Privacy Policy

We, Enerchange GmbH (hereinafter: “Enerchange”), are pleased about your interest in this website.

Protecting and securing your data is very important to us. Therefore, we would like to inform you within this privacy policy about the related data processing activities (cf. Art. 13 GDPR). This privacy policy can be accessed, saved, and printed at any time under the “Privacy” section of our website.

For information on our social media presences, please refer to the relevant section on our website.

I. Controller

Enerchange GmbH
Schulstraße 7
82166 Gräfelfing
Germany

Managing Director: Dr. Jochen Schneider
Email: agentur(at)enerchange.de

II. Principles of Data Processing

Below we explain the most important principles and terms related to data protection, for a better understanding of this privacy policy:

1. Personal Data

Personal data refers to all information relating to an identified or identifiable natural person (cf. Art. 4 No. 1 GDPR). This includes, for example, your name, age, address, phone number, date of birth, email address, IP address, or data relating to activities on our website. Information that does not allow us (or only with disproportionate effort) to identify you is considered anonymized and is not personal data. The processing of personal data (e.g., collection, retrieval, use, storage, or transmission) always requires a legal basis or your consent.

2. Processing of Personal Data

The term “processing” of personal data is broadly defined and found in Art. 4 No. 2 GDPR. By definition, it includes any operation or set of operations—whether or not by automated means—such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

3. Lawful Bases for Processing Personal Data

Each processing activity involving your personal data must be based on a lawful basis as defined in the General Data Protection Regulation (GDPR). In specific cases, legal bases from individual EU member states (e.g., Germany's Federal Data Protection Act – BDSG) may also apply.

The collection and use of personal data from our customers and prospects occurs only when permitted by a legal basis. Common bases include processing necessary for a contract or pre-contractual measures (Art. 6(1)(b) GDPR), processing for compliance with legal obligations (Art. 6(1)(c) GDPR), or processing based on our “legitimate interest” (Art. 6(1)(f) GDPR), provided such interests are not overridden by your fundamental rights and freedoms.

Moreover, processing can also occur based on your consent (Art. 6(1)(a) GDPR). Consent can be withdrawn at any time without giving reasons. If we request your consent, we will provide additional information at the relevant point and in this privacy policy.

4. Storage and Deletion of Personal Data

Personal data is only processed for as long as necessary to fulfill the purpose of storage. If there are statutory retention obligations or rights (e.g., under tax or commercial law), data may be stored for up to 8 or 10 years. Once the purpose ceases to exist (e.g., if you unsubscribe from our newsletter) or the statutory retention period expires, the relevant personal data is routinely deleted or its processing restricted, as required by law (e.g., limited processing under statutory retention obligations).

5. Disclosure of Personal Data to Third Parties

Your personal data is only disclosed to third parties if necessary to provide our services, fulfill a legitimate purpose, you have given prior consent, or another legal basis applies. This may include hosting providers, IT service providers maintaining our systems, postal services, payment processors, or marketing providers. These service providers are contractually obligated to protect your personal data in accordance with applicable data protection laws.

In this context, personal data may be transferred to countries outside the EU/EEA where GDPR does not apply. In such cases, we implement appropriate safeguards as required by GDPR for lawful international data transfers (cf. Art. 44 ff. GDPR).

III. Processing Activities on this Website

1. Provision and Use of the Website

a) Nature and Purpose of Processing:

When you access and use our website, we collect the personal data that your browser automatically transmits to our server. This information is temporarily stored in a so-called log file. This data is technically necessary to properly display our website to you and to ensure stability and security:

IP address of the requesting device
Date and time of access
The webpage accessed or requested
Access status (HTTP status code)
Size of the data transmitted
The website from which you accessed our site (so-called referrer URL)
Browser used, device used, and if applicable, the operating system, as well as the name of your access provider
Language and version of the browser software

These data are processed particularly for the following purposes:

Ensuring a smooth connection to the website,
Ensuring a smooth use of our website,
Evaluating system security and stability, and
For further administrative purposes.

We do not use your data to draw conclusions about your person or for other analyses.

b) Legal Basis:

The processing is carried out pursuant to Art. 6 para. 1 lit. f) GDPR based on our legitimate interest in the proper operation of our website and in improving the stability and functionality of our online presence.

c) Recipients:

For hosting our website, we use IONOS SE (Elgendorfer Str. 57, 56410 Montabaur, Germany) as a processor within the meaning of Art. 28 GDPR. In individual cases, recipients of the data may also include technical service providers contracted for website maintenance or similar services.

d) Storage Duration:

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. For data required to provide the website, this is typically the case once the respective session has ended.

e) Provision Required or Mandatory:

Providing the aforementioned personal data is neither legally nor contractually required. However, without the IP address, the service and functionality of our website cannot be guaranteed. In addition, some services may not be available or may be limited. For this reason, objection is excluded.

