Data Protection Notices

Information for applicants

1. Data protection at a glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit our website. Personal data are all data with which you can be personally identified. Detailed information on data protection can be found in our privacy policy listed below this text.

Data Collection on our Website

Who is responsible for data collection on this website?

The data processing on this website is carried out by the website operator. You can find their contact details in the imprint of this website.

How do we collect your data?

Your data is collected in part by you providing it to us. This may include data that you enter into a contact form.

Other data is automatically collected by our IT systems when you visit the website. This is mainly technical data (e.g., internet browser, operating system, or time of page access). This data is collected automatically as soon as you enter our website.

What do we use your data for?

Some of the data is collected to ensure the proper functioning of the website. Other data may be used to analyze your user behavior.

What rights do you have regarding your data?

You have the right to receive information about the origin, recipient, and purpose of your stored personal data free of charge at any time. You also have the right to request the correction, blocking, or deletion of this data. For this purpose, as well as for further questions regarding data protection, you can contact us at any time using the address provided in the imprint. Furthermore, you have a right to lodge a complaint with the competent supervisory authority.

Analysis Tools and Third-Party Tools

When you visit our website, your surfing behavior may be statistically evaluated. This is mainly done with cookies and so-called analysis programs. The analysis of your surfing behavior is usually anonymous; the surfing behavior cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools. Detailed information can be found in the following privacy policy.

You can object to this analysis. We will inform you about the possibilities of objection in this privacy policy.

2. General Information and Mandatory Information

Data Protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the legal data protection regulations and this privacy policy.

When you use this website, various personal data is collected. Personal data is data with which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

We point out that data transmission over the Internet (e.g., communication by e-mail) may have security gaps. A complete protection of the data against access by third parties is not possible.

Responsible Party

The responsible party for data processing on this website is:

Kraftwerk
Kraft-Wärme-Kopplung GmbH
Am Lindener Hafen 30
30453 Hannover

Phone: 0511.262 997 – 0
Email: mail@kwk.info

The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g., names, email addresses, etc.).

The company's data protection officer can be reached at the following address:

hmk Daten System Technik GmbH

Mr. Dennis Hartung
Marie-Jahn-Straße 18
D-30177 Hannover

Phone: 0511.626 279 - 30
Email: datenschutz@hmk-gmbh.de

Revocation of Your Consent to Data Processing

Many data processing operations are only possible with your express consent. You can revoke any consent you have already given at any time. To do so, an informal notification by e-mail to us is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to Lodge a Complaint with the Supervisory Authority

In the event of violations of data protection law, the data subject has the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority for data protection issues is the state data protection officer of the federal state in which our company is based. A list of data protection officers and their contact details can be found at the following link:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Right to Data Portability

You have the right to have data that we process automatically based on your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done to the extent that it is technically feasible.

SSL or TLS Encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Information, Blocking, Deletion

Within the scope of the applicable legal provisions, you have the right to free information about your stored personal data, their origin and recipient and the purpose of data processing and, if necessary, a right to correction, blocking or deletion of this data. For this purpose, as well as for further questions regarding personal data, you can contact us at any time at the address given in the imprint.

3. Data Collection on Our Website

Cookies

The internet pages partly use so-called cookies. Cookies do not harm your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, effective, and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called "session cookies." They are automatically deleted after your visit. Other cookies remain stored on your device until you delete them. These cookies enable us to recognize your browser the next time you visit.

You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for specific cases, or in general, and activate the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.

Cookies that are necessary for the execution of the electronic communication process or for the provision of certain functions requested by you (e.g., shopping cart function) are stored on the basis of Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of its services. If other cookies (e.g., cookies for analyzing your browsing behavior) are stored, they will be treated separately in this privacy policy.

Server Log Files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

These data will not be combined with data from other sources.

The basis for data processing is Art. 6 Para. 1 lit. f GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.

4. Analysis Tools and Advertising

This site does not use analysis tools.

5. Plugins and Tools

Google Maps

This site uses the map service Google Maps via an API. The provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.

