Payload Logo

Privacy Statement


1. Controller

The controller for the processing of personal data on this website is Open Energy Transition gGmbH, Königsallee 52, 95448 Bayreuth, Germany, e-mail: info@openenergytransition.org, website: www.openenergytransition.org.

Further publicly available company details are: Bayreuth register court, commercial register number HRB 7934, VAT ID No. DE 362 994 208, managing director Maximilian Parzen.

This privacy notice applies to the website www.openenergytransition.org.


2. Data Protection Officer

Our appointed data protection officer is ISiCO GmbH. You can contact the data protection officer at: ISiCO GmbH, Am Hamburger Bahnhof 4, 10557 Berlin, Germany, phone: +49 (0)30-213002850, e-mail: info@isico.de, website: www.isico.de.

You may contact the data protection officer at any time with questions regarding the processing of your personal data and the exercise of your rights.


3. General information on data processing

We process personal data only to the extent necessary to provide a functional website and to handle inquiries. In doing so, we comply in particular with the requirements of the General Data Protection Regulation and the German Telecommunications Digital Services Data Protection Act.

Personal data means any information relating to an identified or identifiable natural person. This includes, for example, name, e-mail address, IP address or other online identifiers.

  • We provide information in a clear and intelligible form.
  • We limit processing to the purposes that are necessary in each case.


4. Website access and server log files

When you visit our website for information purposes only, our systems process technically necessary access data. This includes in particular the IP address, date and time of access, the page or file requested, the amount of data transferred, browser type and browser version, the operating system used, the referrer URL and the host name of the accessing device.

This processing is carried out in order to provide the website technically, ensure the stability and security of our systems and detect and defend against misuse. The legal basis is Article 6(1)(f) GDPR. Our legitimate interest lies in the secure, stable and functional provision of the website.

Log data is deleted as soon as it is no longer required for these purposes. Longer retention is considered only to the extent necessary to investigate security incidents or to comply with legal obligations.

  • The collection of this data is necessary for the operation of the website.
  • There is no separate right to object to technically necessary processing.


5. Contact by e-mail

If you contact us by e-mail, we process the data you provide in order to handle your request. This usually includes your e-mail address, your name, the content of your message and any other information you voluntarily provide.

The legal basis is Article 6(1)(b) GDPR insofar as your request relates to the initiation or performance of a contract. In all other cases, the processing is based on Article 6(1)(f) GDPR. Our legitimate interest lies in the proper and efficient handling of inquiries.

Your data will be deleted once your request has been conclusively processed and no legal retention obligations prevent deletion.

Please send us only the information that is necessary for your request.


6. Cookies and comparable technologies that are technically necessary

Technically necessary cookies or comparable technologies may be used on our website to the extent required to provide the website, ensure basic functions or maintain the security of the service.

The legal basis for storing or accessing information on your terminal device is Section 25(2) TDDDG insofar as this is strictly necessary for providing the digital service expressly requested by the user. Insofar as personal data is processed in this context, the legal basis is Article 6(1)(f) GDPR.

The following element is stored in local storage on the terminal device: “payload-theme”: storage of the design or appearance of the website.

Non-essential cookies or comparable tracking technologies for analytics, marketing or profiling are currently not used on this website except with your consent pursuant to Section 25(1) TDDDG. Insofar as personal data is processed in this context, the legal basis is Article 6(1)(a) GDPR.

If you have given your consent, we use Google Analytics, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, to analyse the use of our website, recognise you on repeat visits, create usage profiles, evaluate conversions, improve our website, fix errors and create usage reports. Artificial intelligence such as machine learning may also be used for the automated analysis and enrichment of the data. In particular, the following may be analysed: your device ID, where applicable your Google ID, the pages you accessed and the previously accessed page (referrer URL), information on the terminal device, operating system and browser, your approximate location, your interactions with the page, such as scrolling activity, downloaded files, clicked links and interactions with media, and the achievement of goals (conversions). Your IP address is anonymised by default after transmission and before further evaluation. Visitor logs are stored for no more than 14 months. Further information is available at: https://business.safety.google/privacy/. The following cookies may be stored by Google Analytics on the terminal device: “_ga” (2 years) and “_gid” (24 hours): recognition and differentiation of visitors by means of a device ID; “_ga_H9DHYGS08R” (2 years): retention of tracking information for the current session.

