What is the reason for the joint responsibility?

The reason for the agreement on joint responsibility is the shared operation of the website as well as the collection, storage and processing of access data and information recorded and processed by cookies. This concludes the joint responsibility of the parties.
 

What have the companies agreed and what does it mean for those affected?

As part of the joint data protection responsibility, we have agreed who will fulfil which obligations in accordance with GDPR. In particular, this relates to the exercise of rights by data subjects and fulfilling the information obligations in accordance with Articles 13 and 14 GDPR.

As part of the joint responsibility,

• Vattenfall Smarter Living GmbH is responsible for collecting data.
• Vattenfall Smarter Living GmbH is responsible for storing data.
• Vattenfall Smarter Living GmbH is responsible for modifying and deleting data, the restriction
• of its processing and its transmission in accordance with Article 20 GDPR.

You are free, however, to assert your data protection rights with either company. Data subjects will always receive information from the authority where the rights have been asserted.

The companies will notify each other immediately of legal positions asserted by data subjects. Both parties will supply each other with all required information to answer questions from those seeking information.

The companies will provide the information required in accordance with Article 13 and Article 14 GDPR to the data subjects. Alternatively, feel free to contact our Data Protection Officer if you have any questions.

B) Website visits and access data

When you visit our website, we only collect the personal data that your browser transmits to our servers – so-called access data or log files. Access data includes the IP address, date and time of the request, time zone difference compared with Greenwich Mean Time (GMT), content of the request (i.e. name of the specific website that was accessed), access status/HTTP status code, the data quantity transmitted in each case, referrer URL (previously visited site), operating system and its interface, language and version as well as type of browser software, type and version of the mobile device, notification about successful access. Every device requires a unique IP address for transmitting data via the Internet. We store it temporarily for data security (e.g. to clarify misuse or fraudulent actions) to guarantee the integrity, operational reliability and accountability of our system. No personal data is analysed in this process. We reserve the right to analyse anonymised data sets for statistical purposes. Data is transmitted when this is required for the assertion, exercise or defence of legal claims. Access data is merely analysed for the technical operation of the website and deleted after 30 days if this is not required as proof in prosecution.  

The legal basis of data processing in accordance with Article 6 Paragraph 1 lit. f GDPR is our overriding legitimate interest:

• Guaranteeing the functionality of the website, IT security and integrity of our systems
• Assertion of legal claims and defence in the event of legal disputes 

C) Cookies

We use cookies to provide a more personalised experience on our websites for you, and to continuously improve. Cookies are text files that a web server can store on your end device (e.g. computer, smartphone, tablet) to identify the end device for the duration of the visit. We use cookies that are automatically deleted when you finish browsing (session cookies) as well as cookies that help us to recognise you the next time you visit our websites (personalised cookies). We use cookies required for technical purposes for the smooth operation of our websites and for IT security reasons (access data described above). Furthermore, we use cookies for anonymous statistics on our websites as well as to display personalised content (the legal basis for data processing in accordance with Article 6 Paragraph 1 lit. a GDPR is your consent). If they are not required for technical purposes, you can decide which cookies you want to allow and which you want to reject. In accordance with Article 49 Paragraph 1 lit. a GDPR, your consent also includes the transmission to or data processing by service providers in third countries that do not have data protection levels comparable with the European Union. If personal data (e.g. personal identifiers or IP addresses) is transmitted, there is a risk that authorities in that country (e.g. intelligence services) may process your data and your rights cannot be asserted. Your selection can be changed at any time.

Cookies/tools required for technical purposes

These tools are required for the smooth operation of our websites as well as for reasons of IT security. They cannot be deactivated in our systems, e.g. use of the cookie bar (cookie banner) on the website, saving the consent status for cookies provided by the user on the current domain, website hosting.
The use of the tools is based on Article 6 Paragraph 1 lit. f GDPR.

Tools for statistical purposes

Statistical tools are used to perform statistical analyses of user behaviour on websites. They are designed so we can better understand which features are useful and necessary for the user. For this purpose, statistics are generated that give an overview of visits and access sources.  We use our own cookies for this (so-called First Party Cookies) and those provided by third parties (so-called Third Party Cookies). This provides us with additional insight about the reach and design of our web presence. In this way, we can target and optimise promotions and campaigns for our customers.
Data is processed on the basis of Article 6 Paragraph 1 lit. a GDPR: your consent.

