With this privacy policy, we inform you whether and to what extent your personal data is processed when you visit the website under this domain. We also inform you about your rights and provide you with the names of the contact persons responsible. In addition to the domain mentioned above, this information also applies to other websites that we offer on the Internet, provided that express reference is made to this policy.
Personal data is any information that can be used to identify you, e.g. your name, address, email address, IP address, and data on your usage behaviour.

Contact the data protection officer at Energie-Pensions-Management GmbH

You can contact our data protection officer at:
Energie-Pensions-Management GmbH
Data Protection Officer
Ricklinger Stadtweg 123
30459 Hannover
E-Mail: datenschutz@epm.gmbh

A. Processing of personal data when used on the basis of legitimate interests, Art. 6 (1) lit. f) GDPR

If you're just using our website for info, meaning you're not signing up, logging in, or sending us any extra info, we'll only collect and process the personal data that your browser and internet access provider send to our server. This is data that's technically needed to show you the website and make sure our site is stable and secure.
In order to provide the website functions and to fulfil our own obligations, we pass on your data to our service providers on the one hand, and receive data from them on the other.
We also store the aforementioned data in log files. This storage is done to ensure the functionality of the website. We also use the data to optimise our website and ensure its security. However, the aforementioned data is not stored together with other personal data.

​B. Use of cookies, Art. 6 Abs. 1 lit. a) DS-GVO 

When you visit our website, in addition to the data already mentioned, so-called "cookies" are also stored on your computer. These small text files are assigned to your hard drive by your browser; they transmit certain information to us as the operator of the site. Cookies cannot execute programs or transmit viruses. They help to make our website more user-friendly and efficient for you overall.
You will be informed about the use of cookies when you first visit our website or if there are no cookies on your device. For further use with cookies, we will obtain your consent to set the cookie(s) or to process the personal data used in this context. When this initial cookie notice is given, we refer you to this privacy policy. We use transient and persistent cookies, the scope and functionality of which are explained below:
1. Transient cookies
Transient cookies are automatically deleted when you close your browser. These include, in particular, session cookies. These store a so-called session ID, which can be used to assign various requests from your browser to the shared session. This allows your computer to be recognised when you return to our website. Session cookies are deleted when you close your browser.
2. Persistent cookies
Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in your browser's security settings. You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. Please note that if you refuse cookies, you may not be able to use all the functions of the website(s) or it may not be possible to display them at all.
Please note that technically necessary, so-called "essential" technologies must be activated and cookies must be set in order to enable the core functionality, secure and sustainable operation of the website and coverage measurement.
You can find more detailed information on the specific use of the aforementioned technologies in the following paragraphs

C. Contacting us by email or contact form

When you contact us by e-mail or via a contact form, we will store the data you provide (your email address, your name and telephone number, if applicable) in order to respond to your enquiry. We delete the data collected in this context once it is no longer necessary to store it, or restrict its processing if there are legal retention obligations.

D. Recipients of data and data sources

​​​1. Categories of data recipients
To the extent permitted by law (as described above under A), we pass on personal data to companies within our group and to external service providers:
Group companies for the fulfilment of contractual obligations and for reporting purposes; Sales partners and service providers for targeted marketing, for the conclusion and execution of the contract, and for commission processing; IT service providers for the maintenance of our IT infrastructure; Public authorities in justified cases (e.g. social security institutions, tax authorities, police, public prosecutors, supervisory authorities)
2. Data sources
We process personal data that we have received from you in the context of our usage and business relationships. To the extent necessary for the provision of our services, we process personal data that we have collected in the context of your use of our websites.

E. Data transfer to a third country

Data transfers to countries outside the European Union and the European Economic Area ("third countries") occur in the context of the administration, development and operation of IT systems. The following conditions must be met:
The transfer is generally permissible because a legal basis for permission has been met or you have consented to the data transfer and the specific requirements for a transfer to a third country have been met. In particular, the data importer guarantees an adequate level of data protection in accordance with the EU standard contractual clauses for the transfer of personal data to data processors in third countries. A copy of the standard contractual clauses specified by the EU Commission can be found on the Internet at: http://eur-lex.europa.eu/legal-content/DE/TXT/?uri=celex%3A32010D0087
Alternativ. You can also obtain these from us on request (see contact details).

F. Storage period and criteria for determining the duration

​In the case of purely informational use (see point A.), we store the aforementioned personal data for as long as this is necessary for the provision of services or use. Once the specified purpose has been achieved, they are deleted.
Data stored in log files will be deleted after 7 days at the latest. In addition, personal data stored in log files will be anonymised.
If there are legal or contractual retention periods (e.g. in the case of usage or contractual relationship), we are obliged to store the data until these periods have expired. Once the relevant obligations have expired or ceased to apply, which in cases of statutory retention obligations arise in particular from commercial and tax law (cf. Sections 147 AO and 257 HGB), we delete the corresponding data.
For advertising purposes, we store your data until you object to its use, revoke your consent or contact you is no longer permitted by law.
We only store your other data for as long as we need it to fulfil the specific purpose (e.g. to fulfil or process a contract) and delete it once the purpose no longer applies.

G. Portal:"my pension360"

When using my pension360, your personal data is processed on the basis of the consent you gave when logging in, Art. 6 (1) (a) GDPR. This usually includes your name, title, email address, pension number, address and date of birth, which are required to carry out various enquiries or requests.
The legal basis for processing this data is derived from the agreement between you and your pension provider, Art. 6 (1) lit. b GDPR in conjunction with § 26 BDSG.
We may pass on your data to an affiliated company responsible for your request. In addition, in certain cases we use service providers who may also receive your data. In these cases, we ensure that your personal data is processed in accordance with the provisions of the General Data Protection Regulation and the Federal Data Protection Act.

H. Your rights

Energie-Pensions-Management GmbH, Ricklinger Stadtweg 123, 30459 Hanover, is responsible for the processing of your data, unless otherwise stated. You can request information from us at any time about the data stored about you and its correction in the event of errors. Furthermore, you can request the restriction of processing, the transferability of the data you have provided to us in a machine-readable format, or the deletion of your data – insofar as it is no longer required. In addition, you have the right to object at any time to the use of your data based on public or legitimate interests. To do so, please contact us at the address at the top of the page.
We require the data collected in our log files to maintain the operation of the website. Therefore, there is no right to object to this processing.
If we process your data based on your consent, you can revoke this consent at any time with effect for the future. Upon receipt of your revocation, we will no longer process your data for the purposes specified in the consent. Please send your revocation or objection to advertise to the above contact details.
You can also lodge a complaint with a supervisory authority at any time. The supervisory authority responsible for us is the State Commissioner for Data Protection of Lower Saxony, Prinzenstraße 5, 30159 Hanover. Alternatively, you can contact your local supervisory authority.