Logo Logo
Search
custom search
Menü
SWM Zentrale

Javascript ist aktuell deaktiviert. Diese Seite benötigt Javascript, um korrekt zu funktionieren.

Wie Sie JavaScript in Ihrem Browser aktivieren

Javascript is currently disabled. This site requires Javascript to function correctly.

How to enable JavaScript in your browser

Privacy policy

1. Content of this privacy policy

In this privacy policy, we, Stadtwerke München, hereinafter known as SWM, provide information on which personal data we collect, process and use when you visit our websites at https://www.swm.de/english (hereinafter also known as “website”). In addition, this privacy policy informs you about your rights and the options and possibilities of redress you have in relation to your personal data.

“Personal data” means any information relating to an identified or identifiable natural person (data subject).

2. Controller and data protection officer

Controller within the meaning of Art. 4 (7) of the EU General Data Protection Regulation (GDPR) – provided not expressly indicated otherwise in this privacy policy – is Stadtwerke München GmbH, Emmy-Noether-Straße 2, 80992 München, info@swm.de.

The data protection officer of SWM appointed for all controllers can be contacted at:

Stadtwerke München
Data Protection Officer
Emmy-Noether-Straße 2
80992 Munich
Germany
email: datenschutz@swm.de
 

3. Background information on data collection and scope of usage

Inasmuch as we collect or use personal data, we comply with the prevailing statutory provisions, in particular the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and the German Telemedia Act (Telemediengesetz – TMG).

We pass on the data collected via our website to government organizations, authorities and courts inasmuch as we are under obligation to do so or if this is necessary for efficient legal defense or the assertion of rights.

When you contact us via email or using a contact form, we will save the data you provide us with (your email, if appropriate, your name and telephone number) in order to respond to your inquiries. We delete the data incurred in this context if storing the data is no longer necessary, or limit the processing if statutory retention obligations apply.

We may deploy technical service providers by means of contract processing for the operation of the website.

If not expressly explained in this privacy policy, we do not transfer any personal data to countries outside the European Union (EU) or the European Economic Area (EEA).

4. Processing of personal data when the website is used

4.1 When the website is accessed, our system automatically records the following information from the computer system of the visiting computer which we need in order to display our website and to guarantee its stability and security:

  • IP address 
  • Browser
  • Operating system
  • Language and version of the browser software.

In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are added to your browser and saved on your hard disk for the purpose of enabling certain information to be gathered at the point set by the cookie (in this case by us). Cookies are not able to execute programs or transfer viruses to your computer. Their purpose is to make the Internet offering more user friendly and effective overall.

a) The website uses the following kinds of cookies, the scope and function of which are explained below:

  • Transient cookies (see b)
  • Persistent cookies (see c)

b) Transient cookies are automatically deleted when you close the browser. This includes session cookies in particular. These cookies save a so-called session ID used to allocate the various inquiries of your browser to the common session. This enables your computer to be recognized again when you return to our website. Session cookies are deleted when you log out or close the browser.

c) Persistent cookies are automatically deleted after a certain period has elapsed that may vary depending on the cookie. You can delete the cookies in your browser’s security settings at any time.

d) You can configure your browser settings as you wish and, for instance, accept third party cookies or reject all cookies. May we alert you to the fact that you may then not be able to use all the functions of this website (e.g. the “My SWM” area).

We place a cookie in order to store the fact that we have already made you aware of our note concerning the use of cookies.

Another cookie is set when you access swm.de. This cookie serves the purpose of system stability. The cookie will expire three minutes afterwards at the latest.

Art. 6 (1) sentence 1f) GDPR forms the legal basis for this data processing.

4.2 Google Analytics

This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses cookies, i.e. text files that are stored on your computer and enable an analysis of how you use the website. The information generated by the cookie on your use of this website is generally transmitted to a Google server in the US where it is stored. In the event that IP anonymity is activated on the website, your IP address will, however, be abbreviated beforehand by Google within the Member States of the European Union or in other States party to the Agreement on the European Economic Area- Only in exceptional cases will the full IP address be transferred to a Google server in the US and abbreviated there. On behalf of the operator of this website, Google will use this information to analyze your use of the website in order to compile reports on website activities and to provide other services associated with the website use and Internet use with regard to the website operator.

The IP address transferred by your browser in the context of Google Analytics will not be combined with other Google data.

You can prevent the storage of cookies by selecting the respective settings in your browser software. Please note, however, that in this case you will not be able to use all the full scope of the functions of this website. Moreover, you can prevent Google recording the data generated by the cookie on your use of this website (including your IP address) and the processing of this data by Google by downloading and installing the browser plug-in available via the link below: http://tools.google.com/dlpage/gaoptout?hl=en

This website uses Google Analytics with the “_anonymizeIp()” extension. This ensures that IP addresses are processed in an abbreviated form so that identifying a specific user can be eliminated. To the extent that data collected on you contains a personal reference, this is therefore eliminated at the outset and the personal data immediately deleted.