With your consent, we also use Google Ads, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, to record and analyse user actions, such as clicks on content and advertisements, page views and downloads, and to display personalised advertising messages on Google partner websites. Usage profiles are created with the help of the collected data and users are assigned to advertising audiences. Google also processes the data for the improvement and further development of its own products and services, for aggregated statistical evaluation of conversions and for improving the quality and accuracy of conversions. The data referred to in connection with Google Analytics is processed in this context as well. Google privacy settings can be accessed at: https://myadcenter.google.com/. Further information is available at: https://business.safety.google/privacy/. The following information may be stored by Google Ads on the terminal device: cookie “_gcl_au” (90 days): conversion tracking and storage of ad clicks; local storage: “_gcl_ls”: storage of timestamps for conversion tracking of ad clicks.

You can configure your browser to delete or block cookies.

Disabling technically necessary cookies may limit the functionality of the website.


7. External links and social media presences

Our website contains links to external offers and presences, in particular LinkedIn, X, GitHub, Bluesky, YouTube, Eventbrite, and an external newsletter page. These are simple links and not embedded social media plugins.

When you merely visit our website, these links do not by themselves transmit personal data to the respective platforms. Only if you actively click such a link will you leave our website and the privacy policies of the respective provider will apply.

On our social media presences, we may have access to statistics on the use of our presences that are provided by the operators of the social media presences. These statistics are aggregated and may in particular contain demographic information, such as age, gender, region and country, as well as data on interactions with our social media presences, such as likes, subscriptions, sharing, viewing images and videos, and with the posts and content distributed there. They may also provide information about the interests of visitors and which content and topics are particularly relevant to them. We may also use this information to tailor the design of, and our activities and content on, the social media presence and to optimise them for our audience. Details and links to the social media presences operated by us can be found in the list below. The collection and use of these statistics may be subject to joint controllership. Where this is the case, the relevant agreement is listed below. You can assert your data protection requests most efficiently with the respective providers of our social media presences. You may of course also contact us with your request. In that case, we will forward your request accordingly. We maintain the following social media presences:

LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland: joint controllership agreement: https://www.linkedin.com/legal/l/page-joint-controller-addendum, privacy policy: https://www.linkedin.com/legal/privacy-policy, privacy settings: https://www.linkedin.com/mypreferences/g/guest-retargeting-opt-out.

X: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland: privacy policy: https://x.com/de/privacy, privacy settings: https://x.com/personalization.

GitHub: GitHub B.V., Prins Bernhardplein 200, Amsterdam 1097JB, Netherlands: privacy policy: https://docs.github.com/de/site-policy/privacy-policies/github-general-privacy-statement, privacy settings: https://docs.github.com/de/site-policy/privacy-policies/github-general-privacy-statement#what-are-your-cookie-choices-and-controls.

Bluesky: Bluesky Social, PBC, 113 Cherry St #24821, Seattle, WA 98104-2205, USA: privacy policy: https://bsky.social/about/support/privacy-policy.

YouTube: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland: privacy policy: https://policies.google.com/privacy, privacy settings: https://myadcenter.google.com/.

Mastodon.social: Mastodon GmbH , , Mühlenstraße 8a, 14167 Berlin, Germany, privacy policy: https://mastodon.social/privacy-policy 

Eventbrite: Eventbrite, Inc., Block 1, Harcourt Centre, Harcourt Street, Dublin 2, Ireland / Penrose Dock, Cork, privacy policy: https://privacy.eventbrite.com/policies 

The external newsletter page is provided by our service provider Three Hearts Digital Ltd., 86-90 Paul Street, London, EC2A 4NE, United Kingdom (EmailOctopus). In this context, we store your name and e-mail address together with the time and technical information of your registration. The content of the newsletter is described on the newsletter page. We verify whether the newsletter can be delivered and may measure, by means of pixels in the e-mail and the forwarding of links, whether the e-mail was opened and whether links were clicked. We do this to determine the reach of our newsletter and how we can optimise it. You may unsubscribe from the newsletter at any time. 

The newsletter tool EmailOctopus integrates Google reCAPTCHA, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, for security purposes in order to detect bots and other threats and to prevent abusive activity. For these purposes, Google reCAPTCHA analyses in particular the user’s input behaviour, such as mouse clicks, selection of input fields and input speed, technical information on browser, language, display and terminal device, the IP address, the referrer URL, the cookies used by Google and the displayed window. In this context, identified threats and bots are also statistically evaluated in aggregated, anonymised form. Further information is available at: https://business.safety.google/privacy/. The following information may be stored by Google reCAPTCHA on the terminal device: cookie “_GRECAPTCHA” (180 days), local and session storage elements: “_grecaptcha”, “rc::a”, “rc::f”, “rc::b” (session), “rc::c” (session).

