Want to change your Cookie-Settings?

    adjust your cookies

    Data Protection Declaration for the processing of personal data by companies of the European Energy Exchange AG

    The European Energy Exchange AG informs you within the scope of this data protection declaration about how we and our companies listed below (hereinafter "EEX", "we" or "us") process your personal data, with special attention to the processing of personal data according to the general data protection regulation EU 2016/679 ("GDPR") and the applicable national data protection laws.

    1. Preamble

    Within the scope of this data protection declaration, EEX informs the public about the type, scope and purpose of the personal data collected, used and processed. Furthermore, by means of this data protection declaration, you will be informed about the rights to which you are entitled.

    Within EEX, a consistently high level of data protection is guaranteed. We have implemented numerous technical and organizational measures to ensure the most complete possible protection of personal data processed via the websites, IT systems and applications. Nevertheless, internet-based data transmissions can have security gaps, so that complete protection cannot be guaranteed. For this reason, every person concerned is free to transmit personal data to us by alternative means, for example by telephone.

    This data protection declaration applies to the following companies and must be read in conjunction with the other legal notices and terms of use of these companies. Furthermore, this data protection declaration applies to the websites and web applications of the companies belonging to EEX Group listed below:

    • European Energy Exchange AG (EEX)
      • eex.com
      • owa.eex-group.org
      • member.eex.com
      • member-test.eex.com
      • eex-transparency.com
      • elearning.eex.com
      • eex-group.com
      • eex.com/en/shop#!/
      • sdx.eex-group.com
      • eqs-eex.com
      • mis.eex.com
    • European Commodity Clearing AG (ECC AG)
    • ecc.de
    • smss.ecc.de
    • smsssimu.ecc.de
    • EEX Link GmbH (EEX Link)
    • European Commodity Clearing Luxembourg S.à.r.l. (ECC Lux)

    2. Definitions

    Our data protection declaration is based on the concepts used by the European Commission in the adoption of the GDPR and the national data protection laws. The data protection declaration should be easy to read and to understand for the public as well as our customers, business and trade partners. To ensure this, we would like to explain the terms used in advance.

    We use the following terms, among others, in this data protection declaration:

    a) Personal data

    Personal data are all information relating to an identified or identifiable natural person (hereinafter "data subject"). Identifiable is a natural person who can be identified directly or indirectly, in particular by assignment to an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.

    b) Data subject

    Data subject is any identified or identifiable natural person whose personal data are processed by the controller.

    c) Processing

    Processing means any operation or series of operations carried out with or without the aid of automated procedures in relation to personal data, such as the collection, recording organisation, sorting, storage, adaptation or alteration, reading, retrieval, use, disclosure by transmission, dissemination or any other form of provision, comparison or linking, restriction, erasure or destruction.

    d) Restriction of processing

    Restriction of processing is the labelling of stored personal data to allow the restriction of their future processing.

    e) Profiling

    Profiling is any form of automated processing of personal data which consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the performance of work, economic situation, health, personal preferences, interests, reliability, behaviour, location or relocation of that natural person.

    f) Data controller or controller

    The data controller or controller is the natural or legal person, public authority, institution or other body which at its sole discretion / solely or jointly with others decides on the purposes and means of processing personal data

    g) Processor

    A Processor is a natural or legal person, authority, institution or other body that processes personal data on behalf of the data controller

    h) Recipient

    A Recipient is a natural or legal person, authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, authorities which may receive personal data under European Union law or the law of the Member States within the framework of a particular investigation mandate shall not be regarded as recipients.

    i) Third party

    A third party is a natural or legal person, authority, institution or other body other than the data subject, the data controller, the data processor and the persons authorized to process the personal data under the direct responsibility of the data controller or the data processor.

    j) Consent

    Consent shall mean any informed and unequivocal expression of will voluntarily given by the data subject in the particular case in the form of a declaration or other clear affirmative act by which the data subject indicates his or her consent to the processing of personal data concerning him or her.

    For the sake of better legibility, there is no explicit differentiation between the female and the male form. However, both are always meant.


    3. Name and address of the controller

    The person responsible within the meaning of the GDPR, within other data protection laws in force in the Member States of the European Union and within other provisions of a data protection nature is:

    European Energy Exchange AG
    Augustusplatz 9
    04109 Leipzig

    Phone: +49 341 2156 0
    Fax:      +49 341 2156 109
    E-Mail:  info@eex.com

    Link to imprint: https://www.eex.com/en/legal-information/imprint


    4. Name and address of the data protection officer

    The data protection officer of the controller is

    Group Data Protection Officer
    Deutsche Börse AG
    60485 Frankfurt am Main

    E-Mail: dataprotection@deutsche-boerse.com

    If you have any questions or comments on the subject of data protection, please contact the data protection officer.


