This website is provided by the ClimatePartner Group (ClimatePartner) to give you an overview of how ClimatePartner processes your personal data.
The protection of your personal data is very important to ClimatePartner.
The collection and processing of your personal data is carried out in compliance with the applicable data protection regulations, in particular the General Data Protection Regulation (GDPR). This statement describes how and for what purpose ClimatePartner collects personal data and how we handle the data.
1. General information
The controller for processing within the meaning of the GDPR is ClimatePartner Group.
The Group is divided into various subsidiaries and business units. Each of these companies is responsible for compliance with data protection laws.
The controller for all data processing in connection with the data processing on the ClimatePartner website is
Phone: +49 89 1222875-0
Fax: +49 89 1222875-29
Managing Directors: Moritz Lehmkuhl, Klaus-Peter Siemssen
The following separate controller shall be responsible for matters relating to the collection of data via the contact form on the climatepartnerimpact.com website
The controller for processing within the meaning of the GDPR is
ClimatePartner Impact GmbH
Phone: +49 89 1222875-0
Fax: +49 89 1222875-29
Managing Director: Robin Stoffers
For data processing operations independent of the website, the respective ClimatePartner Group company with which you are in contact with is the data controller. You can view the individual companies here: https://www.climatepartner.com/en/offices
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any operation or set of operations which is performed upon personal data, whether or not by automatic means. The term is broad and encompasses practically every handling of data.
“Controller” means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
A principle in data protection is “lawfulness”; processing of personal data is only lawful if it has a legal basis. In the following, reference is made repeatedly to consent, legitimate interest and the lawfulness of processing for the performance of a contract or for the implementation of pre-contractual measures. These legal bases are standardised in Article 6(1)(a), (b) and (f) GDPR.
Your rights as a data subject
Under applicable laws, you have various rights regarding your personal data. If you wish to exercise these rights, please send your request by email or by post, clearly identifying yourself, to the controller (see point 1). As a data subject, you have the following rights:
Right of access
You have the right to find out from us at any time whether ClimatePartner is processing personal data about you.
If this is the case, you have the right to receive from us free information about the personal data stored about you, the purpose, the potential recipients and the storage period, together with a copy of these data.
Right to rectification
You have the right to request that we rectify any inaccurate personal data relating to you without delay. Taking into account the purpose, you also have the right to request the completion of incomplete personal data - also by means of a supplementary declaration.
Right to erasure ("right to be forgotten")
You have the right to request that we erase personal data relating to you without delay if one of the following reasons applies:
- the personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
- You withdraw your consent on which the processing was based pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR and there is no other legal basis for the processing.
- You object to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing.
- The personal data have been processed unlawfully.
- Erasure of the personal data is necessary for compliance with a legal obligation under a Union or Member State law to which we are subject.
- The personal data were collected in relation to information society services offered pursuant to Article 8(1).
If we have made personal data public and we are obligated to erase them, we shall take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform the controllers processing the personal data that you have requested that they erase all links to, or copies or replications of, those personal data.
Right to restriction of processing
You have the right to request us to stop processing your personal data temporarily or permanently where
- the accuracy of the personal data is disputed by you;
- the processing is unlawful;
- the personal data are no longer necessary for the purposes for which they were processed;
- you have objected to the processing pursuant to Article 21(1), as long as it has not yet been determined whether the legitimate interests of our company outweigh your interests.
Right to data portability
You have the right to receive the personal data relating to you that you have provided to us in a structured, commonly used and machine-readable format, and you have the right to transfer these data to another controller without hindrance from us.
Right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data about you which is carried out on the basis of consent. We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
Automated decisions including profiling
You have the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects about you or similarly significantly affects you.
Right to withdraw consent under data protection law
You have the right to withdraw consent to the processing of personal data at any time.
Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement, if you consider that the processing of personal data about you is unlawful.
We are concerned about the security of your personal data within the framework of the applicable data protection laws and technical developments. To this end, we maintain technical and organisational security measures that we constantly adapt to the latest technical standards.
In connection with the use of our digital products, your personal data are protected by strong encryption mechanisms both during transmission and storage. However, we would like to point out in this context that data transmission on the Internet can be prone to security gaps depending on the application (e.g. communication by email).
We also do not guarantee that our web-services will be available at certain times; disruptions, interruptions or failures cannot be ruled out. The servers we use are carefully backed up on a regular basis.
