Privacy policy

of Entelios AG

Thank you for visiting our website and for your interest in Entelios AG. Not only energy solutions for a sustainable future are important to us, but also the data protection-compliant handling of your personal data. With this data protection declaration, we inform you about how, to what extent and for what purposes we process personal data when you use our website and beyond.

The subject of data protection is personal data. According to Art. 4 GDPR, personal data is any information relating to an identified or identifiable natural person. This includes information such as your name, address, e-mail address or telephone number, but also usage data such as your IP address or content data such as the messages you send to us via forms. We only process personal data in accordance with the statutory regulations, in particular the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

1. Responsible person

The person responsible is:

Entelios AG
Landsberger Str. 154
80339 Munich
Phone: +49 (0) 89 552 9968-0
E-mail: info@entelios.de

2. Data protection officer

Our data protection officer is:

Markus Schmidt
FAST-DETECT GmbH

Inselkammerstr. 12
82008 Unterhaching

Phone +49 89 204040 – 111
Fax +49 89 204040 – 299

Markus.Schmidt(at)fast-detect.de

3. General

Insofar as we obtain your consent for the processing of personal data, Art. 6 para. 1 p. 1 lit. a GDPR as the legal basis.

When processing your personal data required for the fulfillment of a contract between you and Entelios AG, Art. 6 para. 1 p. 1 lit. b GDPR as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfill a legal obligation to which Entelios AG is subject, Art. 6 para. 1 p. 1 lit. c GDPR as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 p. 1 lit. f GDPR as the legal basis.

4. Data collection on our website

In the context of informational use of our website, e.g. if you transmit information to us in any other way, we only collect the personal data that your browser transmits to our server. If you wish to visit our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security. The legal basis is Art. 6 para. 1 p. 1 lit. f GDPR. As the website operator, we have a legitimate interest in the technically error-free presentation and optimization of our website – for this purpose, the following server log files must be recorded:

IP address of the requesting computer,
Date and time of access,
Name and URL of the retrieved file,
Website from which access is made (referrer URL),
Browser used and, if applicable, the operating system of your computer, as well as the name of your access provider.

Opt-out complete; your visits to this website will not be recorded by the Web Analytics tool. Note that if you clear your cookies, delete the opt-out cookie, or if you change computers or Web browsers, you will need to perform the opt-out procedure again.

You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.

The tracking opt-out feature requires cookies to be enabled.

4.1. Cookies

This website does not use cookies.

4.2. Contact form

If you send us inquiries via a contact form, your details and personal data from the contact form will be processed for the purpose of processing the inquiry and, if necessary, for follow-up questions. The legal basis is Art. 6 para. 1 p. 1 lit. b GDPR, provided that your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In other cases, we base the processing on our legitimate interest in the effective processing of the inquiries addressed to us in accordance with Art. 6 para. 1 p. 1 lit. f GDPR or on your consent pursuant to Art. 6 para. 1 p. 1 lit. a GDPR insofar as we have obtained this.

5. Online conference tools

We use online conferencing tools (e.g. Microsoft Teams), among others, to communicate with you. The service provider of the online conference tool collects and processes personal data of the participants, in particular e-mail address, telephone number, duration, number of participants, other “context information” in connection with the communication process (metadata). The service provider also processes technical data that is required to process the communication as well as other service-related data. We have no influence on this processing activity.

We use the online conferencing tools to communicate with contractual partners to implement the contractual relationship or to offer certain services to our customers. The legal basis is Art. 6 para. 1 p. 1 lit. b GDPR. The use of online conference tools also serves to optimize communication with us and our group of companies. The legal basis is Art. 6 para. 1 p. 1 lit. f GDPR. Our legitimate interest lies in being able to use functional online conferencing tools that are widely used in the business areas in order to communicate efficiently with external partners. If consent has been obtained, the tools in question are used exclusively on the basis of this consent. The legal basis is Art. 6 para. 1 p. 1 lit. a GDPR. We have no influence on the storage period of your data, which is stored by the service providers of the online conference tools for their own purposes.

We use Microsoft Teams for this. The service provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. We have engaged Microsoft as a processor and agreed the standard contractual clauses. You can find more information on data processing by Microsoft at: https://privacy.microsoft.com/de-de/privacystatement.

