Data privacy statement
This data privacy statement applies for the use of the website climatepartner.com, hereinafter referred to as “website”. For websites of other providers which are referenced via links, for example, the data privacy notices and statements therein apply.
Data privacy is extremely important to ClimatePartner GmbH. The collection and processing of your personal data takes place in compliance with the applicable legal data protection provisions, in particular the General Data Protection Regulation (GDPR). We collect and process your personal data in order to be able to offer you this website. This statement describes how and for what purpose your personal data is collected and used, and what options you have in connection with your data.
By using this website, you agree to the collection, use and transfer of your data in accordance with this data privacy statement. If you want to object to the collection, processing or use of your data by us in accordance with this data privacy statement, overall or for individual measures, you can direct your objection to the controller.
The controller responsible for the collection, processing and use of your personal data within the meaning of the GDPR is:
Tel: +49 89 1222875-0
Fax: +49 89 1222875-29
Managing directors: Moritz Lehmkuhl and Tristan A. Foerster
Types of data processed:
- Contact details (e.g. email and telephone numbers)
- Content data (e.g. text input, photographs and videos)
- Use data (e.g. websites visited, interest in content, times of access)
- Metadata/communication data (e.g. device information and IP addresses)
Categories of data subjects
Visitors and users of the website. We hereinafter also refer to the data subjects collectively as “users”.
Purpose of the processing
- Provision of the website, its functions and content
- Response to contact queries and communication with users
- Purchasing of products and services
- Security measures
- Reach measurement/marketing
“Personal data” is all information that relates to an identified or identifiable natural person (hereinafter referred to as “data subject”). A natural person is considered identifiable if they can be identified, directly or indirectly, particularly via allocation to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie), or one or more specific features that express the physical, physiological, genetic, psychological, economic, cultural, or social identity of this natural person.
“Processing” is any process or any such sequence of processes that takes place with or without the aid of automated procedures and is related to personal data. This term is broad and includes practically all use of data.
The “controller” is the natural or legal person, authority, organisation, or other body that decides on the purpose and means of the processing of personal data, alone or together with others.
Within the framework of our online platforms (fpm.climatepartner.com, solutions.climatepartner.com, and cloud.climatepartner.com), we process the following information of our customers for the provision and performance of our services:
- First and second name, email address, telephone number
- Purchase of services, e.g. CO2 calculation, address and contact details
- Payment details, e.g. credit card details, PayPal account, payment history
- Contract data, e.g. subject matter of the contract
We also process the following information about our customers, interested parties, and business partners, for the purpose of invitation and participation in our events (ClimatePartner Academy):
- Registration details, e.g. first and second name, email address, telephone number
The hosting services we use are for the provision of the following services: infrastructure and platform services, computing capacity, storage space and database services, security services, and technical maintenance services that we use to operate this website.
We or our hosting service providers hereby process inventory data, contact data, content data, contract data, use data, metadata, and communication data, of customers, interested parties, and visitors to this website, on the basis of our legitimate interest in the efficient and secure provision of this website in accordance with Art. 6(1)(f) GDPR in conjunction with Art. 28 GDPR (conclusion of order processing contracts).
2. General use of this website
2.1 Access data
ClimatePartner collects information about you when you use this website. We automatically collect information about your use behaviour and your interaction with us, and we log data on your computer or mobile device. We collect, store and use data about all access to our website (so-called server log files). The access data includes the name and URL of the accessed file, the data and time of access, the data quantity transferred, notification of successful access (HTTP response code), browser type and browser version, operating system, referrer URL (i.e. the previously visited site), IP address and the requesting providers.
We use these log files, without making a match to you personally or otherwise creating profiles, for statistical analysis for the purpose of the operation, security, and optimisation of our website, but also for the anonymous recording of the number of visitors on our website (traffic) and the extent and type of use of our website and services. Based on this information, we can analyse the data traffic, search for and rectify errors, and improve our services. We reserve the right to subsequently check the log files if there are specific reasons for a legitimate suspicion of unlawful use. We store IP addresses for a limited time in the log files, if this is necessary for security purposes, for the provision of the services, or for the invoicing of a service, e.g. if you use our CO2 calculation offer. We also store IP addresses if we have specific suspicion of a criminal offence in connection with the use of our website. As part of your account, we also store the date of your last visit (e.g. when registering, logging in, clicking on links etc.)