2. Contact Form

a) Nature and Purpose of the Processing:

We offer you the opportunity to contact us via a contact form on our website. If you use this option, the following personal data may be processed:

Your name
Your email address
Subject and content of your message

The processing of this data serves the purpose of organizing and responding to your inquiry or initiating communication with you.

b) Legal Basis:

The processing of the data entered in the contact form is based on our legitimate interest (Art. 6 para. 1 lit. f GDPR). Providing the contact form is intended to enable you to contact us easily. The information you provide is stored for the purpose of processing the inquiry and for any follow-up questions.

If you contact us to request an offer, the data will be processed for the performance of pre-contractual measures (Art. 6 para. 1 lit. b GDPR).

c) Recipients:

We use IONOS SE (Elgendorfer Str. 57, 56410 Montabaur) as a processor within the meaning of Art. 28 GDPR for hosting our website. In individual cases, recipients may also be technical service providers engaged for website maintenance or similar services.

d) Storage Duration:

The data transmitted via the contact form will be deleted once the purpose of its processing no longer applies. As a rule, this is six months after the data was collected. Longer retention only occurs in cases under Art. 17 para. 3 GDPR — for example, if we are legally entitled (e.g., under commercial or tax law) or obligated (e.g., due to a legal order).

e) Provision Required or Mandatory:

Providing the above personal data is neither legally nor contractually required.

3. Online Registration (IGC Invest Geothermal)

a) Nature and Purpose of the Processing:

When registering to use our personalized services, the following personal data may be collected:

First and last name
If applicable, company/institution
If applicable, your VAT ID
Address
Postal code
City
Country
If applicable, your telephone or fax number
Your email address
Desired services (registrations, workshop participation, etc.) and whether you are registering another person
Whether you wish to pay on-site by credit card and whether you consent to your name and company affiliation being listed on the participant list
Whether you want to receive sponsor materials

If you are registered with us, you can access content and services offered only to registered users.

Registered users also have the option to modify or delete the data provided during registration at any time. We will also provide information at any time about what personal data we have stored about you.

b) Legal Basis:

If the registration serves to fulfill a contract to which the data subject is party or for the implementation of pre-contractual measures, the legal basis for the data processing is Art. 6 para. 1 lit. b) GDPR. Otherwise, your data is only processed if a legitimate interest exists under Art. 6 para. 1 lit. f) GDPR.

c) Recipients:

d) Storage Duration:

We only process your personal data provided in this context for as long as a legitimate processing purpose exists. Afterward, your data will be deleted unless statutory retention obligations (especially under commercial or tax law) apply.

e) Provision Required or Mandatory:

Providing your personal data as outlined above is neither legally nor contractually required. However, it may be necessary for concluding contracts based on that data — otherwise, we may not be able to offer certain services.

4. Provision of Paid Services

a) Nature and Purpose of Processing:

To provide paid services, we request additional data from you, such as payment information, to be able to process your order. However, billing is typically done via invoice, which we will send to the email address you provided following the completion of an order or booking. Therefore, no processing of your payment data occurs through this website.

Our download area is also paid. As a former participant or as someone who has purchased a download code, you can access the PFB presentations there. Additionally, you can fill out a feedback form for us.

b) Legal Basis:

The processing of data required for the conclusion of the contract is based on Art. 6(1)(b) GDPR.

c) Recipients:

For hosting our website, we use IONOS SE (Elgendorfer Str. 57, 56410 Montabaur) as a processor in accordance with Art. 28 GDPR. In individual cases, data may also be sent to technical service providers who are commissioned with maintaining our website or similar services.

d) Retention Period:

We store this data in our systems until the legal retention periods have expired. These periods generally last for 6, 8, or 10 years due to proper accounting and tax regulations.

e) Provision Required or Necessary:

Providing your personal data is voluntary. Without the provision of your personal data, we cannot grant you access to the content and services we offer.