6. Visiting our social media sites

We operate social media sites with the aim of informing visitors about our products and services and communicating with them. If you visit social networks such as Facebook, Instagram, YouTube, Xing, LinkedIn etc. or websites with integrated social media content (e.g. like buttons or advertising banners), there is a possibility that social networks will analyze your surfing behavior. Social networks can, for example, assign your visit to our social media presence to your user account, provided you are logged into your social media account. Irrespective of this, your personal data may also be collected if you do not have a social media account. Data can be collected via cookies that are stored on your end device or by recording your IP address. As a rule, your personal data is processed for market research and advertising purposes. Social networks can create user profiles from your surfing behavior and the resulting interests, which are used, for example, to display corresponding advertisements within and outside the social network. Please note that your data may be processed outside the EU or EEA, e.g. in the USA. This may result in risks for you, as it could make it more difficult to enforce your rights as a data subject. For information on data transfer in the USA, see our information on transfer to countries outside the EU or the EEA. We cannot track all processing activities of the social networks, in particular whether other processing activities are carried out. You can find more information on this in the terms of use and privacy policy of the respective social network (see below).

With our social media presence, we want to ensure an extensive online presence. Our legitimate interest lies in effectively informing users and communicating with users. The legal basis is Art. 6 para. 1 p. 1 lit. f GDPR. If a corresponding consent has been obtained (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 p. 1 lit. a GDPR and Art. 49 para. 1 p. 1 lit. a GDPR.

6.1. Controller and assertion of data subject rights

We are jointly responsible with the operator of the social network for the data processing operations triggered during your visit. In principle, you can assert your rights as a data subject both against us and against the social network. However, we would like to point out that, despite our joint responsibility with the social networks, we have no comprehensive influence on the data processing operations. Our options for taking action are based on the corporate guidelines of the respective social network.

6.2. Storage duration

We delete data that is collected directly by us via the social media presence as soon as the purpose for its storage no longer applies, you request us to delete it or revoke your consent to its storage. Mandatory statutory provisions, e.g. retention periods, remain unaffected by this. We have no influence on the storage period of your data, which is stored by the social networks for their own purposes.

6.3. Social networks in detail:

• YouTube (Google) – More information on data processing: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated;
  LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland); Further information on data processing: https://www.linkedin.com/legal/privacy-policy , Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out;
• Xing (XING SE, Dammtorstraße 30, 20354 Hamburg, Germany); Further information on data processing / opt-out: https://privacy.xing.com/de/datenschutzerklaerung.
• Linkedin – Further information on data processing: https://www.linkedin.com/legal/privacy-policy

7. CRM system

We store your personal data in a customer relationship management system (CRM system). The service provider is Salesforce.com INC. Salesforce Tower, 415 Mission Street, 3rd Flor, San Francisco, CA 94105, USA. The purpose of the processing is communication with contractual partners or pre-contractual contacts, processing of contact requests, communication, administration and answering of inquiries, maintenance of customer relationships and relationships with interested parties as well as optimization and automation of sales processes.

The legal basis is Art. 6 para. 1 p. 1 lit. b GDPR if the contact is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on your consent in accordance with Art. 6 para. 1 p. 1 lit. a GDPR and/or on our legitimate interests pursuant to Art. 6 para. 1 p. 1 lit. f GDPR, as we have a legitimate interest in effective communication with external parties and partners and in the effective processing of inquiries addressed to us. We base the transfer of data to the USA on the standard contractual clauses, on Art. 49 para. 1 p. 1 lit. a GDPR and to binding internal data protection regulations of the service provider pursuant to Art. 46 para. 2 b) GDPR and Art. 47 GDPR (so-called Binding Corporate Rules), to maintain an adequate level of data protection outside the EU.

8. Contact by e-mail, post, telephone, fax, social media, etc.

When you contact us by e-mail, post, telephone, fax, social media, etc., your personal data (e.g. name, inquiry) will be stored and used for the purpose of processing your request or for contacting you and the associated processing. The legal basis is Art. 6 para. 1 p. 1 lit. b GDPR, provided that your contact is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on your consent in accordance with Art. 6 para. 1 p. 1 lit. a GDPR and/or on our legitimate interests pursuant to Art. 6 para. 1 p. 1 lit. f GDPR, as we have a legitimate interest in the effective processing of the requests addressed to us.

