Privacy Policy


Status: 03-30-2022 

This privacy policy provides information about how your personal data is processed when using our website ( and the associated functions. 

 Data Controller and Contact 

The data controller is: 

elexon GmbH 
 Gewerbepark Brand 70 
 52078 Aachen 

Telephone: +49 (0) 241 894363-0 

If you have any questions or suggestions regarding our privacy policy, or if you wish to exercise your rights, please feel free to contact us using the contact details provided here. 

2    Data Protection Officer 

You can reach the elexon GmbH data protection officer by e-mail at:

 Which Data Do We Collect? 

The data protection law applies to personal data (hereinafter also referred to simply as “data”). According to Art. 4 No. 1 of the General Data Protection Regulation (“GDPR”), this is any information relating to an identified or identifiable natural person. 

Automated Data Collection

When you access this website, your browser automatically transmits data to our server for technical reasons. The following data is stored separately from other data you may transmit to us: 

  •          The IP address used to trigger the request, including geolocation up to a maximum of city level;
  •          Hostname (name of the computer or network node initiating the request);
  •          Name of the website requested;
  •          Date and time of the server request and the volume of data transferred;
  •          Click paths (which pages were requested);
  •          Access status (file transferred, file not found, etc.);
  •          Referrer (the page from which the website or file was requested);
  •          Browser type and version;
  •          Screen resolution and browser window size;
  •          User’s operating system;
  •          Information about the provider making the request.

The collection and further processing of this data enables us to present the content of our website and make the functions of our website available to you. This is in our legitimate interest, according to Art. 6 para. 1 sentence 1 lit. f DS-GVO.  

The data is stored for the following purposes: 

  •          To ensure the security of our IT systems;
  •          To defend against attacks on our online presence and our IT systems;
  •          To ensure the proper operation of our online presence;
  •          To enforce the law, prevent danger or for legal prosecution in the case of specific evidence of criminal acts.

The IP address is stored for a period of up to seven days. 
Processing is carried out on the basis of our above-mentioned legitimate interests, Art. 6 (1) lit. f DS-GVO. 

5   Web Hosting 

Our website is hosted on servers operated by our web hoster Mittwald CM Service GmbH & Co. KG, based in Germany. This company processes your data on our behalf (cf. Art. 4 No. 8, Art. 28 DS-GVO), i.e. exclusively according to our instructions. Processing takes place only within the European Union. 


We provide a contact form on our website so that you can contact us with questions about elexon GmbH, our website and other inquiries. In addition, you can contact us by e-mail. 

When you contact us via the contact form or by e-mail, the data you provide (in particular your e-mail address, if applicable your telephone number, your first and last name and the text of your inquiry, as well as any other information you have provided in the contact form or by e-mail) will be stored by us in order to process your inquiry and answer your questions. 

This data processing is justified according to  Art. 6 para. 1 lit. f DS-GVO. It is in our interest to contact you through the website at your request. Article 6 (1) b of the German Data Protection Act (DS-GVO) is the legal basis for data processing insofar as your request is aimed at the fulfillment of a contractual or pre-contractual measure with you as a natural person. 

We will delete the data generated in the course of your inquiry/contact as soon as it is no longer required for processing your inquiry. This takes place regularly for a maximum of one year after your request has been fully processed. Storage is based on our legitimate interest, the proper documentation of our business operations and the protection of our legal positions. In addition, we have an interest in implementing regular deletion routines and in retaining the data relating to your contact request, if necessary, for follow-up requests in the near future (Art. 6 para. 1 lit. f DS-GVO). Insofar as legal storage obligations exist beyond this, the data will be stored for the duration of the legally prescribed storage obligation.  

The use of the contact form is completely voluntary and not a prerequisite for the use of our website. 

7   Marketing 

7.1   Postal Address and Existing Customer Marketing

We use your data (in particular name and address) to send you marketing information by post regarding news from elexon GmbH. 

