Privacy notice

Data Protection Declaration for the processing of personal data

The European Energy Exchange AG informs you within the scope of this data protection declaration about how we and our companies listed below (hereinafter "EEX", "we" or "us") process your personal data, with special attention to the processing of personal data according to the general data protection regulation EU 2016/679 ("GDPR") and the applicable national data protection laws.


1. Preamble

Within the scope of this data protection declaration, EEX informs the public about the type, scope and purpose of the personal data collected, used and processed. Furthermore, by means of this data protection declaration, you will be informed about the rights to which you are entitled.

Within EEX, a consistently high level of data protection is guaranteed. We have implemented numerous technical and organizational measures to ensure the most complete possible protection of personal data processed via the websites, IT systems and applications. Nevertheless, internet-based data transmissions can have security gaps, so that complete protection cannot be guaranteed. For this reason, every person concerned is free to transmit personal data to us by alternative means, for example by telephone.

This data protection declaration must be read in conjunction with the other legal notices and terms of use. This data protection declaration applies to the website


2. Definitions

Our data protection declaration is based on the concepts used by the European Commission in the adoption of the GDPR and the national data protection laws. The data protection declaration should be easy to read and to understand for the public as well as our customers, business and trade partners. To ensure this, we would like to explain the terms used in advance.

We use the following terms, among others, in this data protection declaration:

a) Personal data

Personal data are all information relating to an identified or identifiable natural person (hereinafter "data subject"). Identifiable is a natural person who can be identified directly or indirectly, in particular by assignment to an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.

b) Data subject

Data subject is any identified or identifiable natural person whose personal data are processed by the controller.

c) Processing

Processing means any operation or series of operations carried out with or without the aid of automated procedures in relation to personal data, such as the collection, recording organisation, sorting, storage, adaptation or alteration, reading, retrieval, use, disclosure by transmission, dissemination or any other form of provision, comparison or linking, restriction, erasure or destruction.

d) Restriction of processing

Restriction of processing is the labelling of stored personal data to allow the restriction of their future processing.

e) Profiling

Profiling is any form of automated processing of personal data which consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the performance of work, economic situation, health, personal preferences, interests, reliability, behaviour, location or relocation of that natural person.

f) Data controller or controller

The data controller or controller is the natural or legal person, public authority, institution or other body which at its sole discretion / solely or jointly with others decides on the purposes and means of processing personal data

g) Processor

A Processor is a natural or legal person, authority, institution or other body that processes personal data on behalf of the data controller

h) Recipient

A Recipient is a natural or legal person, authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, authorities which may receive personal data under European Union law or the law of the Member States within the framework of a particular investigation mandate shall not be regarded as recipients.

i) Third party

A third party is a natural or legal person, authority, institution or other body other than the data subject, the data controller, the data processor and the persons authorized to process the personal data under the direct responsibility of the data controller or the data processor.

j) Consent

Consent shall mean any informed and unequivocal expression of will voluntarily given by the data subject in the particular case in the form of a declaration or other clear affirmative act by which the data subject indicates his or her consent to the processing of personal data concerning him or her.

For the sake of better legibility, there is no explicit differentiation between the female and the male form. However, both are always meant.


3. Name and address of the controller

The person responsible within the meaning of the GDPR, within other data protection laws in force in the Member States of the European Union and within other provisions of a data protection nature is:

European Energy Exchange AG
Augustusplatz 9
04109 Leipzig

Phone: +49 341 2156 0
Fax:      +49 341 2156 109

Link to imprint:


4. Name and address of the data protection officer

The data protection officer of the controller is

Data Protection Officer
Deutsche Börse AG
60485 Frankfurt am Main


If you have any questions or comments on the subject of data protection, please contact the data protection officer.


5. Legal basis for the processing of personal data

We process your personal data in compliance with the applicable data protection regulations.

We only process the data that we require as part of our range of services.