Tools for personalisation or marketing

Our website uses different tools and services for personalisation and optimisation of the user experience as well as for our advertising campaigns. By using tools for personalisation, we can target advertising contents at an individual. 
Data is processed on the basis of Article 6 Paragraph 1 lit. a GDPR: your consent.
We use the following operators and services and their associated cookies:

Microsoft Services

Provider information: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (“Microsoft”).
You can find information about usage conditions and data protection here: https://privacy.microsoft.com/de-de/privacystatement

Microsoft Azure

Microsoft Azure is a scalable cloud computing platform provided by Microsoft that offers different cloud services to operate websites and other services all over the world.

Microsoft Bing

We use Microsoft Bing to measure whether a user has been redirected to our website after clicking on an advert displayed by Bing. We only find out the number of users who have clicked on a Bing advert and are subsequently redirected to our site. Information that makes personal identification possible is not transmitted.

Microsoft Dynamics 365 Marketing Cookies (“Dynamics”)
In order to track input in contact forms, we use forms provided by Microsoft Dynamics 365 Marketing. They allow us to directly transfer data recorded on the website to our marketing automation system or CRM system. When the form is submitted, Dynamics associates the behaviour analysis cookie ID with the incoming contact data. This is how a cookie ID is allocated to a Dynamics contact ID. We can then identify who has visited the website. We use this data to analyse behaviour on our website and to provide you with a personalised experience. If you do not want to accept these cookies, you cannot access the contact form to subscribe to our marketing mailings.

Piwik PRO
Our website uses the Piwik PRO Tag Manager. The Tag Manager is used to manage the tools and cookies that we use on our website and allows the use of so-called tags. A tag is a code element that is stored in the source code of the website, for example to control which page or service elements and tools as well as cookies and similar technologies are activated and loaded in which order. The tool triggers other tags, which in turn may collect data.

The following data can be processed through the use of the tool

• Date and time of the current and, if applicable, last session
• IP address (anonymised)
• Date and time of the enquiry

Provider information: Piwik PRO GmbH, Kurfürstendamm 21, 10719 Berlin.

Further information on terms of use and data protection can be found here:
https://piwikpro.de/datenschutz/

Friendly Captcha
This website uses a service provided by Friendly Captcha GmbH (Am Anger 3-5, 82237 Wörthsee, Germany).

Friendly Captcha is a new, privacy-friendly solution to prevent automated programs and scripts (so-called “bots”) from affecting our website. For this purpose, we have integrated Friendly Captcha into our website (e.g. for contact forms). When a visitor access our website, a connection is established to the servers of Friendly Captcha in order to send a puzzle to the device of the visitor. The visitor’s device solves the puzzle, which requires certain system resources, and sends the result to our web server. It contacts the Friendly Captcha server via an interface and receives a response indicating whether the puzzle was solved correctly. Depending on the result, we can apply security rules to the request via our website and, for example, process it further or reject it.

We use data solely for protection against spam and bots as described above. Friendly Captcha does not set or read any cookies on the visitor’s device. Friendly Captcha anonymize IP addresses using a one-way hash of certain values so they cannot be personally identified.

Legal basis:

Art. 6 para. 1 lit. f GDPR. Our legitimate interests are the protection of our website against abusive access by bots, consequently spam protection and protection against attacks (e.g. mass requests).

Storage period:

We do not store any personal data in this regard.

Further information on data protection when using Friendly Captcha can be found at https://friendlycaptcha.com/legal/privacy-end-users/.

Visual Website Organizer (VWO)

We use VWO as a provider to analyse and evaluate the use of our website. VWO supports us with statistics, graphs and evaluations of user behaviour. Using Hotjar, it is possible to record and analyse user behaviour (e.g. clicks, mouse movements, scrolling distance). During this process, we collect information about user behaviour relating to the navigation of our website as well as basic key data (e.g. anonymised IP address, screen size, device and browser information, geographic locations, preferred language etc.).

