Your personal data is of paramount importance to us at ENERGIEALLIANZ Austria GmbH. We take the protection of your personal data very seriously and fully comply with the applicable framework of legal provisions and standards. With this Privacy Statement, we wish to inform you in detail about the processing of your data in our company and the claims and rights to which you are entitled under data protection law.
We reserve the right to change, adjust or modify this Privacy Statement due to legal or technical developments at any time. The last updated version published on this website applies.
Last update: 24 May 2018
1. Who is responsible for processing your data?
Responsible for data processing:
ENERGIEALLIANZ Austria GmbH
Wienerbergstrasse 11, 1100 Vienna
Contact details of our data protection officer:
ENERGIEALLIANZ Austria GmbH
Data protection officer
Wienerbergstrasse 11, 1100 Vienna
2. Which data is processed and where does this data come from?
We process the personal data that we receive from you as part of our business relationship or which we generate for the performance of contractual obligations. In addition, we process data that we have legitimately received from credit agencies (Section 152 Trade Act (GewO), Section 31 Federal Data Protection Act (BDSG)), address publishers (Section 151 Trade Act (GewO)) and from publicly available sources (e.g., business register, association register, land register or media). We understand “personal data” as any information directly or indirectly relating to natural persons.
The personal data we process relating to you includes your personal details and contact information (e.g., name, address, other contact details, customer number), your contract details (e.g., tariff, supply period, commitment period), plant data (e.g., meter number, meter point designation), settlement date (e.g., invoice details, account information) as well as consumption data (e.g., consumption period, meter readings).
In addition, we may process information on your financial status (e.g., creditworthiness), advertising data (e.g., product offers), documentation data (e.g., notes and email conversations), marketing-related group membership and analysis data as well as data on the compliance with legal and regulatory requirements.
3. For which purposes and on which legal basis is your data processed?
We process your personal data for the following purposes and in compliance with the following legal basis:
within the scope of your consent (Article 6(1)(a) GDPR):
If you have given us your consent to the processing of your personal data for specific purposes, processing will only take place in accordance with the scope and for the purpose as set out in and agreed in the consent form. You may revoke your consent at any time, free of charge, and with effect for the future. In this case, the revocation does not affect the legality of the data processing that has been performed on the basis of the consent prior to the revocation. Find out more in Section 6.
for the purpose of fulfilling contractual obligations (Article 6(1)(b) GDPR):
The processing of your personal data is necessary for the fulfilment of a contract with you or for implementing pre-contractual measures. The purposes of data processing are first and foremost based on the actual product. Find out more about the details on data processing in the respective contract documents and our General Terms and Conditions.
for the purpose of fulfilling legal obligations (Article 6(1)(c) GDPR):
We are subject to certain legal obligations that may require us to process personal data. Such obligations may result, amongst others, from the following legal bases:
- Electricity Act (Elektrizitätswirtschafts- und -organisationsgesetz)
- Natural Gas Act (Gaswirtschaftsgesetz)
- Switching Ordinance (Wechselverordnung)
- Other market regulations on electricity and natural gas (published on the website of E Control Austria www.e-control.at
- )Federal Energy Efficiency Act (Bundes-Energieeffizienzgesetz)
- Electricty and Gas Supply Act (Gesetz über die Elektrizitäts- und Gasversorgung)
- Renewable Energies Act (Gesetz für den Ausbau erneuerbarer Energien)
- Business processes for supplying customers with electricity (GPKE)
- Business processes for switching gas supplier (GeLi Gas)
for the purpose of safeguarding legitimate interests (Article 6(1)(f) GDPR):
We process your data for the following purposes arising from our legitimate interests:
- Marketing in connection with own products and services
- Classifying customers into groups for marketing purposes (including the development of new products and services)
- Establishing Contact and exchanging data with as well as processing data from credit agencies to determine the maximum credit and default risk
- Processing and establishing contact for the purpose of quality assurance and to improve our offers and services
You have the right to object to the processing of your data in accordance with Article 21 GDPR. Find out more on this in Section 6.
4. Who receives your data?
We only pass on your personal data to third parties, if it is necessary for the fulfilment of (pre-)contractual or legal obligations, for safeguarding our legitimate interests, or permissible within the scope of your consent. In such a case, your data is transmitted to the following receivers:
- Businesses in accordance with your consent
- Service providers commissioned to process orders (e.g., mail delivery, collection of debts, IT services, credit agencies, address publishers)
- Other participants in the electricity and natural gas market if legally required (e.g., distribution system operators and energy suppliers when switching supplier)
- Public authorities and agencies if legally required (e.g., financial authorities, regulatory authorities)
Whenever your data is transmitted to recipients inside or outside our company, we always make sure to comply with the required legal basis and to protect your data and privacy.
