Data Protection Declaration for the processing of personal data EEX Group
The European Energy Exchange AG informs you within the scope of this data protection declaration about how we and our companies listed below (hereinafter "EEX", "we" or "us") process your personal data, with special attention to the processing of personal data according to the general data protection regulation EU 2016/679 ("GDPR") and the applicable national data protection laws.
Within the scope of this data protection declaration, EEX informs the public about the type, scope and purpose of the personal data collected, used and processed. Furthermore, by means of this data protection declaration, you will be informed about the rights to which you are entitled.
Within EEX, a consistently high level of data protection is guaranteed. We have implemented numerous technical and organizational measures to ensure the most complete possible protection of personal data processed via the websites, IT systems and applications. Nevertheless, internet-based data transmissions can have security gaps, so that complete protection cannot be guaranteed. For this reason, every person concerned is free to transmit personal data to us by alternative means, for example by telephone.
- European Energy Exchange AG (EEX)
- European Commodity Clearing AG (ECC AG)
- Agricultural Commodity Exchange GmbH (ACEX)
- EEX Link GmbH (EEX Link)
- EEX Power Derivatives GmbH (EPD)
- European Commodity Clearing Luxembourg S.à.r.l. (ECC Lux)
- Global Environmental Exchange GmbH (GEEX)
Our data protection declaration is based on the concepts used by the European Commission in the adoption of the GDPR and the national data protection laws. The data protection declaration should be easy to read and to understand for the public as well as our customers, business and trade partners. To ensure this, we would like to explain the terms used in advance.
We use the following terms, among others, in this data protection declaration:
a) Personal data
Personal data are all information relating to an identified or identifiable natural person (hereinafter "data subject"). Identifiable is a natural person who can be identified directly or indirectly, in particular by assignment to an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
b) Data subject
Data subject is any identified or identifiable natural person whose personal data are processed by the controller.
Processing means any operation or series of operations carried out with or without the aid of automated procedures in relation to personal data, such as the collection, recording organisation, sorting, storage, adaptation or alteration, reading, retrieval, use, disclosure by transmission, dissemination or any other form of provision, comparison or linking, restriction, erasure or destruction.
d) Restriction of processing
Restriction of processing is the labelling of stored personal data to allow the restriction of their future processing.
Profiling is any form of automated processing of personal data which consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the performance of work, economic situation, health, personal preferences, interests, reliability, behaviour, location or relocation of that natural person.
f) Data controller or controller
The data controller or controller is the natural or legal person, public authority, institution or other body which at its sole discretion / solely or jointly with others decides on the purposes and means of processing personal data
A Processor is a natural or legal person, authority, institution or other body that processes personal data on behalf of the data controller
A Recipient is a natural or legal person, authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, authorities which may receive personal data under European Union law or the law of the Member States within the framework of a particular investigation mandate shall not be regarded as recipients.
i) Third party
A third party is a natural or legal person, authority, institution or other body other than the data subject, the data controller, the data processor and the persons authorized to process the personal data under the direct responsibility of the data controller or the data processor.
Consent shall mean any informed and unequivocal expression of will voluntarily given by the data subject in the particular case in the form of a declaration or other clear affirmative act by which the data subject indicates his or her consent to the processing of personal data concerning him or her.
For the sake of better legibility, there is no explicit differentiation between the female and the male form. However, both are always meant.
3. Name and address of the controller
The person responsible within the meaning of the GDPR, within other data protection laws in force in the Member States of the European Union and within other provisions of a data protection nature is:
European Energy Exchange AG
Phone: +49 341 2156 0
Fax: +49 341 2156 109
Link to imprint: https://www.eex.com/en/legal-information/imprint
4. Name and address of the data protection officer
The data protection officer of the controller is
Group Data Protection Officer
Deutsche Börse AG
60485 Frankfurt am Main
If you have any questions or comments on the subject of data protection, please contact the data protection officer.
5. Legal basis for the processing of personal data
We process your personal data in compliance with the applicable data protection regulations.
We only process the data that we require as part of our range of services.
- The legal basis for such processing of personal data for pre-contractual and contractual purposes is Art. 6 para. 1 b) GDPR.
- In addition, we process your personal data to fulfil legal obligations (e.g. regulatory requirements, commercial and tax storage obligations). In this case, the legal basis for processing is the respective legal regulations in conjunction with Art. 6 Para.1 c) GDPR.
