Informativa sulla privacy
Privacy Policy
Last updated: May 2026
This Privacy Policy explains how Dan-Tech Energy GmbH ("Dan-Tech", "we", "us") collects, processes, and uses personal data in connection with our B2B e-commerce operations at shop.danenergy.com. We process personal data exclusively in the context of business-to-business (B2B) transactions with business customers.
1. Data Controller
The controller responsible for the processing of personal data is:
Dan-Tech Energy GmbH
[Registered address]
Germany
Email: info@danenergy.com
Website: www.danenergy.com
2. Categories of Personal Data Processed
In the context of our B2B operations, we process personal data of business contact persons, including:
- Business contact information: name, job title, company name, business address, business email address, business telephone number;
- Order and transaction data: products ordered, quantities, prices, order history, delivery addresses;
- Payment data: bank account details, payment status (full payment card numbers are processed by our payment service provider and not stored by us);
- Communication data: email correspondence, support tickets, and sales communications;
- Technical data: IP addresses, browser type, device information, cookies and usage data collected via our store.
3. Purposes and Legal Bases for Processing
We process personal data for the following specific purposes, each supported by an applicable legal basis under Article 6 GDPR:
3.1 Order Fulfillment and Contract Performance
Purpose: Processing orders, arranging delivery, managing returns and warranty claims, issuing invoices and ZUGFeRD/XRechnung electronic invoices.
Legal basis: Art. 6(1)(b) GDPR — processing is necessary for the performance of a contract to which the data subject is party, or to take pre-contractual steps at their request.
3.2 Customer Account Management
Purpose: Creating and managing registered customer accounts, enabling access to B2B pricing, order history, and account functions.
Legal basis: Art. 6(1)(b) GDPR — contractual necessity.
3.3 Compliance with Legal Obligations
Purpose: Retaining accounting and tax records as required by German commercial and tax law (§ 257 HGB, § 147 AO); export control compliance and documentation under EU Dual-Use Regulation 2021/821 and AWG/AWV; waste battery take-back documentation and compliance under EU Battery Regulation 2023/1542; dangerous goods documentation (UN 3480, ADR).
Legal basis: Art. 6(1)(c) GDPR — processing is necessary for compliance with a legal obligation to which we are subject.
3.4 Fraud Prevention and Security
Purpose: Detecting and preventing fraudulent transactions, protecting our systems and customers, and enforcing our terms of business.
Legal basis: Art. 6(1)(f) GDPR — processing is necessary for the purposes of our legitimate interests in protecting against fraud and ensuring platform security. We have carried out a balancing assessment and found that these interests are not overridden by your interests, rights, or freedoms.
3.5 B2B Marketing and Business Development
Purpose: Sending product updates, technical newsletters, pricing information, and promotional communications to existing business customers and qualified prospects.
Legal basis: Art. 6(1)(f) GDPR — our legitimate interest in marketing to B2B contacts within the context of an existing or prospective business relationship. You have the right to object to this processing at any time (see Section 7).
3.6 Website Analytics and Advertising Performance
Purpose: Analyzing store and website usage via Google Analytics 4; measuring the performance of Google Ads campaigns; optimizing our marketing spend and user experience.
Legal basis: Art. 6(1)(a) GDPR — consent, where required for non-essential cookies. Art. 6(1)(f) GDPR — legitimate interest for aggregated analytics where cookies are not required.
You may withdraw consent for non-essential cookies at any time via the cookie settings displayed on first visit.
4. Data Retention Periods
| Data Category | Retention Period | Basis |
|---|---|---|
| Order and contract data | 10 years from invoice date | § 257 HGB, § 147 AO |
| Accounting records and invoices | 10 years | § 147 AO |
| Customer account data | Duration of business relationship + 3 years after last transaction | Legitimate interest / § 195 BGB limitation period |
| Marketing contact data | Until objection, or 3 years after last engagement | Legitimate interest |
| Warranty and support records | 3 years from resolution | § 195 BGB (general limitation period) |
| Export control documentation | 5 years minimum | AWG/AWV, EU Dual-Use Regulation 2021/821 |
| Battery take-back records | As required by EU Battery Regulation 2023/1542 | Art. 6(1)(c) GDPR |
| Website analytics data (GA4) | 14 months (Google Analytics default setting) | Consent / legitimate interest |
| Server logs and security data | 90 days | Legitimate interest (security) |
Data is deleted or anonymized at the end of the applicable retention period unless longer retention is required by law.
