Data Protection Statement
Thank you for your interest in our company. At Trianel GmbH, we take data protection particularly seriously. As a rule, you can use the Trianel GmbH websites without entering any personal data. If a data subject wishes to use certain services offered by our company via our website, it may however be necessary to process personal data. If the processing of personal data is required, and if there is no legal basis for such processing, we will as a rule request permission from the data subject.
Personal data, such as the name, address, e-mail address or phone number of a data subject, is always processed in compliance with the General Data Protection Regulation and the German Federal Data Protection Act in its latest version, and in accordance with the country-specific data protection regulations applicable to Trianel GmbH. This Data Protection Statement provides information for the general public regarding the nature, scope and purpose of the personal data that is collected, used and processed by us. An explanation of the rights of data subjects is also included.
As the entity responsible for processing, Trianel GmbH has implemented a wide range of technical and organisational measures in order to ensure the most complete protection possible of the personal data processed via this website. However, in general, internet-based data transfers may have safety gaps, and as a result, absolute protection cannot be guaranteed. For this reason, every data subject has the right to choose alternative means of transmitting personal data to us, for example by telephone.
Aside from activity-related aspects (e.g. for interns), the personal data of minors is neither requested nor collected, nor forwarded to third parties.
1. Definition of terms
The Trianel GmbH Data Protection Statement is based on terms used by the European regulatory and directive bodies on issue of the General Data Protection Regulation (GDPR). Our Data Protection Statement is written in a style that is easy to read and understand by the general public as well as by our customers and business partners. To ensure that this is the case, please find an explanation of the terms used below.
Among others, we use the following terms in this Data Protection Statement:
a) Personal data
Personal data is all information that relates to an identified or identifiable individual person (below: “data subject”). An individual person is regarded as being identified or identifiable when they can be directly or indirectly identified, in particular by means of assignment to an identifier, such as a name, an ID number, location data, online identification or one or more special features that are an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of this individual person.
b) Data subject
A data subject is any identified or identifiable individual person whose personal data is processed by the entity responsible for processing.
Processing is every procedure conducted with or without the aid of automated methods, or every such series of procedures connected with personal data, such as the collection, recording, organisation, organising, storage, adaptation or alteration, reading, querying, use, disclosure through transmission, dissemination or another form of provision, comparison or linking, restriction, deletion or destruction.
d) Restriction of processing
The restriction of processing is the marking of stored personal data with the goal of restricting its processing in the future.
Profiling is any type of automated processing of personal data that consists of the use of this personal data in order to evaluate certain personal aspects relating to an individual person, in particular in order to analyse or predict aspects with regard to work performance, economic status, health, personal preferences, interests, reliability, behaviour, place of abode or change of location of this individual person.
Pseudonymisation is the processing of personal data in such a way that personal data can no longer be assigned to a specific data subject without the addition of further information, insofar as this further information is stored separately and is subject to technical and organisational measures that guarantee the personal data cannot be allocated to an identified or identifiable individual person.
g) Controller or entity responsible for processing
The controller or entity responsible for processing is the individual person or legal entity, authority, institution or other body that alone or together with others decides on the purpose and means of processing personal data. If the purposes and means of this processing are specified by EU law or by the law of the member states, the controller or the specific criteria for their designation can be stipulated according to EU law or the law of the member states.
h) Order processor
The order processor is an individual person or legal entity, authority, institution or other body that processes personal data on behalf of the controller.
The recipient is an individual person or legal entity, authority, institution or other body to whom personal data is disclosed, regardless of whether or not they are a third party. Authorities who may receive personal data within the scope of a specific investigation order according to EU law or the law of the member states are not classified as recipients, however.
j) Third party
A third party is an individual person or legal entity, authority, institution or other body aside from the data subject, the controller, the order processor and the persons who are authorised under the direct responsibility of the controller or order processor to processes personal data.
Consent is every declaration of intent that is issued voluntarily in an informal way and unequivocally for the specific case by the data subject, in the form of a declaration or other clear confirmatory action, with which the data subject expresses their consent to the processing of personal data relating to them.
