Nur die deutsche Version der Datenschutzrichtlinie ist verbindlich.
Die englische Version dient nur der Bequemlichkeit.
Only the German version of the privacy policy shall apply.
The English version is only a convenience translation.
In the following, we provide information about the processing of personal data when using
- our website https://www.ostrom.de
- our Ostrom store https://store.ostrom.de/
- our signup page https://join.ostrom.de/
- our FAQ page https://support.ostrom.de/
- our social media profiles
- our mobile app (hereinafter just “app”).
Personal data is all data that can be related to a specific natural person, such as their name or IP address.
The person responsible in accordance with Article 4 (7) of the EU General Data Protection Regulation (GDPR) is
Aplus Energy GmbH
Strassburger Strasse 55
10405 Berlin
germany
Email: datenschutz@ostrom.de.
We are legally represented by Matthias Martensen and Karl Villanueva.
Our data protection specialist is
HeyData GmbH
Gormann Strasse 14
10119 Berlin
www.heydata.eu
Email: info@heydata.de.
The scope of data processing, processing purposes and legal bases is set out in detail below. In principle, the following can be considered as the legal basis for data processing:
● Art. 6 (1) (1) it. a GDPR serves us as the legal basis for processing operations for which we obtain consent.
● Art. 6 (1) (b) GDPR is the legal basis insofar as the processing of personal data is necessary to fulfill a contract, e.g. when a site visitor purchases a product from us or we perform a service for him. This legal basis also applies to processing that is necessary for pre-contractual measures, such as inquiries about our products or services.
● Art. 6 (1) (c) GDPR applies if we fulfill a legal obligation by processing personal data, as may be the case, for example, in tax law.
● Article 6 (1) (f) GDPR serves as the legal basis if we can rely on legitimate interests to process personal data, e.g. for cookies that are necessary for the technical operation of our website.
Insofar as we transfer data to service providers or other third parties outside the EEA, the security of the data when transferred, as far as available (e.g. for Great Britain, Canada and Israel), guarantees the security of the data (Art. 45 (3) GDPR). If there is no adequacy decision (e.g. for the USA), the legal basis for the transfer of data is usually standard contractual clauses, i.e. unless we provide otherwise. These are rules adopted by the EU Commission and are part of the contract with the respective third party. In accordance with Article 46 (2) (b) GDPR, they guarantee the security of data transfer. Many of the providers have provided contractual guarantees that go beyond the standard contractual clauses, which protect the data beyond the standard contractual clauses. These include, for example, guarantees with regard to the encryption of data or with regard to an obligation on the part of a third party to notify data subjects when law enforcement agencies want to access data.
Unless expressly stated in this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its purpose and the deletion does not conflict with any legal storage requirements. If the data is not deleted because it is necessary for other and legally permissible purposes, its processing will be restricted, i.e. the data will be blocked and not processed for other purposes. This applies, for example, to data that we must store for commercial or tax reasons.
Data subjects have the following rights vis-à-vis us with regard to personal data concerning them:
● the right to information,
● Right to correction or deletion,
● the right to restrict processing,
● the right to object to processing,
● the right to data portability,
● Right to withdraw consent at any time.
Data subjects also have the right to complain to a data protection supervisory authority about the processing of their personal data.
Within the framework of a business relationship or other relationship, customers, interested parties or third parties must only provide us with the personal data that is necessary for the establishment, implementation and termination of the business relationship or any other relationship or which we are legally obliged to collect. Without this data, we will usually have to refuse to conclude a contract or provide a service or will no longer be able to carry out an existing contract or other relationship.
Mandatory information is marked as such.
In principle, we do not use fully automated decision-making in accordance with Article 22 GDPR to establish and carry out a business relationship or other relationship. Should we use these procedures in individual cases, we will inform you of this separately, provided this is required by law.
When you contact us, e.g. by e-mail or telephone, the data provided to us (e.g. names and e-mail addresses) is stored by us in order to answer questions. The legal basis for processing is our legitimate interest (Art. 6 (1) (f) GDPR) to answer inquiries addressed to us. We delete the data arising in this context after storage is no longer necessary, or restrict processing if there are legal storage obligations.
From time to time, we conduct customer surveys to get to know our customers and their needs better. In doing so, we collect the data requested in each case. It is our legitimate interest to get to know our customers and their wishes better, so that the legal basis for the associated data processing is Art. 6 (1) (f) GDPR. We delete the data when the results of the surveys have been evaluated.
From time to time, we offer sweepstakes via our website or otherwise. We process the data requested in order to identify and notify the winners. We then delete the data. It is also possible that we only offer competitions for existing customers. Then we only process the name to determine the winners and the contact details to notify the winners. It is our legitimate interest to offer competitions to attract customers or to interact with our existing customers. The legal basis for data processing is Art. 6 (1) (f) GDPR.
As part of providing our services, we can check the creditworthiness of the credit rating from the credit agency SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden, before concluding the contract. The legal basis for the associated data processing is Art. 6 (1) (f) GDPR. We have a legitimate interest in the ability of our customers to pay. For more information, see www.schufa.de/privacy.
Our website stores information in the terminal equipment of website visitors (e.g. cookies) or accesses information that is already stored in the terminal device (e.g. IP addresses). The details of this information are set out in the following sections.
This storage and access is based on the following provisions:
- Insofar as this storage or access is absolutely necessary so that we provide the service of our website expressly requested by website visitors (e.g. to carry out a chatbot used by the website visitor or to ensure the IT security of our website), it is carried out on the basis of Section 25 (2) No. 2 of the Telecommunications Digital Services Data Protection Act (TDDDG).
- Otherwise, this storage or access is based on the consent of website visitors (Section 25 (1) TDDDG).
Downstream data processing is carried out in accordance with the following sections and on the basis of the provisions of the GDPR.
We reserve the right to inform customers who have already used our services or bought goods about our offers from time to time by e-mail or other means electronically, if they have not objected to this. The legal basis for this data processing is Art. 6 (1) (f) GDPR. Our legitimate interest lies in direct marketing (recital 47 GDPR). Customers can object to the use of their email address for advertising purposes at any time at no additional cost, for example via the link at the end of every email or by sending an email to our email address mentioned above.
Interested parties have the option of subscribing to a free newsletter. We process the data provided when registering exclusively for sending the newsletter. Registration is made by selecting the appropriate field on our website, by ticking the corresponding field in a paper document or by taking another clear action, by which interested parties declare their consent to the processing of their data, so that the legal basis is Art. 6 para. p. 1 lit. a GDPR. The consent can be withdrawn at any time, e.g. by clicking on the corresponding link in the newsletter or sending a message to our e-mail address provided above. The processing of data until revocation remains lawful even in the event of a revocation.