9. Processing of prospective customer, customer and contract data

We process your personal data for the fulfillment of a contract and the related implementation of pre-contractual measures (e.g. to create and send an offer), or termination of our contract. The data processing takes place at your request and is necessary for the stated purposes for the mutual fulfillment of obligations arising from the contract. The legal basis is Art. 6 para. 1 p. 1 lit. b GDPR.

10. Data processing Contact details of contact persons etc.

We process contact data of contact persons, employees, service providers or vicarious agents of our contractual partners. The legal basis is Art. 6 para. 1 p. 1 lit. f GDPR. Processing in accordance with Art. 6 para. 1 p. 1 lit. f GDPR may only be carried out insofar as this is necessary to safeguard the legitimate interests of us or third parties and does not outweigh the interests or fundamental rights and freedoms of the data subject which require the protection of personal data. Business contacts (e.g. the name of a contact person, an employee, etc.) do not contain very sensitive data. It is therefore not clear what legitimate interest contact persons, employees, etc. would have in not being contacted in the context of the business relationship. Our legitimate interest consists in the smooth processing of the business relationship and outweighs the interest of the contact persons, employees, service providers or vicarious agents.

11. Data processing of business contacts, trade fairs, events, etc.

We process your personal data that we have received from you, e.g. in the context of business contacts, a trade fair, event, etc. (e.g. handing over your business card and other data) for the fulfillment of a contract and the related implementation of pre-contractual measures (e.g. preparation of an offer). The data processing takes place at your request and is necessary for the stated purposes for the mutual fulfillment of obligations arising from the contract. The legal basis is Art. 6 para. 1 p. 1 lit. b GDPR.

12. Data processing within the energy group

We work closely with other companies within the energy group “Agder Energi” (www.ae.no). It may therefore be necessary for us to process your personal data within the existing or future group of companies. The legal basis is Art. 6 para. 1 p. 1 lit. f GDPR. Our legitimate interest lies in the efficient design of business processes.

Your personal data will be processed within the existing or future group of companies insofar as this is necessary for the fulfillment of a contract and the implementation of pre-contractual measures in this regard. The data processing takes place at your request and is necessary for the stated purposes for the mutual fulfillment of obligations arising from the contract. The legal basis is Art. 6 para. 1 p. 1 lit. b GDPR.

13. Invitations to events, trade fairs, etc.

We process your personal data in order to invite you to events, trade fairs etc. by e-mail or post. The legal basis is Art. 6 para. 1 p. 1 lit. a GDPR, provided that we have obtained your consent. In all other cases, processing is based on our legitimate interests pursuant to Art. 6 para. 1 p. 1 lit. f GDPR, as we have a legitimate interest in maintaining contact with our contacts and business partners and in carrying out advertising measures.

14. Applicants

We commission service providers (hereinafter referred to as “Recruiters”) to carry out recruitment, in particular the pre-selection of applicants (hereinafter referred to as “Applicants”).

The commissioned services include, for example, the publication of job advertisements, the review of application documents, conducting job interviews and the pre-selection of applicants. After selecting an applicant, the recruiter sends us the application documents, supplemented by an assessment if necessary. The legal basis is Art. 6 para. 1 p. 1 lit. f GDPR. Processing on the basis of Art. 6 para. 1 p. 1 lit. f GDPR may only be carried out insofar as this is necessary to safeguard the legitimate interests of us or third parties and does not outweigh the interests or fundamental rights and freedoms of the data subject which require the protection of personal data. Our legitimate interest lies in the professional execution of recruitment by commissioning qualified recruiters.

We process the personal data for the further implementation of the application process. The legal basis for the processing of personal data is Art. 88 GDPR in conjunction with Section 26 BDSG. Pursuant to Section 26 BDSG, the processing of data required in connection with the decision to establish an employment relationship is permitted.

We process personal data that we have received in connection with the application, such as title, first name, surname, e-mail address, address, telephone number, information on professional qualifications and school education, information on further professional training and information on previous professional careers.

