Privacy Policy

Last revised: May 23rd, 2018

We, the company EnBW Energie Baden-Wuerttemberg AG, take the protection of your personal data very seriously. In the following we would like to inform you about which personal data we collect when you visit our website, how we process this data and what rights you have in connection with your personal data.

Who is responsible for the processing of my data?

Responsible for the processing of your data is:

EnBW Energie Baden-Württemberg AG
Durlacher Allee 93
76131 Karlsruhe

If you have any questions, suggestions or complaints, you can contact us using the contact details above.

How can I contact the data protection officer?

You can contact our data protection officer at He will be happy to answer any questions you may have about data protection.

How will my data be processed when I visit the website?

We collect and process your data only if we have either received your consent for data processing or processing is legally permitted.

Collection of technically necessary data and log files

If you visit our website for information purposes only, i.e. do not register or otherwise transmit data (e. g. via a contact form), we collect the data that your browser transmits to us. In detail, these are the following data:

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • The amount of data transferred in each case
  • Website from which you visit us (referrer URL)
  • Website you are visiting
  • Browser type and version used
  • Operating system and its interface
  • Language and version of the browser software

If you visit our websites to register for a public WiFi operated by SMIGHT, we collect data for 30 days which your browser and terminal transmits to us. In detail, this is the following data:

  • Device used (type, manufacturer, model, year of release)
  • MAC address
  • Type of cloud storage services used
  • Type of mail services used
  • Type of communication services used
  • Type of audio/video services used
  • Type of game services used
  • Type of social media services used
  • How long the WiFi was used
  • Transmitted data volume with the WiFi

This data is collected and processed in order to be able to view the website, to ensure and improve stability and for security reasons. Legal basis for this processing is art. 6 para. 1 f) GDPR. The data will be deleted as soon as they are no longer required for the aforementioned purposes. If an IP address is saved, it will be deleted or anonymised after 7 days at latest. The collection of this data and the storage of the data in log files is mandatory for the operation of the website. Therefore, the user has no possibility to object.

After 30 days, the information collected during registration in a public WiFi operated by SMIGHT will be deleted.

Use of cookies

In addition, cookies are used when you visit our website. Cookies are small text files that are stored on your computer by us or by another website (more detailed information can be found in the description of our analysis procedures below) and through which specific information flows to the respective website setting the cookie. Cookies are always assigned to the browser. By using cookies, it is not possible to run programs or transfer viruses to your PC.

You can configure your browser settings according to your wishes and, for example, refuse the acceptance of third party cookies or all cookies. However, this may result in you not being able to use all functions of our website. You are also free to delete all cookies at any time using your browser settings.

This website uses the following types of cookies:

We use technically necessary cookies to make our website more user-friendly and effective. In detail, the following data is stored in the cookies and transmitted to us:

  • Language settings
  • Log in Information

The legal basis for this data processing is art. 6 para. 1 f) GDPR. The use of these cookies is intended to facilitate your use of our website. Some functions of our website do not function without the use of these cookies and could therefore not be offered. Our legitimate interest in the processing of cookies arises from the aforementioned purposes. The cookies are deleted after the end of the session (e. g. logging out or closing the browser) or after a specified period.

In addition, we also use cookies which enable us to analyse the user behaviour of visitors to our website. In detail, the following data is stored in the cookies and transmitted to us:

  • Click flows (this means that we record which of our pages you have viewed)
  • Use of website functions
  • Entered search terms
  • Duration of stay on the individual websites

The legal basis for this data processing is art. 6 para. 1 f) GDPR and § 15 para. 3 TMG (German Telemedia Act). The use of the analysis cookies allows us to optimise our websites and make them more tailored to your needs. These purposes also justify our legitimate interest in the processing of these data. The analysis cookies are deleted after a specified period of time. For the cookies used on our website, this is a maximum of 3 months.

In addition to our own cookies, we also use third party cookies on our website. Third party cookies are those that are not stored by us, but by third party providers on your computer. Further information on the scope and purpose of data processing, the respective legal basis, the storage period as well as the possibilities of objection and removal of third party cookies can be found below in the explanation of the individual procedures we use.

