Data Privacy Notice

General information

1. Name and contact details of the person responsible for processing

This data protection information applies to data processing by:

node.energy GmbH

Carl-von-Noorden Platz 5

60596 Frankfurt/Main

Phone: +49 69 999 99 39 80

Email: info@node.energy

The operational data protection officer of node.energy GmbH is at dhpg IT-Services GmbH, Bunsenstr. 10a, 51647 Gummersbach, in HD. Dr. Christian Lenz, or at datenschutz@dhpg.de or 02261-8195-0.

2. Rights of data subjects

You have the right to:

  • to request information about your personal data processed by us in accordance with Art. 15 GDPR. If we process your data, you can in particular provide information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, in particular recipients in third countries, the planned storage period or the criteria for determining it, the existence of a right of correction, deletion, restriction of processing or objection, the existence of a right of appeal to a supervisory authority, the origin of your data, unless it is with us have been collected, and request the existence of automated decision-making, including profiling and, if necessary, meaningful information about its details;
  • in accordance with Article 16 GDPR, to immediately request the correction of incorrect or completed personal data stored by us;
  • to request the deletion of your personal data stored by us in accordance with Article 17 GDPR, unless processing is necessary in particular to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
  • to request the restriction of the processing of your personal data in accordance with Article 18 GDPR, insofar as the accuracy of the data is disputed by you, the processing is unlawful but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have objected to the processing in accordance with Article 21 GDPR and it is not yet clear whether our legitimate reasons prevail over your interests;
  • in accordance with Article 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request transmission to another person responsible, provided that the processing is based on your consent or a contract and the processing is carried out using automated procedures;
  • in accordance with Article 7 (3) GDPR, to withdraw your consent to us at any time. As a result, we are no longer allowed to continue data processing based on this consent in the future and
  • to complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or place of work or our company headquarters.

3. Right of objection

If your personal data is processed on the basis of legitimate interests in accordance with Article 6 (1) (e) or (f) GDPR, you have the right to object to the processing of your personal data in accordance with Article 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct marketing.

In the first case, we will no longer process your data unless we can prove compelling reasons that outweigh your interests, freedoms and rights or our processing serves to assert, exercise or defend legal claims.

In the latter case, you have a general right of objection, which will be implemented by us without specifying a particular situation. If you would like to exercise your right of revocation or objection, simply send an e-mail to info@node.energy.

4. Transfer of data

Your personal data will not be transferred to third parties for purposes other than those listed below. We will only share your personal information with third parties if:

  • you have given your express consent to this in accordance with Article 6 (1) (a) of the GDPR
  • the transfer is necessary in accordance with Article 6 (1) (f) GDPR to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
  • in the event that there is a legal obligation to transfer data in accordance with Article 6 (1) (c) GDPR, and
  • This is legally permitted and is required in accordance with Article 6 (1) (b) GDPR to process contractual relationships with you.

In addition, our contract processors receive your personal data for processing in accordance with instructions, insofar as this is necessary to fulfill the order. Our contract processors do not have their own right to use your data.

5. Data security

When you visit our website, we use the common SSL (Secure Socket Layer) procedure in conjunction with the highest level of encryption supported by your browser. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol or by the use of https in front of the address of our (sub) website. We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are constantly being improved in line with technological developments.

6. Third countries

We only transfer data to third countries in accordance with legal regulations.

The admissibility of data transfer to third countries is governed by Art. 44 et seq. of the GDPR. If we transfer your data to a third country, you will be informed about this in the specific data protection information on the respective processing process, including the respective legal regulations.

Special data protection information for data processing processes on the website and in social networks

1. When you visit the website

When you visit our website, the browser used on your device automatically sends information to our website's server. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until it is automatically deleted:

  • IP address of the requesting computer,
  • date and time of access,
  • name and URL of the retrieved file,
  • website from which access is made (referrer URL),
  • browser used and, if applicable, the operating system of your computer and the name of your access provider.

The above data is processed by us for the following purposes:

  • ensuring a smooth connection to the website,
  • ensuring convenient use of our website,
  • evaluation of system security and stability, and
  • for further administrative purposes.

