User information and obligations to provide information under the General Data Protection Regulation (GDPR) of Vattenfall Wärme Berlin AG

We are very glad that you are visiting our website and are interested in the Vattenfall companies. We take the protection of your data very seriously and would like you to feel safe and secure when you visit our websites.

Below you will find all the information for customers, interested parties and suppliers that apply to data protection and use of our websites.

Information on data protection

Information on use of the websites

Information on data protection

Information on the data processor

Controller of data processing:

Vattenfall Wärme Berlin AG

Represented by:

Dr. Tanja Wielgoß, chair of the board
Stefan Hadré

Sellerstraße 16
13353 Berlin

Contact details of the Data Protection Officer:

Vattenfall Wärme Berlin AG
Data Protection Officer

Email: datenschutz.waerme-berlin@vattenfall.de

Scope of processing

Categories of data

Data of customers, interested parties and suppliers is processed to the extent necessary to fulfil the purposes stated below. This is comprised of the following categories of personal data: personal information (e.g. last name, first name, address), contractual information (e.g. customer number, meter number), data of readings and payment information and digital activity protocols as well as similar data. We will gladly notify you upon request what data is concerned and in which procedures your data may be stored.

Origin of data

We obtain contact information from the existing contract between the customer and Vattenfall Wärme Berlin AG as well as from public sources, e.g. land registers, commercial registers and association registers, the press and the internet. Furthermore, we use personal data that we legitimately receive from companies within our group or from service providers we have commissioned.

Purposes and legal bases for data processing

You can generally visit Vattenfall web pages without us requiring any personal data from you. We only save access information that is not personally identifiable. We process personal data in compliance with the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

a) To fulfil contractual obligations (Art. 6(1)(b) GDPR)

Data processing is necessary for the initiation and fulfilment of contracts and billing for contracts to supply heating and supplier contracts. Data is collected as part of the contract and for the duration of the contract. Data collected includes personal information such as name, address, email, contractual information (such as meter number, meter readings), payment information (such as banking information, billing information) and information on the place of delivery.

b) Based on consent (Art. 6(1)(a) GDPR)

To the extent that we have gathered your consent to the processing of personal data for particular purposes, processing is legal on this basis. With the exception of the post, we only use the means of communication for promotion of our products and services as well as our partners’ offers and services to which you have given us your prior consent. We use your contact information for personalised offers and to keep the appointments that you make via our website as well as for newsletter subscriptions. SEPA direct debits are also a form of consent which we use as part of the agreed contract. Once given, consent may be revoked at any time without reason with future effect. You can object to the use of your data for advertising purposes at any time with future effect.

If you send questions via our contact form, we may forward your questions to ONTRAS and NBB to answer. 

c) Data processing based on a legitimate interest (Art. 6(1)(f) GDPR)

Our goal is to ensure our customers are provided with the best possible advice and care by designing our products according to their needs and continually developing our services. This includes using their data for the following purposes:

• Sending them information on our energy products and on the services of partners and affiliated companies.
• Making them personalised offers for the purposes of customer retention.
• We carry out market research and opinion polling to improve our services for long-term customer retention.

This use of data is permissible in consideration of the legitimate interests of both parties. The legitimate interest on our part is to be able to make you offers that meet your needs through this appropriate use of data. To safeguard your legitimate interests we strictly only process your data according to the purpose for which it was given and ensure in an appropriate manner that the use of the data is kept to a minimum. Furthermore, you have the right to object at any time to the use of your data for advertising purposes.
 

As part of claim processing we process the parties’ data to assert, exercise or defend civil claims.

Video surveillance operates on our premises to maintain our rights to our property, to protect it, and to prevent and solve crimes.

d) Data processing based on legal obligation (Art. 6(1)(c) GDPR)

As a company we are subject to many legal obligations (e.g. the Metering Point Operation Act (MsbG), tax laws, the Commercial Code) which necessitate the processing of your data to fulfil the law.

