Personal Data Protection and Processing Policy

1. Here you can find our information on data protection for: https://ekd-solar.de
So that you know how and why your data is used, it is important that you read this privacy policy and all other information on data protection and fair data processing that we provide to you on certain occasions in connection with the collection or processing of your personal data.
The terms used refer to the definitions in accordance with Art. 4 of the EU General Data Protection Regulation (GDPR).
2. Note on the responsible body
The responsible body for the processing of your personal data on this website is:
Energiekonzepte Deutschland GmbH
Torgauer Straße 336,
04347 Leipzig
Managing Directors: Silvio Bräuer, Ricardo Kopp, Timo Sillober, Lukas Wasemann
Telephone: +49 342 98 98 990
Email: info@ekd-solar.de
We have appointed a data protection officer. If you have any questions about data protection, please contact:
Florian Melzer, www.patronus-datenservice.de
E-mail: datenschutz@ekd-solar.de
3. Summary
When you visit our website, your browser automatically sends us some information, such as your IP address. It is necessary to process data in order to be able to process your request. In order to continuously improve our website for you, we rely on the support of analysis services. We also have “EKD” profiles on some social networks, through which we can view information about you. We work with partners and service providers who can receive your data for specific purposes.
4. Server log files
The provider of the site automatically collects and stores information in so-called server log files, which your browser automatically transmits to us and makes available to us.
These are:
• Browser type and browser version
• Operating system used
• Referrer URL
• Host name of the accessing computer
• Time of the server request
• IP address
The data is stored in log files so that we can deliver the website to you. In addition, we use the data to technically optimize the website and to ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context. The legal basis for data processing is Art. 6 Para. 1 f GDPR. We have a legitimate interest in the technically error-free presentation of our website, for which server log files must be recorded.
5. Hosting
We use the managed WordPress hosting of HostPress GmbH ("HostPress").
In doing so, we process the data in accordance with Section 4 of this declaration and all data concerning you that arise when using our website, such as content and communication data. This data processing is necessary in order to be able to deliver our web content to you efficiently and effectively. Our web offers are delivered to you from our provider's servers. We have concluded a data processing agreement with "HostPress".
The legal basis for data processing is Art. 6 Para. 1 f GDPR. As shown above, we have a legitimate interest in using "HostPress". Further information on data protection at "HostPress" can be found at https://www.hostpress.de/datenschutz/.
6. Communication
a. "Free offer" / "Free advice" / "Solar power check"
You can take advantage of our free advice offer by filling out a contact form. We process the following data from you:
About you
• First and last name, postcode
• Telephone, email address
About the project
• Target solar system
• Annual electricity consumption
• Roof shape
• Housing and ownership situation of the property in question
We process the data on the basis of Art. 6 Para. 1 b GDPR, namely to initiate a contractual relationship and, upon conclusion of the contract, also to implement and terminate this and Art. 6 Para. 1 f GDPR. Our legitimate interest then follows from answering your inquiry.
As a rule, we keep your data for up to 10 years for commercial and tax law reasons and for up to 2 or 5 years for any warranty claims (Section 438 BGB). In the case of mere inquiries, we generally delete them after 1 year. You can find out more below.
b. Contact option
On our website we offer you the opportunity to contact us by email and/or via a contact form. In this case, the information provided by the user will be stored and processed for the purpose of processing his or her contact.
If you contact us by telephone, we also process data as described above. We store these requests in our internal ticket system.
The processing of the data provided is carried out either on the basis of Art. 6 Para. 1 lit. b insofar as this concerns contractual matters or A

rt. 6 Para. 1 lit. f GDPR. Our legitimate interest then follows from answering your request and our interest in an efficient organization.
c. Advertising (Section 7 UWG)
We would like to inform you in the future (assuming you have found and bought something from us) about what's new with us and what is related to your last purchase from us - i.e. advertising. For this purpose, we use your contact details such as email address and name. The legal basis for this processing is Art. 6 Para. 1 f GDPR. We have a legitimate interest in using your data for advertising purposes if you have bought something from us once.
Objection
You can object to the processing of your personal data for direct marketing purposes at any time free of charge. For more information, please see the information on your rights below.
d. Satisfaction survey
We would like to know what your experiences with us and our service are and would therefore be pleased if you give us your consent to contact you by telephone and email for the purpose of the satisfaction survey. We use your feedback to improve our products, services and processes and anonymize them after 6 months at the latest.
For the telephone survey, we use a telephony service provider with whom we have concluded a data processing agreement.
The legal basis for this processing is your voluntary consent in accordance with Section 25 TTDSG, Art. 6 Paragraph 1 Letter a of GDPR.
You have the right to object to this satisfaction survey at any time. This affects future processing and can be made known free of charge using the contact details provided above.
e. Become a partner
If you apply to be an assembly partner, we will process the following data from you in order to be able to check a potential joint collaboration and then contact you in the next step:
• Company name, field of activity
• Availability of scaffolding, tools and vehicle fleet, monthly capacity
• First and last name
• Telephone number, business address, email address
• Message and how you found out about us.
The processing of the data provided is carried out on the basis of Art. 6 (1) (b) GDPR or on the basis of Art. 6 (1) (f) GDPR. Our legitimate interest comes into play in particular if you contact us as an employee of a partner company.
The data from the request will be deleted after rejection if the request is not processed or will be kept for the duration of the collaboration and stored in accordance with general commercial and tax law aspects.
f. Proven Expert
We integrate a widget from "Proven Expert" on our website. "Proven Expert" is a service provided by Expert Systems AG, Quedlinburger Straße 1, 10589 Berlin, Germany (hereinafter referred to as: "Proven Expert"). We use Proven Expert to integrate customer reviews on our website. When you visit our website, Proven Expert records and stores your data in a log file in accordance with section 4.
We use Proven Expert to offer you the opportunity to view a performance rating from other customers on our website. At the same time, the use of Proven Expert serves quality assurance and optimization purposes. This is also where our legitimate interest in processing the above information lies. The legal basis is Art. 6 Para. 1 f GDPR.
Information from the third-party provider: Expert Systems AG, Quedlinburger Straße 1, 10589 Berlin, Germany. You can find further information from the third-party provider on data protection on the following Proven Expert website: https://www.provenexpert.com/de-de/datenschutzbestimmungen/.
g. E-mail dispatch
We send our e-mails using the service provider “Active campaign”, ActiveCampaign, LLC, 1 N Dearborn, Chicago, IL 60602.
We process the following data:
• Name, address
• E-mail address and content
• Opening and click rates
• Technical information, such as information about the browser and your system, as well as your IP address and the time of retrieval
The use of ActiveCampaign enables us to send e-mails securely and reliably, even in large numbers.
