This privacy policy informs you about the type, scope, and purpose of the processing of personal data (hereinafter referred to as "data") within the scope of our online offering and the associated offers, contractual services, websites, mobile applications, functions, and content, as well as external online presences (hereinafter jointly referred to as "online offering").
Section I: Person responsible and overview of data processing
Responsible:
solation GmbH
Peterhofstraße 13
86438 Kissing
Germany
Managing Director: Sebastian Hugl
Phone: +49 89 45237903
Imprint:https://www.solation.de/impressum/
The controller is hereinafter referred to as "we" or "us".
Contact details of the data protection officer:
You can reach our data protection officer at info@solation.de.
Description of our core services:
As a manufacturer-independent service provider, we offer comprehensive advice, planning, and installation of solar systems. When you fill out our online form, we first collect and save your personal data. You give us more information about your house or property as well as rough key data about the planned solar system. We then use this information to plan the system. We use your names and contact details to create an individual offer for you and to contact you if you have any questions about details or further coordination.
If you use the solation online configurator, we will process and use your information to subsequently create an individual offer for you based on your information.
If you seek the help of a solation customer advisor, we will process the information received via chat (electronic, text-based communication) or telephone for individual advice and system planning.
If you decide to take out financing, we will pass your data on to our contractual partner in order to submit, review, and carry out a financing request. We ourselves are excluded from further processing of the financing request. After the review has been completed, we will receive general feedback on the success or rejection of the financing request.
If you commission us to plan and install a solar system, we will pass your data on to our affiliated installers as part of the contract fulfillment. In addition, when you order components or modules, we will transmit your data to the relevant manufacturers or suppliers. As soon as the system is put into operation, your data will be transmitted to the grid operator or energy supplier.
Consent:
Consent online configurator:
By submitting your contact request (by clicking the "Send" button), you agree that we may process your name and contact details (phone number and email address) to process your request and contact you.
Consent Application Form:
By submitting your application request (by clicking on the "Submit application" button), you agree that we may process your name, contact details (telephone number and email address), and other information (CV, availability, start date, date of birth) to carry out the application process, in particular to process your request and contact you.
Right of revocation:
Consent can be revoked at any time without any formalities, e.g. by email to info@solation.de or by letter to solation GmbH, Peterhofstraße 13, 86438 Kissing, with effect for the future.
Types of data processed:
- Inventory data (e.g. names, addresses)
- Contact details (e.g. email addresses, telephone numbers)
- Object data, consumption data (e.g. type & size of the roof, number of people living in the household)
- Contract data (e.g. subject matter of the contract, services, remuneration modalities)
- Usage data (e.g. websites visited, interest in content, access times)
- Meta/communication data (e.g. device information, IP addresses)
- Applicant data (e.g. names, contact details, qualifications, application documents)
Processing of special categories of data (Article 9 (1) GDPR):
In principle, no special categories of data are processed.
Categories of data subjects:
- Interested parties and users of the online offer
- Customers
- Business partners
- Applicants
Purpose of processing:
- Consulting, project management, and installation in the field of solar systems and photovoltaic projects, including system design
- Provision of the online offer, its contents, and functions
- Provision of consulting, conception, and analysis services
- Provision of contractual services, service, and customer care
- Answering contact requests and communicating with users
- Marketing, advertising, and market research
- Security measures
- Application management
Automated decisions in individual cases (Art. 22 GDPR):
No automated decisions are made in individual cases.
Section II: Rights of data subjects, legal bases, and general information
Rights of the data subjects:
According to Art. 15 GDPR, you have the right to receive information about the data we process about you.
According to Art. 16 GDPR, you have the right to request the correction of inaccurate or completion of your personal data stored by us.
According to Art. 17 GDPR, you have the right to have your data stored by us deleted.
According to Art. 18 GDPR, you have the right to restrict the processing of your data.
According to Art. 20 GDPR, you have the right to receive your personal data that you have provided to us in a structured, common, and machine-readable format or to request that it be transmitted to another controller.
According to Art. 21 GDPR, you have the right to object to the processing of your personal data.
According to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority.
Right of withdrawal:
You have the right to revoke your consent at any time in accordance with Art. 7 Para. 3 GDPR.
Right of objection:
You can object to the future processing of your data in accordance with Art. 21 GDPR at any time, in particular processing for direct marketing purposes.
Cookies and right of objection in direct marketing:
We use temporary and permanent cookies, i.e. small files that are stored on users' devices (see the last section of this privacy policy for an explanation of the term and function). Some of the cookies we use are for security purposes, are necessary for the operation of our online offering (e.g. to display the website) or for providing evidence (storing decisions and other actions of the user). In addition, we or our technology partners use cookies for the purposes of range measurement and marketing, about which users are informed in this privacy policy.
If users do not want cookies to be stored on their computer, we ask them to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. Excluding cookies can lead to functional restrictions of this online service.
Exclusively automated data processing:
According to Art. 22 GDPR, you have the right not to be subjected to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or significantly affects you in a similar way. We do not carry out any exclusively automated data processing.