The legal basis for data processing is Article 6 (1) (f) GDPR. Our legitimate interest lies in operating our website and the associated presentation of our company.

Your data will be deleted as soon as they are no longer required for the specified purposes, at the latest after 6 months.

2. Request by e-mail, telephone or fax

If you contact us by email, telephone or fax, your request, including all resulting personal data (name, request), will be stored and processed by us for the purpose of processing your request. We will not share this data without your consent.

This data is processed on the basis of Article 6 (1) (b) GDPR, provided that your request is related to the fulfilment of a contract or is necessary to carry out pre-contractual measures. In all other cases, processing is based on your consent (Article 6 (1) (a) GDPR).

This data will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory legal provisions — in particular statutory retention periods — remain unaffected.

3. When signing up for our newsletter

If you have expressly consented in accordance with Article 6 (1) (a) GDPR, we will use your email address to send you our newsletter on a regular basis. To receive the newsletter, it is sufficient to provide an e-mail address and your name. You can specify your company and position voluntarily. You can unsubscribe at any time, for example via a link at the end of each newsletter. Alternatively, you are welcome to send your request to unsubscribe at any time to info@node.energy.

We use the HubSpot service from HubSpot Germany GmbH to manage newsletter subscriptions. For this purpose, we transfer your data to HubSpot Germany GmbH, with whom we have concluded an order processing contract for this purpose. You can find more information about the HubSpot service below under point 9. b) (2) of this privacy policy.

We store your data until you withdraw your data. We will store your data until you withdraw your consent.

4. When downloading materials & resources

If you are interested in our solutions, we offer you the opportunity to download various useful materials and use them to sign up to receive emails and our newsletter. This requires you to provide your name and first name, your company and position, and a valid email address so that we know who downloaded the materials and to whom the emails or newsletter should be sent. Further information can be provided voluntarily.

Data processing is carried out in accordance with Article 6 (1) (a) GDPR on the basis of your voluntary consent. The purpose of data processing is to provide information about our products and to carry out advertising measures such as sending emails and newsletters through the HubSpot service. For more information, see “3. When signing up for our newsletter” above. The personal data collected by us for downloading the materials will be deleted when you unsubscribe from the newsletter via the “unsubscribe” link.

5. When applying

It is particularly important for node.energy GmbH to ensure the highest possible protection of your personal data. All personal data collected and processed as part of an application to node.energy GmbH is protected against unauthorised access and manipulation by technical and organizational measures.

We need your personal data in the application documents in order to be able to consider you as an applicant in the application process and to check whether you are eligible as an employee of our company. If you provide information that goes beyond this required information, you provide it to us voluntarily and agree to the processing.

The legal basis for processing is therefore Article 6 (1) (a) and (b) GDPR. You can withdraw your consent at any time. You can email your withdrawal to info@node.energy at any time.

After completion of the application process, we will store your documents for a further 6 months for evidentiary purposes.

For a possible conclusion of a contract, it is necessary that you provide us with your personal data in the application documents. Otherwise, we will not be able to consider you in the application process.

6. When booking an appointment

It is necessary to provide your name and email address in the form to review your request and make an appointment with you. Use the HubSpot service from HubSpot Germany GmbH to make an appointment. For this purpose, we transfer your data to HubSpot Germany GmbH, with whom we have concluded an order processing contract for this purpose. You can find more information about the HubSpot service below under point 9. b) (2) of this privacy policy.

We store the data for the duration of contract initiation and, if necessary, for subsequent contract performance. We then store the data for the duration of the legal retention periods.

7. For form submissions via LinkedIn

If you are interested in our solutions, we offer you the opportunity to download various useful materials directly via LinkedIn forms or sign up for our webinars. This requires you to provide your name and first name, your company and position, and a valid email address so that we know who downloaded the materials and to whom the emails or newsletter should be sent. Further information can be provided voluntarily.

Data processing is carried out in accordance with Article 6 (1) (a) GDPR on the basis of your voluntary consent. The purpose of data processing is to provide information about our products and to carry out advertising measures such as sending emails and newsletters through the HubSpot service. For more information, see “3. When signing up for our newsletter” above. The personal data collected by us for downloading the materials will be deleted when you unsubscribe from the newsletter via the “unsubscribe” link.

