Data Protection Statement
Version 2.0 (June 2020)
We, E.ON SE, Brüsseler Platz 1, 45131 Essen, as the data controller for the website eon.com pursuant to Art. 4 No. 7 EU GDPR (hereinafter “we”), are pleased to provide you with information through this data protection statement as to whether and to what extent your personal data is processed when visiting the website at this domain. In addition, we also hereby provide you information on your rights and identify relevant contacts. This information applies to the domain specified above as well as to other websites that we host online, if these are explicitly referenced in this statement.
Personal data includes all information that identifies you individually, e.g. name, address, email address, IP address, data about website use.
A. Necessary data, cookies and pixel
1. Processing of personal data from informational use based on legitimate interests, Art. 6(1) lit. f) GDPR
In case of purely informational use of our website, which means when you do not register, log in or otherwise transmit any additional information to us, we initially collect and process only the personal data that your browser and your internet provider transmit to our server. This involves data that is needed for technical reasons in order to display the website and to ensure the security and stability of our site.
Specifically, this is the shortened and thus anonymous IP address (the reduction excludes person-specific identifiers and thus, a personal relationship), the website, the site you last visited (referrer), the websites belonging to E.ON SE that you visited, the names of the retrieved files, the date and time of the retrieval, the operating system and version of browser installed on your PC. We also store the aforementioned data in log files. This occurs in order to ensure that the website functions properly. In addition, we use the data to improve our online presence and to ensure its security. However, none of the aforementioned data is stored together with other personal information. Log files are stored for a maximum of 7 days.
- Technical data (shortened and hence anonymised IP address; date; time of the request; content of the request, i.e. specific site and files you might have accessed; access status/http status code);
- Time zone difference to Greenwich Mean Time (GMT); amount of data transferred respectively; website from which the request originated;
- Operating system/browser data (operating system, GUI, browser, language and version of the browser software.)
In order for the website to operate properly and to fulfil our own obligations, we forward your data to our service providers and in turn receive data from them. This is also applicable if you contact us in the ways specified by us (emails, forms, newsletters, chat inquiries, contests) or use other offers on our website.
In addition to the data previously specified, when you visit our website, so-called “cookies” are saved to your computer. Cookies are small text files that are saved to a browser on your computer and are used by the entity that placed them there (i.e. us) to obtain certain information. Cookies cannot run programmes or place viruses on your computer. They serve generally to make the website more effective and user friendly.
We use both transient and persistent cookies; the scope and functionality of each is described below:
Transient cookies are automatically deleted when you close your browser. This includes in particular session cookies. These store a so-called session ID, through which different requests of your browser can be assigned to the common session and make your surfing experience on our website a more pleasant one for you. Session cookies can be used to recognise your computer when you return to our website. Session cookies are automatically deleted when you close your browser.
Persistent cookies are automatically deleted after a specified period, which can differ from one cookie to another. You can delete the cookies at any time using the security settings in your browser.
At no time will personal data be stored in a cookie.
Persistent cookies will be used on eon.com
Storage of Opposition
Most browsers are pre-set to automatically accept cookies. However, you can disable the storage of cookies or set your browser to notify you before storing cookies. Users who do not accept cookies may not be able to access certain areas of our websites.
B. Analytic cookies and marketing cookies
The cookie allows us to collect and store anonymous information, such as: Device type, operating system, browser version, geographic location, URLs where our ad appears, or information about ad interactions (such as number of clicks or views) along with a time stamp of interaction. With retargeting, a device type can be detected that allows us to show ads that are potentially more relevant.
It will not collect personal information or data that would enable us to identify a person. The cookie will be deleted after two years without further visit to the website, unless it is deleted by the user beforehand. If the user visits the website again or clicks on an ad during the two-year period, the cookie's lifetime will be reset so that the two-year period starts again.
You can obtain more information and disable cookies by visiting http://site.adform.com/privacy-policy.