The measurement and analysis allows us to gain various insights and use them to improve our service and adapt our content. We find out whether the e-mail was opened by you, when it was opened and which links were clicked. This information is assigned to you and stored until it is deleted.
We base the use of ActiveCampaign and the associated processing on our legitimate interest in accordance with Art. 6 Para. 1 f GDPR. Our legitimate interest follows from the purposes named above.
We will delete your data either if you unsubscribe from receiving the emails or if you object in another way.

lodge an objection. Irrespective of this, your data on the opening and click rates will be deleted after 3 months. We can store the unsubscribed email addresses for up to three years on the basis of our legitimate interests before we delete them, in order to defend legal claims.
We have concluded a data processing agreement with ActiveCampaign: https://www.activecampaign.com/legal/dpa.
To ensure an appropriate level of data protection when processing in third countries, ActiveCampaign has concluded standard contractual clauses: https://www.activecampaign.com/legal/scc.
h. Meta
h.1. Facebook fan page and Instagram profile
We operate a Facebook fan page and an Instagram profile of Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (platforms "Facebook" and "Instagram", together "Meta"), among other things to communicate with you and other interested parties and to provide information about EKD and our range of services.
We process the following categories of data:
• Communication content such as messages and comments
• Interactions such as likes, views of stories, sharing of posts
• Profile information such as images and other information published by you
• The above information may also include special categories of personal data, the processing of which is, however, privileged in accordance with Art. 9 Para. 2 e GDPR
Independently of us, Meta evaluates your usage behavior on the platforms and uses the findings for various purposes. You can find more information about this below and in the "Insights" section.
If you are a member of Meta and are logged in to your profile at the same time when you visit our "fan page" or our Instagram profile, Meta links your visit to your personal user account.
Meta stores your data as usage profiles and can use them for the purposes of advertising, market research and/or tailoring its services to your needs. You have the right to object to the creation of these user profiles, and you must contact Meta to exercise this right.
Meta transmits the data about your usage behavior in particular to Meta Platforms Inc., 1601 Willow Rd Menlo Park, CA, USA and other companies in the Meta group of companies for independent processing by them. Meta explains the exact scope here: https://www.facebook.com/help/111814505650678
Meta can transmit your data to servers worldwide. This also affects locations in countries without an adequate level of data protection. For data transfers to the USA, for example, Meta has concluded so-called standard data protection clauses in accordance with Art. 46 Para. 2 lit. c GDPR. Since Meta belongs to a group of companies with the "parent company" based in the USA, Meta can also be subject to data requests from US authorities, the subsequent use of the data by the authorities of which is at least unclear. There is currently no legal protection against these requests comparable to the level in the EU, so there is an increased risk to your rights and freedoms.
If we process your personal data when operating the fan page or our Instagram profile, you are entitled to the rights set out in this data protection declaration. If you also want to assert your rights against Meta, the easiest way to do this is to contact Meta directly: https://www.facebook.com/privacy/policy/?section_id=13-HowToContactMeta
Meta knows both the details of the technical operation of the platform and the associated data processing as well as the specific purposes of the data processing and can implement appropriate measures upon request if you exercise your rights. We will be happy to support you in asserting your rights as far as we can and will forward your inquiries to Meta.
Due to the constant development of Facebook and Instagram, the availability and processing of the data changes, so for further information please refer to Meta's data protection declaration: https://www.facebook.com/privacy/center/.
The legal basis for this data processing is Art. 6 Para. 1 f GDPR based on our legitimate interest set out above.
h.2. Insights
We can access anonymous statistical data of various categories via the so-called “Insights” on the Facebook and Instagram pages. These statistics are generated and provided by Meta. This function cannot be turned off or the generation and processing of the data prevented. You can find more information at the following link: https://de-de.facebook.com/legal/terms/page_controller_addendum
Within the scope of the processing of personal data for the Insights statistics and limited to the collection by and transmission of data to Facebook, we and Facebook are joint controllers in accordance with Art. 26 GDPR. In this case, uge provides Facebook with an agreement that you can find here: https://de-de.facebook.com/legal/terms/page_controller_addendum.
Meta processes at least, but not exclusively, the following information from you for the "Insights":
• Interaction data (e.g. that you view posts, stories, videos, profiles, etc., mark posts with "Like", recommend a page, etc.)
• User data (e.g. name, age, meta ID, age and gender, region, etc.)
We cannot establish a direct personal reference, but Facebook can.
The legal basis for this data processing is Art. 6 Para. 1 f GDPR based on our legitimate interest in communicating with you, informing you and using the reach of meta products.
i. LinkedIn
We operate a LinkedIn page and an Instagram profile of LinkedIn Ireland Unlimited Company, Wilton Plaza Wilton Place, Dublin 2, Ireland (“LinkedIn”), to communicate with you and other interested parties and to provide information about EKD and our range of services.
We process the following categories of data:
• Communication content such as messages and comments
• Interactions such as likes, page visits, sharing posts
• Profile information such as images and other information published by you
• The above information may also include special categories of personal data, the processing of which is, however, privileged in accordance with Art. 9 Para. 2 e GDPR
Independently of us, LinkedIn evaluates your usage behavior on the platforms and uses the findings for various purposes. You can find more information on this on the LinkedIn website: https://www.linkedin.com/legal/privacy-policy.
LinkedIn assesses the collaboration with regard to the insights statistics made available to us as order processing in accordance with Art. 28 GDPR and also provides a data processing agreement that we have concluded with LinkedIn https://de.linkedin.com/legal/l/dpa.
If you are a member of LinkedIn and are logged in to your profile at the same time when you visit our site, LinkedIn links your visit to your personal user account.
LinkedIn stores your data (such as log-ins, cookie information, device information, IP addresses) as usage profiles and can use them for the purposes of advertising, market research and/or needs-based design of its services. You have the right to object to the creation of these user profiles, and you must contact LinkedIn to exercise this right.
LinkedIn transmits the data about your usage behavior in particular to LinkedIn Corporation in the USA and other companies in the group for independent processing by them. LinkedIn explains the exact scope here: https://www.linkedin.com/legal/privacy-policy
LinkedIn can transmit your data to servers worldwide. This also affects locations in countries without an adequate level of data protection. For data transfers to the USA, for example, LinkedIn has concluded so-called standard data protection clauses in accordance with Art. 46 Paragraph 2 Letter c of GDPR. Since LinkedIn belongs to a group of companies with the "parent company" based in the USA, LinkedIn can also be subject to data requests from US authorities, the subsequent use of the data by the authorities of which is at least unclear. There is currently no legal protection against these requests comparable to the level in the EU, so there is an increased risk to your rights and freedoms.
