Skip to content

Data Policy

General information

Compliance with data protection laws is not only a legal obligation for Tion Renewables AG, but also a crucial matter of trust. The following data protection provisions are therefore intended to present you with clear information on the type, scope and purpose of the personal data collected from you and processed within this website as well as your rights in this regard.

 

Responsibility for data processing

Tion Renewables AG, Balanstraße 73, Entrance 31 F, 81541 Munich, (hereinafter referred to as: “We”), as the operator of the website  https://www.tion-renewables.com, is the controller pursuant to Art. 4 No. 7 of the EU General Data Protection Regulation (GDPR). If you have any questions, please contact [email protected].


Data Protection Officer

The responsible data protection officer is

Marcel Heintz
Robert-Koch-Straße 35
55129 Mainz
[email protected]


Rights of data subjects

Your rights as a data subject

As a data subject, you have the following rights with regard to your personal data. You have:

  • a right to information about, among other things, the categories of data processed, the purposes of such processing, the storage period and any recipients, in accordance with Art. 15 GDPR and Section 34 of the Federal Data Protection Act (BDSG).
  • Ea right to the rectification or erasure of incorrect or incomplete data, in accordance with Art. 16 and 17 GDPR and Section 35 BDSG.
  • a right to restrict the processing subject to the requirements of Art. 18 GDPR or Section 35 (1) sentence 2 BDSG.
  • a right to object to the processing pursuant to Art. 21 (1) GDPR, insofar as the data processing was carried out on the basis of a legitimate interest.
  • a right to revoke consent given with effect for the future in accordance with Art. 7 (3) GDPR.
  • a right to data portability in a commonly used format pursuant to Art. 20 GDPR.
  • In accordance with Art. 22 GDPR, you have the right not to be subject to any decision based solely on automated processing which affects you legally or compromises you significantly to a similar degree. This also includes profiling as defined by Art. 4 No. 4 GDPR.
  • You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us in accordance with Art. 77 GDPR, in particular in the Member State of your usual place of residence, place of work or place of the alleged infringement.

Procedure

If you assert your rights against us under the GDPR and BDSG, we will process the data you provide to us in order to meet your claim.

We will then store the data you have transmitted to us and the data we have transmitted to you in return for documentation purposes until the statute of limitations under laws governing administrative offences expires (3 years).

The legal basis for the processing and storage of data is given by Art. 6 (1) sentence 1 f) GDPR (legitimate interest in data processing). The legitimate interest arises from our obligation to respond to your concerns and the need to be able to exonerate ourselves in any proceedings involving penalties by proving that we have responded properly to your concerns.

You can object to the processing of your data on the basis of our legitimate interest at any time subject to the prerequisites of Art. 21 GDPR. Please use the contact details given in the legal notice to do so. However, we would like to point out that it is essential to process your data in order to prove compliance with the rights of the data subject as defined by Art. 21 (1) GDPR, as other means of proof do not exist or are not equally suitable.

Data protection measures

We use technical and organizational measures to protect our website and other systems – and therefore also your data – against loss, destruction, access, modification or dissemination by unauthorized persons. In particular, your personal data are transmitted on the internet in encrypted form. We use the TLS (Transport Layer Security) coding system in the process.

However, the transmission of information via the internet is never completely secure, and for that reason, we cannot give a 100% guarantee that data transmitted from our website will be secure.

Modes of data processing

Sources and categories of personal data

We process your personal data insofar as they are required for the establishment, substantive design or amendment of a contractual relationship between us and you (basic data). Basic data can in particular be your name, title, contact details (postal address, telephone, email address), date of birth, etc.

We also process your usage data. Usage data are data generated by your actions when using our website and services, in particular your IP address, the start and end of your visit to our website and information about the content you have accessed on our website.

We collect the aforementioned data from you either directly (e.g., as a result of your visit to the website) or, to the extent permitted by data protection laws, from third parties or publicly accessible sources (e.g., commercial and association registers, press, media, internet).

