Career
Customer portal

Privacy policy app

General information

This privacy policy explains the type, scope and purpose of the processing of personal data within our app and the associated functions and content. Our privacy policy is intended to be simple and understandable for everyone. As a rule, the official terms of the General Data Protection Regulation (GDPR) are used in this privacy policy. The official definitions are explained in Art. 4 GDPR.

Who is responsible for data processing

ESFORIN SE
Ruhrallee 201
45136 Essen
+49.201.220.38-100
info@esforin.com

Contact Details of the Data Protection Officer

Proliance GmbH / www.datenschutzexperte.de
Data Protection Officer
Leopoldstr. 21
80802 Munich
datenschutzbeauftragter@datenschutzexperte.de

When contacting the data protection officer, please state the company to which your request relates. Please refrain from enclosing sensitive information, such as a copy of your ID, with your request.

Data collection in the context of app use

We take the protection of your data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

With our app, we offer our customers an interface to our digital energy services.

When you download our app, register or log in to the app and use the app, various personal data are processed.

Personal data is data that can be used to identify you personally. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

 

Access to and Storage of Information on Terminal Equipment

By using our app, information (e.g. IP address) may be accessed or information (e.g. cookies) may be stored in your end devices. This access or storage may involve further processing of personal data within the meaning of the GDPR.

In cases where such access to information or such storage of information is absolutely necessary for the technically error-free provision of our services, this is done on the basis of § 25 para. 1 sentence 1, para. 2 no. 2 TTDSG.

In cases in which such a process serves other purposes (e.g. the needs-based design of our app), this is only carried out on the basis of Section 25 (1) TTDSG with your consent in accordance with Art. 6 (1) (a) GDPR. Consent can be revoked at any time for the future. The provisions of the GDPR and the German Federal Data Protection Act (BDSG) apply to the processing of your personal data.

Further information on the processing of your personal data and the relevant legal bases in this context can be found in the following sections on the specific processing activities in our app.

 

Information that is collected when the app is downloaded

When you download the app, certain required information is transmitted to the app store you have selected (Google Play Store, Apple App Store). In particular, the user name, email address, customer number of your account, the time of the download, payment information and the individual device identification number may be processed. We have no influence on this data collection and are not responsible for it. The contract is concluded with the respective store provider and is handled in accordance with their terms and conditions of business and use and their data protection provisions. As part of your use of the stores, we only process the reviews you have published about our app and the associated data and receive anonymous statistics via the stores, e.g. on download figures, uninstallations and crashes.

 

Hosting

We operate the app services in the EU. We use Microsoft Azure B2C for user identification. Azure AD B2C is a CIAM (Customer Identity Access Management) solution that supports millions of users and billions of authentications per day. It ensures the scaling and security of the authentication platform as well as the monitoring and automatic handling of threats such as denial of service, password spray or brute force attacks.

 

Data processing when using the app

When you use the app, we automatically collect certain data that is required for the provision and use of the app. The following data is processed for this purpose: Time of access, IP address, content of access.

This data is automatically transmitted to us in order to provide you with the service and the associated functions and to prevent and eliminate misuse and malfunctions.

This data processing is justified by the fact that the processing is necessary for the performance of the contract between you as the data subject and us pursuant to Art. 6 para. 1 lit. b GDPR for the use of the app.

 

Technical functions of the app

The app requires the following authorizations for the full use of our services:

Internet access: This is required to save your entries on our servers.

Push notifications: This is required to send you targeted push notifications about company-relevant information and news.

The authorizations to access the above-mentioned functions are explicitly requested at the latest when the device is used for the first time and can be confirmed or rejected.

If you have granted the individual authorizations, the associated processing of your data is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time for the future. A given authorization can normally be revoked at any time in the settings of the device (however, this depends on the device and the operating system, over which we have no influence). The legality of the data processing that has already taken place remains unaffected by the revocation. Please note that authorizations that have not been granted may restrict the use of the app.

 

Creation of a user account (registration) and login

You can download our app from the app store without registering with us. We do not collect any personal data when you download the app. Nor will any personal data be passed on to us by the app store provider. However, you can only use our app if you register via Microsoft Azure user identification. We use Microsoft Azure B2C for user identification. Azure AD B2C is a CIAM (Customer Identity Access Management) solution that supports millions of users and billions of authentications per day. It ensures the scaling and security of the authentication platform as well as the monitoring and automatic handling of threats such as denial of service, password spray or brute force attacks.

In addition, we require the following for registration: first and last name, company name and e-mail address with which the Microsoft Azure user account was linked.

The data entered during registration is processed to fulfill a contract with the user or to carry out pre-contractual measures (Art. 6 para. 1 lit. b GDPR). Additional voluntary information is processed on the basis of your voluntarily given consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent at any time for the future. All you need to do is send an informal email to the contact details of the controller mentioned above. The legality of the data processing that has already taken place remains unaffected by the revocation.

