Last updated: 25.5.2022

Privacy policy

We take your privacy and security seriously. To protect your personal data, we comply with the provisions of the German Federal Data Protection Act (BDSG) and the German Telemedia Act (TMG), as well as those of the General Data Protection Regulation (GDPR) that took effect on 25 May 2018. This page explains how we process the personal information that we collect when you visit this website.

This internet service platform provides general contact information for energy transition projects that are managed by various providers.

This internet service platform also offers assets of various providers, as outlined in numbers (3), (4) and (7) of § 1(2) VermAnlG. eueco GmbH is the platform operator and financial intermediary for this platform (see About this site).


1. The responsible party and data protection officer

eueco GmbH is the responsible party and service provider for this platform. The role of the responsible party is defined in Art. 4 (7) of the German Data Protection Regulation (GDPR), and the role of the service provider is defined in the German Telemedia Act (TMG).

eueco GmbH (‘Platform Operator’)
Corneliusstraße 12
80469 Munich

If you have any questions regarding data protection, our website or our range of services, or if you wish to exercise your rights as a data subject, please contact our data protection officer:

External Data Protection Officer / Platform Operator
Prof. Thomas Jäschke
Datatree AG
Heubesstraße 10
40597 Düsseldorf / Germany
T +49 211 93190-700
F +49 211 93190-799

We work closely with the Institute for Climate Protection, Energy and Mobility e.V. (IKEM), Bündnis Bürgerenergie e.V. and 100 prozent erneuerbar stiftung on the project ‘ENGAGE – Energieforschung und Netzwerkbildung zum gemeinschaftlichen Ausbau gesellschaftlicher Engagementmöglichkeiten’. Because of our close cooperation on this project, we process your personal data jointly. To protect your rights and ensure that all parties comply with the requirements of the EU General Data Protection Regulation (GDPR), we’ve signed an agreement that establishes the rules for processing your personal data. As ‘joint controllers’ (see Art. 26 GDPR), we’re jointly responsible for the processing of your personal data. If you’d like to contact these organisations, please use the information below:

 Bündnis Bürgerenergie e.V.  

Marienstr. 19 – 20, 10117 Berlin


100 prozent erneuerbar stiftung  

Torstraße 178, 10115 Berlin


IKEM - Institut für Klimaschutz, Energie und Mobilität e.V.  

Magazinstraße 15 – 16, 10179 Berlin

All of the above parties have signed an agreement that specifies how we will protect your rights and comply with the obligations of the GDPR, especially with regard to the rights of data subjects and the requirements of Art. 13 and 14 GDPR.

You can contact each organisation individually to find out more about how we process your data or to exercise your rights.

If you have questions about how your data will be processed by an asset provider after you sign a contract, please contact the data protection officer(s) listed on the project pages.

This page describes how we collect data when you visit our website. We’re providing this information to make our data collection process transparent and   fulfil our obligation to keep you informed about your rights regarding your personal data. If you have questions about our data collection process that aren’t answered on this page, please contact us.


2. How we collect, process and use your data

Personal data is information that can be used to identify a person – in other words, information that can be traced back to an individual. We only collect, use and share your personal data with third parties if doing so is permitted by law or if you’ve given us your express consent to collect this data.

The kinds of data we collect, and the way we use your data, varies based on your purpose for using this platform – specifically, whether your purpose in visiting our site is only to retrieve information, or whether you’re visiting to make use of the services we offer.


Legal basis for data processing

We process your personal data in accordance with the applicable data protection regulations. We have a lawful basis for processing this data if you’ve given us your consent (Art. 6(1)(a) GDPR) or if processing is necessary to fulfil a contract (Art. 6(1)(b) GDPR), meet legal requirements (Art. 6(1)(c) GDPR) or protect our legitimate interests in the context of a balancing of interests (Art. 6(1)(f) GDPR).