    5. Legal basis for the processing of personal data

    We process your personal data in compliance with the applicable data protection regulations.

    We only process the data that we require as part of our range of services.

    • The legal basis for such processing of personal data for pre-contractual and contractual purposes is Art. 6 para. 1 b) GDPR.
    • In addition, we process your personal data to fulfil legal obligations (e.g. regulatory requirements, commercial and tax storage obligations). In this case, the legal basis for processing is the respective legal regulations in conjunction with Art. 6 Para.1 c) GDPR.
    • We also process your data if required by Art.6 Para.1 f) GDPR to protect the legitimate interests of us or third parties. This may be necessary in particular to ensure IT security and operation and to advertise our own products and other products of the EEX Group and cooperation partners, as well as for customer satisfaction surveys.
    • Should we wish to process your personal data for a purpose not mentioned above, we will inform you in advance within the framework of the statutory provisions.


    6. Data-Processing in third countries

    We process your data on servers and EDP systems within the European Union (EU) or within the European Economic Area (EEA). In individual cases, your personal data may also be processed outside the EU/EEA in so-called third countries, which may not offer the same level of protection as the places where you first provided the data. If a comparable level of data protection in the third country has not been recognized by the European Commission (so-called adequacy decision), such data transfers, for the protection of your personal data, will only take place to the extent that other legally recognized guarantees have previously been provided for as protection mechanisms (including the standard contractual clauses of the European Commission adopted for this purpose) and a legal basis justifies the data transfer.


    7. Collecting general data and information about our websites

    Our websites collect a series of general data and information each time a person or an automated system accesses the websites. These general data and information (s. chapter 8) are stored in the log files of the server.

    This information is required to (1) correctly deliver the content of our website, (2) optimize the content of our website and, if necessary, the advertising for it, (3) ensure the permanent functionality of our information technology systems and the technology of our website, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber-attack. These anonymously collected data and information are therefore evaluated statistically and additionally evaluated with the aim of increasing data protection and data security whitin EEX in order to ultimately ensure an optimal level of protection for the personal data processed by us. The anonymous data of the server log files are stored separately from all personal data provided by a person concerned.


    8. Categories of personal data and purposes of our processing

    We process the following categories of your personal data for the following purposes:

    8.1 Users of the SFTP Servers:

    For users of the SFTP Server, we record the country of origin, the address of your internet service provider (IP or URL) or the server name, the name of the website from which you are visiting us, the name of our websites that you have visited, which operating system and which browser you use, which search term you have entered and the date and duration of your visit for statistical purposes in anonymised form. We use this personal data for the operation of the website, in particular:

    a) for the technical support of the users / for the answering of inquiries

    b) for the operation and administration of Our SFTP Server

    c) for the guarantee of network and data security, insofar as these interests are in accordance with the applicable law and with the rights and freedom of the user in each case

    d) for the prevention and detection of fraud and criminal offences and/or

    e) if we are legally obliged to do so.

    f) Access to market data files (EEX Group DataSource Services).

    Some of our websites or SFTP Server also offer the possibility of user registration. If you are registered with us, you can access content and services that we only offer to registered users. In the course of the respective registration process, you provide us with further personal data. Registered users also have the option of changing or deleting the personal data provided during registration at any time if required. Of course, we will also provide you with information about the personal data we have stored about you at any time. We will be happy to correct or delete them at your request, provided that there are no legal storage obligations to the contrary.

    8.2 User enquiries by email or contact form:

    If you contact us by e-mail or contact form, the information you have provided will be stored for the purpose of processing your inquiry and for possible follow-up questions. In this context, you provide us with the following personal data, for example:  Name, company, contact details such as business e-mail address, telephone number and business address, request. We use this personal data to process your inquiries and/or to provide the requested information.

    8.3 Recipients of newsletters and advertising:

    On our websites you are given the opportunity to subscribe to various newsletters via e-mail. The subscription to our newsletter as well as the consent to the storage of personal data, which the person concerned has given us for the newsletter dispatch, can be revoked at any time. For the purpose of revoking your consent, you will find a corresponding link in every newsletter. For the subscription of newsletters we collect personal data such as title, first name, surname, company, e-mail address, telephone, address and newsletter type. We use this data to send you newsletters and advertising for our services and our websites and, if necessary, also to contact you by telephone or by post, insofar as this is legally permissible and provided that you have not objected to the sending of advertising.

