Data protection

This English version is provided for convenience only. In the event of any discrepancies, the German version shall prevail.

  1. Scope of this Privacy Notice

This Privacy Notice applies to the website www.wvag.de including all associated subpages.

  1. Controller and Data Protection Officer
    2.1 The controller within the meaning of the General Data Protection Regulation (“GDPR”), the applicable national data protection laws of the Member States, and other data protection provisions is: WV Energie AG, Am Sonnenplatz 1, 61118 Bad Vilbel. We take the protection of your personal data very seriously.
    2.2 Our Data Protection Officer is: Mr. Dr. Jens Bücking, Attorney-at-Law, unter e|s|b data gmbh, Schulze-Delitzsch-Str. 16, 70565 Stuttgart, Germany, Phone.: +49 (0)711/46 90 58-30, Fax: +49 (0)711/46 90 58-99, E-Mail: info@esb-data.de.
  2. Definitions

For the purposes of this Privacy Notice, the following terms shall have the meanings set out below:

Browser Data Personal data that your browser automatically transmits to our web server when you visit our website and that our web server stores at least for the duration of your visit, namely: your IP address, date and time of your visit, time zone difference to Greenwich Mean Time (GMT), pages visited on our website, access status/HTTP status code, the website from which you accessed our website, the operating system you use, the browser you use including version and language, the amount of data transmitted and — if JavaScript is enabled in your browser — also your screen resolution, color depth and browser window size;
Cookie A text file stored temporarily or permanently on your device that allows us or third parties to receive certain information. This text file cannot execute programs or transmit viruses to your computer;
Third Country A country outside the European Union or a country that is not a contracting party to the Agreement on the European Economic Area;
Voluntary Information Personal data that we may request from you which are not mandatory, but facilitate the processing;
Contact and Inquiry Data Personal data that you provide when contacting us by e-mail or otherwise submitting an inquiry outside the conclusion of a contract;
Log File A file stored on a web server in which browser data are recorded;
Usage Data Personal data relating to your use of our website that are collected automatically when using the website — in particular as browser data as well as through cookies or similar technologies;
Mandatory Information Personal data that we request from you and that are strictly necessary to fulfil the purposes of processing. Mandatory information is specifically identified when collected.

In addition, this Privacy Notice uses the terms processor (Auftragsverarbeiter), third party (Dritter), recipient (Empfänger), personal data (personenbezogene Daten), profiling (Profiling) and controller (Verantwortlicher) as defined in the General Data Protection Regulation (“GDPR”). The definitions (Article 4 GDPR) are available, for example, at: https://dejure.org/gesetze/DSGVO/4.html

  1. Contact Form
    If you have any questions, we provide the possibility to contact us via a form available on our website. When you use the form, we may collect the following personal data.
    • First name, last name
    • Telephone number
    • E-mail address
    • Your message to us

Additional information may be provided voluntarily.

We process the personal data in order to respond to your inquiries, to provide any services you request, to ensure compliance with applicable laws and regulations and to assert or defend legal claims.

The legal basis for this processing is Article 6(1) sentence 1 lit. a and lit. b GDPR, as your consent is obtained when using the form or requesting information, and/or the processing is necessary for the performance of a contract or pre-contractual measures.

Personal data collected through the contact form will generally be deleted once your inquiry has been fully resolved. In all other cases, personal data will be stored for as long as required to fulfil the purposes described above. Where statutory retention obligations apply — for example under German tax law (AO) or commercial law (HGB) — data must be retained for six or ten years respectively.