  • The legal basis for such processing of personal data for pre-contractual and contractual purposes is Art. 6 para. 1 b) GDPR.
  • In addition, we process your personal data to fulfil legal obligations (e.g. regulatory requirements, commercial and tax storage obligations). In this case, the legal basis for processing is the respective legal regulations in conjunction with Art. 6 Para.1 c) GDPR.
  • We also process your data if required by Art.6 Para.1 f) GDPR to protect the legitimate interests of us or third parties. This may be necessary in particular to ensure IT security and operation and to advertise our own products and other products of the EEX Group and cooperation partners, as well as for customer satisfaction surveys.
  • Should we wish to process your personal data for a purpose not mentioned above, we will inform you in advance within the framework of the statutory provisions.


6. Data-Processing in third countries

We process your data on servers and IT systems within the European Union (EU) or within the European Economic Area (EEA). In individual cases, your personal data may also be processed in third countries, which may not offer the same level of protection as the places where you first provided the data. However, we will only transfer your personal data to contractors to companies in third countries if we have agreed with the relevant contractors a standard data protection clause adopted by the European Commission as adequate protection for your personal data.


7. Collecting general data and information about our websites

Our websites collect a series of general data and information each time a person or an automated system accesses the websites. These general data and information (s. chapter 8) are stored in the log files of the server.

This information is required to (1) correctly deliver the content of our website, (2) optimize the content of our website and, if necessary, the advertising for it, (3) ensure the permanent functionality of our information technology systems and the technology of our website, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber-attack. These anonymously collected data and information are therefore evaluated statistically and additionally evaluated with the aim of increasing data protection and data security within EEX in order to ultimately ensure an optimal level of protection for the personal data processed by us. The anonymous data of the server log files are stored separately from all personal data provided by a person concerned.


8. Categories of personal data and purposes of our processing

We process the following categories of your personal data for the following purposes:


8.1 Users of the website

For users of the website, we record the country of origin, the address of your internet service provider (IP or URL) or the server name, the name of the website from which you are visiting us, the name of our websites that you have visited, which operating system and which browser you use, which search term you have entered and the date and duration of your visit for statistical purposes in anonymised form. We use this personal data for the operation of the website, in particular:

a) for the technical support of the users / for the answering of inquiries

b) for the operation and administration of our website

c) for the guarantee of network and data security, insofar as these interests are in accordance with the applicable law and with the rights and freedom of the user in each case

d) for the prevention and detection of fraud and criminal offences and/or

e) if we are legally obliged to do so.

Our website also offers the possibility of user registration. If you are registered with us, you can access content and services that we only offer to registered users. In the course of the respective registration process, you provide us with further personal data. Registered users also have the option of changing or deleting the personal data provided during registration at any time if required. Of course, we will also provide you with information about the personal data we have stored about you at any time. We will be happy to correct or delete them at your request, provided that there are no legal storage obligations to the contrary.


8.2 User enquiries by email or contact form

If you contact us by e-mail or contact form, the information you have provided will be stored for the purpose of processing your inquiry and for possible follow-up questions. In this context, you provide us with the following personal data, for example:  Name, company, contact details such as business e-mail address, telephone number and business address, request. We use this personal data to process your inquiries and/or to provide the requested information.


8.3 Recipients of newsletters and advertising

On our websites you are given the opportunity to subscribe to various newsletters. For legal reasons, a confirmation e-mail in the double opt-in procedure is sent to the e-mail address entered by the person concerned for the first time for sending the newsletter. This confirmation e-mail serves to check whether the owner of the e-mail address has authorized the receipt of the newsletter as the person concerned. The subscription to our newsletter as well as the consent to the storage of personal data, which the person concerned has given us for the newsletter dispatch, can be revoked at any time. For the purpose of revoking your consent, you will find a corresponding link in every newsletter. For the subscription of newsletters we collect personal data such as title, first name, surname, company, e-mail address, telephone, address and newsletter type. We use this data to send you newsletters and advertising for our services and our websites and, if necessary, also to contact you by telephone or by post, insofar as this is legally permissible and provided that you have not objected to the sending of advertising.


8.4 Registration for events

To be able to invite you to events, we record the title, first name, surname, e-mail address, company and participation in the event.