Transmission of data to third parties
In principle, we only use your personal data within our company.
If and to the extent that we involve third parties in the performance of contracts, they will only receive personal data to the extent that the transfer is necessary for the corresponding service.
In the event that we outsource certain parts of data processing (“commissioned data processing”), we contractually commit our processors to use personal data only in accordance with the requirements of data protection laws and to ensure protection of the rights of the data subject.
Transmission of data within the group of companies:
Many systems and technologies are shared within the ClimatePartner Group. This allows us to implement a more efficient, secure and uniform data protection standard. Therefore, within the ClimatePartner Group, those companies and departments will have access to your data that need it to fulfil our contractual and legal obligations or to perform their respective functions within the Group.
In order to regulate the exchange of data within the Group in accordance with legal requirements, we have taken technical and organisational measures to ensure the secure handling of your personal data.
Data protection officer
At email@example.com (or by letter to ClimatePartner GmbH (for contact details see point 1 and in the legal notice) you can contact our data protection team at any time if you have any general questions or concerns on data protection as well as for the enforcement of your rights.
To directly contact our external data protection officers, please use:
Nextwork GmbH, firstname.lastname@example.org
2. Supplementary information on the use of this website
Whenever this website is accessed, personal data of the visitors and users of the web-services (users) are automatically processed.
These data are required to deliver and display the contents of the website. Furthermore, the processing of these data is absolutely necessary for security reasons, in particular to control access, transmission and storage. In addition, anonymous information may be used for statistical purposes and to optimise the web-services and technology.
Within the framework of our online platforms, we process the following data of our customers for the provision and implementation of our services:
First name, surname, email address, telephone number
Purchase of services, e.g. CO2 calculation, address and contact details
Payment data, e.g. credit card data, PayPal account, payment history
Contract data, e.g. subject matter of the contract
In addition, we process the following data of our customers, interested parties and business partners for the purpose of inviting them to and participating in our events (ClimatePartner Academy):
Registration data e.g. first name, surname, email address, telephone number
We have leased data centres for the operation and provision of this website and our online platforms.
The services we use serve to provide infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services for the offered web-services.
In doing so, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta data and communication data of customers, interested parties and visitors to this website on the basis of our legitimate interests in an efficient and secure provision of the offered web-services.
In addition, we use a Content Delivery Network, which has the effect of shortening the loading time of common web content (e.g. script libraries, components as well as fonts) because the files are transferred from fast servers that are close to the location or are underutilized. Among other things, your IP address is transmitted to the operator of the respective CDN.
We have carefully selected data centres and only use those that are located in the European Union and meet general information security and data protection standards.
To the extent that personal data of EU citizens are transferred to data centres outside the European Union, the same level of protection for these data centres is ensured by appropriate measures, such as standard contractual clauses, in accordance with the applicable data protection laws.
The legal basis for data processing pursuant to the above paragraphs is our legitimate interest. Unless specifically stated, we only store personal data for as long as is necessary to fulfil the intended purposes.
ClimatePartner collects information about you when you use this website or our online platforms. We automatically collect information about your usage patterns and interaction with us and record data about your computer or mobile device. We collect, store and use data about every access to our web-services (so-called server log files).
The access data include the name and URL of the retrieved file, the date and time of the retrieval, the amount of data transferred, notification of successful retrieval (HTTP response code), the browser type and version, the operating system, the referrer URL (i.e. the previously visited page), the IP address and the requesting provider.
We use these log data without assigning them to you personally or otherwise profiling them for statistical evaluations for the purpose of the operation, security and optimisation of our web-services , for the anonymous recording of the number of visitors to our website (traffic) as well as the scope and type of use of our website and services, and also to prove the provision of services or billing for a service. This information allows us to analyse traffic, troubleshoot errors and improve our services. We reserve the right to check the log data retrospectively if there is a justified suspicion of unlawful use on the basis of concrete indications. The retention period of log data including IP addresses has been limited to 12 months. We also store IP addresses if we have a concrete suspicion of a criminal offence in connection with the use of our website. In addition, we store the date of your last visit as part of your account (e.g. when registering, logging in, clicking links etc.).
Depending on the function and purpose of the data processing, the cookies used on our website are divided by us into the following categories:
These cookies are necessary to provide you with specific website functions and to comply with our legal obligations. The legal basis for processing your personal data is our legitimate interest in making our website usable for you and in fulfilling our legal obligations.
