CropEnergies AG attaches great importance to the protection of your privacy and your personal data (hereinafter also referred to as "data") as well as the necessary data security and therefore collects, processes and uses your personal data exclusively in accordance with the principles described below as well as the national and European legal regulations , the Federal Data Protection Act and the Tele-communications Digital Services Data Protection Act (TDDDG) applicable to CropEnergies AG.
I. Name and address of the controller
The controller within the meaning of the EU General Data Protection Regulation ("GDPR") and other national data protection laws of the EU member states as well as other data protection regulations for the operation of the website is the:
CropEnergies AG
Maximilianstrasse 10
68165 Mannheim
Phone: (0621) 71-41-90-00
ax: (0621) 71-41-90-04
E-mail:info@cropenergies.de
Website:www.cropenergies.com
Chairman of the Supervisory Board: Dr Thomas Kirchberg
Executive Board: Dr Fritz Georg von Graevenitz (CEO), Heike Baumbach, Jürgen Böttcher
Registration court: Magistrates Court Mannheim, Nr. HRB 700509
(hereinafter referred to as "CropEnergies")
If you wish to object to the collection, processing or use of your data by us in accordance with this privacy policy as a whole or for individual measures, you can send your objection by e-mail, fax or letter to the contact details or to our data protection officer. You can also obtain information about your personal data at any time and free of charge using the above contact details.
II. Name and address of the data protection officer
The data protection officer of the controller can be contacted as follows:
CropEnergies AG
Data Protection Officer
Maximilianstraße 10
68165 Mannheim
E-mail: datenschutz@cropenergies.de
III. Your personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). When you visit our website, it is not necessary for you to provide us with personal data. We only collect personal data, such as your name, your telephone number, your postal and e-mail address, your date of birth and your telephone number, if you provide us with these voluntarily or if you have consented to their collection. For the technically required data, please refer to the descrip-tion under "V. Provision of the website and creation of log files".
IV. General Information on data processing
1. Scope of the processing of personal data
We only process personal data of visitors to our website insofar as this is necessary to provide a func-tional website and our content and services. The processing of personal data of our users only takes place regularly with the consent of the user. An exception applies in cases where data processing is permitted by law, required for the fulfilment of a contract or technically necessary.
2. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis.
Art. 6 para. 1 lit. b GDPR serves as the legal basis for the processing of personal data required for the fulfilment of a contract to which the data subject is a party. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.
The storage of information in a data subject's terminal equipment or access to information already stored in the terminal equipment takes place exclusively on the basis of the data subject's consent in accordance with Section 25 (1) TDDDG, unless the storage of information in the data subject's termi-nal equipment or access to information already stored in the terminal equipment by us is absolutely necessary (Section 25 (2) TDDDG) in order to provide the data subject with the desired telemedia service.
3. Data erasure and storage time
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legis-lator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
V. Provision of the website and creation of log files
1. Description and scope of data processing
When using the website for information purposes only, we only collect the personal data that your browser transmits to our server or provider and that is technically necessary for the purpose of dis-playing our website to you and ensuring its stability and security.
We have commissioned Südzucker AG, Maximilianstraße 10, 68165 Mannheim, Germany (hereinafter referred to as "Südzucker AG") to host and technically provide our website. We have concluded the agreement with Südzucker AG required under data protection law for order processing in accordance with Art. 28 GDPR. According to this agreement, Südzucker AG undertakes to ensure the necessary protection of your data and to process it in accordance with the applicable data protection regulations exclusively on our behalf and in accordance with our instructions.
The following data is stored in log files:
(1) Information about the browser type and version used
(2) The user's operating system
(3) The IP address of the user (the IP address of the user is shortened to two bytes of the calling system during collection)
(4) Date and time of access
(5) Websites from which the user's system accesses our website
(6) Websites accessed by the user's system via our website
(7) The user's internet service provider.
(8) The time spent on the website
(9) The amount of data sent/transmitted
(10) The geographical origin of the request
The data is stored on servers hosted by Südzucker AG in Karlsruhe (Germany) and Amsterdam (Netherlands). Südzucker AG processes this information for the stated purpose on our behalf. The data will not be passed on to third parties. This data is not stored together with other personal data of the user.
2. Legal basis for data processing
The legal basis for the temporary processing of the data and storage of log files is Art. 6 para. 1 lit. f GDPR.