8.5 Applications and application procedures

EEX collects and processes the personal data of applicants for the purpose of handling the application procedure. Processing can take place by post or electronically. Please note that application documents sent by email are transmitted unencrypted. To protect your application documents during the transfer, you can contact our human resources department. We then offer you the opportunity to transmit your data to us via secure access. If the person responsible concludes an employment contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents shall be automatically deleted six months after notification of the decision of rejection, provided that no other legitimate interests of the controller stand in the way of deletion. Other legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (“AGG”).


8.6 Social media

If we integrate social media in our communication and you access their services, the data protection conditions of the social media service used apply.

You will find us on the following social media platforms with our own channels. By using social media, we would like to inform you about topics relevant for our business activity and the market. With this Privacy Notice we would like to inform you about the platform providers, the collection of personal data and your rights regarding data protection. Please find the purposes of data processing and the categories of data in following listing of our social media channels.


8.6.1 Categories of your Personal Data, responsibilities and purposes of data processing

We use the statistic services of the respective social media platforms (as listed below) to develop and optimize our social media channels according to its use. The statistic services retrieves information about the usage of our social media channels and provides it to us as statistical information. By this means we get insights about activities and amount of our social media channel visitors, reach of our postings on the respective social media platform, usage and duration of usage of multimedia content on our website, geostatistics about our social media channel visitors and percentage of gender of our visitors.

Our option to access profiles of specific users is limited by the privacy settings of the respective social media platform of each user following one of our social media channels. We may use your profile information for internal report on certain campaigns. Usage of your profile information is limited to the information you have set to be publicly available on the social media site, such as your name, username, gender, friends network, age range, locale and any other information you have made public. Furthermore, we store your username as personal data every time you send us a direct message.


8.6.2 Twitter

When you followone of our Twitter channelsfrom the European Union, the responsible Twitter entity for processing of your personal data is:

Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland

Twitterprocesses personal data according to its Data Policy you find here:


It includes contact details for data protection queries and data subject’s right requests here:

Twitter International Company, Attn: Data Protection Officer, One Cumberland Place,Fenian Street, Dublin 2, D02 AX07 Ireland




Privacy Shield:


8.6.3 Google and YouTube

When you visit one of our YouTube channelsor Google+ pages, data about your visit will be processed by

Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA


Google processes personal data according to its Data Policy you find here:


It includes contact details for data protection queries and data subject’s right requests here:


8.6.4 LinkedIn

When you visit one of our LinkedIn channels, data about your visit will be processed by

LinkedIn Ireland Unlimited Company,Wilton Place, Dublin 2, Ireland


LinkedIn processes personal data according to its Data Policy you find here:


It includes contact details for data protection queries and data subject’s right requests here:


9. Processor

We use external service providers for the processing and storage of their personal data. For example, our service providers support us in operating our websites, IT systems and applications as well as in carrying out marketing measures (e.g. sending newsletters). Our service providers process data only in accordance with the instructions and under the control of EEX AG and exclusively for the purposes described in this data protection information. We ensure that appropriate technical and organisational precautions are taken to protect your personal data from unauthorised access. We regularly review our security policies, procedures and service providers to ensure the security of our websites, IT systems and applications.


10. Disclosure of personal data

Your personal data may be disclosed both within Deutsche Börse Group and within the EEX Group, for example to fulfil contractual obligations. Should further group mergers with other companies occur in the future or should individual companies belonging to the group decide to establish further subsidiaries, their declaration of consent to this data protection declaration shall continue to apply insofar as compliance with a data protection level comparable with this data protection declaration is ensured.

We may also disclose your personal data to public authorities if required by applicable law. A passing on of your personal data is also permitted if there is suspicion of a criminal offence or the misuse of the services offered on our website. In this case we are entitled to transfer your personal data to the law enforcement authority.

Otherwise, we will only pass on your personal data to others such as cooperation partners or advertising partners for their own purposes if you have expressly and voluntarily consented to the passing on of your personal data. In this case, we will request your consent separately from this privacy notice.



11. Use of Cookies

When you visit the website, information is stored on your terminal device in the form of a "cookie". Cookies are small files that are stored on your terminal device and save certain settings and data to exchange with our websites via your browser.