2.2 Contact via email and web form
If you contact us (e.g. via the contact form or email), we will store your details for the processing of the query, and in case there are follow-up questions. We will only store and use other personal data if you agree to us doing so, or if this is legally permitted without specific consent.
2.3 Access measuring
ClimatePartner uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses so-called “cookies” – text files that are stored on your computer and that enable an analysis of your use of the website. The information generated by the cookie about the use of this website by the site visitor will generally be sent to a Google server in the USA, where it will be stored. The following cookies are placed when accessing the site:
|Name of the cookie||Period of validity||Function|
|_ga||2 years||Anonymous distinction of visitors (coupled with the browser used)|
|_gid||24 hours||Allocation of the website access by the visitor to a session (in order to count multiple instances of site access as one session)|
|_gat*||1 minute||Limitation of the queries sent to the server for access statistics|
In the case of the activation of IP anonymisation on this website, your IP address will, however, be shortened beforehand within member states of the European Union or in other signatory states of the Agreement on the European Economic Area. Only in exceptional circumstances will the full IP address be sent to a Google server in the USA, where it will be stored. IP anonymisation is active on this website. On our behalf, Google will use this information to analyse your use of the website, compile reports about the website activities, and provide us with other services associated with the use of the website and the internet.
The IP address sent from your browser as part of Google Analytics will not be matched with other data by Google. You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case, you may not be able to use all functions of this website to their full extent.
The user can also prevent the data generated by the cookie and related to your use of the website (incl. your IP address) from being logged and being sent to Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available in the following link: https://tools.google.com/dlpage/gaoptout.
As an alternative to the browser plugin or within browsers on mobile devices, you can click on the following link to place an opt-out cookie that prevents future recording by Google Analytics within this website (this opt-out cookie only works in this browser and only for this domain. If you delete the cookies in your browser, you must click on this link again):
In order to be logged by Google Analytics again after you have prevented the logging, please click on the following link:
2.4 Conversion measurement and remarketing
Google Tag Manager
This website uses the remarketing function of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). This function serves to present interest-related advertisements to website visitors within the Google advertising network. This technology enables us to place automatically-created target group orientated advertisements after your visit to our website. The advertisements are based on products and services that you clicked on when you last visited our website. For this purpose, a so-called “cookie” is stored in the browser of the website visitor, enabling the visitor to be recognised when it accesses these websites that belong to the Google advertising network. Cookies are small text files that are stored in your browser when you visit our website. Google thereby normally stores information such as your web request, the IP address, the browser type, the browser language, the date, and the time of your query. This information is to match the web browser with a specific computer. On the sites in the Google advertising network, the user can then be shown advertisements that relate to content that the visitor has accessed previously on websites that use the Google remarketing function.
If you have agreed to your browser history being linked by Google to your Google account and information from your Google account being used for advertisement personalisation at https://www.google.com/settings/u/0/ads/authenticated, the remarketing function will also take place across devices. Your Google ID will hereby be recorded by Google and used for the purpose of cross-device recognition.
By its own account, Google generally does not collect any personal data during this process. However, if you do not want the Google remarketing function, you can deactivate it by adjusting the settings accordingly at https://www.google.com/settings/ads, or in the “My Account” area.
Google AdWords conversion
2.5 Online presence in social media
We maintain an online presence in social networks and platforms in order to communicate with customers, interested parties and users active therein, and inform them there about our services. When accessing the respective networks and platforms, the terms and conditions of business and data processing guidelines of their respective operators apply.
Unless otherwise stated within our data privacy statement, we process the data of the users if they communicate with us within the social networks and platforms, e.g. by posting comments on our online presences or sending us messages.
Inclusion of services and content of third parties
On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our website within the meaning of Art. 6(1)(f) GDPR), within our website we place content and service offers from third-party providers, in order to include their content and services, such as videos and fonts (hereinafter referred to uniformly as “content”).
This always requires that the third-party providers of this content see the IP addresses of the users, as they would not be able to send the content to their browsers without the IP addresses. The IP addresses are therefore necessary for the presentation of this content. We endeavour to only use content when the respective providers only use the IP addresses for the distribution of the content. Third-party providers may also use so-called pixel tags (invisible diagrams, also called “web beacons”) for statistical or marketing purposes. Via the “pixel tags”, information such as the user traffic on the pages of this website can be analysed. The pseudonymous information can also be stored in cookies on the user’s device and contain technical information about the browser and operating system, linking websites, visit time and other details about the use of our website, inter alia, and be linked to such information from other sources.
