Data Protection Policy

Within the use of this website we, as the data controller, collect and store the data you provided as long and so far this is necessary to fulfil the specified purposes and legal obligations. In the following we will inform you what data is involved, how the data is processed and what rights you have in this regard.

According to Article 4 no. 1 General Data Protection Regulation (GDPR) personal data means any information relating to an identified or identifiable natural person (in the following "data subject or user").

1. Name and contact data of the data controller

This Data Protection Policy covers data processing on the website https://trustee.ise.fraunhofer.de by the Controller:

Fraunhofer-Gesellschaft
zur Förderung der angewandten Forschung e.V.

Hansastraße 27 c,
80686 München
GERMANY

on behalf of our Fraunhofer Institute for Solar Energy Systems ISE

(in the following referred to as „Fraunhofer ISE“)

Email: datensicherheit(at)ise.fraunhofer.de

You can reach the Data Protection Officer of the Fraunhofer Institute at the above address c/o Data Protection Officer or at datenschutz(at)zv.fraunhofer.de.

You can always reach out to our data protection officer directly if you have any questions about data protection law or about your rights as a data subject.

2. Processing of personal data and purposes of processing

a) When visiting the website

Every time you visit our web pages, our website servers save your device’s accessing our website in a protocol file. This storage is temporary; our website server saves the following access data until their automated deletion:

  • The IP address of the requesting device
  • Access date and time
  • Name and URL of the accessed data
  • The data volume transmitted
  • The message whether the access was successful
  • The browser and operating system used
  • The name of the Internet Provider (ISP)
  • Geographical origin
  • The referring website (referrer URL)

These data are processed for the following purposes:

  1. To enable the use of the website (connection setup)
  2. Administration of the network infrastructure
  3. Appropriate technical and organisational measures to ensure IT systems and data security taking into account the state of the art technology
  4. Fault Analysis and Threat Mitigation
  5. To offer user-friendly service
  6. To optimize the Internet offering

Legal foundations for the above processing purposes:

  • Data processing pursuant to numbers 1-6: The first sentence of Art. 6 Subs. 1 Sentence 1 lit. f GDPR (legitimate interests). Our legitimate interests in the processing of data are based on our desire to offer user-friendly optimised web pages.

After the set period of 30 days, our web server automatically deletes the above-mentioned data, unless we are obliged to longer storage under Art. 6 Subs. 1 Sentence 1 lit. c GDPR due to tax- and commercial-law retention and documentation duties, to comply with obligations following the Horizon 2020 agreement (e.g. a documentation obligation for 5 years following Art. 18 Grant Agreement Number 696140) or you have consented to a prolonged period under Art. 6 Subs. 1 Sentence 1 lit. a GDPR. Under no circumstances do we use the collected data for the purpose of drawing conclusions about your person.

Furthermore, we insert Cookies once you visit our website and we use analytical services as well. For more information on the use of Cookies and analytical services, please see Sections 4 and 5 of this Data Protection Policy.

b) When setting up a user account

You can set up a password-protected user account with us in which we save your personal data. In the course of the registration of a user account, we collect the following mandatory data:

  • first name, last name,
  • company name,
  • address,
  • company ID number,
  • company VAT number,
  • company activity group (NACE Code),
  • name, title and position of a contact person,
  • telephone and mobile number,
  • a valid email address,
  • a username.

In addition, to open a user account you have to enter a password of your choice. Together with your username this provides access to your user account.

Our website offers an automatic standardized evaluation of submitted energy efficiency or renewable energy proposals for a possible financing or re-financing in the future. The use of this service requires prior registration. Recording of data upon registration by a user is used to process and evaluate proposals for a possible financing or re-financing of the project in the future.

The data are processed upon your query and under Art. 6 Subs. 1 Sentence 1 lit. b GDPR are required for the stated purposes of fulfilling the contract and pre-contractual measures.

After your user account is deleted, your personal data are automatically deleted, unless we are obliged to longer storage under Art. 6 Subs. 1 Sentence 1 lit. c GDPR due to tax- and commercial-law retention and documentation duties, to comply with obligations following the Horizon 2020 agreement (e.g. a documentation obligation for 5 years following Art. 18 Grant Agreement Number 696140) or you have consented to a prolonged period under Art. 6 Subs. 1 Sentence 1 lit. a GDPR.

