Contact

General Information Security Policy

Protect the Company’s informational and IT assets (including but not limited to all computers, mobile devices, networking equipment, software, and sensitive data) against all internal, external, deliberate, or accidental threats and to mitigate the risks associated with the theft, loss, misuse, damage or abuse of these systems;

Ensure information will be protected against any unauthorized access. Users shall only have access to resources that they have been specifically authorized to access. The allocation of privileges shall be strictly controlled and reviewed regularly.

Protect CONFIDENTIALITY of information. When we talk about confidentiality of information, we are talking about protecting the information from disclosure to unauthorized parties;

Ensure INTEGRITY of information. Integrity of information refers to protecting information from being modified by unauthorized parties;

Maintain AVAILABILITY of information for business processes. Availability of information refers to ensuring that authorized parties can access the information when needed.

Comply with and, wherever possible, exceed, national legislative and regulatory requirements, standards, and best practices;

Develop, Maintain and Test business continuity plans to ensure we stay on course despite all obstacles that we may come across. It is about “keeping calm and carrying on!”;

Raise awareness of information security by making information security training available for all Employees. Security awareness and targeted training shall be conducted consistently, security responsibilities reflected in job descriptions, and compliance with security requirements shall be expected and accepted as a part of our culture;

Ensure that no action will be taken against any employee who discloses an information security concern through reporting or in direct contact with Information Security Management Leader, unless such disclosure indicates, beyond any reasonable doubt, an illegal act, gross negligence, or a repetitive deliberate or willful disregard for regulations or procedures;

Report all actual or suspected information security breaches to security@flex-power.energy.

Data Policy

according to the General Data Protection Regulation (GDPR)

1. Introduction

At CFP FlexPower GmbH, we take the protection of your personal data very seriously. We process your data exclusively in accordance with the applicable legal regulations – in particular the General Data Protection Regulation (GDPR) and the Telecommunications-Telemedia Data Protection Act (TTDSG).

This privacy notice informs you about the key aspects of data processing on our website.

2. Data Controller

The controller pursuant to the GDPR, national data protection laws of the EU Member States, and other legal data protection provisions is:

CFP FlexPower GmbH
Lippmannstr. 8
22769 Hamburg, Germany
Represented by: Max Amir Dieringer, Jan Egidi, Mirko Thoden, Amani Joas
Email: shout@flex-power.energy

3. Server Log Files

When you visit our website, your browser automatically transmits data that is stored in server log files. These include:

  • IP address
  • Access date and time
  • Name and URL of the file retrieved
  • Referrer URL (the page you came from).
  • Browser type and, if applicable, your device’s operating system
  • Name of your internet service provider

These data are not combined with personal data and are used solely for statistical purposes to ensure the stable, secure, and optimized operation of our website. The legal basis is Art. 6(1)(f) GDPR, which permits processing for legitimate interests.

4. Cookies

Our website uses cookies – small text files that are stored on your device by your browser. Cookies help make our website more user-friendly, effective, and secure.

Some cookies are session-based and are deleted automatically when you leave the site. Others remain stored on your device until you delete them, allowing us to recognize your browser on your next visit.

The use of technically necessary cookies is based on Art. 6(1)(f) GDPR. For all other cookies (e.g., analytics or marketing), we obtain your explicit consent in accordance with Art. 6(1)(a) GDPR and § 25(1) TTDSG. You may revoke your consent at any time.

5. Your Rights as a Data Subject

You have the following rights under the GDPR regarding your personal data:

  • Right of access (Art. 15 GDPR): You have the right to obtain confirmation of whether we process your personal data, and if so, access to those data and relevant information.
  • Right to rectification (Art. 16 GDPR): You may request the correction of inaccurate or incomplete personal data.
  • Right to erasure (Art. 17 GDPR): Also known as the "right to be forgotten", this allows you to request the deletion of your data under certain circumstances.
  • Right to restriction of processing (Art. 18 GDPR): You may request that we restrict the processing of your personal data under specific conditions.
  • Right to data portability (Art. 20 GDPR): You are entitled to receive your personal data in a structured, commonly used, and machine-readable format and to transmit those data to another controller.
  • Right to object (Art. 21 GDPR): You can object to data processing on grounds relating to your particular situation where data are processed based on Art. 6(1)(e) or (f) GDPR.
  • Right to withdraw consent (Art. 7(3) GDPR): You can revoke your consent at any time with effect for the future.
  • Right to lodge a complaint (Art. 77 GDPR): You have the right to lodge a complaint with a supervisory authority if you believe your data is being processed unlawfully.

You may exercise your rights by contacting us via the contact details provided in the legal notice (Imprint).

6. Data Retention

Unless a more specific retention period is stated in this policy, your personal data will be retained only for as long as necessary to fulfill the purposes for which they were collected.
If you exercise your right to withdraw consent or object to processing, we will delete your data unless legal retention obligations apply (e.g., under tax or commercial law). In such cases, deletion occurs after the mandatory retention period ends. Legal basis: Art. 6(1)(c) GDPR.

7. Contact via Email, Phone, or Fax

When you contact us via email, telephone, or fax, the information you provide (including personal data) will be stored and processed solely for the purpose of handling your request.
We will not disclose this information without your consent.
Legal bases:

  • Art. 6(1)(b) GDPR for contract-related inquiries
  • Art. 6(1)(f) GDPR for general inquiries
  • Art. 6(1)(a) GDPR if you have given consent

Your data will be stored only as long as necessary to fulfill your request or until you revoke your consent. Statutory retention obligations remain unaffected.

