Data collection in the context of app use
With our app, we offer our customers an interface to our digital energy services.
When you download our app, register or log in to the app and use the app, various personal data are processed.
Access to and Storage of Information on Terminal Equipment
By using our app, information (e.g. IP address) may be accessed or information (e.g. cookies) may be stored in your end devices. This access or storage may involve further processing of personal data within the meaning of the GDPR.
In cases where such access to information or such storage of information is absolutely necessary for the technically error-free provision of our services, this is done on the basis of Section 25 (1) sentence 1, (2) no. 2 TTDSG.
In cases in which such a process serves other purposes (e.g. the needs-based design of our app), this is only carried out on the basis of Section 25 (1) TTDSG with your consent in accordance with Art. 6 (1) (a) GDPR. Consent can be revoked at any time for the future. The provisions of the GDPR and the German Federal Data Protection Act (BDSG) apply to the processing of your personal data.
Further information on the processing of your personal data and the relevant legal bases in this context can be found in the following sections on the specific processing activities in our app.
Information that is collected when the app is downloaded
When you download the app, certain required information is transmitted to the app store you have selected (Google Play Store, Apple App Store). In particular, the user name, email address, customer number of your account, the time of the download, payment information and the individual device identification number may be processed. We have no influence on this data collection and are not responsible for it. The contract is concluded with the respective store provider and is handled in accordance with their terms and conditions of business and use as well as their data protection provisions. As part of your use of the stores, we only process the reviews you have published about our app and the associated data and receive anonymous statistics via the stores, e.g. on download figures, uninstallations and crashes.
We operate the app services in the EU. We use Microsoft Azure B2C for user identification. Azure AD B2C is a CIAM (Customer Identity Access Management) solution that supports millions of users and billions of authentications per day. It ensures the scaling and security of the authentication platform as well as the monitoring and automatic handling of threats such as denial of service, password spray or brute force attacks.
Data processing when using the app
When you use the app, we automatically collect certain data that is required for the provision and use of the app. The following data is processed for this purpose: Time of access, IP address, content of access.
This data is automatically transmitted to us in order to provide you with the service and the associated functions and to prevent and eliminate misuse and malfunctions.
This data processing is justified by the fact that the processing is necessary for the fulfilment of the contract between you as the data subject and us in accordance with Art. 6 para. 1 lit. b GDPR for the use of the app.
Technical functions of the app
The app requires the following authorisations for the full use of our services:
Internet access: This is required to save your entries on our servers.
Push notifications: This is required to send you targeted push notifications about company-relevant information and news.
The authorisations to access the above-mentioned functions are explicitly requested at the latest when the device is used for the first time and can be confirmed or rejected.
If you have granted the individual authorisations, the associated processing of your data is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time for the future. Any authorisation granted can normally be revoked at any time in the device settings (however, this depends on the device and the operating system, over which we have no influence). The legality of the data processing that has already taken place remains unaffected by the cancellation. Please note that authorisations that have not been granted may restrict the use of the app.
Creation of a user account (registration) and login
You can download our app from the app store without registering with us. We do not collect any personal data when you download the app. No personal data is passed on to us by the provider of the app store either. However, you can only use our app if you register via Microsoft Azure user identification. We use Microsoft Azure B2C for user identification. Azure AD B2C is a CIAM (Customer Identity Access Management) solution that supports millions of users and billions of authentications per day. It ensures the scaling and security of the authentication platform as well as the monitoring and automatic handling of threats such as denial of service, password spray or brute force attacks.
In addition, we require the following for registration: first and last name, company name and e-mail address with which the Microsoft Azure user account was linked.
The data entered during registration is processed for the fulfilment of a contract with the user or for the implementation of pre-contractual measures (Art. 6 para. 1 lit. b GDPR). Additional voluntary information is processed on the basis of your voluntarily given consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent at any time for the future. All you need to do is send an informal email to the contact details of the controller given above. The legality of the data processing that has already taken place remains unaffected by the revocation.
Furthermore, on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in ensuring the functionality, error-free operation of the app and the detection of misuse, the following data is collected and processed by us when using the app:
- Date of your registration
- Date of your last login
Contact us via contact form, e-mail or telephone
If you send us enquiries via the contact form, e-mail or telephone, your details from the enquiry form or your e-mail, including the personal data you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. Under no circumstances will we pass on this data without your consent. The legal basis for processing the data is our legitimate interest in responding to your enquiry in accordance with Art. 6 para. 1 lit. f GDPR and, if applicable, Art. 6 para. 1 lit. b GDPR if your enquiry is aimed at concluding a contract.