Provider information: 1104, 11th Floor, KLJ Tower B-5, Netaji Subhash Place, Pitampura, Delhi-110034

For further information about usage conditions and data protection, please see: https://vwo.com/de/privacy-policy/

Cookie browser settings

If you would like to prevent or restrict future data processing by cookies, you can configure the relevant settings in your browser, such as deactivation of cookie use, via the following links:

• Mozilla Firefox: https://support.mozilla.org/de/kb/
• Internet Explorer: https://support.microsoft.com/de-de/help/17442/
• Google Chrome: https://support.google.com/accounts/
• Opera: http://www.opera.com/de/help
• Safari: https://support.apple.com/kb/PH17191

Revocation

You can revoke your consent at any time with effect for the future. To do this, go to the cookie banner which you can display via the “Adjust cookies” menu item in the footer. Cookies that are not required for technical purposes can be deactivated in the cookie settings.

Cookie settings and storage duration

We store cookies for as long as they are required to fulfil their purpose and while we have your consent. You can configure the cookies used on the website, their storage duration and cookie settings. To do this, go to the cookie banner which you can display via the “Adjust cookies” menu item in the footer.

D) Transfer of data

We do not share personal data via our websites. Communication for web analysis purposes takes places in an anonymised way only, by using cookies from the providers described in the sections on web tracking. Your consent is still required for this processing. You can adjust your decision concerning the use of statistical or personalised cookies at any time via the instruction in the footer of our pages.

E) Storage duration of personal data

We store personal data for as long as it is required to fulfil its purpose. You can find the cookies used on the website, their storage duration and cookie settings in the cookie banner which you can display via the “Adjust cookies” menu item in the footer.

F) Information about rights of data subjects

If you have any questions about the processing of your personal data, you can contact our Data Protection Officer directly. The Data Protection Officer and his/her team are also available for requests for information, applications and complaints. Please send any enquiries regarding data stored about you in accordance with Article 15 GDPR to:

The Data Protection Officer is also your contact person for exercising your rights to correct errors that may have occurred during storage and processing of your data (Article 16 GDPR), to delete your data, e.g. when the purpose is no longer relevant or you revoke your consent (Article 17 and 18 GDPR), to restrict the processing, e.g. when there is a dispute about personal data being correct or for the continuation of potential entitlements (Article 18 GDPR), to object to processing based on legitimate interest (Article 21 GDPR) and to data portability in a machine-readable format of the data you have provided (Article 20 GDPR).

 
Withdrawal of consent

If consent forms the legal basis for the processing of your data, you have the right to withdraw this consent at any time for the future.

Objection pursuant to Article 21 GDPR:
If data processing takes place on the basis of a balance of interests in accordance with Article 6 Paragraph 1 lit. f GDPR, you have the right to object to this processing at any time for reasons arising from your particular situation. Please send your objection to: kundenservice@goincharge.com

Right to lodge a complaint

In addition, you have the right to lodge a complaint with the relevant data protection supervisory authority (Article 77 GDPR). You can contact the data protection supervisory authority responsible for Vattenfall Smarter Living GmbH at:
Berliner Beauftragte für Datenschutz und Informationsfreiheit [Berlin Commissioner for Data Protection and Freedom of Information] Friedrichstraße 219, 10969 Berlin

Data security

Your personal data will be transmitted via the internet when you use our services. This process is encrypted using a secure transfer protocol (https). We regularly secure our websites and other systems from access, loss, destruction and change of your data by unauthorised persons by using technical and organisational measures.

Notification of security vulnerabilities via “Responsible Disclosure”

Vattenfall prioritises the security of its information and communication systems. Despite these efforts, it is not possible to entirely exclude the existence of security vulnerabilities. The exploitation or misuse of such security vulnerabilities is illegal.
To prevent identified security vulnerabilities from being exploited by hackers, the Federal Office for Information Security (BSI = Bundesamt für Sicherheit in der Informationstechnik) recommends adopting the principle of responsible disclosure. The use of this principle guarantees co-ordinated collaboration based on trust between the party that discovers the security vulnerability and the producer or service provider affected by it.

Change of this data information

In the event of content-related or legal changes, we reserve the right to adapt this data protection information as required. You can access the current Privacy Notice at any time on our website www.incharge.vattenfalll.de.