- We also process your data if required by Art.6 Para.1 f) GDPR to protect the legitimate interests of us or third parties. This may be necessary in particular to ensure IT security and operation and to advertise our own products and other products of the EEX Group and cooperation partners, as well as for customer satisfaction surveys.
- Should we wish to process your personal data for a purpose not mentioned above, we will inform you in advance within the framework of the statutory provisions.
6. Data-Processing in third countries
We process your data on servers and IT systems within the European Union (EU) or within the European Economic Area (EEA). In individual cases, your personal data may also be processed in third countries, which may not offer the same level of protection as the places where you first provided the data. However, we will only transfer your personal data to contractors to companies in third countries if we have agreed with the relevant contractors a standard data protection clause adopted by the European Commission as adequate protection for your personal data.
7. Collecting general data and information about our websites
Our websites collect a series of general data and information each time a person or an automated system accesses the websites. These general data and information (s. chapter 8) are stored in the log files of the server.
This information is required to (1) correctly deliver the content of our website, (2) optimize the content of our website and, if necessary, the advertising for it, (3) ensure the permanent functionality of our information technology systems and the technology of our website, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber-attack. These anonymously collected data and information are therefore evaluated statistically and additionally evaluated with the aim of increasing data protection and data security whitin EEX in order to ultimately ensure an optimal level of protection for the personal data processed by us. The anonymous data of the server log files are stored separately from all personal data provided by a person concerned.
8. Categories of personal data and purposes of our processing
We process the following categories of your personal data for the following purposes:
8.1 Users of the websites and SFTP Servers:
For users of the websites and/or SFTP Server, we record the country of origin, the address of your internet service provider (IP or URL) or the server name, the name of the website from which you are visiting us, the name of our websites that you have visited, which operating system and which browser you use, which search term you have entered and the date and duration of your visit for statistical purposes in anonymised form. We use this personal data for the operation of the website, in particular:
a) for the technical support of the users / for the answering of inquiries
b) for the operation and administration of our website
c) for the guarantee of network and data security, insofar as these interests are in accordance with the applicable law and with the rights and freedom of the user in each case
d) for the prevention and detection of fraud and criminal offences and/or
e) if we are legally obliged to do so.
f) Access to info products files.
Some of our websites or SFTP Server also offer the possibility of user registration. If you are registered with us, you can access content and services that we only offer to registered users. In the course of the respective registration process, you provide us with further personal data. Registered users also have the option of changing or deleting the personal data provided during registration at any time if required. Of course, we will also provide you with information about the personal data we have stored about you at any time. We will be happy to correct or delete them at your request, provided that there are no legal storage obligations to the contrary.
8.2 User enquiries by email or contact form:
If you contact us by e-mail or contact form, the information you have provided will be stored for the purpose of processing your inquiry and for possible follow-up questions. In this context, you provide us with the following personal data, for example: Name, company, contact details such as business e-mail address, telephone number and business address, request. We use this personal data to process your inquiries and/or to provide the requested information.
8.3 Recipients of newsletters and advertising:
On our websites you are given the opportunity to subscribe to various newsletters. For legal reasons, a confirmation e-mail in the double opt-in procedure is sent to the e-mail address entered by the person concerned for the first time for sending the newsletter. This confirmation e-mail serves to check whether the owner of the e-mail address has authorized the receipt of the newsletter as the person concerned. The subscription to our newsletter as well as the consent to the storage of personal data, which the person concerned has given us for the newsletter dispatch, can be revoked at any time. For the purpose of revoking your consent, you will find a corresponding link in every newsletter. For the subscription of newsletters we collect personal data such as title, first name, surname, company, e-mail address, telephone, address and newsletter type. We use this data to send you newsletters and advertising for our services and our websites and, if necessary, also to contact you by telephone or by post, insofar as this is legally permissible and provided that you have not objected to the sending of advertising.
8.4 Registration for events:
To be able to invite you to events, we record the title, first name, surname, e-mail address, company and participation in the event.
8.5 Applications and application procedures:
EEX collects and processes the personal data of applicants for the purpose of handling the application procedure. Processing can take place by post or electronically. Please note that application documents sent by email are transmitted unencrypted. To protect your application documents during the transfer, you can contact our human resources department. We then offer you the opportunity to transmit your data to us via secure access. If the person responsible concludes an employment contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents shall be automatically deleted six months after notification of the decision of rejection, provided that no other legitimate interests of the controller stand in the way of deletion. Other legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (“AGG”).
8.6 Social media:
If we integrate social media in our communication and you access their services, the data protection conditions of the social media service used apply.
