**Privacy Information of Diermeier Energie GmbH**

Status: 01.2024

Protecting your personal data is of utmost importance to us. We process your personal data (referred to as “data”) solely based on legal provisions. With this privacy policy, we aim to inform you comprehensively about the processing of your data within our company and your data protection rights and claims under the European General Data Protection Regulation (EU GDPR).

1. **Who is responsible for data processing and whom can you contact?**
The responsible entity is Diermeier Energie GmbH, Industriestraße 3, 94559 Niederwinkling, Email: info@diermeier-energie.de, Tel: 09421-5500-0.
The company’s data protection officer can be reached at the aforementioned address or via the following email: datenschutzbeauftragter@diermeier-energie.de.

2. **What data is processed and from what sources is this data obtained?**
We process the data we receive from you during business initiation and relationship. Additionally, we process data that we have legitimately obtained from credit agencies, creditors’ protection associations, publicly accessible sources (e.g., commercial register, association register, land register, media), and other companies with which we maintain ongoing business relationships.

Personal data includes:
Your basic/contact details, such as first and last name, address, contact details (email address, telephone number, fax), date of birth, data from provided identification (ID copy), bank details. For corporate customers, this includes the designation of their legal representatives, company, commercial register number, VAT ID number, business number, address, contact details of contact persons (email address, telephone number, fax), bank details.

Additionally, we process the following personal data:
– Information about the nature and content of our business relationship, such as contract data, order data, sales and voucher data, customer and supplier history, and consultation documents,
– Information about your financial status (e.g., creditworthiness data),
– Advertising and sales data,
– Documentation data (e.g., consultation protocols), image data,
– Information from your electronic interactions with Diermeier Energie GmbH (e.g., IP address, login data),
– Other data we have received from you during our business relationship (e.g., during customer meetings),
– Data we generate ourselves from basic/contact details and other data, such as through customer needs and potential analyses,
– Documentation of your consent to receive, for example, newsletters,
– Image data from video surveillance systems,
– Photos taken at public events.

3. **For what purposes and on what legal basis are the data processed?**
We process your data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act 2018, as amended:

– **To fulfill (pre-)contractual obligations (Art 6 para. 1 lit. b GDPR):**
The processing of your data is carried out for the sale and distribution of our goods and services, for procurement and logistics purposes, as well as for supplier and customer management and analysis. The data is processed, particularly during business initiation and execution of contracts with you, for example, in the following cases:
– Creation and maintenance of a customer account or a supplier account
– Delivery of orders
– Managing customer cards
– Participation in competitions
– Sending information, e.g., requesting a catalog

– **To fulfill legal obligations (Art 6 para. 1 lit. c GDPR):**
Processing your data is necessary for fulfilling various legal obligations, e.g., from the Commercial Code, Tax Code, Money Laundering Act, product-specific regulations such as the Hazardous Substances Ordinance.

– **To safeguard legitimate interests (Art 6 para. 1 lit. f GDPR):**
Based on a balancing of interests, data processing may occur beyond the actual performance of the contract to safeguard our legitimate interests or those of third parties. Data processing for the protection of legitimate interests takes place, for example, in the following cases:
– Consultation and data exchange with credit agencies and creditor protection associations to determine creditworthiness data, and maintaining a group-wide creditworthiness database to identify financial default risks for common customers,
– Advertising or marketing (see No. 4),
– Measures for business management and further development of services and products; this includes further development of established internal IT systems, including testing new functionalities with due regard to technical-organizational measures,
– Maintaining a group-wide customer database to improve customer service,
– Measures to protect the Diermeier site against contractual or legal misconduct, e.g., access controls, video surveillance,
– In the context of legal prosecution,
– Business partner screenings against international terrorist/sanctions lists

– **With your consent (Art 6 para. 1 lit. a GDPR):**
If you have given us consent to process your data, processing will only take place for the purposes and to the extent agreed in the consent declaration. A granted consent can be revoked at any time with effect for the future, e.g., for sending our newsletter. Please contact the contact details provided in No. 1 for this purpose.

