Data protection information in accordance with Articles 13 and 14 of the General Data Protection Regulation (GDPR) and user information
Stromnetz Berlin is delighted that you have chosen to visit our website and that you are interested in our company. We place great importance on protecting your personal data and want you to feel safe and comfortable when visiting our webpages.
Below you will find all of the information for end customers and stakeholders relevant to data protection and the use of our website.
1. Entity responsible and data protection officer
The entity responsible for processing your personal data is:
Stromnetz Berlin GmbH
Eichenstrasse 3 A
You can get in touch with our data protection officer at:
Stromnetz Berlin GmbH
Data Protection Officer
2. Data categories
We process your personal data if required to meet the purpose stated in Section 3. Your personal data is processed in compliance with legal requirements at all times. This comprises, in particular, the following personal data categories: master data (e.g. surname, forename, address), contractual data (e.g. customer number, meter number), consumption and smart meter data (e.g. meter readings, town and location data), invoicing, banking and similar data.
3. Purpose and legal basis for the processing of personal data
You can generally visit the website of Stromnetz Berlin without disclosing your identity. Personal data will only be collected and processed if you make use of Stromnetz Berlin's services (e.g. our customer promise) and enter the data required for us to process your request. We temporarily store IP addresses for reasons of data security to ensure that our systems are stable and safe. No personal data is analysed in this process.
Stromnetz Berlin GmbH, a Vattenfall Group company and network operator, is responsible for Berlin's distribution network. The company distributes electricity to grid users and operates meters. Data is processed for the above-stated purposes in accordance with the applicable requirements for the protection of personal data, including processing for the purpose of preparing and processing contracts (e.g. grid connection contracts) in accordance with Article 6 (1) (b) GDPR and for maintaining justified interests of Stromnetz Berlin in accordance with Article 6 (1) (f) GDPR regarding the provision of advice and service to our end customers. Furthermore, the data is processed in compliance with legal requirements (e.g. Meter Operations Act (Messstellenbetriebsgesetz), Energy Industry Act (Energiewirtschaftsgesetz), tax laws, German Commercial Code (Handelsgesetzbuch)) in accordance with Article 6 (1) (c) GDPR, which requires the processing of your data to comply with the law.
If we have obtained your consent to process personal data for specific purposes, processing is legitimate on this basis. You can withdraw your consent at any time. This also applies to any withdrawals of declarations of consent you have issued before the effective date of the GDPR on 25 May 2018. Any withdrawal of consent applies with future effect and does not affect the legitimacy of the data processed until the withdrawal.
4. Recipient / transfer of personal data / third country
Within our company, only units requiring access to your personal data for fulfilling the purposes stated in Section 3 are granted access to it. This rule also applies to service providers and vicarious agents engaged by Stromnetz Berlin, in other words processors, in accordance with Article 28 GDPR. We only transfer personal data to third parties if this is necessary for fulfilling the above-stated purposes or if you have previously given us your consent to do so.
Recipients of personal data may include: meter reading service providers, third-party meter operators, IT service providers.
Your personal data is transferred to government agencies if required by law where overriding legislation exists.
Data may be transferred, particularly by way of administrative access, to entities and/or countries outside the European Union (third country transfer) on the basis of the above-stated purposes and legal bases. In such cases, data is only accessed if the European Commission has issued an adequacy decision for the respective country or we have agreed the standard contractual provisions with the service providers as intended by the European Commission in such cases or the respective company has implemented its own internal, binding data protection regulations which have been recognised by the data protection agencies.
5. Storage period and deletion of personal data
We store your personal data for the purposes stated in Section 3. We delete your personal data once the contractual relationship with you has expired, all mutual claims have been fulfilled and there are no other statutory retention periods or legal reasons for the storage of the data. These include statutory retention periods as stipulated in the German Commercial Code (Handelsgesetzbuch - HGB) and the German Tax Code (Abgabenordnung - AO). Your personal data is deleted once the purposes stated in Section 3 and/or the statutory retention periods have expired.
6. Rights of affected parties – your rights
Our data protection officer is always happy to assist in all questions or complaints relating to the processing of your personal data. Please send all information on your personal data stored in accordance with Article 15 GDPR to:
Stromnetz Berlin GmbH
Data Protection Officer
The DPO is also your contact person should you wish to exercise your right to request corrections (Article 16 GDPR), deletion (Article 17 GDPR), restriction of processing (Article 18 GDPR), raise an objection (Article 21 GDPR) and data transferability (Article 20 GDPR). You can also contact the responsible supervisory authority.
