Skip to main content
Iqony Steag GroupIqony Steag Group
Search

Data privacy information for our business partners

We attach great importance to protecting personal data. Therefore, we process your data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the other applicable statutory provisions on the protection of personal data and data security.

The following information applies to our business partners and their employees. The following paragraphs provide you with an overview of what personal data we collect from you to establish and maintain business relationships, as well as for what purposes and in what way we use such data. In addition, we provide you with information about the rights you have in relation to your personal data. 
 

1. Controller under data protection law

RKB Raffinerie-Kraftwerks-Betriebs GmbH 
Rüttenscheider Str. 1-3 
45128 Essen, Germany 

www.iqony.energy 

 

2. Contact details of our data protection officer

STEAG GmbH
Group Data Protection Officer 
Rüttenscheider Straße 1-3
45128 Essen

datenschutz@steag.com 

 

3. Data processed and their origin

The categories of personal data we process include, by way of example, the following: 

  • Business contact information, such as first and last name, address, telephone number, mobile number, fax number and email address; 

  • Information about professional activity; 

  • Payment data, such as information required for the processing of payment transactions or fraud prevention. 

We receive such personal data either directly from you (e.g. in the course of correspondence that we have with you), or the data comes from your employer as our business partner. 

 

4. Purposes and legal bases for processing

In the context of our cooperation with business partners, we process personal data for the following purposes:

  1. Establishment and implementation of the business relationship

    First and foremost, we process the personal data mentioned in section 3 above for the purpose of establishing, implementing and managing the contractual relationship with the business partner. The purposes of the processing depend on the specific contractual product or service, as described in more detail in the relevant contract documents. 

    If we communicate with you via Microsoft Teams, we process further data in addition to the data mentioned in section above 3, such as technical information (e.g. IP address), audio and/or video data and other information related to the communication, insofar as this is necessary for communicating with you via Microsoft Teams.  

    The legal basis for such processing is Art. 6 (1) (b) GDPR (if a direct business relationship with you is to be established or already exists) or Art. 6 para. 1 (f) GDPR (if a business relationship with your employer is to be established or already exists). 

  2. Compliance with legal requirements

    We have legal obligations which may require us to process your data, e.g. under commercial or tax law or to carry out compliance screenings (to prevent white-collar crime or money laundering). In such cases, the legal basis for processing is Art. 6 (1) (c) GDPR. 

  3. Ensuring security

    Furthermore, we process your data where this is necessary for maintaining and protecting the security of our products and services, and for preventing and detecting security risks, fraudulent activity or other criminal activity or activity carried out with intent to cause damage. In such cases, the legal basis for processing is Art. 6 (1) (f) GDPR. 

  4. Newsletter dispatch

    If you have given us your explicit consent to do so, we will process your personal data (such as your e-mail address and, if applicable, other data in connection with the subscription) for the purpose of sending you information about our products or our newsletter. In such cases, the legal basis for processing is Art. 6 (1) (a) GDPR.  

     

5. Data recipients

For certain technical processes, we use the support of external service providers. Where Microsoft Teams is used (see above), for example, this is Microsoft Ireland Operations Limited. Our service providers are carefully selected and meet high data protection and data security standards. They are bound to strict confidentiality and process data only on our behalf and in accordance with our instructions (Art. 28 GDPR). 

Furthermore, we may transfer personal data to other STEAG Group companies if and to the extent that this is necessary for internal administrative purposes (Art. 6 (1) (f) GDPR). 

We may transfer personal data to courts, supervisory authorities or law firms, if this is legally permissible and necessary to comply with applicable law or to assert, exercise or defend against legal claims (Art. 6 (1) (f) GDPR). 

In the event of a sale of our company (or one or more of our affiliates), we may disclose personal data to potential acquiring parties and their advisors if and insofar as this is necessary to safeguard the legitimate interests of the parties involved in the implementation of the corporate transactions and in the proper auditing of our company, and provided that the interests of the data subjects are not overriding (Art. 6 (1) (b) or (f) GDPR). 

 

6. Transfer of data to third countries

The recipients of the data are preferably located within the EU, but possibly also in countries outside the European Economic Area where the applicable law does not ensure the same level of data protection as in the EU. In this case, we take measures to ensure appropriate and adequate safeguards for the protection of personal data. These will usually include the conclusion of standard data protection clauses in accordance with Art. 46 (2) (c) GDPR. We will gladly provide you with a copy of these clauses upon request.  

 

7. Duration of data storage

We will delete your personal data as soon as they are no longer required for the purposes mentioned above, unless statutory obligations to retain data preclude deletion. The legal obligations to keep records and to retain data, as stipulated, among other things, in the German Commercial Code (Handelsgesetzbuch) and the German Fiscal Code (Abgabenordnung), require us to retain data for up to ten years. 

 

8. Your rights

You have the right to access personal data we hold about you (Art. 15 GDPR) You may request rectification/completion (Art. 16 GDPR), erasure (Art. 17 GDPR) or restriction of processing (Art. 18 GDPR) of your personal data. In certain circumstances, you may request to receive the data you have provided to us in a structured, commonly used and machine-readable format or that this data be transferred to a third party (Art. 20 GDPR). You also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). 

You may at any time and without giving reasons withdraw your consent to the processing of personal data with effect for the future (Art. 7 (3) GDPR). 

Finally, you have the right to object, on grounds relating to your particular situation, at any time to the processing of data concerning you which is carried out on the basis of Art. 6 (1) (f) GDPR (Art. 21 GDPR). We will no longer process the data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims. 

 

If you wish to exercise your rights, please feel free to contact our Group Data Protection Officer. 

 

Iqony