5. How long is your data stored?
We generally retain your data for the duration of the entire business relationship as well as in accordance with the diverse range of storage and documentation obligations to retain data concerning your person, third parties, your business cases, and our contractual relationship even beyond its termination or conclusion of the business case, as applies, for example, to retention obligations under corporate law.
Moreover, we retain your data for as long as it is possible to assert legal claims arising from our contractual and business relationship to you and/or to safeguard our legitimate interests in accordance with Article 6(1)(f) GDPR.
6. What are your data protection rights?
You may request information about the origin, the categories, the storage period, the recipients, the purpose of the processing of the data concerning you and your business case as processed by us, and the nature of the processing.
If we process personal data of you which is incorrect or incomplete, you may request the rectification or completion of such data. You may also request the erasure of unlawfully processed data. However, please note that this does only apply for data that is incorrect, incomplete or unlawful. If it is unclear whether your personal data is processed incorrectly, incompletely or unlawfully, you may request the limitation of the processing of your data until the final clarification of this question. Please note that the rights set out above complement each other so that you can either request the rectification or completion of your data or their deletion.
Even if your personal data is correct and complete and has been processed correctly by us, you may still object to the processing of such data in specific and duly justified cases. You may also object without any specified reason, if you receive direct advertising from us and do not wish to receive it in the future.
You may receive your personal data that we have processed and that we have obtained by yourself in a specific, machine-readable format or on your request for such data to be transmitted directly to a third party selected by you provided that the recipient facilitates this from a technical perspective and the transmission of data does neither constitute a disproportionate effort nor conflict with a statutory confidentiality obligation or confidentiality considerations on our part or from a third party.
If we have received your data and process this data on the basis of consent provided by you, you can revoke this consent at any time, with the result that, upon receipt of your revocation of consent, we will no longer process your data for the purposes stated in the consent. The revocation does not affect the legality of the data processing that has taken place up until the revocation.
In all matters of concern, please contact us at firstname.lastname@example.org or ENERGIEALLIANZ Austria GmbH, Datenschutzbeauftragter (Data Protection Officer), Wienerbergstrasse 11, 1100 Vienna. If there is justifiable doubt as to your identity, we might ask you for proof of your identity such as an electronic copy of your identification document.
Even if we make the best efforts to ensure the protection and integrity of your data, differences of opinion over our use of your data cannot be ruled out. If you are of the opinion that we use your data in a manner that is not permissible, you have the right to file a complaint with the competent data protection supervisory authority (especially in the Member State constituting your place of residence and work).
7. Are you obliged to provide data?
The processing of your data as well as the data of third parties you make known to us is required for the establishment of your contractual relationship with us and/or for processing your business cases. If you do not provide us with these data, we may be unable to establish your desired contractual relationship or process your business cases. Please note that this would not constitute a failure to fulfil our contractual obligations.
8. Do you apply automated decision-making processes including profiling?
We do not apply any automated decision-making processes pursuant to Article 22 GDPR for the purpose of making a decision on the development, conclusion and performance of business relationships.
9. Data security
The security of your data is very important to us. Our goal is to manage your data with the utmost care and to take all necessary technical and organisational security measures to protect your personal data from being access by unauthorised third parties. We consequently use state-of-the-art security software as well as coding and classification systems to correspond to the highest international standards of security.
10.1. Provision of the website and creation of log files
- the website which you use to reach our website (so-called referrer information)
- your public IP address
- date and time of access
- the browser request (requested website name including optional request parameters)
- our server’s response code
- the volume of transferred data
- information on the used browser and operating system
This data is not stored together with other personal data of the user. Data is stored in log files to ensure the functionality of the website. In this context, the data is not analysed for marketing purposes. Data processing for these purposes is in our legitimate interests in accordance with Article 6(1)(f) GDPR.
The data stored in log files is deleted at regular intervals and no later than after six months. The user cannot object to the collection of data for the provision of the website or the storage of data in log files as such data is absolutely required for the operation of the website.