6.1 Right of objection
Should we process data for the purpose of maintaining our justified interests as Stromnetz Berlin GmbH, you may, at any time, object to such processing on grounds arising from your specific situation (Article 21 GDPR). This also includes the right to object against processing for advertising purposes.
6.2 Right of objection in the case of consent
Any consent previously given can be withdrawn at any time (see Section 3).
7. Provision of personal data
Within the scope of our business relationship, you need to provide us with the personal data (see Section 2) required for commencing and executing the business relationship and fulfilling the related contractual obligations, or which we must collect by law.
8. Automated decision-making process
No automated decision-making process, including profiling, is used for the justification and execution of agreements.
9. Data sources
We process personal data which we have received from our end customers within the scope of our business relationship. We also process personal data which we are permitted to collect from public sources such as land registers. We also process personal data which we legitimately receive from our own group companies or third parties, such as electricity suppliers.
Storing IP addresses
Every device requires a unique IP address for transferring data via the Internet. We temporarily store this IP address for reasons of data security and to ensure that our system is stable and operates securely. No personal data is analysed in this process. We reserve the right to analyse anonymised data sets for statistical purposes.
If you disable cookies on our website, your orders and change requests cannot be processed. You will see corresponding error messages.
Use of the Piwik web analysis service
To allow us to keep improving our web pages for you, we collect general information (page visited, browser used, length of time spent on the page, etc.).
If you have activated the "Do Not Track" (DNT) setting on your browser, no corresponding cookies will be placed and no data will be transferred. If you have blocked cookies, no corresponding cookies will be set and the only information that will be transferred is that you visited our site.
We use the Piwik tool to analyse usage of our web pages. The collected data is assigned a temporary identifier with the aid of a cookie, which is removed after the end of each browser session. The data is transferred to our web analysis service in encrypted form using an SSL encryption protocol. The collected data also includes the IP address of your computer. We use the full IP address exclusively for temporary determination of the probable location of use of our website, with the aid of an internal service. The IP address is anonymised on entry to the web analysis service by deleting the last two of the four bytes. This means that the full IP address is not stored in the web analysis service. Other unambiguous identifiers or references to the user, such as the MAC address, are not transferred. More information about the Piwik web analysis service is available at https://piwik.pro/privacy-policy/.
Use of Google reCAPTCHA
For protection of data transfer from entry forms, such as contact or registration forms, in specific cases we use the reCAPTCHA service from Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Irland, hereafter referred to as "Google". The data is processed on the basis of Article 6(1)(f) of the General Data Protection Regulation (GDPR). Using Google reCAPTCHA enables us to protect our website against improper automated processing and spam. The use of Google reCAPTCHA may also lead to the transfer of personal data to the servers of Google LLC, Mountain View, California, USA.
In the framework of this service, the referrer URL and your IP address are sent to Google. Google additionally acquires further data that is necessary for the provision and performance of this service, such as the behaviour of the website visitor, information about the operating system, browser and length of visit, cookies, display instructions and scripts, the user's entry behaviour, and mouse motions in the vicinity of the reCAPTCHA checkbox.
The IP address transferred in the framework of reCAPTCHA is not combined with other data from Google unless you are logged in to your Google account at the time when you use the reCAPTCHA plug-in. If you wish to prevent this transfer and storage by Google of data about you and your behaviour on our website, you must log out from your Google account before visiting our site or using the reCAPTCHA plug-in.
In the case of the transfer of personal data to the Google LLC, Google LLC has been certified for the US Privacy Protection "Privacy Shield", which ensures compliance with the data protection level in the EU. The current certificate can be viewed here: https://www.privacyshield.gov/list.
Use of Sprout Social
To facilitate the processing of communications via social media tools (such as Twitter), we use the software Sprout Social from the company Sprout Social, 131 S Dearborn Street, 7th floor, Chicago, Illinois 60603, USA, hereinafter referred to as 'Sprout Social'. Data is processed on the basis of Article 6(1)(f) of the General Data Protection Regulation (GDPR). Data from social media tools (e.g. your message on Twitter to Stromnetz Berlin GmbH) is transmitted in conjunction with the use of Sprout Social. Only data that is addressed to Stromnetz Berlin (e.g. to Stromnetz Berlin GmbH's Twitter account) or that is publicly available is transmitted. This data may include personal data. The data is processed on Sprout Social servers in the USA.
In the case of the transfer of personal data to Sprout Social, Sprout Social has been certified for the US Privacy Protection "Privacy Shield", which ensures compliance with the data protection level in the EU. The current certificate can be viewed here: https://www.privacyshield.gov/list.