Protecting your personal data is of the utmost importance to us. In the following, we would therefore like to inform you in detail about what data we collect when you visit our internet pages and use our offers there, how we process or utilize this data afterwards and what your rights are with respect to these issues.
We use your personal data, such as your name, address, email address or telephone number, solely according to the applicable data protection legislation, in other words the General Data Protection Regulation of the EU (GDPR), the Federal Data Protection Act (BDSG-new) and the German Teleservices Act (TMG).
I. Definition of terms
Our privacy statement uses the terms of the General Data Protection Regulation of the EU (GDPR), which we would like to briefly explain to you for a better understanding. This and further definitions of terms can be found in art. 4 GDPR.
a) Personal data
„Personal data“ comprises all information relating to an identified or identifiable natural person (referred to below as „person affected“); ´identifiable´ applies to a natural person that can be identified, directly or indirectly, in particular by being associated with an identification feature such as a name, with an identification number, with location data, with an online identification or with one or several special features which are an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.
b) Person affected
„Person affected“ refers to every identified or identifiable natural person whose personal data is processed by the responsible entity for the processing.
„Processing“ refers to every operation carried out with or without the help of automated procedures or every such set of operations in connection with personal data such as the collection, acquisition, organization, sorting, storage, adaptation or alteration, the reading, retrieving, use, revelation through transmission, distribution or another form of provision, the comparison or linking, the limitation, deletion or elimination.
d) Limitation of processing
„Limitation of processing“ refers to the marking of stored personal data with the aim of limiting its future processing.
„Pseudonymization“ is the processing of personal data in a manner that ensures that the personal data can no longer be associated with a particular person affected without drawing on additional information, provided that additional information is stored separately and subject to technical and organizational measures which guarantee that the personal data is not associated with an identified or identifiable natural person.
f) Responsible entity
„Responsible entity“ refers to the natural or legal person, authority, institution or other entity that, either alone or together with others, decides about the purposes and means of processing personal data; if the purposes and means of this processing are determined by laws of the European Union or the law of the member states, the responsible entity or the specific criteria for its nomination may be designated by Union law or the law of the member states.
g) Order processor
„Order processor“ refers to a natural or legal person, authority, institution or other entity that processes personal data on behalf of the responsible entity.
„Recipient“ is a natural or legal person, authority, institution or other entity to whom personal data is disclosed, irrespective of whether or not it is a third party. 2 Authorities that might receive personal data as part of a specific inquiry based on Union law or the law of the member states are, however, not considered recipients; the processing of this data by the aforesaid authorities is conducted on the basis of the applicable data protection legislation in accordance with the purposes of the processing.
i) Third parties
„Third parties“ refers to a natural or legal person, authority, institution or other entity other than the person affected, the responsible entity, the order processor and the persons that are authorized to process the personal data under the immediate responsibility of the responsible entity or the order processor.
„Consent“ of the person affected means every statement of intent given voluntarily and in an informed and unambiguous manner relating to a certain case in the form of a declaration or any other explicit affirmative action that clearly indicates the consent of the person affected to the processing of their personal data.
II. Nature of the personal data collected / Purposes of processing
The personal data processed by us includes title, name, first name, a valid email address, address and telephone numbers – in other words all personal information we need to enable us to supply our contractual services to you. We collect this data to be able to identify you as our customer, to appropriately process your customer order, to correspond with you, to invoice you, to settle claims that might arise, and to enforce claims that might exist against you. Failure to communicate personal data (with the exception of telephone numbers) results in your order not being processed. A refusal on your part to tell us your telephone number restricts our options of communicating with you.
The processing of data is effected following your inquiry and is required according to art. 6, para.1 p. 1 lit. b GDPR for the purposes mentioned in order to process your inquiry or order appropriately and to ensure that obligations resulting from the contract are met by both parties.
We do not engage in automated decision-making (in particular profiling).
We might pass on the data to our partners such as suppliers, data hosts, external consultants (accounting, tax advisers) etc., if we make use of their services to fulfill our contractual obligations towards you. The data thus passed on must only be used by third parties for the purposes mentioned.
The personal data processed by us within the framework of the contractual relationship is stored pending due execution of the contract including the legal deadlines for warranty claims and subsequently deleted, unless we are legally obliged to storage of the data for a longer period according to article 6 paragraph 1 p. 1 lit. c GDPR with respect to storage times defined in tax and commercial or other legislation (e.g. as defined in the German Commercial Code, the Criminal Code or the Revenue Code) or unless you have agreed to storage of your data exceeding this according to art. 6 para. 1 p. 1 lit. a GDPR.
III. Name and address of the responsible entity for the processing of personal data
The responsible entity as laid down in the General Data Protection Regulation is:
VENSYS Energy AG, https://www.vensys.de
Im Langental 6
Dipl.-Ing. Jürgen Rinck (CEO), Dipl.-Ing. Carsten Meiser (board member)
Telephone: +49 6821 9517-0
Telefax: +49 6821 9517-111
IV. Name and address of the data protection officer
The data protection officer of the responsible entity for the processing is:
Dipl. Kfm. (FH) Josef Karrenbauer
TÜV NORD Bildung Saar GmbH
Saarbrücker Straße 131
Every person affected can directly turn to our data protection officer at any time for all questions and suggestions arising from issues relating to the topic of data protection.
