Privacy Statement
StromGedacht-API

Introduction

To enable machine-readable processing of StromGedacht data, we make available a publicly accessible programming interface (Application Programming Interface, referred to below as “API”). The API is freely accessible, in other words, no registration is needed, and we do not charge users a fee for the service.

Thank you for using the API and for your interest in the StromGedacht ecosystem. Protecting your personal data is important to us. The following text describes which personal data we collect, how we process it, and what rights you have in connection with your personal data. These provisions apply whenever you use the StromGedacht API. The party responsible for processing your data (the “data controller”) is:

TransnetBW GmbH
Pariser Platz
Osloer Straße 15 - 17
70173 Stuttgart
Tel.: +49 711 21858-0
info@transnetbw.de

Our privacy officer can be reached at datenschutz@transnetbw.de, and will be happy to assist with any questions you may have on privacy.

Data processing when you use the API

Processing technically necessary data based on legitimate interests

When you use the API, we collect data that we require for technical reasons which is transmitted to us by your API client software: your IP address or the IP address of your Internet Service Provider; the API endpoints you queried and the associated parameters; and the dates and times you accessed them. This log data is necessary for technical purposes; we process it, in addition to information about the parameters used and the number of enquiries, without reference to the identity of the user or other profiling, in order to perform statistical analyses for our operation and for security of our API service. The legal basis is to safeguard our legitimate interest in accordance with Art. 6 para 1 (f) GDPR. Our legitimate interest is derived from the above purposes. Analyses of IP addresses or of other personal data with the purpose of optimising our API service are not performed.

If an IP address is saved, it will be deleted or anonymised after no more than 30 days. It is essential for this data to be collected and stored in log files when the API is used. Users therefore have no right of objection in this regard.

For reasons of security and load minimisation, only six read accesses per minute are possible. When you send an enquiry to the API, you must state your location in the form of a post code. This is necessary to enable us to provide data that is correct for your location. We would also like to learn more about which post code areas the StromGedacht API is used in.

Forwarding and transmission of data, use of necessary technologies

Except for the cases expressly mentioned in this Privacy Statement, we will not disclose your personal data without your express prior approval.

If necessary to investigate an illegal or improper use of the API or for the purpose of prosecution, personal data will be forwarded to the law enforcement authorities or other authorities, and as appropriate to any third parties that have suffered losses, or their legal representatives. This will happen, however, only if there are grounds to believe that illegal or improper actions have taken place. Disclosure may also take place if this is helpful in terms of implementing the Terms of Service or other legal claims. We are also legally obliged to supply information to specific official bodies upon request. These are the law enforcement authorities, authorities responsible for prosecuting offences punishable by fines, and the tax authorities.

Any disclosure of personal data is justified by the fact that processing is necessary to fulfil a legal obligation to which we are subject in accordance with Art. 6 para 1 (c) GDPR in conjunction with requirements to supply data to law enforcement authorities under national legislation, and also in accordance with s. 24 para 1 (1) of the German Federal Data Protection Act (BDSG). This data may also be disclosed to these third parties to safeguard our legitimate interest in accordance with Art. 6 para 1 (f) GDPR if there are grounds for suspicion or in execution of our Terms of Service, other conditions or legal claims.

The legal basis for the integration of the following technologies is Section 25 para 2 of the German Telecommunications-Telemedia Data Protection Act (TTDSG) in conjunction with Art. 6 para 1 (b) and/or (f) GDPR. Processing serves to make it easier for you to use our API and for us to make our service available to you as desired. Some functions would not be possible without the use of these technologies, and it would not otherwise be possible to offer them. Our legitimate interest is based on these purposes.

Microsoft Azure

In order to provide our API service we rely on the third-party service provider “Microsoft Azure”. When you call up the service, and to respond to your API enquiries, your IP address will be processed by Microsoft Azure; this is necessary for technical reasons in order to provide the service. For security reasons and for load minimisation, the Azure Web Application Firewall will store your IP address. We have no influence over the further processing and/or storage of your IP address and other data by the provider. In principle, the data centre is located in Germany, and there is no intention to transmit personal data to the US. Order processing takes place in compliance with legal requirements as per Art. 28 ff. GDPR. All our service providers are carefully selected, regularly checked and contractually obliged to process all personal data solely in accordance with our instructions.

Further-reaching information from Microsoft on the subject of privacy and Azure is available from https://privacy.microsoft.com/de-de/privacystatement and https://azure.microsoft.com/de-de/support/legal/.

Contacting us

If you contact us using a form on www.transnetbw.de, this will use encryption as a matter of course. If you use your private email account rather than the TransnetBW forms, please note that you must ensure your own security measures are in place to guarantee the confidentiality of your transmission.

We therefore recommend you use the encrypted TransnetBW forms. If the form is not encrypted, this will be the result of a technical problem, and we cannot assume liability for the security of your data transmission. The closed “lock” symbol in your browser window will show whether the form is encrypted. The legal basis for data processing is Art. 6 para 1 (a) GDPR. The data that you send us with your enquiry is saved for the purpose of processing your enquiry, and will be deleted once the result has been achieved.

Recipients of your personal data

We treat your data as confidential. Within TransnetBW, only the departments and employees that need your data for the above purposes are given access to your data.

We disclose personal data to third parties only if this is necessary for the above purposes and is legally authorised, or if you have given your prior agreement. If service providers are brought in to assist with the performance of our obligations, e.g. IT service providers, specialists in analysis or the destruction of documents and data media, the performance of such contracts will be subject to the stringent conditions of Art. 28 ff. GDPR.

Links

The API service, its documentation and the StromGedacht data made available via the API may contain links to other providers that are not covered by our privacy provisions.

Security

TransnetBW GmbH has state-of-the-art technical and organisational security measures in place to protect the data that has been supplied to us against accidental or deliberate manipulation, loss, destruction or access by unauthorised parties. Our security measures are constantly being improved in line with technological developments.

Children

We expressly encourage parents or guardians to monitor their children’s online activities. Unless they have permission from their parents or guardians, children should not send personal details to us. We do not request personal details from children, do not deliberately gather such details, and do not disclose them to third parties without authorisation.

User rights and deletion of data

You are entitled to receive, upon request and at no cost, information about the personal details about you that are saved in our system as per Art. 15 GDPR. You also have the right to correct inaccurate details (Art. 16 GDPR), to restriction of processing (Art. 18 GDPR), and to deletion of your personal data (Art. 17 GDPR). You may also withdraw any consent at any time with future effect.

If we process your data on the basis of legitimate interests (Art. 6 para 1 (f) GDPR) or to perform a task in the public interest (Art. 6 para 1 (e) GDPR), or if your particular situation gives rise to grounds opposing such processing, you have the right to object to processing of your data in accordance with Art. 21 para 1 GDPR.

Pursuant to Art. 21 paras 2 and 3 GDPR, you have the unrestricted right to object to any form of processing for the purposes of direct marketing.

Moreover, you have the right to data portability in accordance with Art. 20 GDPR.

If there are grounds to assume data is being processed illegally, you are entitled to lodge a complaint with the competent supervisory authority.

Updates to this privacy statement

This “Privacy Statement” will be updated if TransnetBW GmbH introduces new products or services or changes its internet procedures, or in response to changes in security technology relating to the internet and electronic data processing. We will publish any such changes here.

Last updated: 26.04.2023