Dear PRISMA users, visitors, guests and stakeholders,
At PRISMA European Capacity Platform, we adhere to the EU General Data Protection Regulation (GDPR).
First of all, we would like to let you know who is taking care of your personal data:
We are PRISMA European Capacity Platform GmbH, a company registered with the District Court of Leipzig (commercial register number: HRB 21361, VAT ID: DE 241 646 520). We are located at the Reichsstraße 1-9/Grimmaische Straße 1-7 in 04109 in Leipzig, Germany. Our managing director is Dr. Götz Lincke.
We are always available for you. If you have any question regarding data protection issues, please send us an email to: .
Next, we would like to give you the following information about personal data processing at PRISMA:
Customers, platform users, employees, applicants to the job positions offered by PRISMA, service providers and shareholder representatives. Occasionally, and after obtaining consent, we process pictures of employees and people that attend our events.
We process names, email addresses, IP addresses, phone numbers, invoicing information, job applications, pictures and voice recording, to fulfil with the Regulation on Wholesale Energy and Markets, Integrity and Transparency (REMIT).
We get your personal data from you when:
- registering at our platform as User administrator or User,
- entering into a service contract,
- entering into a contract with PRISMA as a freelancer,
- entering into a REMIT Reporting agreement, or any other additional service provided by PRISMA,
- subscribing to receive our newsletter
- applying for a job at PRISMA,
- sharing your business or personal information with us, e. g. via email, business card or telephone calls,
- contacting our Customer Success Team, and
- attending one of our events.
We could also receive your personal data from your company if:
- you are the company’s representative,
- you are nominated by one of your shareholders to make governance decisions,
- you are designated to be a contact between your company and PRISMA, and
- your information has been legally made publicly available.
We could also obtain your personal information via Cookies (small text files that collect your user ID):
We process your personal data by using a cookie that stores your Login credentials. This is a session cookie that is automatically deleted after your visit. We need this cookie to collect your User ID only for user validation. Without fulfilling this validation process is impossible for us, because of legal, contractual and security reasons, to grant you access to our platform.
We also use the service of Amplitude to obtain input about the usability of our platform and improve your experience at PRISMA. For this we will track your use of the platform and, occasionally, request your feedback via a survey. This research is anonymous and no personally-identifiable data is collected. Nevertheless, you have the option to opt-in and opt-out from participating in our usability research input.
We may process your personal data of our clients based on contractual obligations. For instance:
- PRISMA’s General Terms and Conditions (GTCs) for Use of the PRISMA Capacity Platform. This includes processing personal data of our platform users to enable registration in our platform and the booking and trading of gas capacities. Processing the personal data of our users also allows us to monitor the well-functioning of our platform and to provide proper service management;
- PRISMA’s service contracts for the development and operation of an electronic platform for gas infrastructure operators for the allocation of capacities (primary capacity platform), for the trading of capacities (secondary capacity platform) and for related services, such as the marketing of gas storage capacities;
- REMIT Reporting Contracts to fulfil the delegated obligation of allowing Network Users to report their relevant trade data to the relevant recipients;
- Automated Shipper Connection and Application Program Interface (API) Contracts to connect the contract management of Network Users to the PRISMA Platform and provide secure and reliable data exchange of relevant trade information,
- Any other (pre-)contractual or business relation or contact with PRISMA.
In the context of contractual obligations, we also process personal data to provide customer care, solve tickets and to improve our customers’ experience at our platform and improve our service.
We process personal data of clients and other data subjects interested in our services after receiving explicit consent to receive our Newsletter. In our Newsletter: PRISMA Insights, we inform recipients of our future projects, events and general news about our company and the gas market.
We process personal data of applicants to evaluate their job applications. We keep their personal information for longer than legally allowed only after obtaining consent.
We process the personal data of the representatives of service providers to evaluate offers, fulfil the contract and enable the provision of the service.
We also process personal data to fulfil legal and regulatory requirements.
