Choose your language

Privacy Statements

Privacy Statement for our Website

We, TGE Gas Engineering GmbH, take the protection of personal data and its confidential treatment very seriously. We therefore hereby inform you about the processing of your personal data in the context with your visit to our company website and the rights to which you are entitled. Your personal data will be processed exclusively in accordance with the applicable legal provisions of data protection law, in particular the General Data Protection Regulation (hereinafter “GDPR”) and the Federal Data Protection Act (“BDSG”).

I. Who is responsible for the data processing and who is the data protection officer?

1. Responsible for the processing of your personal data is:

TGE Gas Engineering GmbH
Mildred-Scheel-Str. 1
53175, Bonn
Germany
+49 228 60448 893
dataprotection@tge-gas.com

2. You can reach our data protection officer as follows:

Boris Reibach
Scheja & Partner Rechtsanwälte mbB
Adenauerallee 136
53113, Bonn
Germany
Tel.: (+49) 0228-227 226 0
https://www.scheja-partner.de/kontakt/kontakt.html
www.scheja-partner.de

II. What is the subject of data protection?

The subject of data protection is personal data. This is all information that relates to an identified or identifiable natural person (so-called data subject). This includes, for example, information such as name, postal address, e-mail address or telephone number.

III. Details on our services

Functionality: Display of service
Data categories: Date and time of access, duration of visit, type of device, used operation system, used functions, amount of sent data, type of event, IP-address, domain name
Purpose(s): Providing Service
Legal basis: Article 6 section 1 sentence 1b) and f) GDPR
Pursued legitimate interests: Technical functionality
Recipients or categories of recipients: Hosting provider, internal departments, external service provider for technical support
Storage periods or criteria for their determination: Directly after delivery by the web server
Duty to provide personal data and possible consequences of failure to provide: No duty to provide, automatic collection by accessing the service
Data sources: Direct collection when accessing website/service

Functionality: Log files
Data categories: Accessed URL, IP address, Date and time of access, amount of transferred data, website where the user came from (‘referrer’), websites accessed by the user’s system from our website, http-status, information about the browser type and the used version, operating system
Purpose(s): Statistical evaluations, optimizing the website, system security (fraud prevention), error diagnosis
Legal basis: Article 6 section 1 sentence 1 b) and f) GDPR
Pursued legitimate interests: See purposes
Recipients or categories of recipients: Hosting provider, internal departments, external service provider for technical support government agencies on demand
Storage periods or criteria for their determination: 7 days after creation
Duty to provide personal data and possible consequences of failure to provide: No duty to provide, automatic collection by accessing the service
Data sources: Direct collection when accessing website/service

Functionality: Contact form
Data categories: Name of the contacting person, email address, content of the message
Purpose(s): Receipt and handling of requests, complaints and other feedback
Legal basis: Article 6 section 1 sentence 1 b) and f) GDPR
Pursued legitimate interests: See purposes
Recipients or categories of recipients: Hosting provider, Internal departments, government agencies on demand
Storage periods or criteria for their determination: After handling the request
Duty to provide personal data and possible consequences of failure to provide: Mandatory details in the contact form marked with “*”, other information is not mandatory but serves faster handling of the request
Data sources: Direct collection in the contact form

Functionality: Application form
Data categories: Name, email address, phone number, Letter, CV and Documents
Purpose(s): Manage the application process
Legal basis: Article 6 section 1 sentence 1 b) GDPR
Recipients or categories of recipients: Hosting provider and Internal departments at TGE Bonn, TGE Munich, TGE Manchester/Eastleigh, TGE Shanghai
Storage periods or criteria for their determination: Your application documents will generally be stored for 6 months. If you have given your consent for longer storage, we will store your application for 2 years.
Duty to provide personal data and possible consequences of failure to provide: Mandatory details in the application form marked with “*”, other information is not mandatory but serves to facilitate the application process
Data sources: Direct collection in the application form

Functionality: Google Maps
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Data categories: IP-Address, Latitude and longitude coordinates
Purpose(s): Optimisation of our service performance
Legal basis: Article 6 section 1 sentence 1 a) GDPR
Further Information on what data is processed by YouTube and for what purposes can be found in Google’s privacy policy: Privacy Policy – Privacy & Terms – Google
Further Information: When you visit our website, Google will only process your personal data if you have given your consent.

Functionality: YouTube
Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Data categories: Accessed URL, IP address, Date and time of access, amount of transferred data, website where the user came from (‘referrer’), websites accessed by the user’s system from our website, http-status, information about the browser type and the used version, operating system
Purpose(s): Optimisation of our service performance
Legal basis: Article 6 section 1 sentence 1 a) GDPR
Further Information on what data is processed by YouTube and for what purposes can be found in Google’s privacy policy: Privacy Policy – Privacy & Terms – Google
Further Information: When you visit our website, YouTube will only process your personal data if you have given your consent.