The contact data you provide in connection with the sale of a product or service (in particular your name and email address, if applicable also the name and address of your company or employer, as well as any other information you may have provided) will be used by us for the purpose of direct marketing of similar goods and services by electronic mail, unless you have objected to such use. You may object to this usage at any time at no cost other than the transmission costs based on basic rates. 

Such processing is in our legitimate interest according to Art. 6 (1) lit. f DS-GVO. We have a legitimate economic interest in informing our prospects and customers about further offers and innovations in order to establish and maintain a long-term customer relationship. 

Your data will be stored for this purpose as long as it is required for the postal marketing campaigns and existing customer marketing campaigns and you have not expressly objected to the processing of your data. The storage period is three years after the last contact for marketing purposes. Insofar as legal storage obligations exist, the data will be stored for the duration of the legally prescribed storage obligation. 

7.2  Customized email marketing

If you have given us explicit consent, we will process your personal data and contact you by e-mail for marketing purposes. For this purpose, we process the data provided by you in connection with your consent (in particular, your first and last name, your email address, if applicable, the name and address of your company or employer, as well as any other information you provided when giving your consent). 

Our marketing emails contain news from elexon GmbH, e.g. about new products or electromobility in general, announcements for upcoming events, service information and publications.  

Based on your consent, we can tailor and individualize marketing communications to your interests. This is done by analyzing your interests, which you have expressly communicated (e.g. via the contact form on our website or by email), and your usage behavior (e.g. content retrieved, opening, clicks and reading time) both with regard to our newsletters and similar communications and via our websites using cookies and similar technologies (esp. for mobile devices) and storing this information in a personal profile. 

On the basis of your consent, we may also add your personal contact data (e.g. name, title, company and role/position) to the profile thus created, which you have provided to us yourself and/or which are already stored in our IT systems. 

Processing is based on your consent according to Art. 6 para. 1 lit. a DS-GVO. You can revoke your consent at any time effective immediately without additional costs, e.g. by e-mail to 

Your data will be stored to this end for as long as it is required for customized email marketing and until you revoke your consent. Insofar as legal storage obligations exist, the data will be stored for the duration of the legally prescribed storage obligation. 

7.3  Organizational Processes for Managing Your Marketing Consent 

We also process your personal data in order to fulfill organizational requirements with regard to your marketing consent. This includes, for example, the validation of the email address you have provided by means of a so-called double opt-in procedure and the documentation of your consent status (granting or revoking your consent and validation of the email address. It also includes the contact data you provided when you granted your consent, your IP address, the unique identifier assigned by our IT systems, and the status and time at which you granted your consent. 

If you revoke your consent and/or object to the data processing, we will no longer use your data for marketing purposes. However, we will store the data required for the organizational management of your consent after you revoke your consent and/or object to the data processing, in order to fulfill documentation and verification requirements and to ensure that we do not process your data for marketing purposes in the future, unless you provide new consent. We will delete your data immediately as soon as these organizational purposes cease to apply. This occurs regularly after a period of three years at the end of the year following the termination of the marketing activity. 

8   Customer Relationship Management 

We use IT applications from HubSpot Ireland Ltd. to manage and maintain customer relationships, e.g. to support us in processing data for the purpose of sending newsletters and to maintain the contact data that you send to us via our contact form. It is in our legitimate interest to maintain and manage the collected contact data efficiently using IT applications (Art. 6 para. 1 sentence 1 lit. f DS-GVO). HubSpot Ireland Ltd processes your data on our behalf (cf. Art. 4 No. 8, Art. 28 DS-GVO), i.e. solely in accordance with our instructions. Data processing primarily takes place on servers within the European Union. However, because HubSpot’s parent company is based in the USA, the transfer of personal data to the USA, e.g. in the context of software support services, cannot be ruled out. We have therefore taken the security precautions listed in Section 16 in accordance with Chapter V of the GDPR. 