If we process your personal data when operating the site, you are entitled to the rights set out in this data protection declaration. If you would also like to assert your rights against Meta, the easiest way to do this is to contact LinkedIn directly: https://www.linkedin.com/help/linkedin/answer/a1339364
LinkedIn knows the details of the technical operation of the platform and the associated data processing as well as the specific purposes of the data processing and can implement appropriate measures upon request if you exercise your rights. We will be happy to support you in asserting your rights as far as we can and will forward your requests to LinkedIn.
Due to the constant development of LinkedIn, the availability and processing of the data changes, so for further information please refer to LinkedIn's privacy policy: https://de.linkedin.com/legal/privacy-policy.
The legal basis for this data processing is Art. 6 Para. 1 f GDPR based on our legitimate interest set out above.
j. Twitter
We use the short message service “Twitter” from Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103 U.S.A. The Twitter International Company, One Cumberl, is responsible for data processing of persons living outside the United States. and Place, Fenian Street, Dublin 2 D02 AX07, Ireland.
We would like to point out that you use the Twitter short message service offered here and its functions at your own risk. This applies in particular to the use of interactive functions (e.g. sharing, rating).
We do not collect any data ourselves via our Twitter account.
The data you enter on Twitter, in particular your user name and the content published under your account, will be processed by us insofar as we may re-tweet or reply to your tweets or write tweets on our own initiative that refer to your account. The data you freely publish and distribute on Twitter will thus be included in our offer and made available to our followers. We base this processing on Art. 6 Para. 1 lit. f GDPR. We have a legitimate interest in communicating with you via Twitter and in processing the data you publish in this context.
Information about which data is processed by Twitter and for what purposes can be found in Twitter's privacy policy: https://twitter.com/de/privacy.
We have no influence on the type and extent of the data processed by Twitter, the type of processing and use, or the transfer of this data to third parties.
When you use Twitter, your personal data is collected, transferred, stored, disclosed and used by Twitter Inc. and transferred to the United States, Ireland and any other country in which Twitter Inc. does business, regardless of your place of residence, and stored and used there.
You have the option of restricting the processing of your data in the general settings of your Twitter account and under the "Privacy and Security" section. In addition, you can restrict Twitter's access to contact and calendar data, photos, location data, etc. in the settings options for mobile devices (smartphones, tablet computers). However, this depends on the operating system used.
For data transfer to unsafe third countries, e.g. the USA, Twitter has concluded so-called standard data protection clauses in accordance with Art. 46 Paragraph 2 Letter c of GDPR. In these countries, you do not have any legal protection options comparable to those available in the EU. Further information on these points is available on the following Twitter support pages: https://support.twitter.com/articles/105576# and https://help.twitter.com/de/search?q=datenschutz
You can find out about the possibility of viewing your own data on Twitter here: https://support.twitter.com/articles/20172711#
Information about the conclusions drawn about you by Twitter can be found here: https://twitter.com/your_twitter_data
Information about the available personalization and data protection settings can be found here (with further links): https://twitter.com/personalization
You also have the option of requesting information via the Twitter data protection form or the archive requests: https://support.twitter.com/forms/privacy
k. Competitions and promotions
We occasionally hold competitions and promotions in which customers and interested parties/leads can take part.
When you take part in a competition or promotion, we process the data and information you provide in the registration form. This includes the data required for participation, such as
• First and last name, email address, telephone number
• and, if applicable, the data and information you voluntarily provided as part of your participation.
Depending on the type of competition or campaign, the participation information and the data we already have about you may also be linked, for example if the competition is linked to an existing contractual relationship or a pre-contractual relationship.
Your personal data is processed for the purpose of conducting the competition or campaign, in particular to identify and notify the winners and to pay out the prize.
The legal basis for the processing is the fulfillment of the contractual obligation arising from participation in the competition (Article 6, Paragraph 1, Clause 1, Letter b of GDPR).
Depending on the nature of the competition, the data will also be stored for advertising purposes. We would inform you about this separately. If the purpose was only to carry out the competition without advertising, the processed data will be deleted after the end or expiration of the competition or campaign. If the profit is related to the purchase price of your investment, this information will be retained for 10 years in accordance with tax and commercial law requirements.
7. Cookies, third-party tools and services
a. Cookies
We sometimes use so-called cookies. Cookies do not cause any damage to your computer and do not contain any viruses. Cookies are used to make our service more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.
You can change and adjust your cookie settings at any time in our cookie consent management at the bottom of our page https://www.ekd-solar.de/.
Most of the cookies we use are so-called "session cookies". They are automatically deleted at the end of your visit. Other cookies remain stored on your device until you delete them. These cookies enable us to recognize your browser the next time you visit.
You can set your browser so that you are informed about the setting of cookies and cookies are only permitted in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.
b. Borlabs Cookies
We integrate the cookie consent management tool "Borlabs" from the provider Borlabs GmbH, Rübenkamp 32, 22305 Hamburg on our website. With this tool you can manage your consent, revocation or rejection of certain data processing (in particular cookie setting) on ​​our website. We host this service on our own server. The declaration of consent is saved so that it does not have to be requested again and in order to comply with legal requirements. Storage can be done on the server side and/or in a cookie in order to assign the consent to a user and their device. Depending on the provider, the consent can be stored for up to two years and a pseudonymous user identifier is created. The legal basis for this processing is Section 25 Paragraph 2 No. 2 TTDSG, Art. 6 Paragraph 1 f GDPR. Our legitimate interest follows from our concern to meet the legal requirements.
c. Google
We use various services from "Google". Google is a group of several companies. We will tell you which company is specifically responsible for the service used and the associated data processing in the respective service description. Unless otherwise stated below, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland is responsible for data processing.
By visiting our website, Google receives the information that you have accessed the corresponding subpage of our website. Unless otherwise stated below, at least the data specified under point 4 will be transmitted to Google. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not want to be assigned to your Google profile, you must log out before activating the button. Google stores your data as user profiles and can use them for the purposes of advertising, market research and/or tailoring its services to your needs. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right. Google transmits the data about your usage behavior in particular to Google LLC for independent processing by them.
Google can transmit your data to servers worldwide. This also affects locations in countries without an adequate level of data protection. For data transfers to the USA, for example, Google has concluded so-called standard data protection clauses in accordance with Art. 46 Paragraph 2 Letter c of GDPR. In these countries, you do not have any legal protection options comparable to those available in the EU, so there is an increased risk to your rights and freedoms.
