Privacy Policy

We are pleased about your visit to our site https://bdew-codes.de/.

The protection and security of our users’ data are important to us. We have therefore designed our website and our business processes so that as little personal data as possible is collected or processed.

The following privacy policy explains which personal data is collected during or as a result of your visit to this website and which parts of this information may be used and in what manner.

1. Name and address of the controller

Controller within the meaning of the General Data Protection Regulation (GDPR):

Energie Codes und Services GmbH
Reinhardtstraße 32
10117 Berlin
Germany
Tel.: 030/300199-6500
Email: mail@energiecodes-services.de
Website: https://energiecodes-services.de/

2. Data Protection Officer

A Data Protection Officer is not required pursuant to Art. 37 GDPR in conjunction with Sec. 38 BDSG. If you have any questions about data protection, please contact mail@energiecodes-services.de.

3. Collection of personal data

3.1. When accessing and using this site, the following data is collected:
Access data:
By default, the server logs so-called access logs, which contain the following information:
  • Timestamp of access
  • Client IP address
  • Requested URL
  • HTTP status code
  • User agent (browser/client type)
These logs are necessary for security monitoring. Misuse detection—such as protection against brute-force attacks—is implemented via firewall rules and is also logged.

Legal basis:
  • Art. 6(1)(f) GDPR (legitimate interests in stability, security, and misuse detection)

Retention: 3 days, unless needed longer due to a current attack or similar circumstances.
Energie Codes und Services GmbH uses the log data only for statistical evaluations for the purpose of operation, security, and optimization of the service.
However, Energie Codes und Services GmbH reserves the right to review the log data retrospectively if there is concrete evidence of a justified suspicion of unlawful use.

3.2. Personal data collected during registration:
Only the data you enter yourself is collected:
  • Company/organization
  • Street
  • House number
  • Postal code
  • City
  • Website
  • General telephone number
  • General email address
  • Last name
  • First name of the contact person
  • Telephone number of the contact person
  • Email address of the contact person
Login area:
  • Email address of the contact person
  • Password
Legal basis:
  • Art. 6(1)(b) GDPR (performance of a contract – provision of the user account)
  • Art. 6(1)(f) GDPR (legitimate interests – IT security, misuse detection)
  • Art. 6(1)(c) GDPR (legal obligations – e.g., record-keeping obligations under tax regulations)
Retention: until the account is deleted or at the latest 10 years after the last login

In the event of attempted misuse or server errors, a so-called log file may be started for error analysis. Specifically, the exact address of the page called up, the transmitted browser identifier, and the system date and time of the page request are recorded. This data is deleted from our servers immediately after the error has been remedied and is used solely to analyze the error. Energie Codes und Services GmbH is not able to link the log data to a person.

4. Purposes of processing

Contract execution as well as
ensuring and monitoring security measures.

5. Legal bases

  • Art. 6(1)(a) GDPR (consent/self-submission).
  • Art. 6(1)(b) GDPR (performance of a contract).
  • Art. 6(1)(f) GDPR (legitimate interests).

6. Recipients of the data, transfers to third countries

There is no disclosure to external service providers or third parties and no transfer outside the EU/EEA.

7. Storage period

Data is stored for at least the duration of the contract plus a further 10 years to ensure uniqueness, including for the purposes of final settlement.
Personal data of the contact person can be deleted if the contact person no longer has the relevant function.

8. Rights of data subjects

You have the right to:
  • Access (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object (Art. 21 GDPR)
  • Withdraw consent given (Art. 7(3) GDPR)
  • Lodge a complaint with a supervisory authority (Art. 77 GDPR)

9. Right to lodge a complaint with the supervisory authority

You have the right to lodge a complaint with the supervisory authority.

Competent supervisory authority:

Berlin Commissioner for Data Protection and Freedom of Information
Alt-Moabit 59-61, 10555 Berlin
mail@datenschutz-berlin.de
https://www.datenschutz-berlin.de

10. Technical and organizational measures (TOM)

The website is generally accessible only via SSL-encrypted HTTPS connections. The server itself—apart from web access—is only reachable by authorized devices, which is regulated via IP and MAC address filtering. In addition, daily backups of the server are created and relevant events are logged, such as access attempts from unauthorized IP addresses or database errors. Security updates are also installed on a regular basis.

11. Cookies and tracking

No cookies or tracking tools are used.

12. Newsletter and other features

No separate newsletter offering.

No chatbots, social media plugins, live chats, guestbooks, or application forms.

Independently of this, bulk mailings may be sent if necessary—for example, regarding changes to the terms of use or the price list—to the respective affected code holders.

13. Contact for data protection inquiries

Email: mail@energiecodes-services.de


Last updated: September 2025