9   Cookies 

We store and read out so-called “cookies” (or comparable technologies, e.g. for mobile devices) in order to be able to offer certain functions of our website, to optimize the use of our website and to better understand our website visitors and their interests. Cookies are small files that are stored on your end device with the help of your internet browser. 

We use the following cookie categories on our website: 

9.1  Essential Cookies 

This includes the cookies listed below that are necessary for the operation and functionality of our website (so-called “essential cookies”).  

These cookies are used to make the website technically accessible and usable and provide essential and basic functionalities, such as navigation on the website or enable the correct display of the website in the Internet browser. Without these cookies, our website cannot function properly. 

We use essential cookies without your consent in accordance with Section 25, Paragraph 2, No. 2 of the “German Telecommunications and Telemedia Data Protection Act (“TTDSG”). If personal data is processed from these cookies, the processing is carried out to ensure that our website and the functions provided are usable for you. This is also in our legitimate interest, Art. 6 para. 1 sentence 1 lit. f DS-GVO. 

The following essential cookies are used: 







Stores the consents you give when you enter the website 

1 year 



This cookie is set by HubSpot’s CDN provider based on their rate-limiting policies. 

Browser session 


This cookie is set by HubSpot’s CDN provider and is an essential cookie for bot protection. 

30 minutes 



Opt-in Cookie stores the visitor’s decision when the tracking opt-in is triggered on the customer’s page. Also used for an eventual opt-out. 

“no” – 50 years 

“yes” – 480 days 


When using data-block-cookies, this cookie is set to “1” by the API call _etracker.enableCookies() to indicate that etracker is allowed to set cookies. The cookie is set to “0” when _etracker.disableCookies() is invoked. 

“0” – 50 years 

“1” – 480 days 


When using Signalize: opt-in cookie for “Signalize”. If the customer chooses “no”, the cookie is set with the value “no” and a duration of 30 days. If the customer chooses “x” or presses the ESC key (no decision), the cookie is set to “no” for 1 day. 

If the customer rejects the native browser dialog, the value “denied” is set for 30 days. If the customer agrees, the cookie is set to “yes” for 30 days. The values are updated based on the browser settings when the customer visits the page again. 

If the customer agrees to the wallet opt-in, then the cookie is set to ” yes ” for 480 days. 

If the customer does not make a decision, the cookie is set to ” undefined” for 0 days. 

“no” – 30 days 


“no” (Session) 1 day 


“yes” 480 days 


“yes” 30 days 


“denied” 30 days 


“undefined” 0 days 


Exclusion from the count (list of account IDs).  

4 years 


Data for measuring the scroll depth 

Browser session 



This cookie is used by the opt-in privacy policy to ask the visitor to accept cookies again. This cookie is set when you give visitors the choice to disable cookies. 

6 months 


This cookie can be set so that the tracking code does not send information to HubSpot. 

6 months 


This cookie is used to prevent banners from being displayed each time visitors visit your website in strict mode. 

7 days 


This cookie is used to record the categories a visitor has consented to. 

6 months 


This cookie is used to always show visitors the same version of an A/B test page that was previously displayed. 

Browser session 


When you visit a password-protected page, this cookie is set so that a login is no longer required for future visits to the page with the same browser. 

14 days 


This cookie is used to store the contrast selection selected by a visitor on a HubSpot domain. 

180 days 


This cookie is used to determine and store whether the chat widget is open on future visits. It is set in your visitor’s browser when they start a new chat, and reset to close the widget after 30 minutes of inactivity. 

30 minutes 


This cookie ensures that the welcome message is not displayed again for one day after closing. 

1 day 


This cookie is set when visitors log in to a website hosted by HubSpot. 

1 year 


This cookie is used to ensure that content membership logins cannot be spoofed. 

Browser session 


This cookie is used to store a visitor’s selected language when pages are viewed in multiple languages. It is set when a visitor selects a language from the language switcher and will be used as the language setting for redirecting the user to websites in their selected language, where available, in the future. 