  1. Contact and Inquiry Data
    5.1 We process your contact and inquiry data — which may include both mandatory information and voluntary information (e.g., to address you personally or clarify questions more effectively) — to respond to your inquiries, on the basis of Article 6(1) sentence 1 lit. a and/or lit. b GDPR, and only to the extent necessary to handle your request.
    5.2 We have commissioned Digitale Denkart Managed Services GmbH, Hessenring 71, 61348 Bad Homburg v.d.H., as a processor to provide technical support for our data processing systems and the related processing of contact and inquiry data. Your contact and inquiry data will not be disclosed to any further recipients, and in particular not to third parties. There is no intention to transfer your contact and inquiry data to a third country or to an international organisation.
    5.3 Your contact and inquiry data will be deleted without undue delay once your request has been fully processed, unless legal requirements demand further processing, especially for retention purposes, retention is necessary for evidence (e.g. to assert or defend legal claims), or you have expressly given permission or a legal authorization exists.
  2. Google Web Fonts
    Google Web Fonts are embedded locally and are not retrieved from Google.
    Therefore, no data is transmitted to Google in connection with the use of Web Fonts.
  3. Browser Data
    7.1 Each time you visit our website, we collect browser data. We do not combine the browser data with any other personal data relating to you.
    7.2 We use the browser data to display our website to you and to ensure the stability and security of our website, based on Article 6(1) sentence 1 lit. f GDPR. In particular, we require browser data to detect, resolve and prevent disruptions and attacks on our IT systems.
    7.3 We have commissioned tikitay – werbeagentur gmbh, Breitgasse 5a, 69493 Hirschberg an der Bergstraße, Germany, as a processor to provide technical support for our website and to operate our web servers, including the related processing of browser data. Browser data will not be passed on to other recipients and in particular not to third parties. However, if investigative measures are initiated due to an attack on our IT systems, the browser data may be disclosed to government investigative authorities. The same applies if competent authorities or courts request information from us and we are legally obliged to respond. There is currently no intention to transfer your browser data to a third country or to an international organisation.
    7.4 Your IP address is stored only for the duration of your visit to the website and is then deleted immediately or anonymised by shortening. The remaining browser data, including the anonymised IP address if applicable, are stored in a log file. The log file is deleted after two days.
  4. Cookies
    8.1 To the best of our current knowledge, we do not use cookies or analytics services on our website — not even session cookies. The following information is therefore provided purely for preventive and informational purposes.
    8.2 If technically necessary cookies are used, such processing is based on Article 6(1) sentence 1 lit. f GDPR to ensure that you can use our services smoothly. Technically necessary cookies are deleted automatically at the end of your session, i.e. when you leave our website and close the corresponding browser window.
    8.3 We have commissioned tikitay – werbeagentur gmbh, Breitgasse 5a, 69493 Hirschberg an der Bergstraße, Germany, as a processor for the technical support of our website and the operation of our web servers, including the processing of any usage data collected through cookies. There is no disclosure of such data to any other recipients and in particular not to third parties. There is currently no intention to transfer your usage data to a third country or to an international organisation.
    8.4 If you would like to prevent the use of cookies, you can configure your internet browser to delete cookies stored on your device, block all cookies or warn you before a cookie is stored, allowing you to decide on a case-by-case basis.Each browser manages cookie settings differently — you will find instructions in the help section of your browser. Further information is available, for example, via the following links: Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies Firefox: https://support.mozilla.org/de/kb/cookies-loeschen-daten-von-websites-entfernen https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen Safari  https://support.apple.com/de-de/guide/safari/sfri11471/mac Chrome: https://support.google.com/chrome/answer/95647?hl=de Opera: http://help.opera.com/Windows/10.20/de/cookies.html 
  5. LinkedIn

    The LinkedIn platform is operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”). Responsibility for our own LinkedIn page lies with the controller named above for our website.

When visiting our LinkedIn page, LinkedIn collects personal data from users — for example through the use of cookies, tracking technologies and similar tools. This also applies to users who are not logged in or registered with LinkedIn at the time of their visit. Details regarding the types of cookies and tools used by LinkedIn can be found in LinkedIn’s Cookie-Policy.

A detailed list of cookies and comparable technologies is available in the Cookie Table provided by LinkedIn.

It is possible that LinkedIn transfers collected information to affiliated companies in the United States. LinkedIn bases such transfers on the Standardvertragsklauseln (Standard Contractual Clauses) to ensure an adequate level of data protection. Further information on LinkedIn’s use of the Standard Contractual Clauses can be found at: https://de.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

For more details on LinkedIn’s overall data processing activities, please refer to LinkedIn’s Privacy Policy. We do not have full access to the data processed by LinkedIn relating to your person — this includes your profile data. We are only able to view information from your profile that is publicly accessible. You can determine the scope of publicly visible information yourself through your LinkedIn privacy settings. 

Regarding your visit to our LinkedIn page, we receive anonymous usage statistics from LinkedIn including the following information:

    • Reach: number and development of users who view a specific post, advertisement or similar; number and development of user interactions with specific posts
    • Followers: number and development of people following our page over a defined period of time

We use this statistical information to understand which content is well received and what interests our users have. This enables us to tailor our posts and offerings to user needs and to continuously improve and target our LinkedIn page.

The legal basis for processing usage data and statistics is Article 6(1) lit. a GDPR where you have given consent. Processing of the usage statistics is also based on our legitimate interests pursuant to Article 6(1) lit. f GDPR, which arise from the above-mentioned purposes.

The statistical usage data cannot be assigned to a specific profile or user by us, nor can we draw any conclusions about individual users. You can define in your LinkedIn settings whether and how you wish to see targeted advertising.

LinkedIn generates the statistics based on usage data to which we do not have access. LinkedIn has accepted responsibility for processing this data under a Joint Controller Addendum and has committed to safeguarding your rights under the GDPR.