Disclosure of data 

To a certain degree internal or external data processors (e.g. IT service providers) are tasked with processing data to fulfil the purposes above in compliance with the requirements of Art. 28 GDPR.

Data is disclosed to public bodies on the basis of legal obligations when legal provisions take precedence.

To process claims we may convey the data collected to third parties involved in the insurance process (e.g. experts, insurance companies, lawyers).

Partial processing of suppliers’ data (account data, contact data and banking data) is undertaken with the collaboration of service providers in the USA and India. To the extent that an adequacy decision of the EU Commission does not exist, compliance with the GDPR level of data protection is ensured by the conclusion of EU standard contractual clauses. You can obtain more information from the Data Protection Officer (datenschutz.waerme-berlin@vattenfall.de).

Duration of storage of personal data 

We process your personal data for as long as necessary to fulfil our contractual and statutory obligations and the purposes of processing above. Legislation provides for many duties of retention and retention periods. These include duties of retention arising from the Commercial Code (HGB) and the Fiscal Code (AO). After these periods have expired, the data is deleted as a matter of course. If data is not affected by this, it is deleted when the purposes stated come to an end.

Obligation to provide data 

We only request from you and process personal data that we absolutely need to process and fulfil the purposes and duties given above. Without this data no services can be offered.

Automated decision-making 

Automated decision-making including profiling is not employed to justify and carry out the processing procedures described.

Information on the rights of data subjects

Rights of data subjects

If you have any questions concerning the processing of your personal data, you can contact our Data Protection Officer directly who, along with his team, is also available for requests for information, applications or complaints. Please address all inquiries concerning the data stored about you under Art. 15 GDPR to:

Vattenfall Wärme Berlin AG
Data Protection Officer

Sellerstraße 16
13353 Berlin

Email: datenschutz.waerme-berlin@vattenfall.de

The Data Protection Officer is also your contact for exercising your rights to rectification in the case of errors in the storage and processing of your data (Art. 16 GDPR), the erasure of your data, e.g. when the purpose has come to an end or when consent is revoked (Art. 17 and 18 GDPR), to the restriction of processing, e.g. when the accuracy of personal data is disputed or in order to safeguard any existing claims (Art. 18 GDPR), to object to processing based on a legitimate interest (Art. 21 GDPR) and to data portability concerning the data made available by you in a machine-readable format (Art. 20 GDPR).

Revocation of consent 

If data processing is based on the legal basis of consent, you have the right to revoke this consent at any time with future effect.

You can object to the use of your data for advertising purposes at any time at dialog@zukunftsnetz-nordwest.de.

Objection according to Art 21 GDPR: 

If data processing is undertaken on the basis of a consideration of interests according to Art. 6(1)(f) GDPR, you have the right to lodge an objection to this processing for reasons based on your particular situation at any time. Please send your objection to: dialog@zukunftsnetz-nordwest.de.

Right to lodge a complaint: 

Furthermore, you have the right to lodge a complaint with a competent data protection supervisory authority (Art. 77 GDPR). You can reach the data protection supervisory authority competent for Vattenfall Wärme Berlin AG at: 

Friedrichstraße 219
10969 Berlin

Berliner Beauftragte für Datenschutz und Informationssicherheit

Information on use of the websites

Collection and processing of personal data 

When you visit our website, we only store access data that is not personally identifiable in a protocol file (e.g. browser type, IP address, operating system or time of access and time spent on pages). Every device requires an identifiable IP address to transfer data on the internet. We temporarily store this for reasons of data security to ensure the stability and operational security of our system. This is not evaluated for personal information.

This data is only evaluated for the technical operation of the website as well as for statistical purposes to improve our service. They are then deleted.

Personal data is only requested and processed if it is absolutely necessary to Vattenfall Wärme Berlin AG’s services (e.g. in order to use the online contact form) in order to process your requests.

Use and disclosure of personal data and restriction of use to intended purposes 

All data from Vattenfall internet services is processed according to the relevant provisions on the protection of personal data. This is only done for the purposes of contract fulfilment and to safeguard our own business interests with respect to providing advice and care to our customers.

