Dear PRISMA users, visitors, guests and stakeholders,
At PRISMA European Capacity Platform, we adhere to the EU General Data Protection Regulation (GDPR).
First of all, we would like to let you know who is taking care of your personal data:
We are PRISMA European Capacity Platform GmbH, a company registered with the District Court of Leipzig (commercial register number: HRB 21361, VAT ID: DE 241 646 520). We are located at the Reichsstraße 1-9 in 04109 in Leipzig, Germany. Our managing director is Dr. Götz Lincke.
We are always available for you. If you have any question regarding data protection issues, please send us an email to: firstname.lastname@example.org.
Customers, platform users, employees, applicants to the job positions offered by PRISMA, service providers and shareholder representatives. Occasionally, and after obtaining consent, we process pictures of employees and people that attend our events.
We process names, email addresses, postal addresses, IP addresses, phone numbers, invoicing information, job applications, pictures and consented voice recordings.
We get your personal data from you when:
- registering at our platform as User administrator or User,
- entering into a service contract,
- entering into a contract with PRISMA as a freelancer,
- entering into a REMIT Reporting agreement, or any other additional service provided by PRISMA,
- subscribing to receive our newsletter
- applying for a job at PRISMA,
- sharing your business or personal information with us, e. g. via email, business card, telephone or voice over IP calls
- attending a PRISMA organized online webinar or meeting,
- contacting our Customer Success Team and
- attending one of our events.
We could also receive your personal data from your company if:
- you are the company’s representative,
- you are nominated by one of your shareholders to make governance decisions,
- you are designated to be a contact between your company and PRISMA, and
- your information has been legally made publicly available.
We could also obtain your personal information via Cookies (small text files that collect your user ID):
We process your personal data by using a cookie that stores your Login credentials. This is a session cookie that is automatically deleted after your visit. We need this cookie to collect your User ID only for user validation. Without fulfilling this validation process is impossible for us, because of legal, contractual and security reasons, to grant you access to our platform.
We also use the service of Amplitude to obtain input about the usability of our platform and improve your experience at PRISMA. For this we will track your use of the platform and, occasionally, request your feedback via a survey. This research is anonymous, and no personally identifiable data is collected. Nevertheless, you have the option to opt-in and opt-out from participating in our usability research input.
We may process your personal data of our clients or other data subjects based on contractual obligations. For instance:
- PRISMA’s General Terms and Conditions (GTCs) for Use of the PRISMA Capacity Platform. This includes processing personal data of our platform users to enable registration in our platform and the booking and trading of gas capacities. Processing the personal data of our users also allows us to monitor the well-functioning of our platform and to provide proper service management;
- PRISMA’s service contracts for the development and operation of an electronic platform for gas infrastructure operators for the allocation of capacities (primary capacity platform), for the trading of capacities (secondary capacity platform) and for related services, such as the marketing of gas storage capacities;
- REMIT Reporting Contracts to fulfil the delegated obligation of allowing Network Users to report their relevant trade data to the relevant recipients;
- Automated Shipper Connection and Application Program Interface (API) Contracts to connect the contract management of Network Users to the PRISMA Platform and provide secure and reliable data exchange of relevant trade information,
- Any other (pre-)contractual or business relation or contact with PRISMA.
In the context of contractual obligations, we also process personal data to provide customer care, solve tickets and to improve our customers’ experience at our platform and improve our service.
We process personal data of clients and other data subjects interested in our services after receiving explicit consent to receive our Newsletter. In our Newsletter: PRISMA Insights, we inform recipients of our future projects, events and general news about our company and the gas market.
We process personal data of applicants to evaluate their job applications. We keep their personal information for longer than legally allowed only after obtaining consent.
We process the personal data of the representatives of service providers to evaluate offers, fulfil the contract and enable the provision of the service.
We also process personal data to fulfil legal and regulatory requirements.
At PRISMA we neither sell nor lease any personal data. Furthermore, we DO NOT perform any type of automated decision-making based on your personal data.
We might share your personal data with third parties in the context of the reasons explained above. We may share your personal data with some of our service providers under strict contractual clauses. We might also share personal information of our clients if required by a competent authority. Finally, we might also share the personal data we collect after receiving your explicit consent.