2 years 

As a rule, we only store your personal data while you are using this website. 

9.2  Analysis 







Cookie detection 

2 years or configurable 


Detects whether the visitor’s scroll depth is measured. 

24 hours 


Only used to detect whether or not cookies are enabled in the visitor’s browser. 

Duration of the session 


Contains Base64-encoded data about the current visitor’s session (referrer, number of pages, number of seconds since the session started, smart messages displayed in the session), which is used for personalization purposes. 

Session duration 


Contains Base64 encoded visitor history data (is customer, newsletter recipient, visitor ID, smart messages displayed) for personalization. 

1 year 


Contains a list of project IDs that the visitor is excluded for. This cookie is set by the web service if the client configures that not all visitors be assigned to a test, but only a certain subset. 

30 days 



The main cookie for visitor tracking. 

6 months 


This cookie tracks a visitor’s identity. This cookie is passed to HubSpot software when a form is submitted and is used when de-duplicating contacts. 

6 months 


This cookie tracks sessions. It is used to determine if the HubSpot software needs to increase the session count and timestamps in the __hstc cookie. It contains the domain, the number of page views (viewCount, increases with each page view [pageView] in a session), and the session start timestamp. 

30 minutes 


Whenever the HubSpot software changes the session cookie, this cookie is also set. This determines whether the visitor has restarted the browser. 

If this cookie is not present when HubSpot manages cookies, it is considered a new session 

Browser session 

9.3  Cookie Settings / Revocation  

You can prevent cookies from being stored on your end device in advance and in general by deactivating cookies in the system settings of your browser. Please note, however, that some of the cookies are essential for the function of our website, otherwise the page cannot be displayed without problems. If you disable all cookies, you will not be able to use the website without restrictions. You can also control the storage of cookies yourself at any time by changing your browser settings and/or deleting all cookies. 

You can also adjust your cookie settings for our website at any time via the following link. By changing your settings, you can also revoke your consent at any time.  

10  Analytics and/or audience measurement 

We use your data for analysis purposes and/or audience measurement on our website (cf. Art. 4 No. 8, Art. 28 DS-GVO). Processing takes place only within the European Union. An analysis by means of cookies or other tracking technologies, which requires access to information stored in your end device, only takes place if you have given your consent (Art. 6 para. 1 lit. a DS-GVO). 

In addition, however, it is in our legitimate interest to analyze the interaction with our website collected with the help of information from log files (Art. 6 para. 1 lit. f DS-GVO). It is not possible to recognize individual website users and individual interests are not evaluated.  

11  Job Applications via Email 

If you send us an unsolicited application or apply via email in response to one of our job postings at, we will collect the data you provide during the application process, in particular: 

  •          Your name;
  •          Your email address;
  •          Your résumé;
  •          Your work references;
  •          The job profile you are applying for.
  •          You also have the option of providing additional information and a cover letter (letter of motivation) for your application.

We process the above-mentioned personal data for the purpose of receiving and processing your application or deciding on whether to establish an employment relationship with you. The data processing is carried out on the basis of § 26 para. 1, 3 Federal Data Protection Act (“BDSG”). 

If we are unable to offer you a position, your application documents will be stored for up to six months after completion of the respective application process in order to answer any queries in connection with your application. If you allow us to store your application documents for a longer period of time after completion of the application process for further potentially interesting job postings, this is based on your consent (Art. 6 para. 1 lit. a DS-GVO). Storage may continue if required in accordance with our legitimate interests to provide evidence, in particular to defend, enforce or assert claims (Art. 6 para. 1 lit. f DS-GVO). 

12  Automated Individual Decision-Making or Profiling Measures

We do not use automated processing to make a decision or for profiling. 