2.1 Visiting our site for information purposes

You can visit the internet service platform (‘Portal’) for information purposes without entering any personal data. In this case, we only collect data about page access (‘server log files’). This means we only collect the data that your browser transmits to our server and that is technically necessary for us to display our website on your device and keep our site stable and secure. We collect the following data (called ‘log data’) for this purpose:

  • IP address (only if we detect invalid sign-on attempts)
  • Date and time of the request
  • Time zone difference from Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Volume of data transferred
  • Referral website (the website that directed you to our site)
  • Browser
  • Operating system and interface
  • Browser software version and language

We use the log data for statistical evaluations that help us operate, secure and optimise the services we offer. Art. 6 (1)(f) GDPR provides the lawful basis for us to process this data. We have a legitimate interest in ensuring that the connection is stable and secure, and therefore in improving the quality and functionality of the site. The Portal operator reserves the right to review log data retroactively if we have reason to suspect unlawful use.


2.2 Registering or acquiring an asset

If you register on our website and/or purchase an asset, we may collect and process the following data so that we can take relevant pre-contractual steps and carry out contracts related to citizen participation:

  • Your username or email address and the password you use when you register on our website
  • After you register, we collect mandatory master data, including your first and last name, your title, your date of birth, your address and your telephone number.
  • If a private individual is acquiring an asset, we also require the name of the bank, the account holder, the IBAN and the BIC.

If you register on our website or purchase an asset as a company, we collect the following data:

  • Name of the company (business name)
  • Founding date
  • Registered office
  • Address
  • Telephone number
  • Email address
  • Local court and registry number
  • Legal form
  • First name, surname and function of the legal representative

In each case, Art. 6(1)(b) GDPR provides the lawful basis for us to process this data.

If you’re acquiring an asset, we require information on the desired asset and an ‘appropriateness test’ that is mandated for legal reasons. Art. 6(1)(c) GDPR, in conjunction with § 16(2) FinVermV, provides the legal basis for us to process this data.  


Disclosure of personal data/processing by the asset provider

As the financial intermediary, the platform operator collects and processes your data and then transmits it to the relevant asset provider, who further processes it for the purposes of issuing, carrying out and managing the contract. Once the investment process has been completed, the relevant provider stores and processes your data. We use this data only to process the citizen participation agreement.

Once the investment process has been completed, the provider will store and process your data for the length of the contract period and for the length of time required to settle all commercial and tax law issues after the contract period has ended. The platform operator or commissioned service providers will continue to have access to the stored data for the purposes of providing this platform, including for maintenance.

Once the contract has been fully processed, your data will be blocked. Your data will be deleted after tax and commercial regulations are satisfied unless you’ve given your express consent for us to continue using your data.

Please visit the project pages for additional information on how the relevant asset provider processes, uses and discloses data.

We won’t transmit your personal data to third parties unless you’ve given us your consent to do so, or unless we’re permitted to do so by law. Your personal data will only be transmitted to the relevant provider for the purposes of brokering the investment under the terms of the contract.

Any transfer of your personal data to the service providers commissioned by us is based on a separate contractual agreement, as outlined in Art. 28 GDPR (‘Processor’). These processors are service providers that we commission to provide and maintain this platform and to fulfil our obligations under the contract.

We won’t share your personal data with third parties without your prior consent unless we’re legally obligated to do so.


2.3 Cookies

We use cookies to improve your experience and support the functionality of our website. Cookies are small text files that are placed on your computer by the websites you visit. Cookies can’t execute programs or transfer viruses to your computer. Most of the cookies we use are automatically deleted from your hard drive once you log out or close your browser (‘session cookies’). These cookies store a ‘session ID’, which is used to assign multiple requests from your browser to a single session.

Other cookies remain on your computer and allow us to recognise your computer the next time you visit our site (‘persistent cookies’). Persistent cookies are automatically deleted after a specific period of time, which may vary depending on the cookie.

We have a legitimate interest in storing cookies that are required to carry out the electronic communication process or that provide certain functions desired by you. Art. 6(1)(f) GDPR provides the lawful basis for us to carry out these activities. The website operator has a legitimate interest in storing cookies, because doing so enables us to optimise service provision and guarantee that our site operates without errors.

We always ask for your express consent before we activate cookies that aren’t strictly necessary for our website to function.