We use external service providers for the processing and storage of their personal data. For example, our service providers support us in operating our websites, IT systems and applications as well as in carrying out marketing measures (e.g. sending newsletters). Our service providers process data only in accordance with the instructions and under the control of EEX AG and exclusively for the purposes described in this data protection information. We ensure that appropriate technical and organisational precautions are taken to protect your personal data from unauthorised access. We regularly review our security policies, procedures and service providers to ensure the security of our websites, IT systems and applications.
10. Disclosure of personal data
Your personal data may be disclosed both within Deutsche Börse Group and within the EEX Group, for example to fulfil contractual obligations. Should further group mergers with other companies occur in the future or should individual companies belonging to the group decide to establish further subsidiaries, their declaration of consent to this data protection declaration shall continue to apply insofar as compliance with a data protection level comparable with this data protection declaration is ensured.
We may also disclose your personal data to public authorities if required by applicable law. A passing on of your personal data is also permitted if there is suspicion of a criminal offence or the misuse of the services offered on our website. In this case we are entitled to transfer your personal data to the law enforcement authority.
11. Use of website analysis services and cookies as well as profiling
When you visit our website, we process personal data of visitors for the purpose of evaluating visitor enquiries and for the continuous improvement of our services. In some cases, cookies are also used to adapt advertising for products and services to your individual interests. Cookies are text files that are stored on your computer via an Internet browser. These cookies collect data about the use of the websites in anonymous form. In no case will automated decisions be made on the basis of automatic processing, including profiling, which have legal consequences or similar effects for you.
In the case of newsletters, all customer interaction data is also analysed (successful delivery of e-mails, rejected e-mails, opening of e-mails, clicks, conversion, subscription).
For events we save your answer for participation or non-participation.
Under no circumstances will the data we collect be passed on to unauthorized third parties or linked to personal data without your consent.
12. Deletion and blocking of personal data
We adhere to the principles of data avoidance and data economy. We only store your personal data for as long as necessary to achieve the aforementioned purposes or as provided for by the various storage periods provided for by law. After the respective purpose or expiry of the statutory retention periods and insofar as they are no longer required for contract performance or contract initiation, the personal data will be blocked or deleted in accordance with the statutory provisions and state of the art technology.
13. Your rights as a data subject
You have the right to object to the processing of your personal data at any time. If you object, we will no longer process your personal data unless we can prove compelling legitimate reasons for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
We process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising.
If you object to the processing for direct advertising purposes, we will no longer process your personal data for these purposes.
14. Recipient of an objection
The objection can be made form-free with the subject "objection" stating your name, your address and your date of birth and should be addressed to:
European Energy Exchange AG
We have a period of four weeks to process your objection, which in exceptional cases will be extended by a further two months if this is necessary in view of the complexity and number of applications.
15. Your rights as a data subject
As a person affected by the processing of your data, you have the following individual rights:
- Right to correct and, if necessary, supplement your personal data processed by us
- Right to transparent information about the handling of your personal data processed by us
- Right to information about your personal data processed by us
- Right of blocking or deletion and the right to be forgotten
- Right to limitation of processing
- Right to data transferability
- Right of objection
- Right to revoke consent already given with future effect
- Right of appeal to the competent supervisory authority for data protection
If our processing of your personal data is based on your consent, you also have the right to revoke your consent without affecting the legality of our processing on the basis of your consent before its revocation.
Please note that due to legal storage periods we may still be obliged to store certain personal data of yours even after an application for deletion or "right to be forgotten".
The supervisory authority responsible for data protection is:
Herr Andreas Schurig
16 Changes to the data protection regulations
This data protection declaration continues to apply indefinitely from its publication. The validity of this data protection declaration is cancelled by the announcement of a subsequent data protection declaration.
Announced on: 22 May 2018
- European Energy Exchange AG (EEX)
As a service provider, according to Art. 7 TMG [German Telemedia Act], EEX AG is only responsible for its own content. Regarding the information transferred or stored by it, EEX does not have any obligation to monitor or carry out investigations with regard to circumstances indicating any unlawful activity. EEX AG is only responsible in cases where it arranges the transfer, has selected the recipient and the content of the information transferred and has not changed the content. As soon as knowledge of any infringement of copyrights is obtained, EEX shall remove such contents forthwith.
EEX AG does not accept any liability for the completeness or correctness of the data and information contained in its web presence. Furthermore, EEX AG does not accept any liability for cases of damage caused by the actions of third parties, taken on the basis of the data and information contained in the web presence of EEX AG.
