Data protection information for visitors to the website and users of electronic communication, including applicants

Terms used

This privacy policy uses the following terms, among others.

Personal data

Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Cookies

Cookies are small text files or similar technologies that are stored in your browser by the websites you have visited and can be read by these and other websites. They are used to make websites optimally usable or to provide the operator with certain information about the website, e.g. to tailor advertising to your interests. Cookies may contain personal data, such as a personal ID.

Processing

Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Legal basis

Permission to process personal data for specific purposes.

Receiver

Recipient is a natural or legal person, public authority, agency or other body to whom personal data is disclosed.

Person responsible

Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Web hosting

Web hosting refers to the provision of web space and the hosting of websites on the web server of an Internet service provider.

Consent

Consent is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Third country

All countries outside the European Union.

Profiling

Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

II. Mandatory information pursuant to Art. 12-14, 21 GDPR

In the following, we would like to inform you in accordance with the General Data Protection Regulation (GDPR) and other data protection regulations. In particular, we hereby clarify which personal data we collect for which purposes when you use our websites and communicate with us electronically, how we use it, to whom we pass it on and what rights you have in relation to your personal data.

1. Who is responsible for the processing of personal data?

The controller within the meaning of Art. 4 (7) GDPR and other provisions of a data protection nature is

TRICERA energy GmbH
Buchenstraße 1
09627 Bobritzsch-Hilbersdorf
Germany

Phone: +49 151 16 20 38 64 –

Email: info@tricera.energy

You can contact our data protection officer at datenschutz@tricera.energy and via the above address.

2. What rights do I have?

You have the following rights vis-à-vis all of the above-mentioned controllers with regard to your personal data:

  • Right to confirmation and information (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR) or erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR),
  • Right to withdraw your consent (Art. 7 (3) GDPR). Consent can be withdrawn at any time. The lawfulness of the processing that took place before the withdrawal remains unaffected by this.
  • Right to receive the data in a structured, commonly used, machine-readable format (“data portability”) and the right to transmit the data to another controller if the requirements of Art. 20 para. 1 lit. a, b GDPR are met,

You can inform us about the exercise of your rights at: datenschutz@tricera.energy.

  • Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection supervisory authority. You can find an overview of all German supervisory authorities for data protection here. The supervisory authority of the Free State of Saxony is primarily responsible for us.

3. Individual right of objection

You have the right to object to the processing (Art. 21 GDPR) if it is based on our legitimate interests (Art. 6 para. 1, sentence 1 lit. f GDPR). You have the right to object on grounds relating to your particular situation. You have no right to object if we or our service providers can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms. You also have no right to object if the processing serves to assert, exercise or defend against legal claims (Art. 21 para. 1 GDPR). In the event of your objection, we will examine the situation and either stop or adjust the data processing or point out to you our compelling reasons worthy of protection on the basis of which we will continue the processing.

Information on the existence of a right of objection or revocation for the respective data processing can be found below.

4. How is personal data processed?

Below you will find the legal information on data categories, purposes, legal bases, deletion periods, recipients, transfer to third countries, profiling, rights of revocation and objection for each processing activity.

a. Visiting the websites

Data categories

The following data is automatically sent to us by your computer when you access the website:

  • Browser type / browser version
  • Operating system used
  • Language / Version Browser software
  • IP address
  • Date / time of the server request
  • Screen resolution
  • Time zone difference to GMT
  • Access status / HTTP status code
  • Referrer URL (previously visited website)

The following cookies are also set:

quform_session; Purpose: security (protection against cross-site request forgery).
wp-wpml_current_language; Purpose: remembering the language selection

Purposes of processing and obligation to provide

This data is technically necessary for us to display our website to you (e.g. establishing a connection to the website) and to ensure stability and security (e.g. tracking attacks on the website and load balancing). Without it, you will not be able to access the website, which means that you are theoretically obliged to provide the data.

Storage duration

This data is stored for a period of seven days. Longer processing is possible in individual cases, e.g. for as long as and to the extent necessary to block abusive use of the website. The data may be stored for up to five years.

Receiver

This data is technically collected and stored by our hosting service provider STRATO AG, Pascalstraße 10, 10587 Berlin and processed on our behalf for the above-mentioned purposes.

Legal basis

The automatic collection of data takes place on the basis of § 25 para. 2 no. 2 TTDSG. The storage and further processing takes place on the basis of Art. 6 para. 1, sentence 1 lit. f GDPR, as the purposes of the processing reflect our legitimate interests or on the basis of Art. 6 para. 1, sentence 1 lit. f GDPR, if the use of the website takes place within the framework of a contractual relationship.