3. Purpose of data processing
The temporary logging and storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.
The log files are stored to optimise the website in the event of errors occurring and to ensure the se-curity of our information technology systems.
These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR.
4. Duration of storage
The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case after 30 days.
In the case of the storage of data in log files, this is the case as soon as our storage limit is reached - currently this is the case after 30 days.
5. Possibility of objection and/or erasure
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, the user has no option to object.
VI. Web analysis through Matomo (formerly Piwik)
1. Description and scope of data processing
On our website, we use the open source software tool Matomo (Piwik) (www.matomo.org), a service provided by InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand (hereinafter referred to as "Ma-tomo") to analyse the surfing behaviour of our users and to create anonymised and aggregated user statistics. We have integrated a JavaScript on our website for this purpose.
If individual pages of our website are accessed, the following data is automatically transmitted to our web server via the integrated script using the Internet browser on your end device:
- Two bytes of the IP address of the user's calling system.
- The website accessed and the time of the access
- The website from which the user accessed the accessed website (referrer)
- The sub-pages that are called up from the accessed website
- The time spent on the website
- The frequency of visits to the website
- Country of origin
- Device used, operating system and browser
The technology used to collect the data does not use so-called cookies / third-party cookies. The soft-ware runs exclusively on the servers (stats.cropenergies.de) of our website. Users' personal data is only stored there. The data is not passed on to third parties. The software is set so that the IP address-es are not stored in full, but 2 bytes of the IP address are masked (e.g.: 192.168.xxx.xxx), i.e. anony-misation is set up. In this way, it is no longer possible to assign the shortened IP address to the calling computer.
By anonymising the IP address, we take account of the user's interest in the protection of personal data. This data is never used to personally identify the user of our website and is not merged with oth-er data.
Further information on the Matomo open source project can be found at matomo.org/privacy/. Further information on the privacy settings of the software can be found at the following link: https://matomo.org/docs/privacy/.
2. Legal basis for the processing of personal data
The legal basis for the processing of users' personal data is Art. 6 para. 1 lit. f GDPR.
3. Purpose of the data processing
The processing of users' personal data enables us to analyse the surfing behaviour of our users. By analysing the data obtained, we are able to compile information about the use of the individual compo-nents of our website. This helps us to constantly improve our website and its user-friendliness. These purposes also constitute our legitimate interest in processing the data in accordance with Art. 6 para. 1 lit. f GDPR. By anonymising the IP address, the interest of users in the protection of their personal data is adequately taken into account.
4. Duration of storage
The data is deleted as soon as it is no longer required for our recording purposes. In our case, this is after 180 days.
5. Possibility of objection and removal
We offer our users the option of a technical opt-out from the analysis process on our website.
You have the option of preventing the actions you take here from being analysed and linked. This will protect your privacy but will also prevent the owner from learning from your actions and improving usability for you and other users.
VII. Email contact and contact form
1. Description and scope of data processing
It is possible to contact us on our website via a provided e-mail address or a contact form. In all cases, the personal data transmitted by the user via these channels is stored for the purpose of establishing contact. The scope of the personal data processed and which personal data is processed in individual cases may vary. This includes the following data in particular:
(1) Your first name* and surname*;
(2) Your address details (address, postcode, city, country);
(3) Your communication data (e-mail address*, telephone number, fax);
(4) resulting correspondence (message - suggestions, questions, criticism or requests).
If you provide us with further personal data via the comment field, this will be treated in strict confi-dence and only made accessible to the employees who are responsible for processing your enquiry.
Your data and the resulting correspondence will be processed exclusively by us. It may be necessary to forward the data to a company in our group to process your request. Beyond this, the data will not be passed on to third parties. The data will be used exclusively for the conversation initiated by the user to contact you by telephone, post or e-mail regarding your enquiry. Mandatory (*) and voluntary details are clearly indicated in the contact forms.
2. Legal basis for data processing
The legal basis for the processing of data transmitted while sending an email or via the contact form is Art. 6 para. 1 lit. a GDPR. If the e-mail contact or contact by the user is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
3. Purpose of data processing
The processing of personal data by e-mail or from the input mask serves us solely to process the contact.
4. Duration of storage
The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. For personal data sent by email or from the input field, this is the case when the respective conversa-tion with the user has ended. The conversation is ended when it can be inferred from the circumstanc-es that the matter in question has been conclusively clarified.