Preference cookies enable a website to remember information that affects the way a website behaves or looks, such as your preferred language or the region you are in. The legal basis for the processing of your personal data is your consent, which you can give via our cookie banner. Your consent is always voluntary and is not required for the use of the website or our online platforms themselves.
We use these cookies for statistical analysis purposes in order to statistically record the use of our website. Statistical cookies help us to improve our website and to offer you content that is particularly relevant to you. The legal basis for the processing of your personal data is your consent, which you can give via our cookie banner. Your consent is always voluntary and is not required for the use of the website or our online platforms themselves.
We use these cookies for marketing purposes, i.e. to provide you with personalised advertising, for example.
The legal basis for the processing of your personal data is your consent, which you can give via our cookie banner. Your consent is always voluntary and is not required for the use of the website or our online platforms themselves.
The legal basis for the use of necessary cookies is on the one hand our legitimate interest. Our legitimate interest for using necessary cookies is to be able to provide you with functioning online platforms. Your consent is given for cookies that are not necessary. No unnecessary cookies will be set without your consent. You can withdraw your consent at any time with effect for the future.
You can delete individual or all cookies via the settings of your browser. There you will also find information and instructions on how to delete these cookies or block their storage from the outset.
The maximum storage period of the cookies used is 399 days (13 months).
Use of third-party tools
In order to provide and continuously improve our services, we also use the services of the third-party providers listed below, who may also process personal data. We have selected these third-party providers carefully and in accordance with the requirements of the GDPR, as well as the general requirements for information security.
Google Tag Manager
Google AdWords Conversion
Google Enhanced Conversion
LinkedIn Analytics and LinkedIn Ads
You can withdraw your consent to the use of the listed cookies and the associated third-party processing at any time. This withdrawal is congruent with an initial rejection of your consent and applies to the domain in question. From the time of your withdrawal or their rejection, all cookies concerned will be deleted or not set.
If you delete all cookies in your browser, you will be asked for your consent again.
4. Supplementary information on contacting us via contact form or email
If you contact us via an email address provided by us, we will store the data you send with the email.
If you have the option of contacting us via a contact form on our website, the data you provide will be stored by us.
The data are stored for the purpose of processing the request transmitted with your communication and, if necessary, contacting you. We erase the data accruing in this context after storage is no longer required or restrict the processing if there are statutory retention obligations to do so.
5. Supplementary information on the newsletter and marketing
On our website, we offer you the opportunity to sign up for our email newsletter, in which we will regularly inform you about climate protection measures (e.g. news, information, events and surveys) and ClimatePartner services.
The required information for registration to our newsletter results from the registration form, in which mandatory information is marked accordingly. The provision of your information is voluntary and you can withdraw your consent at any time with effect for the future by clicking on the unsubscribe link in each newsletter.
Our newsletters contain cookies or tracking pixels with which we can evaluate whether the emails have been opened (opening tracking). Furthermore, the cookie or tracking pixel enables an analysis of the click behaviour. The data collected in this way are transferred to Microsoft's servers and stored there. We use these data for statistical purposes and for individualisation of our newsletter.
We use Microsoft Dynamics 365 for sending the email newsletter, statistical surveys and evaluations, and logging the registration process.
For this purpose, we have concluded the corresponding processing agreement with Microsoft in accordance with the Online Service Terms.
Recipient or third country: Recipients are the processors and Microsoft Dynamics. We have entered into a processing agreement and the standard contractual clauses with Mailchimp. Further information on the processing of personal data by Microsoft Dynamics can be found here https://privacy.microsoft.com/en-gb/privacystatement.
In this context, the data will only be processed as long as the relevant consent has been given. Afterwards they are deleted.
In the context of lead acquisition, we follow the 1:1 email approach of potential partners who share an interest in climate protection and taking appropriate measures to achieve climate protection goals. In terms of initial contact by email, we will contact you a maximum of two times, unless you submit your withdrawal.
The purpose of contacting you and the associated processing of your contact and communication details is to provide you with topic-specific offers, such as webinars and white papers on climate protection and the presentation of our service portfolio, which could result in the initiation or implementation of a business relationship.
This processing is based on our legitimate interest or your consent.
If you, as a data subject, exercise your right of withdrawal in the context of being addressed within the scope of email campaigns, you can either do so via the opt-out link included in the email footer, submit it directly to the sender or submit it in writing to ClimatePartner GmbH using the contact details provided above.
