Privacy Policy

Last revised: April 6th, 2021

We, the company EnBW Energie Baden-Wuerttemberg AG, take the protection of your personal data very seriously. In the following we would like to inform you about which personal data we collect when you visit our website, how we process this data and what rights you have in connection with your personal data.

1. Who is responsible for the processing of my data?

Responsible for the processing of your data is:

EnBW Energie Baden-Württemberg AG
Durlacher Allee 93
76131 Karlsruhe

smight@enbw.com

If you have any questions, suggestions or complaints, you can contact us using the contact details above.

2. How can I contact the data protection officer?

You can contact our data protection officer at datenschutz@enbw.com. He will be happy to answer any questions you may have about data protection.

3. How will my data be processed when I visit the website?

We collect and process your data only if we have either received your consent for data processing or processing is legally permitted.

3.1 Collection of technically necessary data and log files

If you visit our website for information purposes only, i. e. do not register or otherwise transmit data (e. g. via a contact form), we collect the data that your browser transmits to us. In detail, these are the following data:

› IP address
› Date and time of the request
› Time zone difference to Greenwich Mean Time (GMT)
› Content of the request (specific page)
› The amount of data transferred in each case
› Website from which you visit us (referrer URL)
› Website you are visiting
› Browser type and version used
› Operating system and its interface
› Language and version of the browser software

If you visit our websites to register for a public WiFi operated by SMIGHT, we collect data for 30 days which your browser and terminal transmits to us. In detail, this is the following data:

› Device used (type, manufacturer, model, year of release)
› MAC address
› Type of cloud storage services used
› Type of mail services used
› Type of communication services used
› Type of audio/video services used
› Type of game services used
› Type of social media services used
› How long the WiFi was used
› Transmitted data volume with the WiFi

This data is collected and processed in order to be able to view the website, to ensure and improve stability and for security reasons. Legal basis for this processing is art. 6 para. 1 lit f) GDPR. The data will be deleted as soon as they are no longer required for the aforementioned purposes. If an IP address is saved, it will be deleted or anonymised after 7 days at latest. The collection of this data and the storage of the data in log files is mandatory for the operation of the website. Therefore, the user has no possibility to object.

After 30 days, the information collected during registration in a public WiFi operated by SMIGHT will be deleted.

3.2 Use of cookies and pixels

In addition, cookies and pixels are used when you visit our website. Cookies are small text files that are stored on your computer by us or by another website (more detailed information can be found in the description of our analysis procedures below) and through which specific information flows to the respective website setting the cookie. Cookies are always assigned to the browser. By using cookies, it is not possible to run programs or transfer viruses to your PC.

You can configure your browser settings according to your wishes and, for example, refuse to accept third-party cookies or all cookies. However, this may mean that you cannot use all the functions of our website. You are also free to delete all cookies at any time via the settings of your browser. In addition to cookies, other technologies (e.g. pixels) are also used in individual cases to collect corresponding information.

3.2.1 Technically necessary cookies

We use technically necessary cookies to make our website more user-friendly and effective. In detail, the following data is stored in the cookies and transmitted to us:

› Language settings
› Log in Information

The legal basis for this data processing is art. 6 para. 1 lit. f) GDPR. The use of these cookies is intended to facilitate your use of our website. Some functions of our website do not function without the use of these cookies and could therefore not be offered. Our legitimate interest in the processing of cookies arises from the aforementioned purposes. The cookies are deleted after the end of the session (e. g. logging out or closing the browser) or after a specified period.

3.2.2 Technically not necessary cookies

In addition, we also use cookies which enable us to analyse the user behaviour of visitors to our website. In detail, the following data is stored in the cookies and transmitted to us:

› Click flows (this means that we record which of our pages you have viewed)
› Use of website functions
› Entered search terms
› Duration of stay on the individual websites

The legal basis for this data processing is art. 6 para. 1 lit. f) GDPR and § 15 para. 3 TMG (German Telemedia Act). The use of the analysis cookies allows us to optimise our websites and make them more tailored to your needs. These purposes also justify our legitimate interest in the processing of these data. The analysis cookies are deleted after a specified period of time. For the cookies used on our website, this is a maximum of 3 months.

In addition to our own cookies, we also use third party cookies on our website. Third party cookies are those that are not stored by us, but by third party providers on your computer. Further information on the scope and purpose of data processing, the respective legal basis, the storage period as well as the possibilities of objection and removal of third party cookies can be found below in the explanation of the individual procedures we use.