To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.

The use of Google Maps is in the interest of an attractive presentation of our online offers and an easy findability of the places we have indicated on the website. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR.

More information on handling user data can be found in Google's privacy policy: https://www.google.de/intl/
de/policies/privacy/ .

6. Contact

On our website, you can contact us via a contact form. If you take advantage of this option, the data entered in the input mask will be transmitted to us and stored. In addition to the specific input mask data, the IP address and the date and time of the request are collected and stored. By submitting, you consent to the processing of the data.

Alternatively, contact via email is possible. In this case, the personal data of the user transmitted with the email will be stored.

In this context, the data is also passed on to Sendinblue GmbH (developer of the contact form), which forwards the data to us via its servers. Sendingblue is a European, GDPR-compliant company, to which we are bound as a data processor to comply with data protection requirements. In any case, the data is used exclusively for the processing of the conversation.

Legal Basis for Processing

The legal basis for processing data with the user's consent is Art. 6 para. 1 lit. a GDPR.

The legal basis for processing data transmitted in the course of sending an email is Art. 6 para. 1 lit. f GDPR. If the email contact aims at the conclusion of a contract, an additional legal basis for processing is Art. 6 para. 1 lit. b GDPR.

Purpose of Data Processing

The processing of personal data from the input mask serves solely to process your request. In the case of contact by email, there is also the necessary legitimate interest in processing the data.

The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

Duration of Storage

We delete the data as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those that were sent by email, this is the case when the respective conversation with the user has ended. The conversation is deemed to have ended when it can be inferred from the circumstances that the matter in question has been finally clarified. The personal data additionally collected during the sending process will be deleted at the latest after a period of seven days.

Possibility of Objection and Removal

The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by email, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.

In this case, all personal data stored in the course of the contact will be deleted.

Online Platforms

Kraftwerk Kraft-Wärme-Kopplung GmbH (KWK) uses online platforms and software to plan and execute projects, such as the installation and maintenance of cogeneration plants (CHP), to allocate tasks and points of contact, and for monitoring and logging CHP operation. As an employee, customer, or partner of the company, your data may be processed on the following platforms:

Webgate

Webgate is the central portal for monitoring CHPs. It primarily processes machine data, with minimal collection of personal data. Points of contact (operators/caretakers) for the plants are registered with their business phone numbers and email addresses to coordinate visits by service technicians. Operators and KWK employees have accounts containing access credentials such as usernames, contact details (name, company, position, phone number, and email address), and passwords. Users maintain their contact details in their own accounts. Webgate is also connected to the smapOne software, where digital work reports are created and transferred to Webgate.

Redmine

Redmine is a ticketing system used for project logging. The platform allows for the creation of user accounts with contact details (name, company, and email address), permissions and approvals, assignment of tasks to individual employees, personal time tracking for work on a project, substantive documentation of work performed, and creation of posts in a wiki (knowledge management system).

CRM Sage

Sage is a program for managing customer data and sales, as well as communication. Other areas include accounting, invoicing, and inventory management. Data captured includes contact details (name, address, position, company, phone number, email), bank account details, contracts, invoices, and delivery notes.

Outlook

Microsoft's email program is used for internal and external communication. Data is collected in the form of a customer database (name, address, company, position, phone number, email address). The calendar function allows for scheduling appointments and meetings and can also contain contact details.

The legal basis for processing is Article 6(1)(b) GDPR (processing of data for contract performance/pre-contractual measures), as well as BDSG § 26(1) sentence 1 (for the execution or termination of the employment relationship).

Your data is processed by KWK employees exclusively for the purposes mentioned above. There is no transfer of data to a third country.

he data will be deleted after the end of the contract or non-conclusion of a contract, as well as when an employee leaves the company. If data must be retained due to legal obligations, it will be deleted after the expiration of the statutory retention periods. If deletion is not possible for technical reasons, access will be restricted so that only a small circle (management/administrator) has access.