You can object to the storage and further processing, which is based on our legitimate interests, at any time. Please note the above information on your right to object. You can declare your objection to the processing of the data to us using the contact details above.

b. Contact via contact form, e-mail and telephone

When you contact us, e.g. by e-mail, telephone or via contact forms on our websites, the personal data you provide will be processed by us in order to respond to your inquiry.

Data categories

We process the following data: Your first and last name, e-mail address, telephone number, date and time of contact (collected automatically), content of messages, subject of e-mails if applicable, content of the survey.

Purposes of processing and obligation to provide

We use the data to receive and respond to your request and, if necessary, to acquire you or the organization in which you work as a customer. Only the content of the message and the e-mail address are mandatory. All other information is voluntary or is collected automatically.

Storage duration

Your data will be processed for the duration of contractual negotiations or for the duration of a contractual relationship if your request leads to the conclusion of a contract with us or if a contractual relationship already exists at the time of the request. Otherwise, we delete your data after processing is no longer required to process and respond to your inquiry, or we store it in a restricted and separate form for the duration of the legally mandatory retention periods, which can be a maximum of 10 years.

Receiver

The information from your request will be sent to our electronic mailbox by e-mail. The e-mails are sent by our hosting service provider STRATO AG, Pascalstraße 10, 10587 Berlin and processed on the servers of our e-mail provider Microsoft Ireland Operations, Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland.

Legal basis

The legal basis for processing in the context of a contract or the initiation of a contract is Art. 6 para. 1, sentence 1 lit. b GDPR. If there is no contractual relationship and this is not intended or the data processing is not necessary for this, the legal basis is Art. 6 para. 1, sentence 1 lit. f GDPR, i.e. our predominantly legitimate interests in providing and using an opportunity to make contact for other purposes. The legal basis for the storage of data in the event of statutory retention obligations is Art. 6 para. 1 sentence 1 lit. c GDPR in conjunction with § 147 AO, § 257 HGB.

You can object to the storage and further processing at any time on the basis of our legitimate interests. Please note the above information on your right to object. You can declare your objection to the processing of the data to us using the contact details above.

Third country transfer and legal basis

Microsoft’s servers are located in the EU. However, data transfer to the USA cannot be completely ruled out, as Microsoft is based in the USA and must comply with the laws applicable there. The USA is considered by the European Court of Justice to be a country with an inadequate level of data protection by EU standards. In particular, there is a risk that your data may be processed by US authorities for monitoring and surveillance purposes, possibly without any legal recourse.

The data transfer is usually based on the adequacy decision of the European Commission pursuant to Art. 45 GDPR with regard to the agreement between the USA and the EU called “Trans-Atlantic Data Protection Framework (TADPF)” if the provider is certified according to TADPF. The adequacy decision can be accessed here.

If no certification is available or if the adequacy decision no longer applies, the adequate level of data protection for the transfer to the USA is generally guaranteed by the conclusion of so-called standard data protection clauses in accordance with Art. 46 para. 2 lit. c GDPR and the additional measures taken by us and the provider to protect the data. The standard data protection clauses are available here.

c. Video telephony

Data categories and purposes of processing

The following device data is processed when you participate in a video call with us:

  • Audio, video and textual content of the communications, including files where applicable
  • Time, duration and place of participation
  • IP address and hardware information
  • Profile picture
  • If applicable, first names, surname, employer, professional function
  • E-mail addresses, telephone numbers (depending on the type of participation)

This data, apart from first names, surnames, employer and professional function, is technically necessary to provide you with the services (e.g. invitation, connection setup, image and sound transmission) and to ensure stability and security (e.g. tracking attacks on the services and load distribution). Without them, you cannot access the services, which means that you are theoretically obliged to provide the data.

Microsoft also collects and processes certain data for its own purposes (e.g. improving the product, security), over which we have no influence. This is mostly connection and usage data (e.g. IP address, user agent, frequency, type and manner of use). Microsoft is responsible for this data processing. You can find detailed information about data processing by Microsoft here.

Legal basis

The automatic collection of data takes place on the basis of § 25 para. 2 no. 2 TTDSG. Further processing is carried out on the basis of Art. 6 para. 1, sentence 1 lit. b GDPR in the case of an existing contractual relationship and otherwise on the basis of Art. 6 para. 1, sentence 1 lit. f GDPR, as the purposes of the processing reflect our legitimate interests.