We use Google Analytics to analyze the use of our website and to improve it at regular intervals. The statistics gained from this process allow us to improve our offer and to make it more interesting for you as the user. In exceptional cases when personal data is transferred to the US, Google is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. Art. 6 (1) sentence 1 lit. f GDPR forms the legal basis for the use of Google Analytics.

4.3 Use of the Matomo (Piwik) web analysis tool

Data for marketing and optimization purposes are collected and stored on our swm.de website using the technologies of the Matomo (Piwik) Web analysis tool.

You can decide here whether a unique web analysis cookie may be stored in your browser to enable the website operator to collect and analyze various statistical data. If you decide against this, you can click the following link in order to store the Piwik deactivation cookie in your browser.

Opt-out option: Click here in order to prevent tracking by Piwik/Matomo.

We use Matomo to analyze the use of our website and to improve it at regular intervals. The statistics gained from this process allow us to improve our offer and to make it more interesting for you as the user. The data collected are permanently stored and analyzed using pseudonyms.

Art. 6 (1) sentence 1 lit. f GDPR forms the legal basis for using Matomo.

Information of the third party provider: InnoCraft Ltd (Matomo), 150 Willis st, Level 6, Catalyst House, 6011 Wellington, New Zealand; https://matomo.org/gdpr/

4.4 Use of etracker

Data for marketing and optimization purposes are collected and stored on our swm.de website using the technologies of etracker GmbH (https://www.etracker.com/en/). A user profile under a pseudonym can be derived from these data. Cookies can be used for this purpose. Cookies are small text files stored locally in the buffer of the visitor’s Internet browser. Cookies allow the Internet browser to be recognized again. The data collected using etracker technologies are not used without the data subject's specific consent to personally identify the visitor to this website and are not combined with the personal data via the anonymous profile. Consent to the collection and storage of data can be revoked at any time with effect for the future.

Opt-out option: Click here in order to prevent tracking by etracker.

We use etracker to analyze the use of our website and to improve it at regular intervals. The statistics gained from this process allow us to improve our offer and to make it more interesting for you as the user. The data collected are permanently stored and analyzed using pseudonyms.

Art. 6 (1) sentence 1 lit. f  GDPR forms the legal basis for the use of etracker.

Information of the third party provider: etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg; Germany https://www.etracker.com/en/data-privacy/.

4.5 Use of remarketing applications and campaign analysis

4.5.1 We use the Google Remarketing application. This is a process through which we would like to contact you again. After you have visited our website, this application allows adverts to be displayed to you when surf the Internet. This is possible through the cookies saved in your browser which Google uses to record and analyze your usage behavior when you visit various websites. Google can therefore ascertain your previous visit to our website. Google states that data gathered during the process of remarketing are not combined with your personal data that may be stored by Google. According to Google, pseudonymization is used in the remarketing procedure.

4.5.2 In addition, we analyze our campaigns through a tracking system. We use the following advertising service provider for collecting data from online advertising:

Plan.Net Media Erste Mediaagentur GmbH & Co. KG
Haus der Kommunikation
Brienner Straße 45 a-d
80333 Munich
Germany

a) ADITION technologies

The tracking system of the following service provider is used in the process:

ADITION technologies AG
Oststraße 55
40211 Düsseldorf
Germany

The system is used for the following purposes on our websites:

Tracking the effect of campaigns on our websites.

Tracking allows a connection to be established between the contacts that users have with banners on other websites (special contacts and clicks on banners) with the following interactions on our website: The data collected are statistically evaluated in order to optimize the effectiveness of media campaigns. All usage data are stored using pseudonyms. The data collected are not used to personally identify visitors to our website and are not combined with personal data under the anonymous profile.

Retargeting 

The service provider records and processes the way in which you use the websites we operate using pseudonyms. These data are used for re-establishing contact with the users of our website with targeted advertising depending on how they have used the website. These advertising banners are displayed outside our website. The following third party cookie is used to collect data:

Cookiedomain: adfarm3.adition.com
Cookie name: UserID1
Cookie lifetime: 180 days after contact
Art. 6 (1) lit. f GDPR forms the legal basis.

You have the option of preventing usage data from being recorded by the system by setting the opt-out cookie. If you delete the cookies in your browser, opt-out cookies will also be deleted. You will then need to go through the opt-out process again.

More information on Adition’s privacy policy: https://www.adition.com/en/privacy/

b) Flashtalking

The tracking system of the following service provider is used in the process:

Flashtalking - Trademark of Simplicity Marketing Limited
Suite 1, 3rd Floor 11-12 St. James's Square
London SW1Y 4LB, United Kingdom

The system is used for the following purposes on our website:

Tracking the effect of campaigns on our websites.

Tracking allows a connection to be established between the contact that users have with banners on other websites (visual contacts and clicks on banners) with the following interactions on our website: The data collected are statistically evaluated in order to optimize the effectiveness of media campaigns. All usage data are stored using pseudonyms. The data collected are not used to personally identify visitors to our website and are not combined with personal data under the anonymous profile.