If you actively contact us via posts, comments, forms or chat functions, we process your personal data (for example your name, contact details and the content of your inquiry) in order to handle your request and communicate with you. For this purpose, we may store such data in our CRM system. The legal basis for this data processing is Article 6(1) lit. f GDPR where your request relates to general communication and our legitimate interest lies in responding to your inquiry, or Article 6(1) lit. b GDPR where your request is directed towards entering into a contract. Your personal data will only be stored on our systems for as long as necessary for the purposes described above or where statutory retention obligations apply.

There is no legal or contractual obligation for you to provide your personal data. However, without the processing of your personal data by LinkedIn, you will not be able to use our LinkedIn page.

Further information on how we process personal data and on your related rights can be found in this Privacy Notice. With regard to data processing carried out by LinkedIn, please contact LinkedIn directly using the contact options provided by LinkedIn to exercise your rights. For matters relating to our own data processing, you will find our contact details above.

  1. Applicant Privacy Notice WV Energie AG collects and processes the personal data of applicants for the purpose of handling the application procedure. Processing may also be carried out electronically, in particular if an applicant submits the relevant application documents electronically, for example by e-mail. If an employment relationship is established with an applicant, the transmitted data will be stored for the purpose of managing the employment relationship in compliance with the applicable legal provisions. If no employment relationship is established, the application documents will be deleted after the rejection decision has been communicated, in accordance with the applicable regulations, unless other legitimate interests of WV Energie AG prevent deletion.
  2. Rights of Data Subjects

You have the right:

    • pursuant to Article 15 GDPR to request information about the personal data we process concerning you. In particular, you may request information about the purposes of processing, the categories of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the source of your data if they were not collected by us, as well as the existence of automated decision-making including profiling and, where applicable, meaningful information about its details;
    • pursuant to Article 16 GDPR to request the immediate rectification of inaccurate personal data stored by us or the completion of such data;
    • pursuant to Article 17 GDPR to request the erasure of your personal data stored by us unless the processing is required for exercising the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
    • pursuant to Article 18 GDPR to request the restriction of processing of your personal data where the accuracy of the data is contested by you, the processing is unlawful but you oppose erasure and we no longer need the data, yet you require the data for the establishment, exercise or defence of legal claims, or you have objected to processing pursuant to Article 21 GDPR;
    • pursuant to Article 20 GDPR to receive the personal data you have provided to us in a structured, commonly used and machine-readable format or to request the transmission of those data to another controller;
    • pursuant to Article 7(3) GDPR to withdraw your consent at any time. As a consequence, we will no longer be permitted to continue the data processing that was based on your consent in the future. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. If you wish to exercise your right of withdrawal, a notification through any of our known communication channels, in particular by email to info@wvag.de, is sufficient.
    • pursuant to Article 77 GDPR to lodge a complaint with a supervisory authority. As a general rule, you may contact the supervisory authority of your habitual residence, place of work or the place of our registered office. In Hesse, this is: The Hessian Commissioner for Data Protection and Freedom of Information.

Gustav-Stresemann-Ring 1

65189 Wiesbaden

Phone: +49 611/140 80

  1. Automated individual decision-making including profiling
  2. ou have the right not to be subject to a decision based solely on automated processing — including profiling — which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
    • is necessary for entering into, or the performance of, a contract between you and the controller,
    • is authorised by Union or Member State law to which the controller is subject and that law contains suitable measures to safeguard your rights, freedoms and legitimate interests, or
    • is based on your explicit consent.

However, such decisions may not be based on special categories of personal data referred to in Article 9(1) GDPR unless Article 9(2)(a) or (g) GDPR applies and appropriate measures have been taken to protect your rights, freedoms and legitimate interests.
In the cases referred to in (1) and (3), the controller will implement suitable measures to safeguard your rights, freedoms and legitimate interests, which shall include at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

  1. Data Security
    During visits to our website, we use the widely adopted SSL encryption (Secure Socket Layer) in the TLS standard (Transport Layer Security), in combination with the highest encryption level supported by your browser. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we will instead rely on 128-bit technology. You can recognise whether an individual page of our website is being transmitted in encrypted form by the closed key or lock symbol displayed in the lower status bar of your browser. Furthermore, we implement appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.
  2. Updates and Amendments to this Privacy Notice This Privacy Notice is current as of October 2024. Due to the ongoing development of our website and services, or as a result of changes in legal or regulatory requirements, amendments to this Privacy Notice may become necessary. The latest version of the Privacy Notice can be accessed at any time on our website at https://wvag.de. We reserve the right to amend this Privacy Notice at any time with effect for the future. We recommend reviewing the current Privacy Notice from time to time.