Privacy Policy

This translation is for informational purposes only. Only the German version is legally binding.

This privacy policy informs you about how we process your personal data when you use the platform jobcentamachtbestepreis.de. The protection of your data is particularly important to us, because Bürgergeld (German citizens' income) notices regularly contain special categories of personal data within the meaning of Art. 9 GDPR (so-called social data). We only process such data on the basis of your explicit, separately granted consent.

1. Data Controller

Controller within the meaning of the General Data Protection Regulation (GDPR) and the Bundesdatenschutzgesetz (BDSG — German Federal Data Protection Act) is:

KS Energy GmbH & Co. KG Sokelantstr. 8 30165 Hannover Germany

Authorised representative: Sebastian Klemm Phone: +49 511 4883509 Email: jobcenta@jobcentamachtbestepreis.de

Further information on the controller can be found in the Impressum.

2. General Information on Data Processing

We generally process personal data of our users only to the extent necessary to provide a functional platform as well as our content and services. The processing of personal data of our users regularly takes place only with the user's consent. An exception applies in such cases where prior consent cannot be obtained for factual reasons and the processing of data is permitted by law.

As legal bases we use in particular:

  • Art. 6 para. 1 lit. a GDPR — consent
  • Art. 6 para. 1 lit. b GDPR — contract or pre-contractual measures
  • Art. 6 para. 1 lit. c GDPR — legal obligations
  • Art. 6 para. 1 lit. f GDPR — legitimate interest
  • Art. 9 para. 2 lit. a GDPR — explicit consent for special categories

3. Hosting and Server Log Files

The platform is hosted on servers of Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. The server location is Germany. A data processing agreement pursuant to Art. 28 GDPR has been concluded with Hetzner. No transfer to third countries takes place.

With each access to the platform, technical data is automatically stored in server log files:

  • anonymised IP address (see section 10 on IP hashing)
  • date and time of access
  • URL accessed
  • HTTP status code and amount of data transferred
  • referrer URL
  • browser, operating system and language version (user agent)

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in stable and secure operation). Retention period: 14 days, then automated deletion.

4. SSL/TLS Encryption

For reasons of security and to protect the transmission of confidential content, this platform uses SSL/TLS encryption (TLS 1.3). You can recognise an encrypted connection by the browser address bar changing from "http://" to "https://" and by the lock symbol in your browser line. Additionally, HSTS (HTTP Strict Transport Security) is active, so that your browser automatically enforces the encrypted connection.

5. Benefit-Notice Upload and Processing of Social Data (Art. 9 GDPR) — CRITICAL

5.1 Which Data

When you upload your Jobcenter notice to us for review, we inevitably process special categories of personal data within the meaning of Art. 9 para. 1 GDPR. Jobcenter notices regularly contain:

  • Social data (income situation, standard needs, housing costs, neediness within the meaning of SGB II)
  • possibly health data (additional needs due to illness, reduced earning capacity, pregnancy)
  • possibly data concerning ethnic origin (residence permit, nationality in questions of benefit exclusion)
  • possibly data concerning religious beliefs (church tax indicator)
  • information on the household community (partner, children, additional household members)

5.2 Legal Basis

We base the processing of this data exclusively on Art. 9 para. 2 lit. a GDPR — your explicit consent. We obtain this consent in the upload form via a separate checkbox that must be ticked separately from the general acknowledgement of this privacy policy. Without this separate consent, a review of your notice is legally not possible.

5.3 Purpose

The purpose of processing is exclusively:

  • reviewing the notice for possible formal and substantive errors (benefit-notice check)
  • providing you with a non-binding assessment
  • upon explicit request: forwarding to a cooperating partner lawyer

Use for advertising, profiling or analytics purposes does not take place.

5.4 Retention Period

We distinguish according to the further course:

  • No follow-up mandate: Your notice and all associated data will be irrevocably deleted at the latest 30 days after completion of the review.
  • Mandate granted (Phase 2/3): If a mandate is granted to a partner lawyer, your data will be transferred to their case file. There, the professional retention obligations under § 50 BRAO (six years) apply. KS Energy itself deletes its copies after the end of the referral.
  • Deletion request at any time: Irrespective of these deadlines, you can request immediate deletion at any time (section 11).

5.5 Separate Consent — Right of Withdrawal

You can withdraw your consent to the processing of these special categories at any time with effect for the future. The lawfulness of the processing carried out until the withdrawal remains unaffected. An informal email to jobcenta@jobcentamachtbestepreis.de is sufficient for the withdrawal. Upon withdrawal, we will delete your data without delay, unless a statutory retention obligation stands in the way.

6. Lead Capture (Contact Data)

To provide feedback on the benefit-notice check, we collect the following contact data:

  • Mobile number and/or email address (at least one)
  • preferred contact channel (email, phone, prospectively messenger)
  • First name (voluntary, facilitates personal address)

Legal basis: Art. 6 para. 1 lit. b GDPR (pre-contractual measures for carrying out the review) or Art. 6 para. 1 lit. a GDPR (consent), insofar as the information is provided purely voluntarily.