The following third party cookie is used to collect data:

Cookiedomain: flashtalking.com
Cookiename: flashtalkingad1
Cookie lifetime: Two years after contact

You have the option of preventing usage data from being recorded by the system by setting the opt-out cookie. If you delete the cookies in your browser, opt-out cookies will also be deleted. You will then need to go through the opt-out process again.

Art. 6 (1) lit. f GDPR forms the legal basis.

More information on Flashtalking’s privacy policy: http://www.flashtalking.com/privacypolicy/

4.6 Social media plug-ins 
We currently use the following social media plug-ins: Facebook, Google+ and Twitter. Here we use the Shariff solution. This prevents social networks collecting your data before you have clicked the respective button. This means that when you visit our website no personal data is initially passed on to the plug-in providers.

In the case of normal buttons that social networks offer for linking to websites, your browser will send your personal data, such as your IP address, to the operator when the page is loaded. With the Shariff solution, your browser only establishes the connection with the operator service if you have clicked the button.

Once the connection is established, we have no influence on the scope of the data that operators collect in the process and how they use them. In any event, the operator receives and stores the information that you have visited the respective page of our website.

If you are logged in with the operator, or if you log in at a later date, the operator can assign the visit to us and your share to your account with the operator. If you do not have a user account with the operator, it is nevertheless possible that the operator records and stores your IP address or registers your visit with us using cookies.

You can find more information on the purpose and scope of collecting data and their processing by plug-in providers in the privacy statements of these providers set out below. Here you will also find more information on your respective rights and setting options for the protection of your privacy.
Addresses of the respective plug-in providers and URL with their privacy policies:

a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; https://www.facebook.com/policy.php; more information on collecting data: http://www.facebook.com/help/186325668085084,
http://www.facebook.com/about/privacy/your-info-on-other#applications  and http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

b) Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://policies.google.com/technologies/partner-sites?hl=en. Google is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

c) Twitter Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/en/privacy. Twitter is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

4.7 Integration of YouTube videos

We have integrated YouTube videos into our online offering. These are saved on https://www.youtube.com and can be played directly from our website. These videos are all integrated in the enhanced data protection mode, which means that no data about you as a user are transferred to YouTube if you do not play the videos. Only when you play the videos will the following data be sent. We have no influence on this transfer of data.

YouTube receives the information from your visit to the website that you have accessed the relevant page on our website. In addition, the data specified under item 4.1 of this policy are transferred. This transfer takes place regardless of whether or not YouTube provides a user account through which you are logged in. If you are logged in via Google, your data are directly allocated to your account. If you do not wish allocation with your profile at YouTube you will need to log out before activating the button. YouTube saves your data as a user profile and uses them for marketing purposes, market research and/or for designing its website appropriately. An analysis of this kind is carried out (even for users not logged in) for the particular purpose of providing needs-based advertising and for informing other users of the social network about your activities on our website. You are entitled to refuse the formation of this user profile but will need to address YouTube for the exercising of this right.

You can find more information on the purpose and scope of data collection and their processing by YouTube in the privacy policy. The policy includes further information on your rights and setting options for the protection of your privacy: https://policies.google.com/privacy?hl=en&gl=de. Google processes your personal data in the US as well and is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework

4.8 Along with the purely informative use of our website, we offer a range of services that you can use if you are interested. For this to happen, you generally need to provide additional personal data that we use to provide the respective service and to which the aforementioned principles on data processing apply. We partly use external service providers to process your data. These providers are carefully selected and commissioned, are bound to our instructions and are subject to regular controls. Moreover, we may pass on your personal data to third parties when we and our partners offer participation in campaigns and competitions, when contracts are concluded or similar services are offered. You will be given more detailed information when you provide your personal data or in the description of the offering set out below.

4.8.1 “My SWM” portal
Controller within the meaning of Art. 4 (7) of the General Data Protection Regulation (GDPR) is Versorgungs GmbH, Emmy-Noether-Straße 2, 80992 Munich, Germany.

If you want to use “My SWM” you first have to register by providing your email address and a password of your choice. What is known as a double-opt-in process is applied to registration. This means that your registration on “My SWM” will only be completed once you have confirmed your registration by clicking on the link in a confirmation email sent to you for this purpose. If you do not confirm promptly, your registration will automatically be deleted. Providing the aforementioned data is mandatory. You can volunteer all other information through using our portal.

If you use our “My SWM” offering, the Controller will save the data required to fulfill your contract, including information on the method of payment, up until the point when you finally delete your access. Furthermore, the data you voluntarily provide for period during which you use the portal will also be saved provided you do not delete them at a prior date. You can manage and change all the information in a protected customer area.

Art. 6 (1) sentence 1 lit. f GDPR forms the legal basis.

5. Security

We secure our website and other systems by way of technical and organizational measures against loss, destruction, access, change or dissemination of your data by unauthorized persons. In particular, we encrypt your data for transfer in order to ensure that they are not read by unauthorized parties during the transfer. To this end, we use a cutting-edge reliable Internet security standard.