Based on the consent of recipients (Art. 6 (1) (a) GDPR), we also measure the opening and click rate of our newsletters in order to understand which content is relevant to our recipients.
We send newsletters using the tools
● Mailchimp from the provider Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA (privacy policy: https://mailchimp.com/legal/privacy/).
● Tool Intercom from the provider R&D Unlimited Company 2nd Floor, Stephen Court, 18-21 St. Stephen's Green, Dublin 2, Ireland (privacy policy: https://www.intercom.com/legal/privacy).
The providers process content, usage, meta/communication data and contact data in the USA.
When using the website for informational purposes, i.e. when site visitors do not provide us with separate information, we collect the personal data that the browser transmits to our server to ensure the stability and security of our website. This is our legitimate interest, so that the legal basis is Art. 6 (1) (f) GDPR. This data is:
● IP address
● Date and time of the request
● Time zone difference to Greenwich Mean Time (GMT)
● Content of the request (specific page)
● Access status/HTTP status code
● Each amount of data transferred
● Website from which the request comes
● Browsers
● Operating system and its interface
● The language and version of the browser software.
This data is also stored in log files. They are deleted when they are no longer required to be stored, at the latest after 14 days.
Our website is hosted by Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, USA, (privacy policy: https://aws.amazon.com/de/privacy/?nc1=f_pr) in the EU. The provider processes the personal data transmitted via the website, e.g. for content, usage, meta/communication data or contact data. It is our legitimate interest to provide a website, so the legal basis for data processing is Art. 6 (1) (f) GDPR.
We use a content delivery network to help make our website available. The provider is Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, USA, (privacy policy: https://aws.amazon.com/de/privacy/?nc1=f_pr). In doing so, the provider processes the personal data transmitted via the website, e.g. content, usage, meta/communication data or contact data. It is our legitimate interest to provide a website, so the legal basis for data processing is Art. 6 (1) (f) GDPR.
We publish jobs that are vacant in our company on our website, on pages connected to the website, or on third-party websites.
The data provided as part of the application process is processed to carry out the application process. Insofar as these are necessary for our decision to establish an employment relationship, the legal basis is Article 88 (1) GDPR in conjunction with Section 26 (1) BDSG. We have marked the data required to carry out the application process accordingly or refer to them. If applicants do not provide this information, we will not be able to process the application.
Further data is voluntary and not required for an application. If applicants provide further information, the basis is their consent (Art. 6 (1) (a) GDPR).
We ask applicants to refrain from providing information on political opinions, religious beliefs and similarly sensitive data in their curriculum vitae and cover letter. They are not required to apply. If applicants nevertheless provide appropriate information, we cannot prevent their processing as part of processing their resume or cover letter. Your processing is then also based on the consent of the applicants (Art. 9 para. 2 lit. a GDPR).
Finally, we process applicants' data for further application processes if they have given us their consent to do so. In this case, the legal basis is Art. 6 (1) (a) GDPR.
We pass on the applicants' data to the responsible personnel department, to our contract processors in the area of recruiting and to the other employees involved in the application process.
If we enter into an employment relationship with the applicant following the application process, we will only delete the data after the employment relationship has ended. Otherwise, we will delete the data no later than six months after an applicant has been rejected.
If applicants have given us their consent to also use their data for further application processes, we will only delete their data one year after receipt of the application.
We offer services through our website. On the basis of an order processing agreement, we include powercloud GmbH, Max-Planck-Straße 1, 77656 Offenburg, which only receives the personal data required to provide the service. The data is processed to fulfill the contract concluded with the respective site visitor (Art. 6 (1) (b) GDPR).
We also offer goods via our website. In doing so, we process personal data as part of the ordering process. The data is processed to fulfill the contract concluded with the respective website visitor (Art. 6 (1) (b) GDPR).
We pass on the personal data processed in the course of selling goods (first and last name and delivery address) exclusively to the following delivery service providers, insofar as this is necessary for delivery:
- DGH Grosshandel branch of Duttenhofer GmbH & Co. KG, Alfred-Nobel-Str. 6, 97080 Würzburg, Germany
- WAVE Distribution & Computersysteme GmbH, Philipp-Reis-Str. 2-3, D-35440 Linden, Germany
- MMS E-Commerce GmbH, Media-Saturn-Strasse 1, 85053 Ingolstadt, Germany
- All 4 Business SL, Carrer Sant Pascual, 62, 46960 Aldaia, Valencia, Spain
- Viessmann Climate Solutions SE, Viessmannstraße 1, 35108 Allendorf (Eder), Germany
- The Mobility House AG, Technoparkstr. 1, CH-8005 Zurich, Switzerland
- Climatos GmbH, Belgradstraße 34, 80796 Munich, Germany
- KOSATEC Computer GmbH, Carl-Miele-Straße 3, 38112 Brunswick, Germany
- wedoSolar GmbH, Torstr. 147, 10119 Berlin, Germany
- Priwatt GmbH, Schillerstraße 4, 04109 Leipzig, Germany
- Mula GmbH, Colditzstraße 34-36, 12099 Berlin, Germany
- Quality Heating B.V., Phoenixstraat 35, 1812 PP, Alkmaar, Nederland
- Fensterkraftwerk GmbH, Gneisenaustr. 45, 10961 Berlin, Germany
- BayWa r.e. AG, Arabellastraße 4, 81925 Munich, Germany
- Krannich Solar GmbH & Co. KG, Heimsheimer Strasse 65/1, 71263 Weil der Stadt/ Hausen, Germany
- Natec Sunergy B.V., Het Sterrenbeeld 51, 5215 MK, 's-Hertogenbosch, The Netherlands
- Wehage Solar UG, Tulpenstr. 19, 49692 Cappeln, Germany
The legal basis for processing is Art. 6 para. 1 lit. b GDPR, as it is necessary for the performance of the contract.
Users can also sign an electricity contract with us. In this context, we process the following personal data for the purpose of fulfilling the contract with the customer:
- Annual consumption
- First and last name
- Date of birth
- telephone number
- E-mail address
- Selected language
- Your address
- company name
- meter number
- Market location ID
- Move-in date
- Cancellation date
- Previous supplier
- IBAN
- Account holder
- Different billing address
The data is processed to fulfill the contract concluded with the respective customer (Art. 6 (1) (b) GDPR).
