German Emissions Trading Authority

Data protection

Information from the German Emissions Trading Authority at the German Environment Agency about the processing of personal data pursuant to Articles 13 and 14 of the European Union General Data Protection Regulation (GDPR).

The European Union General Data Protection Regulation (GDPR) has been in force since 25/05/2018 and forms the new legal framework for data protection in Germany and the European Union. Both the new GDPR and the Federal Data Protection Act (BDSG) contain regulations on data collection and the rights of data subjects.

Below we inform you about how we process personal data, your right to complain and the origin of the data collected.

Information on data protection on the DEHSt website

Controller and contact

The German Emissions Trading Authority (DEHSt) is part of Division V at the German Environment Agency. The Controller in terms of Article 4(7) GDPR is the German Environment Agency, represented by the President, Wörlitzer Platz 1, D-06844 Dessau-Roßlau, phone: +49 (0)340 2103-2416, Fax: +49 (0)340 2103-2285, buergerservice@uba.de. You can reach our data protection officer, Mr. Udo Langhoff, at email address udo.langhoff@uba.de and phone number +49 (0)30 8903-5141.

Description of data collection and processing

We are the competent national authority for emissions trading and responsible for approving applications for electricity price compensation, including the payment of state aid to offset indirect CO2 costs.

We process personal data insofar as this is necessary for the fulfilment of its purposes, in accordance with the GDPR and the BDSG.

We provide general information online for operators, verifiers and other parties interested in emissions trading and electricity price compensation. If the opportunity for the input of personal or business data (email addresses, name, addresses) is given, the disclosure of this data takes place expressly voluntarily. This applies to the areas/functions on our pages:

  • RSS feeds
  • DEHSt mailings
  • Contact
  • Send page
  • Was this information helpful?

Data collection

Every access to the website of the German Emissions Trading Authority (DEHSt) at the German Environment Agency is stored in a log file on our Internet server for a maximum of 14 days for data security purposes. The following data is saved in this log file:

  • Name of the downloaded file
  • Date and time of download
  • Data volume transferred
  • Message whether the download was successful

IP addresses are neither collected nor stored in this context.

Evaluation of user behaviour

The stored data is evaluated anonymously exclusively for the optimisation of the website and for statistical purposes. Data will not be passed on to third parties for commercial or non-commercial purposes. Combining data from the log file with other stored data, as may occur when using other offers in connection with the provision of personal data, does not take place. A direct reference from the IP address from the log file to your person is not possible and is excluded. The IP address will only be evaluated in the event of attacks on the Internet infrastructure of the German Emissions Trading Authority, in the event of violations of public morale and in the event of other illegal actions in connection with the use of the website. A conclusion from the IP address to your person is only possible via your dial-up provider through a public prosecutor's investigation.

We use the Matomo open source software for the statistical analysis of visitor accesses. The data collected using this software is used in anonymised form to analyse the use of the German Emissions Trading Authority website and to improve it. Your IP address is immediately anonymised during this process so that you as a user remain anonymous to us. By using the website, you consent to the processing of data collected by Matomo in the manner and for the purposes set out above.

You can prevent data collection by Matomo by activating the ‘Do not track’ function in your Internet browser. In most browsers, you will find this function under ‘Settings -> Data protection’.

Use of cookies

Most browsers allow restrictions on writing so-called cookies. Allowing cookies is not mandatory but often recommended.

The cookies used by the content management system GSB (Government Site Builder) for our website www.dehst.de are divided into technical and other cookies. The technical cookies are used exclusively for the function of the website and not for user identification. They do not contain any personal data. Any other cookies are disabled.

Your input is transmitted encrypted via the internet protocol HTTPS for the secure use of our IT applications.

Newsletter

If you subscribe to the DEHSt newsletter distribution list, your email address, and the newsletter(s) you have selected, will be stored on a server. Processing this data is based on your consent in accordance with Article 6(1)(a) GDPR. We use this data for sending the newsletter. We do not pass on your data to third parties or use it for any of our other purposes. When registering, your data will be stored on our server and a confirmation message with a link to the final registration will be generated and sent to the email address you provided. If you do not confirm the registration by clicking on the link in this email, the data will be deleted after 24 hours. Otherwise, your data will be deleted immediately when you unsubscribe from the newsletter.

Links to other websites

Our website contains links to other websites. We have no influence on whether their operators comply with data protection regulations.

Signed emails

We have been sending advanced signed email messages from the domain dehst.de via our customer service since June 2017. Our signatures are confirmed by the trust service provider D-Trust of the Federal Printing Office (Bundesdruckerei). This D-TRUST certificate is in turn confirmed by the trust service provider COMODO. This is our response to the generally increasing tendency for spam and phishing emails sent from forged email addresses.