6. Your rights

Under Art. 15 GDPR, you have the right to request information at any time about which personal data we hold. This also concerns the recipients or categories of recipients to which these data are relayed and the purpose of storage. Under the preconditions specified by Art. 16 GDPR, you can request the correction and/or under the preconditions of Art. 17 GDPR the deletion and/or under the preconditions of Art. 18 GDPR a restriction on the scope of processing. Moreover, pursuant to Art. 20 GDPR, you may request a data transfer at any time.

You have the right to object to the processing of your personal data when the preconditions specified under Art. 21 GDPR exist.

Furthermore, under Art. 77 GDPR, you have the option of filing a complaint with the data advisory authority.

Right to revocation of consent: You can revoke your consent to the processing of your data at any time for the future. This also applies to the declarations of consent that we were granted before the GDPR took effect, i.e. before May 25, 2018.

7. Retention period

We delete your personal data as soon as they are no longer necessary for the purpose for which they were collected unless further processing is temporarily required for:

  • Compliance with statutory archiving obligations that may arise, under the German Commercial Code (Handelsgesetzbuch – HGB) and the General Fiscal Law (Abgabenordnung AO), for instance. The periods prescribed under these laws run for up to ten years.
  • Preservation of proof in the context of statutes of limitations. According to Sections 195 et seq. of the German Civil Code (BGB), the statutes of limitations may run for up to thirty years though the regular statute of limitation is three years.

8. Automated decision making

On principle we do not use any automated decision-making pursuant to Art. 22 GDPR. If, in individual cases, we use this procedure we will inform you by way of a separate notification within the context of the statutory provisions.

9. Revision clause

As our data processing is subject to change and the legal parameters may change, we will also adjust our privacy policy from time to time.

Status of this privacy policy: July 12, 2018

Your objection was successful.

Your data will no longer be collected by Google Analytics when visiting our website.

The protection of your data is important to SWM Versorgungs GmbH, Emmy-Noether-Straße 2, 80992 Munich, Germany, (hereinafter referred to as “we”). We process personal data in compliance with the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG) and all other pertinent data protection laws. In the following we inform you about how we process your personal data in connection with the sale of energy and energy services and water and what your rights are. If we want to process your personal data beyond the aforementioned for a purpose not specified in this privacy policy, we will inform you at a prior point in time within the scope of the statutory provisions.

1. Controller for data processing
Controller responsible for the protection of your data pursuant to . Art. 4 (7) GDPR is SWM Versorgungs GmbH, Emmy-Noether-Straße 2, 80992 Munich, Germany, datenschutz.versorgung@swm.de.
You can contact our data protection officer by post at the aforementioned address, citing the reference “Data Protection Officer”, or via email to datenschutz@swm.de.

2. Purpose and legal basis of data processing

2.1 Data processing for performing your contract (Art. 6 (1) GDPR)
We process personal data for the purpose of fulfilling existing contractual relations or pre-contractual measures (e.g. preparing offers). To this end, we process the following data:

  • Personal information (name, date of birth, address, telephone, telefax, email, power of attorney as well as the personal information of the authorized representative and/or alternative invoice recipient)
  • Bank details (IBAN, BIC, bank, account holder) and payment information
  • Consumption meter details (meter number, current meter reading, contract account number, consumption, address of the point of use, date of start to delivery)
  • Data of your former supplier (consumption, address data, delivery date)
  • Data of your grid operator (address data, forecast consumption)
  • Data of your metering point operator
  • Visual display of consumption figures and costs on the online portal (after installation of an intelligent metering system) 


Furthermore, we collect data on payment patterns in order to recover open amounts and, if necessary, to block accounts or terminate a contract.

2.2  Data processing in the context of the balancing of interests (Art. 6 (1 f) GDPR)

Where required, we process your data beyond the actual performance of the contract in a reliable manner with a view to safeguarding the justifiable interests of ourselves or of third parties in order:

  • to provide you with information on products and services from the areas of water, energy production, supply, energy efficiency, electro-mobility and other energy -related products and services.
  • to carry out measures to improve and develop services and products in order to submit offers and products to you tailored to your needs
  • to conduct market and opinion research or to have this carried out by market and opinion research institutes. This enables us to gain an overview of the transparency and quality of our products, services and communication, and to align them to and design them for our customers.
  • in consultation and with the exchanging of data with credit agencies (e.g. Schufa, Creditreform) to ascertain the credit standing and/or the default risks, particularly the existence of preconditions according to Section 31 of the German Federal Data Protection Act (BDSG)
  • to assert legal claims and for defense in litigation
  • to investigate or prevent punishable offenses
  • to find out addresses (e.g. with relocations)
  • to use data anonymously for analysis purposes
  • to ensure IT security and IT operations
  • to manage risks


2.3 Data processing based on consent (Art. 6 (1 a) GDPR)

If you have given us your consent to the processing of personal data for certain purposes (e.g. participation in the SEPA direct debit scheme, advertising, quality assurance, relaying of data within the group), the lawfulness of this processing is effective on the basis of your consent.
You can revoke any consent granted for the processing of personal data at any time. This also applies to the declarations of consent that we were granted before the GDPR took effect, i.e. before May 25, 2018. Please note that any revocation applies just to the future.
You can direct your revocation to the point of contact responsible (see item 1).