Google Analytics

This website uses Google Analytics, a web analysis service of Google Inc. “(“Google”). Google Analytics uses so-called “cookies”, which are text files placed on the user’s end device, and which make it possible to analyse how users use the site. The information generated by the cookie about the use of this website by users is generally transmitted to and stored on a Google server in the USA.

However, if IP anonymisation is activated on this website, Google will shorten the IP addresses of users within Member States of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. IP anonymisation is active on this website.

On our behalf, Google will use this information to evaluate the use of the website by users, to compile reports on website activity and to provide us as the website operator with further services relating to website and Internet use. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data. The legal basis for this data processing is art. 6 para. 1 f) GDPR and art. 15 para. 3 TMG. Our legitimate interest arises from the aforementioned purposes.

You can prevent the storage of cookies by adjusting your browser software accordingly. Users can also prevent Google from collecting data generated by the cookie and relating to their use of the website (including their IP address) and they can prevent Google from processing this data by downloading and installing the browser plug-in available under the following link: As an alternative to the browser add-on or within browsers on mobile devices, please click this link to prevent Google Analytics from collecting data on this website in the future. An opt-out cookie is then stored on your device. Please note that the opt-out cookie only works in the browser in which it was set. Even if you delete your cookies, you must click this link again.

Use of a contact form

If you contact us via a form on, this is basically done with 128-bit encryption. If you do not use the EnBW contact forms, but your private e-mail account, please note that you must take your own security measures to ensure the confidentiality of your message. Therefore, please use the encrypted forms of EnBW. If the form is not encrypted, there is a technical problem and we cannot assume any liability for the security of your data transmission. You can see whether a form is encrypted by the closed “lock” symbol in your browser window. Depending on the content of your request, the legal basis for this data processing is art. 6 para. 1 b), f) or a) GDPR. We will delete the data you send us by means of your inquiry after reaching the respective purpose. If the transmitted inquiry refers to a contract concluded with us, your inquiry will be deleted as explained in the data protection information of the respective contract.

Contacting us by phone

If you contact us by telephone, we will use the information you provide to us for the purpose for which you contacted us. Depending on the content of your request, the legal basis for this data processing is art. 6 para. 1 b), f) or a) GDPR. We will delete the data that you provide us during the telephone call once the respective purpose has been achieved. If our telephone call is in connection with an existing contract or in connection with a contractual inquiry, please also note our data protection information with regard to the respective product.

Data processing for advertising purposes

We also process data received from you for the purposes of direct marketing and direct contact – if permitted by law (legal basis is art. 6 para. 1 f) GDPR) or you have given us your consent (legal basis is art. 6 para. 1 a) GDPR).

Processing of your data on the basis of legal requirements

If we are subject to any legal obligations that make further processing of your data necessary, we shall also process your data for the purposes provided for by law. The legal basis for this data processing is art. 6 para. 1 c) GDPR in connection with the provision containing the respective legal obligation.

Data will also be processed if and to the extent that you have consented to data processing in accordance with art. 6 para. 1 a) GDPR. The purposes of data processing result from the respective consent.

To which categories of recipients will my data be transmitted?

We treat your data confidentially. Within the EnBW Energie Baden-Wuerttemberg AG, only those departments and employees who require access to your data in order to fulfil the above-mentioned purposes are actually granted access.

Personal data will only be transmitted by us to third parties if this is necessary for the aforementioned purposes and legally permitted or if you have given your prior consent.

In addition to the recipients already named above, we make use of the assistance of other service providers (contractors) to fulfil our obligations. The following recipient categories can receive data:

  • IT service providers
  • Survey service providers
  • Call centres
  • Marketing service providers
  • Analysis specialists
  • File and data carrier disposal specialists
  • Authorities
  • Legal guardians and persons who have a power of attorney

Personal data is also only transferred to other affiliated companies if there is a legal basis for this and this is necessary for one of the purposes mentioned above.

Will my data also be transmitted to recipients in countries outside the European Economic Area? How is an adequate level of data protection ensured?