At PRISMA we neither sell nor lease any personal data. Furthermore, we DO NOT perform any type of automated decision-making based on your personal data.
We might share your personal data with third parties in the context of the reasons explained above. We may share your personal data with some of our service providers under strict contractual clauses. We might also share personal information of our clients if required by a competent authority. Finally, we might also share the personal data we collect after receiving your explicit consent.
We share your personal data to service providers that help us to provide our main service. We only work with service providers that lawfully process your personal data. To ensure they have high standards of personal data protection, we have in place a contract management system that allows us to evaluate providers processing activity and commitment towards the protection of personal data. We also keep constant communication to our service providers. Our main service providers and their privacy policies are:
We also work with:
We may share your public information to public authorities to fulfil legal obligations. some of this public authority include, but are not limited to:
- Agency for the Cooperation of Energy Regulators (ACER): To fulfil the report obligations established in the Regulation on the Wholesale Energy Market Integrity and Transparency (REMIT).
- National Regulatory Authorities (NRAs): To enable their investigatory functions in the context of e. g. REMIT.
- Data Protection Authorities
In some cases, we would transfer your personal data to third countries as a consequence of contractual relationships between PRISMA and our service providers. However, at PRISMA we make sure to establish contractual relationships with only service providers that offer a degree or protection of personal data approved by the EU. In this sense, we potentially transfer your personal data to other EU countries, to countries recognized by the EU as having a high degree of personal data protection, and to US companies covered by Privacy Shield. In exceptional cases, we would ONLY consider transferring your personal data to countries that do not fall within the previous categories if they provide guarantees and appropriate safeguards for the lawful processing of your personal data, such as adhering to standard clause of protection of personal data, or by signing a data protection agreement with us.
At PRISMA we know you have the right to be forgotten. At the same time, we are aware of other legal responsibilities that derive from a contractual relationship between your company and ours. That is why we have designed an erasure concept that balances your data protection rights with legal obligations in line with tax, civil and commercial, regulatory, corporate, employment and criminal law. We erase your personal information at the end of the retention period allowed or required by those laws. However, in the case of our platform users, it is the responsibility of the Network Users, as controllers of the Users’ information, to delete their registration information upon termination or cessation of use of the platform.
The personal data erasure concept designed by PRISMA is the following:
- Personal data of shareholders (ID Data): deleted after 10 years, unless financial year tax evaluation has not yet been completed.
- Personal data of employees: deleted 10 years after the conclusion of the employment contract, unless financial year tax evaluation has not yet been completed.
- Personal data of job applicants: deleted after one year upon recruitment process termination. If we require to keep your personal data longer and include it in our talent pool, we will request for your consent.
- Personal data of platform users (ID Data): upon platform termination, unless there is a compelling reason to keep it.
- Personal data in the platform archives: anonymized after 10 years.
- Audios: deleted after 3 months to fulfil the requirements of REMIT.
To ensure the safety of personal data, we have implemented, among others, the following organizational and IT measures:
- Training: to make sure that every PRISMA employee understands their data protection responsibilities;
- Contract management: to ensure contracts with service providers offer accurate protection of personal data;
- On-Premises security measures: to make sure that no malicious entity can have access to the data you entrust with us;
- Restricted access to documentation: to strictly ensure that only the individuals who need to have access to your personal data are the ones who have access to it;
- Confidentiality clauses: to ensure that our employees and subcontractors keep your personal information confidential;
- Virus scans and firewalls: to review and identify technological threats that could affect our information;
- Data backup and data restoration: to prevent your personal data from loss;
- Tests and audits: to verify security measures;
- Automated security tests: to ensure that each software release is subject to constant adjustments to new hazards. Each year, the Company performs a comprehensive penetration test for this purpose.
We are aware that you have the right to access, rectify, object to processing, delete your personal data, withdraw consent at any time, etc. If you want to exercise any of your data protection rights, you can send an email to firstname.lastname@example.org, or call our data protection officer at +49341699299033. We are ready to process your request and to keep you informed in a timely manner.