Privacy Policy

of PRISMA European Platform GmbH

This privacy policy was last updated on May 25, 2018. This privacy policy might be updated from time to time.

Dear PRISMA users, visitors, guests and stakeholders,

At PRISMA European Capacity Platform, we adhere to the EU General Data Protection Regulation (GDPR).

The protection of your privacy and the personal information that you share with us is one of the most important business and ethical concerns for PRISMA. In this privacy policy, we would like to let you know how we process your personal data, which is: how we collect, use, transfer, share, save and delete the personal information that we obtain from you. It is important for us that you know that at PRISMA your personal data is in good hands.

First, we would like to let you know who is taking care of your personal data:

We are PRISMA European Capacity Platform GmbH, a company registered with the District Court of Leipzig (commercial register number: HRB 21361, VAT ID: DE 241 646 520). We are located at the Schillerstraße 4, 04109 in Leipzig, Germany. Our managing director is Dr. Götz Lincke.

We are always available for you. If you have any question regarding data protection issues, please send us an email to:

Next, we would like to give you the following information about personal data processing at PRISMA:

Customers, platform users, employees, service providers and shareholder representatives. Occasionally, and after obtaining consent, we process pictures of employees and people that attend our events.
We process names, email addresses, IP addresses, phone numbers, invoicing information, job applications, pictures and voice recording.

We get your personal data when:

  • registering at our platform as a User Administrator or User,
  • entering into a service contract,
  • subscribing to receive our newsletter,
  • applying for a job at PRISMA, or
  • sharing your business or personal information with us, e. g. via email, business card or telephone calls,
  • contacting our Custumer Care Center.

We could also receive your personal data from your company if:

  • you are the company’s representative,
  • you are nominated by one of your shareholders to make governance decisions,
  • you are designated to be a contact between your company and PRISMA, and
  • your information has been legally made publicly available.

We could also obtain your personal information via Cookies (small text files that collect your user ID):

We process your personal data by using a cookie that stores your login credentials. This is a session-based cookie that is automatically deleted after your visit. For legal, contractual and security reasons, we collect your User ID in the cookie to confirm who you are while you access our platform.

We also use Google Analytics services which also uses cookies. These cookies are stored on your computer and allow the analysis of your and other users’ usage of the PRISMA website. Information generated by the cookie is usually stored in a google server in the USA. If you wish, you can prevent Google’s storage of cookies by setting it in your browser or by downloading this browser plugin. However, doing so may block you from fully using all available website features.

We may process your personal data of our clients based on contractual obligations. For instance:
  • PRISMA’s General Terms and Conditions (GTCs) for use of the PRISMA Capacity Platform. This includes processing personal data of our platform users to enable registration in our platform and the booking and trading of gas capacities. Processing the personal data of our users also allows us to monitor the well-functioning of our platform and to provide proper service management;
  • PRISMA’s service contracts for the development and operation of an electronic platform for gas infrastructure operators for the allocation of capacities (primary capacity platform), for the trading of capacities (secondary capacity platform) and for related services;
  • REMIT Reporting Contracts to fulfil the delegated obligation of allowing Network Users to report their relevant trade data to the relevant recipients;
  • Automated Shipper Connection and Application Programming Interface (API) Contracts to connect the contract management of Network Users to the PRISMA Platform and provide secure and reliable data exchange of relevant trade information,
  • Any other (pre-)contractual or business relation or contact with PRISMA.

In the context of contractual obligations, we also process personal data to provide customer care, solve tickets and to improve our customers’ experience at our platform and improve our service.

We process personal data of clients and other data subjects interested in our services after receiving explicit consent to receive our newsletter. In our PRISMA Insights newsletter, we inform recipients of our future projects, events and general news about our company and the gas market.

We process personal data of applicants to evaluate their job applications.

We process the personal data of the representatives of service providers to evaluate offers, fulfil contracts and enable the provision of the service.

We also process personal data to fulfil legal and regulatory requirements.

At PRISMA we neither sell nor lease any personal data. Furthermore, we DO NOT perform any type of automated decision-making based on your personal data.

We might share your personal data with third parties in the context of the reasons explained above. We may share your personal data with some of our service providers under strict contractual clauses. We might also share personal information of our clients if required by a competent authority. Finally, we might also share the personal data we collect after receiving your explicit consent.

Service Providers:

We share your personal data to service providers that help us to provide our main service. We only work with service providers that lawfully process your personal data. To ensure they have high standards of personal data protection, we have in place a contract management system that allows us to evaluate providers processing activity and commitment towards the protection of personal data. We also keep constant communication to our service providers. Our main service providers and their privacy policies are:

  • BTC AG
  • Synexus GmbH

We also work with:

Public authorities:

We may share your public information to public authorities to fulfil legal obligations. Some of these public authorities include, but are not limited to:

  • Agency for the Cooperation of Energy Regulators (ACER): To fulfil the report obligations established in the Regulation on the Wholesale Energy Market Integrity and Transparency (REMIT).
  • National Regulatory Authorities (NRAs): To enable their investigatory functions in the context of e. g. REMIT.
  • Data Protection Authorities
  • In some cases, we would transfer your personal data to third countries as a consequence of contractual relationships between PRISMA and our service providers. However, at PRISMA we make sure to establish contractual relationships with only service providers that offer a degree or protection of personal data approved by the EU. In this sense, we potentially transfer your personal data to other EU countries, to countries recognized by the EU as having a high degree of personal data protection, and to US companies covered by Privacy Shield. In exceptional cases, we would ONLY consider transferring your personal data to countries that do not fall within the previous categories if they provide guarantees and appropriate safeguards for the lawful processing of your personal data, such as adhering to standard clause of protection of personal data, or by signing a data protection agreement with us.

    At PRISMA we know you have the right to be forgotten. At the same time, we are aware of other legal responsibilities that derive from a contractual relationship between your company and ours. That is why we have designed an erasure concept that balances your data protection rights with legal obligations in line with tax, civil and commercial, regulatory, corporate, employment and criminal law. We erase your personal information at the end of the retention period allowed or required by those laws. However, in the case of our platform users, it is the responsibility of the Network Users, as controllers of the Users’ information, to delete their registration information upon termination or cessation of use of the platform.

    To ensure the safety of personal data, we have implemented, among others, the following organizational and IT measures:
    • Training: to make sure that every PRISMA employee understands their data protection responsibilities;
    • Contract management: to ensure contracts with service providers offer accurate protection of personal data;
    • On-Premises security measures: to make sure that no malicious entity can have access to the data you entrust with us;
    • Restricted access to documentation: to strictly ensure that only the individuals who need to have access to your personal data are the ones who have access to it;
    • Confidentiality clauses: to ensure that our employees and subcontractors keep your personal information confidential;
    • Virus scans and firewalls: to review and identify technological threats that could affect our information;
    • Data backup and data restoration: to prevent your personal data from loss;
    • Tests and audits: to verify security measures;
    • Automated security tests: to ensure that each software release is subject to constant adjustments to new hazards. Each year, the Company performs a comprehensive penetration test for this purpose.
    We are aware that you have the right to access, rectify, object to processing, delete your personal data, withdraw consent at any time, etc. If you want to exercise any of your data protection rights, you can send an email to>, or call our data protection officer at +49341699299033. We are ready to process your request and to keep you informed in a timely manner.