Functionality: Google Fonts
Recipients or categories of recipients: Hosting provider
Data categories:IP-Address, website where the user came from, CSS and font requests, information about the browser type and the used version, language settings
Purpose(s): Optimisation of our service performance
Legal basis: Article 6 section 1 sentence 1 f) GDPR
Further Information on what data is processed by Google and for what purposes can be found in Google’s privacy policy: Privacy Policy – Privacy & Terms – Google

Functionality: Cookie Consent Tool
Name: Borlabs
Data categories: IP-Address Domain and path of the WordPress website
Purpose(s): Saves the visitors preferences selected in the Cookie Box of Borlabs Cookie
Legal basis: Article 6 section 1 sentence 1 c) and f) GDPR
Recipients or categories of recipients: Hosting provider
Storage periods or criteria for their determination: 1 Year
Data sources: Direct collection in the Cookie Consent Tool

Functionality: Website Analytics
Name: Koko Analytics
Data categories: IP-Address, Website where the user came from (‘referrer’)
Purpose(s): Generates statistical data on how the visitor uses the website.
Legal basis: Article 6 section 1 sentence 1 a) GDPR
Recipients or categories of recipients: Hosting provider
Storage periods or criteria for their determination: 1 Month
Duty to provide personal data and possible consequences of failure to provide: Not Mandatory
Further Information: We will only process your personal data if you have given your consent

IV. Third Country Transfer

If data is transferred to entities whose registered office or place of data processing is not located in a member state of the European Union or in another state party to the Agreement on the European Economic Area, we will ensure prior to the transfer that, outside of exceptional cases permitted by law, either an adequate level of data protection exists at the recipient (e.g., through an adequacy decision by the European Commission, or through suitable guarantees such as the agreement of so-called EU standard contractual clauses of the European Union with the recipient) or your sufficient consent has been obtained. You can obtain from us an overview of the recipients in third countries and a copy of the concrete agreed arrangements to ensure the adequate level of data protection.

V. What are my rights as a data subject?

You have the following rights regarding the processing of your personal data:

1. Right of access

You have the right to obtain confirmation from us as to whether or not we are processing personal data about you. If this is the case, you have the right to be informed about your personal data and to receive further information regarding the processing.

2. Right of rectification

You have the right to request the rectification of your inaccurate personal data and to have incomplete personal data completed.

3. Right to erasure (“right to be forgotten”)

In certain circumstances, you have the right to request that we erase your personal data. This right exists, for example, if the personal data is no longer necessary for the purposes for which it was collected or otherwise processed, or if the personal data was processed unlawfully.

4. Restriction of processing

In certain circumstances, you have the right to request us to restrict the processing of your personal data. In this case, we will only store personal data for which you have given consent or for which the GDPR permits processing. For example, you may have a right to restrict processing if you have contested the accuracy of your personal data.

5. Data portability

If you have provided us with personal data on the basis of a contract or consent, you may, if the legal requirements are met, request that you receive the personal data you have provided in a structured, common and machine-readable format or that we transfer it to another controller.

6. Revocation of consent

If you have given us consent to process your personal data, you may revoke this consent at any time with effect for the future. The lawfulness of the processing of your personal data until the revocation remains unaffected.

7. Right of objection

Individual right of objection
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6(1)(f) GDPR (data processing on the basis of a balance of interests). If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

8. Right of complaint to the supervisory

In addition, you have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates applicable law. To do so, you can contact the data protection authority responsible for your place of residence, workplace or the place of an alleged violation or the data protection authority responsible for us. The competent supervisory authority is the supervisory authority of the federal state in which you live or work or in which an alleged infringement is alleged to have taken place that is the subject of the complaint.

VI. Who can I contact with questions or to assert my data subject rights?

If you have any questions about the processing of your personal data or if you wish to assert your data subject rights as set out in section XI. No. 1 to 7, you can contact us free of charge. Please use our contact details under section I. No. 1.

Privacy Statement for Business Partners

We, TGE Gas Engineering GmbH, take the protection of personal data and its confidential treatment very seriously. We therefore hereby inform you about the processing of your personal data within the scope of the business relationship with you or your employer and the rights to which you are entitled. Your personal data is processed exclusively within the framework of the applicable statutory provisions of data protection law, in particular the General Data Protection Regulation (hereinafter “GDPR”) and the Federal Data Protection Act in the version applicable since 25 May 2018 (“BDSG 2018”).

