Skip to main content

Processing of (personal) data by the entity in charge of the online application process

Privacy Policy for End Users as well as B2B Customers (hereinafter referred to as "Customer").
Status: March 28, 2023

The protection of personal data (hereinafter referred to as "data") is an important concern for Discovergy GmbH, Am Berg 12, 52076 Aachen, Germany (hereinafter referred to as "Discovergy", "we" or "us"). Discovergy is aware of the sensitivity of the data transmitted by the customer, in particular the consumption data that may be automatically collected by a smart meter and subsequently evaluated and processed in a useful manner, and undertakes to handle this data in a trustworthy and responsible manner and to comply with all applicable legal provisions, in particular the EU General Data Protection Regulation (GDPR). In the following, we inform you as our customer which data is used for which purposes when using our services and application and which rights you are entitled to in connection with their data.

1. name and contact details of the controller and the data protection officer
The data controller in the sense of data protection law is:

Discovergy GmbH
Am Berg 12
52076 Aachen
E-mail: info@discovergy.com
Phone: +49 241 5380 941 0

Discovergy's data protection officer will be happy to answer any questions you may have about our data protection activities and to provide you with information. You can reach our data protection officer at our company address with the addition "Data Protection". By telephone via the data protection officer's telephone number or by e-mail at datenschutz@discovergy.com.
2. data collection
The core elements of our services are the collection and provision of metered values by means of smart metering systems. A smart metering system consists of a digital electricity meter, which records the metered values, and a smart meter gateway for the purposes of data reception, storage and communication. Among other things, smart metering systems record time-based consumption, power and feed-in. However, the collection and processing of other data is also necessary as part of the provision of our services. In the course of providing our services, we process the following categories of data:

Personal master data / pers. Identification data (e.g. name, address, date of birth, marital status, job title, company affiliation, online identifier, ID numbers);
Personal master data of family members or friends of the end customer (name and e-mail address). The end customer can share their energy portal with family members or friends. This is an option and not mandatory. In this case, the named members will receive an invitation by eMail;
Contact information (phone numbers, email address);
Electronic identification data (such as device ID, IP address, login information);
Contract and consumption information (electricity tariff, metered values, meter reading, meter type, billing data/invoice data, bank data);
Customer history;
Consumption quantities and times of individual household appliances (refrigerator, washing machine or dishwasher, oven, etc.) or controllable consumption devices (e-cars, battery storage or heat pumps), broken down by our appliance recognition for SLP customers with second-by-second resolution;
Electricity tariff, feed-in tariff, property details (housing type, such as house or apartment), room, area, hot water, heating, cooling, kitchen, bathroom, laundry, work and garden appliances, consumer electronics, electric mobility and other appliances. This data is information that the consumer can voluntarily provide in the Discovergy energy portal. With the help of this data, various evaluations can be made with regard to electricity consumption.

3. nature and purposes of processing
We as the responsible party collect your data exclusively for the following purposes:

To establish, execute and fulfill the contract (metering point operation contract) with you as a customer. In this context, the conclusion of the contract may be mediated by a reseller;
Implementation of technical support by us in the event of potential malfunctions or errors;
Preparation of evaluations of personal consumption data by means of the smart meter in order to display the customer's consumption and its composition in a clear and comprehensible manner in the customer portal and to allocate it to individual household appliances and consumption devices by means of data analysis;
to provide indications of possible savings and other financial benefits using statistical methods;
Legally obligatory transmission of billing-relevant data, such as meter readings or measured values, to market partners (e.g., energy suppliers, network operators, or energy service providers);
Using and, if necessary, also passing on to third parties anonymized and aggregated data for internal market research, advertising, product development and comparison purposes;
Collecting, processing and using usage data, including by means of cookies, for system optimization purposes;
Obtaining standard banking information from the bank designated in the direct debit authorization with regard to the account named therein and about the private/corporate financial circumstances of the customer and, in addition, for credit assessment purposes, exchanging necessary data of the customer with SCHUFA and/or another credit agency.
4. legal bases
The following legal bases are relevant for the processing of customer data:

