Data Protection Declaration for the processing of personal data EEX Group

The European Energy Exchange AG informs you within the scope of this data protection declaration about how we and our companies listed below (hereinafter "EEX", "we" or "us") process your personal data, with special attention to the processing of personal data according to the general data protection regulation EU 2016/679 ("GDPR") and the applicable national data protection laws.

1. Preamble

Within the scope of this data protection declaration, EEX informs the public about the type, scope and purpose of the personal data collected, used and processed. Furthermore, by means of this data protection declaration, you will be informed about the rights to which you are entitled.

Within EEX, a consistently high level of data protection is guaranteed. We have implemented numerous technical and organizational measures to ensure the most complete possible protection of personal data processed via the websites, IT systems and applications. Nevertheless, internet-based data transmissions can have security gaps, so that complete protection cannot be guaranteed. For this reason, every person concerned is free to transmit personal data to us by alternative means, for example by telephone.

This data protection declaration applies to the following companies and must be read in conjunction with the other legal notices and terms of use of these companies. Furthermore, this data protection declaration applies to the websites and web applications of the companies belonging to EEX Group listed below:

  • European Energy Exchange AG (EEX)
    • eex.com
    • owa.eex-group.org
    • member.eex.com
    • member-test.eex.com
    • eex-transparency.com
    • elearning.eex.com
    • eex-group.com
    • eex.com/en/shop#!/
    • sdx.eex-group.com
    • eqs-eex.com
    • mis.eex.com
  • European Commodity Clearing AG (ECC AG)
  • ecc.de
  • smss.ecc.de
  • smsssimu.ecc.de
  • Agricultural Commodity Exchange GmbH (ACEX)
  • EEX Link GmbH (EEX Link)
  • EEX Power Derivatives GmbH (EPD)
  • European Commodity Clearing Luxembourg S.à.r.l. (ECC Lux)
  • Global Environmental Exchange GmbH (GEEX)

2. Definitions

Our data protection declaration is based on the concepts used by the European Commission in the adoption of the GDPR and the national data protection laws. The data protection declaration should be easy to read and to understand for the public as well as our customers, business and trade partners. To ensure this, we would like to explain the terms used in advance.

We use the following terms, among others, in this data protection declaration:

2.1 Personal data

Personal data are all information relating to an identified or identifiable natural person (hereinafter "data subject"). Identifiable is a natural person who can be identified directly or indirectly, in particular by assignment to an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.

2.2 Data subject

Data subject is any identified or identifiable natural person whose personal data are processed by the controller.

2.3 Processing

Processing means any operation or series of operations carried out with or without the aid of automated procedures in relation to personal data, such as the collection, recording organisation, sorting, storage, adaptation or alteration, reading, retrieval, use, disclosure by transmission, dissemination or any other form of provision, comparison or linking, restriction, erasure or destruction.

2.4 Restriction of processing

Restriction of processing is the labelling of stored personal data to allow the restriction of their future processing.

2.5 Profiling

Profiling is any form of automated processing of personal data which consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the performance of work, economic situation, health, personal preferences, interests, reliability, behaviour, location or relocation of that natural person.

2.6 Data controller or controller

The data controller or controller is the natural or legal person, public authority, institution or other body which at its sole discretion / solely or jointly with others decides on the purposes and means of processing personal data

2.7 Processor

A Processor is a natural or legal person, authority, institution or other body that processes personal data on behalf of the data controller

2.8 Recipient

A Recipient is a natural or legal person, authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, authorities which may receive personal data under European Union law or the law of the Member States within the framework of a particular investigation mandate shall not be regarded as recipients.

2.9 Third party

A third party is a natural or legal person, authority, institution or other body other than the data subject, the data controller, the data processor and the persons authorized to process the personal data under the direct responsibility of the data controller or the data processor.

2.10 Consent

Consent shall mean any informed and unequivocal expression of will voluntarily given by the data subject in the particular case in the form of a declaration or other clear affirmative act by which the data subject indicates his or her consent to the processing of personal data concerning him or her.

For the sake of better legibility, there is no explicit differentiation between the female and the male form. However, both are always meant.

3. Name and address of the controller

The person responsible within the meaning of the GDPR, within other data protection laws in force in the Member States of the European Union and within other provisions of a data protection nature is:

European Energy Exchange AG
Augustusplatz 9
04109 Leipzig
Germany

Phone: +49 341 2156 0
Fax:      +49 341 2156 109
E-Mail:  info@eex.com

Link to imprint: https://www.eex.com/en/legal-information/imprint

4. Name and address of the data protection officer

The data protection officer of the controller is

European Energy Exchange AG
Data Protection Officer
Augustusplatz 9
04109 Leipzig
Germany

E-Mail: dataprotection@eex.com

If you have any questions or comments on the subject of data protection, please contact the data protection officer.

