Data privacy statement

This data privacy statement applies for the use of the website, hereinafter referred to as “website”. For websites of other providers which are referenced via links, for example, the data privacy notices and statements therein apply.

Data privacy is extremely important to ClimatePartner GmbH. The collection and processing of your personal data takes place in compliance with the applicable legal data protection provisions, in particular the General Data Protection Regulation (GDPR). We collect and process your personal data in order to be able to offer you this website. This statement describes how and for what purpose your personal data is collected and used, and what options you have in connection with your data.

By using this website, you agree to the collection, use and transfer of your data in accordance with this data privacy statement. If you want to object to the collection, processing or use of your data by us in accordance with this data privacy statement, overall or for individual measures, you can direct your objection to the controller.

1 Controller

The controller responsible for the collection, processing and use of your personal data within the meaning of the GDPR is:

ClimatePartner GmbH
St.-Martin-Straße 59
81669 Munich

Tel: +49 89 1222875-0
Fax: +49 89 1222875-29

Managing directors: Moritz Lehmkuhl and Tristan A. Foerster

1.1 General

Types of data processed:

  • Contact details (e.g. email and telephone numbers)
  • Content data (e.g. text input, photographs and videos)
  • Use data (e.g. websites visited, interest in content, times of access)
  • Metadata/communication data (e.g. device information and IP addresses)

Categories of data subjects

Visitors and users of the website. We hereinafter also refer to the data subjects collectively as “users”.

Purpose of the processing

  • Provision of the website, its functions and content
  • Response to contact queries and communication with users
  • Purchasing of products and services
  • Security measures
  • Reach measurement/marketing

Terms used

“Personal data” is all information that relates to an identified or identifiable natural person (hereinafter referred to as “data subject”). A natural person is considered identifiable if they can be identified, directly or indirectly, particularly via allocation to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie), or one or more specific features that express the physical, physiological, genetic, psychological, economic, cultural, or social identity of this natural person.

“Processing” is any process or any such sequence of processes that takes place with or without the aid of automated procedures and is related to personal data. This term is broad and includes practically all use of data.

The “controller” is the natural or legal person, authority, organisation, or other body that decides on the purpose and means of the processing of personal data, alone or together with others.

Business-related processing

Within the framework of our online platforms (,, and, we process the following information of our customers for the provision and performance of our services:

  • First and second name, email address, telephone number
  • Purchase of services, e.g. CO2 calculation, address and contact details
  • Payment details, e.g. credit card details, PayPal account, payment history
  • Contract data, e.g. subject matter of the contract

We also process the following information about our customers, interested parties, and business partners, for the purpose of invitation and participation in our events (ClimatePartner Academy):

  • Registration details, e.g. first and second name, email address, telephone number


The hosting services we use are for the provision of the following services: infrastructure and platform services, computing capacity, storage space and database services, security services, and technical maintenance services that we use to operate this website.

We or our hosting service providers hereby process inventory data, contact data, content data, contract data, use data, metadata, and communication data, of customers, interested parties, and visitors to this website, on the basis of our legitimate interest in the efficient and secure provision of this website in accordance with Art. 6(1)(f) GDPR in conjunction with Art. 28 GDPR (conclusion of order processing contracts).

2. General use of this website

2.1 Access data

ClimatePartner collects information about you when you use this website. We automatically collect information about your use behaviour and your interaction with us, and we log data on your computer or mobile device. We collect, store and use data about all access to our website (so-called server log files). The access data includes the name and URL of the accessed file, the data and time of access, the data quantity transferred, notification of successful access (HTTP response code), browser type and browser version, operating system, referrer URL (i.e. the previously visited site), IP address and the requesting providers.

We use these log files, without making a match to you personally or otherwise creating profiles, for statistical analysis for the purpose of the operation, security, and optimisation of our website, but also for the anonymous recording of the number of visitors on our website (traffic) and the extent and type of use of our website and services. Based on this information, we can analyse the data traffic, search for and rectify errors, and improve our services. We reserve the right to subsequently check the log files if there are specific reasons for a legitimate suspicion of unlawful use. We store IP addresses for a limited time in the log files, if this is necessary for security purposes, for the provision of the services, or for the invoicing of a service, e.g. if you use our CO2 calculation offer. We also store IP addresses if we have specific suspicion of a criminal offence in connection with the use of our website. As part of your account, we also store the date of your last visit (e.g. when registering, logging in, clicking on links etc.)