Cookies are small files that enable this website to store specific information relating to the user on the computer of the visitor. Cookies help us determine how many users visit the website and how often it is used in order to improve the website’s user-friendliness and effectiveness. We make use of session cookies that are only stored temporarily while you are using our website on the one hand and permanent cookies that contain information about visitors who access our website more than once on the other. These cookies are used in order to provide optimal user guidance, to recognise returning visitors and to make the website more attractive and its content as interesting as possible when you use the website again. A persistent cookie is limited to an identification number. Your name, IP address etc. are not saved. We do not create an individual profile of your online activities.
The processing of personal data by means of cookies is based on your consent in compliance with Article 6(1)(a) GDPR. You have the right to revoke your consent at any time and use our offers without cookies, for example, by deactivating or temporarily limiting the storage of cookies on your browser, blocking cookies from specific websites, or configuring your browser (e.g., Chrome, IE, Firefox) to notify you upon transmission of a cookie. You may also delete cookies from your hard disk at any time. Please note, however, that in this case you will have to expect a limited website presentation and limited user guidance.
10.3. Google Analytics
We use Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses so-called “cookies”, which are text files placed on your computer to help the website analyse how you use the site. The processing of personal data is based on your consent in compliance with Article 6(1)(a) GDPR. You have the right to revoke your consent to the processing of personal data at any time. Find out more about revoking your consent in Section 10(2).
The information generated by cookies about your use of our website (including your IP address) will be transmitted to and stored by Google on a server in the United States of America. However, if IP anonymisation is activated on this website, Google will reduce your IP address within Member States of the European Union or in other countries party to the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States of America and shortened there. Google committed to comply with the EU-US Privacy Shield Frameworks as set forth by the US Department of Commerce regarding the collection, use and retention of personal information from European Union member countries (https://www.google.de/intl/en/policies/privacy/frameworks/). Google, including Google Inc. and its wholly-owned US subsidiaries, has certified that it adheres to the Privacy Shield Principles.
Google will use this information for the purpose of evaluating your use of the website, compiling reports on your website activity for us as the website operator, and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. The IP address transmitted by your browser in the context of Google Analytics is not merged with other data. Find out more about data processing by Google at: https://www.google.com/intl/de/policies/privacy/.
10.4. Integration of services and third-party content
Third-party content such as YouTube videos, map material from Google Maps, RSS feeds or graphics from other websites may be integrated within this online offer, which always presumes that these content providers (in the following referred to as “third-party providers”) are able to perceive the user’s IP address since, without the IP address, content could not be sent to the user’s browser. Thus, the IP address is required for displaying content. We strive to only use content whose respective providers exclusively use IP addresses for delivering content. However, we have no influence on the saving of IP addresses by third-party providers, e.g. for statistical purposes. In this matter, we will inform users to the best of our knowledge.
10.5. Contact form
On our website, offer users the option of using online forms to contact us electronically. If you use such an online form, the data you enter will be transmitted to us and stored.
Alternatively, you may also contact us by writing an email to the provided address. In this case, your personal data transmitted in the course of sending the email will be stored. This data will not be transferred to third parties and is exclusively processed for purpose of communication. The legal basis for the processing of such data is Article 6(1)(f) GDPR. If the email contact aims at the conclusion of a contract, then additional legal basis for the processing is Article 6(1)(b) GDPR.
The processing of the personal data is exclusively used for the purpose of processing the contact. You have the right to object to the storage of your data at any time; in such a case, the conversation cannot be continued.
10.6. Press distribution list
If you have subscribed to our free press distribution list, the data entered into the respective input mask is transmitted to us and processed. The respective data is exclusively used for the purpose of sending out press releases or corporate information. For this we employ the services of Foggensteiner PR GmbH as the data processor.
The concerned user may discontinue the press distribution list subscription at any time by sending an email to email@example.com. Insofar as we obtain the consent of the user for the processing of personal data, Article 6(1)(a) GDPR serves as the legal basis. In the processing of personal data required for the performance of a contract to which the user is a party, Article 6(1)(f) GDPR serves as the legal basis.
If you have subscribed to a free newsletter, the data entered into the respective input mask is transmitted to us and processed. The respective data is exclusively used for the purpose of sending out the newsletter. For this we employ the services of emarsys eMarketing Systems AG as the data processor.
The concerned user may discontinue the newsletter subscription at any time. A corresponding link will be attached to each newsletter. Insofar as we obtain the consent of the user for the processing of personal data, Article 6(1)(a) GDPR serves as the legal basis. In the processing of personal data required for the performance of a contract to which the user is a party, Article 6(1)(f) GDPR serves as the legal basis.