Sekem Energy GmbH

The protection of your personal data is of particular concern to us at Sekem Energy GmbH. We process your data exclusively on the basis of the statutory provisions, in particular the EU Data Protection Basic Regulation (GDPR) and the associated federal laws.

With this data protection declaration we would like to inform you about the essential aspects of our data processing.


  1. Law, definition of terms

With the entry into force of the Basic Data Protection Regulation (GDPR) and the new Austrian Data Protection Act (DSG) on 25 May 2018, the processing of personal data for the protection of individuals was newly regulated.

According to Art. 4 row 1 of the Basic Data Protection Regulation (GDPR), "personal data" means all information relating to an identified or identifiable natural person (= affected person). An identifiable natural person is one who, directly or indirectly, in particular by attribution

o to an identifier, such as a name,

o to an identification number,

o to location data,

o to the online identifier or

o one or more special characteristics

can be identified which are expressions of the physical, psychological, genetic, psychological, economic, cultural or social identity of that natural person.


  1. Affected

In the course of the business transaction of Sekem Energy GmbH (hereinafter referred to as the responsible party) with their

  • consulting clients,
  • other suppliers,
  • other business partners

collects, stores, processes and transmits personal data to the persons responsible for the above-mentioned data subjects.


  1. Purpose of processing

These data are required for the fulfillment of the respective contracts, such as

  • consultancy contracts
  • contracts for R&D projects
  • other contracts with other business partners or other suppliers

or for the implementation of pre-contractual measures.

In addition, existing customer and supplier data and data from other business partners are used for accounting purposes and to carry out marketing measures for the person responsible. Personal data is used for the following marketing purposes: Sending of newsletters (by e-mail or by post), information folders or brochures (by post), image brochures (by post), invitations to present R&D project results (by post), etc.


  1. Legal basis

The data processing takes place on the one hand

  • pursuant to Art. 6 para. 1 lit b GDPR for the performance of the respective contract concluded (consultancy agreements, etc.)

and on the other hand

  • pursuant to Art. 6 para. 1 lit c GDPR to fulfil a legal obligation pursuant to § 132 BAO (retention period 7 years); § 190 UGB (accounting obligation); § 212 UGB (retention obligation)


  1. Recipient of personal data

The personal data will be transmitted to the following companies for the fulfilment of contractual and legal obligations:

  • Seirische Wirtschaftstreuhand GmbH&Co KG, Leonhardstrasse 109, 8010 Graz, Austria
  • XIT, GmbH, Reinighausstrasse 49/51, 8020 Graz
  • Banks, insurance companies, public authorities and funding agencies in case of need
  • Funding agencies
  • etc.


  1. Deletion and storage periods

When personal data is collected, a manual/electronic file is created for the person responsible, which contains all contracts, correspondence, etc. This file is stored for the duration of the respective contract. After the end of the contract, (consulting contracts, funding contracts, etc.) the file must be kept for 7 years in the company of the responsible persons for a possible examination by the tax office. In case of possible legal disputes from the respective contract, this file is archived beyond that as paper file up to 30 years - up to the expiration of the absolute limitation period in accordance with § 1489 ABGB. This does not apply to account data which is no longer required and which is deleted prematurely. Access to the archived paper files is granted exclusively to the responsible clerk and the management.


  1. Rights affected

a) Right to information

Pursuant to Art. 15 GDPR , every affected person (consulting customer, other supplier/business partner, etc.) has the right to demand confirmation from the responsible person as to whether his personal data have been processed and - if so - to be informed about the following information:

  • the purposes for which the personal data will be processed,
  • the type of data (= categories of personal data) to be processed,
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations,
  • if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration,
  • the existing right to rectify or delete the personal data concerned or to limit the processing by the data controller or to object to the processing,
  • the existence of a right of appeal to the supervisory authority,
  • if the personal data are not collected from the data subject, any available information on the origin of the data,
  • the use of automated decision making systems (including profiling) and the scope and intended impact of such processing on the data subject.

(b) Right to rectification, cancellation, limitation, transferability, opposition, withdrawal of consent

In addition, every affected party (customer, other supplier/business partner, etc.) also has the right according to Art. 16 to 21 GDPR to demand the REPORT of his incorrect personal data or their immediate deletion - if one of the following reasons is given:

  • the personal data are no longer necessary for the purposes for which they were collected or otherwise processed,
  • the data subject withdraws the consent on which the processing was based and there is no other legal basis for the processing,
  • the data subject objects to the processing and there are no overriding legitimate reasons for further processing,
  • the personal data have been processed unlawfully,
  • the deletion of personal data is necessary for the fulfilment of a legal obligation (according to Union law or the law of the Member States) to which the person responsible is subject,
  • the personal data were collected from a child in the context of Information Society services.

However, a right to delete the data pursuant to Art. 17 GDPR does NOT exist if the processing is necessary to assert, exercise or defend legal claims or to fulfil a legal obligation (performance of contract).

Every person concerned (customer, other supplier/business partner) has the right to receive "his" data "in a machine-readable form" (right of transferability) and to reuse it for his own purposes and various services. This right can also be asserted in an upright contractual relationship.

Requests for the transferability of personal data must be made in writing to the person responsible, proving the identity of the person concerned (copy of identity card).

Likewise, every data subject (customer, other supplier/business partner, etc.) has the right, pursuant to Art. 21 GDPR, to object at any time to the processing of his/her personal data for reasons arising from his/her particular situation; this also applies to profiling based on this provision.

The person responsible shall then no longer process the personal data unless he can prove compelling reasons for processing worthy of protection which outweigh the interests, rights and freedoms of the persons concerned, or the processing serves the assertion, exercise or defence of legal claims.

The IMPLEMENTATION OF CONSENT pursuant to Art. 7 GDPR does not affect the legality of previous processing operations (which have taken place on the basis of consent). A revocation can be made in writing or orally - however, a written form is recommended for conclusiveness.

c) Right of appeal

Pursuant to Art. 77 GDPR and § 24 DSG, every affected party (consulting customer, other supplier/business partner, etc.) has the right to lodge a complaint with the data protection authority within one year of becoming aware of the data protection violation if the person responsible has violated the GDPR or the DSG in processing the personal data concerning him/her.

If the data protection authority does not deal with the complaint or does not inform the data subject of the status or outcome of the complaint within three months, the data subject may also appeal to the Federal Administrative Court.


All enquiries and requests to the person responsible (concerning points 7. a) to c)) must be made in written form with proof of the identity of the person concerned (copy of identity card).


Contact details of those responsible

Sekem Energy GmbH

Steinberg 132

8151 Hitzendorf


Name of the managing director: Bsc. Birgit Birnstingl - Gottinger


This email address is being protected from spambots. You need JavaScript enabled to view it.

Phone: 0043 316 587984