5. Comment Function

a) Nature and Purpose of Processing:

When users leave comments on our website, in addition to the comment itself, the time of creation (so-called "timestamp") and the username previously chosen by the website visitor are stored. This serves our security purposes, as we can be held liable for unlawful content on our website, even if it was created by users.

b) Legal Basis:

The processing of the data entered as a comment is based on a legitimate interest (Art. 6(1)(f) GDPR). By providing the comment function, we aim to enable you to interact easily. Your data will be stored for the purpose of processing the request and for potential follow-up questions.

c) Recipients:

d) Retention Period:

Comments on our website are generally stored permanently unless they violate applicable law or our netiquette. However, you can request the deletion of your comment at any time.

We regularly review older comments for relevance and reserve the right to remove them, especially if the associated post is no longer available or the comment provides no further value. If you wish to have your comment deleted, please contact us, providing the email address associated with your user account.

e) Provision Required or Necessary:

Providing your personal data in this context is neither legally nor contractually required.

6. Newsletter

a) Nature and Purpose of Processing:

We offer a newsletter on our website that you can subscribe to if you wish. To do this, we process the following personal data:

Title (if applicable)
First and last name (if applicable)
Email address

Your data will be used exclusively to send you the subscribed newsletter via email. Providing a title or name is for addressing you personally in the newsletter and for potential identification purposes.

When you subscribe to our newsletter, the data you provide will only be used for sending the newsletter. Subscribers may also be informed via email about circumstances relevant to the service or registration (e.g., changes to the newsletter offer or technical conditions).

To ensure that a subscription is actually made by the owner of the email address, we use the "double opt-in" procedure. This involves recording the subscription to the newsletter, sending a confirmation email, and receiving the requested response. No further data is collected. The data will only be used for sending the newsletter and will not be shared with third parties.

b) Legal Basis:

Based on your explicit consent (Art. 6(1)(a) GDPR), we will send you our newsletter or similar information via email to the email address you provided.

You can revoke your consent to store your personal data and use it for the newsletter at any time with effect for the future. Every newsletter contains a link to unsubscribe, or you can inform us via other means.

c) Recipients:

d) Retention Period:

The data will only be processed as long as the corresponding consent is in place. After that, it will be deleted.

e) Provision Required or Necessary:

Providing your personal data is neither legally nor contractually required.

IV. Cookies

Like many other websites, we also use so-called "cookies." Cookies are small text files stored on your device (laptop, tablet, smartphone, etc.) when you visit our website.

You can delete individual cookies or the entire cookie set. Additionally, you will find information and instructions on how to delete or block the storage of cookies in advance. Depending on your browser provider, the necessary information can be found at the following links:

Mozilla Firefox: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox
Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
Google Chrome: https://support.google.com/accounts/answer/61416?hl=en
Opera: http://www.opera.com/help
Safari: https://support.apple.com/en-us/HT201265

1. Technically Necessary Cookies

a) Nature and Purpose of Processing:

We use cookies to ensure the smooth operation of our website and to ensure its corresponding functionality.

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For example, this includes saving language preferences.

b) Legal Basis and Legitimate Interest:

The processing is carried out in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in a user-friendly design of our website. The storage of the information required for this is permitted under § 25(2)(2) TDDG.

2. Analysis Cookies

a) Nature and Purpose of Processing:

We also use cookies to better tailor the offerings on our website to the interests of our visitors or to generally improve them based on statistical evaluations.

These cookies collect information about how you use our website. They also help us measure and improve the performance of our website by providing statistics and analyses.

b) Legal Basis:

The legal basis for these processing activities is your consent, Art. 6(1)(a) GDPR.

V. Hyperlinks

Our website contains so-called hyperlinks to websites of other providers. When you activate these hyperlinks, you will be redirected from our website directly to the website of the other provider. You can recognize this, among other things, by the change of URL. We cannot assume any responsibility for the confidential handling of your data on these third-party websites, as we have no influence on whether these companies comply with data protection regulations.

In this regard, please refer to the privacy policies and other information provided by the respective website operators.

VI. Your Rights as a Data Subject

You can exercise the following rights at any time using the contact details of our data protection officer:

Access to your data stored by us and information on how it is processed (Art. 15 GDPR),
Rectification of inaccurate personal data (Art. 16 GDPR),
Erasure of your data stored by us (Art. 17 GDPR),
Restriction of data processing if we are not yet allowed to delete your data due to legal obligations (Art. 18 GDPR),
Objection to the processing of your data by us (Art. 21 GDPR), and
Data portability, provided you have consented to data processing or have concluded a contract with us (Art. 20 GDPR).
If you have given us your consent, you can revoke it at any time with effect for the future (Art. 7 para. 3 GDPR).