V. Special rules with regard to our website
Server data https://www.vensys.de
If you use our website solely for information purposes, we collect and process the data that your internet browser transmits automatically, such as:
• Browser type
• Date and time of access
• Browser settings
• The operating system used
• The website from which you visit us and the website that you visit
• Your IP address
This data is made anonymous and stored and processed separately from your personal data. Collecting the data is necessary to enable you to use our website in the first place. Processing the data solely serves statistical purposes and also helps us improve our Internet services for you.
You can determine for yourself in your browser settings whether cookies can be placed and retrieved. For technical reasons, admission of the session cookies is required, however, if you want to make full use of all the functions of our website.
Google Analytics with anonymization function
Google subsequently uses this information on our behalf to analyze your use of our website with the aim of compiling reports on the website activities and providing additional services connected with the use of the website and the Internet to us as the operator of the website.
The IP address transmitted by Google Analytics is not pooled with other Google data.
You can prevent the installation of the cookies by changing the settings of your browser. Doing so might however result in not all the functions of our website being fully available to you.
In addition, you have the option of preventing Google from collecting and processing the data on your use of the website generated by the cookie by downloading and installing the available browser plug-in under the following link:
Use of a contact option
On our website we offer you the chance to get in touch with us via a contact form. If you make use of that contact form, the information provided by you is stored for the purpose of processing your inquiry. The information will not be passed on to third parties.
Use of a recommendation function
Our website also offers you the chance to recommend the site to another person. If you make use of that recommendation function, the information provided by you is solely stored for the purpose of processing the recommendation. The information will not be passed on to third parties.
Use of Google Maps
Our website makes use of the component „Google-Maps“ of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, (referred to below as Google). If you use the component „Google Maps“ on our website, Google places a cookie to process settings and data of the user when displaying the website on which the component „Google Maps“ is integrated. This cookie is usually retained after the browser has been closed unless it is manually deleted or expires.
Should you not agree to the processing of your data in this way by the „Google-Maps“ component, you have the option of deactivating „Google Maps“, which subsequently prevents any transmission of data to „Google“. In this case, however, the service provided by „Google Maps“ might not be available at all or only to a limited extent.
Publication of job advertisements
If you apply for one of the jobs advertized on our website, your data will be collected and processed by us for the purpose of dealing with the application procedure.
If your application results in an employment contract, the data provided will be used for the usual organizational and administrative purposes. The data is subsequently stored in your personnel file in compliance with the applicable legal requirements.
If your application is rejected, your data will be automatically deleted two months after the rejection. This does not happen if extended storage is legally required or if you have expressly agreed to longer storage in our prospects database.
VI. Rights of the person affected
(please note the applicable article of the GDPR)
a) Right to information, Art. 15 GDPR
Every person affected by the processing of personal data has the right laid down in the General Data Protection Regulation to receive free information on the personal data that has been stored under their name and a copy of this information from the entity that is responsible for the data processing at any time they require this information. In addition, the person affected has the right to receive information on the following issues:
- The existence of an automated decision-making process including profiling according to article 22 para.1 and 4 GDPR and — at least in these cases — meaningful information on the logic involved as well as the extent and the intended consequences of such processing for the person affected
- If the personal data was not collected from the person affected: all available information on the origin of the data
- The existence of a complaints right with a regulatory body
- The existence of a right to the correction or deletion of their personal data or to the restriction of processing by the responsible entity or of a right of objection to this processing
- If possible the planned duration for which the personal data is stored or, if that is not possible, the criteria for the determination of this duration
- The recipients or the categories of recipients to whom the personal data was or will be disclosed, in particular with recipients in third countries or with international organizations
- The categories of personal data that are processed
- The purposes of processing
In addition, the person affected is entitled to information as to whether personal data was transmitted to a third country or to an international organization. If this is the case, the person affected is also entitled to receiving information on the suitable guarantees in connection with the transmission.
If a person affected would like to make use of this right to information, they can turn to us at any time under the contact details of the responsible entity for the processing listed in paragraph I.2.
b) Right to correction, Art. 16 GDPR
Every person affected by the processing of personal data has the right laid down in the General Data Protection Regulation to demand the immediate correction of incorrect personal data relating to them. In addition, the person affected has the right to demand the completion of incomplete personal data – also by means of a complementary declaration, as long as the purposes of the processing are taken into consideration.
If a person affected would like to make use of this right to correction, they can turn to us at any time under the contact details of the responsible entity for the processing listed in paragraph I.2.
c) Right to deletion (right to be forgotten), Art. 17 GDPR
Every person affected by the processing of personal data has the right laid down in the General Data Protection Regulation to demand from the responsible entity that their personal data is deleted immediately if one of the following reasons applies and if the processing is not required:
- The personal data was collected in relation to information society services according to art. 8 para. 1 GDPR.
