We, OMNIA GmbH as the data controller for the website www.omnia-energy.eu according to Art. 4 No. 7 EU GDPR (hereinafter “we”), are pleased to provide you with information through this data protection statement as to whether and to what extent your personal data is processed when visiting the website at this domain. In addition, we also hereby provide you information on your rights and identify relevant contacts. This information applies to the domain specified above as well as to other websites that we host online if these are explicitly referenced in this statement.

Personal data includes all information that identifies you individually, e.g. name, address, email address, IP address, data about website use.

This website may contain links to websites outside of OMNIA, to which this data protection statement does not apply. In case you leave this website, please make sure to check the data protection statement of the websites outside of OMNIA.

A. Definition of terms used

Our data protection statement aims to be clear and understandable for everybody. Usually, in a data protection statement the official terms of the EU General Data Protection Regulation (GDPR) are utilised. The official definitions of terms can be found in Art. 4 GDPR.

B. Responsible place within the meaning of data protection

OMNIA GmbH
Sternstr.1, D-85622 Feldkirchen (München)

C. Processing of personal data from informational use based on legitimate interests, Art. 6(1) lit. f) GDPR

In case of purely informational use of our website, which means when you do not register, log in or otherwise transmit any additional information to us, we initially collect and process only the personal data that your browser and your internet provider transmit to our server. This involves data that is needed for technical reasons in order to display the website and to ensure the security and stability of our site.

Specifically, this is the shortened and thus anonymous IP address (the reduction excludes person-specific identifiers and thus, a personal relationship), the website, the site you last visited (referrer), the websites belonging to OMNIA that you visited, the names of the retrieved files, the date and time of the retrieval, the operating system and version of browser installed on your PC. We also store the aforementioned data in log files. This occurs in order to ensure that the website functions properly. In addition, we use the data to improve our online presence and to ensure its security. However, none of the afore mentioned data is stored together with other personal information. Log files are stored for a maximum of 7 days.

• Technical data (shortened and hence anonymised IP address; date; time of the request; content of the request, i.e. specific site and files you might have accessed; access status/http status code);

• Time zone difference to Greenwich Mean Time (GMT); amount of data transferred respectively; website from which the request originated;

• Operating system/browser data (operating system, GUI, browser, language and version of the browser software)

For the website to operate properly and to fulfil our own obligations, we forward your data to our service providers and in turn receive data from them. This is also applicable if you contact us in the ways specified by us or use other offers on our website.

We also save your personal data in the so called local storage. meaning we use the saving capacity of your browser. Local storage is an industry-standard technology that allows a website or app to store and retrieve data on a person’s computer, mobile phone or other device. This helps to facilitate the user experience of omnia-energy.eu. Third parties or other websites cannot access this data. A combination of other types of data and local storage data is not happening.

Furthermore, some tracking tools save information and entries in the local storage. The according data protection notes can be found in the section on tracking tools. These data help to analyse and interpret the browsing behaviour of the visitors of www.omnia-energy.eu and will not be used for commercial purposes.

E. Data Recipients and Data Sources

1. Categories of data recipients

Within the scope allowed by law (as previously described), we relay personal data to third parties:

• Affiliated companies of the OMNIA group

• IT service providers, for the purpose of maintaining our IT infrastructure

• Public agencies where justified on a case-by-case basis (e.g. national insurance carriers, financial authorities, police, public prosecutor’s office, regulatory agencies)

1. Data Sources

We process personal data that we obtain from you within the context of our user and business relationships. Where necessary in order to provide our services, we process personal data that we have collected within the context of your use of our website. Further, we process personal data we get from search engines or analytics providers.

G. Retention period or criteria in determining retention period.

Where purely informational use is involved (see Item A.), we retain the designated personal data for as long as necessary to provide services or for use. It is deleted once the respectively designated purpose has been achieved.

Data stored in log files is deleted within a maximum of 7 days. In addition, personal data stored in log files is also anonymised.