3.3 Use of technically necessary cookies and pixels due to legitimate interests
3.3.1 Google Analytics 360

This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses so-called “cookies”, which are text files placed on the user’s end device, and which make it possible to analyse how users use the site. The information generated by the cookie about the use of this website by users is generally transmitted to and stored on a Google server in the USA.

However, if IP anonymisation is activated on this website, Google will shorten the IP addresses of users within Member States of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. IP anonymisation is active on this website.

On our behalf, Google will use this information to evaluate the use of the website by users, to compile reports on website activity and to provide us as the website operator with further services relating to website and Internet use. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data. The legal basis for this data processing is art. 6 para. 1 lit. f) GDPR and art. 15 para. 3 TMG. Our legitimate interest arises from the aforementioned purposes.

You can prevent the storage of cookies by adjusting your browser software accordingly. Users can also prevent Google from collecting data generated by the cookie and relating to their use of the website (including their IP address) and they can prevent Google from processing this data by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de. As an alternative to the browser add-on or within browsers on mobile devices, please click this link to prevent Google Analytics from collecting data on this website in the future. An opt-out cookie is then stored on your device. Please note that the opt-out cookie only works in the browser in which it was set. Even if you delete your cookies, you must click this link again.

3.3.2 Monster Insights

Our website uses functions of the web analysis service Google Monster Insight (MonsterInsights, LLC. MonsterInsights® ; is a trademark MonsterInsights, LLC.). MonsterInsights uses cookies that are stored on your computer and that allow an analysis of the use of the website. The information generated by the cookies about the use of our website is stored on servers in the USA. Your IP address is anonymized after processing and before storage.

“MonsterInsights” cookies remain on your device until you delete them. “MonsterInsights” cookies are stored on the basis of Art. 6 para. 1 lit. f ) GDPR. The website operator has a legitimate interest in the anonymized analysis of user behaviour in order to optimize both its website and its advertising.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when the browser is closed. If cookies are deactivated, the functionality of our website may be restricted.

You can find information on deactivating cookies in this data protection declaration under Cookies and in the Cookie Policy of this website.
For more information on the handling of user data, please refer to MonsterInsights’ privacy policy.

3.3.3 Hubspot

On this website, we use HubSpot for our online marketing activities. HubSpot is a software company from the USA with a branch in Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Phone: +353 1 5187500.

This is an integrated software solution that we use to cover various aspects of our online marketing. These include:

Email marketing (newsletters as well as automated mailings, e.g. to provide downloads), social media publishing & reporting, reporting (e.g. traffic sources, hits, etc. …), contact management (e.g. user segmentation & CRM), landing pages and contact forms.

Our sign-up service allows visitors to our website to learn more about our company, download content, and provide their contact information and other demographic information. This information, as well as our website content, is stored on servers operated by our software partner HubSpot. It may be used by us to contact visitors to our website and to determine which of our company’s services are of interest to them. All information we collect is subject to this privacy policy. We use all collected information exclusively to optimize our marketing measures.

The legal basis for the use of HubSpot’s services is your consent in accordance with Art. 6 I a) DSGVO.

More information about the privacy policy of HubSpot.

More information from HubSpot regarding EU data protection regulations.

More information about the cookies used by HubSpot can be found here & here.

3.3.4 Hotjar

We use “Hotjar” on our website, a web analytics service provided by Hotjar Ltd, Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta (hereinafter referred to as: “Hotjar”). Among other things, Hotjar uses cookies, i. e. small text files that are stored locally in the cache of your web browser on your terminal device and that enable an analysis of your use of our website, as well as a so-called tracking code. The cookies used by Hotjar are stored on your end device for different lengths of time, in some cases only during your visit, in others for 365 days. The information collected in this way is transmitted and stored to Hotjar on a server in Ireland. The following information is collected by the tracking code:

Device-dependent data collected by your end device and web browser:

› IP address of your end device (collected and stored in an anonymized format)
› E-mail address including your first and last name, if you have provided it to us via our website
› Screen size of your end device
› Device type and browser information
› Geographical data (country only)
› Language used to display our website
› User interactions
› Mouse commands (movement, position and clicks)
› Keystrokes

Log data automatically used by our server when using Hotjar:

› Referring domain
› Visited web pages
› Geographic data (country only)
› Language used to display our website
› Date and time of access

Hotjar uses this information to evaluate your use of our website, compile reports on usage, and provide other services related to the evaluation of our website. Hotjar also uses third-party services (e. g., Google Analytics and Optimizely) to provide services. These third parties may store or otherwise process information that your browser transmits when you visit our website (which may include your IP address).