I. Who is responsible for the data processing and who is the data protection officer?

1. Responsible for the processing of your personal data is:

TGE Gas Engineering GmbH

Mildred-Scheel-Str. 1

53175, Bonn

Germany

+49 228 60448 893

dataprotection@tge-gas.com

2. You can reach our data protection officer as follows:

Boris Reibach

Scheja & Partner Rechtsanwälte mbB

Adenauerallee 136

53113, Bonn

Germany

Tel.: (+49) 0228-227 226 0

https://www.scheja-partner.de/kontakt/kontakt.html

www.scheja-partner.de

II. What is the subject of data protection?

The subject of data protection is personal data. This is all information that relates to an identified or identifiable natural person (so-called data subject). This includes, for example, information such as name, postal address, email address or telephone number.

III. Which of my personal data is processed?

Within the scope of the business relationship with you or your employer, we only process the personal data of you that is related to the business relationship. This can be in detail:

• Contact details, including your name, email address and telephone number

• Customer history data

• Experience and knowledge

• Data on possible compliance and export control violations of company executives

• Your personal images in the form of video transmissions inside TGE´s company buildings (the video material will not be stored)

IV. What purposes are pursued with the processing of my personal data and on what legal basis is this done?

In the following, we provide you with an overview of the purposes and legal bases for processing your personal data within the scope of the business relationship with you:

1. Data processing for the purpose of fulfilling the contract within the scope of the business relationship

We process your personal data for the preparation and performance of the business relationship. The purposes depend on the specific contract and include in particular:

• Inclusion in the database management of our customer management system

• Communication with contact persons of our business partners

• Preparation, conclusion and processing of contracts

• Preparation of offers, order confirmations and invoices

Data processing is based on Art. 6(1)(b) GDPR if a business relationship exists or is to be entered into with you personally. If, on the other hand, you are acting on behalf of a third party, in particular your employer, the data processing is based on Art. 6(1)(f) GDPR, provided this is compatible with your fundamental rights and freedoms, see the further explanations under section IV. No. 4.

We delete the data when it is no longer required for the purposes we pursue in preparing and implementing the business relationship and no other legal grounds, in particular statutory or contractual retention periods, apply.

2. Consent

Under certain circumstances, we also process your personal data on the basis of a declaration of consent submitted by you. The purpose pursued with the processing results from the content of the respective declaration of consent. This may apply in the following cases:

• Use of image data in the context of publications on the internet, intranet and when directly addressing customers

The data processing is based on Art. 6(1)(a) GDPR.

You can revoke your consent at any time. However, please note that this revocation only has an effect for the future, namely the lawfulness of the processing of the data already carried out on the basis of your consent up to the time of the revocation is not affected by the revocation.

We delete the data if it is no longer required for the purposes we are pursuing, the storage period specified in the consent has expired or you have revoked the consent and there is no other legal basis. If the last case applies, we will delete your data when this other legal basis no longer applies.

3. Compliance with legal obligations

We may also process your personal data in order to comply with legal obligations arising, for example, from commercial, tax, financial or criminal law. The purposes of the processing result from the respective legal obligation. As a rule, processing is carried out in order to comply with state control and information obligations.

In this respect, the data processing is carried out on the basis of Art. 6(1)(c) GDPR.

We delete the data after the legal obligation no longer applies, unless other legal bases, in particular legal or contractual retention periods, apply. If the last case applies, we will delete your data when this other legal basis no longer applies.

4. Processing for the protection of legitimate interests

Where necessary, we also process your personal data to safeguard our legitimate interests. We will only process your personal data if, after balancing our interests with respect to your fundamental rights and freedoms, we consider that our interests are overridden. This may apply in the following cases:

• Review of business partners with regard to possible compliance and export control violations by functionaries

• Video transmission of the entrance area

• Invitation to events, especially information events

• Information about our products/our company

Our legitimate interests here consist in the pursuit of the aforementioned purposes.

In addition, data processing takes place on this basis if you are acting for a third party, in particular your employer, within the scope of the purposes mentioned under section IV. No. 1 for a third party, in particular your employer. In this case, our legitimate interests lie in handling our business relationship with this third party.

The data processing is carried out on the basis of Art. 6(1)(f) GDPR.

We delete the data when it is no longer required for the purposes we are pursuing and no other legal basis applies. If the last case applies, we will delete your data when this other legal basis no longer applies.

V. Is my personal data also collected from third parties?

In the majority of cases, we collect personal data directly from you. However, in some constellations we also receive your personal data from third parties:

• From our business partners or from your business partners or your employer’s business partners

• From your employer, if applicable

If necessary, we will inform you about this in more detail in a separate form.

VI. Does automated decision-making or profiling take place?

We do not use automated decision-making or profiling in accordance with Art. 22 GDPR.