Data security

In the online portal your personal data is encrypted and transferred across the internet using a secure transfer protocol (https). We regularly secure our website and other systems with technical and organisational measures against access, loss, destruction or alteration of your data by unauthorised persons.

Reporting of security breaches by responsible disclosure 

The security of our information and communication systems has the highest priority for Vattenfall. Security breaches can never be ruled out 100%. The exploitation or abuse of these breaches of security is illegal.

To prevent attackers from being able to exploit identified breaches of security, the Federal Office for Security in Information Technology (BSI) also recommends applying the principle of “responsible disclosure”. Applying this principle guarantees a coordinated collaboration between the discoverer of the security breach and the manufacturer or service provider concerned that is based on trust.

Find out more and inform us of a security breach

Google Analytics web analysis service 

To improve our website for you even more, we collect general information (e.g. pages viewed, browser used, time spent on pages). This data is not personalised. Neither Vattenfall nor the providers of the respective analytics tools collect information that allow users to be identified. To analyse this data we use the Google Analytics web analysis service.

In some parts of our website Vattenfall places cookies in order to be able to provide you with our services in a more individualised way. Cookies are identifiers that a web server can send to your computer to identify it for the duration of the visit. You can set your browser so that it informs you about the placement of cookies. This makes the use of cookies transparent for you. If you deactivate the cookies on our websites, orders and changes to information cannot be fulfilled. You will receive an error warning.

You can prevent Google Analytics from collecting information by clicking the following link. This will place an opt-out cookie that will prevent your data from being collected when you visit this website in future:

Click here to opt out of Google Analytics

You can find more information on terms of use and data protection here or here. We point out that the code “anonymizeip” has been added to Google Analytics on this website to ensure that IP addresses are collected anonymously (IP masking). 

Links to other websites 

Some Vattenfall websites contain links to third party websites or affiliated companies. If you use these links, you will leave the website and thus also the scope of this data protection policy. Vattenfall Wärme Berlin AG is not responsible for these other providers’ compliance with the statutory provisions. The operator of the website in question is exclusively responsible.

Technically necessary cookies

Technically necessary cookies are absolutely essential for the proper functioning of the website. Without these cookies, our websites cannot be used as intended. These cookies are enabled by default and cannot be disabled. Disabling them in your browser may result in the website not functioning properly.

Google Tag Manager

The Google Tag Manager is a technical tool for running tools or scripts on our website. In doing so, the Google Tag Manager uses the available information about your individual consent to run tools and scripts. We store the cookies as long as they are necessary for the use of the purpose. The validity period can be obtained from the respective definition of the cookie.

List of cookies used:

Statistics

Statistical cookies are used to perform statistical analyses on the use of our websites and perception of the website. For this purpose, statistics are generated that provide an overview of visits and access sources. Based on the collected statistical data, weak points are analyzed and optimization measures are worked out in order to improve the functionality, content and attractiveness of the websites. This statistical data is not personal.

Google Analytics

For the purpose of demand-oriented design and continuous optimization of our pages, we use Google Analytics, a web analytics service provided by Google Inc. ("Google"). In this context, pseudonymized usage profiles are created and cookies are used.

You can also prevent the collection by Google Analytics by clicking on the following link. An opt-out cookie will be set, which prevents the future collection of your data when visiting this website.

 List of cookies used:

The information generated by the cookies about your use of this website (including your shortened IP address) is transmitted to Google servers and stored there. The collected data is used by us to evaluate the use of the website. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf.

 We would like to point out that on this website Google Analytics has been extended by the code "anonymizeIp" to ensure anonymized collection of IP addresses. For this purpose, the last octet of the IP address is replaced by a 0.

Provider information: Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

More information on terms of use and data protection can be found here:

- https://www.google.com/intl/de/policies/privacy/partners

- http://www.google.com/analytics/terms/de.html

- http://www.google.com/intl/de/analytics/learn/privacy.html