5. Right of cancellation and removal
The user has the option to revoke their consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.
All personal data stored in the course of contacting us will be deleted in this case.
VIII. Newsletter registration and newsletter tracking
1. Description and scope of data processing
It is possible to subscribe to an investor relations and press distribution e-mail newsletter (hereinafter referred to as "newsletter") on our website. If you register for our newsletter, we will use the data re-quired for this and provided by you to send you our e-mail newsletter in accordance with your consent. Mandatory information is labelled accordingly. The data will be used exclusively for sending the news-letter and for analysing the success of the newsletter.
The registration for our e-mail newsletter is carried out in a double opt-in procedure, i.e. after entering your data you will receive an e-mail to the e-mail address provided to us with a confirmation link. This confirmation e-mail serves to authorise the owner of the e-mail address provided to receive the news-letter. The e-mail address will only be added to the mailing list after confirmation. The following are stored: Registration data, time of registration, confirmation, cancellation, IP address and changes to the stored data. The collection of this data is necessary to be able to trace any misuse of the data sub-ject's email address and to safeguard the data controller.
We use the service of Sendinblue GmbH, Köpenicker Straße 126, Berlin, Germany (hereinafter re-ferred to as "Sendinblue") for our newsletter. The agreement required under data protection law for order processing in accordance with Art. 28 GDPR has been concluded with Sendinblue. In this agreement, Sendinblue undertakes to protect the data of our users and to process it exclusively on our behalf in accordance with the applicable data protection regulations.
As part of the success evaluation of our newsletter, a tracking system based on an HTML email is used, with the help of which we analyse the opening and clicking behaviour of newsletter subscribers. The following information about the newsletter is analysed: Number of mailings, recipients, openers, clickers, unsubscribers and total replies as well as hard & soft bounces. We use this information to continuously improve, optimise and further develop our newsletter offering.
2. Purpose and legal basis for data processing
The processing of personal data serves to process and send a newsletter and to analyse the success of a newsletter. This also constitutes the necessary legitimate interest in the processing of the data.
The legal basis for the processing of the data transmitted in the course of consenting to the sending of the newsletter is Art. 6 para. 1 sentence 1 lit. a GDPR.
3. Duration of storage
The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. In the case of a newsletter subscription, this is the case if the consent to processing is revoked by unsub-scribing from the newsletter. After cancellation of the newsletter, all stored data will be deleted.
4. Right of cancelation and removal
As a newsletter subscriber, you have the option to revoke your consent to the processing of personal data at any time. Unsubscribing from the newsletter is possible at any time and can be done either by sending us a message or by using the unsubscribe link provided in the newsletter.
All personal data stored while processing the newsletter subscription will be deleted in this case.
IX. Fraud prevention - use of hCaptcha
1. Description and scope of data processing
We use hCaptcha on our website and in our contact and newsletter forms to check and prevent inter-actions on our website by automated access, e.g. by so-called bots. This is a service provided by Intui-tion Machines, Inc, 350 Alabama St, San Francisco, CA 94110, USA (hereinafter referred to as "hCap-tcha").
hCaptcha is used to check whether the data entered on the website was entered by a human or by an automated programme. To do this, hCaptcha analyses the behaviour of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor accesses a part of the website with hCaptcha activated. For the analysis, hCaptcha evaluates various non-personal information in the background (e.g. anonymously collected IP address, time spent by the visitor on the website or app or mouse movements made by the user). The information collected during the analysis is forwarded to Intuition Machines, Inc in the USA. The hCaptcha service is protected by Cloudflare software, which sets the "__cflb" cookie on your end device. The cookie ensures that hCaptcha works correctly by being used for load balancing. It checks which load balancer is being used for the current session. The storage period is one day.
Further information on data processing by hCaptcha can be found at https://www.hcaptcha.com/privacy.
2. Purpose and legal basis for data processing
The legal basis for the use of hCaptcha is Art. 6 para. 1 sentence 1 lit. f GDPR. The cookie is stored on your device in accordance with Section 25 (2) sentence 2 TDDDG. Our legitimate interest lies in the security of our website as well as in the defence against unwanted, automated access in the form of spam or similar and thus also serves the security of a visitor to our website.
3. Possibility of objection and removal
The collection of non-personal information to provide the functions of hCaptcha is mandatory. Conse-quently, there is no possibility for the user to object.
