Privacy Policy

Information on group-wide data processing in accordance with the GDPR

The protection of your personal data is important to us. We therefore process your data exclusively on the basis of the legal provisions (GDPR, Austrian Telecommunications Act 2003). In the following data protection information, we inform you about the most important aspects of data processing within the framework of our website.

Name and address of the responsible person

The person responsible within the meaning of the basic data protection regulation and other national data protection laws of the member states as well as other data protection regulations is the:

Energie Steiermark Kunden GmbH
Leonhard belt 10
A-8010 Graz
Telephone: +43 (0) 316/9000
Fax: + 43 (0) 316 9000-22909
Email: info(at)e-steiermark.com
Internet: http://www.e-steiermark.com

Address of the data protection officer

Energie Steiermark AG, Attn: Data Protection Officer
Leonhard belt 10
A-8010 Graz
Email: datenschutz(at)e-steiermark.com

General information about data processing

Extent of processing of personal data

We generally process our users' personal data only to the extent necessary for providing a functional website and our content and services. The processing of our users' personal data regularly only occurs with the user's consent. However, we may also process your data to protect our legitimate interests (maintaining IT and network security) or due to legal or contractual obligations.

Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) as legal basis.

In the processing of personal data necessary for the performance of a contract of which the data subject is a party, Art. 6 para. 1 lit. b DSGVO as legal basis. This also applies to processing operations required to carry out pre-contractual actions.
If processing of personal data is required to fulfill a legal obligation that our company is subject to, Art. 6 para. 1 lit. c DSGVO as legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.

If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f DSGVO as legal basis for processing.

Data erasure and storage duration

The personal data of the data subject will be erased as soon as the purpose for which it was stored no longer applies. Data may be stored beyond this point if provided for by European or national legislation in EU regulations, laws, or other provisions to which the controller is subject. Data will also be erased when a storage period prescribed by the aforementioned regulations expires, unless further storage of the data is necessary for the conclusion or performance of a contract.
Provision of the website and creation of Log files

Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer. The following data is collected here:

• Client IP address
• Client identity according to the identd service on the client, if present
• UserID of the client, if the request was sent with authentication
• Date and time when the request was received by the server
• The HTTP method used, the requested resource, and the protocol used.
• Status code that the server sends to the client
• Size of the requested item

The data is also stored in the log files of our system. A storage of this data together with other personal data of the user does not take place.

Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f DSGVO.

Purpose of data processing

The temporary storage of the IP address by the system is necessary to allow delivery of the website to the computer of the user. To do this, the user's IP address must be kept for the duration of the session.

Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

For these purposes our legitimate interest in the processing of data according to Art. 6 para. 1 lit. f DSGVO.

Duration of storage

The data will be deleted as soon as it is no longer needed for the purpose for which it was collected. Data stored in log files is deleted at regular intervals, at the latest after 24 months.

Opposition and removal possibility

The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is consequently no contradiction on the part of the user.
Purchase our products via our homepage

Description and scope of data processing

You can purchase various products through our website. During the ordering process, data is collected and stored. The following data is collected:

• Personal data: Title, first and last name, date of birth
• Contact details: Email address and/or telephone number
• Delivery address and, optionally, a different billing address.
• Data from your order: product selection, time of order, IP address for electricity and gas products
• Select payment method and, for SEPA direct debit, your bank details
• Information on whether you are already an Energie Steiermark customer and, if applicable, your partner or customer account number.
• Data specifically required when ordering a mobility card: data on the contract vehicle (make, model, first registration, year of manufacture, license plate number) and, in the case of commercial use, also company name, company registration numbers, VAT number and image of the registration certificate.
• Data specifically required when ordering steirerAGRAR: LFBIS number and selection of trade journal subscription.

Your data may be stored via cookies to facilitate the ordering process. The data will be used exclusively for processing the order and establishing the contractual relationship.

Legal basis for data processing

The legal basis for the processing of the data is the existence of (pre-)contractual obligations Art. 6 para. 1 lit. b GDPR.

Purpose of data processing

The processing of personal data is necessary so that we can complete the order process and establish a contractual relationship electronically.

Duration of storage

The data will be stored for the duration of the contractual relationship. In addition, it will be retained for seven years due to statutory retention periods (§ 212 UGB).
Contact form and email contact

Description and scope of data processing

Our website includes contact forms that can be used to contact us electronically. If a user chooses to use this option, the data entered in the input form will be transmitted to us and stored. This data includes:

• Your concern
• Email address and/or telephone number
• Your message
• Title
• First and Last Name

Alternatively, you can contact us via the provided email address. In this case, the personal data you transmit with your email will be stored. This data will not be shared with third parties. It will be used solely for processing your inquiry.

Legal basis for data processing

Legal basis for the processing of the data is in the presence of the consent of the user Art. 6 para. 1 lit. a GDPR.

The legal basis for the processing of the data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f DSGVO. If the e-mail contact aims to conclude a contract, then additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.

Purpose of data processing

The processing of the personal data from the input mask serves us only to process the contact. In the case of contact via e-mail, this also includes the required legitimate interest in the processing of the data.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

Duration of storage

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. For the personal data from the input form of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been finally clarified.

Opposition and removal possibility

The user has the possibility at any time to revoke his consent to the processing of the personal data. If the user contacts us by e-mail, he may object to the storage of his personal data at any time. In such a case, the conversation can not continue.

All personal data stored in the course of contacting will be deleted in this case.