If by chance, our email signatures are deemed as non-trustworthy, please check if one or both of the root certificates are missing from your operating system’s certificate store. In this case, you can download the certificates from trust service providers’ websites to save them in your operating system’s certificate store. As a rule, both root certificates should be stored in your operating system’s certificate store.

Unfortunately, and for technical reasons, we cannot read encrypted messages sent to our customer service e-mail address emissionshandel@dehst.de, therefore, please refrain from sending encrypted email queries.

Recipient categories

Those DEHSt staff members who need to access personal data in order to fulfill the specific pursued purposes (for example DEHSt employees who answer your inquiries via the contact form) are granted access.

Storage period

We delete personal data when the stated purposes for which we process the data no longer apply (for example termination of our communication) and there are no longer any legal reasons (for example compliance with recording and retention periods, securing legal claims).

Further processing beyond this – for a limited period – will only take place if this is necessary to safeguard archiving purposes that are in the public interest.

Your data subject rights

When performing public tasks, the German Environment Agency is responsible for processing personal data. Data subjects therefore have the following rights under GDPR:

Right to information – Article 15 GDPR

You can request information about the personal data processed by us and some other important information such as the purposes of processing or the storage period. The exceptions applying to this right are regulated by Section 35 BDSG.

Right to rectification – Article 16 GDPR

You can have inaccurate personal data that concerns you corrected.

Right of erasure – Article 17 GDPR

You can request the deletion of your personal data. However, this is only possible if the personal data concerning you is no longer necessary, is being processed illegally or if consent has been revoked in this regard. The exceptions applying to this right are regulated by Section 35 BDSG.

Right to restriction of processing – Article 18 GDPR

You have the right to ask us to restrict the processing of data concerning you. The restriction does not prevent processing if there is an important public interest in the processing.

Right to data portability – Article 20 GDPR

The right to data portability includes the possibility for the data subject to receive the personal data concerning them from the controller in a common, machine-readable format in order to have it forwarded to another controller if necessary. However, this right is not available according to Article 20(3)(2) GDPR if the data processing serves the performance of public tasks. This is not the case at DEHSt only if personal data is processed for fiscal purposes.

Right to object – Article 21 GDPR

You have the right to object. This includes the possibility for data subjects to object to the further processing of their personal data in a particular situation, insofar as this is justified by the exercise of public tasks or in the public or private interest. According to Section 36 BDSG, this right does not apply if a public body is obligated by law to process personal data.

Right to revoke consent – Article 7(3) GDPR

In addition, you have the right to revoke your consent within the meaning of Article 6(1)(a) or Article 9(2)(a) GDPR at any time without affecting the legality of the processing carried out on the basis of consent until revocation.

Right to complain

According to Article 77 GDPR you have the right to lodge a complaint with the competent data protection supervisory authority. The competent data protection supervisory authority for the German Environment Agency is the Federal Commissioner for Data Protection and Freedom of Information, Husarenstraße 30, D-53117 Bonn, Germany, phone: +49 (0)228 997799-0, poststelle@bfdi.bund.de, www.BfDi.de

14/07/2022

TEHG enforcement

Controller and contact

The German Emissions Trading Authority (DEHSt) is part of Division V at the German Environment Agency. The Controller in terms of Article 4(7) GDPR is the German Environment Agency, represented by the President, Wörlitzer Platz 1, D-06844 Dessau-Roßlau, phone: +49 (0)340 2103-2416, Fax: +49 (0)340 2103-2285, buergerservice@uba.de. You can reach our data protection officer, Mr. Udo Langhoff, at email address udo.langhoff@uba.de and phone number +49 (0)30 8903-5141.

Purposes and legal grounds for processing based on TEHG

We are the competent national authority for emissions trading and we are also responsible for the approval of applications for electricity price compensation and the payment of state aids to offset indirect CO2 costs.

When it comes to enforcement on legal grounds that serves implementation of European and international provisions, we work together with companies whose stationary systems or aircraft are subject to EU emissions trading and support the work of independent verifiers. In addition, we are the contact point for the Federal Ministry of the Environment, the states (Länder) and the responsible state (Land) immission control authorities. We are involved in the further development of emissions trading both nationally and internationally as well as in the European context.

We mainly work electronically with our partners. This applies to the different types of applications, the allocation of allowances as well as account management in the registry and annual emissions reporting.