For more information on data processing by LinkedIn, please visit https://www.linkedin.com/legal/privacy-policy.

8. For form submissions via Facebook

If you are interested in our solutions, we offer you the option of downloading various useful materials directly via Facebook or Instagram forms or signing up for our webinars. This requires you to provide your name and first name, your company and position, and a valid email address so that we know who downloaded the materials and to whom the emails or newsletter should be sent. Further information can be provided voluntarily.

Data processing is carried out in accordance with Article 6 (1) (a) GDPR on the basis of your voluntary consent. The purpose of data processing is to provide information about our products and to carry out advertising measures such as sending emails and newsletters through the HubSpot service. For more information, see “3. When signing up for our newsletter” above. The personal data collected by us for downloading the materials will be deleted when you unsubscribe from the newsletter via the “unsubscribe” link.

For more information on data processing by Facebook, please visit https://de-de.facebook.com/policy.php

9. Cookies, analysis tools, plug-ins and other elements of third parties

We use cookies on our site. These are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.). Cookies do not cause any damage to your device and do not contain viruses, Trojans or other malware. Information relating to the specific device used is stored in the cookie. However, this does not mean that we are immediately aware of your identity as a result.

Analysis tools evaluate the user behavior of website visitors and enable the operator to optimize the website and adapt marketing measures.

Plug-ins and other third-party elements are used to integrate content from these providers into a website.

a) Required first-party cookies

The use of our required first-party cookies serves, on the one hand, to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our site.

In addition, we also use temporary cookies to optimize usability, which are stored on your device for a specific period of time. If you visit our site again to use our services, it will automatically recognize that you have already been with us and what entries and settings you have made so that you do not have to enter them again.

This data will be deleted after 6 months at the latest.

We process your data based on our legitimate interest in presenting our company to the public via the website you are visiting and to promote usability. The legal basis for processing is Article 6 (1) (f) GDPR.

Most browsers automatically accept these cookies. However, you can configure your browser so that no cookies are stored on your computer or that a message always appears before such a cookie is created. However, completely disabling cookies may mean that the website is not displayed correctly or that you cannot use all functions of our website.

b) Third-party cookies, analysis tools, plugins and other third-party elements

The third-party cookies, analysis tools, plugins and other third-party elements listed below and used by us are only used with your express consent and thus on the basis of Art. 6 Paragraph 1 Clause 1 Letter a of GDPR. You can revoke your consent at any time with effect for the future. You can change your settings here for this purpose. Failure to grant or revoking consent can lead to the website not being displayed correctly or you not being able to use all the functions of the website.

With the third-party cookies, analysis tools, plugins and other third-party elements used, we want to ensure that our website is designed to meet your needs and that it is continuously optimized. In addition, we use tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you.

The respective functional descriptions, possible recipients of the data, information on possible transfers to a third country and the storage period can be found in the following information on the individual processing processes using third-party cookies, analysis tools, plug-ins and other third-party elements.

(1) Google Analytics

For the purpose of needs-based design and ongoing optimization of our pages, we use Google Analytics, a web analysis service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter "Google"). In this context, pseudonymized user profiles are created and cookies (see section 4) are used. The information generated by the cookie about your use of this website, such as

  • browser type/version,
  • operating system used,
  • referrer URL (the previously visited page),
  • host name of the accessing computer (IP address),
  • time of the server request,

is transferred to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activities and to provide other services related to website and internet usage for the purposes of market research and needs-based design of these websites. Under no circumstances will your IP address be merged with other data held by Google. The IP addresses are anonymized so that an assignment is not possible (IP masking).

Further information on data protection in connection with Google Analytics can be found in the Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=de).

We have concluded standard contractual clauses with Google in order to counteract the possible lack of or limited legal protection options and the lower data protection in the USA compared to the EU.

(2) HubSpot

We use the services of HubSpot Germany GmbH for various advertising purposes. HubSpot is a software company based in Germany. The postal address is HubSpot Ireland Limited, HubSpot House, One Sir John Rogerson's Quay, Dublin 2, Ireland, Attention: Legal.