2.4 Data processing based on statutory requirements (Art. 6 (1c) GDPR) or in the public interest (Art. 6 (1 e) GDPR)

We are subject to various different statutory obligations for the purpose of which we process personal data. Among other obligations, this includes retention obligations under commercial and tax law, identity checking, the prevention of fraud and money laundering, and obligations under the law to release and provide information and to testify, as well as obligations under the law on the operation of metering points. The legal basis for processing in these cases is the respective statutory provision in conjunction with Art. 6 (1 c) GDPR.
Furthermore, we process personal data in the context of fulfilling duties in the public interest, an example being the area of fresh water supply. The legal basis for the processing in these cases is the respective statutory provision in conjunction with Art. 6 (1 e) GDPR.

3. Data sources

We process the personal data we receive from you in the context of our business relations. In addition, we process the personal data that we are authorized to collect from publicly accessible sources (debtor register, land registry, registers of  companies and associations, Internet, press) or that are sent to us by authorized third parties (e.g. address service providers) or other parts of the SWM Group.

4. Required providing of data

Providing the name, address of the point of consumption, meter number and status, consumption as well as, if appropriate, former suppliers is, if not expressly indicated otherwise, necessary for the conclusion of contracts as they cannot be completed without these personal data.

5. Data recipients

Within SWM Versorgungs GmbH, the units that are given access to your data are the ones that need these data for the purposes described under item 2. In as far as is legally permissible (such as in the context of processing a contract) we pass on personal data to third companies in the following categories:

  • Energy-related services 
  • Credit agencies
  • IT services
  • Grid operators, meter operators and suppliers
  • Logistics companies
  • Credit institutes and payment service providers
  • Print service providers
  • Sales partners
  • Debt collection service providers and lawyers
  • Public agencies and institutions (e.g. social insurance agencies, financial authorities, police, public prosecutor’s office, supervisory authorities) in the event of the respective obligation/entitlement


6. Data transfer to a non-EU country or to an international organization

For certain tasks we use (IT) service providers that, in turn, also use (IT) service providers that may have their headquarters, parent company or computer centers in a non-EU country (outside the European Union and outside the European Economic Area).

The following must apply: The transfer is permissible as there is a legal basis or because you have expressly given your consent to the transfer, and the special preconditions exist for transfer to a non-EU country. This means in particular that the European Commission has decided that an appropriate level of data protection has been set in place in the respective non-EU country (Art. 45 GDPR) or a suitable guarantee (e.g. through the so-called EU standard agreement clause prescribed by the European Commission or the supervisory authority) has been provided, along with establishing enforceable rights and effective legal remedies.

7. Retention period
We delete your personal data as soon as they are no longer necessary for the purpose for which they were collected unless further processing is temporarily required for:

  • compliance with statutory archiving obligations that may arise, under the German Commercial Code (Handelsgesetzbuch – HGB) and the General Fiscal Law (Abgabenordnung AO), for instance. The periods prescribed under these laws run for up to ten years.
  • Preservation of proof in the context of statutes of limitations. According to Sections 195 et seq. of the German Civil Code (BGB), the statutes of limitations may run for up to thirty years though the regular statute of limitation is three years.


8. Rights of the data subject

Under Art. 15 GDPR, you have the right to request information at any time about which personal data we hold. This also concerns the recipients or categories of recipients to which these data are relayed and the purpose of storage. Under the preconditions specified by Art. 16 GDPR, you can request the correction and/or under the preconditions of Art. 17 GDPR the deletion and/or under the preconditions of Art. 18 GDPR a restriction on the scope of processing. Moreover, pursuant to Art. 20 GDPR, you may request a data transfer at any time.

You have the right to object to the processing of your personal data when the preconditions specified under Art. 21 GDPR exist.

Furthermore, under Art. 77 GDPR, you have the option of filing a complaint with the data advisory authority.

Right to revocation of consent: You can revoke your consent to the processing of your data at any time for the future. This also applies to the declarations of consent that we were granted before the GDPR took effect, i.e. before May 25, 2018. Please send your revocation to: SWM Versorgungs GmbH, Emmy-Noether-Straße 2, 80992 Munich, Germany, datenschutz.versorgung@swm.de.

9. Automated decision making

On principle we do not use any automated decision-making pursuant to Art. 22 GDPR. If, in individual cases, we use this procedure we will inform you by way of a separate notification within the context of the statutory provisions.

10. Revision clause

As our data processing is subject to change and the legal parameters may change, we will also adjust our privacy policy from time to time. We will inform you of changes in good time.