4. **Processing personal data for advertising purposes**
We use your data to communicate with you about your orders, specific products, or marketing campaigns and to recommend products or services that may interest you. As part of a balancing of interests and considering specific regulations such as the UWG, it may also be possible that we recommend products from another group company and thus pursue legitimate interests of a third party.
You can object to the use of your personal data for advertising purposes at any time, either entirely or for individual measures, without incurring any costs other than the transmission costs according to the basic rates. Please contact the contact details provided in No. 1 for this purpose.

**Product recommendations via email**
Diermeier Energie GmbH is legally permitted under § 7 para. 3 UWG to use the email address you provided when ordering a product or service for direct advertising for its own similar goods or services. You will receive these product recommendations from us regardless of whether you have subscribed to a newsletter.
If you do not wish to receive product recommendations via email from us, you can object to the use of your address for this purpose at any time without incurring any costs other than the transmission costs according to the basic rates. A notification in text form is sufficient, please contact the contact details provided in No. 1 for this purpose. Each email will also always include an unsubscribe link.

5. **Credit information**
**Data transmission to credit agencies**
Diermeier Energie GmbH transmits personal data collected during our contractual relationships about the initiation, application, implementation, and termination of this business relationship, as well as data on non-contractual behavior or fraudulent behavior, to the following credit agencies: SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden, Bisnode Deutschland GmbH, Robert-Bosch-Straße 11, 64293 Darmstadt, Coface Central Europe Holding AG, Stubenring 24, A-1010 Wien, CRIF Bürgel GmbH, Leopoldstraße 244, 80807 Munich, CRIF GmbH, Diefenbachgasse 35, AT-1150 Vienna, Creditreform, Machtlfinger Straße 13, 81302 Munich, EOS Deutschland GmbH, Gottlieb-Daimler-Ring 7-9, 74906 Bad Rappenau, Euler Hermes AG, Grasstraße 29, 22761 Hamburg, R+V Allgemeine Versicherung, Raiffeisenplatz 1, 65189 Wiesbaden. Legal bases for these transmissions are Article 6 para. 1 letter b and Article 6 para. 1 letter f of the General Data Protection Regulation (GDPR). Transmissions based on Article 6 para. 1 letter f GDPR are only permissible if necessary to safeguard the legitimate interests of Diermeier Energie GmbH or third parties and do not outweigh the interests or fundamental rights and freedoms of the data subject, requiring the protection of personal data. Data exchange with these credit agencies also serves to prevent fraud and verify identity. Diermeier Energie GmbH can recognize whether a person is stored under the customer-provided address in the credit agency’s database based on the matching rates provided and possibly a reference to a previously conducted identification verification at the credit agency or another business partner.

The credit agencies process data and use it to create profiles (scoring) to provide their contractual partners in the European Economic Area and Switzerland and possibly other third countries (if there is an adequacy decision by the European Commission) with information to assess the creditworthiness of natural persons. More information on SCHUFA’s activities can be viewed online at www.schufa.de/datenschutz. The privacy policies of the other named credit agencies can also be viewed online on their websites.

**When do we obtain a credit report about you?**
If you, as a business or private customer, apply for an account for deliveries and services (“account opening application”), we create a customer account for you and, provided adequate creditworthiness, grant you a credit limit for deliveries and services that allow purchase on account. Such an active customer account constitutes a long-term obligation with creditor risk for us, which is why we have a legitimate interest in being informed about changes in your creditworthiness through setting up a long-term account at the credit agency or obtaining a report at specific intervals or in case of special incidents such as payment delays.

If you, as a business or private customer, register and shop exclusively at one of our online shops (“online customer”), we only obtain the aforementioned credit reports if you choose an insecure payment method (purchase on account, direct debit) during checkout.

**Group-wide credit database**
If we have obtained credit data about you from a credit agency within the framework of legal admissibility, we store this data in a system accessible to Diermeier Energie Gmb