You can object to the processing of data based on our legitimate interests at any time. Please note the above information on your right to object. You can declare your objection to the processing of the data to us.

Storage duration

The data will only be processed for the duration of your participation in the video call.

Receiver

This data is collected and processed by Microsoft Ireland Operations, Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland on our behalf for the purposes set out above.

Third country transfer, legal basis

The Microsoft servers that we use are located in the European Union. However, it cannot be ruled out that your data will be transferred to the USA by Microsoft. The USA is considered by the European Court of Justice to have an inadequate level of data protection according to EU standards. In particular, there is a risk that your data may be processed by US authorities for control and monitoring purposes, possibly without any legal recourse.

The data transfer is usually based on the adequacy decision of the European Commission pursuant to Art. 45 GDPR with regard to the agreement between the USA and the EU called “Trans-Atlantic Data Protection Framework (TADPF)” if the provider is certified according to TADPF. The adequacy decision can be accessed here.

If no certification is available or if the adequacy decision no longer applies, the adequate level of data protection for the transfer to the USA is generally guaranteed by the conclusion of so-called standard data protection clauses in accordance with Art. 46 para. 2 lit. c GDPR and the additional measures taken by us and the provider to protect the data. The standard data protection clauses are available here.

d. Handling of applicant data

We offer you the opportunity to apply to us via a form on the website, by e-mail, via social networks or by post.

We would like to point out that data transmission on the Internet can have security gaps when communicating by email or via social networks. We therefore recommend that you do not send any sensitive data, such as references, CVs, etc., unencrypted by email or via social networks.

If you would like to send your application by e-mail or social networks, please encrypt the attachments according to the latest technical standards and send us the password separately.

For applications via social networks, please also note the information in section 5.

Below we inform you about the scope, purpose and use of your personal data collected as part of the application process.

Scope and purpose of data processing

If you send us an application or take part in an (online) job interview, we process the associated personal data that you transmit to us insofar as this is necessary for the decision on the establishment of an employment relationship and for conducting the (online) job interview.

This may involve the following personal data:

  • Personal details as well as contact and communication data (e.g. name and address, telephone number and e-mail address)
  • Birthday, place of birth
  • Nationality
  • Curriculum vitae, certificates and recommendations (information on qualifications, training, professional experience, language skills, further training and voluntary work)
  • Photographs
  • Marital status
  • Interests and hobbies
  • Information you provide in the online form
  • Notes taken during job interviews etc.
  • Connection and content data for video calls (IP address and hardware information, e-mail address, image and sound, message content, date, time, place of participation)

Legal basis

The legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR (contract initiation) and – if you have given your consent – Art. 6 para. 1 sentence 1 lit. a GDPR. Consent can be withdrawn at any time with effect for the future. The revocation does not affect the legality of the data processing that took place before the revocation.

If the application is successful, the data submitted by you and collected during the interview will be stored in our data processing systems on the basis of Art. 6 para. 1 sentence 1 lit. b GDPR for the purpose of implementing the employment relationship.

Obligation to provide personal data

There is no legal or contractual obligation to provide personal data in the application process. However, we would like to point out that we may not be able to consider you if you do not provide any or sufficient personal data and we are therefore unable to assess your suitability for the advertised position.

Recipients of personal data

Your personal data will be passed on within our company to persons who are involved in processing your application.

Furthermore, the data will be sent by our hosting service provider STRATO AG, Pascalstraße 10, 10587 Berlin, Germany (for applications via the website) and processed on the servers of our e-mail provider Microsoft Ireland Operations, Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland (for applications via contact form, e-mail and for interviews via video call).

When applying via LinkedIn, the data is processed by LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA.

Transfer of data to a third country, legal basis

LinkedIn’s servers are located in the USA. Microsoft’s servers are located in Germany. However, data transfer to the USA is not completely ruled out, as Microsoft is based in the USA and must comply with the laws applicable there. The USA is considered by the European Court of Justice to have an inadequate level of data protection according to EU standards. In particular, there is a risk that your data may be processed by US authorities for monitoring and surveillance purposes, possibly without any legal recourse.

The data transfer is usually based on the adequacy decision of the European Commission pursuant to Art. 45 GDPR with regard to the agreement between the USA and the EU called “Trans-Atlantic Data Protection Framework (TADPF)” if the provider is certified according to TADPF. The adequacy decision can be accessed here.

If no certification is available or if the adequacy decision no longer applies, the adequate level of data protection for the transfer to the USA is generally guaranteed by the conclusion of so-called standard data protection clauses in accordance with Art. 46 para. 2 lit. c GDPR and the additional measures taken by us and the respective provider to protect the data. The standard data protection clauses are available here.