The information service is principally addressed to users resident in Germany and in other EU or EFTA member states.
The information and reports contained in this website are exclusively intended for information purposes and do not constitute any form of investment advice. Furthermore, this information neither constitutes an offer for the sale nor is an advertisement for offers to buy products traded on EEX, whether on the Spot Market or Derivatives Market products, such as options or futures.
Website and content copyright
The design of this website and the text, images, graphics, layout, audio documents and video clips as well as databases contained herein are protected by copyright and are owned by EEX AG, except when otherwise stated. Neither this website nor the contents made available therein (including; graphic representations, audio and video clips, html code, buttons and text) may be copied, reprinted, published, transmitted, transferred, disseminated or distributed in any manner without the prior written approval of EEX AG. However, the preparation of a single copy for exclusive personal, non-commercial use by downloading onto an individual personal computer (including permanent or temporary saving on said PC, displaying of the contents in the offline mode and the preparation of a print-out of parts of the content) are expressly permitted. However, this shall be subject to the precondition that such activity does not involve changing the website and its content and that all references to copyrights, patents, trademarks and other property rights are contained in the copies made or that a corresponding reference is inserted. Any commercial use shall only be permitted with the express written approval of EEX AG.
The authors of this website comply with the copyright law regarding the graphics and texts used in all publications. They use graphics and text which they have developed themselves or graphics and texts which are not subject to a license. As soon as knowledge of an infringement of copyright is gained, such contents are removed forthwith.
The content of this website cannot be construed as conferring a license and/or the title to a copyright, patent, trademark or any other property right from EEX AG or a third party in any way.
EEX, European Energy Exchange, the EEX logo and the symbols PHELIX Base, PHELIX Peak, swissix, carbix and Europäische Energiebörse, in particular, are registered trademarks of EEX AG. A complete list of the registered trademarks of EEX AG can be provided by EEX AG using the contact data specified above. The use of the registered trademarks of EEX AG is not permitted without the prior written permission of EEX AG.
EEX AG does not accept any liability for any damages resulting from the temporary or permanent, full or partial unavailability of websites operated by EEX AG.
Liability for links
The internet presence of EEX AG also contains references to external third-party websites on whose content EEX AG does not have any influence. EEX AG does not accept any liability for the content of these sites. Responsibility for such rests exclusively with the providers and operators of the websites. At the time of the establishment of the link EEX AG did not have any knowledge of illegal contents or such were not discernible. EEX AG does not have any influence on the current and future design and the contents of the linked websites. For this reason, it hereby expressly distances itself from all contents of all websites to which a link or a reference is established and which have been changed after the establishment of the link. EEX AG regularly carries out a subsequent review of the legality of the websites within the limitations of feasibility and reasonableness. If this leads to concrete indications pointing to an infringement, EEX AG will remove the corresponding links forthwith. Apart from this, EEX AG does not accept any liability for incorrect or incomplete contents and for cases of damage resulting from the use of information to which reference is made.
The information provided on the website www.eex.com is governed by German law and constitutes a media service by EEX AG.
Legal validity of this disclaimer
The ineffectiveness or invalidity of individual phrases within this text shall not affect the validity of the remainder of the text.
European Energy Exchange AG
Phone: +49 341 2156 0
Fax: +49 341 2156 109
Represented by the Management Board of European Energy Exchange AG:
- Peter Reitz, Chief Executive Officer
- Steffen Köhler, Chief Operating Officer
- Dr. Dr. Tobias Paulun, Chief Strategy Officer
- Dr. Thomas Siegl, Chief Risk Officer
- Iris Weidinger, Chief Financial Officer
- Jean-François Conil-Lacoste, Executive Director Power Spot Markets
- Dr. Egbert Laege, Executive Director Gas Markets
Chairman of the Supervisory Board:
Dr. Jürgen Kroneberg
Competent supervisory authority Saxon State Ministry for Economic Affairs, Labour and Transport
Exchange Supervisory Authority
Company registration court Leipzig Local Court Registration number HRB 18409 VAT identification no. DE 222 118 427
Responsibility for the content
according to Art. 55 RStV
[German Interstate Broadcasting Treaty]
(address and contact details
as specified above under "Provider")
Opinions & Expert Reports, Policy Newsletter:
Dr. Marcus Mittendorf
Execution EWERK IT GmbH
© 2017 European Energy Exchange AG