5. Legal basis for the processing of personal data

We process your personal data in compliance with the applicable data protection regulations.

We only process the data that we require as part of our range of services.

  • The legal basis for such processing of personal data for pre-contractual and contractual purposes is Art. 6 para. 1 b) GDPR.
  • In addition, we process your personal data to fulfil legal obligations (e.g. regulatory requirements, commercial and tax storage obligations). In this case, the legal basis for processing is the respective legal regulations in conjunction with Art. 6 Para.1 c) GDPR.
  • We also process your data if required by Art.6 Para.1 f) GDPR to protect the legitimate interests of us or third parties. This may be necessary in particular to ensure IT security and operation and to advertise our own products and other products of the EEX Group and cooperation partners, as well as for customer satisfaction surveys.
  • Should we wish to process your personal data for a purpose not mentioned above, we will inform you in advance within the framework of the statutory provisions.

6. Data-Processing in third countries

We process your data on servers and IT systems within the European Union (EU) or within the European Economic Area (EEA). In individual cases, your personal data may also be processed in third countries, which may not offer the same level of protection as the places where you first provided the data. However, we will only transfer your personal data to contractors to companies in third countries if we have agreed with the relevant contractors a standard data protection clause adopted by the European Commission as adequate protection for your personal data.

7. Collecting general data and information about our websites

Our websites collect a series of general data and information each time a person or an automated system accesses the websites. These general data and information (s. chapter 8) are stored in the log files of the server.

This information is required to (1) correctly deliver the content of our website, (2) optimize the content of our website and, if necessary, the advertising for it, (3) ensure the permanent functionality of our information technology systems and the technology of our website, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber-attack. These anonymously collected data and information are therefore evaluated statistically and additionally evaluated with the aim of increasing data protection and data security whitin EEX in order to ultimately ensure an optimal level of protection for the personal data processed by us. The anonymous data of the server log files are stored separately from all personal data provided by a person concerned.

8. Categories of personal data and purposes of our processing

We process the following categories of your personal data for the following purposes:

8.1 Users of the websites and SFTP Servers:

For users of the websites and/or SFTP Server, we record the country of origin, the address of your internet service provider (IP or URL) or the server name, the name of the website from which you are visiting us, the name of our websites that you have visited, which operating system and which browser you use, which search term you have entered and the date and duration of your visit for statistical purposes in anonymised form. We use this personal data for the operation of the website, in particular:

  • for the technical support of the users / for the answering of inquiries
  • for the operation and administration of our website
  • for the guarantee of network and data security, insofar as these interests are in accordance with the applicable law and with the rights and freedom of the user in each case
  • for the prevention and detection of fraud and criminal offences and/or
  • if we are legally obliged to do so.
  • Access to info products files.

Some of our websites or SFTP Server also offer the possibility of user registration. If you are registered with us, you can access content and services that we only offer to registered users. In the course of the respective registration process, you provide us with further personal data. Registered users also have the option of changing or deleting the personal data provided during registration at any time if required. Of course, we will also provide you with information about the personal data we have stored about you at any time. We will be happy to correct or delete them at your request, provided that there are no legal storage obligations to the contrary.

8.2 User enquiries by email or contact form:

If you contact us by e-mail or contact form, the information you have provided will be stored for the purpose of processing your inquiry and for possible follow-up questions. In this context, you provide us with the following personal data, for example:  Name, company, contact details such as business e-mail address, telephone number and business address, request. We use this personal data to process your inquiries and/or to provide the requested information.

8.3 Recipients of newsletters and advertising:

On our websites you are given the opportunity to subscribe to various newsletters. For legal reasons, a confirmation e-mail in the double opt-in procedure is sent to the e-mail address entered by the person concerned for the first time for sending the newsletter. This confirmation e-mail serves to check whether the owner of the e-mail address has authorized the receipt of the newsletter as the person concerned. The subscription to our newsletter as well as the consent to the storage of personal data, which the person concerned has given us for the newsletter dispatch, can be revoked at any time. For the purpose of revoking your consent, you will find a corresponding link in every newsletter. For the subscription of newsletters we collect personal data such as title, first name, surname, company, e-mail address, telephone, address and newsletter type. We use this data to send you newsletters and advertising for our services and our websites and, if necessary, also to contact you by telephone or by post, insofar as this is legally permissible and provided that you have not objected to the sending of advertising.

8.4 Registration for events:

To be able to invite you to events, we record the title, first name, surname, e-mail address, company and participation in the event.