3. Transfer of data

Your personal Data will not be transferred to third parties (i.e. to natural and legal persons other than you, the data subject, the controller or the service provider or its vicarious agents) for purposes other than those specified below.

a) Transfer to consortium members of the Horizon 2020 project TrustEE

In the course of using the “submit proposal” function, we submit your data to the other consortium members of the Horizon 2020 research and innovation programme project “TrustEE”. These are:

  • AEE - Institut für Nachhaltige Technologien, Feldgasse 19, 8200 Gleisdorf, Austria
  • ainia centro tecnológico, Parque tecnológico de Valencia, c/ Benjamin Franklin, 5-11, E46980 Paterna, Spain
  • Borg & Co AB , Sveavägen 98, 4 tr, 113 50 Stockholm, Sweden
  • REENAG Holding GmbH, Hagenmüllergasse 12/2, 1030 Wien, Austria
  • Universidade de Évora, Largo dos Colegiais 2, 7000 Évora, Portugal

(in the following: single "consortium member" and together "consortium"). The consortium members are joint controller according to Art. 26 Subs. 1 Sentence 1 GDPR.

The legal foundation for the data transfer is Art. 6 Subs. 1 Sentence 1 lit. f GDPR. Our legitimate interest follows from the expertise of the consortium and their help with the evaluation of the proposal. One of the consortium members will use the data to personally assess the proposal in the third stage and get in contact with you to validate your proposal, which happens in our legitimate interest. The consortium member may use the submitted data for own research purposes or research purposes of the consortium.

Following Art. 26 Subs 3 GDPR you may exercise your rights (see Section 6 and 7) under the GDPR in respect of and against each of the controllers. You may request to receive information about the essence of the joint controller arrangement to the controller (see Section 1).

b) Transfer to potential financial partners

After the assessment of the proposal and the conclusion of the final report your data will be transferred to potential financial partners in order to enable a potential investments in the submitted and evaluated proposal.

The legal foundation for the data transfer is Art. 6 Subs. 1 Sentence 1 lit. f GDPR. Our legitimate interest follows from our long term goal to support projects in the area of energy efficiency and renewable energy with their implementation and execution by finding financial partners for them.

The transferred data may be used by third parties only for the stated purposes. Personal data will not be transferred to government bodies or public authorities except in order to comply with mandatory national legislation or if the transfer of such data should be necessary in order to take legal action in cases of fraudulent access to our network infrastructure or to comply with our obligations following the Horizon 2020 agreement. Personal data will not be transferred for any other purpose.

The transfer of personal data to countries outside the EU or an international organization is excluded.

A transfer of personal data to a third country or an international organization is excluded.

4. Cookies

We use server-side cookies. Cookies are small files which are automatically created by your browser and stored in your device (PC, laptop, tablet, smartphone or similar device) once you visit our website. Cookies do not harm your computer, and they do not contain viruses, Trojans or other malware.

Cookies contain information pertaining to the specific device, which accessed our website. However, this does not provide us with direct knowledge of your identity.

One reason for us to use cookies is to make the use of our website more convenient for you. We use session cookies to allow session controls. At the latest, session cookies are deleted when you close your browser.

We also use cookies to gather data for our website statistics. This helps us evaluate and optimise our web offering (see Section 5). These cookies allow us to recognise repeat visits from your device. They will be deleted automatically after a specific time.

The data obtained with the help of cookies help us pursue our legitimate interests as website owners and serve the legitimate interests of third parties pursuant to the first sentence of Art. 6Subs. 1 Sentence 1 lit. f GDPR.

Most browsers accept cookies automatically. However, you are able to configure your browser in such a way that the application does not store cookies on your computer or always shows an alert before storing new cookies. However, the complete deactivation of cookies may prevent you from using all of the functions on our website.

5. Web analysis/Tracking

The following tracking measures which we use are carried out on the basis of Art. 6 Subs. 1 Sentence 1 lit. f GDPR.

With the deployed tracking measures we want to ensure an appropriate design and continuous optimisation of our website. On the other hand, we use tracking measures to compile statistics on the use of our website and to evaluate the optimisation of our offerings for you.

Matomo

On our website, we use the Matomo open source service by InnoCraft Ltd in 150 Willis St., 6011 Wellington, New Zealand to analyse the activities of our website users and to optimise our website and its content based on this analysis. During this process, we do not receive any information that identifies our users.