We have no influence on further data processing by Google beyond the purposes mentioned. The information provided therefore only represents our current state of knowledge.
You can find more information about data protection at Google at: https://policies.google.com/privacy.
You can object to the use of data by Google here:
Opt-out plug-in: http://tools.google.com/dlpage/gaoptout?hl=de,
Settings for the display of advertisements at: https://adssettings.google.com/authenticated.
c.1. Google Tag Manager
We use Google's Google Tag Manager on our website.
This application manages JavaScript tags and HTML tags that are used to implement tracking and analysis tools in particular. The data processing serves the purpose of needs-based design and the optimization of our website.
The Google Tag Manager itself only stores your IP address. However, it enables the triggering of additional tags that can collect and process personal data.
We base the use of the Google Tag Manager on your voluntary consent in accordance with Section 25 TTDSG, Art. 6 Para. 1 lit. a GDPR, Art. 6 Para. 1 a GDPR.
You can revoke this at any time with effect for the future here, as well as in our cookie consent management tool on the website.
c.2. Google Analytics
If you have given your consent, Google Analytics is used on this website.
The data and evaluations from Google Analytics allow us to see which areas of our website particularly appeal to you and which areas we still need to optimize. In addition, the data helps us to better understand you as a visitor. The data also helps us to carry out our advertising and marketing measures in a more personalized and cost-effective manner. Google Analytics uses cookies that enable an analysis of your use of our websites.
During your visit to the website, your user behavior is recorded in the form of "events". Events can be:
• Page views
• First visit to the website
• Start of the session
• Your "click path", interaction with the website
• Scrolls (every time a user scrolls to the end of the page (90%))
• Clicks on external links
• Internal search queries
• Interaction with videos
• File downloads
• Ads seen / clicked
• Language setting
The following is also recorded:
• Your approximate location (region)
• Your IP address (in abbreviated form)
• Technical information about your browser and the devices you use (e.g. language setting, screen resolution)
• Your internet provider
• The referrer URL (from which website / advertising medium you came to this website)
Google Analytics reports on demographic characteristics and interests
We have activated the advertising reporting functions in Google Analytics. The reports on demographic characteristics and interests contain information about age, gender and interests. This helps us to better understand who our users are - without being able to assign this data to individual people. Google creates reports on your user behavior and makes them available to us, for example:
• Conversion reports: Conversion is a process in which you carry out a desired action based on a marketing message. For example, when you go from being a pure website visitor to a buyer or newsletter subscriber. With the help of these reports, we learn more about how our marketing measures are received by you. This is how we want to increase our conversion rate.
• Acquisition reports: Acquisition reports provide information about how we can best approach people for our products.
• Audience reports: Audience reports provide information about our users.
• Behavioral reports: These provide information about how you interact with our website. We can track which path you take on our site and which links you click on.
• Display reports: Display reports make it easier for us to analyze and improve our online advertising.
• Real-time reports: Here we always find out immediately what is currently happening on our website. For example, we can see how many users are currently reading this text.
Google offers the User ID feature, which allows us to assign a unique, permanent ID to one or more sessions (including the activities within those sessions) and to analyze user behavior across devices. We use Google Signals to collect additional information in Google Analytics about users who have activated personalized ads, such as interests and demographic data. Based on this information, ads can be delivered to these users in cross-device remarketing campaigns.
For more information about the advertising features of Google Analytics, visit https://support.google.com/analytics/answer/3450482?hl=de_AT&utm_id=ad. If you do not want your activities and information from your Google account to be used for advertising purposes, you can deactivate this by checking the box under "Advertising Settings" at https://adssettings.google.com/authenticated.
IP anonymization
In Google Analytics, the anonymization of IP addresses is activated in the default settings. IP anonymization will shorten your IP address within the European Union or other contracting states to the Agreement on the European Economic Area before it is transmitted to Google. In exceptional cases, the full IP address will be transmitted to a Google server in the USA and shortened there. According to Google, the IP address will not be merged with other Google data.
Storage period
The data we send and which are stored with cookies are stored on your computer for a limited period of time. linked data is automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month.
We base the use of Google Analytics on your voluntary consent in accordance with Section 25 Paragraph 1 TTDSG, Art. 6 Paragraph 1 a GDPR.
You can revoke this at any time with effect for the future here, as well as in our cookie consent management tool on the website.
c.3. Google Ads Marketing Platform
We use Google Marketing Platform from Google to draw attention to our services through advertisements (so-called Google Ads) on external websites. The information obtained using the conversion cookie is used to create conversion statistics. This tells us the total number of users who have clicked on one of our advertisements and were redirected to a page with a conversion tracking tag. However, we do not receive any information with which users can be personally identified. We are pursuing the interest of showing you advertising that is relevant to you and to make our website more interesting for you.
These advertising materials are delivered by Google via so-called "ad servers", whereby your browser automatically establishes a direct connection to the Google server. The ad server cookies used provide certain information for measuring success, such as the display of ads or clicks by users. If you access our website via a Google ad, Google Ads will store a cookie on your device. These cookies usually expire after 90 days and are not used to identify you personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be contacted) are usually stored as analysis values ​​for this cookie.
These cookies enable Google to recognize your browser. If a user visits certain pages of an Ads customer's website and the cookie stored on their computer has not yet expired, Google and we can recognize that the user clicked on the ad and was redirected to this page. Each Ads customer is assigned a different cookie. Cookies cannot therefore be tracked via the websites of Ads customers. We ourselves do not collect or process any personal data in the advertising measures mentioned. We only receive statistical evaluations from Google. Based on these evaluations, we can see which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising material, in particular we cannot identify the users based on this information.
We base the use of Google Ads Marketing Platform on your voluntary consent in accordance with Section 25 Paragraph 1 TTDSG, Art. 6 Paragraph 1 a GDPR.
You can revoke this at any time with effect for the future here, as well as in our cookie consent management tool on the website.
c.4. Google Dynamic Remarketing
On our website we use the dynamic remarketing function of Google AdWords, a service from Google. The technology enables us to place automatically generated, target group-oriented advertising after you visit our website. The ads are based on the products and services that you clicked on or viewed the last time you visited our website. Google uses cookies to create interest-based ads.
We base the use of Google Ads Marketing Platform, in particular the setting of cookies, on your voluntary consent in accordance with Section 25 Paragraph 1 TTDSG, Art. 6 Paragraph 1 a GDPR.