If there are statutory or contractual retention periods (e.g. where a user or contractual relationship is involved), we are obligated to retain the data until expiration of this period. We delete the relevant data following expiry or discontinuation of relevant obligations arising from statutory retention periods stipulated by commercial and tax law (see §§ 147 General Tax Code (AO) and 257 Commercial Code (HGB)).
We retain your data for marketing purposes until you object to its use, withdraw your consent or such use is no longer legally permitted.

We retain your other data only as long as we need it to fulfil the specific purpose for which it was collected (e.g. fulfilment or conclusion of contract) and delete it once it ceases to be needed for that purpose.

F. Data transfer to a third country

In addition to the data transfers to third countries as already described above, data is also transferred to countries outside the European Union and the European Economic Area (“third countries”) in the context of the administration, development and operation of IT systems. When doing so, the following must be observed:

Transfer is in principle permissible because the requirements allowing for such transfer under law have been satisfied or you have given your consent to the transfer of the data and special conditions exist for transfer to a third country. Specifically, the data importer guarantees an adequate level of data protection in accordance with standard EU clauses for the transfer of personal data to data processors in third countries. You can find a copy of the standard contract clauses stipulated by the EU Commission online at: http://eur-lex.europa.eu/legal-content/DE/TXT/?uri=celex%3A32010D0087

In some cases the required data security is secured by the certification of the contract party via the EU-US Privacy Shield, which you can see via: https://www.privacyshield.gov/.

Alternatively, you can get these from us (see contact details).

H. Use of cookies based on legitimate interests, Article 6 (1) letter a) GDPR

In addition to the data previously specified, when you visit our website, so-called “cookies” are saved to your computer. Cookies are small text files that are saved to a browser on your computer and are used by the entity that placed them there (i.e. us) to obtain certain information. Cookies cannot run programmes or place viruses on your computer. They serve generally to make the website more effective and user friendly.

When you visit our website for the first time or if no cookie is detected on your device, you will be notified of our use of cookies. In addition, we obtain your consent for storing certain cookies. You will find further explanations under C. When issuing the initial Cookie Notice and obtaining your consent, we refer to this Privacy Policy.

We use both transient and persistent cookies; the scope and functionality of each is described below:

Transient Cookies

Transient cookies are automatically deleted when you close your browser. This includes in particular session cookies. These store a so-called session ID, through which different requests of your browser can be assigned to the common session and make your surfing experience on our website a more pleasant one for you. Session cookies can be used to recognise your computer when you return to our website. Session cookies are automatically deleted when you close your browser

Persistent Cookies

Persistent cookies are automatically deleted after a specified period, which can differ from one cookie to another. You can delete the cookies at any time using the security settings in your browser. At no time will personal data be stored in a cookie.

Most browsers are pre-set to automatically accept cookies. However, you can disable the storage of cookies or set your browser to notify you before storing cookies. Users who do not accept cookies may not be able to access certain areas of our websites.

I. Use of Web Analytics

1. Visitor Analytics

This website uses Visitor Analytics, a web analysis service from Visitor Analytics Germany. Visitor Analytics is a simple website analytics service which measures the traffic and visitors' general details of the customers' websites. Collecting these statistics, a website can make their visitors' experience better (e.g. which pages they visit and when, where they are approximately located, where does a user land first or if they are coming from a specific referral).

J. Social Media

Use of Social Media Plug-ins

(a) We currently make use of the following social media plug-ins: Xing, LinkedIn. We use the so-called two-click approach. That means, when you visit our site, no personal data is initially transmitted to the plug-in provider. You can identify the plug-in provider by the first letter or logo on the label on the box. We provide you the opportunity to communicate directly with the plug-in provider using the button. Only when you activate the marked field by clicking on it will the plug-in provider be informed that you have accessed our online services on the website. Therefore, by activating the plug-in, your personal data is transmitted to the respective plug-in provider and stored there (for US providers: in the US). As the plug-in provider acquires the data primarily via cookies, we recommend you delete all cookies using the security settings on your browser before clicking on the greyed-out box.

(b) We have no influence over either data collection or data processing operations, nor are we familiar with the full scope of data collection, the purposes of collection or retention periods. We also have no information on deletion of the collected data by the plug-in provider.