- The deletion of the personal data is required for the compliance with a legal obligation according to Union Law or the law of the member states that the responsible entity is subject to.
- The personal data was processed illegally.
- The person affected appeals against the processing according to art. 21 para. 1 GDPR and there are no urgent legitimate reasons for the processing, or the person affected appeals against the processing according to art. 21 para. 2 GDPR.
- The person affected revokes the consent on which the processing was based according to art. 6 para. 1 letter a GDPR or art. 9 para. 2 letter a GDPR, and there is no other legal basis for the processing.
- The personal data was collected for purposes or processed in a manner for which it is no longer required.
- If one of the reasons listed above applies and a person affected would like to effect the deletion of personal data stored with us, they can turn to us at any time under the contact details of the responsible entity for the processing listed in paragraph I.2. We will immediately comply with their legitimate request for deletion.
If the personal data was made public by us and if our company is legally obliged to delete the personal data as the responsible entity according to art. 17 para. 1 GDPR, our company will – in consideration of the available technology and the cost of implementation - take appropriate steps, including of a technical kind, to inform other entities responsible for the processing of data which process the personal data published that the person affected has demanded that these other entities responsible for the processing of data delete all links to this personal data or copies or replications of this personal data unless the processing is conducted legally.
d) Right to a restriction of processing, Art. 18 GDPR
Every person affected by the processing of personal data has the right laid down in the General Data Protection Regulation to demand the restriction of the processing from the responsible entity if one of the following conditions has been met:
- The person affected has appealed against the processing according to. art. 21 para. 1 GDPR and it has not yet been established if the legitimate reasons of the responsible entity outweigh those of the person affected.
- The responsible entity does no longer need the personal data for the purpose of processing, but the person affected needs it to assert, exercise or defend legal claims.
- The processing is illegal and the person affected rejects the deletion of the personal data and instead demands the restriction of the use of the personal data.
- The correctness of the personal data is contested by the person affected during a period which allows the responsible entity to validate the correctness of the data.
If one of the conditions listed above is met and a person affected would like to demand the restriction of personal data stored with us, they can turn to us at any time under the contact details of the responsible entity for the processing listed in paragraph I.2.
e) Right to data portability, Art. 20 GDPR
Every person affected by the processing of personal data has the right laid down in the General Data Protection Regulation to receive their personal data which they have provided to a responsible entity in a structured, established and machine-readable format, and they have the right to transmit this data to another responsible entity without being impeded by the responsible entity to which the personal data was provided if
- the processing is based on a consent according to article 6 paragraph 1 letter a GDPR or article 9 paragraph 2 letter a GDPR or on a contract according to article 6 paragraph 1 letter b GDPR and
- the processing is made by means of automated procedures.
In addition, the person affected has – when exercising their right to data portability according to art. 20 para. 1 GDPR – the right to be guaranteed that the personal data is directly transmitted from one responsible entity to another responsible entity if this is technically feasible and provided that the rights and freedoms of other persons are not affected by this.
To assert their right to data portability the person affected can turn to us at any time under the contact details of the responsible entity for the processing listed in paragraph I.2.
f) Right to appeal, Art. 21 GDPR
Every person affected by the processing of personal data has the right laid down in the General Data Protection Regulation to appeal at any time against the processing of their personal data conducted on the basis of art. 6 para. 1 letter e or f GDPR for reasons arising from their particular circumstances. This also applies to profiling based on these provisions.
We as the responsible entity will no longer process the personal data in case of an appeal unless we can prove compelling and legitimate reasons for the processing which serve the interests, rights and freedoms of the person affected, or the processing is necessary for the assertion, exercise or defense of legal claims.
If we process personal data to conduct direct advertising, the person affected has the right to appeal against the processing of the personal data for the purpose of such advertising at any time. This also applies to profiling if it is connected to such direct advertising. If the person affected appeals against our processing for the purpose of direct advertising, we will no longer process the personal data for these purposes.
In addition, the person affected has – for reasons arising from their particular circumstances - the right to appeal against the processing of their personal data which is carried out by us as the responsible entity for the purpose of conducting scientific or historical research or for statistic purposes according to art. 89 para. 1 GDPR, unless such processing is required to perform a task for the public benefit.
To exercise their right to appeal, the person affected can turn to us at any time under the contact details of the responsible entity for the processing listed in paragraph I.2.
g) Right to revocation of a consent to the storage and processing of data
Every person affected by the processing of personal data has the right laid down in the General Data Protection Regulation to revoke their consent to the processing of personal data at any time.
If the person affected would like to assert their right to revocation, they can turn to us at any time under the contact details of the responsible entity for the processing listed in paragraph I.2.
h) Right of complaint; Art. 77 GDPR
Every person affected by the processing of personal data has the right laid down in the General Data Protection Regulation to complain to a regulatory body. To do so, they can normally turn to the regulatory body at their place of usual residence or workplace or our company head office.
VII. Changes to this privacy statement
We reserve the right to change these data protection regulations at any time with effect for the future. The latest version is available on our website. Please visit the website regularly and inform yourself about the applicable data protection regulations.
Last updated: 16/05/2018