If the customer has given their consent, we will share the following data with the partner named in the respective declaration of consent for analysis purposes:
- First and last name
- email address
- Selected language
- address
In these cases, the legal basis for processing is Art. 6 (1) (a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time, for example by contacting us using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of processing up to the revocation.
We use Hotjar for analysis. The provider is Hotjar Ltd., Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's, STJ 3141, Malta. The provider processes usage data (e.g. websites visited, interest in content, access times) and meta/communication data (e.g. device information, IP addresses) in the EU.
The legal basis for processing is Art. 6 (1) (a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time, for example by contacting us using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of processing up to the revocation.
We delete the data when the purpose of its collection has ceased to apply. Further information is available in the provider's privacy policy at https://www.hotjar.com/legal/policies/privacy/ retrievable.
We use LinkedIn Insight Tag for conversion tracking. The provider is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The provider processes meta/communication data (e.g. device information, IP addresses) and usage data (e.g. websites visited, interest in content, access times) in the EU.
The legal basis for processing is Art. 6 (1) (a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time, for example by contacting us using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of processing up to the revocation.
The data will be deleted when the purpose of its collection no longer applies and there is no obligation to store it. Further information is available in the provider's privacy policy at https://www.linkedin.com/legal/privacy-policy? retrievable.
We use Trustpilot for customer reviews. The provider is Trustpilot A/S, Pilestraede 58, 5th floor, DK-1112 Copenhagen K, Denmark. The provider processes usage data (e.g. websites visited, interest in content, access times) and meta/communication data (e.g. device information, IP addresses) in the EU.
The legal basis for processing is Art. 6 (1) (f) GDPR. We have a legitimate interest in receiving feedback on our services from our customers through reviews.
The data will be deleted when the purpose of its collection no longer applies and there is no obligation to store it. Further information is available in the provider's privacy policy at https://uk.legal.trustpilot.com/for-businesses/business-privacy-policy retrievable.
We use Google web fonts for fonts on the website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. However, processing only takes place on our servers. The provider processes meta/communication data (e.g. device information, IP addresses) in the EU.
The legal basis for processing is Art. 6 (1) (f) GDPR. We have a legitimate interest in using simple and cheap fonts on our website. Further information is available in the provider's privacy policy at https://policies.google.com/privacy?hl=en-US retrievable.
We use Microsoft Advertising (Bing Ads) for analysis and advertising. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. The provider processes usage data (e.g. websites visited, interest in content, access times) and meta/communication data (e.g. device information, IP addresses) in the USA.
The legal basis for processing is Art. 6 (1) (a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time, for example by contacting us using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of processing up to the revocation.
We delete the data when the purpose of its collection has ceased to apply. Further information is available in the provider's privacy policy at https://privacy.microsoft.com/en-gb/privacystatement retrievable.
We use Intercom to improve user dialogue. The provider is R&D Unlimited Company 2nd Floor, Stephen Court, 18-21 St. Stephen's Green, Dublin 2, Ireland. The provider processes usage data (e.g. websites visited, interest in content, access times), contact data (e.g. email addresses, telephone numbers) and meta/communication data (e.g. device information, IP addresses) in the USA.
The legal basis for processing is Art. 6 (1) (f) GDPR. We have a legitimate interest in optimizing interaction with our website visitors.
The legal basis for the transfer to a country outside the EEA is standard contractual clauses. The security of data transferred to the third country (i.e. a country outside the EEA) is guaranteed by standard data protection clauses adopted in accordance with the audit procedure in accordance with Article 93 (2) GDPR (Article 46 (2) lit. c GDPR), which we have agreed with the provider.
We delete the data when the purpose of its collection has ceased to apply. Further information is available in the provider's privacy policy at https://www.intercom.com/legal/privacy retrievable.
We use Facebook Custom Audiences for advertising. The provider is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The provider processes usage data (e.g. websites visited, interest in content, access times) in the USA.
The legal basis for processing is Art. 6 (1) (a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time, for example by contacting us using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of processing up to the revocation.
The legal basis for the transfer to a country outside the EEA is standard contractual clauses. The security of data transferred to the third country (i.e. a country outside the EEA) is guaranteed by standard data protection clauses adopted in accordance with the audit procedure in accordance with Article 93 (2) GDPR (Article 46 (2) lit. c GDPR), which we have agreed with the provider.
We delete the data when the purpose of its collection has ceased to apply. Further information is available in the provider's privacy policy at https://www.facebook.com/policy.php retrievable.
We use Calendly to schedule appointments. The provider is Calendly LLC, BB&T Tower, 271 17th St NW, Atlanta, GA 30363, USA. The provider processes usage data (e.g. websites visited, interest in content, access times), contact data (e.g. email addresses, telephone numbers) and master data (e.g. names, addresses) in the USA.
The legal basis for processing is Art. 6 (1) (a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time, for example by contacting us using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of processing up to the revocation.
The legal basis for the transfer to a country outside the EEA is standard contractual clauses. The security of data transferred to the third country (i.e. a country outside the EEA) is guaranteed by standard data protection clauses adopted in accordance with the audit procedure in accordance with Article 93 (2) GDPR (Article 46 (2) lit. c GDPR), which we have agreed with the provider.
We delete the data when the purpose of its collection has ceased to apply. Further information is available in the provider's privacy policy at https://calendly.com/pages/privacy retrievable.
We use Google Analytics for analysis. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Dublin, D04e5w5, Ireland. The provider processes usage data (e.g. websites visited, interest in content, access times) and meta/communication data (e.g. device information, IP addresses) in the USA.
The legal basis for processing is Art. 6 (1) (a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time, for example by contacting us using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of processing up to the revocation.
The legal basis for the transfer to a country outside the EEA is standard contractual clauses. The security of data transferred to the third country (i.e. a country outside the EEA) is guaranteed by standard data protection clauses adopted in accordance with the audit procedure in accordance with Article 93 (2) GDPR (Article 46 (2) lit. c GDPR), which we have agreed with the provider.
The data will be deleted when the purpose of its collection no longer applies and there is no obligation to store it. Further information is available in the provider's privacy policy at https://policies.google.com/privacy?hl=en-US retrievable.
We use Google Marketing Platform for analysis and advertising. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes usage data (e.g. websites visited, interest in content, access times) and meta/communication data (e.g. device information, IP addresses) in the USA.
The legal basis for processing is Art. 6 (1) (a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time, for example by contacting us using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of processing up to the revocation.