We also transfer your data to service providers and vicarious agents who are in third countries and carry out data processing there. An adequate level of data protection is ensured in all cases. All our service providers in third countries process the data in accordance with our instructions and are contractually bound. In detail, we transfer your data to the following third countries:

IT service providers in the USA. The adequate level of data protection is ensured by the Commission’s Privacy Shield and/or standard contractual clauses that have been concluded (specimen available at:

For data transmissions through administrative access, access from another country is also possible, since the systems are often guaranteed to operate according to the follow-the-sun principle. However, your data will not be stored in other countries. In these cases, data will also only be accessed if we have ensured compliance with an adequate level of data protection.

What do I have to consider from a data protection perspective when using links?

Our website may contain links to other providers to whom our data protection regulations do not apply.

How safe is my data?

EnBW uses state-of-the-art technical and organizational security measures to protect the data you provide us from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security measures are continuously improved in line with technological developments.

What applies to children’s data?

We strongly encourage parents to accompany their children’s online activities. Children should not transmit any personal data to us without the consent of their parents or legal guardians. We do not knowingly request or process personal data from children.

What rights do I have with regard to my data?

With regard to the processing of your personal data, you have the right pursuant to art. 15 GDPR to request information about your personal data processed by us. Furthermore, you have the right to have data corrected in accordance with article 16 GDPR or deleted in accordance with article 17 GDPR and to restrict processing in accordance with article 18 GDPR. Furthermore, in accordance with article 20 GDPR, you have the right to demand the handing over of the personal data provided by you in a structured, current and machine-readable format. With regard to the right to information the restrictions of article 34 BDSG (German Data Protection Act) and with regard to the right of cancellation the exceptions of article 35 BDSG apply.


If we process your data on the basis of legitimate interests (art. 6 para. 1 f) GDPR) or to perform a public task (art. 6 para. 1 e) GDPR) and if reasons against this processing arise from your particular situation, you have the right to object to this processing in accordance with art. 21 para. 1 GDPR. In the event of an objection, we will no longer process your data for these purposes, unless we can prove compelling grounds for processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims.

You have the right of objection – without restriction – pursuant to art. 21 para. 2 and 3 GDPR against any kind of processing for direct advertising purposes.

You can address your objection to us at any time requiring no particular form. For the best possible processing, please use the following contact data:

EnBW Energie Baden-Württemberg AG
Durlacher Allee 93
76131 Karlsruhe

Please note that you can only implement your objection to the use of tracking procedures on our website yourself. It is technically not possible to do this centrally. For each tracking procedure where you have to implement the objection yourself, we have attached a statement above.

Can I revoke my consent?

If we process your data on the basis of a consent given by you, you have the right to revoke your consent at any time. Your data will then no longer be processed for the purposes covered by the consent. Please note that the legality of the data processing, which took place before the revocation, is not affected by the revocation. For more information on how you can explain your revocation in detail, please refer to the previous information or the information in the respective consent. Please address your revocation to:

EnBW Energie Baden-Württemberg AG
Durlacher Allee 93
76131 Karlsruhe

Here your revocation – if technically possible – is implemented directly centrally or you will find an explanation how you can implement the revocation yourself, since a central implementation by us is not possible for some technical procedures.

Do I have a right of appeal to a supervisory authority?

If you believe that the processing of your personal data violates applicable law, you can complain to a data protection supervisory authority at any time in accordance with art. 77 GDPR. This is without prejudice to other administrative or judicial remedies.

Do I have to provide the data or is the provision of data necessary for the conclusion of the contract?

With the exception of the technically necessary data for displaying our website, any provision of data by you is voluntary. Should this be different in exceptional cases, this is explicitly mentioned in the appropriate section of this declaration.

Will my data be used for automated decision making? And if so, how is this done and what are the consequences for me?

No, automated decision making does not take place.

Can this information be changed? And if so, how do I find out about this?

As our data processing is subject to change, we will also adjust our data protection information from time to time. We will inform you of any changes in good time. You will find the current version of these data protection regulations here.