VII. Do I have to provide my personal data?

Within the framework of the business relationship, you must provide those personal data that are necessary for the preparation and implementation of the business relationship and the fulfilment of the associated contractual or legal obligations or which we are legally obliged to process. Without this data, we may not be able to carry out the business relationship.

VIII. Who has access to my personal data and which recipients receive it?

Within our company, only those departments and the employees working there who absolutely need such access to fulfil their functions or tasks have access to your personal data.

We will only share your personal data with external recipients if there is a legal justification for doing so or you have consented to it. External recipients can be:

• Processors: Service providers that we use to provide services, for example in the area of human resources or for the maintenance of our IT systems. These processors are carefully selected and regularly checked by us to ensure that your personal data is in good hands. The service providers may only process your personal data for the purposes specified by us.

• Public authorities: Authorities and state institutions, such as public prosecutors’ offices, courts or tax authorities, to which we may have to transmit personal data in individual cases.

• Private bodies: Private bodies to whom we transfer your personal data on the basis of a legal provision, for example lawyers, tax advisors and other companies or bodies contacted for the preparation and implementation of the business relationship.

IX. Is a transfer of my personal data to third countries intended?

If data is transferred to bodies whose registered office or place of data processing is not located in a member state of the European Union or in another state party to the Agreement on the European Economic Area, we will ensure prior to the transfer that, outside of exceptional cases permitted by law, either an adequate level of data protection exists at the recipient (e.g. through an adequacy decision by the European Commission or the agreement of so-called EU standard contractual clauses of the European Union with the recipient) or your sufficient consent has been obtained.

You can obtain from us an overview of the recipients in third countries and a copy of the concrete agreed arrangements to ensure the adequate level of data protection. Further information on the EU-U.S. and Swiss-U.S. Privacy Shield can be found at https://www.privacyshield.gov.

X. How long will my personal data be stored?

For the storage period of your personal data, please refer to the respective chapter on data processing under section IV.

XI. What are my rights as a data subject?

You have the following rights regarding the processing of your personal data:

1. Right of access

You have the right to obtain confirmation from us as to whether or not we are processing personal data about you. If this is the case, you have the right to be informed about your personal data and to receive further information regarding the processing.

2. Right of rectification

You have the right to request the rectification of your inaccurate personal data and to have incomplete personal data completed.

3. Right to erasure (“right to be forgotten”)

In certain circumstances, you have the right to request that we erase your personal data. This right exists, for example, if the personal data is no longer necessary for the purposes for which it was collected or otherwise processed, or if the personal data was processed unlawfully.

4. Restriction of processing

In certain circumstances, you have the right to request us to restrict the processing of your personal data. In this case, we will only store personal data for which you have given consent or

for which the GDPR permits processing. For example, you may have a right to restrict processing if you have contested the accuracy of your personal data.

5. Data portability

If you have provided us with personal data on the basis of a contract or consent, you may, if the legal requirements are met, request that you receive the personal data you have provided in a structured, common and machine-readable format or that we transfer it to another controller.

6. Revocation of consent

If you have given us consent to process your personal data, you may revoke this consent at any time with effect for the future. The lawfulness of the processing of your personal data until the revocation remains unaffected.

7. Right of objection
Individual right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6(1)(f) GDPR (data processing on the basis of a balance of interests). If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

8. Right of complaint to the supervisory

In addition, you have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates applicable law. To do so, you can contact the data protection authority responsible for your place of residence, workplace or the place of an alleged violation or the data protection authority responsible for us. The competent supervisory authority is the supervisory authority of the federal state in which you live or work or in which an alleged infringement is alleged to have taken place that is the subject of the complaint.

XII. Who can I contact with questions or to assert my data subject rights?

If you have any questions about the processing of your personal data or if you wish to assert your data subject rights as set out in section XI. No. 1 to 7, you can contact us free of charge. Please use our contact details under section I. No. 1.

Privacy Statement for Applicants

We, TGE Gas Engineering GmbH, take the protection of our employees personal data and its confidential treatment very seriously. We are therefore providing you with this letter to inform you about the processing of your personal data and the rights to which you are entitled during your employment with us. Your personal data will be processed exclusively within the framework of the applicable statutory provisions of data protection law, in particular the General Data Protection Regulation (hereinafter “GDPR”) and the Federal Data Protection Act in the version applicable since 25 May 2018 (“BDSG 2018”).