Purpose: Transmission of the review result and follow-up questions regarding the review.

Retention period: 30 days after transmission of the result, unless a follow-up order is placed.

7. Email Communication

If you contact us by email, we process your email address and the content contained in the email for the purpose of processing your enquiry.

Legal basis: Art. 6 para. 1 lit. b GDPR for contract-related enquiries, otherwise Art. 6 para. 1 lit. f GDPR (legitimate interest in answering the enquiry).

Retention period: until the purpose ceases to apply, at the latest in accordance with statutory retention periods.

8. Communication via WhatsApp or Messenger (Phase 2)

At a later stage of development, we will also offer feedback via messenger services (in particular WhatsApp Business API of Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland). A data processing agreement pursuant to Art. 28 GDPR has been or will be concluded with Meta. Communication via WhatsApp takes place exclusively if you actively choose this channel in the form and grant the corresponding consent. Alternatively, the email route is always available to you.

Legal basis: Art. 6 para. 1 lit. a GDPR (consent via active channel selection).

Note on third-country transfers: WhatsApp may transfer data to servers in the USA. For such transfer, the Standard Contractual Clauses of the European Commission as well as supplementary protective measures are relied upon.

9. Web Analytics: Plausible Analytics (self-hosted, cookie-free)

We use Plausible Analytics for anonymous reach measurement. We operate the Plausible instance ourselves on the same Hetzner server in Germany. No data is transferred to third parties.

Plausible works fundamentally differently from common tracking systems:

  • No cookies and no access to localStorage for measurement purposes
  • No cross-device tracking
  • No personal user profiles
  • Only aggregated metrics are recorded: page views per URL, referrer, coarse region at country level, browser family
  • IP addresses are not stored but only flow into a temporary daily hash for aggregation

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in a user-friendly, low-error operation of the platform). According to the Datenschutzkonferenz (DSK — German Data Protection Conference), no consent under § 25 TDDDG is required for this form of cookie-free, self-hosted reach measurement; a cookie banner is therefore not necessary.

10. No Cookies, No External Services

We consistently refrain from integrating third-party services that would leak personal data. In particular, we do not use:

  • Google Analytics or comparable tracking services
  • Google Fonts (fonts are served locally from our own server)
  • Facebook Pixel, TikTok Pixel or comparable marketing trackers
  • CDN integrations from third parties (all resources are served locally)
  • advertising cookies, tracking cookies or marketing cookies

Where necessary for technical processes (upload session, CSRF protection), a technically necessary session cookie may be set. This is deleted at the end of the browser session and does not store any personal data. For technically necessary cookies, no consent is required pursuant to § 25 para. 2 no. 2 TDDDG.

IP Hashing

For abuse prevention (e.g., rate limiting against automated attacks), we store IP addresses exclusively as a hash value with a secret, regularly rotated salt. Without knowledge of the salt, a conclusion about the original IP address is practically impossible.

11. Your Rights as a Data Subject

Under the GDPR you have extensive rights. To assert them, an informal message to jobcenta@jobcentamachtbestepreis.de or by post to the address above is sufficient.

  • Art. 15 GDPR — Right of access: You can request information at any time about which data we process about you.
  • Art. 16 GDPR — Right to rectification: We must rectify incorrect data and complete incomplete data.
  • Art. 17 GDPR — Right to erasure: You can request the deletion of your data, provided no statutory retention obligation stands in the way.
  • Art. 18 GDPR — Right to restriction of processing: You can demand that we only store your data but no longer process it further.
  • Art. 20 GDPR — Right to data portability: You can receive your data in a structured, commonly used and machine-readable format.
  • Art. 21 GDPR — Right to object: You can object at any time to processing based on legitimate interest.
  • Withdrawal of consent: You can withdraw any granted consent (including the consent under Art. 9 para. 2 lit. a GDPR) at any time with effect for the future.

12. Right to Lodge a Complaint with the Supervisory Authority

Irrespective of this, pursuant to Art. 77 GDPR you have the right to lodge a complaint with a data protection supervisory authority about the processing of your personal data. The authority with local jurisdiction for us is:

Die Landesbeauftragte für den Datenschutz Niedersachsen (The State Commissioner for Data Protection of Lower Saxony) Prinzenstraße 5 30159 Hannover Phone: +49 511 120-4500 Email: poststelle@lfd.niedersachsen.de Website: www.lfd.niedersachsen.de

You may also contact the supervisory authority of your habitual place of residence or place of work.

13. Currency and Changes to this Privacy Policy

This privacy policy is dated 2026-04-21. We adapt it when the legal situation, our services or the data processing operations change. The respective current version can be retrieved at https://jobcentamachtbestepreis.de/datenschutz. Where possible, we will additionally actively notify you of material changes (e.g., by email to users with an active review).

Further information can be found in the Impressum and in our Terms of Service.

Last updated: 2026-04-21