Privacy policy version: May 25, 2018

The protection of your data is important to SWM Services GmbH, Emmy-Noether-Straße 2, 80992 Munich, Germany, (hereinafter referred to as “we”). We process personal data in compliance with the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG) and all other pertinent data protection laws. We inform you in the following how we process your personal data in connection with our offerings and services in the areas of operating production plants and water extraction and supply facilities, municipal infrastructure facilities, construction and management of buildings as well as telecommunication and what rights you have. If we want to process your personal data beyond the aforementioned for a purpose not specified in this privacy policy, we will inform you by way of separate notification within the scope of the statutory provisions.

1. Controller for data processing

Controller responsible for the protection of your data pursuant to Art. 4 (7) GDPR is SWM Services GmbH, Emmy-Noether-Straße 2, 80992 Munich, Germany, info.ts@swm.de.
You can contact our data protection officer by post at the aforementioned address, citing the reference “Data Protection Officer”, or via email to datenschutz@swm.de.

2. Purpose and legal basis of data processing

2.1 Data processing for performing your contract (Art. 6 (1) GDPR)

We process personal data for the purpose of fulfilling existing contractual relations or pre-contractual measures (e.g. preparing offers). To this end, we process the following data:

  • Personal information (name, date of birth, address, telephone, telefax, email, power of attorney as well as the personal information of the authorized representative and/or alternative invoice recipient)
  • Bank details (IBAN, BIC, bank, account holder) and payment information

Furthermore, we collect data on payment patterns in order to recover open amounts and, if necessary, to block accounts or terminate a contract.


2.2  Data processing in the context of the balancing of interests (Art. 6 (1 f) GDPR)

Where required, we process your data beyond the actual performance of the contract in a reliable manner with a view to safeguarding the justifiable interests of ourselves or of third parties in order:

  • to carry out measures to improve and develop services and products in order to submit offers and products to you tailored to your needs
  • to conduct market and opinion research or to have this carried out by market and opinion research institutes. This enables us to gain an overview of the transparency and quality of our products, services and communication, and to align them to and design them for our customers.
  • in consultation and with the exchanging of data with credit agencies (e.g. Schufa, Creditreform) to ascertain the credit standing and/or the default risks, particularly the existence of preconditions according to Section 31 of the German Federal Data Protection Act (BDSG)
  • to assert legal claims and for defense in litigation
  • to investigate or prevent punishable offenses
  • to find out addresses (e.g. with relocations)
  • to use your data anonymously for analysis purposes
  • to ensure IT security and IT operations
  • to manage risks


2.3 Data processing based on consent (Art. 6 (1 a) GDPR)

If you have given us your consent to the processing of personal data for certain purposes (e.g. participation in the SEPA direct debit scheme, advertising, quality assurance, relaying of data within the group), the lawfulness of this processing is effective on the basis of your consent.

You can revoke any consent granted for the processing of personal data at any time. This also applies to the declarations of consent that we were granted before the GDPR took effect, i.e. before May 25, 2018. Please note that any revocation applies just to the future.

You can direct your revocation to the point of contact responsible (see item 1).

2.4 Data processing based on statutory requirements (Art. 6 (1c) GDPR) or in the public interest (Art. 6 (1 e) GDPR)

We are subject to various different statutory obligations for the purpose of which we process personal data. Among other obligations, this includes retention obligations under commercial and tax law, identity checking, the prevention of fraud and money laundering, and obligations under the law to release and provide information and to testify, as well as obligations under the law on the operation of metering points. The legal basis for processing in these cases is the respective statutory provision in conjunction with Art. 6 (1 c) GDPR.

Furthermore, we process personal data in the context of fulfilling duties in the public interest, an example being the operation of swimming pools. The legal basis for the processing in these cases is the respective statutory provision in conjunction with Art. 6 (1 e) GDPR.

3. Data sources

We process the personal data we receive from you in the context of our business relations. In addition, we process the personal data that we are authorized to collect from publicly accessible sources (debtor register, land registry, registers of  companies and associations, Internet, press) or that are sent to us by authorized third parties (e.g. address service providers) or other parts of the SWM Group.

4. Required providing of data

Providing the name, address, telephone, date of birth and email is, if not expressly indicated otherwise, necessary for the conclusion of contracts as they cannot be completed without these personal data.

5. Data recipients

Within SWM Service GmbH, the units that are given access to your data are the ones that need these data for the purposes described under item 2. In as far as is legally permissible (such as in the context of processing a contract) we pass on personal data to third companies in the following categories:

  • Instructors and trainers
  • (IT) services
  • Logistics 
  • Banks and payment service providers
  • Print services
  • Sales partners
  • Credit agencies
  • Debt collection agencies and lawyers
  • Public agencies and institutions (e.g. social insurance agencies, financial authorities, police, public prosecutor’s office, supervisory authorities) in the event of the respective obligation/entitlement

6. Data transfer to a non-EU country or to an international organization

For certain tasks we use (IT) service providers that, in turn, also use (IT) service providers that may have their headquarters, parent company or computer centers in a non-EU country (outside the European Union and outside the European Economic Area).