You have the right to information about your personal data processed by us. This includes the mandatory information described in Art. 15 GDPR. You have the right to immediately correct inaccurate or complete incomplete personal data (Art. 16 GDPR). You have the right to request the deletion of your personal data if one of the reasons listed in Art. 17 GDPR applies, especially if there is no longer a legal basis for processing. You have the right to request the restriction of processing of your personal data if one of the reasons listed in Art. 18 GDPR applies, especially at your request instead of deletion of the data. You have the right to receive all personal data stored by us about you in a structured, commonly used, and machine-readable format and to transmit this data to another controller without hindrance from the controller to whom the personal data was provided (Art. 20 GDPR).

According to Art. 77 GDPR, you have the right to lodge a complaint with the supervisory authority responsible for you.

Applicant Information

Responsible Authority

The responsible authority for data processing on this website is:

Kraftwerk Kraft-Wärme-Kopplung GmbH
Am Lindener Hafen 30
30453 Hannover
Phone: 0511.262 997 – 0
Email: mail@kwk.info

The responsible authority is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g., names, email addresses, etc.).

The company data protection officer can be reached at the following address:
hmk Daten System Technik GmbH
Mr. Dennis Hartung
Marie-Jahn-Straße 18
D-30177 Hannover
Phone: 0511.626 279 - 30
Email: datenschutz@hmk-gmbh.de

The purpose of data processing is to conduct the application process. (Legal basis: pre-contractual measure, Art. 6(1)(b) GDPR). If we are legally obliged to process your data in connection with your application (such as according to regulations of labor, tax, and social law), the legal basis is Art. 6(1)(c) GDPR.

For the purpose of conducting the application process, we use the data provided by you in application documents as well as additional information from telephone, written, and personal communication in the following categories: name, contact details, date of birth, information about career progression and qualifications, certificates, certifications, language skills, financial expectations, availability and willingness to travel, and professional and personal interests related to the relevant position(s).

Please note that in particular, CVs, certificates, or any other data provided by you for the purpose of the application may regularly contain information about particularly sensitive data.

We strongly advise you not to provide any information about the following particularly sensitive areas:
• racial or ethnic origin,
• political opinions,
• religious or philosophical beliefs,
• membership in a trade union or political party,
• physical or mental health,
• sex life or sexual orientation.

If the submitted application documents contain such particularly sensitive data, your submitted data will be immediately deleted. Please note that the processing of your data for the purpose of conducting the application process will then no longer be possible. Any health data provided by you will only be processed if relevant to the application process. Categories of recipients of your data are internal departments for processing your application and conducting the application process.

Data that we need to conduct the application process will be deleted 6 months after the end of the application process. If data must be retained due to legal obligations (such as documentation obligations under tax law for reimbursement of travel expenses: ten years), it will be deleted after the statutory retention periods expire.

f personal data concerning you is processed, you are a data subject within the meaning of Art. 4(1) GDPR. As a data subject, you have the following rights with regard to your personal data. To exercise these rights, you can contact us using the contact details provided above. You have the right to information about the personal data processed by us. This includes the mandatory information described in Art. 15 GDPR. You have the right to immediately correct inaccurate or complete incomplete personal data (Art. 16 GDPR). You have the right to request the deletion of your personal data if one of the reasons listed in Art. 17 GDPR applies, especially if there is no longer a legal basis for processing. You have the right to request the restriction of processing of your personal data if one of the reasons listed in Art. 18 GDPR applies, especially at your request instead of deletion of the data. You have the right to receive all personal data stored by us about you in a structured, commonly used, and machine-readable format and to transmit this data to another controller without hindrance from the controller to whom the personal data was provided (Art. 20 GDPR).

According to Art. 77 GDPR, you have the right to lodge a complaint with the supervisory authority responsible for you. The competent supervisory authority in Lower Saxony is:

The State Commissioner for Data Protection Lower Saxony
Prinzenstraße 5, 30159 Hannover Phone. +49 (0511) 120 45 00 Fax: +49 (0511) 120 45 99