X. Rights of the data subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
1. Right to information
You can request confirmation from the controller as to whether personal data concerning you is being processed by us.
If such processing has taken place, you can request the following information from the controller:
(1) the purposes for which the personal data are processed;
(2) the categories of personal data being processed;
(3) the recipients or categories of recipients to whom the personal data concerning you have been or are still being disclosed;
(4) the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
(5) the existence of a right to rectification or deletion of personal data concerning you, a right to limitation of the processing by the person responsible or a right to object to such processing;
(6) the existence of a right of appeal to a supervisory authority;
You have the right to request information as to whether the personal data concerning you is trans-ferred to a third country or to an international organisation. In this context, you may request to be in-formed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.
To exercise your right to free information, please contact us directly using the contact details in our legal notice or get in touch with our data protection officer (see Sections I and II).
2. Right to rectification
You have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you is incorrect or incomplete. The controller must make the correction without de-lay.
3. Right to restriction of processing
Under the following conditions, you may request the restriction of the processing of your personal data:
(1) if you contest the accuracy of the personal data concerning you for a period enabling the con-troller to verify the accuracy of the personal data;
(2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
(3) the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of
(4) if you have objected to the processing pursuant to Art. 21 (1) GDPR and it is not yet certain whether the legitimate grounds of the controller override your grounds.
If the processing of personal data concerning you has been restricted, this data - apart from its storage - may only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
4. Right to cancellation
a) Obliagation to erase
You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You withdraw your consent on which the processing is based according to point (a) of Art. 6(1), and where there is no other legal ground for the processing.
(3) You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legiti-mate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
(4) The personal data concerning you has been processed unlawfully
(5) The deletion of personal data concerning you is necessary to fulfil a legal obligation under Un-ion law or the law of the Member States to which the controller is subject.
(6) The personal data concerning you was collected in relation to information society services of-fered in accordance with Art. 8 para. 1 GDPR.
b) Information to third parties:
Where the controller has made the personal data concerning you public and is obliged pursuant to Art. 17 (1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those person-al data.
c) Exceptions
The right to erasure does not exists if the processing is necessary
(1) to exercise the right to freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for archiving purposes in the public interest, scientific or historical research purposes or statis-tical purposes in accordance with Art. 89 para. 1 GDPR, insofar as the right referred to in sec-tion a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
(4) for the assertion, exercise or defence of legal claims.
5. Right to information
If you have asserted the right to rectification, erasure or restriction of processing against the control-ler, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.
You have the right to be informed about these recipients by the controller.
6. Right to data portability
You have the right to receive the personal data concerning you, which you have provided to the con-troller, in a structured, commonly used and machine-readable format.
You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where
(1) the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR and
(2) the processing is carried out using automated procedures.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The freedoms and rights of other persons must not be affected by this.
The right to data portability does not apply to the processing of personal data necessary for the per-formance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR.
The controller will no longer process the personal data concerning you unless the controller demon-strates compelling legitimate grounds for the processing which override your interests, rights and free-doms or for the establishment, exercise or defence of legal claims.
8. Right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its with-drawal.
9. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a com-plaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relat-ing to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
The data protection authority responsible for us is
The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg,
Official address:
Lautenschlagerstraße 20
70173 Stuttgart
Germany
Postal address:
Postfach 10 29 32
70025 Stuttgart
Germany
Further information to be found at www.baden-wuerttemberg.datenschutz.de.
XI. Links to other websites
This data protection declaration applies exclusively to the CropEnergies website. The Internet pages on this website may contain links to third-party websites. Our data protection declaration does not extend to these websites. When you leave the website, you are advised to carefully read the privacy policy of each website that collects personal data.
XII. Security
We take the necessary security measures to protect your personal data against unlawful or uninten-tional access or deletion, alteration or loss and against unauthorised disclosure. We encrypt your data during transmission via our website and use so-called SSL connections (Secure Socket Layer). We secure our website and our other systems and personal data using appropriate technical and organisa-tional measures, in particular against loss, destruction, unauthorised access, modification or disclosure to third parties.
XIII. Availability and Changes
You can view this privacy policy at www.cropenergies.com/en/privacy. You can also save or print out this data protection declaration by using the corresponding functions of your browser.
We reserve the right to change this data protection declaration from time to time or to adapt it to legal requirements and therefore ask you to inform yourself of the current data protection regulations every time you visit our website.
Date: June 2024