13  Transmission of Data to Third Parties

Your personal data is only passed on without your prior consent in the following cases: 

  • If it is necessary in order to clarify an illegal usage of our services or for legal prosecution, your personal data will be forwarded to external advisors (e.g. lawyers), law enforcement authorities and, if applicable, aggrieved third parties. This will, however, only happen if concrete indications of unlawful or fraudulent behavior are found. Data may also be transmitted if necessary for the enforcement of contracts or other agreements. Furthermore, we are legally obligated to provide information to certain public authorities upon request. These include law enforcement authorities, authorities that prosecute administrative offenses subject to fines, and tax authorities. Your personal data may also be disclosed if we are exposed to other claims by third parties, which may include the disclosure of your data. Such claims may include, in particular, third-party claims in connection with the assertion of their rights in accordance with Chapter III of the GDPR.

The disclosure of this data is based on our legitimate interest in combating abuse, prosecuting criminal acts and asserting, pursuing or defending claims, Art. 6 (1) lit. f DS-GVO or on the basis of a legal obligation pursuant to Art. 6 (1) lit. c DS-GVO. 

  • We rely on contractually affiliated third-party companies and external service providers, so-called “processors” (cf. Art. 4 No. 8, 28 DS-GVO) for the performance of services.  In such cases, personal data is passed on to these processors in order to enable them to continue processing. These processors are carefully selected and regularly reviewed by us to ensure that your rights and freedoms are protected. The processors are permitted to use the data exclusively for the purposes specified by us and are also contractually obligated by us to treat your data solely in accordance with this privacy policy and the applicable data protection laws.

In addition to the processors already mentioned in this Privacy Policy, we also use the following categories of processors: 

o         IT service providers 

o         Cloud service providers 

o         IT service providers 

o         Software service providers 

  • Within the framework of administrative processes, as well as the organization of our operations, financial accounting and compliance with legal obligations, such as archiving, we may disclose or transmit the same data we received in connection with the provision of our contractual services or, if applicable, in connection with the assertion, pursuit or defense of claims, to tax authorities, consultants, such as tax advisors or auditors, as well as other fee offices and payment service providers.

The transmission of this data is based on our legitimate interest in maintaining our business activities, performing our tasks and providing our services, Art. 6 (1) lit. f DS-GVO or on the basis of a legal obligation according to Art. 6 (1) lit. c DS-GVO. 

  • As we continue to develop our business, it is possible that the structure of elexon GmbH may change by way of a change in legal form, the establishment, purchase or sale of subsidiaries, parts of companies or components. During such transactions, data from our customers and contact persons in particular will be transferred together with the part of the company being transferred. Whenever personal data is transferred to third parties as described above, we will ensure that this is done in accordance with this privacy policy and the relevant data protection laws.

Any disclosure of personal data is justified by the fact that we have a legitimate interest in adapting our corporate form to the economic and legal circumstances as necessary, Art. 6 para. 1 lit. f DS-GVO. 

14  Transmission to Third Countries 

We also process data in countries outside the European Economic Area (“EEA”), in so-called third countries and transfer data to recipients in said third countries. This also includes the USA. Please note that there is currently no adequacy decision from the EU Commission stating that these third countries provide an adequate level of data protection. For the USA in particular, there is currently no corresponding adequacy decision from the EU Commission. We therefore make use of the standard contractual clauses approved by the EU Commission in accordance with Art. 46 (2) lit. c DS-GVO when structuring contractual relationships with recipients in third countries. You can request a corresponding copy of these standard contractual clauses, as well as information on the supplementary measures we have taken to ensure an adequate level of data protection by contacting us using the contact details provided in section 1. 

15  Provision of Your Data

Even if, as described above, there is an automatic transmission of data when you access our website, you are not legally or contractually obligated to provide data in connection with the use of our homepage. 

You are free to provide us with data via the contact form and by email, but we will not be able to process and respond to your inquiries unless you provide us with the corresponding data when contacting us.  

Insofar as voluntary information is concerned, failure to provide it will mean that we will not be able to provide the corresponding functions and services or at least not to the extent to which they are normally provided. If we collect voluntary information within the context of a job application, failure on your part to provide this information will have no consequences for the application process or our selection decision. 