2. Name and address of the entity responsible for processing
For the purposes of the General Data Protection Regulation, other data protection laws valid in the member states of the European Union and other stipulations with regard to data protection, the controller is:
Data Protection Officer
Krefelder Str. 203
Phone: +49 (0)241 41320-0
The data subject can prevent cookies from being set by our website at any time by making the appropriate setting in the web browser used. In so doing, they can refuse the right to set cookies on a permanent basis. Further, cookies that have already been set can be deleted at any time via a web browser or other software programmes. This is possible in all standard web browsers. If the data subject deactivates the setting of cookies in the web browser used, possibly not all functions of our website are available for use.
On this website, data is collected and stored on the basis of the consent to the processing of your personal data in compliance with Art. 6, Para. 1 lit. a GDPR, through the use of the web analysis service software Matomo (www.matomo.org), a service provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand. From this data, pseudonymised user profiles can be created and evaluated for the same purpose. Cookies can be used for this purpose. Cookies are small text files that are stored locally in the buffer of the site visitor's web browser. Among other things, the cookies enable the recognition of the web browser. The data collected with the Matomo technology (including the user's pseudonymised IP address) is processed on our servers. The information generated by the cookie in the pseudonym user profile is not used to personally identify the visitor to this website and is not conflated with personal data about the bearer of the pseudonym. If you do not agree to the storage and evaluation of this data from your visit, you can refuse to give your consent to the storage and usage at any time at just the click of the mouse. In this case, a so-called opt-out cookie is set on your browser, and Matomo will not collect any session data. Please note that if you delete all your cookies, the opt-out cookie will also be deleted, and you may have to re-activate it.
4. Recording general data and information
The Trianel GmbH website records a series of general data and information every time the website is retrieved by a data subject or automated system. This general data and information is stored in the server logfiles. The following can be recorded: (1) the browser types used and their versions, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (the “referrer”), (4) the sub-websites that are targeted by an accessing system on our website, (5) the date and time at which the website is accessed, (6) an Internet Protocol address (IP address), (7) the Internet Service Provider of the accessing system, and (8) other similar data and information that help avert danger if our information technology systems are attacked.
When this general data and information is used, Trianel GmbH makes no inferences about the data subject. Rather, this information is used in order to: (1) deliver the content of our website in the correct manner, (2) optimise the content of our website, (3) guarantee the continuous functioning of our information technology systems and our website technology, and (4) provide information necessary for prosecution to the law enforcement authorities if a cyber attack occurs. This data and information, which is collected anonymously, is therefore statistically analysed by Trianel GmbH, and also serves the goal of increasing the level of data protection and data security in our company, in order to ultimately secure an optimal level of protection for the personal data processed by us. The anonymous data from the server logfiles is stored separately from all personal data entered by the data subject.
5. Subscription to our newsletter
On the Trianel GmbH website, users are given the option of subscribing to our company newsletter. The personal data transferred when ordering the newsletter to the entity responsible for processing is shown in the input mask used for this purpose.
Trianel GmbH informs its customers and business partners about company offers at regular intervals via a newsletter. Our company newsletter can generally only be received by the data subject when (1) the data subject has a valid e-mail address, and (2) the data subject has registered for distribution of the newsletter. For legal reasons, the first time a data subject enters an e-mail address for the distribution of the newsletter, a confirmation e-mail is sent to them, in compliance with the double opt-in procedure. This confirmation e-mail is used to check whether the owner of the e-mail address has authorised the receipt of the newsletter as the data subject.
When registration for the newsletter is received, we also store the IP address issued by the Internet Service Provider (ISP) of the computer system used by the data subject at the point in time of the registration, together with the date and time of registration. The collection of this data is necessary in order to be able to trace any (potential) abuse of the e-mail address of a data subject at a later point in time, and therefore serves the legal protection of the entity responsible for processing.