You can revoke this at any time with effect for the future here, as well as in our cookie consent management tool on the website.
c.5. DoubleClick from Google
We use the online marketing tool DoubleClick from Google. DoubleClick uses cookies to display relevant ads for users, improve campaign performance reports and to prevent users from seeing the same ads multiple times. Google uses a cookie ID to record which ads are displayed in which browser to prevent them from being displayed multiple times. DoubleClick can also record conversions related to ad requests by working with cookie IDs. For example, it can track a user's purchase if they see a DoubleClick ad and later visit the advertiser's website using the same browser and make a purchase. Google emphasizes that DoubleClick cookies do not contain any personal data.
Since we use DoubleClick, your browser will automatically establish a connection to the Google server. However, we have no influence on the data that Google collects through the use of this tool and inform you according to our knowledge. If you are registered with a Google service, Google can assign the visit to our account. Even if you are not registered with Google or have not logged in, there is a possibility that Google records and stores visits using identifiers such as your IP address.
We base the use of DoubleClick, in particular the setting of cookies, on your voluntary consent in accordance with Section 25 Para. 1 TTDSG, Art. 6 Para. 1 a GDPR.
You can revoke this consent at any time with effect for the future here, as well as in our cookie consent management tool on the website.
You can find more information about DoubleClick by Google at https://www.google.de/doubleclick and http://support.google.com/adsense/answer/2839090.
d. Hotjar
This website uses the analysis service Hotjar, provided by Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta.
Hotjar is a tool for analyzing your user behavior on this website. With Hotjar we can record your mouse and scroll movements and clicks, among other things. Hotjar can also determine how long you have remained with the mouse pointer on a certain place. From this information, Hotjar creates so-called heat maps, which can be used to determine which website areas are viewed preferentially by the website visitor.
We can also determine how long you have remained on a page and when you left it. We can also determine at which point you stopped entering data in a contact form (so-called conversion funnels).
In addition, Hotjar can be used to obtain direct feedback from website visitors. This function is used to improve the website operator's web offerings.
Hotjar uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or the use of device fingerprinting).
What data is stored by Hotjar?
The following data can be collected via your computer or browser:
• IP address of your computer (collected and stored in an anonymous format)
• Screen size
• Browser information (which browser, which version, etc.)
• Your location (but only the country)
• Your preferred language setting
• Websites visited (subpages)
• Date and time of access to one of our subpages (websites)
Hotjar also uses services from third-party companies such as Amazon Web Services, Google Analytics or Optimizely for its services. Data that your browser sends to our website can also be transmitted to these providers.
Hotjar stores your information in a pseudonymized user profile. The information is not used by Hotjar or us to identify individual users or combined with other data about individual users. Your data is deleted after 365 days.
Hotjar is part of the Content Square SAS group based in Paris. As a result, Hotjar can share your data within the group. In most cases, the personal data you collect is stored in the EU. In a few cases, however, customer data may be accessed from outside the EU or other personal data (e.g. emails, etc.) may be transferred. This also affects locations in countries without an adequate level of data protection. For these data transfers, e.g. to the USA, Hotjar has concluded so-called standard data protection clauses in accordance with Art. 46 Para. 2 lit. c GDPR. In these countries, you do not have any legal protection options comparable to those available in the EU, so there is an increased risk to your rights and freedoms.
We base the use of Hotjar, in particular the setting of cookies, on your voluntary consent in accordance with Section 25 Para. 1 TTDSG, Art. 6 Para. 1 a GDPR.
You can revoke this at any time with effect for the future here, as well as in our cookie consent management tool on the website.
For more information on data processing by Hotjar, see https://www.hotjar.com/legal/policies/privacy?tid=311293239.
e. Facebook pixel, custom audiences and Facebook conversion
We use the Facebook visitor action pixel on our website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
With the help of the Facebook pixel, Facebook is able to determine the visitors to our online offer as a target group for the display of advertisements (so-called "Facebook ads"). Accordingly, we use the Facebook pixel to only display the Facebook ads placed by us to those Facebook users who have also shown an interest in our online offer or who have certain characteristics (e.g. Interests in certain topics or products, which are determined based on the websites visited) that we transmit to Facebook (so-called "custom audiences"). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interests of users and do not appear annoying. With the help of the Facebook pixel, we can also track the effectiveness of Facebook advertisements for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook advertisement (so-called "conversion").
The data collected is anonymous for us as the operator of this website; we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook data usage policy. This enables Facebook to enable advertisements to be placed on Facebook pages and outside of Facebook. We as the website operator cannot influence this use of the data. According to Facebook, the data collected is also transferred to the USA and other third countries.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
We base the use of Facebook Pixel and in particular the setting of cookies on your voluntary consent in accordance with Section 25 Paragraph 1 TTDSG, Art. 6 Paragraph 1 a GDPR.
You can revoke this consent here at any time with effect for the future, as well as in our cookie consent management tool on the website.
For the processing of your personal data via our website using the Facebook Pixel, we and Facebook are jointly responsible for this data processing (Art. 26 GDPR). In this context, we have recorded our joint obligations under data protection in an agreement on joint responsibility. You can find this here: https://www.facebook.com/legal/controller_addendum. Accordingly, we are responsible for providing data protection information when using the Facebook pixel and for implementing the tool on our website in a way that complies with data protection law. Facebook is responsible for the data security of Facebook products. You can assert the rights of those affected with regard to the data processed by Facebook directly with Facebook. If you assert the rights of those affected with us, we are obliged to forward them to Facebook.
You can find more information on data protection in Facebook's privacy policy: https://de-de.facebook.com/about/privacy/.
You can also deactivate the "Custom Audiences" remarketing function in the Advertising Settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You must be logged in to Facebook to do this.
If you do not have a Facebook account, you can deactivate Facebook's usage-based advertising on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/.
f. Taboola
We use the tool "Taboola", which is provided by Taboola.com Ltd. in the EU. Taboola.com Ltd. has appointed an EU representative in accordance with Art. 27 GDPR, who can be contacted as follows: Lionheart Squared (Europe) Ltd., 2 Pembroke House, Upper Pembroke Street 28-32, Dublin, D02 EK84 Ireland.
In brief:
By using Taboola, personal data such as your IP address, browser type and operating system, websites visited and advertisements clicked on can be collected. This data can be transmitted to Taboola or other third parties who use Taboola to display personalized advertising based on your interests.
In more detail:
Taboola uses cookies and similar technologies to display personalized advertising on our websites and other websites that work with Taboola. The use of Taboola on our website primarily serves the purpose of being able to show you interest-based advertising and, on the other hand, to be able to understand whether your interactions with us are related to an offer from Taboola.