Data retention period

If we are unable to make you a job offer, you reject a job offer or withdraw your application, we reserve the right to retain the data you have submitted for up to 6 months from the end of the application process (rejection or withdrawal of the application) on the basis of our predominantly legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR) in the defense of possible claims under § 15 AGG. The data will then be deleted and the physical application documents destroyed. The retention serves in particular as evidence in the event of a legal dispute. If it is evident that the data will be required after the expiry of the 6-month period (e.g. due to an impending or pending legal dispute), deletion will only take place when the purpose for further storage no longer applies.

Longer storage may also take place if you have given your consent (Art. 6 para. 1 lit. a GDPR) or if statutory retention obligations prevent deletion.

Right of objection

You can object to the storage of your personal data, which is based on our predominantly legitimate interests, at any time. Please note the above information on your right to object.

Inclusion in the applicant pool

If we do not make you a job offer, you may have the opportunity to be included in our applicant pool. If you are accepted, all documents and details from your application will be transferred to the applicant pool so that you can be contacted in the event of suitable vacancies.

Inclusion in the applicant pool is based exclusively on your express consent (Art. 6 para. 1 sentence 1 lit. a GDPR). Giving your consent is voluntary and is not related to the current application process. You can withdraw your consent at any time with effect for the future. The legality of the processing carried out before the withdrawal remains unaffected by the withdrawal. In this case, the data will be irrevocably deleted from the applicant pool, provided there are no legal grounds for retention.

Otherwise, the data will be irrevocably deleted from the applicant pool at the latest at the end of the second year after consent has been granted.

5. Presence in social networks

We maintain online presences within social networks and process user data in this context in order to communicate with the users active there or to offer information about us.

We would like to point out that user data may be processed outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce users’ rights.

Furthermore, user data within social networks is generally processed for market research and advertising purposes. For example, usage profiles can be created based on the usage behavior and resulting interests of the users. The usage profiles can in turn be used, for example, to place advertisements within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users’ computers, in which the usage behavior and interests of the users are stored. Furthermore, data may also be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).

For a detailed description of the respective forms of processing and the opt-out options, please refer to the data protection declarations and information provided by the operators of the respective networks as follows.

https://de.linkedin.com/legal/privacy-policy

In the case of requests for information and the assertion of data subject rights, we would also like to point out that these can be asserted most effectively with the providers. Only the providers have access to the users’ data and can take appropriate measures and provide information directly. If you still need help, you can contact us.

Data categories

We generally process the following data:

Contact data (e.g. email, telephone numbers); content data (e.g. entries in online forms); application data, usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).

Purposes

We use social networks for contact requests and communication, placing job advertisements and receiving applications, collecting feedback as well as marketing and measuring campaigns in social networks, e.g. the reaction of users to our posts.

Legal basis

Your data will be processed on the basis of Art. 6 para. 1, sentence 1 lit. f. GDPR, whereby accessibility via social networks reflects our legitimate interests.

Receiver

  • LinkedIn: Social network; Service provider: LinkedIn Ireland Unlimited Company, Wilton Plaza Wilton Place, Dublin 2, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Data processing agreement: https://legal.linkedin.com/dpa; Standard contractual clauses (Safeguarding the level of data protection when processing data in third countries): https://legal.linkedin.com/dpa; Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
  • Instagram: Soziales Netzwerk; Dienstanbieter: Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA; Website: https://www.instagram.com; Datenschutzerklärung: https://instagram.com/about/legal/privacy

Transfer of data to a third country

Your data is processed in the USA. The USA is considered by the European Court of Justice to be a country with an inadequate level of data protection by EU standards. In particular, there is a risk that your data may be processed by US authorities for monitoring and surveillance purposes, possibly without any legal recourse.

The data transfer is usually based on the adequacy decision of the European Commission pursuant to Art. 45 GDPR with regard to the agreement between the USA and the EU called “Trans-Atlantic Data Protection Framework (TADPF)” if the provider is certified according to TADPF. The adequacy decision can be accessed here.

If no certification is available or if the adequacy decision no longer applies, the adequate level of data protection for the transfer to the USA is generally guaranteed by the conclusion of so-called standard data protection clauses in accordance with Art. 46 para. 2 lit. c GDPR and the additional measures taken by us and the respective provider to protect the data. The standard data protection clauses are available here.

6. Actuality

This data protection information may be changed from time to time (e.g. when new services are used). The last update was made on 27.02.2024.