Registration for consultation via the social media network LinkedIn

Description and scope of data processing

The LinkedIn social media network website includes a contact form that can be used for electronic communication. If a user chooses to use this form, the data entered will be transmitted to us and stored. This data includes:

• First and Last Name
• Company name
• Position
• Business email address
• Annual electricity consumption
• Annual gas consumption

Legal basis for data processing

The legal basis for the transfer of this data is your explicit consent pursuant to Art. 6 para. 1 lit. a in conjunction with Art. 49 para. 1 lit. a GDPR.

Purpose of data processing

The processing of your personal data is for the purpose of a one-time email contact from a sales representative of the data controller to inform you about the data controller's products and services. The purpose of this contact is to conclude new contracts, increase brand awareness, and expand business activities. Any information you voluntarily provide by manually filling out the described data fields may also be transmitted to LinkedIn via the LinkedIn Ireland Unlimited Company platform when you submit the form and click "Submit." This transmission occurs only once; the data controller will not transfer any further data to LinkedIn at any time.

Duration of storage

We store your data for a maximum of 3 years, otherwise only until the purpose of the processing has been fulfilled or you withdraw your consent. Withdrawing your consent does not affect the lawfulness of the processing carried out based on your consent before its withdrawal. If the data is based on another legal basis (e.g., for the performance of a contract) for a different purpose, your data will continue to be processed despite the withdrawal of consent. Please refer to the information on the processing of data for the purpose of contract fulfillment (see page 1, section 4, point 1).

Recipients of data

Data may be transferred to LinkedIn Ireland Unlimited Company (registered office: Wilton Place, Dublin 2, Ireland) and LinkedIn Corporation (registered office: Sunnyvale, CA 94085, USA) via an unsafe third country that does not have a level of data protection equivalent to that of the GDPR. Potential risks include limited legal remedies for data subjects in unsafe third countries and restrictive legislation. In the case of data transfers to the USA, there is a particular risk due to laws such as the Clarifying Lawful Overseas Use of Data Act, which obliges companies and organizations in the USA to transfer data of data subjects to the US government or authorities without allowing them to inform the data subjects of this transfer.

Use of cookies and tracking technologies

Description and scope of data processing

We use cookies to make our website more user-friendly. Cookies are text files that are stored in or by the internet browser on the user's computer system. When a user visits a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic string that enables the browser to be uniquely identified when the website is visited again.

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these it is necessary that the browser is recognized even after a page change. The user data collected by technically necessary cookies are not used to create user profiles.

We use analytics cookies to improve the quality of our website and its content. These cookies help us understand how the website is used, allowing us to continuously optimize our offerings. Marketing cookies are used to display advertisements that are relevant to your interests.

Below you will find a list of the cookies used as well as detailed information on the legal basis, purpose, storage duration, objection and management options.

Participation in online sweepstakes

Description and scope of data processing

If you participate in competitions on our website, we will process the following personal data in this context:

• Email address and/or telephone number
• Title
• First and Last Name
• Competition-related information (points balance, agreement to terms and conditions, consent to the processing of data for marketing purposes, time of participation)
• Data processed as part of the survey on our services (your relationship with Energie Steiermark, products purchased, living situation, gender, age, occupation, postal code)

Legal basis for data processing

The legal basis for the processing of the data is Art. 6 para. 1 lit. b GDPR and thus the processing for the performance of a contract as well as our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.

Purpose of data processing

The storage and processing of the data is necessary to conduct the competition and to inform participants about any winnings.

Duration of storage

We process your personal data, as necessary, for the duration of the competition and for determining the winner, as well as for the duration of statutory retention and documentation periods, in particular the Federal Fiscal Code (BAO).

• Data of participants: The data of participants will therefore be deleted no later than 3 years after the end of the competition (§1489 ABGB).
• Winners' data: According to Section 132 of the Austrian Federal Fiscal Code (BAO), tax-relevant books, records, and documents must be retained for seven years. According to Section 212 of the Austrian Commercial Code (UGB), business documents must be retained for seven years. Therefore, winners' data is generally deleted after seven years, at the end of the year in which the tax claim arose.

Recipients of data

In connection with the prize draw, your data will be shared with those departments or employees who require it to fulfill contractual and legal obligations as well as legitimate interests. In connection with the prize draw, your data will be disclosed by data processors commissioned by us and other recipients:

• Potential partners for the competition. Any partners will be mentioned in the respective competition details.
• For the operation and administration of the website, we regularly use IT service providers who, according to our instructions and on our behalf, may also have access to personal data in order to provide the commissioned IT services.
• Your data will not be passed on to any third parties for their own purposes without your consent.

All data processors are contractually obligated to treat your data confidentially and to process it only within the scope of providing the service.
Rights of the person concerned

You have the right to information about your stored personal data, their origin and recipient and the purpose of the data processing as well as the right to correct, delete or restrict this data at any time. You also have the right to object to processing and the right to data portability. You are not obliged to give your consent to data processing with regard to data that is not relevant for the fulfillment of the contract or that is not required by law.

Should you have any further questions regarding data protection, please feel free to contact our data protection officer by email at datenschutz(at)e-steiermark.com or by post to Energie Steiermark AG, Attn: Data Protection Officer, Leonhardgürtel 10, 8010 Graz.

Furthermore, you have the right to lodge a complaint with the Austrian Data Protection Authority, email: dsb(at)dsb.gv.at.