I. Who is responsible for data processing and who is the data protection officer?

1. Responsible for the processing of your personal data is:

TGE Gas Engineering GmbH

Mildred-Scheel-Str. 1

53175, Bonn

Germany

Telefon: +49 228 60448 900

E-Mail: dataprotection@tge-gas.com

2. You can reach our data protection officer as follows:

Scheja und Partner Rechtsanwälte mbB

Boris Reibach

Adenauerallee 136

53113, Bonn

Germany

Telefon: +49 228-227 226 0

Kontakt: https://www.scheja-partner.de/kontakt/kontakt.html

II. What is the subject of data protection?

The subject of data protection is personal data. This is all information that relates to an identified or identifiable natural person (so-called data subject). This includes, for example, information such as name, postal address, e-mail address or telephone number.

III. Which of my personal data are processed?

As part of the application process, we only process the personal data from you that is related to your application and that is necessary to determine your professional and personal skills in relation to the vacant position. These are in detail:

• Contact data, including your name, private address, private telephone number

• Data on your origin, including your nationality and citizenship, place and date of birth

• Data on your marital status

• Data on your qualifications/training

• Data on your references

• Data on any further training measures and additional qualifications

• Certificates

• Experience and Knowledge

If provided by you, the data processing may also include special categories of personal data, such as:

• Religious confession

• Severely disabled status

You determine the scope of the personal data by submitting your data.

This also applies to any other personal data you provide.

We add the following data to your application documents during the application process:

• Notes on the course of the interview

• Publicly accessible job-related information, e.g. profile details in professional social media networks (e.g. Xing)

IV. What are the purposes of the processing of my personal data and what is the legal basis for this?

In the following, we provide you with an overview of the purposes and legal bases for processing your personal data as part of the application process at our company:

1. Data processing for the purposes of the employment relationship

We process your personal data that we receive from you for the purpose of processing your application for a specific job advertisement or as an unsolicited application exclusively for the purpose of deciding on the establishment of an employment relationship.

The legal basis for processing your data is Art. 88 (1) GDPR in conjunction with § 26 Section (1) sentence 1 BDSG, according to which personal data of employees may be processed for purposes of the employment relationship if this is necessary for the decision on the establishment of an employment relationship.

We process your personal data that constitute special categories of personal data (see section III.) on the basis of Art. 88 para. 1 GDPR in conjunction with. § 26 Section (3) BDSG. We only process this data if it is necessary for the exercise of rights or the fulfilment of legal obligations under labour law, social security law and social protection law, or if you have given your consent explicitly related to this data and there is no reason to assume that your legitimate interest in the exclusion of processing outweighs this. This is particularly relevant in the following cases:

• Assessment of work ability

• Exercise of work protection and work safety

• Payment of church tax

The employee data we hold was provided by you when you applied for employment.

We delete the data when it is no longer required for the purposes we pursue in preparing, implementing or terminating the employment contract and no other legal grounds, in particular statutory or contractual retention periods, apply.

Insofar as there is an employment relationship between you and us, we may, pursuant to Art. 88 (1) GDPR in conjunction with. § 26 Section (1) BDSG, we may further process the personal data already received from you for the purposes of the employment relationship if this is necessary for the implementation or termination of the employment relationship or for the exercise or fulfilment of the rights and obligations of the employee representation resulting from a law or a collective agreement, a works agreement or a service agreement (collective agreement). We will then inform you separately.

2. Consent

We also process your personal data on the basis of your declaration of consent, namely if we are unable to consider your application at present, but if necessary for other positions in our company which, in our estimation, correspond to your training, knowledge and experience on the basis of the personal data you have provided. The purpose results from the content of this consent given in each case.

The data processing is based on Article 6(1)(a) GDPR.

In cases where you have to provide data for this purpose, we expressly point this out. Without the provision, we would not be able to fulfil your request covered by the consent. You can revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation.

We delete the data if it is no longer required for the purposes we are pursuing or you have revoked your consent and no other legal basis applies. If the last case applies, we delete the data after the other legal basis no longer applies.

3. Fulfilment of legal obligations

We may also process your employee data in order to comply with legal obligations arising, for example, from commercial, tax, financial or criminal law. The purposes of the processing result from the respective legal obligation. As a rule, processing is carried out in order to comply with state control and information obligations.

The data processing is based on Article 6 (1) (c) GDPR.

We delete the data after the legal obligation no longer applies and insofar as no other legal basis, in particular legal or contractual retention periods, apply.

4. Processing for the purposes of legitimate interests

Where necessary, we also process your personal data to protect our legitimate interests. In doing so, we pursue the purpose of defending ourselves against asserted legal claims from the application process. Our legitimate interest then lies, for example, in the burden of proof in proceedings under the General Equal Treatment Act.

We only process your personal data if this is compatible with your fundamental rights and freedoms. The data processing is based on Article 6 (1) (f) GDPR.

We delete the data when it is no longer necessary for the purposes we pursue and no other legal basis applies.

V. Is my personal data also collected from third parties?

In the majority of cases, we collect personal data directly from you.