(c) The plug-in provider stores data collected about you as a user profile and uses it for the purpose of advertising, market research and/or appropriate design of its website. This utilisation occurs in particular (including for users who are not logged in) in presenting appropriate advertising and to inform other social network users of your activities on our website. You are entitled to object to the creation of this user profile; to do so you must contact the respective plug-in provider. Using the plug-in we offer you the opportunity to interact with the social network and other users so that we can improve our site and design it so as to make it more attractive to you. The legal basis for the use of plug-ins is Art. 6(1) p. 1 lit. f GDPR.

(d) Data transfer occurs independently of whether or not you have an account with the plug-in provider and are logged in. When you are logged into the plug-in provider, the data collected from us is assigned directly to your account with the plug-in provider. When you press the activated button and, for example, link to the website, the plug-in provider also stores this information and shares it publicly with your contacts. We recommend that you regularly log out after using a social network, particularly before activating the button in order to avoid this sort of association to your profile with the plug-in provider.

(e) You can find additional information on the purpose and scope of data collection and its processing by the plug-in provider in the following data protection statements by these providers. There you will also find additional information regarding your rights and configuration options for safeguarding your personal privacy.

(f) Addresses for the respective plug-in providers, together with their data protection statements:

Xing SE, Dammtorstraße 30, 20354 Hamburg, Germany; https://privacy.xing.com/de.

LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv

K. Your rights

Below you can find information on which rights the GDPR offers you against the processor of your personal data. In addition, you can direct a complaint at any time to a regulatory authority. For us, the Bayerische Landesamt für Datenschutzaufsicht, PO Box 606, 91511 Ansbach, Germany, is responsible.

The right of access by the data subject (Art. 15 GDPR). The right to request information about your personal data processed by us pursuant to Art. 15 GDPR. In particular, you can ask for information on the processing purposes, the category of personal data, the categories of recipients to whom your data can or has been disclosed, the planned retention period, the right to rectification, deletion, limitation of processing or opposition, the existence of a right of appeal, the source of data, if not collected from us, and the existence of automated decision-making, including profiling and, where appropriate, meaningful information about details.

The right to rectification (Art. 16 GDPR). The right, in accordance with Art. 16 GDPR, to demand the immediate correction of incorrect or all personal data stored by us.

The right to erasure (Art. 17 GDPR). The right to demand the deletion of your personal data stored with us, according to Art. 17 GDPR, as far as the processing for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of the public interest or for the assertion, exercise or defence of legal claims is required.

The right to restriction of processing (Art. 18 GDPR). You have the right to require limitation of the processing of your personal data, as far as the accuracy of the data is disputed by you, the processing is unlawful, but you reject their deletion and we no longer need the data, but you need this for the assertion, exercise or defence of legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR.

The right of access by the data subject (Art. 20 GDPR). You have the right to obtain your personal information provided to us in a structured, common, and machine-readable format or to request transmission to another person in charge.

The right to lodge a complaint with a supervisory authority (Art. 77 GDPR). You can contact the supervisory authority of our federal state (named above) or the ones at your place of residence or work place.

The right to withdraw consent at any time (Art. 7, para. 3 GDPR). You have the right to withdraw your consent to the processing of data at any time with future effect. In the case of withdrawal, we will delete the data concerned immediately, as far as further processing cannot be based on a legal basis for processing without opt-in. The revocation of consent does not affect the legality of the processing carried out based on the consent until the revocation.

The right to object (Art. 21 GDPR).
If your personal data are processed by us on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, insofar as this is for reasons that arise from your situation. Insofar as the opposition is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the requirement of specifying a particular situation.

If you would like to exercise your right of revocation or objection, please send an e-mail to andreas.pointvogl@omnia-energy.eu

L. Changes of the data protection statement

We reserve the right to change and/or update this data protection statement under consideration of the existing data protection regulations. This way we can fit it to current legal requirements and consider updates of our services, e.g. introduction of new services. For your visit of this website the respective current version applies.