8. Matomo

This website uses the open-source web analysis service Matomo.

Through Matomo, we are able to collect and analyze data on the use of our website-by-website visitors. This enables us to find out, for instance, when which page views occurred and from which region they came. In addition, we collect various log files (e.g. IP address, referrer, browser, and operating system used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, etc.).

The use of this analysis tool is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the analysis of user patterns, in order to optimize the operator’s web offerings and advertising. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.

IP anonymization

For analysis with Matomo we use IP anonymization. Your IP address is shortened before the analysis, so that it is no longer clearly assignable to you.

Analysis without cookies

We have configured Matomo in such a way that Matomo will not store cookies in your browser.

Hosting

We host Matomo with the following third-party provider:

FGR/Freie Gestalterische Republik
Goltsteinstraße 28-30
50968 Köln

9. Google Analytics

We use Google Analytics (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland), which uses cookies to analyze website usage.

Data such as your IP address and behavior are transmitted to Google servers in the USA. Google may also forward this data to third parties.

Legal basis:

  • Art. 6(1)(f) GDPR (legitimate interest in usage analysis)
  • Art. 6(1)(a) GDPR and § 25(1) TTDSG where user consent is required

Opt-out: You can prevent data collection by adjusting your browser settings. More details at:
https://support.google.com/analytics/answer/6004245?hl=en

10. Google Fonts (Local Hosting)

We use locally hosted Google Fonts to display fonts consistently across devices. No connection to Google servers is established.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in consistent and user-friendly design).

More on Google Fonts:
https://developers.google.com/fonts/faq
https://policies.google.com/privacy

11. Monday.com

We use Monday.com (monday.com Ltd., 121 Menachem Begin Rd., Tel Aviv, Israel) as a cloud-based project and communication platform.

Personal data such as names, emails, and task-related information may be processed and stored on Monday.com servers.

Monday.com complies with GDPR through a Data Processing Addendum and holds certifications under ISO 27001, 27017, and 27018.

Legal basis:

  • Art. 6(1)(f) GDPR (legitimate interest in internal collaboration)
  • Art. 6(1)(a) GDPR for features requiring consent

More on Monday.com's data practices:
https://monday.com/lang/de/trustcenter/securitypolicies

12. Applicant Pool

If you apply to us and we are unable to offer you a position immediately, we may request to retain your application in our applicant pool for future opportunities.

Retention is voluntary and based solely on your explicit consent (Art. 6(1)(a) GDPR), which you can withdraw at any time.

Applications in the pool are stored for up to 12 months and then deleted unless legal retention obligations apply.
Being in the pool does not affect current application outcomes.

13. Borlabs Cookie

We use Borlabs Cookie, a tool for managing cookie consent, provided by Borlabs GmbH, Georg-Wilhelm-Str. 17, 21073 Hamburg, Germany.

Borlabs itself stores no personal data. The plugin sets a technical cookie that saves your consent status.

Legal basis: Art. 6(1)(c) GDPR (legal obligation to obtain consent for cookies).
More info: https://de.borlabs.io/borlabs-cookie/

14. Social Media

We maintain presences on various social platforms to interact with customers and stakeholders.

When visiting those platforms, their respective terms and privacy policies apply.
We process data only when you interact directly with us (e.g., by posting or messaging us).
We have no control over how these networks collect and use data.

Please consult the respective platforms for more details.

15. Responsibility for Content and Links

We create our website content with great care but cannot guarantee it is always accurate or up-to-date.

As a service provider, we are responsible for our own content (§ 7(1) TMG).
However, we are not obligated to monitor third-party content (§§ 8–10 TMG). Upon becoming aware of violations, we will remove any unlawful content or links immediately.

16. Information for Children

Protecting children's privacy online is important to us. We encourage parents and guardians to monitor and guide children's internet use.

We do not knowingly collect data from children under 13. If you believe your child has provided such data, please contact us immediately. We will act promptly to delete the data.

17. Online Privacy Only

This privacy policy applies only to online activities on our website and not to data collected offline or via other channels.

18. Copyright Notice

All content on this website is subject to German copyright law. Use, reproduction, or modification of copyrighted materials is only permitted with the prior written consent of the respective rights holder unless otherwise legally allowed.

Personal copies are allowed for private, non-commercial use only (§ 106 UrhG). Unauthorized use is prohibited and may be prosecuted.

Artworks:
Black-and-white illustrations from absurd.design
Web Design: aliceinspace.design

Consent

By using our website, you consent to this privacy policy and agree to its terms.

REMIT Disclosure

According to article 4 of the EU regulation on Wholesale Energy Market Integrity and Transparency; (REMIT), participants are obliged to publish insider information in regards to their exposures or their assets in a timely manner. 

Market Communication Contact Sheet

You can access our market roles and contact details for communication as:

  • Energy supplier
  • Balance group manager
  • Dispatching responsible party (EIV)
  • Operator of technical resources (BTR)

Download Contact Sheet (PDF)

Consent

By using our website, you hereby consent to our Privacy Policy and agree to its terms.