2.2 Contact via email and web form

If you contact us (e.g. via the contact form or email), we will store your details for the processing of the query, and in case there are follow-up questions. We will only store and use other personal data if you agree to us doing so, or if this is legally permitted without specific consent.

2.3 Access measuring

Google Analytics

ClimatePartner uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses so-called “cookies” – text files that are stored on your computer and that enable an analysis of your use of the website. The information generated by the cookie about the use of this website by the site visitor will generally be sent to a Google server in the USA, where it will be stored. The following cookies are placed when accessing the site:

Name of the cookie Period of validity Function
_ga 2 years Anonymous distinction of visitors (coupled with the browser used)
_gid 24 hours Allocation of the website access by the visitor to a session (in order to count multiple instances of site access as one session)
_gat* 1 minute Limitation of the queries sent to the server for access statistics

In the case of the activation of IP anonymisation on this website, your IP address will, however, be shortened beforehand within member states of the European Union or in other signatory states of the Agreement on the European Economic Area. Only in exceptional circumstances will the full IP address be sent to a Google server in the USA, where it will be stored. IP anonymisation is active on this website. On our behalf, Google will use this information to analyse your use of the website, compile reports about the website activities, and provide us with other services associated with the use of the website and the internet.

The IP address sent from your browser as part of Google Analytics will not be matched with other data by Google. You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case, you may not be able to use all functions of this website to their full extent.

The user can also prevent the data generated by the cookie and related to your use of the website (incl. your IP address) from being logged and being sent to Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available in the following link:

As an alternative to the browser plugin or within browsers on mobile devices, you can click on the following link to place an opt-out cookie that prevents future recording by Google Analytics within this website (this opt-out cookie only works in this browser and only for this domain. If you delete the cookies in your browser, you must click on this link again):

In order to be logged by Google Analytics again after you have prevented the logging, please click on the following link:

2.4 Conversion measurement and remarketing

Google Tag Manager

This website uses Google Tag Manager. Tag Manager does not collect personal data. The tool ensures the triggering of other tags that may in some circumstances contain your data. Google Tag Manager does not access this data. If a deactivation is carried out at domain or cookie level, this will remain applicable to all tracking tags that are implemented with Google Tag Manager. The Google data privacy policy for this tool can be found at

Google remarketing

This website uses the remarketing function of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). This function serves to present interest-related advertisements to website visitors within the Google advertising network. This technology enables us to place automatically-created target group orientated advertisements after your visit to our website. The advertisements are based on products and services that you clicked on when you last visited our website. For this purpose, a so-called “cookie” is stored in the browser of the website visitor, enabling the visitor to be recognised when it accesses these websites that belong to the Google advertising network. Cookies are small text files that are stored in your browser when you visit our website. Google thereby normally stores information such as your web request, the IP address, the browser type, the browser language, the date, and the time of your query. This information is to match the web browser with a specific computer. On the sites in the Google advertising network, the user can then be shown advertisements that relate to content that the visitor has accessed previously on websites that use the Google remarketing function.

If you have agreed to your browser history being linked by Google to your Google account and information from your Google account being used for advertisement personalisation at, the remarketing function will also take place across devices. Your Google ID will hereby be recorded by Google and used for the purpose of cross-device recognition.

By its own account, Google generally does not collect any personal data during this process. However, if you do not want the Google remarketing function, you can deactivate it by adjusting the settings accordingly at, or in the “My Account” area.

Alternatively, you can deactivate the use of cookies for interest-related advertisement via the advertising network initiative by following the instructions at or

Google AdWords conversion

This website uses tools for online marketing provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This is to recognise that a visitor has come across our website via a Google advertisement. Google uses cookies that are stored on your computer and enable an analysis of the use of the website. The cookies for so-called conversion tracking are placed when you click on an advertisement placed by Google. These cookies become invalid after 30 days and do not enable personal identification.

If you would like to prevent conversion tracking, you can set your browser so that cookies from the domain “” are blocked. You can also exercise your right to opt out at If you would like to find out more about these methods or know what options you have to ensure that this information cannot be used by Google, click here:

Microsoft Ads

On this website we use technologies from Microsoft Ads (, which are provided and operated by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA ("Microsoft"). Microsoft places a cookie on your device if you have reached our website via a Microsoft Bing ad. In this way, Microsoft and we can recognize that someone clicked on an ad, was redirected to our website, reached a predetermined landing page (“conversion site”) and used one of our contact options (“conversion”). We only find out the total number of users who clicked on a Microsoft ad and were then forwarded to the conversion site. Microsoft uses the cookie to collect, process and use information from which usage profiles are created using pseudonyms. These usage profiles are used to analyze visitor behavior and are used to display advertisements. No personal information about the identity of the user is processed.