The legal basis for the transfer to a country outside the EEA is standard contractual clauses. The security of data transferred to the third country (i.e. a country outside the EEA) is guaranteed by standard data protection clauses adopted in accordance with the audit procedure in accordance with Article 93 (2) GDPR (Article 46 (2) lit. c GDPR), which we have agreed with the provider.
We delete the data when the purpose of its collection has ceased to apply. Further information is available in the provider's privacy policy at https://policies.google.com/privacy?hl=en-US retrievable.
We use Google Maps for maps on our website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Dublin, D04e5w5, Ireland. The provider processes usage data (e.g. websites visited, interest in content, access times) and meta/communication data (e.g. device information, IP addresses) in the USA.
The legal basis for processing is Art. 6 (1) (a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time, for example by contacting us using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of processing up to the revocation.
The legal basis for transfer to a country outside the EEA is consent.
We delete the data when the purpose of its collection has ceased to apply. Further information is available in the provider's privacy policy at https://policies.google.com/privacy?hl=en-US retrievable.
We use Google Tag Manager for analysis and advertising. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes usage data (e.g. websites visited, interest in content, access times) in the USA.
The legal basis for processing is Art. 6 (1) (a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time, for example by contacting us using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of processing up to the revocation.
The legal basis for the transfer to a country outside the EEA is standard contractual clauses. The security of data transferred to the third country (i.e. a country outside the EEA) is guaranteed by standard data protection clauses adopted in accordance with the audit procedure in accordance with Article 93 (2) GDPR (Article 46 (2) lit. c GDPR), which we have agreed with the provider.
We delete the data when the purpose of its collection has ceased to apply. Further information is available in the provider's privacy policy at https://policies.google.com/privacy?hl=en-US retrievable.
We use Zapier for automation between applications. The provider is Zapier, Inc., 548 Market St. #62411, San Francisco, CA 94104-5401, USA. The provider processes usage data (e.g. websites visited, interest in content, access times) and meta/communication data (e.g. device information, IP addresses) in the USA.
The legal basis for processing is Art. 6 (1) (f) GDPR. We have a legitimate interest in simply connecting the applications in our company and thus optimizing the way we work.
The legal basis for the transfer to a country outside the EEA is standard contractual clauses. The security of data transferred to the third country (i.e. a country outside the EEA) is guaranteed by standard data protection clauses adopted in accordance with the audit procedure in accordance with Article 93 (2) GDPR (Article 46 (2) lit. c GDPR), which we have agreed with the provider.
We delete the data when the purpose of its collection has ceased to apply. Further information is available in the provider's privacy policy at https://zapier.com/privacy retrievable.
We use Facebook pixels for analysis. The provider is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The provider processes usage data (e.g. websites visited, interest in content, access times) in the USA.
The legal basis for processing is Art. 6 (1) (a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time, for example by contacting us using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of processing up to the revocation.
The legal basis for the transfer to a country outside the EEA is standard contractual clauses. The security of data transferred to the third country (i.e. a country outside the EEA) is guaranteed by standard data protection clauses adopted in accordance with the audit procedure in accordance with Article 93 (2) GDPR (Article 46 (2) lit. c GDPR), which we have agreed with the provider.
The data will be deleted when the purpose of its collection no longer applies and there is no obligation to store it. Further information is available in the provider's privacy policy at https://www.facebook.com/policy.php retrievable.
We use Snap Pixel for analysis. The provider is Snap Group Limited, 7-11 Lexington Street, London W1F 9AF, Great Britain. The provider processes usage data (e.g. websites visited, interest in content, access times) and meta/communication data (e.g. device information, IP addresses) in the USA.
The legal basis for processing is Art. 6 (1) (a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time, for example by contacting us using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of processing up to the revocation.
The legal basis for the transfer to a country outside the EEA is standard contractual clauses. The security of data transferred to the third country (i.e. a country outside the EEA) is guaranteed by standard data protection clauses adopted in accordance with the audit procedure in accordance with Article 93 (2) GDPR (Article 46 (2) lit. c GDPR), which we have agreed with the provider.
The data will be deleted when the purpose of its collection no longer applies and there is no obligation to store it. Further information is available in the provider's privacy policy at https://www.snap.com/en-GB/privacy/privacy-policy retrievable.
We use Outbrain for advertising. The provider is Outbrain Inc., 222 Broadway 19th Floor, New York, NY 10038. The provider processes usage data (e.g. websites visited, interest in content, access times) and meta/communication data (e.g. device information, IP addresses) in the USA.
The legal basis for processing is Art. 6 (1) (a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time, for example by contacting us using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of processing up to the revocation.
The legal basis for the transfer to a country outside the EEA is standard contractual clauses. The security of data transferred to the third country (i.e. a country outside the EEA) is guaranteed by standard data protection clauses adopted in accordance with the audit procedure in accordance with Article 93 (2) GDPR (Article 46 (2) lit. c GDPR), which we have agreed with the provider.
The data will be deleted when the purpose of its collection no longer applies and there is no obligation to store it. Further information is available in the provider's privacy policy at https://www.outbrain.com/legal/privacy#privacy-policy retrievable.
We use Google Conversion Tag for conversion tracking. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes usage data (e.g. websites visited, interest in content, access times) in the USA.
The legal basis for processing is Art. 6 (1) (a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time, for example by contacting us using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of processing up to the revocation.
The legal basis for the transfer to a country outside the EEA is standard contractual clauses. The security of data transferred to the third country (i.e. a country outside the EEA) is guaranteed by standard data protection clauses adopted in accordance with the audit procedure in accordance with Article 93 (2) GDPR (Article 46 (2) lit. c GDPR), which we have agreed with the provider.
The data will be deleted when the purpose of its collection no longer applies and there is no obligation to store it. Further information is available in the provider's privacy policy at https://policies.google.com/privacy?hl=enhttps://support.google.com/tagmanager/answer/9323295?hl=en&ref_topic=3441532 retrievable.
We use Facebook Conversion API for analysis. The provider is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The provider processes usage data (e.g. websites visited, interest in content, access times) and meta/communication data (e.g. device information, IP addresses) in the USA.
The legal basis for processing is Art. 6 (1) (a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time, for example by contacting us using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of processing up to the revocation.
The legal basis for the transfer to a country outside the EEA is standard contractual clauses. The security of data transferred to the third country (i.e. a country outside the EEA) is guaranteed by standard data protection clauses adopted in accordance with the audit procedure in accordance with Article 93 (2) GDPR (Article 46 (2) lit. c GDPR), which we have agreed with the provider.
