We are pleased that you are visiting our website. Below, we would like to inform you about how we handle your data in accordance with Art. 13 of the General Data Protection Regulation (GDPR).

Controller

The controller responsible for the data processing described below is the entity named in the legal notice (Imprint).

Data Protection Officer

Contact details: datenschutz nord GmbH (Berlin office), Kurfürstendamm 212, 10719 Berlin, email: office@datenschutz-nord.de.

If you contact our Data Protection Officer, please indicate the controller named in the legal notice (Imprint).

Usage data

When you visit our website, our web server processes so-called usage data in order to deliver the website. This data record consists of:

  • the name and address of the requested content
  • the date and time of the request
  • the volume of data transferred
  • the access status (content transferred, content not found)
  • a description of the web browser and operating system used
  • the referral link indicating from which page you came to our website
  • and the IP address of your internet connection

We also process the collected usage data in order to understand visitor behavior (reach measurement/web analytics) and to ensure the operational security and stability of the website.

The legal basis for processing the usage data is Art. 6(1)(f) GDPR (legitimate interests, based on our interest in delivering the website to our visitors and ensuring the security of the website).

Processing of the IP address for security purposes

In addition, we process the IP address transmitted by your web browser for a limited period of time in our legitimate interest to be able to detect, limit and eliminate attacks on our website. After the defined retention period has expired, we delete or anonymize the IP address.

The legal basis for the processing is Art. 6(1)(f) GDPR (legitimate interests, based on our interest in ensuring the security of the website).

Cookies

We use cookies on our website that are necessary for the use of our website. Cookies are text files that can be stored on your end device and read out. A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session.

Necessary cookies may contain information about certain settings. They may also be necessary to enable user guidance, security and the implementation of the site. As a rule, they are not personal data.

We do not use necessary cookies for analysis, tracking or advertising purposes. We use the cookies required for the operation of our website on the basis of Section 25(2) No. 2 TDDDG.

You can set your browser to inform you about the placement of cookies. You can also delete cookies at any time via the relevant browser setting and prevent the placement of new cookies. Please note that our website may then not be displayed in full and some functions may no longer be technically available.

Website analytics

To tailor our website to meet your needs, we use the web analytics tool Google Analytics. Google Analytics creates usage profiles based on pseudonyms. For this purpose, permanent cookies are stored on your end device and read by us. In this way, we are able to recognize returning visitors and analyze their behavior on our website.

Google Analytics is provided to us by Google Ireland Limited as a processor pursuant to Art. 28 GDPR. Data processing may also be carried out by Google LLC outside the EU or the EEA (in particular in the USA). With regard to Google LLC, an adequate level of data protection is ensured due to certification under the EU-U.S. Data Privacy Framework.

Data processing is carried out in accordance with Section 25(1) TDDDG and Art. 6(1)(a) GDPR on the basis of your consent, provided you have given your consent via our banner. You can withdraw your consent at any time. Please make the relevant settings via our banner.

The data collected in connection with the use of Google Analytics is automatically deleted after two months.

Appointment scheduling

On our website, you have the option to schedule an appointment for a product presentation. For this purpose, we use the service Calendly.

When you book an appointment, the data you enter in the booking form (name, company, email address and telephone number) is transmitted to Calendly and processed there in order to enable the organization and conduct of the appointment.

In addition, Calendly processes technical data (including IP address, timestamp, device and browser information) in order to provide the service.

Calendly is provided to us by Calendly, LLC as a processor pursuant to Art. 28 GDPR. Data processing may take place outside the EU or the EEA (in particular in the USA). With regard to Calendly, LLC, an adequate level of data protection is ensured due to certification under the EU-U.S. Data Privacy Framework.

Your data is processed for the implementation of pre-contractual measures or for the performance of a contract pursuant to Art. 6(1)(b) GDPR. We also base the processing of your data on Art. 6(1)(f) GDPR (legitimate interests, based on our interest in efficient and user-friendly appointment scheduling).

We delete the data you provide in connection with scheduling the appointment as soon as it is no longer required for the conduct of the appointment and any follow-up questions, and provided that no statutory retention obligations prevent deletion.

Lead generation

We use so-called Lead Ads from Meta Platforms Ireland Limited, based in Ireland, to give interested parties the opportunity to contact us via the Facebook and Instagram platforms and to express their interest in our financial services in the field of renewable energies.

Contact

If you complete a lead ad form on Facebook or Instagram, the data you enter (name, company, email address and telephone number) is collected by Meta Platforms and transmitted to us. We process this data to handle your inquiry, contact you, and provide you with information about our products and services in the field of renewable energies.

Your data is processed on the basis of the consent you have previously given in accordance with Art. 6(1)(a) GDPR. When using Lead Ads, your data is also processed by Meta Platforms. We have no influence over this processing. Further information on data processing by Meta Platforms can be found in Meta’s privacy policy at https://www.facebook.com/privacy/policy/.

Meta Platforms, Inc. processes your data in third countries, in particular in the USA. Meta Platforms, Inc. bases data transfers to the USA on certification under the EU-U.S. Data Privacy Framework. This ensures an adequate level of data protection.

We delete the data processed by us in the context of Lead Ads as soon as it is no longer required for the stated purposes and provided that no statutory retention obligations prevent deletion.

You have the option of contacting us by letter or email. For the purpose of contacting us, we process the data required in each case. In addition, you can decide yourself whether and, if applicable, which data you would like to provide to us.

We process your data to respond to your inquiry. We delete your data provided it is no longer necessary and no statutory retention obligations prevent deletion. We process your data on the basis of Art. 6(1)(f) GDPR (legitimate interests, based on our interest in responding to inquiries from website visitors).