This website uses Mouseflow, a web analytics tool of Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark, to collect randomly selected individual visits (using an anonymous IP address only). The mouse movements, mouse clicks and keyboard interactions are logged at random, along with the intention of individual visits to this site as so-called session replays to reproduce and evaluate the so-called heat maps and determine potential improvements for this site. Furthermore, Mouseflow also serves multiple choice surveys on select pages to measure user satisfaction with the website or specific content. Surveys displayed and survey results are also stored in the cookie. The Mouseflow cookie will be deleted after 90 days. The data collected by Mouseflow are non-personal and will not be disclosed to third parties and will be stored for a period of 3 months. The storage and processing of the collected data takes place within the EU. If you do not want to be tracked by Mouseflow on any websites using this cookie, you may object to this at the following link:
This website uses Google Analytics, a web analysis service from Google Inc. (“Google“). Google Analytics employs cookies that are saved to your computer and enable analysis of your use of the website. The information generated by the cookie on your use of this website is in general transmitted to a server in the US and stored there. Through IP anonymisation on this website, however, your IP address is first truncated by Google within the member countries to the European Union or in other signatories of the Agreement on the European Economic Area. Only in exceptional circumstances is the full IP address transferred to a Google server in the US and truncated there.
Use of IP address
Computers and devices connected to the Internet are assigned a unique number called an IP address. Because these numbers are typically assigned in country-based blocks, an IP address can often be used to identify the country (state or city) that connects to the Internet using a particular computer. Google Analytics captures the IP addresses of website visitors. This allows website owners to analyse which parts of the world their visitors come from. This method is known as geo-targeting by IP addresses.
The actual IP address information will not be shared with Google Analytics customers by Google Analytics. In addition, the IP masking method is used: Website owners who use Google Analytics can set it to use only part of the data for geo-targeting instead of the entire IP address. Website owners generally have access to the IP addresses of their website visitors, regardless of the use of Google Analytics.
The data collected through Google Analytics will be stored for a period of 50 months.
We use Google Analytics to analyze use of and to periodically make improvements to our website. Using the statistics acquired thereby, we are able to improve our website and make it more attractive to you as a user. Additionally we use the data collected by Google Analytics in the Google tool Optimize. Together with an additional cookie Optimize allows us to test different versions of a website and the response of users to these different versions. This enables us for example to test on which place within the website a certain information is most attractive. The additional cookie (…gaexp) is used to determine whether you are included in a test and the end of the test.
The data collected by this additional cookie will be stored for the length of the experiment, typically 90 days.
For those exceptional circumstances in which personal data is transmitted to the US, Google has agreed to be subject to the EU-US Privacy Shield
https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6(1) p. 1 lit. f GDPR.
Information about third-party providers: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
Overview of Data Protection: http://www.google.com/intl/de/analytics/learn/privacy.html
as well as the data protection statement: http://www.google.de/intl/de/policies/privacy.
This site uses Google Tag Manager. The Google tag Manager is a solution of Google Inc. and with this, the company can manage site tags over an interface. Google Tag Manager is a cookie-free domain that does not collect personally identifiable information. Google Tag Manager triggers other tags, which may collect data. We would like to explicitly point out that Google Tag Manager does not access this data. If the user has been deactivated at the domain or cookie level, the settings will remain the same for all tracking tags implemented using Google Tag Manager.
D. Specific offers on our website
(a) We currently make use of the following social media plug-ins: Facebook, Facebook Messenger, WhatsApp, Google+, Pinterest, Twitter, LinkedIn, and Xing. We use the so-called two-click approach. That means, when you visit our site, no personal data is initially transmitted to the plug-in provider. You can identify the plug-in provider by the first letter or logo on the label on the box. We provide you the opportunity to communicate directly with the plug-in provider using the button. Only when you activate the marked field by clicking on it will the plug-in provider be informed that you have accessed our online services on the website. According to Facebook, the IP address is anonymised on Facebook immediately after collection. Therefore, by activating the plug-in, your personal data is transmitted to the respective plug-in provider and stored there (for US providers: in the US). As the plug-in provider acquires the data primarily via cookies, we recommend you delete all cookies using the security settings on your browser before clicking on the greyed-out box.