If you have not provided us with the data yourself, for example in the course of registering for our offers via our website or in the course of an existing customer relationship, your data will come from publicly accessible sources, such as B2B networks and forums, which we have selected based on the focus of interest, or from lead exchanges.
For sending emails, we use storage of your data in a secure data centre as well as database maintenance and analysis.
All service providers have been carefully selected and are obligated to comply with data protection regulations in commissioned data processing agreements.
When using providers from a so-called third country, we take additional measures in accordance with the requirements of the European Commission to maintain an adequate level of data protection, such as the conclusion of standard contractual clauses and data storage in Europe.
When the purpose ceases to apply or after your withdrawal, your data will generally be erased within 30 days.
We and our advertising partners use your data for personalised advertising displayed to you on ClimatePartner services and on third-party websites and apps. For this purpose, we and our advertising partners use standard internet technologies. This allows us to target advertising more precisely so that we only present you with advertising and offers that are actually relevant to you. This, in turn, allows us to better meet our users' need for personalisation and the discovery of new products.
6. Supplementary information for applications
We process the data you send us in connection with your application in order to assess your suitability for the vacant position (or other vacancies in our companies, if applicable) and to carry out the application process.
This website uses the services of Personio for the processing of applicant data. The provider is Personio GmbH, Rundfunkplatz 4, 80335 Munich, Germany.
Personio is a service for organising and processing personnel data and applicant data.
If data are entered for the purpose of the application, they will be stored on the servers of Personio GmbH in Germany. Personio GmbH has ISO 27001 certification and operates its servers in Frankfurt, Germany. For more information on the processing of personal data in the application procedure, please visit https://www.personio.com/privacy-policy/.
Data processing is based on your consent and the initiation of a potential contractual relationship.
The data you have deposited with us for the purpose of the application will be erased six months after receipt of the application, unless you have given us your consent to store the data in our talent pool.
If your data are stored in the talent pool, we will erase them after one calendar year or obtain further consent. Data stored by us for other purposes (e.g. email addresses for newsletter dispatch) remain unaffected by this.
7. Supplementary information for contractual partners (suppliers) and third parties
We process the data that are sent to us in connection with our collaboration. This includes names, contact details and the information collected when the supplier is selected.
We store these data in our internal CRM system to facilitate requests for further collaboration.
The storage of data is based on existing contracts or our legitimate interest in enabling further cooperation by accessing the collected data.
8. Supplementary information on the use of ClimatePartner services
When you purchase products from ClimatePartner, you will be asked for personal information such as name, email address, payment method and credit card number.
All data and information about your identity are stored on the servers of ClimatePartner and the corresponding contractual partners.
As a matter of principle, we do not transmit your personal data to unauthorised third parties. We reserve the right to transmit information to authorised partners who are bound by a data protection and confidentiality agreement with ClimatePartner. If you, as a customer of our products, specify our partner company as account manager, personal data will be transferred to the specified partner company to the extent that this is necessary for the settlement of commission payments on the part of ClimatePartner to the partner company specified by you.
In addition to your company name, this includes the type and number of ClimatePartner products you have purchased, the date of conclusion of the contract for your first purchase of online services and the duration of your contractual relationship with ClimatePartner.
The legal basis for processing and transmitting the data is, in addition to consent, the fulfilment of the contract relating to the product that you have purchased from us.
The data are only stored for as long as is necessary to fulfil the purpose. After termination of the order or withdrawal of your consent, your data will be erased, unless there are tax law requirements regarding erasure. If we are obligated to retain data due to tax law requirements, we will store these data for a maximum of 10 years in accordance with the retention obligations.
In some cases, ClimatePartner acts as a processor in the provision of its services. In these cases, a commissioned data processing agreement is available.
The commissioned data processing agreement is always used when ClimatePartner processes personal data on behalf of a data controller without being able to make its own decision about the purpose of the data.
Employee commuting survey
The employee commuting survey is a tool which ClimatePartner offers its customers in connection with emission calculation services. You as a data subject may be asked to take part in the survey by your employer directly, or through us reaching out to you based on contact information shared by your employer (in which case the ClimatePartner group company functions as a data processor of such contact information on behalf of your employer, from whom you can request more information about the processing).