Customer data is processed insofar as this is necessary to achieve the contractual purpose described and within the framework of the contractual relationship with resellers. This also applies to technical support and to any evaluations and processing of customer data that may be voluntarily submitted to Discovergy. The legal basis for this is Art. 6 (1) (b) DSGVO. This legal basis also applies if the Customer's inquiry via contact form on Discovergy's website is related to the performance of a contract or is necessary for the performance of pre-contractual measures. More information on processing of data in the context of visiting our website is available here.
As a metering point operator, Discovergy is in particular required by law to provide billing-relevant consumption data to the respective energy supplier and distribution network operator. In addition, we process customer data to the extent necessary to assert legal claims and defend against legal disputes, and to the extent necessary to comply with legal obligations. Art. 6 para. 1 letter c) DSGVO applies to this type of data transfers.
The potential transfer of data in anonymized form to third parties for internal market research, product development and comparison purposes is possible on the basis of Art. 6 para. 1 letter a) DSGVO. Due to the anonymization, no conclusions about the user are possible, so that the user's anonymity is fully preserved.
Cookies that are necessary to carry out the electronic communication process (necessary cookies) or to provide certain functions desired by the customer (functional cookies) or to optimize the website are stored on the basis of Art. 6 (1) (f) DSGVO, unless another legal basis is specified. The website operator has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies has been requested, the storage of the cookies in question is based exclusively on this consent (Art. 6 para. 1 letter a) DSGVO); consent can be revoked at any time. More details on cookies can be found here.
Processing of your data for purposes other than those previously mentioned will only take place insofar as such processing is permitted under Art. 6 (4) DSGVO and is compatible with the original purposes. We will inform you about such processing prior to any such further processing of your data.
5. recipients of the data
There may be a need to forward customer data to other affiliated companies within the Group. Data protection regulations are made and ensured between respective group companies. The transfer of data to third parties is always based on a legal obligation or other legal basis (see section 4).

In the event that we outsource certain parts of data processing ("commissioned processing"), we contractually oblige commissioned processors pursuant to Art. 28 DSGVO to use personal data only in accordance with the requirements of the relevant data protection laws and to ensure the protection of the rights of the data subjects. If the contract between our customers and Discovergy comes about through the mediation of a reseller, we receive your data from the reseller on the basis of a reseller contract concluded between Discovergy and the reseller. In addition to the Reseller Agreement, we enter into a Order Processing Agreement with the Reseller pursuant to Art. 28 DSGVO and, as a processor, we comply with all relevant provisions.

Processing in third countries, countries outside the member states of the European Union or the European Economic Area is not provided for. Should processing in third countries nevertheless become necessary, we will ensure permissibility based on the requirements of the DSGVO before implementation.

We reserve the right, in the event of a legal obligation, to disclose information about customers if the handover is required of us by lawful authorities or law enforcement bodies. The legal basis is Art. 6 (1) (c) DSGVO.
6. storage of data of the customers
Unless specifically stated, we store customer data only as long as necessary to fulfill the purposes pursued.

In some cases, the legislator provides for the retention of data, such as in tax or commercial law. In these cases, we only continue to store the data for these legal purposes, but do not process it in any other way and delete it after the legal retention period has expired.
7 Deletion of consumption data
As a Customer, you have the option at any time and without giving reasons to delete all non-billing-relevant consumption data for any past periods as well as to temporarily or permanently deactivate the storage of non-billing-relevant consumption data. The Customer must notify Discovergy of this (see contact details in section 1). Discovergy functions that are based on detailed consumption data will then no longer be available or will only be available to a very limited extent.
8. rights of customers (data subject rights)
With regard to the processing of your personal data, you have extensive rights.

Right to information: as a customer, you have the right to information about the data stored by us, in particular, for what purpose the processing is carried out and how long the data is stored (Art. 15 DSGVO).

Right to correct incorrect data: As a customer, you have the right to demand that we correct the personal data concerning you without delay if it should be incorrect (Art. 16 DSGVO).

Right to erasure: You have the right as a customer to demand that we erase the personal data concerning you. These conditions provide that you can demand the erasure of your data if, for example, we no longer need the personal data for the purposes for which it was collected or otherwise processed, we should process the data unlawfully or you should have legitimately objected, or if there is a legal obligation to erase it (Art. 17 DSGVO).

Right to restriction of processing: As a customer, you have the right to request restriction of the processing of your data. This right exists in particular for the duration of the examination if you have disputed the accuracy of the data concerning you and in the event that you wish to have restricted processing instead of deletion in the case of an existing right to deletion. Furthermore, processing will be restricted in the event that the data is no longer necessary for the purposes pursued by us, but you require the data for the assertion, exercise or defense of legal claims, as well as if the successful exercise of an objection is disputed between us and you (Art. 18 DSGVO).

Right to data portability: As a customer, you have the right to receive the personal data concerning you that you have provided to us from us in a structured, common, machine-readable format (Art. 20 DSGVO), insofar as this has not already been deleted.