Data transfer to third countries outside the EU

All information that we receive from you or about you is generally processed on servers within the European Union. Your data will only be transferred to or processed in third countries without your express consent if this is provided for or permitted by law and an appropriate level of data protection is guaranteed in the third country. 

Forwarding of data, contract processing

We will never pass on your personal data to third parties without authorization. However, we may forward your data to third parties in particular if you have consented to the forwarding of data, if such disclosure is necessary to meet our legal obligations or we are entitled or obliged to disclose data due to legal provisions, official instructions or court orders. In particular, this may involve the provision of information for the purposes of criminal prosecution, averting danger or enforcing intellectual property rights.

We may also transfer your data to external service providers who process data on our behalf and in accordance with our instructions (contract processors) in order to simplify or relieve our own data processing. Each processor is bound by a contract in accordance with Art. 28 GDPR. In particular, this means that the processor must provide sufficient guarantees that appropriate technical and organizational measures have been put in place by the processor to ensure that the processing is carried out in accordance with the requirements of the GDPR and your rights as a data subject are protected. Even if we commission contract processors, we remain the controller for the processing of your personal data as defined by data protection laws.

Purpose of data processing

We only use the data for the purpose for which they were collected from you. We may further process the data for a different purpose unless such other purpose is incompatible with the original purpose (Art. 5 (1c) GDPR).

Storage duration

Unless otherwise specified in a particular instance, we will only store data collected from you for as long as is necessary for the purpose in question, unless statutory retention obligations prevent deletion, e.g., under commercial law or tax law.

Individual processing activities

In the following, we would like to show you as transparently as possible what data of yours we process, in what situations, on what basis and for what purpose.

Server log files

Each time you visit our website, the following general information is automatically transmitted by your browser to our server (server log files): your IP address, product and version information about the browser and operating system used (user agent), the website from which you accessed the site (referrer), the date and time of the request and possibly your internet service provider. The status and volume of data transferred are also recorded as part of this request.

The IP address of your computer is only stored for the time you use the website and is then immediately deleted or made partially unrecognizable by truncation. The remaining data are stored for a limited period of time (max. 7 days).

The legal basis for the use of server log files is given by Art. 6 (1) sentence 1 f) GDPR (legitimate interest in data processing). The legitimate interest arises from the need, in particular, to detect and eliminate errors on the website, to determine the utilization of the website to make adjustments or improvements and to ensure the security of the system for the operation of our website. You can object to the processing of your data on the basis of our legitimate interest at any time subject to the requirements of Art. 21 GDPR. Please use the contact details given in the legal notice. However, we would like to point out in advance that the processing of your data in server log files is essential as defined by Art. 21 (1) GDPR, as otherwise the website cannot be operated at all.

Cookies

We use “cookies” to improve the user-friendliness of our website.

What are cookies

Put very simply, a cookie is a small text file that stores data about websites visited. Cookies store a kind of “user profile”, i.e., aspects such as your preferred language and other page settings required by our website to enable us to offer you certain services. This file is stored on your device and also helps us to recognize you when you visit our website again.

We may also be able to use cookies to obtain information about your preferred activities on our website and thus tailor our website to your individual interests or even increase the speed with which you can navigate our website.

How you can avoid cookies

You can delete cookies manually at any time in the security settings of your browser.

However, you can also prevent the storage of cookies from the outset by setting your browser accordingly. Please note, however, that you may then not be able to use all the functions of our website to their full extent or there may be errors in the presentation and use of the website.

Cookies from third-party providers

It is possible that third-party providers, with whose help we design and operate our website, in particular through plugins (see below in the section “Third-party services”), may independently store their own cookies on your device. If you only want to accept our own cookies, but not cookies from third parties, you can prevent the storage of these cookies by selecting the appropriate browser setting “Block third-party cookies”.