The data will be deleted when the purpose of its collection no longer applies and there is no obligation to store it. Further information is available in the provider's privacy policy at https://www.facebook.com/policy.php retrievable.
We use Bing Ads conversion tracking for analysis. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. The provider processes usage data (e.g. websites visited, interest in content, access times) and meta/communication data (e.g. device information, IP addresses) in the USA.
The legal basis for processing is Art. 6 (1) (a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time, for example by contacting us using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of processing up to the revocation.
The data will be deleted when the purpose of its collection no longer applies and there is no obligation to store it. Further information is available in the provider's privacy policy at https://privacy.microsoft.com/en-gb/privacystatement retrievable.
We use Taboola for conversion tracking. The provider is Taboola, Inc., 16 Madison Square West, 7th fl., New York, NY, 10010, USA. The provider processes usage data (e.g. websites visited, interest in content, access times) and meta/communication data (e.g. device information, IP addresses) in the USA.
The legal basis for processing is Art. 6 (1) (a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time, for example by contacting us using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of processing up to the revocation.
The legal basis for the transfer to a country outside the EEA is standard contractual clauses. The security of data transferred to the third country (i.e. a country outside the EEA) is guaranteed by standard data protection clauses adopted in accordance with the audit procedure in accordance with Article 93 (2) GDPR (Article 46 (2) lit. c GDPR), which we have agreed with the provider.
The data collected directly for the purpose of placing advertising will be deleted no later than thirteen months after the site visitor's last interaction with the services. Further information is available in the provider's privacy policy at https://www.taboola.com/policies/privacy-policy retrievable.
We use TikTok Pixel for analysis and advertising. The provider is TikTok, Inc., 10100 Venice Blvd Suite 401 Culver City, CA 90232, USA. The provider processes meta/communication data (e.g. device information, IP addresses) and contact data (e-mail address, telephone number) in the USA.
The legal basis for processing is Art. 6 (1) (a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time, for example by contacting us using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of processing up to the revocation.
The data will be deleted when the purpose of its collection no longer applies and there is no obligation to store it. Further information is available in the provider's privacy policy at https://ads.tiktok.com/i18n/official/policy/privacy retrievable.
We use Sentry to monitor the website and to track errors on the website. The provider is Functional Software, Inc, 132 Hawthorne Street San Francisco, CA 94107, USA. The provider processes usage data (e.g. websites visited, interest in content, access times) and meta/communication data (e.g. device information, IP addresses) in the USA.
The legal basis for processing is Art. 6 (1) p. 1 lit. f GDPR. We have a legitimate interest in adequately monitoring the functionality of our applications.
The legal basis for transfer to a country outside the EEA is standard contractual clauses. The security of data transferred to the third country (i.e. a country outside the EEA) is ensured by standard data protection clauses, which were adopted as part of the review process under Article 93 paragraph 2 of the GDPR (Article 46 paragraph 2 letter c of the GDPR) and which we have agreed with the provider.
The data is deleted when the purpose for which it was collected no longer applies and there is no obligation to store it. For more information, see the provider's privacy policy at https://sentry.io/privacy/.
We use Awin for affiliate marketing. The provider is AWIN AG, Landsberger Allee 104 BC, 10249 Berlin. The provider processes usage data (e.g. websites visited, interest in content, access times), contact data (e.g. email addresses, telephone numbers) and meta/communication data (e.g. device information, IP addresses) in the EU.
The legal basis for processing is Art. 6 (1) (a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time, for example by contacting us using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of processing up to the revocation.
The data will be deleted when the purpose of its collection no longer applies and there is no obligation to store it. Further information is available in the provider's privacy policy at https://www.awin.com/de/datenschutzerklarung retrievable.
We use Typeform for questionnaires and forms. The provider is Typeform S.L., 163 Carrer de Bac de Roda, Barcelona, Spain. The provider processes content data (e.g. entries in online forms) and meta/communication data (e.g. device information, IP addresses) in the USA.
The legal basis for processing is Art. 6 (1) (f) GDPR. We have a legitimate interest in requesting information from customers and other people in a simple and appealing way.
The legal basis for the transfer to a country outside the EEA is standard contractual clauses. The security of data transferred to the third country (i.e. a country outside the EEA) is guaranteed by standard data protection clauses adopted in accordance with the audit procedure in accordance with Article 93 (2) GDPR (Article 46 (2) lit. c GDPR), which we have agreed with the provider.
The data will be deleted when the purpose of its collection no longer applies and there is no obligation to store it. Further information is available in the provider's privacy policy at https://admin.typeform.com/to/dwk6gt retrievable.
We use Aircall for phone calls. The provider is Aircall SAS, 11 Rue Saint-Georges, 75009 Paris, France. The provider processes meta/communication data (e.g. contact number, IP addresses, if applicable) in the USA.
The legal basis for processing is Art. 6 (1) (f) GDPR. We have a legitimate interest in contacting our customers.
The legal basis for the transfer to a country outside the EEA is standard contractual clauses. The security of data transferred to the third country (i.e. a country outside the EEA) is guaranteed by standard data protection clauses adopted in accordance with the audit procedure in accordance with Article 93 (2) GDPR (Article 46 (2) lit. c GDPR), which we have agreed with the provider.
The data will be deleted when the purpose of its collection no longer applies and there is no obligation to store it. Further information is available in the provider's privacy policy at https://aircall.io/privacy/ retrievable.
We use Twitter Conversion Tag for conversion tracking. The provider is Twitter International Company, 26 Fenian St, Dublin, D02 FX09, Ireland. The provider processes usage data (e.g. websites visited, interest in content, access times) and meta/communication data (e.g. device information, IP addresses) in the USA.
The legal basis for processing is Art. 6 (1) (a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time, for example by contacting us using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of processing up to the revocation.
The legal basis for the transfer to a country outside the EEA is standard contractual clauses. The security of data transferred to the third country (i.e. a country outside the EEA) is guaranteed by standard data protection clauses adopted in accordance with the audit procedure in accordance with Article 93 (2) GDPR (Article 46 (2) lit. c GDPR), which we have agreed with the provider.
The data will be deleted when the purpose of its collection no longer applies and there is no obligation to store it. Further information is available in the provider's privacy policy at https://twitter.com/en/privacy retrievable.
We use Webflow to create websites. The provider is Webflow, Inc., 398 11th St., Floor 2, San Francisco, CA 94103, USA. The provider processes usage data (e.g. websites visited, interest in content, access times) and meta/communication data (e.g. device information, IP addresses) in the USA.