The personal data collected when registering for the newsletter is used solely for the purpose of dispatching our newsletter. Further, subscribers to the newsletter can be informed by e-mail should this be necessary for the operation of the newsletter service or for a related registration, as may occur in the case of changes to the newsletter offer or if there is a change in technical conditions. The personal data collected within the scope of the newsletter service is not forwarded to third parties. The data subject can cancel their subscription to our newsletter at any time. The consent to storage of personal data issued to us by the data subject for the distribution of the newsletter can be revoked at any time. A corresponding link is provided with every newsletter for the purpose of revocation of consent. Further, there is the option of also directly unsubscribing from the newsletter on the website of the entity responsible for processing, or informing the entity responsible for processing of this intention in another way.
6. Newsletter tracking
The Trianel GmbH newsletters contain so-called tracking pixels. A tracking pixel is a miniature graphic that is embedded in the e-mails that are sent in HTML format in order to enable log file recording and a log file analysis. As a result, a statistical evaluation of the success or failure of online marketing campaigns can be conducted. On the basis of the embedded tracking pixel, Trianel GmbH can identify whether and when an e-mail was opened by a data subject, and which links in the e-mail were retrieved by the data subject.
Such personal data collected via the tracking pixels in the newsletter is stored by the entity responsible for processing and evaluated in order to optimise the newsletter distribution and adapt the content of future newsletters to the interests of the data subject even better. This personal data is not forwarded to third parties. Data subjects retain the right at all times to revoke their separate declaration of consent issued in this regard via the double opt-in procedure. Following revocation, this personal data is deleted by the entity responsible for processing. Trianel GmbH automatically classifies a decision to unsubscribe from the newsletter as being such a revocation.
7. Contact options via the website
In compliance with statutory requirements, the Trianel GmbH website contains information that enables fast electronic contact with our company, as well as direct communication with us. This information also includes a general address used for electronic mail (e-mail address). If a data subject makes contact with the entity responsible for processing via e-mail or via a contact form, the personal data transferred by the data subject is automatically stored. Such personal data transferred on a voluntary basis by a data subject to the entity responsible for processing is stored for the purpose of processing the data or to make contact with the data subject. This personal data is not forwarded to third parties.
8. Routine deletion and blockage of personal data
The entity responsible for processing only processes and stores the personal data of the data subject for the period of time required to achieve the purpose of storage, or for the time period stipulated by the European regulatory and directive bodies or by another legislative body in laws or regulations to which the entity responsible for processing is subject.
If the storage purpose does not apply, or if the storage period stipulated by the European regulatory or directive body or another legislative body expires, the personal data is routinely blocked or deleted in compliance with statutory requirements.
9. The rights of the data subject
a) The right to confirmation
Every data subject has the right, granted by the European regulatory and directive body, to demand confirmation from the entity responsible for processing as to whether the personal data relating to them is being processed. If a data subject wishes to claim this right to confirmation, they may contact our Data Protection Officer or another member of staff of the entity responsible for processing at any time for assistance.
b) The right to information
Every data subject of the personal data being processed has the right, as granted by the European regulatory and directive body, to obtain information free of charge at any time regarding the personal data stored that relates to their person, and to receive a copy of this information. Further, the European regulatory and directive body has entitled the data subject to receive information regarding the following:
- the purposes of processing
- the categories of personal data being processed
- the recipients or categories of recipients to which the personal data has been disclosed or shall be disclosed, in particular in the case of recipients in third countries or international organisations
- if possible, the planned duration for which the personal data will be stored, or, if this is not possible, the criteria for specifying this duration
- the existence of a right to correction or deletion of the personal data relating to them, or to restriction of processing by the entity responsible for processing or the right to object to this processing
- the existence of a right to complain to a supervisory authority
- if the personal data is not collected from the data subject: all available information on the origin of the data
- the existence of an automated decision-making process, including profiling, according to Article 22, Paras. 1 and 4 GDPR and - at least in such cases - clear information regarding the logic involved and the scope of impact and intended effects of such processing for the data subject.
Further, the data subject has the right to information as to whether or not personal data has been transferred to a third country or an international organisation. If this is the case, the data subject also has the right to receive information about the suitable guarantees relating to the data transfer.