    8.4 Registration for events:

    To be able to invite you to events, we record the title, first name, surname, e-mail address, company and participation in the event.

    For events we save your answer for participation or non-participation.

    8.5 Applications and application procedures:

    EEX collects and processes the personal data of applicants for the purpose of handling the application procedure. Processing can take place by post or electronically. Please note that application documents sent by email are transmitted unencrypted. To protect your application documents during the transfer, you can contact our human resources department. We then offer you the opportunity to transmit your data to us via secure access. If the person responsible concludes an employment contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents shall be automatically deleted six months after notification of the decision of rejection, provided that no other legitimate interests of the controller stand in the way of deletion. Other legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (“AGG”).


    8.6 Social media:

    If we integrate social media in our communication and you access their services, the data protection conditions of the social media service used apply.

    You will find Us on the following social media platforms with our own channels. By using social media, we would like to inform you about topics relevant for our business activity and the market. With this Privacy Notice we would like to inform you about the platform providers, the collection of personal data and your rights regarding data protection. Please find the purposes of data processing and the categories of data in following listing of our social media channels.

    8.6.1 Categories of your Personal Data, responsibilities and purposes of data processing

    We use the statistic services of the respective social media platforms (as listed below) to develop and optimize our social media channels according to its use. The statistic services retrieves information about the usage of our social media channels and provides it to us as statistical information. By this means we get insights about activities and amount of our social media channel visitors, reach of our postings on the respective social media platform, usage and duration of usage of multimedia content on our website, geostatistics about our social media channel visitors and percentage of gender of our visitors.

    Our option to access profiles of specific users is limited by the privacy settings of the respective social media platform of each user following one of our social media channels. We may use your profile information for internal report on certain campaigns. Usage of your profile information is limited to the information you have set to be publicly available on the social media site, such as your name, username, gender, friends network, age range, locale and any other information you have made public. Furthermore, we store your username as personal data every time you send us a direct message.

    8.6.2 Twitter

    When you followone of our Twitter channelsfrom the European Union, the responsible Twitter entity for processing of your personal data is:

    Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland

    Twitterprocesses personal data according to its Data Policy you find here:

    It includes contact details for data protection queries and data subject’s right requests here:

    Twitter International Company, Attn: Data Protection Officer, One Cumberland Place,Fenian Street, Dublin 2, D02 AX07 Ireland


    Privacy Shield:

    8.6.3 Google and YouTube

    When you visit one of our YouTube channelsor Google+ pages, data about your visit will be processed by

    Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA

    Google processes personal data according to its Data Policy you find here:

    It includes contact details for data protection queries and data subject’s right requests here:

    8.6.4 LinkedIn

    When you visit one of our LinkedIn channels, data about your visit will be processed by

    LinkedIn Ireland Unlimited Company,Wilton Place, Dublin 2, Ireland

    LinkedInprocesses personal data according to its Data Policy you find here:

    It includes contact details for data protection queries and data subject’s right requests here:

    8.6.5 Instagram

    When you visit one of our Instagram channels, data about your visit will be processed by

    Facebook Ltd., 4. Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

    Instagram processes personal data according to its Data Policy you find here:

    It includes contact details for data protection queries and data subject’s right requests here:

    8.6.6 Xing

    When you visit one of our XING pages, data about your visit will be processed by

    XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany

    XING processes personal data according to its Data Policy you find here:


    9. Processor

    We use external service providers for the processing and storage of their personal data. For example, our service providers support us in operating our websites, IT systems and applications as well as in carrying out marketing measures (e.g. sending newsletters). Our service providers process data only in accordance with the instructions and under the control of EEX AG and exclusively for the purposes described in this data protection information. We ensure that appropriate technical and organisational precautions are taken to protect your personal data from unauthorised access. We regularly review our security policies, procedures and service providers to ensure the security of our websites, IT systems and applications.


    10. Disclosure of personal data

    Your personal data may be disclosed both within Deutsche Börse Group and within the EEX Group, for example to fulfil contractual obligations. Should further group mergers with other companies occur in the future or should individual companies belonging to the group decide to establish further subsidiaries, their declaration of consent to this data protection declaration shall continue to apply insofar as compliance with a data protection level comparable with this data protection declaration is ensured.

    We may also disclose your personal data to public authorities if required by applicable law. A passing on of your personal data is also permitted if there is suspicion of a criminal offence or the misuse of the services offered on our website. In this case we are entitled to transfer your personal data to the law enforcement authority.