The legal basis for processing is Art. 6 (1) (f) GDPR. We have a legitimate interest in setting up and maintaining a website and thus presenting ourselves to the outside world.
The legal basis for the transfer to a country outside the EEA is standard contractual clauses. The security of data transferred to the third country (i.e. a country outside the EEA) is guaranteed by standard data protection clauses adopted in accordance with the audit procedure in accordance with Article 93 (2) GDPR (Article 46 (2) lit. c GDPR), which we have agreed with the provider.
We delete the data when the purpose of its collection has ceased to apply. Further information is available in the provider's privacy policy at https://webflow.com/legal/eu-privacy-policy retrievable.
We use amplitude for product analysis. The provider is Amplitude, Inc., 631 Howard St. Floor 5. San Francisco, CA 94105, USA. The provider processes usage data (e.g. websites visited, interest in content, access times) and meta/communication data (e.g. device information, IP addresses) in the USA.
The legal basis for processing is Art. 6 (1) (a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time, for example by contacting us using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of processing up to the revocation.
The legal basis for the transfer to a country outside the EEA is standard contractual clauses. The security of data transferred to the third country (i.e. a country outside the EEA) is guaranteed by standard data protection clauses adopted in accordance with the audit procedure in accordance with Article 93 (2) GDPR (Article 46 (2) lit. c GDPR), which we have agreed with the provider.
The data will be deleted when the purpose of its collection no longer applies and there is no obligation to store it. Further information is available in the provider's privacy policy at https://amplitude.com/privacy retrievable.
In the event of non-payment, we will share the following personal data with our collection partner:
● First and last name
● Postal address
● Contact details (email address, telephone number, if available)
● Bank details (bank name, IBAN, BIC)
● all data and information required to fulfill the legal reporting and information requirements when asserting the claim (the reason for the claim, the subject matter of the contract and the date of conclusion of the contract, interest and interest calculation basis, if applicable)
● Documents necessary for collection of claims, in particular the original enforcement titles and documents in the case of claims that have already been titled.
The partner is coeo Inkasso GmbH Kieler Strasse 16 41540 Dormagen, Germany. The personal data listed above is processed in the EU. The partner acts as an independent person responsible within the meaning of the GDPR.
The legal basis for the transfer of data is Article 6 (1) (b) GDPR, as processing is necessary to fulfill a contract concluded with the user.
We use Greenair to offer users the opportunity to check whether they are eligible for GHG quotas. The provider is GreenAir GmbH, Baruther Str. 20/21, D-15806 Zossen. The provider processes meta/communication data (e.g. contact number, IP addresses, if applicable) in the EU.
The legal basis for processing is Art. 6 (1) (a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time, for example by contacting us using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of processing up to the revocation.
The data will be deleted when the purpose of its collection no longer applies and there is no obligation to store it. Further information is available in the provider's privacy policy at https://thg.green-air.info/datenschutz/ retrievable.
On our website, users have the opportunity to request an offer for a solar module. For this purpose, we collect the following personal data:
● First and last name
● Email address
The data is passed on to our partner Soly, who takes on the task of providing users with a suitable offer. The provider is Soly Germany Operations GmbH, Reisholzer Werftstraße 25 a, 40589 Düsseldorf.
The transfer of data by us is based on consent in accordance with Article 6 (1) (a) GDPR. Data subjects can withdraw their consent at any time, for example by contacting us using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of processing up to the revocation.
Further information about the subsequent processing of personal data by Soly can be found in the provider's privacy policy: https://soly-energy.de/datenschutzerklarung/.
We use Make to automate and send messages on the website. The provider is Celonis, Inc., One World Trade Center, 87th Floor, New York, NY, 10007, USA. The provider processes metadata/communication data (e.g. device information, IP addresses) in the EU.
The legal basis for processing is Article 6 (1) (f) GDPR. We have a legitimate interest in automating processes and communication with our customers.
The data is deleted when the purpose of its collection has ceased to exist and there is no obligation to store it. For more information, see the provider's privacy policy at https://www.make.com/en/privacy-notice
We use Shopify to maintain an online shop. The provider is Shopify International Limited, Victoria Buildings, 2nd floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. The provider processes meta/communication data (e.g. device information, IP addresses) in the EU.
The legal basis for processing is Art. 6 (1) (a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time, for example by contacting us using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of processing up to the revocation.
The data will be deleted when the purpose of its collection no longer applies and there is no obligation to store it. Further information is available in the provider's privacy policy at https://www.shopify.de/legal/datenschutz retrievable.
On our website, users have the opportunity to request an offer for heating systems. For this purpose, we process the following personal data:
- First and last name
- address
- Email address
- phone number
- type of house (apartment or family house)
- type of energy used (gas or oil)
- Information about the existing heating system
The data is passed on to our partner Vaillant, who takes on the task of providing users with a suitable offer. The provider is Vaillant Deutschland GmbH & Co. KG, Berghauser Str. 40, 42859 Remscheid. The transfer of data by us is based on consent in accordance with Article 6 (1) (a) GDPR. Data subjects can withdraw their consent at any time, for example by contacting us using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of processing up to the revocation.
Further information about the subsequent processing of personal data by Soly can be found in the provider's privacy policy: https://www.vaillant.de/ueber-uns/datenschutz/.
We use Shop Payments to process payments in an online shop. The provider is Shopify International Limited, Victoria Buildings, 2nd floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. The provider processes meta/communication data (e.g. device information, IP addresses) and payment data in the EU.
The legal basis for processing is Article 6 (1) (b) GDPR. Processing is necessary to fulfill a contract with the respective website visitor.
The data will be deleted when the purpose of its collection no longer applies and there is no obligation to store it. Further information is available in the provider's privacy policy at https://www.shopify.de/legal/datenschutz retrievable.
We use Spoteffects for analysis. The provider is XAD spoteffects GmbH, Saarstraße 7, 80797 Munich. The provider processes usage data (e.g. websites visited, interest in content, access times), contact data (e.g. email addresses, telephone numbers) and meta/communication data (e.g. device information, IP addresses) in the EU.
The legal basis for processing is Art. 6 (1) (a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time, for example by contacting us using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of processing up to the revocation.
The data will be deleted when the purpose of its collection no longer applies and there is no obligation to store it. Further information is available in the provider's privacy policy at https://xadspoteffects.com/datenschutzerklaerung retrievable.
We use Judge.me to conduct customer surveys. The provider is Judge.me Ltd, Buckworths, 1-3 Worship Street, London EC2A 2AB, Great Britain. The provider processes content data, usage data (e.g. websites visited, access times), contact data (e.g. email addresses, telephone numbers) and meta/communication data (e.g. device information, IP addresses) in the EU.