The following must apply: The transfer is permissible as there is a legal basis or because you have expressly given your consent to the transfer, and the special preconditions exist for transfer to a non-EU country. This means in particular that the European Commission has decided that an appropriate level of data protection has been set in place in the respective non-EU country (Art. 45 GDPR) or a suitable guarantee (e.g. through the so-called EU standard agreement clause prescribed by the European Commission or the supervisory authority) has been provided, along with establishing enforceable rights and effective legal remedies.

7. Retention period

We delete your personal data as soon as they are no longer necessary for the purpose for which they were collected unless further processing is temporarily required for:

  • Compliance with statutory archiving obligations that may arise, under the German Commercial Code (Handelsgesetzbuch – HGB) and the General Fiscal Law (Abgabenordnung AO), for instance. The periods prescribed under these laws run for up to ten years.
  • Preservation of proof in the context of statutes of limitations. According to Sections 195 et seq. of the German Civil Code (BGB), the statutes of limitations may run for up to thirty years though the regular statute of limitation is three years.


8. Rights of the data subject

Under Art. 15 GDPR, you have the right to request information at any time about which personal data we hold. This also concerns the recipients or categories of recipients to which these data are relayed and the purpose of storage. Under the preconditions specified by Art. 16 GDPR, you can request the correction and/or under the preconditions of Art. 17 GDPR the deletion and/or under the preconditions of Art. 18 GDPR a restriction on the scope of processing. Moreover, pursuant to Art. 20 GDPR, you may request a data transfer at any time.

You have the right to object to the processing of your personal data when the preconditions specified under Art. 21 GDPR exist.

Furthermore, under Art. 77 GDPR, you have the option of filing a complaint with the data advisory authority.

Right to revocation of consent: You can revoke your consent to the processing of your data at any time for the future. This also applies to the declarations of consent that we were granted before the GDPR took effect, i.e. before May 25, 2018. Ihren Widerruf richten Sie bitte an: SWM Versorgungs GmbH, Emmy-Noether-Straße 2, 80992 Munich, Germany, datenschutz.versorgung@swm.de.

9. Automated decision making

On principle we do not use any automated decision-making pursuant to Art. 22 GDPR. If, in individual cases, we use this procedure we will inform you by way of a separate notification within the context of the statutory provisions.

10. Revision clause

As our data processing is subject to change and the legal parameters may change, we will also adjust our privacy policy from time to time.

Privacy policy version: May 25, 2018

The protection of your data is important to Stadtwerke München GmbH, Emmy-Noether-Straße 2, 80992 Munich, Germany, (hereinafter referred to as “we”). We process personal data in compliance with the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG) and all other pertinent data protection laws. In the following we inform you about how we process your personal data and what your rights are. If we want to process your personal data beyond the aforementioned for a purpose not specified in this privacy policy, we will inform you by way of a separate notification within the scope of the statutory provisions.

1. Controller for data processing

Controller responsible for the protection of your data pursuant to . Art. 4 (7) GDPR is Stadtwerke München GmbH, Emmy-Noether-Straße 2, 80992, Munich, Germany, info@swm.de.

You can contact our data protection officer by post at the aforementioned address, citing the reference “Data Protection Officer”, or via email to datenschutz@swm.de.

2. Purpose and legal basis of data processing

2.1 Data processing for performing your contract (Art. 6 (1) GDPR)

We process personal data for the purpose of fulfilling existing contractual relations or pre-contractual measures (e.g. preparing offers). To this end, we process the following data:

  • Personal information (name, date of birth, address, telephone, telefax, email, power of attorney as well as the personal information of the authorized representative and/or alternative invoice recipient)
  • Bank details (IBAN, BIC, bank, account holder) and payment information
  • Sales data (e.g. number of course participants/swimming pool visitors and period)


Furthermore, we collect data on payment patterns in order to recover open amounts and, if necessary, to block accounts or terminate a contract.

2.2 Data processing in the context of the balancing of interests (Art. 6 (1 f) GDPR)

Where required, we process your data beyond the actual performance of the contract in a reliable manner with a view to safeguarding the justifiable interests of ourselves or of third parties in order:

  • to carry out measures to improve and develop services and products in order to submit offers and products to you tailored to your needs
  • to conduct market and opinion research or to have this carried out by market and opinion research institutes. This enables us to gain an overview of the transparency and quality of our products, services and communication, and to align them to and design them for our customers.
  • in consultation and with the exchanging of data with credit agencies (e.g. Schufa, Creditreform) to ascertain the credit standing and/or the default risks, particularly the existence of preconditions according to Section 31 of the German Federal Data Protection Act (BDSG)
  • to assert legal claims and for defense in litigation
  • to investigate or prevent punishable offenses
  • to find out addresses (e.g. with relocations)
  • to use your data anonymously for analysis purposes
  • to ensure IT security and IT operations
  • to manage risks


2.3 Data processing based on consent (Art. 6 (1 a) GDPR)

If you have given us your consent to the processing of personal data for certain purposes (e.g. participation in the SEPA direct debit scheme, advertising, quality assurance, relaying of data within the group), the lawfulness of this processing is effective on the basis of your consent.