If you do not want information about your behavior to be used by Microsoft as explained above, you can refuse the necessary setting of a cookie - for example via a browser setting that generally deactivates the automatic setting of cookies. You can also prevent the collection of the data generated by the cookie and related to your use of the website and the processing of this data by Microsoft by using the following link explain your objection. Further information on data protection and the cookies used by Microsoft and Bing Ads can be found on the Microsoft website

LinkedIn Analytics and LinkedIn Ads

We use the conversion tracking technology and the retargeting function of LinkedIn Corporation on this website. This technology enables visitors to this website to play personalized advertisements on LinkedIn. Furthermore, there is the possibility to create anonymous reports on the performance of the advertisements as well as information on website interaction. For this purpose, the LinkedIn Insight Tag is integrated on this website, which creates a connection to the LinkedIn server if you visit this website and are logged in to your LinkedIn account.

The LinkedIn data protection policy at contains further information on data collection and use as well as the options and rights to protect your privacy. If you are logged in to LinkedIn, you can deactivate data collection at any time using the following link:

2.5 Online presence in social media

We maintain an online presence in social networks and platforms in order to communicate with customers, interested parties and users active therein, and inform them there about our services. When accessing the respective networks and platforms, the terms and conditions of business and data processing guidelines of their respective operators apply.

Unless otherwise stated within our data privacy statement, we process the data of the users if they communicate with us within the social networks and platforms, e.g. by posting comments on our online presences or sending us messages.

Inclusion of services and content of third parties

On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our website within the meaning of Art. 6(1)(f) GDPR), within our website we place content and service offers from third-party providers, in order to include their content and services, such as videos and fonts (hereinafter referred to uniformly as “content”).

This always requires that the third-party providers of this content see the IP addresses of the users, as they would not be able to send the content to their browsers without the IP addresses. The IP addresses are therefore necessary for the presentation of this content. We endeavour to only use content when the respective providers only use the IP addresses for the distribution of the content. Third-party providers may also use so-called pixel tags (invisible diagrams, also called “web beacons”) for statistical or marketing purposes. Via the “pixel tags”, information such as the user traffic on the pages of this website can be analysed. The pseudonymous information can also be stored in cookies on the user’s device and contain technical information about the browser and operating system, linking websites, visit time and other details about the use of our website, inter alia, and be linked to such information from other sources.


Our website contains the “XING Share Button”. When pressing this button, a temporary connection to servers of XING AG (“XING”) is established via your browser. With this connection, the “XING Share Button” functions (particularly the calculation/display of the meter value) are provided. XING does not store personal data about you when this website is accessed. In particular, XING does not store IP addresses. In addition, no analysis of your user behaviour takes place via the use of cookies in connection with the “XING Share Button”. The respective current data privacy information about the “XING Share Button” and additional information can be found on this website:


Our website may contain functions and content of the LinkedIn service, offered by LinkedIn AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. This could include, for example, content such as images, videos and text, and buttons with which users can express their pleasure regarding the content or authors of the content, or subscribe to our articles. Provided that the users are members of the LinkedIn platform, LinkedIn may match the display of the above-mentioned content and functions to the user profiles therein. The data privacy policy of LinkedIn is available at LinkedIn is certified under the Privacy Shield agreement and hereby offers a guarantee that European data protection law is adhered to.
Data privacy policy:

Use of Facebook Social Plugins

On the basis of our legitimate interest (i.e. interest in the analysis, optimisation and economic operation of our website within the meaning of Art. 6(1)(f) GDPR), we use Social Plugins (“plugins”) of the network, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The plugins may present interaction elements or content (e.g. videos, diagrams or text entries) and can be recognised by one of the Facebook logos (white “f” on a blue tile, the term “Like” or “Gefällt mir”, or a “thumbs-up” sign) or they are marked with the addition “Facebook Social Plugin”. The list and appearance of the Facebook Social Plugin can be seen here:

Facebook is certified under the Privacy Shield agreement and hereby offers a guarantee that European data protection law is adhered to.