The legal basis for the processing of your personal data in connection with Taboola is Section 25 TTDSG, Art. 6 Paragraph 1 Letter a of GDPR, because you have given us your consent to use cookies and similar technologies. You can revoke this consent at any time with effect for the future or deselect it within the Borlab Cookie Manager.
Like most other web-based services, Taboola collects user information through cookies and d other technologies. Taboola only collects pseudonymized data, i.e. Taboola does not know who you are because your name, email address or other identifiable data is not known to or processed by Taboola. The user information collected by Taboola includes, but is not limited to, information about your device and operating system, IP address, the sub-pages you visit on our customers' websites, the link that brought you to our website, the dates and times you access our website, event information (e.g. system crashes), general location information (e.g. city and state), hashed email addresses (if provided by you) and gender (if provided by you).
In detail, Taboola uses your data as follows:
Taboola may use user information to provide its services to users and customers. User information may also be used to tailor the content and information sent or displayed to users and to personalize users' experiences when using the Services. For more information, see our interest-based advertising information below. To improve an individual user's experience across multiple browsers and devices (such as smartphones, tablets, or other display devices), Taboola may use user information to provide more targeted advertising campaigns to that user. Taboola offers its clients (such as EKD) data segments to better target content and advertising that may be of interest to you. However, Taboola does not create segments based on sensitive information. Taboola's Services may provide users with personalized content based on their recent browsing behavior across different client websites, browsers, or devices. Taboola uses cookies, JavaScript, web beacons, and other technologies to provide users with targeted advertisements for products and services that may be of interest to them. For example, if you browse website A on your first online visit and then visit website B, you may see personalized content based on your browsing behavior on website A. For example, if a user visits a clothing retail website, they may see advertisements for clothing on another website they visit. Taboola also works with third parties to deliver personalized advertising based on visits to websites visited in the past. These third parties may also use cookies and other technologies to measure the effectiveness of their advertising and to personalize advertising content for users. The use of cookies and other technologies by third parties is subject to the specific privacy policies of each third party.
Recipients
We do not have access to the data generated and collected by Taboola and therefore cannot share it with anyone. Taboola may share your data within its corporate group with affiliated companies such as Taboola Inc. of the USA. Taboola also shares the data collected with advertisers and publishers to display personalized advertising and recommendations on other websites. This is usually pseudonymized data that does not allow any conclusions to be drawn about your identity. You can see what these are here: https://www.taboola.com/policies/data-partners.
Third country transfers and their risks for affected users
Taboola is a company with its parent company based in the USA, Taboola Inc., 28 West 23rd St., 5th fl., New York, NY 10010, USA.
In relation to Taboola's global business activities, customer, user and visitor data is exchanged between the EEA, the United Kingdom, Israel, the United States, Singapore and Hong Kong and stored in data centers in Israel and the United States. When Taboola transfers data from the EEA to Taboola.com Ltd. in Israel, it relies on the European Commission's adequacy decision that Israel attests to an adequate level of data protection for your data. When personal data is transferred from the EEA to Taboola Europe Limited in the UK, Taboola also relies on the European Commission's decision that the UK provides an adequate level of data protection. In cases where there is no adequacy decision from the European Commission, Taboola uses standard contractual clauses to protect the data transferred. These are contractual data protection and security obligations between companies that transfer personal data to countries outside the EEA. Taboola ola's subsidiaries outside the EEA have also adopted standard contractual clauses to ensure the lawfulness, privacy and security of the data flows necessary to provide, maintain and develop our services. Please note, however, that there may still be risks for affected users, as data protection in the US does not comply with European data protection law in all areas. In particular, US authorities may gain access to users' personal data without them being informed or being able to take action against it.
Delete
We do not have access to your data generated and collected by Taboola. Taboola retains your user data collected directly for advertising for a maximum of 13 months from the last time you interacted with Taboola services (often for a shorter period). A detailed overview of the storage period for each cookie can be found at https://www.taboola.com/policies/cookie-policy.
Taboola retains anonymized or aggregated data that cannot identify a person or device and is used for reporting and analysis purposes for as long as it appears operationally necessary.
Rights
You can assert your data protection rights against Taboola here support@taboola.com. In addition, you can withdraw your consent at any time by changing the settings in your browser or using Taboola's opt-out options, which you can find at https://www.taboola.com/privacy-policy#user-choices.
For more information on how Taboola processes your personal data, please see Taboola's privacy policy at https://www.taboola.com/privacy-policy.
g. Twiago
In connection with the delivery of usage-based online advertising, we integrate services from twiago GmbH, based in Cologne, Gustav-Heinemann-Ufer 72. We work with twiago as part of an order processing agreement in accordance with Art. 28 GDPR. twiago processes your data exclusively in accordance with our instructions and does not use the data for other purposes.
The following data is primarily affected by the processing:
• IP address
• Browser information in accordance with section 4
• Websites visited and content accessed such as products, subpages, etc.
• Length of stay and actions taken, such as clicks and orders
The legal basis for the processing of your personal data in connection with Taboola is Section 25 TTDSG, Art. 6 Paragraph 1 Letter a of GDPR, as you have given us your consent to use cookies and similar technologies. You can revoke this consent at any time with effect for the future or deselect it within the Borlab Cookie Manager.
You can revoke the use of usage-based online advertising by twiago at any time by clicking on the opt-out link provided at https://control.twiago.com/privacy.php?lang=0.
For more information about the cookies used and data protection, see twiago's privacy policy at https://www.twiago.com/datenschutz/. Please note that the opt-out only applies to the device on which it was activated and loses its validity as soon as you delete your cookies.
h. Outbrain
This website uses the technology of Outbrain UK Ltd, (company number: No. 7479183) registered office: 100 New Bridge Street, London. ("Outbrain"). Outbrain provides recommendations in its publisher network that can be offered by advertisers for a fee.
If you give your consent, Outbrain will make recommendations based on how you interact with content on which Outbrain technology is installed. These recommendations and ads only appear on Outbrain advertising spaces, either on Outbrain Engage advertising spaces or on Outbrain Extended Network.
To recommend this interest-based content, Outbrain uses cookies that are stored on the user's device or browser. Outbrain collects the device source, browser type, and the user's IP address, with the last 8 digits deleted for anonymization. Outbrain assigns a so-called Universally Unique Identifier (UUID), which can identify the user on a device-related basis when they visit a website on which the Outbrain pixel is implemented. Outbrain creates user profiles in which user interactions (e.g. page views and clicks) of a browser or device are aggregated in order to derive the preferences of the UUID.
No data collected via the pixel is passed on to third-party partners.