Matomo uses cookies that enable the service to analyse the activities of our website users. The cookie contains information, including personal information, on your visitor behaviour on our website. Under a pseudonym, Matomo creates your user profile for analytical purposes. Since we host Matomo on our own server, the analysis does not require the processing of data by third parties.

Without your specific permission, we do not use the data collected to identify you personally and will not match the data with personal data under a pseudonym associated with you.

To the extent that we collect IP addresses, these addresses are stripped of their last control number block upon collection to anonymise the IP addresses instantly. We delete further personal data stored in the cookie at the end of each session.

We process statistical data based on our legitimate interest pursuant to of Art. 6 Subs. 1 Sentence 1 lit. f GDPR in the optimisation of our online offering and our web presence.

Currently, Matomo Web Services analyse your website visit. Click here to prevent the Matomo Web Services from analysing your visit of our website:

6. Data subject rights

You have the right:

  • pursuant to Art. 7 Subs. 3 GDPR to withdraw your consent to us at any time. This means that we may no longer continue processing the data based on that consent for the future;
  • pursuant to Art. 15 GDPR to demand information about your personal data we process. In particular, you can demand information about the purposes of the processing, the category of the personal data, the categories of recipients to whom your data were or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction or revocation of processing, the existence a right to lodge a complaint, the origin of your data, in so far as not collected by us, and also about the existence of automated decision-making including profiling and where appropriate meaningful information about to details thereof;
  • pursuant to Art. 16 GDPR to demand immediate rectification of inaccurate or completion of your personal data saved with us;
  • pursuant to Art. 17 GDPR to demand deletion of your personal data saved with us, in so far as the processing is not required for exercising the right of freedom of expression and information, to comply with a legal obligation, for reasons of public interest or to establish, exercise or defend legal claims;
  • pursuant to Art. 18 GDPR to demand restriction of processing of your personal data, in so far as you contest the accuracy of the data, the processing is unlawful but you oppose deletion and we no longer need the data but you do to establish, exercise or defend legal claims or you have objected to processing pursuant to Art. 21 GDPR;
  • pursuant to Art. 20 GDPR to receive your personal data you have provided us in a structured, commonly used and machine-readable format or to demand transmission to another controller;
  • pursuant to Art. 77 GDPR to lodge a complaint to a supervisory authority. As a rule, you can contact the supervisory authority for your habitual residence or place of work or our registered offices.

1. Right to object pursuant to Art. 21 GDPR

In so far as your personal data are processed on the basis of legitimate interests pursuant to Art. 6 Subs. 1 Sentence 1 lit. e and Art. 6 Subs. 1 Sentence 1 lit. f GDPR, you have the right, pursuant to Art. 21 GDPR, to object to the processing of your personal data, in so far as there are grounds arising from your particular situation or it relates to objection to direct marketing. In the latter case, you have a general right to object which we shall heed without the stating of a particular situation; This also applies to profiling based on those provisions as defines in Art. 4 no 4 GDPR.

If you submit an objection we shall no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing is necessary for the establishment, exercise or defence of legal claims.

If your objection is to the processing of data for direct marketing purposes, we shall cease processing immediately. In this case it is not necessary for you to assert a particular situation. This also applies to profiling to the extent that it is related to such direct marketing.

If you want to exercise your right to object, simply send an email to datenschutz(at)zv.fraunhofer.de.

2. Data Security

All the data you personally transfer will be sent encrypted with the customary and secure TLS standard (Transport Layer Security). TLS is a secure and proven standard, which is also used for online banking, for example. You can recognise a secure TLS connection inter alia by the "s" appended to the http (i.e. https://..) in the address bar of your browser or by the lock symbol at the bottom of your browser.

We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, de-struction or against unauthorised access by third parties. Our security measures are continually monitored and improved to reflect technological developments.

3. Validity and modification of this data protection information

This Data Protection Policy is the latest version and was last amended as of November 2018.

The further development of our website and offers on it or changes in statutory or public-authority requirements many render it necessary to amend this Data Protection Policy. The latest version of Data Protection Policy can be downloaded and printed out at any time from the website under

https://trustee.ise.fraunhofer.de/view_data_protection

You may read or print this updated and amended version at any time.