When a user accesses a function of this website that contains such a plugin, its device will establish a direct connection to the servers of Facebook. The content of the plugin will be sent by Facebook directly to the device of the user, which will include it in the website. Use profiles of the users can thereby be created using the processed data. We therefore have no influence on the scope of the data that Facebook collects with the aid of this plugin, and we therefore inform the users in accordance with our level of knowledge.

By the inclusion of the plugin, Facebook receives notification that a user has accessed the corresponding page on the website. If the user is logged into Facebook, Facebook can match the visit with its Facebook account. If users interact with plugins, for example by clicking on the Like button or entering a comment, the corresponding information is sent from your device directly to Facebook, where it is stored. If a user is not a member of Facebook, it is still possible that Facebook will find out its IP address and store it. According to Facebook, only one anonymised IP address will be stored in Germany.

The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as the rights and setting options in this regard to protect the privacy of the users, can be found in the Facebook data privacy notice:

If a user is a Facebook member and does not want Facebook to collect data about it via this website and link it with its member data stored on Facebook, it must log out of Facebook before using our website and delete its cookies. Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings: or via the US American page,, or the EU page at The settings are independent of the platform; in other words, they are carried out for all devices, such as desktop computers or mobile devices.


Our website may contain functions and content of the Instagram service, offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. This could include, for example, content such as images, videos and text, and buttons with which users can express their pleasure regarding the content or authors of the content, or subscribe to our articles. Provided that the users are members of the Instagram platform, Instagram may match the display of the above-mentioned content and functions to the user profiles therein. The data privacy policy of Instagram is available at

2.6 Newsletter

Delivery service providers

On our website, we offer you the opportunity to sign up for our email newsletter, in which we inform you regularly and around the topic of climate protection measures (e.g. e.g. news, info, events & surveys) as well as services of ClimatePartner.

The required information for subscribing to our newsletter can be found in the subscription form, with the mandatory information marked accordingly. The provision of your information is voluntary based on Art. 6 para. 1 lit . a DSGVO and you can revoke your consent at any time with effect for the future by clicking on the unsubscribe link in each newsletter.

We use Microsoft Dynamics 365 to send the email newsletter and for statistical surveys and analyses as well as logging the registration process. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland[KB1] . For this purpose, we have concluded the corresponding order processing agreement with Microsoft in accordance with the Online Service Terms. In accordance with Microsoft's security policy, the server for the commissioned processing is located in the EU. However, due to the corporate structure of Microsoft (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA), despite taking all reasonable measures to ensure the protection of your personal data, we cannot completely exclude the transfer of data to a third country. For more information about Microsoft's privacy practices, please see Microsoft's privacy policy at For more information on Microsoft's use of cookies in connection with Microsoft Dynamics 365, please visit

Our newsletters contain cookies or tracking pixels that enable us to evaluate whether the emails have been opened (opening tracking). In addition, the cookie or tracking pixel enables us to analyse click behaviour. The data collected in this way is sent to Microsoft's servers and stored there. We use this data for statistical purposes and for the individual optimisation of our newsletter. For more information about how Microsoft Dynamics 365 works, please see the Microsoft privacy policy at:


2.7 Content delivery networks (CDNs)

A content delivery network enables the loading time of common web content (e.g. script libraries, components and fonts) to be shortened, because the data is transferred by quick, local or less-utilised servers. Your IP address, inter alia, is thereby sent to the operator of the respective CDN.

2.8 Hosting and infrastructure service providers

We have hired datacentres for the operation and provision of this website. These datacentres meet different certification standards, including ISO 27001.

The datacentres are located in the European Union. If personal data is used by citizens of the EU in datacentres outside the European Union, there is a recognition of the same level of protection for these data centres via standard contractual clauses.

2.9 Legal basis and storage duration

The legal basis of the data processing in accordance with the above figures is Art. 6(1)(f) GDPR. Our interest in the data processing is, in particular, the ensuring of the operation and security of the website, the examination of the type and manner of use by visitors of the website, and the simplification of the use of the website. 

Unless stated specifically, we only store personal data for as long as this is necessary to achieve the intended purposes.