For example, cookies enable us to tailor a website to better match your interests or to store your password so that you do not have to re-enter it every time. As a general rule, we never collect personal data via cookies, unless you have given us your express permission to do so.

If you do not want us to recognize your terminal device, please configure your Internet browser to erase all cookies from your device, to block all cookies or to receive a warning before a cookie is stored. You will find brief instructions on how to do this below.

Please note that certain functions of our website may no longer work, or not correctly, without cookies.


a) Types of cookies

Cookies can be assigned to four categories, depending on their function and intended purpose: absolutely necessary cookies, performance cookies, functional cookies, and cookies for marketing purposes.

  1. Absolutely necessary cookies - are needed for you to navigate within websites and operate basic website functions, such as the issuance of anonymous Session IDs for bundling several related queries to a server.
  2. Performance cookies - collect information on the usage of our websites, including for example the Internet browsers and operating systems used, the domain name of the website which you previously visited, the number of visits, average duration of visit, and pages called up. These cookies do not store any information that would make it possible to personally identify the user. The information collected with the aid of these cookies is aggregated and is therefore anonymous. Performance cookies serve the purpose of improving the user friendliness of a website and therefore enhancing the user’s experience. You can block the use of such cookies by creating an exclusion cookie (see “managing cookies” below).
  3. Functional cookies - enable a website to store information the user has already entered (such as user ID, language selection, or the user’s location), in order to offer improved, personalized functions to the user. Functional cookies are also used to enable requested functions such as playing videos and to make a user’s decision to block or disable a certain function (e.g. web analysis).
  4. Cookies for marketing purposes - are used to offer more relevant content to users, based on their specific interests. They are also used to limit the display frequency of an ad and to measure and control the effectiveness of advertising campaigns. They register whether users have visited a website or not, and which contents were used. This information may possibly also be shared with third parties, such as advertisers, for example. These cookies are often linked to the functions of third-party websites. You can block the use of such cookies by creating an opt-out cookie (see “Managing cookies” below).


b) Cookies on Our website



Retention period


Contains base64-coded visitor history data (is customer, newsletter recipient, etc.) for personalization.

1 Year


Contains base64 encoded data from the current visitor session (referrer, number of pages, number of seconds since the session began) used for personalization purposes.



Only used to recognize whether cookies are activated in the visitor's browser or not.


Cookie recognition.

 2 Years


A security measure that appends a random string to all form submissions to protect the data from Cross-Site Request Forgery (CSRF).

1 Hour


A security measure that appends a random string to all form submissions to protect the data from Cross-Site Request Forgery (CSRF).



Detect if the visitor is measuring the scroll depth.

1 Day


The value of this cookie triggers the cleanup of local cache storage. When the cookie is removed by the backend application, the Admin cleans up local storage, and sets the cookie value to true.

1 Day


Local storage of visitor-specific content that enables ecommerce functions.

1 Day


Forces local storage of specific content sections that should be invalidated.

1 Day


Tracks error messages and other notifications that are shown to the user, such as the cookie consent message, and various error messages. The message is deleted from the cookie after it is shown to the shopper.

2 Day


Tracks the version of translations in local storage. Used when Translation Strategy is configured as Dictionary (Translation on Storefront side).



Stores translated content when requested by the shopper. Used when Translation Strategy is configured as “Dictionary (Translation on Storefront side)”.



Appends a random, unique number and time to pages with customer content to prevent them from being cached on the server.


It is set in multiple places: in PHP, in JavaScript as a cookie, and in JavaScript to local storage.


For the HTTP Only Yes (based on request) means that the cookie Secure if set during HTTPS request and unsecure if set during HTTP request.

10 Years


Stores configuration for product data related to Recently Viewed / Compared Products.

1 Day


Stores product IDs of recently compared products.

1 Day


Stores product IDs of previously compared products for easy navigation.

1 Day


Stores product IDs of recently viewed products for easy navigation.

1 Day


Stores product IDs of recently previously viewed products for easy navigation.

1 Day


Stores customer-specific information related to shopper-initiated actions such as display wish list, checkout information, etc.

1 Day


Indicates whether a customer allows the use of cookies. (first party cookie).