Deletion of data and archiving obligations:
The data we process is deleted or restricted in accordance with Art. 17 and 18 GDPR. Unless otherwise stated in this privacy policy, the data stored by us is deleted as soon as it is no longer required for its intended purpose and there are no statutory retention periods to the contrary. If the data is not deleted because it is required for other permissible purposes, its processing will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.
In accordance with the statutory provisions, the storage period is in particular for 6 years in accordance with Section 257 Para. 1 HGB (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years in accordance with Section 147 Para. 1 AO (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.).
In addition, the data will be stored for a period of three years from the end of the contractual relationship in accordance with the regular statutory limitation periods (§§ 195, 199 BGB), provided that this data could possibly be required for warranty and compensation claims or similar complaints based on previous business experience and standard business processes in the industry.
Changes and updates to this privacy policy:
We ask you to regularly review the content of our privacy policy. We will adapt the privacy policy if changes in the data processing we carry out make this necessary. We will inform you of changes if your cooperation (e.g. consent) or individual notification is required.
Relevant legal bases:
In accordance with Art. 13 GDPR, we inform you of the legal basis for our data processing. Unless stated otherwise in the data protection declaration, the following legal bases apply: The legal basis for obtaining consent is Art. 6 Para. 1 lit. a and Art. 7 GDPR, the legal basis for processing to fulfill our services and carry out contractual measures as well as answering inquiries is Art. 6 Para. 1 lit. b GDPR, the legal basis for processing to fulfill our legal obligations is Art. 6 Para. 1 lit. c GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6 Para. 1 lit. f GDPR. If the processing of personal data is necessary to protect the vital interests of the data subject or another natural person, Art. 6 Para. 1 lit. d GDPR serves as the legal basis.
The basis for commercial communication outside of business relationships, in particular by post, telephone, fax, and e-mail, is contained in Section 7 of the UWG.
Security of data processing:
In accordance with Art. 32 GDPR, we take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk, taking into account the state of the art, the implementation costs, and the nature, scope, circumstances, and purposes of processing as well as the varying likelihood of occurrence and severity of the risk to the rights and freedoms of natural persons. The measures include in particular ensuring the confidentiality, integrity, and availability of the data by controlling physical access to the data as well as access, input, transfer, securing availability, and separation of the data. In addition, we have set up procedures to exercise the rights of the data subjects, delete data, and respond to threats to the data. We take the protection of personal data into account when developing or selecting hardware, software, and procedures in accordance with the principle of data protection through technology design and data protection-friendly default settings (Art. 25 GDPR).
The security measures include in particular the encrypted transmission of data between your browser and our server.
Our employees are obliged to comply with data protection, have been instructed and trained on the importance of data protection, and are informed of the possible consequences of data protection violations.
Disclosure and transfer of data:
If, as part of our processing, we disclose, transmit, or otherwise grant access to data to other persons and companies (contract processors or third parties), this will only be done on the basis of a legal permission (e.g. if a transmission of the data to third parties, such as payment service providers, is necessary to fulfill the contract in accordance with Art. 6 Para. 1 lit. b GDPR), if you have given your consent, a legal obligation provides for this, or on the basis of our legitimate interests (e.g. when using service providers, etc.).
If we commission third parties to process data on the basis of a so-called "order processing agreement", this is done on the basis of Art. 28 GDPR.
If we disclose, transmit, or otherwise grant access to data to other companies in our group, this is done in particular for administrative purposes as a legitimate interest and is based on a data processing agreement.
Transfer to third countries:
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or the disclosure or transmission of data to third parties, this will only take place if it is necessary to fulfill our (pre)contractual obligations, based on your consent, due to a legal obligation, or due to our legitimate interests. Subject to legal or contractual permissions, we only process or have the data processed in a third country if the special requirements of Art. 44 ff. GDPR are met. This includes, for example, the determination of an appropriate level of data protection by an officially recognized body or the observance of officially recognized special contractual obligations (so-called "standard contractual clauses").
Joint responsibility according to Art. 26 GDPR:
solation GmbH and solation Wow I GmbH form a group of companies in accordance with Art. 4 No. 19 GDPR. The legal basis for the joint processing and transmission of personal data is the legitimate interest of the parties involved in accordance with Art. 6 Paragraph 1 Clause 1 Letter f in conjunction with Recital 48 GDPR to transmit personal data within the group of companies for internal administrative purposes, including the processing of personal data of customers and employees. For further information on joint responsibility, please refer to the agreement on joint responsibility for the processing of personal data in the appendix.
This privacy policy was last updated on May 22, 2023. Please check the content regularly as changes and updates may be made.
processing processes
The following section provides an overview of the processing activities we carry out, which we have divided into different areas. Please note that these areas are for guidance only and that there may be overlaps in processing activities (e.g. the same data may be processed in several procedures).
Note: In the appendix to this privacy policy you will find an explanation of frequently used terms to improve clarity and comprehensibility.