    Otherwise, we will only pass on your personal data to others such as cooperation partners or advertising partners for their own purposes if you have expressly and voluntarily consented to the passing on of your personal data. In this case, we will request your consent separately from this privacy policy.


    11. Use of website analysis services and cookies as well as profiling

    When you visit the website and Our online platform, information is stored on your terminal device in the form of a "cookie." Cookies are small files that are stored on your terminal device and save certain settings and data to exchange with our websites via your browser.

    For example, cookies enable us to tailor a website to better match your interests or to store your password so that you do not have to re-enter it every time. As a general rule, we never collect personal data via cookies, unless you have given us your express permission to do so.

    If you do not want us to recognize your terminal device, please configure your Internet browser to erase all cookies from your device, to block all cookies or to receive a warning before a cookie is stored. You will find brief instructions on how to do this below.

    Please note that certain functions of our website may no longer work, or not correctly, without cookies.

    a. Types of cookies
    Cookies can be assigned to four categories, depending on their function and intended purpose: absolutely necessary cookies, performance cookies, functional cookies, and cookies for marketing purposes.

    i. Absolutely necessary cookies
    Are needed for you to navigate within websites and operate basic website functions, such as the issuance of anonymous Session IDs for bundling several related queries to a server.

    ii. Performance cookies
    collect information on the usage of our websites, including for example the Internet browsers and operating systems used, the domain name of the website which you previously visited, the number of visits, average duration of visit, and pages called up. These cookies do not store any information that would make it possible to personally identify the user. The information collected with the aid of these cookies is aggregated and is therefore anonymous. Performance cookies serve the purpose of improving the user friendliness of a website and therefore enhancing the user’s experience. You can block the use of such cookies by creating an exclusion cookie (see “managing cookies” below).

    iii. Functional cookies
    enable a website to store information the user has already entered (such as user ID, language selection, or the user’s location), in order to offer improved, personalized functions to the user. Functional cookies are also used to enable requested functions such as playing videos and to make a user’s decision to block or disable a certain function (e.g. web analysis) - “opt-out cookies”.

    iv. Cookies for marketing purposes
    are used to offer more relevant content to users, based on their specific interests. They are also used to limit the display frequency of an ad and to measure and control the effectiveness of advertising campaigns. They register whether users have visited a website or not, and which contents were used. This information may possibly also be shared with third parties, such as advertisers, for example. These cookies are often linked to the functions of third-party websites. You can block the use of such cookies by creating an opt-out cookie (see “Managing cookies” below).

    b. Cookies on Our website and our online platform

    Cookie-Name Description Retention Period

    This is a third party cookie from the domain www.marketview.com

    This technically relevant cookie helps ensure that the market data views (tables, charts) of a page load quickly and effectively by distributing the workload across numerous computers (load balancing). 
    The cookie is necessary in order to ensure that the charts and tables on the website function properly even in load and high load situations.

    1 day
    uo_id The cookie sets an ID so that the user's consent to the use of cookies and their cookie settings can be stored in the uo_settings cookie. The cookie is technically necessary. 1 year
    uo_settings This cookie stores the user's consent to the use of cookies and the user's cookie settings. These are then linked to the ID from the cookie uo_id. The cookie is technically necessary. 1 year

    Analytics Cookies from eTracker

    Cookie-Name Description Retention Period
    _et_coid Cookie recognition (only with cookie activation) 2 years and/or configurable
    et_oi_v2 Functional / required:
    Opt-In cookie stores the visitor's decision when tracking Opt-In is played on the customer's site. Also used for a possible opt-out.

    " no" - 50 years

    "yes" - 480 days

    et_allow_cookies     Functional / required:
    If data-block cookies are used, the API call _etracker.enableCookies() sets this cookie to "1" to indicate that etracker may set cookies. The cookie is set to "0" when _etracker.disableCookies() is called.
    "0" - 50 years
    "1" - 480 days
    isSdEnabled Recognition of whether the visitor's scrolling depth is measured (only with cookie activation). 24 hours
    GS3_v Set by the Optimizer Web Service. Contains the same Visitor ID as BT_pdc (only with cookie activation). 1 year
    BT_ctst Is used only to detect whether or not cookies are activated in the visitor's browser (only if cookies are activated). Duration of the session
    BT_sdc Contains Base64-encoded data of the current visitor session (referrer, number of pages, number of seconds since the start of the session, displayed smart messages in the session), which are used for personalization purposes (only if cookie is activated). Duration of the session
    BT_pdc Contains Base64-encoded visitor history data (is customer, newsletter recipient, visitor ID, displayed smart messages) for personalization (only if cookie is activated). 1 year
    BT_ecl Contains a list of project IDs for which the visitor is excluded. This cookie is set by the web service if the client has configured that not all visitors are assigned to a test, but only a certain fraction (only if cookie is activated). 30 days
    cntcookie Functional / required:
    Exclusion from the Census (list of Account IDs)
    4 years
    _et_coid Cookie recognition (only with cookie activation). 2 years and/or configurable
    GS3_v Set by the Optimizer Web Service. Contains the same Visitor ID as BT_pdc (only with cookie activation). 1 year