We also receive personal data while performing the tasks assigned to us by law pursuant to the Greenhouse Gas Emissions Trading Act (TEHG). We process personal data insofar as this is necessary for the fulfilment of their purposes, in accordance with the GDPR and BDSG on the following legal grounds (alternatively and, if necessary, cumulatively):

  1. Processing based on your consent (Article 6(1)(a) GDPR)

    In order to perform our mutual communication, we process personal data based on your consent in accordance with Article 6(1)(a) GDPR for the following purposes (examples):
    Our DEHSt customer service uses a ticket system for processing telephone and written inquiries and sends individual information by email. We provide general information for operators, verifiers and those interested in emissions trading and electricity price compensation (mailings, website) and distribute invitations to events on emissions trading and electricity price compensation (topic-related public and non-public events).
  2. Processing to perform the joint contract (Article 6(1)(b) GDPR)

    We also process personal data as a civil contracting party, for example for IT services. The legal source is Article 6(1)(b) GDPR in conjunction with the respective contract.
  3. Processing to comply with a legal obligation (Article 6(1)(c) GDPR)

    We are the competent authority for the enforcement of emissions trading. Basically, this comprises the following areas of activity:
    - Allocation of emission allowances
    - Monitoring annual emissions reporting and surrendering the required emission allowances (information for the use of personal data of users registered in the German part of the Union Registry)
    - Support and supervision of independent verifiers in the verification of emission data
    - Management of the auctioning of emission allowances in Germany
    - Fulfilment of national and international reporting obligations
    - Checking of applications for payment of state aid to companies with a high power consumption to offset indirect CO2 costs (electricity price compensation)
    - Monitoring the national enforcement of the MRV Maritime Transport Ordinance
    - Monitoring of CO2 emissions from international aviation (CORSIA)
    The aforementioned activities are based on the regulations of the Greenhouse Gas Emissions Trading Act (TEHG) applicable in the respective trading period and supplementary regulations. If it is necessary for the fulfilment of these tasks, we process personal data as the executing authority. This may include the announcement of official decisions on allocations free of charge and the approval of monitoring plans as well as the collection of additional data and information (e.g. about subsequent claims and requests for information) for the fulfilment of DEHSt’s legal obligations.
  4. Processing for the performance of a task in the public interest or in exercising official authority (Article 6(1)(e) GDPR)

    As the executive authority for emissions trading in Germany, we process personal data in the public interest because the tasks to be carried out have been assigned to us by the TEHG as well as supplementary regulations in detail by law. These tasks are therefore fulfilled in the public interest and, under certain circumstances, while exercising official authority (for example in the case of the punishment of intentional or negligent acts within the meaning of Section 32 TEHG – Administrative offences – and in the case of measures pursuant to Section 31 TEHG in the event of non-fulfilment of obligations by an aircraft operator).

Recipient categories

Access is granted to those DEHSt employees who need to access personal data in order to fulfill the specific purposes pursued (see above, for example numbers 2.1-2.4). In performing our public tasks, we transmit personal data in individual cases to other public bodies of the Federal Government (for example Federal Treasury, chief customs offices) or of the states (Länder) (public prosecutors' offices in administrative offence proceedings) as well as to contractors of the German Environment Agency. Contractors can be companies that provide IT or printing services for the German Environment Agency or carry out research projects. In these cases, agreements on contract processing are concluded. It is always checked whether the transfer of personal data is necessary for the fulfilment of the task.

Under these conditions, recipients of personal data may be (examples):

  • internal units (access authorised people, task-based and earmarked) involved in task completion
  • service providers (contract processors) in the categories printing, mail and logistics, IT services
  • federal enforcement agencies and recipients specified by law

Storage period

The storage period of the personal data depends on how long the data is needed. We delete personal data if the stated purposes for which we process the data cease to exist (for example termination of our communication, revocation of your consent) and no legal reasons no longer exist (for example fulfilment of recording and retention periods, ensuring legal claims).

Any further (temporary) processing will only take place if this is necessary to safeguard archiving purposes in the public interest.

Your data subject rights

Both in the performance of public tasks and as a contractual party under civil law, the German Environment Agency is responsible for the processing of personal data. Data subjects therefore have the following rights under the GDPR:

Right to information — Article 15 GDPR

You can request information about the personal data we process and some other important information such as the purposes of processing or the storage period. The exceptions applying to this right are regulated by Section 35 BDSG.

Right to rectification — Article 16 GDPR

You can have inaccurate personal data concerning you corrected.

Right of erasure — Article 17 GDPR

You can request the deletion of your personal data. However, this is only possible if the personal data concerning you is no longer necessary, is being processed illegally or if consent in this regard has been revoked. The exceptions applying to this right are regulated by Section 35 BDSG.

Right to restriction of processing — Article 18 GDPR

You have the right to ask us to restrict the processing of data concerning you. The restriction does not prevent processing if there is an important public interest in the processing.

Right to data portability — Article 20 GDPR

The right to data portability includes the possibility for the data subject to receive the personal data concerning them from the controller in a common machine-readable format in order to have it forwarded to another controller if necessary. However, this right is not available according to Article 20(3)(2) GDPR if the data processing serves the performance of public tasks. This is not the case at DEHSt only if personal data is processed for fiscal purposes.

