickable checkbox "I am not a robot" is displayed. reCAPTCHA analyzes the behavior of the user based on various characteristics as soon as the user visits the website.By using Google reCAPTCHA, the following data is processed:
- IP address
- Referrer URL (the address of the page from which the visitor came)
- Browser PlugIns
- Information about the operating system (Windows, Linux, iOS)
- Mouse movements and keyboard strokes
- User device settings (e.g. language settings, location, browser, etc.)
For more information on how reCAPTCHA works, please visit: https://developers.google.com/recaptcha/
For analysis purposes and the evaluation of the use of our website, we use the provider Hotjar. Hotjar supports us with statistics, graphics and evaluations of user behavior. With Hotjar, it is possible to record and analyze user behavior (e.g. clicks, mouse movements, scrolling distance). In doing so, we collect information about user behavior with regard to navigation through the site as well as basic key data (e.g. anonymized IP address, screen size, device and browser information, geographical locations, preferred language, etc.).
Provider information: Hotjar Ltd. St Julians Business Centre 3, Elia Zammit Street, St Julians, 3155, Malta.
For the purpose of collecting customer feedback, we use the Usabilla cookie. With Usabilla, we ask for your opinion on specific web pages that we use to improve our website. Usabilla does not share any data with third parties .
Browser settings Cookies
If you wish to prevent or restrict future data processing by cookies, you can configure appropriate settings in your browser, e.g. disable cookie use, using the following links:
Mozilla Firefox: https://support.mozilla.org/de/kb/
Internet Explorer: https://support.microsoft.com/de-de/help/17442/
Google Chrome: https://support.google.com/accounts/
You can revoke your consent at any time with effect for the future in the cookie banner, which you can display via the menu item "Customize cookies" in the footer. You can deactivate cookies that are not technically necessary in the cookie settings.
Cookie settings and storage period
We store the cookies as long as they are necessary for the use of the purpose and consent is given by you. You can configure the cookies used on the website, their storage duration and cookie adjustments in the cookie banner, which you can have displayed via the menu item "Customize cookies" in the footer.
D) Passing on of data
E) Storage period of personal data
We store personal data for as long as it is necessary for the use of the purpose. The cookies used on the website, their storage duration and cookie adjustments can be found in the cookie banner, which you can display via the menu item "Adjust cookies" in the footer.
F) Information about data subject rights
If you have any questions regarding the processing of your personal data, you can contact our data protection officer directly, who is also available with his team in the event of requests for information, applications or complaints. All inquiries regarding the data stored about you in accordance with Art. 15 DS-GVO should be addressed to:
Vattenfall Smarter Living GmbHData Protection OfficerSellerstraße 16
InCharge ABData Protection OfficerE-Mail:
The data protection officer is also your contact for exercising your rights to rectification in the event of errors in the storage and processing of your data (Art. 16 DS-GVO), deletion of your data, for example, if the purpose ceases to apply or if you revoke consent granted (Art. 17 and 18 DS-GVO), restriction of processing, for example, due to the contestation of the accuracy of personal data or for the protection of possible existing claims (Art. 18 DS-GVO), objection to processing based on legitimate interest (Art. 21 DS-GVO) and data portability over the data provided by you in a machine-readable format (Art. 20 DS-GVO).
Revocation of consent
If your data processing is based on the legal basis of consent, you have the right to revoke this consent at any time for the future.
Objection according to Art. 21 DS-GVO:
If the data processing is carried out on the basis of balancing interests according to Art. 6 (1) lit f DS-GVO, you have the right to object to this processing at any time on the basis of reasons arising from your particular situation. Please send your objection to: firstname.lastname@example.org
Right of appeal
In addition, there is a right of appeal to a competent data protection supervisory authority (Art. 77 DS-GVO). The data protection supervisory authority responsible for Vattenfall Smarter Living GmbH can be reached at:
The Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstraße 219, 10969 Berlin.
When using the service offerings, your personal data is transmitted over the Internet in encrypted form using a secure transmission protocol (https). We regularly use technical and organizational measures to secure our websites and other systems against access, loss, destruction or modification of your data by unauthorized persons.
Reporting security breaches through Responsible Disclosure
Vattenfall attaches the highest importance to the security of its information and communication systems. In principle, security vulnerabilities cannot be 100% excluded. Exploitation or misuse of these security vulnerabilities is illegal.
To prevent identified security vulnerabilities from being exploited by attackers, the German Federal Office for Information Security (BSI) also recommends the application of the "Responsible Disclosure" principle. The application of this principle guarantees a coordinated and trust-based cooperation between the discoverer of the security vulnerability and the affected manufacturer or service provider.
Modification of this data information
In the event of changes in content or law, we reserve the right to amend this data protection information as necessary. You can access the current data protection information at any time on the website at www.incharge.vattenfalll.de.