3 Your rights as a data subject in the data processing

In accordance with the applicable laws, you have different rights regarding your personal data. If you would like to exercise these rights, please send your request via email or post, clearly identifying yourself personally, to the website operator (see Figure 1). As a data subject, you have the following rights:

3.1 Right to access

You have the right at any time to receive confirmation from us about whether we process personal data concerning you. If this is the case, you have the right to obtain free information from us about the personal data about you that is stored, as well as a copy of this data. You also have the right to know the following: 

  • the purpose of the processing;
  • the categories of personal data that is processed;
  • the recipients or categories of recipients to which the personal data has been or is yet to be disclosed, particularly for recipients in third countries or at international organisations;
  • if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;
  • existence of a right to rectification or erasure of the personal data concerning you;
  • right to restriction of the processing by the controller;
  • right to object to this processing;
  • right to lodge a complaint with a supervisory authority;
  • if the personal data is not collected from you, all available information about the origin of the data;
  • the existence of an automated decision-making process including profiling in accordance with Art. 22(1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved, and the scope and intended effects of such processing for you.

If personal data is sent to a third country or an international organisation, you have the right to be informed about the suitable guarantees in accordance with Art. 46 GDPR in connection with the transfer.

3.2 Right to rectification

You have the right to request that we immediately rectify incorrect personal data concerning you. In consideration of the purposes, you have the right to request the completion of incomplete personal data – including by means of a supplementary declaration.

3.3 Right to erasure (“right to be forgotten”)

You have the right to request that we immediately delete the personal data concerning you, and we are obliged to immediately erase personal data if one of the following reasons applies:

  • the personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
  • you withdraw your consent on which the processing is based in accordance with Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, and there is no other legal basis for the processing;
  • you object to the processing in accordance with Art. 21(1) GDPR and there are no overriding legitimate reasons for the processing (e.g. statutory retention periods), or you object to the processing in accordance with Art. 21(2) GDPR;
  • the personal data was unlawfully processed;
  • the erasure of the personal data is necessary for the fulfilment of a legal obligation in accordance with Union law or the law of the member states to which we are subject;
  • the personal data was collected in relation to offered information society services in accordance with Art. 8(1) GDPR.

If we have made personal data public and are obliged to erase it, we will take suitable measures, including measures of a technical nature, in consideration of the available technology and the implementation costs, in order to inform the controller responsible for the data processing, which processes the personal data, that you have requested that it erase all links to this personal data, and copies or replications of this personal data.

3.4 Right to restriction of processing

You have the right to request that we restrict the processing if one of the following prerequisites exists:

  • the correctness of the personal data is disputed by you, namely for a duration that enables us to examine the correctness of the personal data;
  • the processing is unlawful and you refuse the erasure of the personal data, instead requesting the restriction of the use of the personal data;
  • the personal data is no longer required for the purposes of the processing, but you require the data for the assertion, exercise, or defence of legal claims;
  • you have objected to the processing in accordance with Art. 21(1) GDPR and it is not yet certain whether the legitimate interests of our company override yours.

3.5 Right to data portability

You have the right to receive the personal data concerning you that you have provided to us, in a structured, common, and machine-readable format. You also have the right to transfer this data to another controller without being obstructed by us, provided that

  • the processing is based on consent in accordance with Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, or on a contract in accordance with Art. 6(1)(b) GDPR; and
  • the processing takes place with the aid of an automated process.

When exercising your right to data portability in accordance with (1), you have the right to arrange for the personal data to be directly transferred from us to another controller, provided that this is technically feasible.

3.6 Right to object

You have the right, for reasons resulting from your particular situation, to object at any time to the processing of the personal data concerning you that takes place on the basis of Art. 6(1)(e) or (f) GDPR; this also applies for profiling based on these provisions. We will no longer process the personal data unless we can prove compelling reasons for the processing that are worth protecting and override your interests, rights, and freedoms, or the processing is for the assertion, exercise, or defence of legal claims.

If personal data is processed by us in order to conduct direct advertising, you have the right at any time to object to the processing of the personal data concerning you for the purpose of such advertising; this also applies for the profiling, if it is related to such direct advertising.

You have the right, for reasons resulting from your particular situation, to object to the processing of personal data concerning you that takes place for scientific or historical research purposes, or for statistical purposes, in accordance with Art. 9(1) GDPR, unless the processing is necessary for the achievement of a task in the public interest.

3.7 Automated decision-making including profiling

You have the right not to be subjected to a decision based solely on automated processing – including profiling – that has a legal effect on you or impairs you significantly in a similar manner.

3.8 Right to withdraw consent given under data protection law

You have the right at any time to withdraw consent to the processing of personal data.