Right to object — Article 21 GDPR

You have the right to object. This includes the possibility for data subjects to object to the further processing of their personal data in a particular situation, insofar as this is justified by the exercise of public tasks or in the public or private interest. According to Section 36 BDSG, this right does not apply if a public body is obligated by law to process personal data.

Right to revoke consent — Article 7(3) GDPR

In addition, you have the right to revoke your consent within the meaning of Article 6(1)(a) or Article 9(2)(a) GDPR at any time without affecting the legality of the processing carried out on the basis of consent until revocation.

Right to complain

According to Article 77 GDPR you have the right to lodge a complaint with the competent data protection supervisory authority. The competent data protection supervisory authority for the German Environment Agency is the Federal Commissioner for Data Protection and Freedom of Information, Husarenstraße 30, D-53117 Bonn, Germany, phone: +49 (0)228 997799-0, poststelle@bfdi.bund.de, www.BfDi.de.

Origin of the collected data

As a matter of principle, we collect personal data directly from you as well as during or in advance of official enforcement actions based on the aforementioned legal bases.

In exceptional cases, we collect data from third parties for the purpose of obtaining general information and, for overarching reasons, for the purpose of clarifying the facts, thereby fulfilling our legal obligation under the BEHG and supplementary regulations (for example in the case of intermediaries who handle the purchase of certificates for some BEHG officers. This regularly affects data on the technical circumstances of the installations. In exceptional cases, personal data (data category for example contact person) may also be covered.

14/07/2022

BEHG enforcement

Controller and contact

The German Emissions Trading Authority (DEHSt) is part of Division V at the German Environment Agency. The Controller in terms of Article 4(7) GDPR is the German Environment Agency, represented by the President, Wörlitzer Platz 1, D-06844 Dessau-Roßlau, phone: +49 (0)340 2103-2416, Fax: +49 (0)340 2103-2285, buergerservice@uba.de. You can reach our data protection officer, Mr. Udo Langhoff, at email address udo.langhoff@uba.de and phone number +49 (0)30 8903-5141.

 Purposes and legal bases for processing based on BEHG

We are the competent authority for the implementation of the national fuel emission trading scheme (nEHS) and are responsible for reviewing emissions reports, maintaining accounts in the National Emissions Trading Registry (nEHS Registry), and approving applications for payment of state aid to compensate for indirect burdens.

When it comes to enforcement based on the legal foundations, we cooperate with companies whose fuel volumes placed on the market are subject to national emissions trading and with companies whose stationary installations or aircraft are subject to European Union emissions trading and who are affected by double charging with CO2 costs due to overlaps with the nEHS. We also support the work of the independent verifiers. Furthermore, we are in contact with the Federal Ministry for Economic Affairs and Climate Action and the General Directorate of Customs and contribute to the further development of fuel emissions trading.

We work mainly electronically with our partners. This applies to the various types of applications as well as account management in the nEHS Registry and annual emissions reporting.

We also receive personal data while performing the tasks assigned to us by law based on the Fuel Emissions Trading Act (BEHG). We process personal data if this is necessary for the fulfilment of their purposes, in accordance with GDPR and BDSG based on the following legal bases (alternatively and, where applicable, also cumulatively): 

  1. Processing based on your consent (Article 6(1)(a) GDPR)

    We process personal data for the purpose of our mutual communication based on your consent pursuant to Article 6(1)(a) GDPR for the following purposes (examples):

    Our DEHSt customer service uses a ticket system to handle phone calls and written queries and send out individual information for example by email. We provide general information for BEHG officers, verifiers and those interested in fuel emissions trading (mailings, websites, newsletters) and send out calls about events on fuel emissions trading (topic-related public and non-public events).

  2. Processing to accomplish the joint contract (Article 6(1)(b) GDPR)

    We also process personal data as a contractual party under civil law for example for IT services. The legal basis is Article 6(1)(b) GDPR in conjunction with the respective contract.

  3. Processing to comply with a legal obligation (Article 6(1)(c) GDPR)

    We are the competent authority for the enforcement of fuel emissions trading. Essentially, these are the following fields of activity:

    - Monitoring the annual emissions reporting and surrender of required emission allowances (information on the use of user personal data registered in the nEHS Registry)

    - Managing the national emissions trading registry, including registry accounts and technical infrastructure.