The table below displays information on the lifespan of the cookies we use and identifies the parties that are authorised to access the data stored by these cookies.




Cookie category



Authorised access


Matomo Analytics Cookie

Analytics cookie

Collects information about surfing behaviour on the domain

After 24 months

The user and the initiating domain


Session cookie

Strictly necessary cookie

Stores your login data

At the end of the session (max. 24 days)

The user and the initiating domain


Cookie Compliance Cookie

Strictly necessary cookie

Records whether the user has accepted cookies

After 100 days

The user and the initiating domain


JavaScript Cookie

Strictly necessary cookie

Records whether JavaScript is enabled

At the end of the session

The user and the initiating domain


Workflow cookie

Strictly necessary cookie

Temporarily stores inputs made in the

At the end of the session

The user and the initiating domain


You can change your browser settings so that your browser notifies you about all cookies placed on your device, accepts cookies only in individual cases, blocks some or all cookies, or automatically deletes cookies when you close your browser. By deactivating cookies, you may limit the functionality of this website. For more information on changing your cookie preferences, please visit your browser’s ‘Help’ menu.

Our use of Matomo

Our website uses Matomo (formerly Piwik). Matomo is an open-source software that allows us to analyse user behaviour on our website.

Matomo collects the following information:

  • Your IP address
  • The URL of the referral website
  • The length of time you spend on our website
  • The number of times you access our website

To collect this data, Matomo stores a cookie in your browser, which places the cookie on your device. This cookie is valid for seven days.

To better protect your privacy, we’ve activated the Matomo anonymisation function (‘Automatically Anonymize Visitor IPs’). This function shortens your IP address by two octets (e.g., which makes it impossible to assign it to you or to the internet connection you’re using.

If you don’t want us to process this information, you can adjust your browser settings to prevent the cookie from being stored. You can also prevent us from analysing your usage behaviour. To do so, you’ll need to disable the corresponding cookie on the cookie banner that’s displayed when you first access our page. When you opt out of cookies, an opt-out cookie is placed in your browser and on your device, which prevents us from analysing your behaviour. The site will display this banner again if you delete the cookies stored on your device.

We process this data on the grounds of our legitimate interest in optimising our site and providing content that’s relevant to our users. Art. 6(1)(f) GDPR provides the legal basis for us to process this data.


Links to other websites

This internet service platform contains links to other websites. The privacy policy described here doesn’t apply to these websites. To find out more about other websites’ policies for collecting, securing, protecting and transferring your data, please visit these websites directly. We can’t be held liable for the content of these websites or for the actions they take.


2.4 Registering for our online newsletter

To register or receive our newsletter, you’ll need to provide your email address. We use a ‘double opt-in’ system for newsletter registration. That means that before we send you the newsletter, we’ll require you to explicitly confirm that you want us to go ahead with your newsletter registration. You’ll receive an email from us that asks you to click on a link to confirm your registration and authorise us to send you the newsletter. By clicking on the link, you confirm that you’d like to receive our newsletter.

We process your newsletter registration data with your consent (Art. 6(1)(a) GDPR) and in keeping with our legitimate interest (Art. 6(1)(f) GDPR) in proving that you’ve given us your consent.

You can unsubscribe from the newsletter at any time. To unsubscribe, click on the unsubscribe link in the newsletter, or uncheck the box for ‘Current offers’ under My account > Personal data. We – and the service providers we commission – only use your email address for the purposes of managing newsletter subscriptions. We won’t share it with third parties.


2.5 Using the contact form

If you use the contact form on our website, the provider or the relevant issuer will receive and process your first and last name, your email address, your telephone number (if you’ve provided it), and the information you’ve entered in the message field. If your question concerns an existing or planned contractual relationship with the provider, we’re authorised to process the data under Art. 6(1)(b) GDPR. If you’ve submitted general questions or comments, we’re authorised to process the data under Art. 6(1)(f) GDPR. We process your data to better categorise your enquiry and respond to it more quickly. We only use this data to process your request. We delete the data after we’ve processed your enquiry or after any legally required retention period has expired.