3.9 Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority, particularly in the member state of your place of residence, your place of work, or the location of the suspected violation, if you believe that the processing of the personal data concerning you is unlawful.

4 Data security

We endeavour to protect your personal data within the framework of the applicable data protection laws and technical possibilities.

Your personal data is sent by us in an encrypted manner. This applies for your orders and the customer login. We use the SSL (Secure Sockets Layer) coding system, but we would like to point out that the transfer of data via the internet (e.g. communication via email) may involve security flaws. Flawless protection of data against access by third parties is not possible.

For the protection of your data, we take technical and organisational security measures, which we repeatedly adjust to keep up with technology.

In addition, we do not guarantee that our website is available at specific times; disruptions, interruptions or failures cannot be excluded. The servers used by us are regularly and carefully backed up.

5 Automated decision-making

No automated decision-making process takes place on the basis of the personal data collected.

6 Forwarding of data to third parties, no data transfer to non-EU/EEA countries

We generally only use your personal data within our company.

If and to the extent that we involve third parties as part of the performance of contracts, they will only receive this personal data to the extent to which the transfer is necessary for the according service.

In the case that we outsource certain parts of the data processing (“order processing”), we contractually oblige our order processors to only use personal data in accordance with the requirements of the data protection laws and guarantee the protection of the rights of the data subject.

The transfer of data to places or people outside the EU and outside the cases named in this statement does not take place and is not planned. 

7.1 Collection of personal data during the use of ClimatePartner products

You can usually access our webpages without entering any personal details about yourself. If you register for our personalised databases or purchase products from ClimatePartner, you will be asked for personal information, such as your name, email address, payment method, and credit card number. All data and information about your identity will be stored on the servers of ClimatePartner and the corresponding contracting partners; however, this will only take place if you provide us with this information explicitly. This will take place in a manner recognisable to you and only with your explicit consent.

We generally do not pass your personal data on to unauthorised third parties. We reserve the right to pass data on to authorised partners that are bound to a data privacy and confidentiality agreement by ClimatePartner.

If you, as a customer of our “CO2 calculation” product, appoint one of our partner companies as the account manager, your personal data will be sent to the named partner company if and when this is necessary for the settlement of commission payments by ClimatePartner to the partner company named by you. As well as your company name, this also includes the type and number of the ClimatePartner products purchased by you, the time the contract was concluded for your initial purchase of online services, and the duration of your contractual relationship with ClimatePartner. We take particular care to only send the necessary personal information about you and your contractual relationship with ClimatePartner in accordance with the purpose to the managing partner company.

As soon as you contact us, we will receive and store certain information. We use so-called cookies and Flash cookies, inter alia, and receive certain information as soon as your web browser opens the ClimatePartner website or advertisement in other content that is provided by or on behalf of ClimatePartner on other websites. Cookies and Flash cookies are text files that are sent to your computer via the web browser or other programmes. Our system hereby has the opportunity to recognise your browser and offer you various services. The use of cookies therefore supports the process of your purchase on our site, as you can use the shopping cart function and store it.

If you would like to prevent further cookies from being accepted by your browser, be notified when you receive new cookies, or deactivate all cookies, see the help function in the menu bar of your web browser. You can deactivate or delete similar functions such as Flash cookies that are used by browser add-ons, by either changing the settings of the browser add-on or following the deactivation instructions on the website of the respective creator.

However, essential functions cannot be used on the ClimatePartner website without cookies, so we advise leaving the cookie function activated. For example, you cannot place any products in the shopping cart or use other functions that make registration necessary. However, it is recommended that you log out of the ClimatePartner website again after each registered visit, particularly if you are using the computer with multiple people.

7.2 Information on data protection under the EU GDPR

Our company regularly checks customers for creditworthiness whenever contracts are concluded; if there is a legitimate interest, we also check existing customers. We therefore collaborate with Creditreform Boniversum GmbH – address: Hammfelddamm 13, 41460 Neuss, Germany – which 
provides us with the relevant data. Acting on behalf of Creditreform Boniversum, we hereby wish to provide you with the following information under the EU GDPR article 14, by way of anticipation:

Creditreform Boniversum GmbH is a consumer credit agency. It runs a database storing credit information about private individuals.

On this basis, Creditreform Boniversum provides its clients with information on the creditworthiness of their customers. Clients include, for instance, banks, leasing companies, insurance companies, telecommunications companies, receivables management companies, as well as shipping, wholesale and retail companies and other companies supplying goods and services. Acting within the parameters of the law, some of the data in the creditworthiness database are also supplied to other corporate databases, including databases for address trading purposes. 