Should the data be required after completion of the application process, e.g. for legal prosecution, data processing may be necessary to safeguard legitimate interests in accordance with Art. 6 para. 1 p. 1 lit. f GDPR must take place. The legitimate interest then consists in the assertion of or defense against claims, for example in proceedings under the General Equal Treatment Act (AGG).

We store the personal data of applicants for as long as this is necessary for the decision on the application. The personal data or application documents will be deleted six months after the end of the application procedure (e.g. the announcement of the rejection decision), unless longer storage is legally required or permitted

We only store personal data beyond this if this is required by law or in the specific case for the assertion, exercise or defense of legal claims for the duration of a legal dispute. If you are accepted for a position as part of the application process, the data will be stored on our systems and transferred to your personnel file.

Applicants are not obliged to provide their personal data. However, the provision of personal data is necessary for the decision on an application. However, applicants should only provide such personal data in their application as is necessary for the acceptance and processing of the application. If applicants do not provide us with any personal data when applying, we cannot make a selection.

15. Corporate transaction

As part of a corporate transaction, it may be necessary to transfer your personal data to a third party. This is at least the case with an asset deal. As part of the due diligence process, anonymized or pseudonymized data is always processed. In individual cases, however, it may be necessary to process personal data without anonymization or pseudonymization. The legal basis for the processing of your personal data in this case is Art. 6 para. 1 p. 1 lit. f GDPR. Our legitimate interest lies in the execution of the corporate transaction.

16. Categories of personal data and source

We process the following categories of personal data: Contact data (e.g. name, e-mail address, telephone number), employee data, job or function titles (e.g. graduate engineer, managing director, etc.), personal master data, communication data, contract master data, contract billing and payment data, supplier data, information data (from third parties, e.g. credit agencies or from publicly accessible sources), etc. The list is not exhaustive.

17. Transmission to third parties

In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored. As a rule, this is done on the basis of order processing in accordance with Art. 28 GDPR. In addition, we only transfer personal data to third parties if we have legal permission to do so or if you have given your prior consent. Your personal data will only be disclosed or transferred to the following recipients or categories of recipients within the scope of the aforementioned purposes:

• IT service provider,
• Credit institutions for the processing of payments,
• Companies in the insurance industry in the course of settling claims,
• Collection service providers and lawyers, e.g. to collect receivables and enforce claims in court,
• Lawyers, notaries, banks, tax consultants, etc.,
• Corporate buyers/prospective buyers in corporate transactions,
• Controller, processor,
• other authorized parties (e.g. authorities and courts), insofar as there is a legal obligation or authorization to do so,
• depending on the order, to other recipients, which we may coordinate with you.

18. Transfer to countries outside the EU or the EEA

Insofar as we process data outside the EU or the EEA or this occurs in the context of the use of third-party services or disclosure or transfer of data to third parties, this will only take place if it is done to fulfill our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests.

Otherwise, we only transfer data to third countries if it is ensured that the recipient of the data guarantees an adequate level of data protection within the meaning of Chapter V of the GDPR and no other interests worthy of protection speak against the transfer of data. We use standard contractual clauses to ensure an appropriate level of data protection at the recipient of the data, base the data transfer on so-called Binding Corporate Rules (internal data protection regulations) and check the existence of additional guarantees with regard to the transfer of personal data to a third country, such as the USA. The standard contractual clauses are still effective even after the ECJ ruling of July 16, 2020 (C-311/18) on the EU-US Privacy Shield. Furthermore, we check the existence of additional guarantees and obtain the consent of the data subjects for data transfer in accordance with Art. 49 para. 1 p. 1 lit. a GDPR.

We use tools and services from service providers based in the USA on our website and beyond. According to the case law of the European Court of Justice of July 16, 2020 (C-311/18) on the EU-US Privacy Shield, there is no adequate level of data protection in the USA. The USA is not a safe third country within the meaning of the GDPR. US service providers and their subsidiaries are subject to US laws and are obliged to disclose personal data to US authorities (e.g. intelligence agencies). Those affected cannot take legal action against this. It is therefore possible for US authorities to access, process, evaluate and store personal data for surveillance purposes, for example. According to the GDPR, this constitutes an unauthorized disclosure of personal data. We cannot influence this processing activity.