3. Data security

We take measures to protect your personal data from accidental loss and unauthorised access, use, modification or disclosure. Our website uses state-of-the-art technology to protect against damage, destruction and unauthorised access.

Data is transferred securely using SSL encryption and stored on secure data servers. As an additional precaution, we implement information security measures including access control, mandatory physical security, and qualified information collection, storage and processing.


4. Your rights as a data subject

The paragraphs below explain your rights as a data subject. You can exercise these rights at any time, and at no cost to you, by contacting us using the contact details provided above (see section 1). Our data protection officer will examine and respond to each request individually. If you’d like to withdraw your consent or have your personal data blocked or deleted, please use the contact form.

We’ve summarised your rights here so that you can read and refer to them easily. For a full explanation of your rights, please visit original text here) or contact our data protection officer directly.


4.1 Your right of access (Art. 15 GDPR)

Art. 15 ff. GDPR, in conjunction with section 13(8) of the German Telemedia Act (TMG), gives you the right to know whether we’re processing your personal data and requires us to provide this information to you at your request. If your data is being processed, you have the right to obtain information about the purposes for the processing, the categories of personal data that are being processed, the recipient(s) of the data, the length of time your personal data is stored, the source of your personal data (if applicable), the existence of your rights as a data subject, and the use of automated decision-making.

You can obtain information about the data we’ve stored about you. You can exercise this right at any time and without providing a reason. You also have the right to have this data corrected, deleted or blocked (see section 4.2 below).


4.2 Correcting personal data (Art. 16 GDPR), restricting our ability to process your personal data (Art. 18 GDPR), or objecting to our processing of your personal data (Art. 21 GDPR)

If you believe we are processing personal data that’s incorrect or incomplete, you of course have the right to ask us to correct it.

If we have an overriding legitimate interest in processing your data, you can object to the processing for special reasons. In this case, we’ll only continue to process your data if we have a legitimate reason to do so. The reasons for us to continue processing your data must outweigh your interests, rights and freedoms or be necessary for us to assert, exercise or challenge a legal claim.

With proper justification, you can ask us to restrict our processing activities. If you restrict our ability to process your data, we won’t be able to process your data in any way other than storing it. This doesn’t apply to any processing activities that we have your consent to carry out, or to any processing activities that are necessary for us to assert, exercise or challenge a legal claim, to protect the rights of another natural or legal person, or to protect an important public interest of the EU or of a Member State. If you’ve already given us your consent to process your data in this context, you can withdraw it at any time.


4.3 Exercising your rights to deletion (Art. 17 GDPR) or data portability (Art. 20 GDPR)

If we process your personal data without a compelling reason or for a purpose that no longer applies, you have the right to ask us to delete the data. You also have the right to receive a copy of all of the information that you’ve provided to us. In this case, we’re required to provide you with a copy of the information in a structured, machine-readable and commonly used format.


4.4 Withdrawing your consent (Art. 7(3) GDPR)

If you’ve already given us your consent to process your data, you have the right to withdraw it at any time. Withdrawing your consent only affects our ability to process your data in the future; it doesn’t affect the lawfulness of the processing activities we carried out before you withdrew your consent. To ask us to delete your data, or to notify us of your decision to withdraw your consent, please use the contact form.


4.5. Filing a complaint with a supervisory authority (Art. 77 GDPR)

If you believe we’re processing your personal data in violation of the GDPR, you can file a complaint at any time with a supervisory authority, in particular in the Member State where you live or work or where the alleged infringement took place. The relevant supervisory authority for data protection on this website is the Bayerisches Landesamt für Datenschutzaufsicht (Promenade 27 (Schloss), 91522 Ansbach).

For additional information and for current contact details, please visit the Bavarian State Office for Data Protection Supervision website( or use the complaint form:


5. Updates to this policy

We continuously optimise our website and make technical changes as necessary. We reserve the right to adapt our policy on data protection if doing so is necessary, for example if relevant laws change. Please note that our policy on data protection only applies in the form that’s currently valid when you visit our site.