Furthermore, on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in ensuring the functionality, error-free operation of the app and the detection of misuse operation of the app and the detection of misuse, we collect and process the following data when the app is used:

  • Date of your registration
  • Date of your last login

 

Contact us via contact form, e-mail or telephone

If you send us inquiries via the contact form, e-mail or telephone, your details from the inquiry form or your e-mail, including the personal data you provide there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. Under no circumstances will we pass on this data without your consent. The legal basis for processing the data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f GDPR and, if applicable, Art. 6 para. 1 lit. b GDPR if your request is aimed at concluding a contract.

Your data will be deleted after final processing of your request, provided that there are no statutory retention obligations to the contrary. In the case of Art. 6 para. 1 lit. f GDPR, you can object to the processing of your personal data at any time.

 

Data transfer and recipients

Your personal data will not be transferred to third parties unless we have explicitly pointed this out in the description of the respective data processing, if you have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, if the transfer in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the establishment, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data, in the event that there is a legal obligation for the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR and insofar as this is necessary for the processing of contractual relationships with you pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR.

In addition, we use external service providers for the processing of our services, which we have carefully selected, commissioned in writing and with whom we have concluded order processing contracts in accordance with Art. 28 GDPR if necessary. These service providers are bound by our instructions and are regularly monitored by us. These include service providers for app hosting, sending emails and maintaining and servicing our IT systems. The service providers will not pass this data on to third parties.

 

Duration of the Storage of Personal Data

The duration of the storage of personal data is based on the relevant statutory retention periods (e.g. from commercial law and tax law). After expiry of the respective period, the corresponding data is routinely deleted. If data is required for contract fulfillment or contract initiation or if we have a legitimate interest in further storage, the data will be deleted if it is no longer required for these purposes or if you exercise your right of revocation or objection.

 

Your Rights

Below you will find information on the data subject rights granted to you by the applicable data protection law vis-à-vis the controller with regard to the processing of your personal data:

The right to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about its details.

The right to demand the immediate correction of incorrect or incomplete personal data stored by us in accordance with Art. 16 GDPR.

The right to request the deletion of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.

The right to demand the restriction of the processing of your personal data in accordance with Art. 18 GDPR if you dispute the accuracy of the data, the processing is unlawful but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR.

The right, pursuant to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request transmission to another controller.

The right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of the federal state of our registered office stated above or, if applicable, that of your usual place of residence or workplace.

The right to withdraw consent granted in accordance with Art. 7 (3) GDPR: You have the right to withdraw your consent to the processing of data at any time with effect for the future. In the event of revocation, we will delete the data concerned immediately, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

 

Right of Objection

If your personal data is processed by us on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that this is done for reasons arising from your particular situation. Insofar as the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right to object without the requirement to specify a particular situation.

If you would like to exercise your right of revocation or objection, simply send an e-mail to datenschutz@esforin.com

 

Legal Obligations

The provision of personal data for the decision on the conclusion of a contract, the fulfillment of a contract or for the implementation of pre-contractual measures is voluntary. However, we can only make the decision within the framework of contractual measures if you provide such personal data that is necessary for the conclusion of the contract, the fulfillment of the contract or pre-contractual measures.

 

Automated decision-making / profiling

Automated decision-making or profiling in accordance with Art. 22 GDPR does not take place.

 

Changes and updates to this privacy policy

We reserve the right to adapt or update this privacy policy if necessary in compliance with the applicable data protection regulations. In this way, we can adapt it to the current legal requirements requirements and take into account changes to our services, e.g. when introducing new services. The latest version applies to your visit.

 

Status of this privacy policy: 9.11.2023

Christian Irion

Senior Sales Manager

Call
email
LinkedIn
Make an appointment now

+49 201 22038143 | christian.irion@esforin.com

Alex Schwabbauer

Business Development & Sales Batteries

Call
email
Make an appointment now

+49 201 22038 179 | alex.schwabbauer@esforin.com

Matthias Mengler

Head of RES Sales

Call
email
Make an appointment now

+49 201 22038 197 | matthias.mengler@esforin.com

+49 201 22038 100 | info@esforin.com

Denis Grynbaum

Country Manager France

Call
email
LinkedIn
Make an appointment now

+33 6 84 01 15 82 | denis.grynbaum@esforin.com

Thomas Crabtree

Country Manager Netherlands

Call
email
LinkedIn
Make an appointment now

+31 630 852747 | thomas.crabtree@esforin.com

Arman Mohii

Country Manager Nordic

Call
email
LinkedIn
Make an appointment now

+46 793 431230 | arman.mohii@esforin.com