If a data subject wishes to claim this right to information, they may contact our Data Protection Officer or another member of staff of the entity responsible for processing at any time for assistance.
c) The right to correction
Every data subject affected by the processing of personal data has the right granted by the European regulatory and directive body to demand the immediate correction of incorrect personal data relating to them. Further, the data subject has the right, taking into account the purposes of processing, to demand the completion of incomplete personal data - including by means of a supplementary declaration.
If a data subject wishes to claim this right to correction, they may contact our Data Protection Officer or another member of staff of the entity responsible for processing at any time for assistance.
d) The right to deletion (the right to be forgotten)
Every data subject affected by the processing of personal data has the right granted by the European regulatory and directive body to demand of the controller to immediately delete the personal data relating to them if one of the following grounds applies and if processing is not necessary:
- The personal data was collected for a purpose or processed in another manner for which it is no longer required.
- The data subject revokes their consent on which processing was based in accordance with Art. 6, Para. 1 letter a GDPR or Art. 9, Para. 2 letter a GDPR, and there is no other legal basis for processing.
- The data subject objects to processing in accordance with Art. 21, Para. 1 GDPR, and no overriding justified grounds are present for processing, or the data subject objects to processing in accordance with Art. 21, Para. 2 GDPR.
- The personal data has been illegally processed.
- The deletion of personal data is necessary for the fulfilment of a legal obligation according to EU law or the law of the member states, to which the controller is subject.
- The personal data was collected in connection with services of the information society offered in accordance with Art. 8, Para. 1 GDPR.
Should one of the above grounds apply and a data subject wishes to request the deletion of personal data stored with Trianel GmbH, they may contact our Data Protection Officer or another member of staff of the entity responsible for processing at any time. The Data Protection Officer at Trianel GmbH or another member of staff will arrange immediately for the data to be deleted as requested.
If the personal data has been publicised by Trianel GmbH and if our company as the controller according to Art. 17, Para. 1 GDPR is obliged to delete the personal data, Trianel GmbH shall take appropriate measures, including of a technical nature, taking into account the available technology and implementation costs, in order to inform other entities responsible for the data processing that process the publicised personal data of the fact that the data subject has requested from these other entities responsible for processing the data that all links to this personal data, or copies or replications of this personal data, be deleted, if processing is not required. The Data Protection Officer at Trianel GmbH or another member of staff will arrange for the necessary action to be taken in individual cases.
e) The right to restriction of processing
Every data subject affected by the processing of personal data has the right granted by the European regulatory and directive body to demand from the entity responsible for processing to restrict the processing of personal data if one of the following conditions applies:
- The accuracy of the personal data is contested by the data subject, namely for a period of time that enables the controller to check the accuracy of the personal data.
- The processing is illegal, the data subject rejects the deletion of personal data and instead demands the restriction of use of the personal data.
- The controller no longer requires the personal data for the purposes of the processing, but the data subject requires it for the assertion, exertion or defence of legal claims.
- The data subject has submitted an objection to the processing in accordance with Art. 21, Para. 1 GDPR, and it has not yet been determined whether the justified grounds of the controller predominate over those of the data subject.
Should one of the above conditions apply and a data subject wishes to demand the restriction of personal data stored with Trianel GmbH, they may contact our Data Protection Officer or another member of staff of the entity responsible for processing at any time. The Data Protection Officer at Trianel GmbH or another member of staff will arrange for the restriction of processing to be implemented.
f) The right to data transferability
Every data subject affected by the processing of personal data has the right granted by the European regulatory and directive body to receive the personal data relating to them that has been provided by a data subject to a controller in a structured, standard, electronically readable format. They also have the right to transfer this data to another controller without hindrance by the controller to whom the personal data was provided, if the processing is based on consent in accordance with Art. 6, Para. 1, letter a GDPR or Art. 9, Para. 2, letter a GDPR, or on a contract according to Art. 6, Para. 1, letter b GDPR, and if the processing is conducted with the aid of automated procedures, provided that the processing is neither required for the fulfilment of a task that is in the public interest, nor conducted in the exercise of public authority, which has been transferred to the controller.