In some constellations, however, we also receive your personal data from third parties:

• Applicant data via recruiters/personnel service providers

• Profile details via professional social media networks (e.g. Xing, LinkedIn)

• Data on references in the case of concrete information (e.g. former employer)

This is done in the aforementioned constellations for the purpose of supporting the search for qualified applicants and also to address applicants who are not actively looking for a job and want to be found by potential employers.

We delete the data when the purposes pursued for us are no longer necessary and no other legal basis applies.

VI. Is there any automated decision making or profiling?

We do not use automated decision-making or profiling in accordance with Art. 22 GDPR.

VII. Do I have to provide my personal data?

You are not obliged to provide us with personal data. However, the provision of personal data is necessary for the conclusion of a contract of employment with us. If you do not provide us with personal data when applying, we will therefore not be able to enter into an employment relationship with you.

VIII. Who has access to my personal data and which recipients receive it?

Within our company, only those departments and employees working there who absolutely need such access to fulfil their functions or tasks have access to your application data. These are generally:

• Employees of the human resources department

• Responsible managers in the case of promising applications

• Colleagues from the department concerned involved in the decision in the case of promising applications

We will only disclose your personal data to external recipients if there is a legal justification for doing so or you have consented to the transfer. External recipients can be:

• Processors: Service providers that we use to provide services, for example in the area of human resources or for the maintenance of our IT systems. These processors are carefully selected and regularly checked by us to ensure that your personal data is in good hands. The service providers may only process your personal data for the purposes specified by us.

• Public authorities: Authorities and state institutions, such as public prosecutors’ offices, courts or tax authorities, to which we may have to transmit personal data in individual cases.

• Private bodies: Private bodies to whom we transfer your personal data on the basis of a legal provision, for example lawyers, tax advisors and other companies or bodies contacted for the preparation and implementation of the business relationship.

IX. Is a transfer of my personal data to third countries intended?

If data is transferred to bodies whose registered office or place of data processing is not located in a member state of the European Union or in another state party to the Agreement on the European Economic Area, we ensure before the transfer that, outside of exceptional cases permitted by law, either an adequate level of data protection exists at the recipient (e.g. by means of an adequacy decision of the European Commission, suitable guarantees such as self-certification of the recipient for the EU-U.S. Privacy Shield or agreement on so-called EU standard contractual clauses). (e.g. through an adequacy decision of the European Commission, through suitable guarantees such as a self-certification of the recipient for the EU-U.S. Privacy Shield or the agreement of so-called EU standard contractual clauses of the European Union with the recipient) or your sufficient consent has been obtained.

You can obtain an overview of the recipients in third countries and a copy of the concretely agreed arrangements to ensure the adequate level of data protection from us. Further information on the EU-U.S. and Swiss-U.S. Privacy Shield can be found at https://www.privacyshield.gov.

X. How long will my personal data be stored?

In the event that we do not recruit you, we will store your personal data in the form of your cover letter and CV for further six months after the application process has been completed. The other personal data will be deleted immediately after the application process has been completed.

In the event that we are unable to consider you in the current application process, but would like to include you in our applicant pool for a future position, we will ask you for your corresponding declaration of consent. With your declaration of consent, we would retain your application documents for a period of two years and delete them at the end of this period, unless you revoke the declaration of consent beforehand. In the event of a revocation, we will delete your personal data immediately.

If you are hired by us, we will add your application documents to our personnel file, where they will be stored for the duration of the employment relationship. After termination of the employment relationship, the processing of your application and employee data will be restricted. The data is usually deleted ten years after the end of the employment relationship with us.

XI. What are my rights as a data subject?

You have the following rights regarding the processing of your personal data:

1. Right of access

You have the right to obtain confirmation from us as to whether or not we are processing personal data about you. If this is the case, you have the right to be informed about your personal data and to receive further information regarding the processing.

2. Right of rectification

You have the right to request the rectification of your inaccurate personal data and to have incomplete personal data completed.

3. Right to erasure (“right to be forgotten”)

In certain circumstances, you have the right to request that we erase your personal data. This right exists, for example, if the personal data is no longer necessary for the purposes for which it was collected or otherwise processed, or if the personal data was processed unlawfully.

4. Restriction of processing

In certain circumstances, you have the right to request us to restrict the processing of your personal data. In this case, we will only store personal data for which you have given consent or for which the GDPR permits processing. For example, you may have a right to restrict processing if you have contested the accuracy of your personal data.

5. Data portability

If you have provided us with personal data on the basis of a contract or consent, you may, if the legal requirements are met, request that you receive the personal data you have provided in a structured, common and machine-readable format or that we transfer it to another controller.

