As of: December 11, 2023
Dr. Dominik Freund
The following overview summarizes the types of processed data and the purposes of their processing, and refers to the affected individuals.
Types of processed data
Categories of affected persons
Purposes of processing
Relevant legal grounds under the GDPR: Below is an overview of the legal grounds of the GDPR on which we base the processing of personal data. Please note that, in addition to the GDPR provisions, national data protection regulations may apply in your or our country of residence or registered office. If more specific legal grounds apply in individual cases, we will inform you of them in the privacy policy.
National data protection regulations in germany: In addition to the GDPR, national regulations on data protection apply in Germany, notably the Federal Data Protection Act (BDSG). The BDSG contains special provisions regarding the right of access, right to erasure, right to object, processing of special categories of personal data, processing for other purposes, and data transfer and automated decision-making, including profiling. Furthermore, the data protection laws of the individual federal states may apply.
Note on the applicability of the GDPR and Swiss data protection act (DSG): These privacy notices serve to inform you in accordance with the Swiss Federal Data Protection Act (Swiss DSG) and the General Data Protection Regulation (GDPR). Therefore, please note that, for reasons of broader spatial application and comprehensibility, the terms used in the GDPR are employed. Specifically, instead of the terms “processing” of “personal data,” “overriding interest,” and “particularly sensitive personal data” used in the Swiss DSG, the terms used in the GDPR, such as “processing” of “personal data” and “legitimate interest” and “special categories of data,” are used. However, the legal meaning of these terms will remain defined according to the Swiss DSG under its applicability.
We implement technical and organizational measures in accordance with legal requirements, considering the state of technology, implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the varying probabilities and extents of the threat to the rights and freedoms of natural persons, to ensure an appropriate level of protection.
These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling both physical and electronic access to the data, as well as access, input, transmission, ensuring availability, and separation of data. Furthermore, we have procedures in place to ensure the exercise of data subject rights, data erasure, and responses to data threats. Additionally, we consider data protection already in the development or selection of hardware, software, and processes, in line with the principle of data protection through technology design and privacy-friendly default settings.
In the context of our processing of personal data, it may occur that data is transferred or disclosed to other entities, companies, legally independent organizational units, or individuals. Recipients of this data may include service providers tasked with IT operations or providers of services and content integrated into a website. In such cases, we comply with legal requirements and, in particular, conclude appropriate contracts or agreements to protect your data with the recipients of your data.
Data processing in third countries: If we process data in a third country (i.e., outside the European Union (EU), European Economic Area (EEA)) or if the processing occurs as part of using third-party services or disclosure or transfer of data to other persons, entities, or companies, this will only take place in accordance with legal requirements. If the level of data protection in the third country has been recognized through an adequacy decision (Art. 45 GDPR), this serves as the basis for the data transfer. Otherwise, data transfers occur only when the data protection level is ensured by other means, particularly through standard contractual clauses (Art. 46(2)(c) GDPR), explicit consent, or in the case of contractual or legally required transfer (Art. 49(1) GDPR). Furthermore, we will inform you about the basis for data transfers to third countries when using third-party providers from such countries, where adequacy decisions serve as the primary basis. Information on third-country transfers and existing adequacy decisions can be found in the EU Commission’s information offer: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de.
EU-US trans-atlantic data privacy framework: As part of the “Data Privacy Framework” (DPF), the EU Commission has recognized the data protection level for certain U.S. companies as secure under the adequacy decision from July 10, 2023. The list of certified companies, as well as additional information on the DPF, can be found on the U.S. Department of Commerce website at https://www.dataprivacyframework.gov/ (in English). We will inform you within our privacy notices which of the service providers we use are certified under the Data Privacy Framework.
Cookies are small text files or other storage markers that store information on end devices and read information from these devices. For example, they store login status in a user account, shopping cart contents in an online shop, visited content, or used functions of an online offer. Cookies can also be used for various purposes, such as ensuring the functionality, security, and comfort of online offers as well as creating analyses of visitor traffic.
Consent notice: We use cookies in compliance with legal regulations. Therefore, we obtain prior consent from users, unless it is not legally required. Consent is not necessary if storing and reading the information (including cookies) is strictly necessary to provide the online service explicitly requested by users (i.e., our online offer). Cookies that are strictly necessary typically include those for displaying and operating the online offer, load balancing, security, storing user preferences and selections, or similar purposes related to providing the main and secondary functions of the online offer requested by users. Revocable consent is clearly communicated to users and includes information on the specific cookie use.
Notes on data protection legal grounds: The legal grounds for processing personal data using cookies depend on whether we ask users for consent. If users consent, the legal ground for processing their data is the declared consent. Otherwise, data processed through cookies is based on our legitimate interests (e.g., for the operational business of our online offering and improving its usability) or, when required to fulfill our contractual obligations, if the use of cookies is necessary to meet those obligations. The purposes for which we process cookies will be explained in this privacy notice or during our consent and processing procedures.
Storage duration: Regarding the storage duration, the following types of cookies are distinguished:
General information on revocation and objection (Opt-Out): Users can revoke their consent at any time and object to the processing in accordance with legal requirements. Users can limit cookie use in their browser settings (although this may also limit the functionality of our online offerings). Objections to the use of cookies for online marketing purposes can also be made through the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.