1 Year


We use analytical and qualitative cookies. These cookies allow us to collect information about the use of our website by its visitors in order to improve the user-friendliness and quality. These cookies do not store any information that would allow personal identification of the user. The data is used exclusively for purposes related to our website and is not passed on to third parties or made available to third parties. The following service is used for this purpose on our behalf:

etracker Analytics

This is a web analysis service.

Company that processes the data:

etracker GmbH

Erste Brunnenstraße 1, 20459 Hamburg, Germany

Data processing purposes:

  • Web analysis to improve our website

Used technologies for data storage on the visitor's device:

  • Cookies
  • local storage
  • Valid for up to 2 years.

Processed data:

  • IP address (anonymised)
  • Browser information (referrer URL, browser, operating system, device information, date and time and/or website content)
  • Usage data (views, scrolling, clicks)

Legal basis:

  • Data processing is carried out on the basis of the legal provisions of Art. 6 para. 1 lit. f (legitimate interest) of the EU data protection basic regulation.

Place of processing:

  • Germany, European Union

Data access by or transfer to third parties:

  • No

Transfer to third countries:

  • No



c) Managing cookies

You can change your cookie preferences at any time by adjusting your decission to ‘On’ or ‘Off’, then clicking ‘Save and close’. You may need to refresh your page for your settings to take effect.

Open Cookies Preference Manager

Please note: Not all of the cookies mentioned above will necessarily be used when you browse our website using a mobile terminal device.


d) How can I deactivate cookies?

In the following you will find a summary of links that provide detailed information on the deactivation of cookies in commonly used browsers.


12. Deletion and blocking of personal data

We adhere to the principles of data avoidance and data economy. We only store your personal data for as long as necessary to achieve the aforementioned purposes or as provided for by the various storage periods provided for by law. After the respective purpose or expiry of the statutory retention periods and insofar as they are no longer required for contract performance or contract initiation, the personal data will be blocked or deleted in accordance with the statutory provisions and state of the art technology.


13. Your rights as a data subject

You have the right to object to the processing of your personal data at any time. If you object, we will no longer process your personal data unless we can prove compelling legitimate reasons for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

We process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising.

If you object to the processing for direct advertising purposes, we will no longer process your personal data for these purposes.


14. Recipient of an objection

The objection can be made form-free with the subject "objection" stating your name, your address and your date of birth and should be addressed to:

European Energy Exchange AG
Augustusplatz 9
04109 Leipzig


We have a period of four weeks to process your objection, which in exceptional cases will be extended by a further two months if this is necessary in view of the complexity and number of applications.


15. Your rights as a data subject

As a person affected by the processing of your data, you have the following individual rights:

  • Right to correct and, if necessary, supplement your personal data processed by us
  • Right to transparent information about the handling of your personal data processed by us
  • Right to information about your personal data processed by us
  • Right of blocking or deletion and the right to be forgotten
  • Right to limitation of processing
  • Right to data transferability
  • Right of objection
  • Right to revoke consent already given with future effect
  • Right of appeal to the competent supervisory authority for data protection

If our processing of your personal data is based on your consent, you also have the right to revoke your consent without affecting the legality of our processing on the basis of your consent before its revocation.

Please note that due to legal storage periods we may still be obliged to store certain personal data of yours even after an application for deletion or "right to be forgotten".

The supervisory authority responsible for data protection is:

Sächsischer Datenschutzbeauftragter
Herr Andreas Schurig
Bernhard-von-Lindenau-Platz 1
01067 Dresden


16. Changes to the Privacy notice

We reserve the right to amend this Privacy notice as necessary to ensure that it always meets current legal requirements or to implement changes to our services in the Privacy notice, e.g. when introducing new services. The updated Privacy notice will be published on our website. Subject to applicable law, all changes will take effect as soon as the updated privacy statement is published. If we are subject to a legal obligation to inform you, we will also inform you of any material changes to our Privacy notice. 


17. Validity

This data protection declaration continues to apply indefinitely from its publication. The validity of this data protection declaration is cancelled by the announcement of a subsequent data protection declaration.

Announced on: 27 November 2019