Right to object: As a customer, you have the right to object to the processing of personal data concerning you at any time on grounds relating to your particular situation (Art. 21 DSGVO). We will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the purpose of asserting, exercising or defending legal claims.
According to Art. 7 (3) DSGVO, customers have the right to revoke their consent at any time. The revocation does not affect the lawfulness of the processing carried out on the basis of the previous consent. The revocation only has the consequence that we may no longer continue the data processing based on this consent for the future. We would like to point out to you as a customer that if you revoke your consent to the use of your personal data for the creation of consumption profiles and for advertising purposes, we will no longer be able to fulfill one of the purposes of our contractual relationship, which is to be able to display our own optimization offers to you for the purpose of optimizing consumption and also offers and advertising from third-party companies.

If you wish to object to the processing of your personal data, please send us an e-mail or write to the contact address of the data protection officer mentioned above.

Right to complain to the supervisory authority: As a customer, you have the option of contacting the above-mentioned data protection officer or a data protection supervisory authority if you believe that the processing of personal data concerning you violates the basic data protection regulation.

Processing of (personal) data by the operator of the recruitment website

General information

This recruitment website is operated by Personio SE & Co. KG, which offers a human resource and candidate management software solution (https://www.personio.com/legal-notice/). Data transmitted as part of your application will be transferred using TLS encryption and stored in a database. The sole controller of this data within the meaning of article 24 of the GDPR is the enterprise carrying out this online application process. Personio’s role is limited to operating the software and this recruitment website and, in this context, being a processor under article 28 of the GDPR. In this case, the processing by Personio is based on an agreement for the processing of orders between the controller and Personio. In addition, Personio SE & Co. KG processes further data, some of which may be personal data, to provide its services, in particular for operating this recruitment website. We will refer to this in more detail below.

The controller

The controller under data protection law is:
Personio SE & Co. KG
Seidlstraße 3
80335 München
Tel.: +49 (89) 1250 1004
Entry in the commercial register
Commercial register entry number: HRA 115934
Registration Court: Amtsgericht München
Data Protection Officer contact: privacy@personio.com

Access logs (“server logs”)

Each access to this recruitment website automatically causes general protocol data, so-called server logs, to be collected. As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. Without this data, it would, in some cases, be technically impossible to deliver or display the contents of the software. In addition, processing this data is absolutely necessary under security aspects, in particular for access, input, transfer, and storage control. Furthermore, this anonymous information can be used for statistical purposes and for optimizing services and technology. In addition, the log files can be checked and analyzed retrospectively when unlawful use of the software is suspected. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. Generally, data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp of the access to the software is collected. The scope of this log process does not exceed the common log scope of any other site on the web. These access logs are stored for a period of up to 7 days. There is no right to object to this.

Error logs

So-called error logs are generated for the purpose of identifying and fixing bugs. This is absolutely necessary to ensure we can react as quickly as possible to possible problems with displaying and implementing content (legitimate interest). As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. When an error message occurs, general data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp upon occurrence of the respective error message and/or specification is collected. These error logs are stored for a period of up to 7 days. There is no right to object to this.

Use of cookies

So-called cookies are used on parts of this recruitment website. They are small text files which are stored on the device with which you access this recruitment website. As a general rule, cookies serve the purpose of ensuring secure access to a website (“absolutely necessary”), implementing certain functionalities such as standard-language settings (“functional”), improving the user experience or the performance of the website (“performance”), or placing targeted advertisements (“marketing”). On this recruitment website, we generally use only cookies that are absolutely necessary, functional or performance-related, in particular for implementing certain default settings such as language, for identifying the job advertising channel, or for analyzing the performance of a job advert via which a user accessed this recruitment website. The use of cookies is absolutely necessary for providing our services and thus for the performance of the contract (article 6 (1) b) of the GDPR). Period of storage: up to 1 month or until the end of the browser session Right to object: You can determine via your browser settings whether you allow or object to the use of cookies. Please note that deactivating cookies may result in limited or completely blocked functionalities of this recruitment website.

Rights of data subjects

If Personio SE & Co. KG as the controller processes personal data, you as the data subject have certain rights under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the legal basis and the purpose of the processing, in particular the right of access (article 15 of the GDPR) and the rights to rectification (article 16 of the GDPR), erasure (article 17 of the GDPR), restriction of processing (article 18 of the GDPR), and data portability (article 20 of the GDPR), as well as the right to object (article 21 of the GDPR). If the personal data is processed with your consent, you have the right to withdraw this consent under article 7 III of the GDPR. To assert your rights as a data subject in relation to the data processed for the purpose of operating this recruitment website, please refer to Personio SE & Co. KG’s Data Protection Officer (see item B).

Concluding provisions

Personio reserves the right to adjust this data privacy statement at any point in time to ensure that it is in line with the current legal requirements at all times, or in order to accommodate changes in the services offered, for example when new services are introduced. In this case, the new data privacy statement applies to any later visit of this recruitment website or any later job application.