Which cookies are used

Specifically, our website uses the following cookies:

Name

Explanation

Origin (Domain)

Borlabs Cookie, borlabs-cookie

Saves the settings of visitors selected in the Borlabs Cookie cookie box. The cookie expires after one year.

https://de.borlabs.io/borlabs-cookie/

Google Analytics, _ga,_gat,_gid

Cookie from Google for website analytics. Generates statistical data on how visitors use the website. The cookie expires after 2 years.

https://analytics.google.com › analytics › web

Legal basis

The legal basis for the use of cookies that are absolutely necessary for the website to function properly (e.g., shopping cart cookie, session cookie) is given by Art. 6 (1) sentence 1 f) GDPR (legitimate interest in data processing). The legitimate interest arises from our need to be able to offer you a functioning website. Cookies are necessary because they form an integral part of current internet technology and many functions of current websites would not be available without them. We therefore need cookies to enable us to provide you with the website on your request.

You can object to the processing of your data on the basis of our legitimate interest at any time subject to the requirements of Art. 21 GDPR. Please use the contact details given in the legal notice.

However, we would like to point out that the processing of your data in certain cookies is essential as defined by Art. 21 (1) GDPR, as otherwise the website cannot be operated at all and we do not have the technical capability to prevent the setting of cookies on certain individual devices. However, you can do this yourself (see above “How you can avoid cookies”).

The legal basis for the use of cookies that are not absolutely necessary for the website to function is given by Art. 6 (1) sentence 1 a) GDPR (consent of the data subject). When you access the website for the first time, we will ask you for your consent to the use of non-essential cookies by displaying a message. You can revoke your consent at any time with effect for the future by deleting all cookies in your browser. You can find out how to do this in your browser in the browser instructions.

Contact us

Our website offers opportunities to contact us directly. By contacting us, you agree to the processing and storage of your transmitted data (in particular your email address) for the purpose of processing your request. You can object to this processing at any time with effect for the future. Please use our contact details in the legal notice. Please note, however, that we will then no longer be able to process your request.

We will only process the data you transmit to us until the relevant purpose for which you contacted us has been achieved unless this conflicts with statutory retention periods. If your purpose in contacting us is to assert your rights as a data subject, the information in the section “Your rights as a data subject” will apply.

The legal basis for the use of the data you transmit to us by contacting us is given by Art. 6 (1) sentence 1 a) GDPR (consent of the data subject). You can revoke your consent at any time with effect for the future. Please use the contact details given in the legal notice.

Online applications

Our website offers you the opportunity to apply online using an application form. Please note that you will be asked to provide mandatory information, without which you will not be able to submit your application.

We require the following information from you:

  • First name, surname: We require your first name and surname to enable us to identify you unambiguously and guarantee that you are addressed respectfully. We will use your data exclusively for this purpose.
  • Email: We require your e-mail address to enable us to respond to your request and contact you.
  • Phone: We need a telephone number so that we can contact you at short notice. This may be necessary if sudden changes occur and contact by email would not be sufficient.

All other information is voluntary. This allows you to send us additional information and documents that you consider important and useful for your application.

As a general rule, use of the online form is voluntary. You can also send us your application by email or post at any time. As applications generally contain particularly sensitive information, we would like to point out that there are risks involved in transmitting such data via the internet, in particular due to data interception/spying. If you are unsure about this, we advise you to contact us by post.

We will use your data to process your application and communicate with you, in particular to assess your suitability for current or future employment in our company.

If your application is successful, our personnel department will add your data to your personnel file when you are taken on. If your application is unsuccessful, we will store your data for a period of six months from the date you receive notice of our decision. Your data will only be accessed during this period if you wish us to state the reasons for our decision or to defend ourselves against legal claims.

After this period has expired, we will delete or destroy your data unless we are required by law to store them for a longer period. If you have applied by post, we will return your application documents to you in the post, provided you have given us a postal address inside Germany and wish them to be returned. Otherwise your documents will be destroyed if your application is unsuccessful.

The legal basis for the data you voluntarily provide in the application form is given by Art. 6 (1) sentence 1 a) GDPR (consent of the data subject). You can revoke your consent at any time with effect for the future. Please use the contact details given in the legal notice. The legal basis for the processing of mandatory data is given by Art. 88 (1) GDPR in conjunction with Section 26 BDSG (data processing in the employment context).

We reserve the right to anonymize applicants’ data to make it impossible to make inferences about your identity and to subsequently evaluate them for internal statistical purposes. We will not carry out any further analysis without your consent.