(b) We have no influence over either data collection or data processing operations, nor are we familiar with the full scope of data collection, the purposes of collection or retention periods. We also have no information on deletion of the collected data by the plug-in provider.
(c) The plug-in provider stores data collected about you as a user profile and uses it for the purpose of advertising, market research and/or appropriate design of its website. This utilisation occurs in particular (including for users who are not logged in) in presenting appropriate advertising and to inform other social network users of your activities on our website. You are entitled to object to the creation of this user profile; to do so you must contact the respective plug-in provider. Using the plug-in we offer you the opportunity to interact with the social network and other users so that we can improve our site and design it so as to make it more attractive to you. The legal basis for the use of plug-ins is Art. 6(1) p. 1 lit. f GDPR.
(d) Data transfer occurs independently of whether or not you have an account with the plug-in provider and are logged in. When you are logged into the plug-in provider, the data collected from us is assigned directly to your account with the plug-in provider. When you press the activated button and, for example, link to the website, the plug-in provider also stores this information and shares it publicly with your contacts. We recommend that you regularly log out after using a social network, particularly before activating the button in order to avoid this sort of association to your profile with the plug-in provider.
(e) You can find additional information on the purpose and scope of data collection and its processing by the plug-in provider in the following data protection statements by these providers. There you will also find additional information regarding your rights and configuration options for safeguarding your personal privacy.
(f) Addresses for the respective plug-in providers, together with their data protection statements:
Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA;
http://www.facebook.com/policy.php; further information about the data collection:
Facebook has agreed to be subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework
Google Inc., 1600 Amphitheatre Parkway, Mountainview, California 94043, USA;
Facebook has agreed to be subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework
Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy
Twitter has agreed to be subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework
Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland; https://policy.pinterest.com/de/privacy-policy
LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA; https://www.linkedin.com/legal/privacy-policy
Xing SE, Dammtorstraße 30, 20354 Hamburg, Germany; https://privacy.xing.com/de
(a) We incorporate YouTube videos on our website that are stored on http://www.YouTube.com and that can be played directly from our website.
(b) By visiting the website, YouTube acquires the information that you accessed the respective sub-page of our website. In addition, the data identified under Section A. of this declaration is transmitted. This occurs regardless of whether YouTube provides a user account used to log in or whether a user account exists. When you are logged into Google, your data is allocated directly to your account. If you do not wish to have your data allocated to your profile with YouTube, you must log out before activating the button. YouTube stores your data as a user profile and uses it for the purpose of advertising, market research and/or appropriate design of its website. This utilisation occurs in particular (including for users who are not logged on) in presenting appropriate advertising and to inform other social network users of your activities on our website. You are entitled to object to the creation of this user profile; to do so you must contact the respective plug-in provider (YouTube).
(3) You can find additional information regarding the purpose and scope of data collection and its processing by YouTube in the data protection statement. There you will also find additional information regarding your rights and configuration options for safeguarding your personal privacy. https://www.google.de/intl/de/policies/privacy. Google processes your personal data in the US as well and has agreed to be subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
When you contact us by email or a contact form, we store the data you provide (your email address, where applicable your name and telephone number) in order to reply to your query. We delete the data accrued in this manner once it is no longer needed or restrict its processing where statutory retention requirements apply.
By registering for the newsletter, you shall provide the following consent in accordance with Article 6 paragraph 1 letter a) GDPR:
This consent can be revoked at any time with effect for the future.
By clicking on the "Start Live Chat" button, you will participate in the chat with our consultants and give your consent to the processing of your personal data collected during the course of the chat by E.ON SE, Brüsseler Platz 1, 45131 Essen: I agree that you will use my personally identifiable information that I provided to you during the chat (such as my first and last name, address, e-mail address, telephone number) for the sole purpose of documenting my specific chat, which will be processed by E.ON SE for a maximum period of 13 months. The personal data collected by E.ON SE will be unencrypted on behalf of E.ON SE by (i) iAdvize GmbH, (Erkrather Straße 401, 40231 Düsseldorf) and (ii) by E.ON Energie Deutschland GmbH, Arnulfstrasse 203, 80634 Munich, whose employees work as chat consultants for E.ON SE. There will be no transmission of the personal data collected by E.ON SE to any other third parties.