Use of Facebook Social Plugins
On the basis of our legitimate interest (i.e. interest in the analysis, optimisation and economic operation of our website within the meaning of Art. 6(1)(f) GDPR), we use Social Plugins (“plugins”) of the facebook.com network, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The plugins may present interaction elements or content (e.g. videos, diagrams or text entries) and can be recognised by one of the Facebook logos (white “f” on a blue tile, the term “Like” or “Gefällt mir”, or a “thumbs-up” sign) or they are marked with the addition “Facebook Social Plugin”. The list and appearance of the Facebook Social Plugin can be seen here: https://developers.facebook.com/docs/plugins/.
Facebook is certified under the Privacy Shield agreement and hereby offers a guarantee that European data protection law is adhered to.
When a user accesses a function of this website that contains such a plugin, its device will establish a direct connection to the servers of Facebook. The content of the plugin will be sent by Facebook directly to the device of the user, which will include it in the website. Use profiles of the users can thereby be created using the processed data. We therefore have no influence on the scope of the data that Facebook collects with the aid of this plugin, and we therefore inform the users in accordance with our level of knowledge.
By the inclusion of the plugin, Facebook receives notification that a user has accessed the corresponding page on the website. If the user is logged into Facebook, Facebook can match the visit with its Facebook account. If users interact with plugins, for example by clicking on the Like button or entering a comment, the corresponding information is sent from your device directly to Facebook, where it is stored. If a user is not a member of Facebook, it is still possible that Facebook will find out its IP address and store it. According to Facebook, only one anonymised IP address will be stored in Germany.
The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as the rights and setting options in this regard to protect the privacy of the users, can be found in the Facebook data privacy notice: https://www.facebook.com/about/privacy/.
If a user is a Facebook member and does not want Facebook to collect data about it via this website and link it with its member data stored on Facebook, it must log out of Facebook before using our website and delete its cookies. Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US American page, https://www.aboutads.info/choices/, or the EU page at https://www.youronlinechoices.com. The settings are independent of the platform; in other words, they are carried out for all devices, such as desktop computers or mobile devices.
Delivery service providers
Registration for the newsletter and the sending of the newsletter takes place via delivery service provider “MailChimp”, a newsletter sending platform by US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. The data privacy provisions of the delivery service provider can be seen here: https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield agreement and hereby offers a guarantee that the European data protection level is maintained. The delivery service provider is used on the basis of our legitimate interests in accordance with -Art. 6(1)(f) GDPR and an order processing contract in accordance with Art. 28(3)(1) GDPR.
The delivery service provider can use the data of the recipients in a pseudonymised form, in other words without matching it to a user, to optimise or improve its own services, e.g. for the technical optimisation of the distribution and the presentation of the newsletter, or for statistical purposes. However, the delivery service provider does not use the data of our newsletter recipients to write to them itself or pass the data on to third parties.
The newsletters contain a so-called “web beacon”, in other words a pixel-sized file that, upon the opening of the newsletter, is accessed by our server or, if we use a delivery service provider, its server. During this access, technical information such as information about the browser and your system, as well as your IP address and the time of access, is collected initially.
This information is used for the technical improvement of the services by means of technical data, or the target groups and their reading behaviour by means of their access locations (which can be identified using the IP address) or the access times. The statistical surveys also include the ascertainment of whether the newsletters are opened, when they are opened, and what links are clicked on. This information may be matched with the individual newsletter recipients for technical reasons, but it is neither our aim nor that of the delivery service provider, if used, to monitor individual users. Instead, the analyses enable us to recognise the reading habits of our users and adapt our content to them, or to send different content in accordance with the interests of our users.
2.7 Content delivery networks (CDNs)
A content delivery network enables the loading time of common web content (e.g. script libraries, components and fonts) to be shortened, because the data is transferred by quick, local or less-utilised servers. Your IP address, inter alia, is thereby sent to the operator of the respective CDN.
2.8 Hosting and infrastructure service providers
We have hired datacentres for the operation and provision of this website. These datacentres meet different certification standards, including ISO 27001.
The datacentres are located in the European Union. If personal data is used by citizens of the EU in datacentres outside the European Union, there is a recognition of the same level of protection for these data centres via Privacy Shield or standard contractual clauses.