You can revoke any consent granted for the processing of personal data at any time. This also applies to the declarations of consent that we were granted before the GDPR took effect, i.e. before 5/25/2018. Please note that any revocation applies just to the future.

You can direct your revocation to the point of contact responsible (see item 1).

2.4 Data processing based on statutory requirements (Art. 6 (1c) GDPR) or in the public interest (Art. 6 (1 e) GDPR)

We are subject to various different statutory obligations for the purpose of which we process personal data. Among other obligations, this includes retention obligations under commercial and tax law, identity checking, the prevention of fraud and money laundering, and obligations under the law to release and provide information and to testify, as well as obligations under the law on the operation of metering points. The legal basis for processing in these cases is the respective statutory provision in conjunction with Art. 6 (1 c) GDPR.

Furthermore, we process personal data in the context of fulfilling duties in the public interest, an example being the operation of swimming pools. The legal basis for the processing in these cases is the respective statutory provision in conjunction with Art. 6 (1 e) GDPR.

3. Data sources

We process the personal data we receive from you in the context of our business relations. In addition, we process the personal data that we are authorized to collect from publicly accessible sources (debtor register, land registry, registers of  companies and associations, Internet, press) or that are sent to us by authorized third parties (e.g. address service providers) or other parts of the SWM Group.

4. Required providing of data

Providing the name, address of the point of consumption, meter number and status, consumption as well as, if appropriate, former suppliers is, if not expressly indicated otherwise, necessary for the conclusion of contracts as they cannot be completed without these personal data.

5. Data recipients

Within Stadtwerke München GmbH, the units that are given access to your data are the ones that need these data for the purposes described under item 2. In as far as is legally permissible (such as in the context of processing a contract) we pass on personal data to third companies in the following categories:

  • Instructors and trainers
  • (IT) services
  • Logistics
  • Credit institutes and payment service providers
  • Print services
  • Sales partners
  • Credit agencies
  • Debt collection service providers and lawyers
  • Public agencies and institutions (e.g. social insurance agencies, financial authorities, police, public prosecutor’s office, supervisory authorities) in the event of the respective obligation/entitlement


6. Data transfer to a non-EU country or to an international organization

For certain tasks we use (IT) service providers that, in turn, also use (IT) service providers that may have their headquarters, parent company or computer centers in a non-EU country (outside the European Union and outside the European Economic Area).

The following must apply: The transfer is permissible as there is a legal basis or because you have expressly given your consent to the transfer, and the special preconditions exist for transfer to a non-EU country. This means in particular that the European Commission has decided that an appropriate level of data protection has been set in place in the respective non-EU country (Art. 45 GDPR) or a suitable guarantee (e.g. through the so-called EU standard agreement clause prescribed by the European Commission or the supervisory authority) has been provided, along with establishing enforceable rights and effective legal remedies.

7. Retention period

We delete your personal data as soon as they are no longer necessary for the purpose for which they were collected unless further processing is temporarily required for:

  • Compliance with statutory archiving obligations that may arise, under the German Commercial Code (Handelsgesetzbuch – HGB) and the General Fiscal Law (Abgabenordnung AO), for instance. The periods prescribed under these laws run for up to ten years.
  • Preservation of proof in the context of statutes of limitations. According to Sections 195 et seq. of the German Civil Code (BGB), the statutes of limitations may run for up to thirty years though the regular statute of limitation is three years.


8. Rights of the data subject
Under Art. 15 GDPR, you have the right to request information at any time about which personal data we hold. This also concerns the recipients or categories of recipients to which these data are relayed and the purpose of storage. Under the preconditions specified by Art. 16 GDPR, you can request the correction and/or under the preconditions of Art. 17 GDPR the deletion and/or under the preconditions of Art. 18 GDPR a restriction on the scope of processing. Moreover, pursuant to Art. 20 GDPR, you may request a data transfer at any time.

You have the right to object to the processing of your personal data when the preconditions specified under Art. 21 GDPR exist.

Furthermore, under Art. 77 GDPR, you have the option of filing a complaint with the data advisory authority.

Right to revocation of consent: You can revoke your consent to the processing of your data at any time for the future. This also applies to the declarations of consent that we were granted before the GDPR took effect, i.e. before May 25, 2018. Please send your revocation to: Stadtwerke München GmbH, Emmy-Noether-Straße 2, 80992 Munich, Germany, info@swm.de.

9. Automated decision making

On principle we do not use any automated decision-making pursuant to Art. 22 GDPR. If, in individual cases, we use this procedure we will inform you by way of a separate notification within the context of the statutory provisions.

10. Revision clause

As our data processing is subject to change and the legal parameters may change, we will also adjust our privacy policy from time to time.

Version: May 25, 2018