We use Hotjar for the purpose of analysing the use of our website and to be able to continuously improve individual functions and offers as well as the user experience. Through the statistical evaluation of user behaviour, we can improve our offer and make it more interesting for you as a user. This is also our legitimate interest in the processing of the above data by the third-party provider. The legal basis is Art. 6 para. 1 p. 1 lit. f) GDPR.

You can prevent the installation of cookies by deleting existing cookies and deactivating a storage of cookies in the settings of your web browser. We point out, that in this case you may not be able to use all features of our website in total. You can also prevent the collection of data by Hotjar by setting an opt-out cookie on the website linked below: https://www.hotjar.com/legal/compliance/opt-out. Please note that this setting will be deleted when you delete your cookies.

Third party provider information: Hotjar Ltd, Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta. For more information about Hotjar’s data use, setting and opt-out options and data protection, please visit the following Hotjar website: https://www.hotjar.com/legal/policies/privacy.

3.3.5 LinkedIn

Our website uses functions of the LinkedIn network. Named provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.

Each time one of our pages containing LinkedIn functions is accessed, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited our web pages with your IP address. If you press the “Recommend button” of LinkedIn and you are logged into your account on LinkedIn, it is possible for LinkedIn to assign your visit to yourself and your user account on our website. We would like to point out that we, as the provider of the pages, have no knowledge about the content of the transmitted data or its use by LinkedIn.

For more information, please refer to the LinkedIn privacy policy at: https://www.linkedin.com/legal/privacy-policy.

3.4 Use of a contact form

If you contact us via a form on www.smight.com, this is basically done with 128-bit encryption. If you do not use the EnBW contact forms, but your private e-mail account, please note that you must take your own security measures to ensure the confidentiality of your message. Therefore, please use the encrypted forms of EnBW. If the form is not encrypted, there is a technical problem and we cannot assume any liability for the security of your data transmission. You can see whether a form is encrypted by the closed “lock” symbol in your browser window. Depending on the content of your request, the legal basis for this data processing is art. 6 para. 1 lit. b), f) or a) GDPR. We will delete the data you send us by means of your inquiry after reaching the respective purpose. If the transmitted inquiry refers to a contract concluded with us, your inquiry will be deleted as explained in the data protection information of the respective contract.

3.5 Contacting us by phone

If you contact us by telephone, we will use the information you provide to us for the purpose for which you contacted us. Depending on the content of your request, the legal basis for this data processing is art. 6 para. 1 lit. b), f) or a) GDPR. We will delete the data that you provide us during the telephone call once the respective purpose has been achieved. If our telephone call is in connection with an existing contract or in connection with a contractual inquiry, please also note our data protection information with regard to the respective product.

3.6 Data processing for advertising purposes

We also process data received from you for the purposes of direct marketing and direct contact – if permitted by law (legal basis is art. 6 para. 1 lit. f) GDPR) or you have given us your consent (legal basis is art. 6 para. 1 lit. a) GDPR).

3.7 Processing of your data on the basis of legal requirements

If we are subject to any legal obligations that make further processing of your data necessary, we shall also process your data for the purposes provided for by law. The legal basis for this data processing is art. 6 para. 1 lit. c) GDPR in connection with the provision containing the respective legal obligation.

Data will also be processed if and to the extent that you have consented to data processing in accordance with art. 6 para. 1 lit. a) GDPR. The purposes of data processing result from the respective consent.

4. To which categories of recipients will my data be transmitted?

We treat your data confidentially. Within the EnBW Energie Baden-Wuerttemberg AG, only those departments and employees who require access to your data in order to fulfil the above-mentioned purposes are actually granted access.

Personal data will only be transmitted by us to third parties if this is necessary for the aforementioned purposes and legally permitted or if you have given your prior consent.

In addition to the recipients already named above, we make use of the assistance of other service providers (contractors) to fulfil our obligations. The following recipient categories can receive data:

› IT service providers
› Survey service providers
› Call centres
› Marketing service providers
› Analysis specialists
› File and data carrier disposal specialists
› Authorities
› Legal guardians and persons who have a power of attorney

Personal data is also only transferred to other affiliated companies if there is a legal basis for this and this is necessary for one of the purposes mentioned above.

5. Will my data also be transmitted to recipients in countries outside the European Economic Area? How is an adequate level of data protection ensured?