2.9 Legal basis and storage duration
The legal basis of the data processing in accordance with the above figures is Art. 6(1)(f) GDPR. Our interest in the data processing is, in particular, the ensuring of the operation and security of the website, the examination of the type and manner of use by visitors of the website, and the simplification of the use of the website.
Unless stated specifically, we only store personal data for as long as this is necessary to achieve the intended purposes.
3 Your rights as a data subject in the data processing
In accordance with the applicable laws, you have different rights regarding your personal data. If you would like to exercise these rights, please send your request via email or post, clearly identifying yourself personally, to the website operator (see Figure 1). As a data subject, you have the following rights:
3.1 Right to access
You have the right at any time to receive confirmation from us about whether we process personal data concerning you. If this is the case, you have the right to obtain free information from us about the personal data about you that is stored, as well as a copy of this data. You also have the right to know the following:
- the purpose of the processing;
- the categories of personal data that is processed;
- the recipients or categories of recipients to which the personal data has been or is yet to be disclosed, particularly for recipients in third countries or at international organisations;
- if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;
- existence of a right to rectification or erasure of the personal data concerning you;
- right to restriction of the processing by the controller;
- right to object to this processing;
- right to lodge a complaint with a supervisory authority;
- if the personal data is not collected from you, all available information about the origin of the data;
- the existence of an automated decision-making process including profiling in accordance with Art. 22(1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved, and the scope and intended effects of such processing for you.
If personal data is sent to a third country or an international organisation, you have the right to be informed about the suitable guarantees in accordance with Art. 46 GDPR in connection with the transfer.
3.2 Right to rectification
You have the right to request that we immediately rectify incorrect personal data concerning you. In consideration of the purposes, you have the right to request the completion of incomplete personal data – including by means of a supplementary declaration.
3.3 Right to erasure (“right to be forgotten”)
You have the right to request that we immediately delete the personal data concerning you, and we are obliged to immediately erase personal data if one of the following reasons applies:
- the personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
- you withdraw your consent on which the processing is based in accordance with Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, and there is no other legal basis for the processing;
- you object to the processing in accordance with Art. 21(1) GDPR and there are no overriding legitimate reasons for the processing (e.g. statutory retention periods), or you object to the processing in accordance with Art. 21(2) GDPR;
- the personal data was unlawfully processed;
- the erasure of the personal data is necessary for the fulfilment of a legal obligation in accordance with Union law or the law of the member states to which we are subject;
- the personal data was collected in relation to offered information society services in accordance with Art. 8(1) GDPR.
If we have made personal data public and are obliged to erase it, we will take suitable measures, including measures of a technical nature, in consideration of the available technology and the implementation costs, in order to inform the controller responsible for the data processing, which processes the personal data, that you have requested that it erase all links to this personal data, and copies or replications of this personal data.
3.4 Right to restriction of processing
You have the right to request that we restrict the processing if one of the following prerequisites exists:
- the correctness of the personal data is disputed by you, namely for a duration that enables us to examine the correctness of the personal data;
- the processing is unlawful and you refuse the erasure of the personal data, instead requesting the restriction of the use of the personal data;
- the personal data is no longer required for the purposes of the processing, but you require the data for the assertion, exercise, or defence of legal claims;
- you have objected to the processing in accordance with Art. 21(1) GDPR and it is not yet certain whether the legitimate interests of our company override yours.
3.5 Right to data portability
You have the right to receive the personal data concerning you that you have provided to us, in a structured, common, and machine-readable format. You also have the right to transfer this data to another controller without being obstructed by us, provided that
- the processing is based on consent in accordance with Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, or on a contract in accordance with Art. 6(1)(b) GDPR; and
- the processing takes place with the aid of an automated process.
When exercising your right to data portability in accordance with (1), you have the right to arrange for the personal data to be directly transferred from us to another controller, provided that this is technically feasible.
3.6 Right to object
You have the right, for reasons resulting from your particular situation, to object at any time to the processing of the personal data concerning you that takes place on the basis of Art. 6(1)(e) or (f) GDPR; this also applies for profiling based on these provisions. We will no longer process the personal data unless we can prove compelling reasons for the processing that are worth protecting and override your interests, rights, and freedoms, or the processing is for the assertion, exercise, or defence of legal claims.
If personal data is processed by us in order to conduct direct advertising, you have the right at any time to object to the processing of the personal data concerning you for the purpose of such advertising; this also applies for the profiling, if it is related to such direct advertising.