Consent to the processing of personal data can be revoked at any time with effect for the future by a corresponding declaration to E.ON SE. The revocation can be declared to E.ON SE via the following channels: by e-mail to email@example.com.
The data processed by E.ON SE before the written notification of revocation is received by E.ON SE is considered to be legally processed.
F. Data Recipients and Data Sources
1. Categories of data recipients
Within the scope allowed by law (as previously described), we relay personal data to companies in our group as well as to external service providers:
- Group companies, for the purpose of fulfilling contractual obligations and for reporting purposes;
- IT service providers, for the purpose of maintaining our IT infrastructure
- Public agencies where justified on a case-by-case basis (e.g. national insurance carriers, financial authorities, police, public prosecutor’s office, regulatory agencies)
2. Data Sources
We process personal data that we obtain from you within the context of our user and business relationships. Where necessary in order to provide our services, we process personal data that we have collected within the context of your use of our website.
3. Data transfer to a third country
In addition to the data transfers to third countries as already described above, data is also transferred to countries outside the European Union and the European Economic Area ("third countries") in the context of the administration, development and operation of IT systems. When doing so, the following must be observed:
Transfer is in principle permissible because the requirements allowing for such transfer under law have been satisfied or you have given your consent to the transfer of the data and special conditions exist for transfer to a third country. Specifically, the data importer guarantees an adequate level of data protection in accordance with standard EU clauses for the transfer of personal data to data processors in third countries. You can find a copy of the standard contract clauses stipulated by the EU Commission online at:
G. Retention period or criteria in determining retention period
Where purely informational use is involved (see Item A.), we retain the designated personal data for as long as necessary to provide services or for use. It is deleted once the respectively designated purpose has been achieved.
Data stored in log files is deleted within a maximum of 7 days. In addition, personal data stored in log files is also anonymised.
If there are statutory or contractual retention periods (e.g. where a user or contractual relationship is involved), we are obligated to retain the data until expiration of this period. We delete the relevant data following expiry or discontinuation of relevant obligations arising from statutory retention periods stipulated by commercial and tax law (see §§ 147 General Tax Code (AO) and 257 Commercial Code (HGB)).
We retain your data for marketing purposes until you object to its use, withdraw your consent or such use is no longer legally permitted.
We retain your other data only as long as we need it to fulfil the specific purpose for which it was collected (e.g. fulfilment or conclusion of contract) and delete it once it ceases to be needed for that purpose.
H. Your rights
Unless otherwise indicated, E.ON SE is responsible for processing your data. You may request information from us at any time regarding the data stored about you and you may request the correction of this data in the event it contains errors. In addition, you may also request restrictions be placed on processing, the portability of the data you provided us in a machine-readable format or the deletion of your data – provided it is no longer needed. Moreover, you have the right to object to the use of your data on the basis of public or legitimate interests at any time. To do so, please contact:
E.ON SE, Data Protection, Brüsseler Platz 1, 45131 Essen
It is imperative that we retain the data collected in our log files in order to ensure the functioning of the website. Therefore, there is no right to object to the processing of this information.
For the cookies that we place with your consent, we have specified the technical option in which you can revoke your consent. This has been termed as Opt Out.
If we process your data on the basis of your consent, you may withdraw this consent with future effect at any time. Upon receipt of your withdrawal of consent, we cease processing your data for the purpose for which consent was granted. Please direct your withdrawal of consent or revocation of your consent to the commercial use of your data to
E.ON SE, Data Protection, Brüsseler Platz 1, 45131 Essen
In addition, you can direct a complaint at any time to a regulatory authority. For us, the State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia, Helga Block, PO Box 20 04 44, 40102 Düsseldorf, Germany, Phone: 02 11 / 384 24-0, is responsible. Alternatively, you may also approach the regulatory authority with jurisdiction at your location.