8.5 Applications and application procedures:

EEX collects and processes the personal data of applicants for the purpose of handling the application procedure. Processing can take place by post or electronically. Please note that application documents sent by email are transmitted unencrypted. To protect your application documents during the transfer, you can contact our human resources department. We then offer you the opportunity to transmit your data to us via secure access. If the person responsible concludes an employment contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents shall be automatically deleted six months after notification of the decision of rejection, provided that no other legitimate interests of the controller stand in the way of deletion. Other legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (“AGG”).

8.6 Social media:

If we integrate social media in our communication and you access their services, the data protection conditions of the social media service used apply.

You will find Us on the following social media platforms with our own channels. By using social media, we would like to inform you about topics relevant for our business activity and the market. With this Privacy Notice we would like to inform you about the platform providers, the collection of personal data and your rights regarding data protection. Please find the purposes of data processing and the categories of data in following listing of our social media channels.

8.6.1 Categories of your Personal Data, responsibilities and purposes of data processing

We use the statistic services of the respective social media platforms (as listed below) to develop and optimize our social media channels according to its use. The statistic services retrieves information about the usage of our social media channels and provides it to us as statistical information. By this means we get insights about activities and amount of our social media channel visitors, reach of our postings on the respective social media platform, usage and duration of usage of multimedia content on our website, geostatistics about our social media channel visitors and percentage of gender of our visitors.

Our option to access profiles of specific users is limited by the privacy settings of the respective social media platform of each user following one of our social media channels. We may use your profile information for internal report on certain campaigns. Usage of your profile information is limited to the information you have set to be publicly available on the social media site, such as your name, username, gender, friends network, age range, locale and any other information you have made public. Furthermore, we store your username as personal data every time you send us a direct message.

8.6.2 Twitter

When you follow one of our Twitter channels from the European Union, the responsible Twitter entity for processing of your personal data is:
Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland

Twitterprocesses personal data according to its Data Policy you find here:
https://twitter.com/en/privacy

It includes contact details for data protection queries and data subject’s right requests here:
Twitter International Company, Attn: Data Protection Officer, One Cumberland Place,Fenian Street, Dublin 2, D02 AX07 Ireland

Opt-Out:
https://twitter.com/personalization

Privacy Shield:
https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active


8.6.3 Google and YouTube

When you visit one of our YouTube channelsor Google+ pages, data about your visit will be processed by
Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA

Google processes personal data according to its Data Policy you find here:
https://policies.google.com/privacy

It includes contact details for data protection queries and data subject’s right requests here:
https://support.google.com/policies/troubleshooter/7575787


8.6.4 LinkedIn

When you visit one of our LinkedIn channels, data about your visit will be processed by
LinkedIn Ireland Unlimited Company,Wilton Place, Dublin 2, Ireland

LinkedIn processes personal data according to its Data Policy you find here:
https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy

It includes contact details for data protection queries and data subject’s right requests here:
https://www.linkedin.com/help/linkedin/ask/TSO-DPO


8.6.5 Instagram

When you visit one of our Instagram channels, data about your visit will be processed by
Facebook Ltd., 4. Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Instagram processes personal data according to its Data Policy you find here:
https://help.instagram.com/519522125107875?helpref=page_content

It includes contact details for data protection queries and data subject’s right requests here:
https://www.facebook.com/help/contact/540977946302970


8.6.6 Xing

When you visit one of our XING pages, data about your visit will be processed by
XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany

XING processes personal data according to its Data Policy you find here:
https://privacy.xing.com/en/privacy-policy

9. Processor

We use external service providers for the processing and storage of their personal data. For example, our service providers support us in operating our websites, IT systems and applications as well as in carrying out marketing measures (e.g. sending newsletters). Our service providers process data only in accordance with the instructions and under the control of EEX AG and exclusively for the purposes described in this data protection information. We ensure that appropriate technical and organisational precautions are taken to protect your personal data from unauthorised access. We regularly review our security policies, procedures and service providers to ensure the security of our websites, IT systems and applications.

10. Disclosure of personal data

Your personal data may be disclosed both within Deutsche Börse Group and within the EEX Group, for example to fulfil contractual obligations. Should further group mergers with other companies occur in the future or should individual companies belonging to the group decide to establish further subsidiaries, their declaration of consent to this data protection declaration shall continue to apply insofar as compliance with a data protection level comparable with this data protection declaration is ensured.

We may also disclose your personal data to public authorities if required by applicable law. A passing on of your personal data is also permitted if there is suspicion of a criminal offence or the misuse of the services offered on our website. In this case we are entitled to transfer your personal data to the law enforcement authority.

Otherwise, we will only pass on your personal data to others such as cooperation partners or advertising partners for their own purposes if you have expressly and voluntarily consented to the passing on of your personal data. In this case, we will request your consent separately from this privacy policy.