We also transfer your data to service providers and vicarious agents who are located in third countries and carry out data processing there. Compliance with an adequate level of data protection is ensured on the basis of adequacy decisions pursuant to Art. 45 GDPR or by other appropriate or adequate guarantees pursuant to Art. 46 et seq. GDPR. Our service providers in third countries process the data in accordance with our instructions and are bound by contract. In the event of data being transferred to a third country, there may nevertheless be a risk that there is no adequate level of data protection in accordance with European law and that the rights of data subjects may not be fully enforceable. In detail, we transfer your data to the following third countries:

› IT service providers in the USA: the adequate level of data protection is ensured by means of standard contractual clauses (template can be accessed here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc)

For data transmissions through administrative access, access from another country is also possible, since the systems are often guaranteed to operate according to the follow-the-sun principle. However, your data will not be stored in other countries. In these cases, data will also only be accessed if we have ensured compliance with an adequate level of data protection.

6. What do I have to consider from a data protection perspective when using links?

Our website may contain links to other providers to whom our data protection regulations do not apply.

7. How safe is my data?

EnBW uses state-of-the-art technical and organizational security measures to protect the data you provide us from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security measures are continuously improved in line with technological developments.

8. What applies to children’s data?

We strongly encourage parents to accompany their children’s online activities. Children should not transmit any personal data to us without the consent of their parents or legal guardians. We do not knowingly request or process personal data from children.

9. What rights do I have with regard to my data?

With regard to the processing of your personal data, you have the right pursuant to art. 15 GDPR to request information about your personal data processed by us. Furthermore, you have the right to have data corrected in accordance with article 16 GDPR or deleted in accordance with article 17 GDPR and to restrict processing in accordance with article 18 GDPR. Furthermore, in accordance with article 20 GDPR, you have the right to demand the handing over of the personal data provided by you in a structured, current and machine-readable format. With regard to the right to information the restrictions of article 34 BDSG (German Data Protection Act) and with regard to the right of cancellation the exceptions of article 35 BDSG apply.

RIGHT OF OBJECTION ART. 21 GDPR

If we process your data on the basis of legitimate interests (art. 6 para. 1 lit. f) GDPR) or to perform a public task (art. 6 para. 1 lit. e) GDPR) and if reasons against this processing arise from your particular situation, you have the right to object to this processing in accordance with art. 21 para. 1 GDPR. In the event of an objection, we will no longer process your data for these purposes, unless we can prove compelling grounds for processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims.

You have the right of objection – without restriction – pursuant to art. 21 para. 2 and 3 GDPR against any kind of processing for direct advertising purposes.

You can address your objection to us at any time requiring no particular form. For the best possible processing, please use the following contact data:

EnBW Energie Baden-Württemberg AG
Durlacher Allee 93
76131 Karlsruhe
smight@enbw.com

Please note that you can only implement your objection to the use of tracking procedures on our website yourself. It is technically not possible to do this centrally. For each tracking procedure where you have to implement the objection yourself, we have attached a statement above.

10. Can I revoke my consent?

If we process your data on the basis of a consent given by you, you have the right to revoke your consent at any time. Your data will then no longer be processed for the purposes covered by the consent. Please note that the legality of the data processing, which took place before the revocation, is not affected by the revocation. For more information on how you can explain your revocation in detail, please refer to the previous information or the information in the respective consent. Please address your revocation to:

EnBW Energie Baden-Württemberg AG
Durlacher Allee 93
76131 Karlsruhe
smight@enbw.com

Here your revocation – if technically possible – is implemented directly centrally or you will find an explanation how you can implement the revocation yourself, since a central implementation by us is not possible for some technical procedures.

11. Do I have a right of appeal to a supervisory authority?

If you believe that the processing of your personal data violates applicable law, you can complain to a data protection supervisory authority at any time in accordance with art. 77 GDPR. This is without prejudice to other administrative or judicial remedies.

12. Do I have to provide the data or is the provision of data necessary for the conclusion of the contract?

With the exception of the technically necessary data for displaying our website, any provision of data by you is voluntary. Should this be different in exceptional cases, this is explicitly mentioned in the appropriate section of this declaration.

13. Will my data be used for automated decision making? And if so, how is this done and what are the consequences for me?

No, automated decision making does not take place.

14. Can this information be changed? And if so, how do I find out about this?

As our data processing is subject to change, we will also adjust our data protection information from time to time. We will inform you of any changes in good time. You will find the current version of these data protection regulations here.