Furthermore, when exerting their claim to data transferability according to Art. 20, Para. 1 GDPR, the data subject has the right to cause the personal data to be transferred directly from one controller to another controller, insofar as this is technically possible and if the rights and freedoms of other persons are not impaired as a result.
To assert their claim to data transferability, the data subject can contact the Data Protection Officer appointed by Trianel GmbH at any time.
g) The right of objection
Every data subject affected by the processing of personal data has the right granted by the European regulatory and directive body to submit an objection at any time for reasons arising from their particular situation, against the processing of the personal data relating to them, which is made on the basis of Art. 6, Para. 1, letters e or f GDPR. This also applies to profiling based on these regulations.
Trianel GmbH shall no longer process the personal data if an objection is submitted, unless we can provide evidence of urgent grounds for processing that are worthy of protection, which override the interests, rights and freedoms of the data subject, or the processing serves the assertion, exertion or defence of legal claims.
Should Trianel GmbH process personal data in order to conduct direct advertising, the data subject has the right to submit an objection to the processing of the personal data for the purpose of such advertising. This also applies to the profiling, if it is connected to such direct advertising. Should the data subject refuse to allow Trianel GmbH to process their data for the purpose of direct advertising, Trianel GmbH shall no longer process the personal data for these purposes.
In addition, the data subject has the right, on grounds that arise from their particular situation, to submit an objection to the processing of personal data relating to them that is conducted at Trianel GmbH for scientific or historical research processes or statistical processes in accordance with Art. 89, Para. 1 GDPR, unless such processing is necessary for the fulfilment of a task in the public interest.
To exert their right to object, the data subject can contact the Data Protection Officer at Trianel GmbH or another member of staff at any time. The data subject further has the right, in connection with the use of services of the information society, and regardless of directive 2002/58/EC, to exert their right to objection by means of automated procedures in which technical specifications are used.
h) Automated decisions in individual cases, including profiling
Every data subject affected by the processing of personal data has the right granted by the European regulatory and directive body not to be subject to a decision based solely on automated processing - including profiling - that has a legal impact on them or that has a significantly negative impact on them in a similar manner, if the decision (1) is not required for the conclusion or fulfilment of a contract between the data subject and the controller, or (2) if it is permissible due to legal requirements of the EU or the member states to which the controller is subject, and these legal requirements contain appropriate measures for the preservation of the rights and freedoms and the justified interests of the data subject, or (3) if it is made with the express consent of the data subject.
If the decision is (1) required for the conclusion or fulfilment of a contract between the data subject and the controller, or (2) is made with the express consent of the data subject, Trianel GmbH shall take appropriate measures in order to preserve the rights and freedoms and the justified interests of the data subject, which includes at least the right to effect the intervention of a person on the part of the controller, the right to present their own point of view, and to contest the decision.
If the data subject wishes to claim rights with reference to automated decisions, they may contact our Data Protection Officer or another member of staff of the entity responsible for processing at any time for assistance.
i) The right to revocation of a declaration of consent to the processing of data
Every data subject affected by the processing of personal data has the right granted by the European regulatory and directive body to revoke their consent to the processing of personal data at any time.
If the data subject wishes to claim their right to revocation of consent, they may contact our Data Protection Officer or another member of staff of the entity responsible for processing at any time for assistance.
10. Data protection for job applications and during job application procedures
The entity responsible for processing collects and processes the personal data of applicants for the purpose of managing the application procedure. The data can also be processed electronically. This is particularly the case when an applicant transfers the relevant application documents electronically to the entity responsible for processing, e.g. via e-mail, or via an online form on a website. If the entity responsible for processing then concludes an employment contract with an applicant, the transferred data is stored for the purpose of managing the employment relationship, taking into account the statutory requirements. Should no employment contract be concluded with the applicant, the application documents are automatically deleted three months after announcement of the decision to reject the application, unless there are deletion conflicts with other justified interests of the entity responsible for processing. Another justified interest in this sense is the obligation to provide evidence in a procedure in accordance with the German General Equal Treatment Act (AGG), for example.