You may also contact a supervisory authority at any time with a complaint, e.g., the competent authority in your place of residence or the authority responsible for us.

A list of supervisory authorities (for the non-public sector) including their addresses can be found at:

https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

VII. Changes to Our Privacy Policy

We reserve the right to amend this privacy policy to ensure it always complies with current legal requirements or to reflect changes to our services in the privacy policy, e.g., when introducing new services.

The updated privacy policy will then apply for your next visit.

Questions About Data Protection

If you have any questions about data protection, please send us an email or contact the person responsible for data protection in our organization directly:

agentur [at] enerchange.de

This privacy policy was prepared by KINAST Attorneys at Law (Version: 2025-04-27).

Data processing by social networks

We maintain publicly accessible profiles on social networks. The specific social networks we use are listed below.

Social networks such as Facebook, X etc. are generally able to comprehensively analyse your user behaviour when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). When you visit our social media presences, numerous data protection‑relevant processing operations are triggered. In detail:

If you are logged into your social media account and visit our social media presence, the operator of the social media platform can associate this visit with your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media platform. In this case, data collection takes place, for example, via cookies that are stored on your device or by capturing your IP address.

With the help of the data collected in this way, the operators of the social media platforms can create user profiles in which your preferences and interests are stored. In this way, interest‑based advertising can be displayed to you inside and outside the respective social media presence. If you have an account with the respective social network, interest‑based advertising can be shown on all devices on which you are or were logged in.

Please also note that we are not able to track all processing operations carried out on the social media platforms. Depending on the provider, additional processing operations may therefore be carried out by the operators of the social media platforms. For details, please refer to the terms of use and privacy policies of the respective social media platforms.

Legal basis
Our social media appearances are intended to ensure the broadest possible presence on the internet. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which are to be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6(1)(a) GDPR).

Controller and exercising your rights
When you visit one of our social media presences (e.g. Facebook), we and the operator of the social media platform are jointly responsible for the data processing operations triggered by this visit. You can generally exercise your rights (access, rectification, erasure, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media platform (e.g. against Facebook).

Please note that, despite the joint responsibility with the social media platform operators, we do not have full influence on the data processing operations of the social media platforms. Our options are largely determined by the corporate policies of the respective provider.

Storage period
The data that we collect directly via our social media presence will be deleted from our systems as soon as you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory statutory provisions – in particular retention periods – remain unaffected.

We have no influence on the storage period of your data that is stored by the operators of the social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).

Your rights
You have the right at any time to obtain free information about the origin, recipients and purpose of your stored personal data. You also have the right to object, the right to data portability and the right to lodge a complaint with the competent supervisory authority. Furthermore, you may request the rectification, blocking, erasure and, under certain circumstances, the restriction of the processing of your personal data.

Social networks in detail

Facebook:
We maintain a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland (hereinafter “Meta”). According to Meta, the collected data is also transferred to the USA and other third countries.

We have concluded an agreement on joint processing (Controller Addendum) with Meta. This agreement specifies which data processing operations we or Meta are responsible for when you visit our Facebook page. You can view this agreement at the following link:
https://www.facebook.com/legal/terms/page_controller_addendum

You can adjust your advertising settings independently in your user account. To do so, click on the following link and log in:
https://www.facebook.com/settings?tab=ads

The data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381

For details, please refer to Facebook’s privacy policy:
https://www.facebook.com/about/privacy/

The company is certified under the “EU‑US Data Privacy Framework” (DPF). The DPF is an arrangement between the European Union and the USA designed to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information is available from the provider at the following link:
https://www.dataprivacyframework.gov/participant/4452

Instagram:
We maintain a profile on Instagram. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

For details on how they handle your personal data, please refer to Instagram’s privacy policy:
https://privacycenter.instagram.com/policy/

LinkedIn:
We maintain a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.

If you wish to disable LinkedIn advertising cookies, please use the following link:
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

The data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details can be found here:
https://www.linkedin.com/legal/l/dpa and
https://www.linkedin.com/legal/l/eu-sccs

For details on how they handle your personal data, please refer to LinkedIn’s privacy policy:
https://www.linkedin.com/legal/privacy-policy

YouTube:
We maintain a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For details on how they handle your personal data, please refer to YouTube’s privacy policy:
https://policies.google.com/privacy?hl=de