19. Duration of storage

Your personal data will be stored for the aforementioned purposes for as long as is necessary to fulfill these purposes. Thereafter (e.g. after your request has been processed; when the matter in question has been conclusively clarified; after completion of the order or termination of the business relationship, etc.), your personal data will be deleted unless we are obliged to store it for a longer period of time due to legal requirements (e.g. commercial or tax retention obligations). In this case, your personal data will initially be blocked and deleted at the end of the retention period.

Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which our company is subject. The data will be blocked or deleted when a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data. In addition, data may be stored if you have given your consent in accordance with Art. 6 para. 1 p. 1 lit. a GDPR have consented.

In the event of obligations to permanently observe objections, we reserve the right to store your personal data (contact data, e.g. e-mail address, telephone number, surname, first name, address, etc.) in a blocking list (so-called “denylist”) for this purpose alone.

Applicant data will be deleted after 6 months in the event of rejection. If you have consented to further storage of your personal data, we will transfer your data to our applicant pool. The data will be deleted there after two years.

Further information on the duration of storage and deletion of your personal data can be found in the individual data protection notices of this privacy policy.

20. Rights of data subjects

You have a claim against us within the scope of the statutory provisions to

• Confirmation as to whether your personal data is processed by us and information about the circumstances of the processing (Art. 15 GDPR),
• Rectification if your personal data is incorrect (Art. 16 GDPR),
• Deletion of your personal data, insofar as there is no justification for the processing and no obligation to retain it (any longer) (Art. 17 GDPR),
• Restriction of processing, if one of the reasons listed in Art. 18 para. 1 lit. a to d GDPR is met (Art. 18 GDPR),
• Data portability of your personal data in a structured, commonly used and machine-readable format (Art. 20 GDPR),
• Complaint to a supervisory authority (Art. 77 GDPR).

Insofar as the processing of your personal data is based on your consent, you have the right to withdraw your consent in accordance with Art. 7 para. 3 GDPR, you have the right to withdraw your consent at any time, with the consequence that the processing of your personal data will become inadmissible for the future. However, this does not affect the lawfulness of the processing carried out on the basis of the consent until revocation. The revocation of consent can be communicated informally by e-mail to dp(at)entelios.com or by post to our postal address listed at the beginning of this privacy policy.

In addition, pursuant to Art. 21 GDPR, in the event of processing on the basis of a legitimate interest pursuant to Art. 6 para. 1 p. 1 lit. f GDPR, whereby you must demonstrate a particular reason, except in the case of direct marketing. The objection can be communicated informally by e-mail to dp(at)entelios.com or by post to our postal address listed at the beginning of this privacy policy.

21 Obligation or duty to provide the data

As part of the fulfillment of a contract and the related implementation of pre-contractual measures of contracts with you, it is necessary that you provide the personal data required for the establishment or execution of the contract and thus for the fulfillment of contractual obligations. You are not obliged to provide your personal data, but if you do not provide it, it will not be possible to establish and implement the contractual relationship.

22. No automated decision-making including profiling

We do not process your personal data for the purpose of automated decision-making including profiling in accordance with Art. 22 para. 1 and 4 GDPR.

23. Links to other websites

Our website contains links to other websites. Please note that our privacy policy does not apply to these other websites unless expressly stated.

24. Data security

We have taken the necessary technical and organizational measures to protect the personal data provided by you against loss, destruction, manipulation and unauthorized access. All our employees and all persons involved in data processing are obliged to comply with the GDPR, the BDSG and other data protection laws and to handle personal data confidentially. Our employees are trained accordingly. Both internal and external audits ensure compliance with all processes relevant to data protection.

To protect the personal data of our users, we use a secure online transmission method, the so-called “Secure Socket Layer” (SSL) or “Transport Layer Security” (TSL) transmission. You can recognize this by the fact that an “s” is appended to the address component http:// (“https://”) or a green, closed lock symbol is displayed in the browser. Click on the symbol to obtain information about the SSL certificate used. The display of the symbol depends on the browser version you are using. SSL encryption guarantees the secure and complete transmission of your data.

25. Amendment of the privacy policy

New legal requirements, business decisions or technical developments may require changes to our privacy policy. The privacy policy will then be adapted accordingly. You can find the latest version on our website.

Status: December 2023