We share your personal data to service providers that help us to provide our main service. We only work with service providers that lawfully process your personal data. To ensure they have high standards of personal data protection, we have in place a contract management system that allows us to evaluate providers processing activity and commitment towards the protection of personal data. We also keep constant communication to our service providers. Our main service providers and their privacy policies are:
BTC AG: https://www.btc-ag.com/de/7532.htm
ONTEC AG: https://software.ontec.at/datenschutzerklaerung/
Synexus GmbH: https://synexus.de/impressumdatenschutz/
Amazon Web Services: https://aws.amazon.com/de/privacy/
We also work with:
Company Mood: https://www.company-mood.com/privacy
Digital Vikings: https://digitalvikings.com/datenschutz/
Google Analytics: https://support.google.com/analytics/answer/6004245?hl=de/
HubSpot, Inc.: https://legal.hubspot.com/de/privacy-policy
LogMein, Inc.: https://www.logmeininc.com/legal/privacy/
Mail Chimp: https://mailchimp.com/legal/privacy/
[MaxMind, Inc. by using GeoLite2 data created by MaxMind, which is available from <a href= https://www.maxmind.com”>https://www.maxmind.com</as>.
** please note using these GeoLite2 data does not result in processing personal data of our customers, noting it here shall purely serve copyright and transparency reasons
We may share your public information to public authorities to fulfil legal obligations. some of this public authority include, but are not limited to:
Agency for the Cooperation of Energy Regulators (ACER): To fulfil the report obligations established in the Regulation on the Wholesale Energy Market Integrity and Transparency (REMIT).
National Regulatory Authorities (NRAs): To enable their investigatory functions in the context of e. g. REMIT.
Data Protection Authorities
In some cases, we would transfer your personal data to third countries as a consequence of contractual relationships between PRISMA and our service providers. However, at PRISMA we make sure to establish contractual relationships with only service providers that offer a degree or protection of personal data approved by the EU. In this sense, we potentially transfer your personal data to other EU countries and countries recognized by the EU as having a high degree of personal data protection. In exceptional cases, we would ONLY consider transferring your personal data to countries that do not fall within the previous categories if they provide guarantees and appropriate safeguards for the lawful processing of your personal data, such as adhering to standard clause of protection of personal data, or by signing a data protection agreement with us.
At PRISMA we know you have the right to be forgotten. At the same time, we are aware of other legal responsibilities that derive from a contractual relationship between your company and ours. That is why we have designed an erasure concept that balances your data protection rights with legal obligations in line with tax, civil and commercial, regulatory, corporate, employment and criminal law. We erase your personal information at the end of the retention period allowed or required by those laws. However, in the case of our platform users, it is the responsibility of the Network Users, as controllers of the Users’ information, to delete their registration information upon termination or cessation of use of the platform.
The personal data erasure concept designed by PRISMA is the following:
- Personal data of shareholders (ID Data): deleted after 10 years, unless financial year tax evaluation has not yet been completed.
- Personal data of employees: deleted 10 years after the conclusion of the employment contract, unless financial year tax evaluation has not yet been completed.
- Personal data of job applicants: deleted after one year upon recruitment process termination. If we require to keep your personal data longer and include it in our talent pool, we will request for your consent.
- Personal data of platform users (ID Data): upon platform termination, unless there is a compelling reason to keep it.
- Personal data in the platform archives: anonymized after 10 years.
- Audios: deleted after 10 years to fulfil the requirements of REMIT.
To ensure the safety of personal data, we have implemented, among others, the following organizational and IT measures:
- Training: to make sure that everybody PRISMA’s employees understand their data protection responsibilities;
- Contract management: to ensure contracts with service providers that offer accurate protection of personal data;
- On-Premises security measures: to make sure that no malicious entity can have access to the data you entrust with us;
- Restricted access to documentation: to strictly ensure that the individuals who do not need to have access to your personal data do not have access to it;
- Confidentiality clauses: to ensure that our employees and subcontractors keep your personal information confidential;
- Virus scans and firewalls: to review and identify technological threats that could affect our information;
- Data backup and data restoration: to prevent that your personal data gets lost;
- Tests and audits: to verify security measures;
- Automated security tests: to ensure that each software release is subject to constant adjustments to new hazards. Each year, the Company performs a comprehensive penetration test for this purpose.
We are aware that you have the right to access, rectify, object to processing, delete your personal data, withdraw consent at any time, etc. If you want to exercise any of your data protection rights, you can send an email to: email@example.com or call our data protection officer at: +49341699299033. We are ready to process your request and keep you informed in a timely manner.