    - Support and monitoring of independent verifiers in the verification of emissions data (from 2023)

    - Control of selling (up to 2025) and auctioning (from 2026) emission allowances in Germany

    - Fulfilment of national reporting obligations

    - Reviewing applications for payment of state aid to compensate for indirect burdens:

    o   Applications by operators of stationary installations within EU emissions trading for subsequent compensation of double-burden fuel volumes in the case of overlaps with national fuel emissions trading

    o   Applications for granting state aid to avoid undue hardship

    o   Applications for granting state aid to prevent carbon leakage and to maintain the cross-border competitiveness of affected companies

    o   Applications for subsequent recognition of sectors eligible for state aid to prevent carbon leakage and maintain the cross-border competitiveness of affected companies

    The aforementioned activities are based on the applicable provisions of the BEHG and supplementary provisions in accompanying ordinances. If it is necessary for the fulfilment of these tasks, we, as an enforcing authority, process personal data. This may include the approval of monitoring plans and the review of emission reports as well as the collection of additional data and information (e.g. on subsequent claims and requests for information) for the fulfilment of DEHSt's legal obligations.

  4. Processing to peform a task in the public interest or exercise official authority (Article 6(1)(e) GDPR)

    As an enforcement authority for fuel emission trading in Germany, we process personal data in the public interest because the tasks to be performed have been assigned to us in detail by law through the BEHG and supplementary ordinance-law regulations. These tasks are performed in the public interest and, under certain circumstances, by exercising official authority (for example prosecuting intentional or negligent acts in terms of Section 22 of the BEHG – Administrative offences).

Recipient categories

Access is granted to those DEHSt employees who need to access personal data in order to fulfill the specific purposes pursued (see above, for example numbers 2.1 to 2.4). In performing our public tasks, we transmit personal data in individual cases to other public bodies of the Federal Government (for example Federal Treasury, chief customs offices) or of the states (Länder) (public prosecutors' offices in administrative offence proceedings) as well as to contractors of the German Environment Agency. Contractors can be companies that provide IT or printing services for the German Environment Agency or carry out research projects. In these cases, agreements on contract processing are concluded. It is always checked whether the transfer of personal data is necessary for the fulfilment of the task.

Under these conditions, recipients of personal data may be (examples):

  • internal units (access authorised people, task-based and earmarked) involved in task completion,
  • service providers (contract processors) in the categories printing, mail and logistics, IT services,
  • federal enforcement agencies and recipients specified by law.

Storage period

The storage period of personal data depends on how long the data is needed and on the applicable legal requirements.

We delete personal data when the stated purposes for which we process the data no longer apply (for example termination of our communication, revocation of your consent given) and there are no longer any legal reasons (for example achieving recording and retention periods, securing legal claims).

Your data subject rights

Both in the performance of public tasks and as a contractual party under civil law, the German Environment Agency is responsible for the processing of personal data. Data subjects therefore have the following rights under the GDPR:

Right to information — Article 15 GDPR

You can request information about the personal data we process and some other important information such as the purposes of processing or the storage period. The exceptions applying to this right are regulated by Section 35 BDSG.

Right to rectification — Article 16 GDPR

You can have inaccurate personal data concerning you corrected.

Right of erasure — Article 17 GDPR

You can request the deletion of your personal data. However, this is only possible if the personal data concerning you is no longer necessary, is being processed illegally or if consent in this regard has been revoked. The exceptions applying to this right are regulated by Section 35 BDSG.

Right to restriction of processing — Article 18 GDPR

You have the right to ask us to restrict the processing of data concerning you. The restriction does not prevent processing if there is an important public interest in the processing.

Right to data portability — Article 20 GDPR

The right to data portability includes the possibility for the data subject to receive the personal data concerning them from the controller in a common machine-readable format in order to have it forwarded to another controller if necessary. However, this right is not available according to Article 20(3)(2) GDPR if the data processing serves the performance of public tasks. This is not the case at DEHSt only if personal data is processed for fiscal purposes.

Right to object — Article 21 GDPR

You have the right to object. This includes the possibility for data subjects to object to the further processing of their personal data in a particular situation, insofar as this is justified by the exercise of public tasks or in the public or private interest. According to Section 36 BDSG, this right does not apply if a public body is obligated by law to process personal data.

Right to revoke consent — Article 7(3) GDPR

In addition, you have the right to revoke your consent within the meaning of Article 6(1)(a) or Article 9(2)(a) GDPR at any time without affecting the legality of the processing carried out on the basis of consent until revocation.

Right to complain

According to Article 77 GDPR you have the right to lodge a complaint with the competent data protection supervisory authority. The competent data protection supervisory authority for the German Environment Agency is the Federal Commissioner for Data Protection and Freedom of Information, Husarenstraße 30, D-53117 Bonn, Germany, phone: +49 (0)228 997799-0, poststelle@bfdi.bund.de, www.BfDI.de.

Origin of the collected data

As a matter of principle, we collect personal data directly from you as well as during or in advance of official enforcement actions based on the aforementioned legal bases.

In exceptional cases, we collect data from third parties for the purpose of obtaining general information and, for overarching reasons, for the purpose of clarifying the facts, thereby fulfilling our legal obligation under the BEHG and supplementary regulations (e.g. in the case of intermediaries who handle the purchase of certificates for some BEHG officers. This regularly affects data on the technical circumstances of the installations. In exceptional cases, personal data (data category e.g. contact person) may also be covered.