If you would like to know what Outbrain knows about your interests, you can access your interest profile and review your decisions (e.g. withdraw your consent).
Outbrain deletes or it anonymizes your data after 13 months at the latest.
The legal basis for the processing of your personal data in connection with Outbrain is Section 25 TTDSG, Art. 6 Paragraph 1 Letter a of GDPR, because you have given us your consent to use cookies and similar technologies. You can revoke this consent at any time with effect for the future or deselect it within the Borlab Cookie Manager.
Outbrain processes and stores your data on servers in the USA. Outbrain is a company with its parent company based in the USA: Outbrain Inc. 615 South DuPont Highway, Dover, Delaware 19901. For the exchange of data within the group of companies, the relevant companies have concluded standard contractual clauses to ensure the legality, protection of privacy and security of the data flows required to provide, maintain and develop the services. Please note, however, that there may still be risks for affected users, as data protection in the USA does not comply with European data protection law in all areas. In particular, US authorities may gain access to users' personal data without them being informed or being able to take action against it.
Outbrain's privacy policy describes in more detail how Outbrain collects, uses and shares your personal data. Outbrain may share some of your personal data with third-party partners to deliver ads that are more likely to be of interest to you. For data processing within the framework of the Outbrain pixel integration, EKD and Outbrain are so-called "joint controllers" according to Art. 26 GDPR. In this context, we have concluded a corresponding agreement (https://outbrain.pactsafe.io/versions/6221fae76b65f05330384782.pdf). You can contact both parties to exercise your rights. EKD and Outbrain are separately responsible for all other data processing. Visit your interest profile to withdraw your consent to behavioral advertising and/or prevent the transmission of your personal data to Outbrain's third-party partners.
i. Microsoft Advertising Universal Event Tracking
We use the Microsoft Advertising Universal Event Tracking service from Microsoft Corporation (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA; "Microsoft") on our website.
This helps us to understand what you did after clicking on an advertisement. The data processing is for marketing and advertising purposes and for the purpose of measuring the success of the advertising measures (conversion tracking). Microsoft Advertising uses technologies such as cookies and tracking pixels that enable an analysis of your use of the website.
In this context, Microsoft acts as an independent data controller according to its own assessment.
If you access our websites via Microsoft Ads advertisements, a cookie is placed on your computer. In addition, a UET tag is integrated into our websites. This is a code that, in conjunction with the cookie, stores pseudonymized data about the use of the website. In combination with the cookie, the tag records pseudonymized data to track the actions you perform on our websites after you have clicked on an advertisement in Microsoft Ads. Among other things, the length of time spent on the website, which areas of the website were accessed and which advertisement you used to access the website are collected. In addition, Microsoft can track your usage behavior across several of your electronic devices using so-called cross-device tracking.
You can view the individual data processed via the UET cookies here: https://help.ads.microsoft.com/apex/index/3/en-us/53056
The data collected when using UET is not stored by us. We also have no access to data that allows conclusions to be drawn about you personally. Only Microsoft has access to the data collected in this process and decides independently on its processing and deletion. Microsoft stores this data for a maximum period of 180 days.
The legal basis for the processing of your personal data in connection with Microsoft is Section 25 TTDSG, Art. 6 Paragraph 1 Letter a of GDPR, because you have given us your consent to use cookies and similar technologies.
You can revoke this consent at any time with effect for the future or deselect it within the Borlab Cookie Manager.
Microsoft can transmit your data to servers worldwide. This also affects locations in countries without an adequate level of data protection. For data transfer, e.g. to the USA, Microsoft has so-called standard data protection 46 (2) (c) GDPR. In these countries, you do not have access to legal protection options comparable to those available in the EU, so there is an increased risk to your rights and freedoms.
Information on data protection at Microsoft can be found here: https://privacy.microsoft.com/de-de/privacystatement.
You can object to the processing by contacting Microsoft here: https://account.microsoft.com/privacy/ad-settings/signedout?refd=privacy.microsoft.com&ru=https%3A%2F%2Faccount.microsoft.com%2Fprivacy%2Fad-settings%3Frefd%3Dprivacy.microsoft.com.
You can prevent the collection and processing of data by deactivating the setting of cookies. This may limit the functionality of the website.
i. Plausible Analytics
We use the web tracking service Plausible Analytics from OÜ Plausible Insights, Västriku tn 2, Tartu 50403, Estonia (hereinafter "Plausible") on our website. This enables us to track our visitors' page views and individual interactions, such as which forms were used, in a data protection-friendly manner.
We do not use cookies or other storage elements for cross-device and cross-page tracking. Only your IP address is processed in anonymized form for 24 hours.
Tracking using Plausible Analytics is done as follows:
"Every single HTTP request sends the IP address and user agent to the server, and that is what we use. We generate a daily changing identifier from the visitor's IP address and user agent. To anonymize these data points and make it impossible to draw conclusions about the user, we run them through a hash function with a rotating salt.
hash(daily_salt + website_domain + ip_address + user_agent)
This creates a random string of letters and numbers that is used to calculate the unique visitor numbers for the day. The raw IP address and user agent data are never stored in our logs, databases, or anywhere on the hard drive.
Old salts are deleted every 24 hours to prevent visitor information from being linked from one day to the next. Forgetting the salts used also eliminates the possibility of the original IP addresses being revealed by a brute force attack. The raw IP address and user agent are no longer accessible to anyone, including us."
The legal basis for the use of Plausible is Art. 6 Para. 1 f GDPR. We have a legitimate interest in evaluating our website usage in order to be able to optimize and improve it.
Your data is deleted after 24 hours and is not transmitted to any third parties for independent processing. We have concluded a data processing agreement with Plausible and supporting agencies.
8. Application
We process your application data in order to be able to assess whether you have the suitability, qualifications and professional performance for the position you are applying for (Art. 6 Para. 1 b GDPR, Section 26 Para. 1 BDSG).
If your application documents contain special categories of personal data, e.g. information about health, religious beliefs or ethnic origin, we base our processing on Art. 9 Para. 2 b GDPR and Section 26 Para. 3 BDSG due to our legal obligations as an employer and the associated protection of your fundamental rights. In addition, we also process your information on the basis of Art. 9 Para. 2 h GDPR and Section 26 Para. 3 BDSG in order to be able to assess the ability of potential employees to work and, if necessary, to take occupational medical and health care measures.
During the application process, we will use all the information you provide to advance your application and to check whether we can offer you a job with us. We also have to fulfil our legal obligations as an employer. The provision of personal data is necessary for the legality of the selection process to be carried out. The absence of relevant personal data in the application documents may result in non-consideration when awarding the vacant position.