Third party services

We use third-party services/resources, such as plugins, external content, software or other external service providers (services), to simplify our data processing and expand the functionality of our website. Personal data may also be transmitted to the service provider in the process. In order to protect your data, we have contractually obliged service providers, where necessary in accordance with Art. 28 GDPR, to only process your data in accordance with our instructions.

We expressly point out that we are normally only responsible for the data collected and transmitted by the service provider as defined by the GDPR, but not for any subsequent processing by the relevant service provider.

Specifically, we use the following services:

Google services

Our website uses the following services of Google Ireland Limited (“Google EU”), Gordon House, Barrow Street, Dublin 4, Ireland. In the EU, this company represents Google LLC (“Google US”), 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Google US meets the requirements of the “EU-US Privacy Shield”. The Privacy Shield Agreement regulates the protection of personal data transferred from a member state of the European Union to the USA. It ensures that the data transferred there are also subject to a level of data protection comparable to that in the European Union. You can access the list of certified companies here: https://www.privacyshield.gov/list.

By using the services, data are transmitted to Google EU and, under certain circumstances, from Google EU to Google US. The Google Group may process the transmitted data in order to create anonymized user profiles for statistical purposes. If you also have a Google account and are logged into it, Google can identify the transmitted data with your account – even across devices. In principle, we have no influence on this data processing. Google EU is therefore the party responsible for such data processing.

You can find more information on the handling of user data in Google’s privacy policy: https://policies.google.com/privacy.

You can manage your Google advertising settings on the following website: https://adssettings.google.com/?hl=en (This setting will be deleted if you delete your cookies)

We use:

Google Analytics

Our website uses the “Google Analytics” service from Google. Google Analytics uses cookies (see above under “Cookies”) to enable us to analyze use of the website by website visitors. The information generated by the cookie about the use of this website by users is usually transferred to a Google server in the USA and stored there. Among other things, the following can be transmitted: your IP address, product and version information about the browser and operating system used (user agent), the website from which you accessed it (referrer), the date and time of the request and possibly your internet service provider.

IP anonymization has been activated on our website, with the result that the IP address you transmit is truncated before transmission outside the scope of the GDPR and thus made partially unrecognizable, i.e., anonymized. Only in exceptional cases is the full IP address first transmitted to a Google server in the USA and truncated there immediately.

On our behalf, Google will use the information transmitted to evaluate your use of our website, compile reports on website activity and provide us with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be collated with other Google data.

You can find more information on terms of use and data protection at Google Analytics at https://marketingplatform.google.com/about/analytics/terms/us/.

You can prevent the data generated by the cookie relating to use of the website (incl. IP address) from being transmitted to Google or processed by Google by downloading and installing the browser plug-in available under the following link. The current link is: https://tools.google.com/dlpage/gaoptout?hl=en.

You can also prevent the setting of cookies altogether (see above “How you can avoid cookies”).

You can prevent the collection of yo.ur data by Google Analytics by clicking on the following link. An opt-out cookie is set to prevent the collection of your data on future visits to this website

The legal basis for the use of Google Analytics is given by Art. 6 (1) sentence 1 a) GDPR (consent of the data subject). When you access the website for the first time, we will ask you for your consent to the use of cookies used for the service by displaying a message. You can revoke your consent at any time with effect for the future by deleting all cookies in your browser. You can find out how to do this in your browser in the browser instructions.

Google Fonts

Our website uses the external font service “Google Fonts” from Google. This service enables us to display our website in a uniform and appealing way, even with very differently configured user devices, by loading fonts from an external server instead of from the user’s device. For this purpose, the required fonts are usually requested from a Google server in the USA. Through this request, the following information, among other things, is transmitted to the Google server and stored there: your IP address, product and version information about the browser and operating system used (user agent), the website from which you accessed the site (referrer), the date and time of the request and possibly your internet service provider.