14/07/2022

ProMechG and UERV enforcement

Controller and contact

The German Emissions Trading Authority (DEHSt) is part of Division V at the German Environment Agency. The Controller in terms of Article 4(7) GDPR is the German Environment Agency, represented by the President, Wörlitzer Platz 1, D-06844 Dessau-Roßlau, phone: +49 (0)340 2103-2416, Fax: +49 (0)340 2103-2285, buergerservice@uba.de. You can reach our data protection officer, Mr. Udo Langhoff, at email address udo.langhoff@uba.de and phone number +49 (0)30 8903-5141.

Purposes and legal bases for processing according to ProMechG and UERV

We are responsible for enforcing the Project Mechanisms Act (Act on Project-Based Mechanisms under the Kyoto Protocol to the United Nations Framework Convention on Climate Change of 11/12/1997, ProMechG) and for enforcing the statutory provisions of the Upstream Emission Reduction Ordinance (Ordinance on the Crediting of Upstream Emissions Reductions to the Greenhouse Gas Quota, UERV).

Upon application by lead project partners, we decide whether climate protection projects should be implemented with the approval of the Federal Republic of Germany in accordance with the two aforementioned legal bases. To this end, DEHSt cooperates with project developers and independent verifiers and in this work we receive and process personal data. This involves the official contact details of the applicant's contact persons as well as the names and contact details of the persons involved in the validation and verification process at the independent verifiers.

We process this personal data to the extent necessary for the performance of the aforementioned enforcement tasks in accordance with the GDPR and the BDSG pursuant to the following legal bases:

  1. Processing to meet our legal obligation (Article 6(1)(c) GDPR)

    Processing personal data serves the enforcement of the procedures listed below. This also includes requests relating to the individual procedures.
    - Application for approval of a project activity according to Sections 3, 5 and 8 ProMechG
    - Application for approval of a project activity according to Sections 7 und 10 UERV
    - Application for activation of the issuance of UER certificates according to Section 19 UERV
    - Review of the submitted verification reports according to Section 44 UERV- Publication obligations according to ProMechG and UERV.

  2. Processing to perform a task in the public interest or exercise official authority (Article 6(1)(e) GDPR)

    As an enforcement authority, we process personal data in the public interest because the tasks to be performed have been assigned to us by one of the above-mentioned laws. The performance of these tasks is therefore in the public interest and, under certain circumstances, when exercising official authority. All relevant decisions are issued as administrative acts.

Recipient categories

Access is granted to those DEHSt employees who need to access personal data in order to fulfill the specific purposes pursued (see above). While performing our public tasks, we generally do not transmit personal data to other public or private bodies. Personal data only disclosed in justified special cases such as indication of criminal conduct (for example to the public prosecutor's office).

Storage period

The storage period of the personal data depends on how long the data is needed:

We delete the data collected based on the ProMechG ten years after the expiry of the Kyoto project mechanisms. The period begins at the end of the day for which the competent body declared the end of the Kyoto project mechanisms. We also delete the data collected on the basis of the UERV ten years after the end of the project (as a rule after the return of the surety provided). If litigation is pursued in connection with a project activity, we delete the data after 20 years, calculated from the date on which the last decision affecting the project became legally binding. The data required to fulfil the legally prescribed publication obligations will be deleted as soon as the obligation to publish ceased to exists. Further (temporary) processing beyond this will only be carried out if this is necessary to safeguard archiving purposes that are in the public interest.

Your data subject rights

Data subjects have the following rights under the GDPR:

Right to information – Article 15 GDPR

You can request information about the personal data we process and some other important information such as the purposes of processing or the storage period. The exceptions applying to this right are regulated by Section 35 BDSG apply.

Right to rectification – Article 16 GDPR

You can have incorrect personal data concerning you corrected.

Right of erasure – Article 17 GDPR

You can request the deletion of your personal data. However, this is only possible if the personal data concerning you is no longer necessary, is being processed illegally or if consent has been revoked in this regard. The exceptions applying to this right are regulated by Section 35 BDSG.

Right to restriction of processing – Article 18 GDPR

You have the right to ask us to restrict the processing of data concerning you. The restriction does not prevent processing if there is an important public interest in the processing.

Right to data portability – Article 20 GDPR

The right to data portability includes the possibility for the data subject to receive the personal data concerning them from the controller in a common, machine-readable format in order to have it forwarded to another controller if necessary. However, this right is not available according to Article 20(3)(2) GDPR if the data processing serves the performance of public tasks. This is not the case at DEHSt only if personal data is processed for fiscal purposes.