We will not share the information you provide with any third party. The recipients of the personal data contained in the application documents are the responsible HR managers.
We will only use your contact details to contact you and inform you about the progress of the application process. We will only use other information contained in the application documents to determine your suitability for the position to be filled. 

len.
Your personal data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the event that an employment relationship, training relationship, internship or other service relationship arises following the application process, the data will initially continue to be stored and transferred to the personnel file. Otherwise, the application process ends for you when you receive a rejection.
In this case, your personal data will be deleted two months after receipt of the rejection, unless longer storage is necessary to defend legal claims. If, after your application has been rejected, you wish us to include you in a subsequent selection process, we will store your application documents on the basis of consent, Art. 6 Para. 1 a GDPR. In this case, we will obtain consent from you separately. Your application documents will then be kept until the next selection process and, as described in the case of the first application, destroyed two months after receipt of the rejection, unless longer storage is necessary to defend legal claims.
The data submitted as part of your application will be transmitted using TLS encryption and stored in a database. This database is operated by Personio GmbH, which offers personnel management and applicant management software (https://www.personio.de/impressum/). In this context, Personio is our processor in accordance with Art. 28 GDPR. The basis for the processing is a contract for order processing between us as the responsible body and Personio.
9. Recipients
a. Sales representatives
a.1. Purchase advice and sales
The implementation of the consultations and the preparation of offers through to the sale and installation of your solar system is carried out by our sales partners (sales representatives) or is accompanied by them. For this purpose, it is necessary to forward your data to them in accordance with section 5. The legal basis for this transmission is Art. 6 Para. 1 f GDPR. We have a legitimate interest in involving our sales partners, as this standard commercial practice enables us to concentrate our resources on our core competencies, namely the provision and improvement of our products and services for you.
As a rule, we keep your data for up to 10 years for commercial and tax reasons and for up to 2 or 5 years for any warranty claims (§ 438 BGB). You can find out more below.
a.2. Joint responsibility
As described above, we process your data together with the sales partners in this collaboration. We have therefore made an agreement with them in accordance with Art. 26 GDPR and, among other things, stipulated that we (EKD) are your contact for the exercise of your rights, as well as for all other questions related to the processing of your data. Regardless of this, you can also contact the sales partner. In detail, the sales partner is responsible for the on-site collection and storage of your data in accordance with Section 4 and the transmission of your data to us. EKD is responsible for your data in the further course of events, for example for construction planning, tendering, etc.
b. Others
Essentially, we share your data with the partners described above. As described above, this is done primarily to implement your project. Unless specifically explained in the individual sections, we will forward your data internally to the responsible employees and, if necessary, to other recipients such as authorities, tax consultants, lawyers, web hosts and other third parties typically involved in processing in normal business processes. This data may also be passed on to third parties if it is necessary to pursue our claims or if there is a legal obligation to do so.

Important partners in your project are also our assembly partner, planning office, shipping companies and the manufacturers of our products. They receive the data necessary to perform their tasks. To realize your project, we also work with other trades involved in a construction project and pass on your contact details, address and construction-specific information to those who need them in order to be able to contribute to achieving the project goal.

Passing on to third parties for independent use always follows the requirement of legality. All service providers are involved in accordance with the requirements of the GDPR.

10. Deletion
Your personal data will be retained only for as long as necessary for the purposes for which it was collected, including for the purposes of meeting any legal accounting or reporting requirements.
We are required by law to retain basic information about our customers en (including contact, identity and transaction data, business letters) for tax and commercial law reasons for a period of six years after the end of the business relationship or ten years after the end of the current tax year in which the invoice was created (Section 257 HGB, Section 147 AO, etc.).
In individual cases, separate deletion periods apply, which we have then highlighted in the respective sections.
In certain circumstances, you can request the deletion of your personal data: more information can be found under "Right to deletion".
11. Your rights
In certain cases, you have the following rights with regard to your personal data:
Right to information (Art. 15 GDPR) about your personal data that we process. Based on this right, you can receive a copy of your personal data stored by us and check whether we process this data lawfully.
Right to rectification (Art. 16 GDPR) of your personal data stored by us. This right allows you to have incomplete or inaccurate data stored by us corrected, although we may need to verify the accuracy of new data you provide.
Right to erasure (Art. 17 GDPR) of your personal data. This right allows you to request that we erase or remove personal data if there is no valid reason for further processing. You can also request that we erase or remove your personal data if you have successfully exercised your right to object to processing (see below), if we have processed your data unlawfully, or if we are required to erase it to comply with local law. Your request for erasure may not always be met for legal reasons, but you will be informed of this at the time of request.
Right to restriction of processing (Art. 18 GDPR) of your personal data. This right allows you to ask us to suspend the processing of your personal data in the following cases: (a) if you want us to establish the accuracy of this data; (b) if our use of the data is unlawful but you are against erasure; (c) if you want us to store the data for longer than is necessary for us because you need it to establish, exercise or defend legal claims; or (d) if you have objected to our use of your data but we need to check whether there are overriding legitimate reasons for using it.
Right to portability (Art. 20 GDPR) of your personal data to you or a third party. If you so wish, we will provide you or a third party designated by you with a copy of your personal data in a structured, common, machine-readable format. However, this right only applies to automated data to whose use you originally consented or which was used to fulfill a contract with you.
Right to object to the processing (Art. 21 GDPR) of your personal data. This right exists where we rely on a legitimate interest (or that of a third party) and your particular situation makes you want to object to processing on this ground because you feel it affects your fundamental rights and freedoms. You also have a right to object where your personal data is processed for direct marketing purposes. In some cases, we may demonstrate compelling legitimate grounds for the processing which override your rights and freedoms.
Right not to be subject to automated decision-making (Article 22 GDPR) (including profiling) where doing so would significantly affect you. Since we do not engage in such activities, this right is not relevant in practice for your use of the website.
Right to withdraw consent at any time (Article 7(3) GDPR) where we need your consent to process your personal data. However, this will not affect the lawfulness of processing before the consent was withdrawn. If you withdraw your consent, we may no longer be able to provide you with certain products, content or services. However, we will inform you of this at the time of revocation.
Right to complain to a supervisory authority. The supervisory authority responsible for us is:
Saxon Data Protection and Transparency Commissioner
Devrientstrasse 5
01067 Dresden
12. Changes to this privacy policy
This privacy policy can be updated or otherwise changed at any time. About all You will be notified of any changes to our privacy policy by publishing the amended version on the website.
This version was last changed on the date specified below. Older versions can be requested from us.
Last changed on: February 27, 2024