The legal basis for the processing of your data in relation to the “Google Fonts” service is given by Art. 6 (1) sentence 1 f) GDPR (legitimate interest in data processing). The legitimate interest arises from our need for an appealing and uniform presentation of our online offering. You can object to the processing of your data on the basis of our legitimate interest at any time subject to the requirements of Art. 21 GDPR. Please use the contact details given in the legal notice.

Content Delivery Networks

Our website uses Content Delivery Networks (CDN). A CDN is a network of high-performance servers that cache content at various locations around the world. A CDN essentially has two tasks: firstly, to provide content in the shortest possible time and secondly, to relieve the web host by distributing the data traffic.

CDNs transmit two types of content: static and dynamic content. All website visitors receive static content in the same form, such as video content from streaming services or code frameworks (e.g., Javascript, jQuery). Dynamic content is first adapted to the user and only created at the moment of the request. This includes content created via web applications, email or online stores and personalized. To enable such content to be used, information about the website visitor must first be transmitted to the CDN. Your personal data may also be transmitted in the process.

The legal basis for the use of CDNs and the transfer of your data to them is given by Art. 6 (1) sentence 1 f) GDPR (legitimate interest in data processing). The legitimate interest arises from our need for technically flawless, fast presentation of our website and to take the strain off our IT infrastructure. You can object to the processing of your data on the basis of our legitimate interest at any time subject to the requirements of Art. 21 GDPR. Please use the contact details given in the legal notice.

We use:

Amazon Web Services – Cloudfront

We use the CDN service “Cloudfront” from Amazon Web Services. Amazon Web Services EMEA SARL (“AWS EU”), 38 Avenue John F. Kennedy, L-1855 Luxembourg, is the controller for personal data collected and processed via the “Amazon Web Services” offerings. AWS EU is the authorized representative of Amazon Web Services Inc. (“AWS US”), 410 Terry Avenue North, Seattle WA 98109, United States.

AWS US meets the requirements of the “EU-US Privacy Shield”. The Privacy Shield Agreement regulates the protection of personal data transferred from a member state of the European Union to the USA. It ensures that the data transferred there is also subject to a level of data protection comparable to that in the European Union. You can access the list of certified companies here: https://www.privacyshield.gov/list.

By using the services, data are transmitted to AWS EU and, under certain circumstances, from AWS EU to AWS US. The Amazon Group may process the data transmitted in order to create anonymized user profiles for statistical purposes. In principle, we have no influence on this data processing. AWS EU is therefore the party responsible for such data processing.

You can find more information on the handling of user data in the privacy policy of AWS EU at https://aws.amazon.com/privacy/.

Google APIs

Our website uses the “Google APIs” service provided by Google. See the data protection information above.

Bootstrap

We use the CDN service “BootstrapCDN” (also called “MaxCDN”) from StackPath LLC (“StackPath”), 2021 McKinney Ave, Suite 1100, Dallas, TX 75201, USA. StackPath fulfils the requirements of the “EU-US Privacy Shield”. The Privacy Shield Agreement regulates the protection of personal data transferred from a member state of the European Union to the USA. It ensures that the data transferred there is also subject to a level of data protection comparable to that in the European Union. You can access the list of certified companies here: https://www.privacyshield.gov/list.

You can find more information on the handling of user data in the privacy policy of StackPath: https://www.stackpath.com/privacy-statement/ or in the privacy policy of BootstrapCDN: https://www.bootstrapcdn.com/privacy-policy/.

Analysis tools

We use certain services that record data from website visitors and make them available to us for analysis. We use these data to improve our website, our services and offers by focusing on users’ needs. In particular, the following information on visitors’ activities can be collected: your IP address, product and version information about the browser and operating system used (user agent), the website from which you accessed the site (referrer), date and time of the request and possibly your internet service provider, approximate origin (country and city), language, clicks on content and viewing times.

The legal basis for the use of analysis tools is given by Art. 6 (1) sentence 1 a) GDPR (consent of the data subject). When you access the website for the first time, we will ask you for your consent to the use of cookies used for the service by displaying a message. You can revoke your consent at any time with effect for the future by deleting all cookies in your browser. You can find out how to do this in your browser in the browser instructions.