16   Deletion of Your Data 

Unless otherwise stated in this Privacy Policy, we will delete or anonymize your data as soon as it is no longer necessary for the purposes for which we collected or used it in accordance with the preceding paragraphs. Any further storage will only take place if we are obliged to do so due to legal reasons, Art. 6 para. 1 lit. c DS-GVO.  

  • Insofar as we are legally obligated to store your data, we will store it for the legally prescribed period. Legal requirements for storage may arise in particular with regard to the retention periods of the German Commercial Code (HGB) or the German Fiscal Code (AO). The retention period under these regulations is usually between 6 and 10 years from the end of the year in which the relevant process was completed, e.g. we have finally processed your inquiry or the respective contract has ended.
  • Insofar as your data is relevant for the initiation of a contract or the execution of contracts, the data will be stored for the initiation and execution of the respective contractual relationship (Art. 6 para. 1 lit. b DS-GVO).
  • Insofar as the data is required for a longer period of time for the purpose of criminal prosecution or for the assertion, pursuit or defense of legal claims. This is also in our legitimate interest, Art. 6 para. 1 lit. f DS-GVO. 

Processing is restricted insofar as data must be retained for legal reasons. The data is then no longer available for further use.  

17  Your Rights as A Data Subject 

You have the right to receive information from us at any time upon request about the personal data we process that relates to you within the scope of Art. 15 DS-GVO and Section 34 BDSG. 

17.1  Right of Access

You have the right to receive information from us at any time upon request about the personal data we process that relates to you within the scope of Art. 15 DS-GVO and Section 34 BDSG. 

17.2  Right to Rectification

You have the right to request us to rectify your personal data without delay, in accordance with Art. 16 DS-GVO, if it is inaccurate. 

17.3  Right to Erasure

You have the right, under the conditions described in Art. 17 DS-GVO and § 35 BDSG, to demand that we delete your personal data.  

17.4  Right to Restrict Processing

You have the right to demand that we restrict processing in accordance with Art. 18 DS-GVO.  

17.5  Right to Data Portability

You have the right to receive the personal data that you have provided us with in a structured, commonly used, machine-readable format in accordance with Art. 20 DS-GVO. 

17.6  Right to Withdraw Consent

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you on the basis of Article 6(1)(f) DS-GVO, in accordance with Article 21 DS-GVO. We will cease the processing of your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, pursuit or defense of legal claims. 

You have the right to object to the processing of personal data relating to you for direct marketing purposes, including profiling. We will stop the processing immediately following your objection. 

17.7  Right to Object

You have the right to contact a data protection supervisory authority in the event of complaints. The supervisory authority responsible for us in North Rhine-Westphalia is: 

The Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia) 

Kavalleriestr 2-4 
 40213 Düsseldorf 

Telephone: 0211/38424-0 
 Fax 0211/38424-10 

18  Data Processing While Exercising Your Rights

Finally, we would like to point out that we process the personal data that you provide when exercising your rights pursuant to Art. 7 (3) sentence 1 DS-GVO (revocation of your consent) and Art. 15 to 22 DS-GVO for the purpose of implementing these rights and in order to provide evidence thereof as well as, if necessary, for the defense of legal positions. We will store your data in this context for three years from the complete fulfillment of your data subject rights. This data processing is based on Article 6 (1) lit. c DS-GVO in conjunction with Article 7 (3) sentence 1 DS-GVO and Articles 15 to 22 DS-GVO and Section 34 (2) BDSG. Insofar as we process personal data for the purpose of legal defense, this is also in our legitimate interest, Art. 6 para. 1 sentence 1 lit. f DS-GVO. 

You are neither contractually nor legally obligated to provide your personal data, however, we may refuse to fulfill your request regarding the assertion of your data subject rights pursuant to Art. 12 (2) sentence 2 DS-GVO if you do not provide us, upon request where applicable, with the data required to clearly identify you.