HubSpot is a CRM solution with which we cover various aspects of our online marketing. Among other things, we use HubSpot for contact management, email marketing, contact forms and sending newsletters.

HubSpot stores information about the behavior of visitors to our website, such as content downloaded and contact information provided, so that we can get in touch with visitors to the website and know which of our company's services are of interest to visitors to the website. We use the information collected solely to improve our marketing measures.

As part of improving our marketing efforts, we may process the following data via HubSpot:

  • Geographical location
  • Browser type/version
  • Navigation information
  • Referral URL
  • Performance data
  • Information on how often the application is used
  • Mobile app data
  • Login information for the Hubspot subscription service
  • Files viewed on site
  • Domain names
  • Pages viewed
  • Aggregate usage
  • Operating system/version
  • Internet service provider
  • IP address
  • Device identifier
  • Duration of the visit
  • Where the application was downloaded from
  • Events occurring within the application
  • Access times
  • Clickstream data
  • Device model and version

The legal basis for the processing is your consent in accordance with Art. 6 Para. 1 Clause 1 lit. a GDPR. If you do not want the aforementioned data to be processed via HubSpot, you can refuse your consent or withdraw it at any time with effect for the future.

The personal data will be retained for as long as it is necessary to fulfill the purpose of the processing. The data will be deleted as soon as it is no longer required to achieve the purpose.

As part of the processing via HubSpot, data may be transferred to the USA. We have concluded the standard contractual clauses with HubSpot in order to counteract the possible lack of or limited legal protection options and the lower data protection in the USA compared to the EU.

HubSpot's privacy policy can be found here: https://legal.hubspot.com/privacy-policy

(3) Google Tag Manager

We use the "Google Tag Manager" on our website, a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as "Google"). By using the Google Tag Manager, your IP address is transmitted to Google. The Google Tag Manager loads other components, which in turn may collect data. The Google Tag Manager does not access this data.

You can find Google's privacy policy and terms of use at https://policies.google.com/technologies/partner-sites

We have concluded standard contractual clauses with Google in order to counteract the possible lack of or limited legal protection options and the lower data protection in the USA compared to the EU.

(4) Facebook Pixel

We use the Facebook pixel from Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Dublin, D02x525, Ireland (hereinafter referred to as "Meta") on our site. This enables users of our website to be shown interest-based advertisements ("Facebook Ads") when they visit the social network Facebook or other websites that also use the process. The Facebook pixel automatically establishes a direct connection between your browser and the Facebook server. We have no influence on the scope and further use of the data collected by Facebook through the use of this tool and therefore inform you according to our current knowledge: By integrating the Facebook pixel, Facebook receives the information that you have clicked on an ad from us or accessed the corresponding web page on our website. If you are registered with a Facebook service, Facebook can assign the visit to your account. Even if you are not registered with Facebook or have not logged in, there is a possibility that the provider will use your IP address and other identification features.

By using the Facebook pixel, we aim to only display Facebook ads placed by us to those Facebook users who have also shown an interest in our website. With the help of the Facebook pixel, we want to ensure that our Facebook ads correspond to the potential interest of users and do not appear annoying. Furthermore, with the help of the Facebook pixel, we can track the effectiveness of Facebook ads for statistical purposes by seeing whether users were redirected to our website after clicking on a Facebook ad.

The legal basis for the use of the Facebook pixel is your consent in accordance with Art. 6 Para. 1 Clause 1 Letter a of GDPR. If you do not want Facebook pixel to be used, you can refuse your consent or revoke it at any time with effect for the future.

Meta is a joint controller within the meaning of Art. 26 GDPR and is responsible for fulfilling your rights under Art. 15 to 20 GDPR with regard to the personal data stored by Meta after joint processing. We have concluded an agreement with Meta to determine the fulfillment of the obligations under the GDPR with regard to joint processing. We have agreed with Meta that we are responsible for providing the information listed here. You can find the agreement here: https://de-de.facebook.com/legal/controller_addendum

Meta processes your data in the USA, among other places. We have concluded the standard contractual clauses with Facebook in order to counteract the possible lack of or limited legal protection options and the lower level of data protection in the USA compared to the EU.