Right to object – Article 21 GDPR

You have the right to object. This includes the possibility for data subjects to object to the further processing of their personal data in a particular situation, insofar as this is justified by the exercise of public tasks or in the public or private interest. According to Section 36 BDSG, this right does not apply if a public body is obligated by law to process personal data.

Right to revoke consent – Article 7(3) GDPR

In addition, you have the right to revoke your consent within the meaning of Article 6(1)(a) or Article 9(2)(a) GDPR at any time without affecting the legality of the processing carried out on the basis of consent until revocation.

Right to complain

According to Article 77 GDPR you have the right to lodge a complaint with the competent data protection supervisory authority. The competent data protection supervisory authority for the German Environment Agency is the Federal Commissioner for Data Protection and Freedom of Information, Husarenstraße 30, D-53117 Bonn, Germany, phone: +49 (0)228 997799-0, poststelle@bfdi.bund.de, www.BfDi.de.

Origin of the collected data

As a matter of principle we collect personal data directly from you in the aforementioned procedures, you contact us with project proposals under the ProMechG or the UERV and provide us with the personal data.

During the enforcement of the ProMechG and the UERV, data is also collected from third parties. It originates from the validation and verification reports that the contractual partner of the respective verifier (that is the lead project partner) submits to us in the application under the ProMechG or the UERV. In these reports, the names of the people who performed the validation or verification are named. In some cases, official contact details are also provided.

14/07/2022

Union Registry

Introduction

This statement explains the reasons for the processing of personal data by the German Emissions Trading Authority (DEHSt) at the German Environment Agency, how DEHSt collects, processes and protects personal data, how this information is used and what rights you can exercise with regard to your data.

Since DEHSt collects and processes personal data as part of the registry management for the EU ETS, Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data, on the free movement of such data and repealing Directive 95/46/EC (GDPR) applies.

This statement refers to the accounts in the German part of the Union Registry of the EU ETS, which are managed by DEHSt as the national administrator and processor. For the data protection responsibilities of the European Commission (The Commission), DEHSt refers to the adjacent Privacy Statement.

Why do we process your data?

The Union Registry and the European Transaction Log (EUTL) were established by Directive 2003/87/EC establishing a scheme for greenhouse gas emission allowance trading within the Community (EU ETS), Decision 406/2009/EC of the European Parliament and of the Council concerning the effort of Member States to reduce their greenhouse gas emissions to meet the Community's greenhouse gas emission reduction commitments until 2020 (LTE) and Regulation (EU) 525/2013 of the European Parliament and of the Council of 21/05/2013 for a mechanism for monitoring and reporting greenhouse gas emissions and other climate-related information at Member State and Union level. They ensure the accurate accounting of all emission allowances generated within the EU ETS. They track the ownership of allowances held in electronic and Member State managed (27 European Union Member States plus 3 of EFTA EEA) accounts. The functioning of the Union Registry and the EUTL as well as rights and obligations of central administrators, national administrators and users are governed by Regulation (EU) 389/2013 (Registry Regulation).

The Commission acts as the central administrator of the Union Registry according to Article 4(2) and Article 5(2) Registry Regulation. However, the primary collection and processing of personal data in the ETS section of the Union Registry is carried out by the account holders and the national administrators of the Member States since the Member States administer the accounts that fall under the jurisdiction of their Member State. According to the Greenhouse Gas Emissions Trading Act (TEHG) Section 19(1), the German Environment Agency (and DEHSt as a part of a UBA division), that is also as national administrator, is responsible for the implementation. According to Article 8(1) of the Registry Regulation, DEHSt as the national administrator is limited to the administration of the Union Registry accounts of the German part of the Union Registry. The technical infrastructure is only provided by the Central Administrator pursuant to the Registry Regulation. Therefore, the European Commission acts as controller according to Article 4(7) GDPR while DEHSt acts as data processor according to Article 4(8) GDPR. However, DEHSt also processes personal data exported from the Union Registry using its own applications. DEHSt is considered the controller for this area.

The purpose of this processing is that it is necessary to open accounts in the Union Registry and to appoint authorised representatives to service these accounts in order to implement the EU ETS. DEHSt must collect and process personal data to be able to review the applications of legal entities or ordinary persons to open accounts and those of ordinary persons to be appointed as authorised representatives.

Processing is legal and necessary according to Article 6(1)(c) GDPR for compliance with a legal obligation and under Article 6(1)(e) for the performance of a task carried out in the public interest.

What data is collected and processed?