When you visit the Employee Commuting Survey, ClimatePartner itself additionally collects your IP address for its own purposes as a data controller for the following purposes:
- The purposes and retention times mentioned above under Section 2, “Hosting”
- The purposes and retention times mentioned above under Section 2, “Access data”
For data collected while visiting the survey webpage, the ClimatePartner Group company with which your employer has a service contract with functions as the controller of the information.
The Footprint Calculator is a tool for calculating carbon footprints. Personal data are primarily required to identify and authorise customers on the platform.
The Footprint Manager is a tool for selecting CO2 offset projects and commissioning offset bookings. Personal data are required to identify and authorise users.
Platform for the management of suppliers and the collection of their relevant data. Personal data are required for authorisation, in addition to master data management for the purpose of contacting you.
Climate ID Pages
The ClimatePartner ID Pages are publicly accessible pages that enable the communication of certification. Personal data are necessary for the preview functionality to authorise and identify customers and employees.
The ClimatePartner-YOU website enables the booking of offset payments by natural persons.
Customers can register on the Marketplace to learn about various emission reductions and sustainability services. The products and services offered are designed to help customers reduce their carbon footprint. The login data are needed to maintain the customers in the customer relation management system, to contact them and to offer commission-based partnerships.
Creditreform Boniversum information pursuant to Article 14 GDPR
Our company regularly checks your creditworthiness when concluding contracts and, in certain cases where there is a legitimate interest, also for existing customers. For this purpose, we work together with Creditreform Boniversum GmbH, Hammfelddamm 13, 41460 Neuss, from whom we receive the data required for this purpose. On behalf of Creditreform Boniversum, we would like to provide you with the following information in advance pursuant to Article 14 GDPR:
Creditreform Boniversum GmbH is a consumer credit agency. It operates a database in which creditworthiness information about private individuals is stored.
On this basis, Creditreform Boniversum issues creditworthiness reports to its clients.
In the Creditreform Boniversum database, data are stored in particular on the name, address, date of birth, email address (if applicable), payment history and shareholdings of individuals. The data that Creditreform Boniversum has stored about you comes from publicly accessible sources, from debt collection companies and their customers.
To describe your creditworthiness, Creditreform Boniversum calculates a score value from your data. The score value includes data on age and gender, address data and, in some cases, payment experience data. These data are included in the calculation of the score value with different weighting. Creditreform Boniversum's clients use the score values as a tool for their own credit decisions.
The purpose of the processing of the stored data is to provide information on the creditworthiness of the queried person. The legal basis for the processing is our legitimate interest, which we must credibly demonstrate to Creditreform. If data are transferred to countries outside the EU, this is done on the basis of so-called standard contractual clauses.
The data are initially stored for three years. After expiry, a check is made to see whether storage is still necessary; otherwise the data are erased
Further information can also be found at www.boniversum.de/bonipedia under the heading Data Erasure.
You are also entitled to the legally standardised data subject rights (see above) vis-à-vis Creditreform Boniversum GmbH.
9. Supplementary information on the whistleblowing system
Our whistleblowing system is a reporting channel for implementing the requirements of the Whistleblower Protection Act. If you use our reporting channel to submit reports, we will only process your personal data if you provide it to us.
The reporting channel collects personal data such as name, contact details and employee information for the purpose of processing reports and incidents. Data processing takes place on the basis of the fulfillment of legal obligations in accordance with the Whistleblower Protection Act or on the basis of the whistleblower's consent.
The data is collected by our reporting channel operator Whistlelaw, which we have carefully selected and with whom we have concluded a data processing agreement. Whistlelaw processes the reports in accordance with the requirements of the GDPR. You can find more information about Whistlelaw's data processing here: https://www.whistle.law/so-funktioniert-s/dsgvo-sicherheit
The data is initially stored for three years. After expiry, it will be checked whether storage is still necessary, otherwise the data will be deleted on the exact day.
10. Supplementary notes on social media
We use the following social media channels
You will find more detailed information about the processing of your personal data, the storage period and the possible transmission of your data on the respective homepages.
11. Amendment of the privacy notice
We are constantly developing our website, services and products and do our best to regularly adapt and improve data protection. Accordingly, regular amendments to this privacy notice are also necessary in order to adapt it to changed legal situations or in the event of changes to the service and data processing. However, this only applies with regard to declarations on data processing.
The privacy notice always corresponds to the version stated below. We therefore recommend that you read the privacy notice from time to time.
Version: January 2024