11. Use of website analysis services and cookies as well as profiling

This website uses etracker technology to collect and store data for marketing and optimization purposes. Anonymised usage profiles can be generated from these data. Cookies may be used for this purpose. Cookies are small text files which are stored locally in the browser storage of a website visitor. They enable the recognition of the browser on subsequent visits. The data collected with etracker technology will not be be used to identify a visitor of the website and will not be aggregated with personal data without the explicit consent of the visitor.Wih the further use of this website you agree on he use of cookies. The collection and storage of data may be refused by a visitor at any time, at which point no further data will be collected.



Of course, you can also view our website without cookies. Internet browsers are regularly set to accept cookies. You can deactivate the use of cookies at any time via the settings of your browser. Please use the help functions of your Internet browser to find out how you can change these settings. Please note that some features of our website may not work if you have disabled the use of cookies.

In the case of newsletters, all customer interaction data is also analysed (successful delivery of e-mails, rejected e-mails, opening of e-mails, clicks, conversion, subscription).

For events we save your answer for participation or non-participation.

Under no circumstances will the data we collect be passed on to unauthorized third parties or linked to personal data without your consent.

11.1 List of Cookies

Name Purpose Storage duration
et_oi_v2 OptOpt-In cookie stores the visitor's decision when tracking Opt-In is played on the customer's site. It is also used for a possible Opt-Out.-In-Cookie speichert die Entscheidung des Besuchers, wenn auf der Seite des Kunden das Tracking Opt-In ausgespielt wird.
Wird auch für ein eventuelles Opt-Out verwendet.
no - 50 years
"yes" - 480 days
TS# Cookie only collects a session ID to ensure an equal distribution of all requests via our server. Valid until the end of the browser session. Duration of session
EquityStory Cookie only collects a session ID to ensure an equal distribution of all requests via our server. Valid until the end of the browser session. Duration of session
PHPSESSID The PHPSESSID cookie is used to store a session identifier so that New Relic can monitor session counts for an application. Duration of session
     
   
     
     

12. Deletion and blocking of personal data

We adhere to the principles of data avoidance and data economy. We only store your personal data for as long as necessary to achieve the aforementioned purposes or as provided for by the various storage periods provided for by law. After the respective purpose or expiry of the statutory retention periods and insofar as they are no longer required for contract performance or contract initiation, the personal data will be blocked or deleted in accordance with the statutory provisions and state of the art technology.

13. Your rights as a data subject

You have the right to object to the processing of your personal data at any time. If you object, we will no longer process your personal data unless we can prove compelling legitimate reasons for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

We process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising.

If you object to the processing for direct advertising purposes, we will no longer process your personal data for these purposes.

14. Recipient of an objection

The objection can be made form-free with the subject "objection" stating your name, your address and your date of birth and should be addressed to:

European Energy Exchange AG
Augustusplatz 9
04109 Leipzig
Germany

E-mail: dataprotection@eex.com

We have a period of four weeks to process your objection, which in exceptional cases will be extended by a further two months if this is necessary in view of the complexity and number of applications.

15. Your rights as a data subject

As a person affected by the processing of your data, you have the following individual rights:

  • Right to correct and, if necessary, supplement your personal data processed by us
  • Right to transparent information about the handling of your personal data processed by us
  • Right to information about your personal data processed by us
  • Right of blocking or deletion and the right to be forgotten
  • Right to limitation of processing
  • Right to data transferability
  • Right of objection
  • Right to revoke consent already given with future effect
  • Right of appeal to the competent supervisory authority for data protection

If our processing of your personal data is based on your consent, you also have the right to revoke your consent without affecting the legality of our processing on the basis of your consent before its revocation.

Please note that due to legal storage periods we may still be obliged to store certain personal data of yours even after an application for deletion or "right to be forgotten".

The supervisory authority responsible for data protection is:

Sächsischer Datenschutzbeauftragter
Herr Andreas Schurig
Bernhard-von-Lindenau-Platz 1
01067 Dresden
Germany

16 Changes to the data protection regulations

We reserve the right to adapt this data protection declaration if necessary so that it always complies with current legal requirements or to implement changes to our services in the data protection declaration, e.g. when introducing new services. The updated privacy policy will be published on our website. Subject to existing legislation, all changes will come into force as soon as the updated privacy statement is published. If we are subject to a legal obligation to provide information, we will also inform you of any material changes to our data protection declaration

17. Validity

This data protection declaration continues to apply indefinitely from its publication. The validity of this data protection declaration is cancelled by the announcement of a subsequent data protection declaration.

Announced on: 22 May 2018

Ad-hoc Ticker

EEX Group DataSource

Get connected to real time data via API, Desktop App or Excel Tool.

Subscribe now

 

Transparency Services

Become a member of EEX Transparency Platform

Register now

InsightCommodity

Explore data-driven solutions for energy markets.

Explore now

Transparency Support Team

T:  +49 341 2156 233
E: support@eex-transparency.com