Protection of web forms

To protect our web forms against automated inquiries, we use the reCAPTCHA service. With the CAPTCHA function, all user inputs and mouse movements that you make on our website are automatically recorded (regardless of whether you visit pages that contain web forms).

The data collected in this way is used to assess whether the inputs originate from a human being or an automated program.

reCAPTCHA is provided to us by Google Ireland Limited as a processor pursuant to Art. 28 GDPR. Data processing may also be carried out by Google LLC outside the EU or the EEA (in particular in the USA). With regard to Google LLC, an adequate level of data protection is ensured due to certification under the EU-U.S. Data Privacy Framework.

Data processing is carried out on the basis of your consent, provided you have previously given your consent via our banner solution.

Access-restricted area

If you would like to use our access-restricted area (craftsmen portal), prior registration is required. We only collect the data required for registration and provision of the service.

Processing is carried out on the basis of Art. 6(1)(f) GDPR (legitimate interests, based on our interest in providing you with the services and information of the access-restricted area). We provide separate privacy notices for the craftsmen portal.

Integration of other technical third-party content and functions

To display our website, we use the technical functions and content of third-party providers listed below. Accessing our website causes content to be loaded from the third-party providers that supply these functions and content. As a result, the third party receives the information that you have accessed our website as well as the technically required usage data in this context.

We have no influence on the third party’s further data processing. Data processing is carried out on the basis of your consent, provided you have previously given your consent via our banner solution, unless otherwise indicated in the table below. In this case, data processing is carried out on the basis of Art. 6(1)(f) GDPR (legitimate interests, based on our interest in ensuring the security of the website).

Please note that the use of third-party content and functions may result in your data being processed outside the EU or the EEA. If data is processed outside the EU or the EEA (in particular in the USA), we provide information on the level of data protection in the table below.

Provider Service Adequate level of data protection Withdrawal of consent
Amazon Web Services EMEA SARL (Luxemburg) / Amazon Web Services, Inc. (USA) CloudFront For transfers to the USA, an adequate level of data protection is ensured due to the provider’s certification under the EU-U.S. Data Privacy Framework. n/a
Google Ireland Limited (Ireland) / Google LLC (USA) Google Fonts For transfers to the USA, an adequate level of data protection is ensured due to the provider’s certification under the EU-U.S. Data Privacy Framework. Data processing is carried out on the basis of Art. 6(1)(f) GDPR. If you wish to withdraw your consent, please click here and make the relevant setting via our banner.
Google Ireland Limited (Ireland) / Google LLC (USA) Google Tag Manager For transfers to the USA, an adequate level of data protection is ensured due to the provider’s certification under the EU-U.S. Data Privacy Framework. If you wish to withdraw your consent, please click here and make the relevant setting via our banner.

Retention period

Unless we have already provided specific information on the retention period, we delete personal data when it is no longer required for the aforementioned processing purposes and no legitimate interests or other (statutory) reasons for retention prevent deletion.

Further processors

As part of processing on our behalf pursuant to Art. 28 GDPR, we pass on your data to service providers who support us in operating our website and the related processes. These are, for example, hosting service providers. Our service providers are strictly bound by our instructions and contractually obligated accordingly.

Below, we list the processors with whom we work, insofar as we have not already done so in the above text of the privacy notice. If, in this context, data may be processed outside the EU or the EEA, we inform you of this in the table below.

Data processor Purpose Adequate level of data protection
Webflow, Inc. Webhosting and support For transfers to the USA, an adequate level of data protection is ensured due to the provider’s certification under the EU-U.S. Data Privacy Framework.

Data security

To protect your data as comprehensively as possible against unwanted access, we take technical and organizational measures. We use an encryption procedure on our website.

Your data is transmitted from your computer to our server and back via the internet using TLS encryption. You can usually recognize this by the closed lock symbol in your browser’s status bar and the address line beginning with https://.

Your rights

When processing your personal data, the GDPR grants you, as the data subject, certain rights:

Right of access (Art. 15 GDPR)
You have the right to request confirmation as to whether personal data concerning you is being processed; if this is the case, you have a right of access to this personal data and to the information listed in detail in Art. 15 GDPR.

Right to rectification (Art. 16 GDPR)
You have the right to request without undue delay the rectification of inaccurate personal data concerning you and, where applicable, the completion of incomplete data.

Right to erasure (Art. 17 GDPR)
You have the right to request that personal data concerning you be erased without undue delay, provided that one of the reasons listed in detail in Art. 17 GDPR applies.

Right to restriction of processing (Art. 18 GDPR)
You have the right to request the restriction of processing if one of the conditions listed in Art. 18 GDPR is met, e.g., if you have objected to processing, for the duration of the controller’s review.

Right to data portability (Art. 20 GDPR)
In certain cases listed in detail in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format, and/or to request the transmission of this data to a third party.

Withdrawal of consent (Art. 7 GDPR)
Where data is processed on the basis of your consent, you are entitled under Art. 7(3) GDPR to withdraw your consent to the use of your personal data at any time. Please note that the withdrawal only takes effect for the future. Processing carried out before the withdrawal is not affected.

Right to object (Art. 21 GDPR)
If data is collected on the basis of Art. 6(1)(f) GDPR (data processing for the purposes of legitimate interests) or on the basis of Art. 6(1)(e) GDPR (data processing in the public interest or in the exercise of official authority), you have the right to object to the processing at any time on grounds relating to your particular situation. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

Complaint to a supervisory authority (Art. 77 GDPR)
Under Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of data concerning you violates data protection provisions. The right to lodge a complaint may be exercised, in particular, with a supervisory authority in the Member State of your habitual residence, your place of work or the place of the alleged infringement.

Exercising your rights.

Unless otherwise described above, please contact the entity named in the legal notice (Imprint) to exercise your data subject rights.