6. Revocation of consent

If you have given us consent to process your personal data, you may revoke this consent at any time with effect for the future. The lawfulness of the processing of your personal data until the revocation remains unaffected.

7. Right of objection

Individual right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6(1)(f) GDPR (data processing on the basis of a balance of interests). If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

8. Right of complaint to the supervisory

In addition, you have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates applicable law. To do so, you can contact the data protection authority responsible for your place of residence, workplace or the place of an alleged violation or the data protection authority responsible for us. The competent supervisory authority is the supervisory authority of the federal state in which you live or work or in which an alleged infringement is alleged to have taken place that is the subject of the complaint.

XII. Who can I contact with questions or to assert my data subject rights?

If you have any questions about the processing of your personal data or if you wish to assert your data subject rights as set out in section XI. No. 1 to 7, you can contact us free of charge. Please use our contact details under section I. No. 1.

Privacy Statement for Visitors of TGE

We, TGE Gas Engineering GmbH, take the protection of personal data and its confidential treatment very seriously. We therefore hereby inform you about the processing of your personal data in the context of your on-site visit to TGE and the rights to which you are entitled. Your personal data will be processed exclusively in accordance with the applicable legal provisions of data protection law, in particular the General Data Protection Regulation (hereinafter “GDPR”) and the Federal Data Protection Act (“BDSG”).

I. Who is responsible for the data processing and who is the data protection officer?

1. Responsible for the processing of your personal data is:

TGE Gas Engineering GmbH

Mildred-Scheel-Str. 1

53175, Bonn

Germany

+49 228 60448 893

dataprotection@tge-gas.com

2. You can reach our data protection officer as follows:

Boris Reibach

Scheja und Partner Rechtsanwälte mbB

Adenauerallee 136

53113, Bonn

Germany

+49 0228-227 226 0

https://www.scheja-partner.de/kontakt/kontakt.html

www.scheja-partner.de

II. What is the subject of data protection?

The subject of data protection is personal data. This is all information that relates to an identified or identifiable natural person (so-called data subject). This includes, for example, information such as name, postal address, e-mail address or telephone number.

III. Which of my personal data are processed?

As part of your on-site visit, we only process the personal data from you that is related to that visit. This can be in detail:

• Contact details, including your name, email address and telephone number, as well as any other contact details you provide to us, e.g. as part of handing over a business card

• Information related to the COVID-19 pandemic (symptoms present, contact with infected persons, recent visit to a “hot spot”)

• Your personal images in the form of video transmissions (the video material will not be stored)

• Your usage data processed in connection with a use of the guest WLAN (e.g. IP address, terminal device information)

• Visitor management information (surname, first name, time of arrival and leave)

IV. What are the purposes of processing my personal data and what is the legal basis?

In the following, we provide you with an overview of the purposes and legal basis for the processing of your personal data in the context of your on-site visit:

1. Data processing for the purpose of initiating a contract

We process your personal data for the preparation of a potential business relationship. The purpose includes in particular the following data processing:

• Recording of business card data in our administration system and forwarding to the respective contact person within TGE.

The data processing is based on Art. 6 (1) (b) of the GDPR if a business relationship is to be entered into with you personally. If, on the other hand, you are acting on behalf of a third party, in particular your employer, the data processing is based on Art. 6 (1) (f) GDPR, provided this is compatible with your fundamental rights and freedoms, see the further explanations under No. IV. No. 4.

We delete the data when it is no longer required for the purpose we are pursuing of preparing a potential business relationship and no other legal grounds, in particular statutory or contractual retention periods, apply. If the last applies, we will delete your data when this other legal basis no longer applies.

2. Compliance with legal obligations

We may also process your personal data in order to comply with legal obligations arising, for example, from commercial, tax, financial or criminal law. The purposes of the processing result from the respective legal obligation. As a general rule, processing is carried out in order to comply with state control and information obligations.

In this respect, the data processing is based on Art. 6 (1) (c) GDPR.

We delete the data after the legal obligation ceases to apply, unless other legal bases apply. If the last applies, we will delete your data when this other legal basis no longer applies.

3. Processing for the protection of legitimate interests

Where necessary, we also process your personal data to safeguard our legitimate interests. We only process your personal data if, after weighing our interests in carrying out the processing against your possibly conflicting interests, fundamental rights and freedoms, we consider that our interests prevail. We pursue the following interests, which are also the respective purposes:

• Ensuring safety by monitoring the entrance

• Ensuring the health protection of our employees

• Tracking visitors and visiting hours to investigate potential crimes as well as to comply with organisational measures in connection with ensuring a sufficient level of data protection

• Protection and security of IT resources

In addition, data processing takes place on this basis if you are acting for a third party within the framework of the purposes mentioned under no. IV. No. 1, in particular your employer. In this case, our legitimate interest lies in entering into a potential business relationship with this third party.