Identification data

The personal data collected and further processed by the National Administrators relate to the account holder (insofar as the account holders are ordinary persons) or the account authorised representative and other authorised representatives of the account holder (insofar as the account holders are legal entities). The personal data are:

  • Name and forename
  • Number of the ID document
  • Date and place of birth
  • Professional address
  • Professional contact details
  • Phone, fax and mobile phone number
  • Email address
  • Title and professional function
  • Validity date of the ID document
  • Evidence of opening a bank account
  • Evidence of the verifier’s accreditation (only for verifier accounts)
  • If applicable, power of attorney of the account holder to appoint an ordinary person as authorised representative

Some data are collected by the National Administrator via certain documents. However, the records in question are destroyed after they have been checked, thus the data is not stored. The records include:

  • Evidence of address of permanent residence
  • Certificates of good conduct

The data is collected directly from the data subject and the provision of this data is mandatory in order to be registered in the Union Registry. We do not collect data covered by Article 9 of Regulation (EU) 679/2016.

Technical information

The personal data is collected at European level exclusively in a database and application logs shared by the Union Registry and the EUTL. DEHSt receives your personal data as well as documents via the Virtual Post Office (VPS) and stores them in the in-house filing system in digital form.

How do we protect your data?

The basic protection as the federal data protection standard applies for the data stored on DEHSt servers. We refer to the Federal Office for Information Security (BSI). The companies contracted by DEHSt are also bound by contractual clauses on the processing of your data on behalf of DEHSt as well as by confidentiality obligations in accordance with the Commitment Act (Act on the Formal Commitment of Non-Civil Servants).

How long do we store your data?

DEHSt only stores the data for the period necessary for collection and further processing or as required by law.

The storage period of your data at DEHSt is based on the requirements of the Registration Directive for document processing and management in federal ministries. In terms of administrative enforcement, Annex 5 of this directive provides for a storage period of ten years after the end of the calendar year in which the administrative process was finally completed.

Inasmuch official investigations have been initiated for legal proceedings, data may have to be stored as evidence for longer periods on the instruction of the investigating authorities until the legal decision has been made.

Who has access to your data and to whom has your data been forwarded?

The personal data collected is accessible to selected staff members of the European Commission and DEHSt staff members entrusted with data processing.

Data on account holders who have been denied opening an account under Article 22(2)(a-c) and data on authorised representatives who have been denied appointment under Article 24(5)(a-b) are reported to the Commission and other national administrators according to Article 110(7) of the Registry Regulation. They include national administrators from countries outside the European Union, from Iceland, Lichtenstein and Norway. This reporting takes place by uploading the data directly to an SFTP server where the Commission is responsible for security standards. Furthermore, the national administrator may grant read access to the Union Registry to law enforcement authorities as well as other specified institutions in accordance with Article 110(2).

In addition, DEHSt uses their own data processing system to process the data exports provided by the European Commission in accordance with Article 108(2). Data is also made available to the software developer, Dr. Lippke & Dr. Wagner GmbH, for testing purposes.

Member States and EU institutions may have access to data held in the Union Registry and EUTL to the extent necessary to perform their duties in accordance with Article 110 of Regulation 389/2013. The Commission should provide this access to Member States and EU institutions through the Security Directorate of the Directorate-General for Human Resources and Security. EUROPOL has permanent access to the data in the Union Registry and the EUTL with read-only permission in order to carry out their tasks under Council Decision 2009/371/JHA. EUROPOL must keep the Commission informed of the use of the data on an ongoing basis.

What are your rights and how can you exercise them?

You have the right to information from the data controller according to Article 15 GDPR. Furthermore, you have the right to rectification of your data according to Article 16 GDPR, the right to erasure according to Article 17 GDPR, the right to restriction of processing according to Article 18 GDPR, the right to data portability according to Article 20 GDPR and the right to object to data processing according to Article 21 GDPR. If you wish to exercise your rights or lodge a complaint, please contact the data controller informally.

Contact information

If you have queries or requests for information or would like to exercise your other rights, you can reach the data controller at the following contact details:

Umweltbundesamt
Deutsche Emissionshandelsstelle (DEHSt)

City Campus - Haus 3, Eingang 3A
Buchholzweg 8
13627 Berlin

Phone: + 49 (0) 30 8903-5050
Fax: + 49 (0) 30 8903-5010

If you have any comments or queries, concerns or complaints about the collection and use of your personal data, you can contact the following bodies using the contact details below:

Bundesbeauftragte für den Datenschutz und die Informationsfreiheit

Husarenstraße 30
53117 Bonn

poststelle@bfdi.bund.de

Data Protection Officer of the German Environment Agency

Udo Langhoff

udo.langhoff@uba.de

Phone: + 49 (0) 30 8903-5141

14/07/2022

Information of the European Commission

Online Services

  • Formular Management System Forms Management System

    Forms Management System

  • Virtuelle Poststelle Electronic communication

    Electronic communication

  • Newsletter Newsletter
  • Presse Press office
  • Kontakt Contact

Hinweis Cookies

Cookies help us to provide our services. By using our website you agree that we can use cookies. Read more about our Privacy Policy and visit the following link: Privacy Policy

OK