Your data will be deleted after your enquiry has been processed, provided there are no legal obligations to retain it. In the case of Art. 6 para. 1 lit. f GDPR, you can object to the processing of your personal data at any time.
Data Sharing and Recipients
Your personal data will not be transferred to third parties unless we have explicitly pointed this out in the description of the respective data processing, if you have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, if the transfer in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the establishment, exercise or defence of legal claims and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data, in the event that there is a legal obligation for the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR and insofar as this is necessary for the processing of contractual relationships with you pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR.
We also use external service providers for the processing of our services, which we have carefully selected, commissioned in writing and with whom we have concluded order processing contracts in accordance with Art. 28 GDPR if necessary. These service providers are bound by our instructions and are regularly monitored by us. These include service providers for app hosting, sending emails and maintaining and servicing our IT systems. The service providers will not pass this data on to third parties.
Duration of the Storage of Personal Data
The duration of the storage of personal data is based on the relevant statutory retention periods (e.g. from commercial law and tax law). After expiry of the respective period, the corresponding data is routinely deleted. If data is required for contract fulfilment or contract initiation or if we have a legitimate interest in further storage, the data will be deleted if it is no longer required for these purposes or if you exercise your right of revocation or objection.
In the following, you will find information on which affected rights the applicable
data protection law grants you regarding the responsible with regard to the
processing of your personal data:
The right to request information about your personal data processed by us in
accordance with Art. 15 GDPR. In particular, you can request information about
the processing purposes, the category of personal data, the categories of
recipients to whom your data has been or will be disclosed, the planned storage
period, the existence of a right to rectification, erasure, restriction of processing
or objection, the existence of a right of complaint, the origin of your data if it was
not collected by us, as well as the existence of automated decision-making,
including profiling, and, if applicable, meaningful information about its details.
The right to request the correction of inaccurate or incomplete personal data
stored by us without undue delay in accordance with Art. 16 GDPR.
The right to request the deletion of your personal data stored by us in accordance
with Art. 17 GDPR, unless the processing is necessary for the exercise of the right
to freedom of expression and information, for compliance with a legal obligation,
for reasons of public interest or for the establishment, exercise or defence of
The right to request the restriction of the processing of your personal data in
accordance with Art. 18 GDPR, insofar as the accuracy of the data is disputed by
you, the processing is unlawful, but you object to its deletion, and we no longer
need the data, but you need it for the assertion, exercise or defence of legal
claims or you have objected to the processing in accordance with Art. 21 GDPR.
The right, pursuant to Art. 20 GDPR, to receive your personal data that you have
provided to us in a structured, commonly used and machine-readable format or
to request that it be transferred to another controller.
The right to complain to a supervisory authority in accordance with Art. 77 GDPR.
As a rule, you can contact the supervisory authority of the federal state of our
registered office stated above or, if applicable, that of your usual place of
residence or workplace.
The right to revoke the consent given in accordance with Art. 7 (3) GDPR: You
have the right to revoke consent to the processing of data once given at any time
with effect for the future. In the event of revocation, we will delete the data
concerned without delay unless further processing can be based on a legal basis
for processing without consent. The revocation of consent shall not affect the
lawfulness of the processing carried out on the basis of the consent until the
Right of Objection
Insofar as your personal data is processed by us on the basis of
legitimate interests pursuant to Art. 6 (1) p. 1 lit. f GDPR, you have the
right to object to the processing of your personal data pursuant to Art.
21 GDPR, insofar as this is done for reasons arising from your particular
situation. Insofar as the objection is directed against the processing of
personal data for the purpose of direct marketing, you have a general
right of objection without the requirement to specify a particular
If you would like to make use of your right of revocation or objection, it is
sufficient to send an e-mail to: email@example.com
The provision of personal data for the decision on the conclusion of a contract,
the fulfilment of the contract or for the implementation of pre-contractual
measures is voluntary. However, we can only make the decision in the context of
contractual measures if you provide such personal data that is required for the
conclusion of the contract, the fulfilment of the contract or pre-contractual
Automated decision-making / profiling
Automated decision making or profiling according to Art. 22 GDPR does not take