    Third-Party Cookies from eTracker (Analytics)

    Cookie-Name Description Retention Period
    cntcookie Functional / required:
    Exclusion from the count (list of Account IDs)
    4 years
    _et_coid Cookie recognition (only with cookie activation) 2 years and/or configurable
    GS3_v Is set by the Optimizer Webservice. Contains the same Visitor ID as BT_pdc (only with cookie activation). 1 year

    Cookies stored by eTracker (Analytics) in the Local Storage

    Cookie-Name Description Retention Period
    targetingAPISession Data collected in the current session for the optimiser (only with cookie activation).  
    _et_coid Cookie recognition, see corresponding 1st party cookie (only with cookie activation).  
    et_oi_v2 Functional / required:
    OptIn-Cookie, see corresponding 1st party cookie
    et_allow_cookies Functional / required: 
    See corresponding 1st party cookie.

    c. How can I deactivate cookies?

    In the following you will find a summary of links that provide detailed information on the deactivation of cookies in commonly used browsers.

    Mozilla Firefox (https://support.mozilla.org/en-US/kb/delete-cookies-remove-info-websites-stored)

    Internet Explorer (https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies)

    Google Chrome (https://support.google.com/accounts/answer/61416?hl=en)

    Safari (https://support.apple.com/en-en/guide/safari/sfri11471/mac)

    Under no circumstances will the data we collect be passed on to unauthorized third parties or linked to personal data without your consent.


    12. Deletion and blocking of personal data

    We adhere to the principles of data avoidance and data economy. We only store your personal data for as long as necessary to achieve the aforementioned purposes or as provided for by the various storage periods provided for by law. After the respective purpose or expiry of the statutory retention periods and insofar as they are no longer required for contract performance or contract initiation, the personal data will be blocked or deleted in accordance with the statutory provisions and state of the art technology.


    13. Your rights as a data subject

    You have the right to object to the processing of your personal data at any time. If you object, we will no longer process your personal data unless we can prove compelling legitimate reasons for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

    We process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising.

    If you object to the processing for direct advertising purposes, we will no longer process your personal data for these purposes.


    14. Recipient of an objection

    The objection can be made form-free with the subject "objection" stating your name, your address and your date of birth and should be addressed to:

    European Energy Exchange AG
    Augustusplatz 9
    04109 Leipzig

    E-mail: dataprotection@eex.com

    We have a period of four weeks to process your objection, which in exceptional cases will be extended by a further two months if this is necessary in view of the complexity and number of applications.


    15. Your rights as a data subject

    As a person affected by the processing of your data, you have the following individual rights:

    • Right to correct and, if necessary, supplement your personal data processed by us
    • Right to transparent information about the handling of your personal data processed by us
    • Right to information about your personal data processed by us
    • Right of blocking or deletion and the right to be forgotten
    • Right to limitation of processing
    • Right to data transferability
    • Right of objection
    • Right to revoke consent already given with future effect
    • Right of appeal to the competent supervisory authority for data protection

    If our processing of your personal data is based on your consent, you also have the right to revoke your consent without affecting the legality of our processing on the basis of your consent before its revocation.

    Please note that due to legal storage periods we may still be obliged to store certain personal data of yours even after an application for deletion or "right to be forgotten".

    The supervisory authority responsible for data protection is:

    Sächsischer Datenschutzbeauftragter
    Herr Andreas Schurig
    Bernhard-von-Lindenau-Platz 1
    01067 Dresden


    16 Changes to the data protection regulations

    We reserve the right to adapt this data protection declaration if necessary so that it always complies with current legal requirements or to implement changes to our services in the data protection declaration, e.g. when introducing new services. The updated privacy policy will be published on our website. Subject to existing legislation, all changes will come into force as soon as the updated privacy statement is published. If we are subject to a legal obligation to provide information, we will also inform you of any material changes to our data protection declaration


    17. Validity

    This data protection declaration continues to apply indefinitely from its publication. The validity of this data protection declaration is cancelled by the announcement of a subsequent data protection declaration.

    Announced on: 28 September 2020



    > Privacy Policy