11. Legal basis for processing
Art. 6 I lit. a GDPR is used by our company as the legal basis for processing procedures for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the fulfilment of a contract the contractual party of which is the data subject, as is the case, for example, with processing procedures required for a delivery of goods or the provision of another service or return service, the processing is based on Art. 6 I lit. b GDPR. The same applies to processing procedures that are required for the implementation of pre-contractual measures, such as in cases of enquiries regarding our products or services. If our company is subject to a legal obligation that results in the necessity to process personal data, such as for the fulfilment of tax obligations, the processing is based on Art. 6 I lit. c GDPR. In rare cases, the processing of personal data may be necessary in order to protect vital interests of the data subject or another individual person. This would be the case, for example, if a visitor were to be injured on our premises and their name, age, health insurance data or other essential information were then to be passed on to a doctor, hospital or other third party. In such cases, processing would be based on Art. 6 I lit. d GDPR. Finally, processing could be based on Art. 6 I lit. f GDPR. Processing procedures are based on this right that are not covered by any of the above legal bases when processing is required to preserve a justified interest of our company or a third party, as long as this interest is not overridden by the interests, basic rights and basic freedoms of the data subject. We are permitted to conduct such processing procedures in particular because they are expressly mentioned by the European legislative body. The legislative body stated that a justified interest could be assumed when the data subject is a customer of the controller (Recital 47, sentence 2 GDPR).
12. Justified interests in processing that are followed by the controller or a third party
If the processing of personal data is based on Article 6 I lit. f GDPR, our justified interest is the pursuit of our commercial activity for the well-being of all our staff and shareholders
13. The duration for which personal data is stored
The criterion for the duration of the storage of personal data is the respective statutory retention period. Following expiry of this period, the data in question is routinely deleted if it is no longer required for the fulfilment of the contract or contract initiation.
14. Statutory or contractual requirements regarding the provision of personal data; necessity for the conclusion of contract; obligation of the data subject to provide personal data; potential consequences of failure to provide personal data
We wish to clarify that the provision of personal data is a statutory requirement in some cases (e.g. tax regulations) or that it can result from contractual clauses (e.g. information about the contractual partner). In some cases, it may be necessary, in order to conclude a contract, for the data subject to provide us with personal data that must then be processed by us. The data subject is for example obliged to provide us with personal data when our company concludes a contract with them. The failure to provide personal data would result in the inability to conclude the contract with the data subject. Before the data subject provides personal data, the data subject must contact our Data Protection Officer. Our Data Protection Officer explains to data subjects, with reference to the individual case, whether provision of personal data is a statutory or contractual requirement, or whether it is necessary in order to conclude the contract, whether there is an obligation to provide the personal data and what the consequences of failure to provide personal data might be.
15. The existence of an automated decision-making process
As a company that takes its responsibility seriously, we do not use any automated decision-making process or profiling.
16. Links to other websites
This Data Protection Statement applies to the www.trianel.com website, including the use of our applicant portal ich-bin-energie.de and extranet.trianel.com. The websites in this online presence may contain links to other providers within and outside Trianel GmbH, which are not the subject of this Data Protection Statement. We therefore recommend that when leaving the Trianel website, you carefully check the data protection information provided by each website visited that may collect personal data.
17. Date and validity
This Data Protection Statement is currently valid, and is dated 30.04.2020. Due to the further development of our websites or the implementation of new technologies, it may be necessary to modify this Data Protection Statement. Trianel GmbH reserves the right to make changes to this data protection statement at any time with future effect. We recommend that you read through the current Data Protection Statement from time to time.
This Data Protection Statement was in large part produced by the Data Protection Statement generator of the DGD Deutsche Gesellschaft für Datenschutz GmbH, in cooperation with RC GmbH and the WILDE BEUGER SOLMECKE | Rechtsanwälte law firm.