The database of Creditreform Boniversum stores primarily names, addresses, dates of birth, email addresses (if applicable), payment histories and ownership structures. The purpose of processing data stored in this way is to provide information about individuals on whom creditworthiness information is requested. The legal basis for such processing is EU GDPR article 6 (1f). Under this provision, information about such data may only be provided if a client can prove convincingly that he or she has a legitimate interest in obtaining the information. If data are sent to non-EU countries, this is done on the basis of so-called “standard contractual clauses”, which you can view under the following link:

You can also request this information to be sent to you. 

Data are stored for as long as knowledge of those data is required to realise the purpose of storage. Such knowledge is usually required for an initial storage period of three years. After the expiry of this period, a review is conducted whether storage continues to be necessary; otherwise the data are deleted on the precise expiry date. If the facts of a matter cease to be relevant, the data are erased on the precise date three years after cessation. Entries in the debtors’ list are deleted on the precise date three years after an official order for entry was presented, in compliance with the German Code of Civil Procedure (ZPO), section 882e. 

The following are examples of legitimate interests within the meaning of the EU GDPR article 6 (1f): loan decisions, initiation of business, ownership structures, receivables, creditworthiness checks, insurance agreements, enforcement information.

You have a right to obtain information about the data stored by Creditreform Boniversum GmbH about yourself as a person. If those data are incorrect, you are entitled to rectification or erasure. If it is not possible to determine immediately whether the data are correct or incorrect, you are entitled to the blocking of the relevant data until your entitlement has been clarified. If your data are incomplete, you can demand their completion. 

If you have given your consent for the processing of data stored by Creditreform Boniversum, you may revoke this consent at any time. Your revocation will not impact the legitimacy of any processing of your data that may have taken place on the basis of your consent prior to revocation. 

If you have any objections, requests or complaints concerning data protection, you may contact the Data Protection Officer of Creditreform Boniversum at any time. He or she will assist speedily and confidentially on all issues of data protection. Alternatively, you can lodge a complaint about Boniversum’s data processing with the State Data Protection Officer (Landesbeauftragte für Datenschutz) of the German federal state that is relevant to you.

Data stored about you by Creditreform Boniversum come from publicly accessible sources as well as from debt collection companies and their clients. 

To determine your creditworthiness, Creditreform Boniversum assigns a score to your data. The data underlying this score include your age, gender, address details and some of your payment experience data. The various data form part of the score calculations with different weights. Creditreform 
Boniversum clients use such scores to help them reach decisions about granting loans.

Right to object: 

The processing of data stored by Creditreform Boniversum takes place on compelling legitimate grounds for the protection of creditors and loans, where processing regularly overrides their interests, rights and freedoms or where it serves the establishment, exercise or defence of legal claims. You can only object to Creditreform Boniversum about the processing of your data if you have grounds relating to your particular situation and if you can substantiate those reasons. If such special reasons are verifiably available, your data will cease to be processed there. If you object to the processing of your data for advertising and marketing purposes, then your data will no longer be processed for those purposes. 

The entity with responsibility under the EU GDPR article 4 (7) is Creditreform Boniversum GmbH, Hammfelddamm 13, 41460 Neuss, Germany. Your contact point within our company is the Consumer Service, phone: +49 (0) 2131 36845560, fax: +49 (0) 2131 36845570, email:

The competent Data Protection Officer has the following contact details: Creditreform Boniversum GmbH, Data Protection Officer, Hammfelddamm 13, 41460 Neuss, Germany. 

8 Data Protection Officer

Should you have any questions about our data privacy or this data privacy statement, or if you want to exercise your rights, please contact our Data Protection Officer at

Nextwork GmbH,

or write to ClimatePartner GmbH (for contact details, see Point 1 and the legal notice).

9 Changes to the data privacy statement

ClimatePartner GmbH reserves the right to change the data privacy statement in order to adapt it to changed legal situations or in the event of changes to the service and data processing. However, this only applies with regard to the data processing statements. If user consent is necessary or parts of the data privacy statement contain rules for the contractual relationship with the users, the changes will only take place with the consent of the user.

Users are asked to inform themselves regularly about the content of the data privacy statement. You can save and print this data privacy statement at any time.

(Version: June 2021)