You have the right, for reasons resulting from your particular situation, to object to the processing of personal data concerning you that takes place for scientific or historical research purposes, or for statistical purposes, in accordance with Art. 9(1) GDPR, unless the processing is necessary for the achievement of a task in the public interest.
3.7 Automated decision-making including profiling
You have the right not to be subjected to a decision based solely on automated processing – including profiling – that has a legal effect on you or impairs you significantly in a similar manner.
3.8 Right to withdraw consent given under data protection law
You have the right at any time to withdraw consent to the processing of personal data.
3.9 Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a supervisory authority, particularly in the member state of your place of residence, your place of work, or the location of the suspected violation, if you believe that the processing of the personal data concerning you is unlawful.
4 Data security
We endeavour to protect your personal data within the framework of the applicable data protection laws and technical possibilities.
Your personal data is sent by us in an encrypted manner. This applies for your orders and the customer login. We use the SSL (Secure Sockets Layer) coding system, but we would like to point out that the transfer of data via the internet (e.g. communication via email) may involve security flaws. Flawless protection of data against access by third parties is not possible.
For the protection of your data, we take technical and organisational security measures, which we repeatedly adjust to keep up with technology.
In addition, we do not guarantee that our website is available at specific times; disruptions, interruptions or failures cannot be excluded. The servers used by us are regularly and carefully backed up.
5 Automated decision-making
No automated decision-making process takes place on the basis of the personal data collected.
6 Forwarding of data to third parties, no data transfer to non-EU/EEA countries
We generally only use your personal data within our company.
If and to the extent that we involve third parties as part of the performance of contracts, they will only receive this personal data to the extent to which the transfer is necessary for the according service.
In the case that we outsource certain parts of the data processing (“order processing”), we contractually oblige our order processors to only use personal data in accordance with the requirements of the data protection laws and guarantee the protection of the rights of the data subject.
The transfer of data to places or people outside the EU and outside the cases named in this statement does not take place and is not planned.
7 Collection of personal data during the use of ClimatePartner products
You can usually access our webpages without entering any personal details about yourself. If you register for our personalised databases or purchase products from ClimatePartner, you will be asked for personal information, such as your name, email address, payment method, and credit card number. All data and information about your identity will be stored on the servers of ClimatePartner and the corresponding contracting partners; however, this will only take place if you provide us with this information explicitly. This will take place in a manner recognisable to you and only with your explicit consent.
We generally do not pass your personal data on to unauthorised third parties. We reserve the right to pass data on to authorised partners that are bound to a data privacy and confidentiality agreement by ClimatePartner.
If you, as a customer of our “CO2 calculation” product, appoint one of our partner companies as the account manager, your personal data will be sent to the named partner company if and when this is necessary for the settlement of commission payments by ClimatePartner to the partner company named by you. As well as your company name, this also includes the type and number of the ClimatePartner products purchased by you, the time the contract was concluded for your initial purchase of online services, and the duration of your contractual relationship with ClimatePartner. We take particular care to only send the necessary personal information about you and your contractual relationship with ClimatePartner in accordance with the purpose to the managing partner company.
If you would like to prevent further cookies from being accepted by your browser, be notified when you receive new cookies, or deactivate all cookies, see the help function in the menu bar of your web browser. You can deactivate or delete similar functions such as Flash cookies that are used by browser add-ons, by either changing the settings of the browser add-on or following the deactivation instructions on the website of the respective creator.
However, essential functions cannot be used on the ClimatePartner website without cookies, so we advise leaving the cookie function activated. For example, you cannot place any products in the shopping cart or use other functions that make registration necessary. However, it is recommended that you log out of the ClimatePartner website again after each registered visit, particularly if you are using the computer with multiple people.
Should you have any questions about our data privacy or this data privacy statement, or if you want to exercise your rights, please contact our Data Protection Officer at firstname.lastname@example.org or write to ClimatePartner GmbH (for contact details, see Point 1 and the legal notice).
9 Changes to the data privacy statement
ClimatePartner GmbH reserves the right to change the data privacy statement in order to adapt it to changed legal situations or in the event of changes to the service and data processing. However, this only applies with regard to the data processing statements. If user consent is necessary or parts of the data privacy statement contain rules for the contractual relationship with the users, the changes will only take place with the consent of the user.
Users are asked to inform themselves regularly about the content of the data privacy statement. You can save and print this data privacy statement at any time.
(Version: May 2018)