The legal basis for processing is Art. 6 (1) (a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time, for example by contacting us using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of processing up to the revocation.
The data will be deleted when the purpose of its collection no longer applies and there is no obligation to store it. Further information is available in the provider's privacy policy at https://judge.me/privacy retrievable.
We use VWO for A/B testing. The provider is Wingify Software Private Limited, 1104, 11th Floor, KLJ Tower North B-5, Netaji Subhash Place, Pitampura, Delhi - 110034, India. The provider processes usage data (e.g. websites visited, interest in content, access times) and meta/communication data (e.g. device information, IP addresses) in the USA.
The legal basis for processing is Art. 6 (1) (f) GDPR. We have a legitimate interest in adequately monitoring the performance of our applications.
The legal basis for transfer to a country outside the EEA is standard contractual clauses. The security of data transferred to the third country (i.e. a country outside the EEA) is ensured by standard data protection clauses (Art. 46 para. 2 lit. c GDPR), which the EU Commission has agreed with the provider as part of the audit procedure under Article 93 (2) GDPR.
The data is deleted when the purpose for which it was collected no longer applies and there is no obligation to store it. For more information, please see the provider's privacy policy at https://vwo.com/privacy-policy/#locale_lang.
We are represented on social media networks to present our company and our services. The operators of these networks regularly process their users' data for advertising purposes. Among other things, they create user profiles from their online behavior, which are used, for example, to show advertising on network sites and elsewhere on the Internet that meets the interests of users. For this purpose, network operators store information on usage behavior in cookies on the user's computer. In addition, it cannot be ruled out that operators may combine this information with other data. Users can obtain further information and advice on how users can object to processing by the site operators in the data protection declarations of the respective operators listed below. It may also be that the operators or their servers are located in non-EU countries so that they process data there. This can result in risks for users, for example because it is difficult to enforce their rights or because government agencies gain access to the data.
When network users contact us via our profiles, we process the data provided to us in order to answer the inquiries. This is our legitimate interest, so that the legal basis is Article 6 (1) (f) GDPR.
We maintain a profile on Facebook. The operator is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The privacy policy is available here: https://www.facebook.com/policy.php. One way to object to data processing is via settings for advertisements: https://www.facebook.com/settings?tab=ads. On the basis of an agreement within the meaning of Art. 26 GDPR with Facebook, we are jointly responsible for processing the data of visitors to our profile. Facebook explains exactly which data is processed at https://www.facebook.com/legal/terms/information_about_page_insights_data. Data subjects can exercise their rights both against us and against Facebook. However, according to our agreement with Facebook, we are required to forward inquiries to Facebook. Those affected will therefore receive faster feedback if they contact Facebook directly.
We maintain a profile on Instagram. The operator is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The privacy policy is available here: https://help.instagram.com/519522125107875.
We maintain a profile on Snapchat. The operator is Snap Inc., 3000 31st Street, Santa Monica, California 90405, USA. The privacy policy is available here: https://snap.com/de-DE/privacy/privacy-policy.
We maintain a profile on Tiktok. The operator is musical.ly Inc., 10351 Santa Monica Blvd #310, Los Angeles, CA 90025 USA. The privacy policy is available here: https://www.tiktok.com/de/privacy-policy.
We maintain a profile on Pinterest. The operator is Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA. The privacy policy is available here: https://about.pinterest.com/de/privacy-policy. One way to object to data processing is through the settings for advertisements: https://about.pinterest.com/de/privacy-policy.
We maintain a profile on YouTube. The operator is Google Ireland Limited Gordon House, Barrow Street Dublin 4. Ireland. The privacy policy is available here: https://policies.google.com/privacy?hl=de.
We have a profile on Twitter. The operator is Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The privacy policy is available here: https://twitter.com/de/privacy. One way to object to data processing is through the settings for advertisements: https://twitter.com/personalization.
We maintain a profile on LinkedIn. The operator is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The privacy policy is available here: https://https://www.linkedin.com/legal/privacy-policy?_l=de_DE. One way to object to data processing is through the settings for advertisements: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Our app is available for download in Apple's App Store and Google's Play Store (hereinafter “Stores”). When users download the app, the required information is transferred to the stores, in particular the user name, email address and customer number of the account, time of download, payment information and the individual device ID. We have no influence on this data collection and are not responsible for it. We only process the data to the extent necessary to download the mobile app onto the user's mobile device.
Users can also download this mobile app directly onto their mobile device via our website. When downloaded, additional user data is processed via the website, which we provide information about in our website's privacy policy.
Our app is hosted by the provider Amazon Web Services, Inc, 410 Terry Avenue North, Seattle WA 98109, USA. In doing so, the provider processes the personal data transmitted via the app, e.g. content, usage, meta/communication data or contact data. It is our legitimate interest to provide a website, so the legal basis for data processing is Art. 6 (1) (f) GDPR. The provider hosts the app on servers in Germany.
When users use our app, we collect the data that is technically necessary for us to offer users the functions of our app and to ensure stability and security. This is our legitimate interest, so that the legal basis is Article 6 (1) (f) GDPR. The data processed in this regard are:
●IP address
●Date and time of request
●Time zone difference to Greenwich Mean Time (GMT)
●Content of the request (specific page)
●Access status/HTTP status code
●Amount of data transferred in each case
●Operating system and interface
●Software language and version
In the app, we process data to provide the user with functions of the app. The legal basis for processing is the user agreement concluded with the user via the app.
The data processed in this respect is only the data entered into the app by the user himself.
Users can open a user account in the app. We process the data requested in this context to fulfill the respective user contract concluded via the account, so that the legal basis for processing is Art. 6 (1) (b) GDPR. We delete the data when users delete their user account.
We use Intercom to improve customer dialogue. The provider is Intercom R&D Unlimited Company, 2nd Floor Stephen Court, 18-21 St. Stephen's Green, Dublin, 2, Ireland. The provider processes content data (e.g. entries in online forms), contact data (e.g. e-mail addresses, telephone numbers), meta/communication data (e.g. device information, IP addresses) and master data (e.g. names, addresses) in the USA.
The legal basis for processing is Art. 6 (1) (f) GDPR. We have a legitimate interest in reaching out to our customers as simply as possible and thus improving the exchange with them.