The provision of such links, the use of aggregated statistics and the use of Google reCAPTCHA are based on Article 6(1)(f) GDPR. Our legitimate interest lies in presenting our public communication channels and making further information easily accessible, in effective information and communication on our social media presences and in ensuring the security and stability of our website. The sending of the newsletter and any usage analysis in e-mails is based on your consent pursuant to Article 6(1)(a) GDPR.


8. Recipients of personal data

Within our organization, only those units receive access to personal data that need it to fulfill the relevant purposes. External recipients are involved only to the extent necessary for the technical operation of the website, IT security, the handling of inquiries or where there is a legal obligation.

Recipient categories may include in particular hosting and IT service providers, technical support providers and public authorities or courts where disclosure is required by law. Some of these recipients are expressly named in this privacy notice.

Where required, we conclude data processing agreements with processors pursuant to Article 28 GDPR.


9. Third-country transfers

As a rule, we do not currently transfer personal data to countries outside the European Union or the European Economic Area in connection with this website.

However, in connection with the accessing or integration of external services, your data may be transferred to the United States or the United Kingdom. In that case, we rely on an adequacy decision of the European Commission where the transfer is to the United Kingdom or, in the case of transfers to the United States, where the US recipient is certified under the EU-US Data Privacy Framework, and otherwise on concluded standard contractual clauses. Insofar as Google Ireland Limited transfers your data to the United States, that transfer is justified by the certification of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The transfer to Three Hearts Digital Ltd., 86-90 Paul Street, London, EC2A 4NE, United Kingdom, is based on an adequacy decision of the European Union for the United Kingdom.

If you click external links and thereby access third-party services, any further processing generally takes place outside our area of responsibility, unless the external pages are operated by service providers commissioned by us. In all other respects, the privacy information of the respective provider applies.

This statement refers to processing carried out by Open Energy Transition gGmbH in connection with the operation of the website.


10. Retention period

We store personal data only for as long as this is necessary for the relevant processing purposes or as long as legal retention obligations apply. Afterwards, the data is deleted or its processing is restricted.

For server log files, the retention period depends on what is necessary for technical provision and IT security. Data from contact inquiries is stored until the inquiry has been conclusively handled and thereafter only insofar as legal obligations require further storage.

Where specific statutory retention periods apply, they take precedence over these general criteria.


Processing server log files: Retention criterion until the purpose ceases to apply or the security review is completed

Processing contact inquiries: Retention criterion until final handling, thereafter only if legally required

Processing other data: Retention criterion according to the relevant purpose and statutory periods


11. Your rights

Subject to the applicable legal requirements, you have the right of access to your personal data, the right to rectification of inaccurate data, the right to erasure, the right to restriction of processing and the right to data portability.

Where processing is based on Article 6(1)(f) GDPR, you have the right to object to the processing on grounds relating to your particular situation. Where processing is based on your consent, you may withdraw that consent at any time with effect for the future.

You may contact us or our data protection officer at any time to exercise your rights.

  • We respond to requests without undue delay and generally within one month.


Right // Legal basis

Access // Article 15 GDPR

Rectification // Article 16 GDPR

Erasure // Article 17 GDPR

Restriction of processing // Article 18 GDPR

Data portability // Article 20 GDPR

Objection // Article 21 GDPR

Withdrawal of consent // Article 7(3) GDPR


12. Right to lodge a complaint, obligation to provide data and automated decisions

You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data infringes data protection law.

The provision of personal data is not legally required for the mere visit of the website. However, without the processing of technically necessary access data, the website cannot be provided. If you contact us by e-mail, the provision of your contact details is necessary so that we can respond to your request.

Automated decision-making including profiling within the meaning of Article 22 GDPR does not take place in connection with this website.

  • You may contact both a supervisory authority and us or our data protection officer directly.


13. Data security and current version

We implement appropriate technical and organizational measures to protect personal data against loss, manipulation, unauthorized access and other unauthorized processing. This includes, in particular, secure transmission of website content.

This privacy notice is current as of 21 April 2026. We reserve the right to amend it if this becomes necessary due to technical changes, new services or changes in the legal framework.

The version published on the website from time to time shall be authoritative.


Version date: 8 June 2026

Scope: Website www.openenergytransition.org