Meta's data policy, which in addition to the information required under Art. 13 Para. 1 lit. a and b also contains information on how and on what legal basis Meta processes personal data and what rights you can exercise vis-à-vis Meta, can be found here: https://de-de.facebook.com/policy.php

(5) LinkedIn Insight Tag

The website also uses the LinkedIn Insight Tag function of LinkedIn Corp (2029 Stierlin Court Mountain View, CA 94043, USA), a subsidiary of Microsoft Corp (1 Microsoft Way Redmond, WA 98052, USA). This enables conversions to be tracked, website visitors to be retargeted and additional information to be obtained about members who view advertisements. We use your personal data to show you advertisements that are of interest to you and thus make our website more interesting for you.

The LinkedIn Insight Tag enables the collection of data on visits to this website, including URL, referrer URL, IP address, device and browser properties (user agent) and timestamps. This data is encrypted, IP addresses are shortened and the direct IDs of LinkedIn members are removed within seven days to pseudonymize the data. These remaining pseudonymized data are then deleted within 90 days.

LinkedIn does not share any personal data with us, but only provides aggregated reports on the website audience and ad performance. LinkedIn also offers retargeting for website visitors so that we can use this data to display targeted advertising outside of our website without identifying the member.

For more information on data processing by LinkedIn, visit https://www.linkedin.com/legal/privacy-policy.

We have concluded standard contractual clauses with LinkedIn in order to counteract the possible lack of or limited legal protection options and the lower data protection in the USA compared to the EU.

(6) Vimeo

We use plugins from Vimeo, Inc. 555 West 18th Street, New York, New York 10011, USA on our website to make our company better known and to integrate videos with additional information for you into the website.

The plugins are marked with a Vimeo logo.

We integrate these plugins using the so-called two-click method in order to protect visitors to our website as best as possible. This means that your personal data (in particular your IP address) is not transmitted to Vimeo when you access the website. Instead, you must first activate the embedded videos by clicking on them. By clicking on them, you consent to a connection being established with the Vimeo servers.

Through this integration, Vimeo receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Vimeo profile or are not currently logged in.

This information (including your IP address) is transmitted directly from your browser to a Vimeo server in the USA and stored there. If you are logged in to Vimeo, Vimeo can directly assign the visit to our website to your account. If you interact with the plugins, for example start the video, this information is also transmitted directly to a Vimeo server and stored there.

If you do not want Vimeo to directly assign the data collected via our website to your account, you must log out of Vimeo before activating the plugins.

You can find more information on this in Vimeo's privacy policy: https://vimeo.com/privacy

The data will be transmitted to the USA as a third country with your consent in accordance with Art. 49 Para. 1 lit. a GDPR if you have given us this consent after we have informed you of the possible lack of or limited legal protection options and the lower data protection in the USA compared to the EU.

(7) Cookiebot

We use the consent management service Cookiebot, provided by Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark (Usercentrics). This enables us to obtain and manage the consent of website users to data processing. The processing is necessary to fulfill a legal obligation (Art. 7 Para. 1 GDPR) to which we are subject (Art. 6 Para. 1 Clause 1 lit. c GDPR). For this purpose, the following data is processed using cookies:

  • Operating system
  • Your IP address (the last three digits are set to '0')
  • Date and time of consent
  • Browser information
  • URL from which the consent was sent
  • An anonymous, random and encrypted key
  • Your consent status as proof of consent

The key and consent status are stored in the browser for 12 months using the "CookieConsent" cookie. This means that your cookie preference is retained for subsequent page requests. With the help of the key, your consent can be proven and traced.

The functionality of the website is not guaranteed without the processing.

The processing takes place in the European Union. Further information on objection and removal options against Usercentrics can be found at: https://www.cookiebot.com/de/privacy-policy/

Your personal data will be deleted continuously after 12 months or immediately after the termination of the contract between us and Usercentrics.

10. Up-to-dateness and changes to the data protection declaration

This data protection declaration is currently valid and is dated August 2024. Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access and print out the current data protection declaration at any time on the website at https://www.node.energy/en/privacy-policy.