The legal basis for the transfer to a country outside the EEA is standard contractual clauses. The security of data transferred to the third country (i.e. a country outside the EEA) is guaranteed by standard data protection clauses adopted in accordance with the audit procedure in accordance with Article 93 (2) GDPR (Article 46 (2) lit. c GDPR), which we have agreed with the provider.
We delete the data when the purpose of its collection has ceased to apply. Further information is available in the provider's privacy policy at https://www.intercom.com/de/legal/privacy retrievable.
We use Google Analytics for analytics. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes meta/communication data (e.g. device information, IP addresses) in the USA.
The legal basis for processing is Art. 6 (1) (a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time, for example by contacting us using the contact details provided in our privacy policy. The revocation has no influence on the lawfulness of processing up to the revocation.
The legal basis for transfer to a country outside the EEA is standard contractual clauses. The security of data transferred to the third country (i.e. a country outside the EEA) is ensured by standard data protection clauses (Art. 46 para. 2 lit. c GDPR), which the EU Commission has agreed with the provider as part of the audit procedure under Article 93 (2) GDPR.
We delete the data when the purpose for which it was collected no longer applies. For more information, see the provider's privacy policy at https://policies.google.com/privacy?hl=en-US
We use Adjust for analysis. The provider is Adjust GmbH, Saarbrücker Str. 37A, 10405 Berlin. The provider processes usage data (e.g. websites visited, interest in content, access times) and meta/communication data (e.g. device information, IP addresses) in the EU.
The legal basis for processing is Art. 6 (1) (a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time, for example by contacting us using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of processing up to the revocation.
The data will be deleted when the purpose of its collection no longer applies and there are no storage obligations. Further information is available in the provider's privacy policy at https://www.adjust.com/terms/privacy-policy/ retrievable.
We use Sentry to monitor the application and to track errors in the applications. The provider is Functional Software, Inc., 132 Hawthorne Street San Francisco, CA 94107, USA. The provider processes usage data (e.g. websites visited, interest in content, access times) and meta/communication data (e.g. device information, IP addresses) in the USA.
The legal basis for processing is Art. 6 (1) (f) GDPR. We have a legitimate interest in adequately monitoring the functionality of our applications.
The legal basis for the transfer to a country outside the EEA is standard contractual clauses. The security of data transferred to the third country (i.e. a country outside the EEA) is guaranteed by standard data protection clauses adopted in accordance with the audit procedure in accordance with Article 93 (2) GDPR (Article 46 (2) lit. c GDPR), which we have agreed with the provider.
The data will be deleted when the purpose of its collection no longer applies and there is no obligation to store it. Further information is available in the provider's privacy policy at https://sentry.io/privacy/ retrievable.
We use Firebase Cloud Messaging to communicate with users. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes usage data (e.g. websites visited, interest in content, access times) and meta/communication data (e.g. device information, IP addresses) in the EU.
The legal basis for processing is Art. 6 (1) (a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time, for example by contacting us using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of processing up to the revocation.
The data will be deleted when the purpose of its collection no longer applies and there is no obligation to store it. Further information is available in the provider's privacy policy at https://firebase.google.com/support/privacy retrievable.
We use SmartLook for tracking and analysis. The provider is Smartlook.com, s.r.o., Reg. No.: 09508830, Šumavská 524/31, Veveří, 602 00 Brno, Czech Republic. The provider processes usage data (e.g. websites visited, interest in content, access times) in the EU.
The legal basis for processing is Art. 6 (1) (a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time, for example by contacting us using the contact details provided in our privacy policy. The revocation has no influence on the lawfulness of processing up to the revocation.
The data is deleted when the purpose of its collection has ceased to exist and there is no obligation to store it. For more information, see the provider's privacy policy at https://help.smartlook.com/docs/privacy-policy
We use Enode to enable users to integrate electric vehicles (EVs), EV chargers (e.g. wallbox), solar systems, intelligent thermostats, and heat pumps into our mobile app. The provider is Enode AS, Inkognitogata 24C, 0256, Oslo, Norway. The provider processes the location, charging statistics and general characteristics (VIN, vehicle type, battery size) about the electric vehicle and the EV chargers.
The legal basis for processing is Art. 6 (1) (a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time, for example by contacting us using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of processing up to the revocation.
The data will be deleted when the purpose of its collection no longer applies and there are no storage obligations. Further information is available in the provider's privacy policy at https://enode.com/privacy-policy retrievable.
We use Spoteffects for analysis. The provider is XAD spoteffects GmbH, Saarstraße 7, 80797 Munich. The provider processes usage data (e.g. websites visited, interest in content, access times), contact data (e.g. email addresses, telephone numbers) and meta/communication data (e.g. device information, IP addresses) in the EU.
The legal basis for processing is Art. 6 (1) (a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time, for example by contacting us using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of processing up to the revocation.
The data will be deleted when the purpose of its collection no longer applies and there is no obligation to store it. Further information is available in the provider's privacy policy at https://xadspoteffects.com/datenschutzerklaerung retrievable.
We use Vaillant to enable users to integrate electric vehicles (EVs), EV chargers (e.g. wallbox), solar systems, intelligent thermostats and heat pumps into our mobile app. The provider is Vaillant Deutschland GmbH & Co. KG, Berghauser Str. 40, 42859 Remscheid. The provider processes the location, charging statistics and general characteristics (VIN, vehicle type, battery size) about the electric vehicle and the EV chargers.
The legal basis for processing is Art. 6 (1) (a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time, for example by contacting us using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of processing up to the revocation.
The data will be deleted when the purpose of its collection no longer applies and there are no storage obligations. Further information is available in the provider's privacy policy at https://www.vaillant.de/ueber-uns/datenschutz/ retrievable.
We use Viessmann to enable users to integrate electric vehicles (EVs), EV chargers (e.g. wallbox), solar systems, intelligent thermostats and heat pumps into our mobile app. The provider is Viessmann Climate Solutions SE, Viessmannstraße 1, D-35108 Allendorf (Eder). The provider processes the location, charging statistics and general characteristics (VIN, vehicle type, battery size) about the electric vehicle and the EV chargers.
The legal basis for processing is Art. 6 (1) (a) GDPR. Processing is based on consent. Data subjects can withdraw their consent at any time, for example by contacting us using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of processing up to the revocation.
The data will be deleted when the purpose of its collection no longer applies and there are no storage obligations. Further information is available in the provider's privacy policy at https://www.viessmann.de/de/datenschutzerklaerung.html retrievable.
We reserve the right to change this privacy policy with effect for the future. A current version is always available here.
If you have any questions or comments regarding this privacy policy, please use the contact details provided above.