The data processing is carried out on the basis of Art. 6 (1) (f) GDPR.

We delete the data when it is no longer required for the purposes we are pursuing and no other legal basis applies. If the last applies, we will delete your data when this other legal basis no longer applies.

4. Processing for reasons of public interest in the field of public health

In order to protect our employees from infection with COVID-19 and to contain the COVID-19 pandemic, we process your health data, such as information on the existence of symptoms.

The data is processed on the basis of Article 9 (2) (i) GDPR in conjunction with Section 22 (1) no. 1 (c) BDSG.

We delete the data when it is no longer required for the purposes we are pursuing and no other legal basis applies. If the last applies, we will delete your data when this other legal basis no longer applies.

V. Is my personal data also collected from third parties?

We mainly process the personal data that we receive directly from you during your on-site visit. In some constellations, we also obtain your personal data from third parties, for example:

• Internet Service Provider

• Information on your contact details provided by persons working for you (e.g. employers)

If necessary, we will inform you about this in more detail in a separate form.

VI. Does automated decision-making or profiling take place?

We do not use automated decision-making or profiling in accordance with Art. 22 GDPR.

VII. Do I have to provide my personal data?

During the on-site visit, you must provide the personal data required to enter the TGE premises. Specifically, this is the Covid-19 pandemic information and the visitor management information. Without this data, we will not be able to grant you access or allow you to stay as planned. As you are in the video surveillance system’s field of vision when you enter our business premises, the processing of your image material is unavoidable (the image material is not stored).

VIII. Who has access to my personal data and which recipients receive it?

Within our company, only those departments and the employees working there who absolutely need such access to fulfil their functions or tasks have access to your personal data. These are generally employees from:

• Front-Office

• IT-Department

• HR-Department

• Data Protection and Compliance

We will only share your personal data with external recipients if there is a legal justification for doing so or you have consented to it. External recipients can be:

• Processors: Service providers that we use to provide services, for example in the area of human resources or for the maintenance of our IT systems. These processors are carefully selected and regularly checked by us to ensure that your personal data is in good hands. The service providers may only process your personal data for the purposes specified by us.

• Public authorities: Authorities and state institutions, such as public prosecutors’ offices, courts or tax authorities, to which we may have to transmit personal data in individual cases.

• Private bodies: Private bodies to whom we transfer your personal data on the basis of a legal provision, for example lawyers, tax advisors and other companies or bodies contacted for the preparation and implementation of the business relationship.

IX. Is a transfer of my personal data to third countries intended?

Your personal data will not be transferred to third countries.

X. How long will my personal data be stored?

For the storage period of your personal data, please refer to the respective chapter on data processing under section IV.

XI. What are my rights as a data subject?

You have the following rights regarding the processing of your personal data:

1. Right of access

You have the right to obtain confirmation from us as to whether or not we are processing personal data about you. If this is the case, you have the right to be informed about your personal data and to receive further information regarding the processing.

2. Right of rectification

You have the right to request the rectification of your inaccurate personal data and to have incomplete personal data completed.

3. Right to erasure (“right to be forgotten”)

In certain circumstances, you have the right to request that we erase your personal data. This right exists, for example, if the personal data is no longer necessary for the purposes for which it was collected or otherwise processed, or if the personal data was processed unlawfully.

4. Restriction of processing

In certain circumstances, you have the right to request us to restrict the processing of your personal data. In this case, we will only store personal data for which you have given consent or for which the GDPR permits processing. For example, you may have a right to restrict processing if you have contested the accuracy of your personal data.

5. Data portability

If you have provided us with personal data on the basis of a contract or consent, you may, if the legal requirements are met, request that you receive the personal data you have provided in a structured, common and machine-readable format or that we transfer it to another controller.

6. Revocation of consent

If you have given us consent to process your personal data, you may revoke this consent at any time with effect for the future. The lawfulness of the processing of your personal data until the revocation remains unaffected.

7. Right of objection

Individual right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6(1)(f) GDPR (data processing on the basis of a balance of interests). If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

8. Right of complaint to the supervisory

In addition, you have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates applicable law. To do so, you can contact the data protection authority responsible for your place of residence, workplace or the place of an alleged violation or the data protection authority responsible for us. The competent supervisory authority is the supervisory authority of the federal state in which you live or work or in which an alleged infringement is alleged to have taken place that is the subject of the complaint.

XII. Who can I contact with questions or to assert my data subject rights?

If you have any questions about the processing of your personal data or if you wish to assert your data subject rights as set out in section XI. No. 1 to 7, you can contact us free of charge. Please use our contact details under section I. No. 1.