5. Sharing Data with Third Parties
We share personal data with third parties only where necessary and on a documented legal basis. Our main third-party processors and recipients include:
- Shopify Inc. (e-commerce platform operator): processes order, customer, and payment data as our data processor. Shopify is headquartered in Canada (a country covered by an EU adequacy decision) with servers also in the US (transfers covered by Standard Contractual Clauses, Art. 46(2)(c) GDPR). Shopify's privacy policy: shopify.com/legal/privacy.
- Google LLC (Google Analytics 4, Google Ads): processes website usage and advertising measurement data. US transfers are covered by Standard Contractual Clauses. Google's privacy policy: policies.google.com/privacy.
- Logistics and freight partners: receive delivery address and contact information necessary to fulfill shipments, including ADR-compliant dangerous goods carriers for battery products.
- Payment service providers: process payment data as required to complete transactions, acting as independent controllers for payment processing.
- Tax, legal, and accounting advisors: may access data as necessary for compliance purposes; bound by professional confidentiality obligations.
We do not sell personal data to third parties. We do not share personal data for third-party advertising purposes without your consent.
6. International Data Transfers
Where we transfer personal data to countries outside the European Economic Area (EEA), we ensure appropriate safeguards are in place pursuant to Art. 46 GDPR, including Standard Contractual Clauses as approved by the European Commission, or we rely on adequacy decisions under Art. 45 GDPR. Details of the safeguards applicable to specific transfers are available upon request.
7. Your Rights Under GDPR
As a data subject, you have the following rights regarding personal data we hold about you:
- Right of access (Art. 15 GDPR): Request confirmation of whether we process your personal data and receive a copy.
- Right to rectification (Art. 16 GDPR): Request correction of inaccurate or completion of incomplete data.
- Right to erasure (Art. 17 GDPR): Request deletion of your data, subject to any legal retention obligations that require us to retain it.
- Right to restriction of processing (Art. 18 GDPR): Request that we restrict processing in certain circumstances (e.g., while accuracy is contested).
- Right to data portability (Art. 20 GDPR): Where processing is based on consent or contract and carried out by automated means, request your data in a structured, commonly used, machine-readable format.
- Right to object (Art. 21 GDPR): Object at any time to processing based on legitimate interest, including B2B direct marketing. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.
- Right to withdraw consent (Art. 7(3) GDPR): Where processing is based on your consent, withdraw consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
To exercise any of these rights, contact us at info@danenergy.com. We will respond within one month of receiving your request, as required by Art. 12 GDPR.
8. Right to Lodge a Complaint
You have the right to lodge a complaint with a data protection supervisory authority if you consider that our processing of your personal data infringes GDPR. The competent supervisory authority for Dan-Tech Energy GmbH is:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219
10969 Berlin
Germany
Phone: +49 30 13889-0
Website: www.datenschutz-berlin.de
You may also contact the supervisory authority in your country of residence or place of work.
9. EU Battery Regulation (2023/1542)
In connection with the sale of lithium battery products, we collect and retain data required to comply with EU Battery Regulation 2023/1542, including battery specifications, serial numbers, and waste battery take-back documentation. This processing is based on Art. 6(1)(c) GDPR (compliance with a legal obligation). Data collected for this purpose is retained for the period required by the regulation.
10. Cookies and Tracking Technologies
Our store uses cookies and similar tracking technologies. Essential cookies required for the store to function (session management, cart, authentication) are placed on the basis of our legitimate interest (Art. 6(1)(f) GDPR). Non-essential cookies (analytics, advertising performance) are placed only with your consent (Art. 6(1)(a) GDPR). You can manage your cookie preferences via the cookie consent banner displayed on your first visit to the store.
11. Updates to This Policy
We may update this Privacy Policy from time to time. The current version is always available at shop.danenergy.com/policies/privacy-policy. We will notify registered customers of material changes by email.
12. Contact
For all data protection and privacy queries:
Dan-Tech Energy GmbH
Email: info@danenergy.com
Website: www.danenergy.com