We use:

Google Analytics

Our website uses the “Google Analytics” service provided by Google. See the data protection information above.

Media services

We use certain services to fill and supplement our website with digital content. We generally use the integration functions of external platforms for this purpose. When content is retrieved from the provider’s server, data are transmitted to the provider and usually stored there, e.g., your IP address, product and version information about the browser and operating system used (user agent), the website from which you accessed the website (referrer), the date and time of the request and, if applicable, your internet service provider.

The legal basis for the use of media services is generally given by Art. 6 (1) sentence 1 f) GDPR (legitimate interest in data processing). The legitimate interest arises from our interest in being able to offer you a website that is appealing in terms of content and appearance. You can object to the processing of your data on the basis of our legitimate interest at any time subject to the requirements of Art. 21 GDPR. Please use the contact details given in the legal notice.

We use:

Google Fonts

Our website uses the “Google Fonts” service provided by Google. See the data protection information above.

Social media fan pages

In addition to our website, we maintain online presences on social platforms in order to communicate with customers, potential customers and users active there and inform them about our services.

If you visit our offering on a social media platform, your data will generally be processed by the respective platform provider for our market research and advertising purposes. The provider may also process the data for its own purposes. Usage profiles can be created from your usage activity and your resulting interests. These usage profiles can in turn be used, for example, to place advertisements within and outside the platforms that can be assumed to correspond with your interests. For these purposes, cookies (see above) are usually stored on your device in which your usage activity and interests are stored. In particular, if you are a member of the relevant platforms and are logged in to them, additional data may be stored independently in the user profiles. For a detailed description of the respective data processing and your options to object, we refer you to the following linked information from the providers, as only they know the exact processes of their data processing.

We would like to point out that your data may also be processed outside the European Union. This may result in risks, e.g., as it could make it more difficult to assert your rights.

The legal basis for the use of online offerings and associated data processing is generally given by Art. 6 (1) sentence 1 f) GDPR (legitimate interest in data processing). The legitimate interest arises from our need to introduce ourselves to visitors and users of social networks and to contribute statements of all kinds to the media and opinion spheres. You can object to the processing of your data on the basis of our legitimate interest at any time subject to the requirements of Art. 21 GDPR. Please use the contact details given in the legal notice.

The use of statistical data from all visitors to our social media websites, collected, processed and made available to us by the respective site operators, is based on Art. 6 (1) sentence 1 f) GDPR (legitimate interest in data processing). The legitimate interest arises from our need for an anonymous evaluation of visit and usage activity on our websites in order to improve the design of our online offering and optimize our communication with potential customers. You can object to the processing of your data on the basis of our legitimate interest at any time subject to the requirements of Art. 21 GDPR. Please use the contact details given in the legal notice.

If you are asked by the respective providers for your consent to data processing, the legal basis for the processing is given by Art. 6 (1) sentence 1 a) GDPR (consent of the data subject). You can revoke this consent at any time with effect for the future. To do so, please contact the provider who asked for your consent.

In the event that you wish to assert your above-mentioned rights, we would like to point out that, despite possible joint responsibility, such rights can be asserted most effectively with the providers. As a rule, only the providers have direct access to your data and can take appropriate steps and provide information directly. If you still need help, you can contact us and we will support you at all times within the bounds of feasibility.

We are represented at:

LinkedIn

LinkedIn is a professional network of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. In the EU, this company represents LinkedIn Corporation, 1000 W. Maude Ave, Sunnyvale, California 94085, USA. LinkedIn Corp. meets the requirements of the “EU-US Privacy Shield”. The Privacy Shield agreement regulates the protection of personal data transferred from a member state of the European Union to the USA. It ensures that the data transferred there is also subject to a level of data protection comparable to that in the European Union. You can access the list of certified companies here: https://www.privacyshield.gov/list.

Further information on data protection at LinkedIn can be found at: https://www.linkedin.com/legal/privacy-policy.

You can configure LinkedIn’s data collection on the following page: https://www.linkedin.com/psettings/guest-controls/

Privacy policy last amended: November 29, 2024

Source: Süddeutsche Datenschutzgesellschaft mbH