Legal grounds: Legitimate interests (Art. 6(1) Sentence 1 lit. f) GDPR), Consent (Art. 6(1) Sentence 1 lit. a) GDPR).
Further information on processing activities, procedures, and services: Processing of cookie data based on consent: We implement a cookie consent management procedure in which user consents to the use of cookies and related processing and providers are obtained and managed. The consent declaration is stored to avoid asking for consent repeatedly and to be able to demonstrate consent according to legal obligations. Storage may occur server-side and/or in a cookie (so-called opt-in cookie or similar technologies) to associate consent with a user or their device. Subject to specific information on the providers of cookie management services, the following applies: The duration of consent storage may be up to two years. A pseudonymous user identifier is created and stored along with the time of consent, details on the scope of consent (e.g., which categories of cookies or service providers), as well as browser, system, and device used.
Legal grounds: Consent (Art. 6(1) Sentence 1 lit. a) GDPR).
We process user data to provide our online services. For this purpose, we process the user’s IP address, which is necessary to transmit the content and functions of our online services to the user’s browser or device.
Processed data types: Usage data (e.g., visited websites, interest in content, access times); Meta, communication, and procedural data (e.g., IP addresses, time stamps, identification numbers, consent status).
Affected persons: Users (e.g., website visitors, users of online services).
Purpose of processing: Provision of our online services and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)); Security measures.
Legal basis: Legitimate interests (Art. 6 (1) Sentence 1 lit. f) GDPR).
Additional information on processing procedures, processes, and services:
Collection of access data and log files: Access to our online offer is logged in the form of so-called “server log files.” The server log files may include the address and name of the retrieved websites and files, date and time of retrieval, transferred data volume, message of successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), and typically IP addresses and the requesting provider. Server log files may be used for security purposes, e.g., to prevent server overload (especially in the case of abusive attacks, such as DDoS attacks) and to ensure the load and stability of the servers;
Legal basis: Legitimate interests (Art. 6 (1) Sentence 1 lit. f) GDPR).
Data deletion: Logfile information is stored for a maximum of 30 days and then deleted or anonymized. Data that needs to be retained for evidentiary purposes are exempt from deletion until the incident has been fully clarified.
When contacting us (e.g., by mail, contact form, email, phone, or via social media), as well as within existing user and business relationships, the details of the requesting persons are processed to the extent necessary to respond to the inquiries and any requested actions.
Processed data types: Contact data (e.g., email, phone numbers); content data (e.g., inputs in online forms); usage data (e.g., visited websites, interest in content, access times); meta, communication, and procedural data (e.g., IP addresses, time stamps, identification numbers, consent status).
Affected persons: Communication partners.
Purpose of processing: Contact inquiries and communication; management and response to inquiries; feedback (e.g., collecting feedback via online forms). Provision of our online services and user-friendliness.
Legal basis: Legitimate interests (Art. 6 (1) Sentence 1 lit. f) GDPR). Contract fulfillment and pre-contractual inquiries (Art. 6 (1) Sentence 1 lit. b) GDPR).
Additional information on processing procedures, processes, and services – contact form: If users contact us via our contact form, email, or other communication methods, we process the data provided in connection with the inquiry.
Legal basis: Contract fulfillment and pre-contractual inquiries (Art. 6 (1) Sentence 1 lit. b) GDPR), Legitimate interests (Art. 6 (1) Sentence 1 lit. f) GDPR).
Web analysis (also known as “reach measurement”) is used to evaluate the flow of visitors to our online offer and can include behavior, interests, or demographic information about the visitors, such as age or gender, as pseudonymous data. With the help of reach analysis, we can determine, for example, when our online offer or its functions or content are most frequently used or inviting for reuse. We can also track which areas need optimization.
In addition to web analysis, we may also use testing methods to, for example, test and optimize different versions of our online offer or its components.
Unless otherwise stated below, profiles may be created for these purposes, i.e., data summarized in a usage process, and information may be stored and read from a browser or device. The collected information includes, in particular, visited websites and elements used there, as well as technical information such as the browser used, the computer system used, and usage times. If users have agreed to the collection of their location data with us or with the providers of the services we use, location data may also be processed.
We also store the IP addresses of users. However, we use an IP-masking procedure (i.e., pseudonymization by truncating the IP address) to protect the users. In general, no clear data (e.g., email addresses or names) are stored in the context of web analysis, A/B testing, and optimization, but pseudonyms. This means that neither we nor the providers of the software we use know the actual identity of the users, only the information stored in their profiles for the purposes of the respective processes
Processed data types: Usage data (e.g., visited websites, interest in content, access times); meta, communication, and procedural data (e.g., IP addresses, time stamps, identification numbers, consent status)
Affected persons: Users (e.g., website visitors, users of online services)
Purpose of processing: Reach measurement (e.g., access statistics, detection of recurring visitors); profiles with user-related information (creating user profiles)
Security measures: IP masking (pseudonymization of the IP address)
Münchner Straße 7
85354 Freising, Germany
+49 8161 4944453
Charge Point Operator
Charge Point Management System
E-Mobility Provider
Payment Service Provider