I. Core area of data processing
In this section you will find information about our main services and tasks, such as the provision of event technology, the performance of contractual services, and related ancillary tasks.
II. Order initiation and offer preparation
We process the information provided by interested parties and customers as part of requests for quotations in order to establish, implement, and, if necessary, terminate contracts for the design, installation, and operation of a solar system.
III. Logging of prospective and customer inquiries
We log the information you provide when initiating, placing, and executing orders in order to be able to demonstrate the fulfillment of our legal accountability obligations (according to Art. 5 Para. 2 GDPR).
Data processed: Inventory data, communication data, contract data, content data, usage/metadata. As part of the logging, we save the time of the request, the IP address, and a screenshot of the completed online form at the time of submission. Special categories of personal data: No. Affected persons: Interested parties, online users or website visitors, customers, business partners. Purpose of processing: Provision of contractual services, customer service, logging. Processing basis: Art. 6 Para. 1 lit. b (contract performance) and c (legally required logging/archiving) GDPR. Necessity/interest in processing: The data is required to justify and fulfill the contractual services and to fulfill statutory proof obligations.
Further information on processing procedures, methods, and services:
We use cloud services such as Google Cloud Storage, cloud infrastructure services, and cloud-based application software from Google. For more information about Microsoft's privacy policy, please visit: https://cloud.google.com/terms/cloud-privacy-notice?hl=de
Monday: We use customer relationship management (CRM) and process customer and prospect data for sales purposes. For more information about Salesforce's privacy policy, see: https://monday.com/l/privacy/privacy-policy/?_ga=2.135798705.1270466260.1684848050-1792570199.1683553548
Deletion of data: The data is generally deleted 30 days after the purpose has been fulfilled (e.g. cancellation or refusal). Deletion takes place no later than six months after the end of the contract, unless there is a legal obligation to retain data or a different requirement for storing the data. Inventory data and evidence of contractual relationships/consents are stored for up to three years. The necessity of storing the data is reviewed annually. In the case of conflicting legal archiving obligations, deletion takes place after these obligations have expired (e.g. commercial or tax law retention obligations), at the latest after 6 or 10 years.
IV. External online presences
In this section you will find information about our data processing in connection with external online presences, such as social media.
online presence in social media
Embedded content and functions
V. Web server and security
hosting
Our website is hosted on a server in a data center within the European Union that is under our control. The data center is operated by a US company with whom a data processing agreement based on the EU standard contractual clauses exists in order to meet the requirements of the GDPR.
server logs
Data processed: Usage data and metadata (name of the website accessed, file, date and time of access, volume of data transferred, notification of successful access, browser type and version, user's operating system, referrer URL, IP address and requesting provider). Special categories of personal data: no. Processing basis: Art. 6 Para. 1 lit. f GDPR. Affected persons: Customers, interested parties, visitors to our website. Purpose of processing: Optimization of server operation and security monitoring. Necessity/interest in processing: Security, business interests. Processing in third countries: no. Deletion of data: After 7 days from collection.
VI. Payment service providers
In this section we inform you about the data processing we carry out for payment purposes.
PayPal
Data processed: payment data, inventory data, communication data. Processing basis: contract fulfillment (Art. 6 Para. 1 lit. b GDPR) and legitimate interest (Art. 6 Para. 1 lit. f GDPR) in the use of the PayPal payment service. Disclosure to third parties: PayPal may pass on the personal data to affiliated companies and service providers or subcontractors if this is necessary to fulfill the contractual obligations or if the data is to be processed on behalf of them. Data subjects: customers, users, interested parties. Purpose of processing: payment processing, fraud prevention. Processing in third countries: no. Further information: PayPal's privacy policy can be found at: [Link to PayPal's privacy policy].
Please note that this is intended to be only an excerpt of a privacy policy and may not contain all information or specific details. It is recommended that you have a complete and up-to-date privacy policy drafted by a legal advisor or contact a company specializing in data protection to ensure that your privacy policy complies with legal requirements.
Here is a paraphrase of the content, keeping the content intact:
Payment option via PayPal:
If you use the "PayPal" payment option on our website, data is automatically transmitted to PayPal. This includes the following information: first name, last name, address, email address, IP address, telephone number, mobile phone number and other personal data related to your order. This data is processed using social plugins, permanent cookies, third-party cookies, interest-based marketing, tracking and remarketing. Please note PayPal's privacy policy at the following link: [Link to PayPal's privacy policy]
Credit checks:
In order to reduce the risk of payment defaults, we work with credit agencies and have outsourced our debt collection management. These service providers carry out identity and credit checks to assess the likelihood of payment defaults and credit risks. The information collected is used as part of an appropriate discretionary decision and may, under certain circumstances, lead to certain payment methods or services not being offered. This is based on automated individual decisions in accordance with Art. 22 GDPR. The legal basis for the credit check and the transmission of data to the credit agencies is either your express consent or our legitimate interest in the reliability of our payment claims.
Marketing:
In this section we inform you about the data processing we carry out to optimize our marketing and market research.
Personalized newsletter:
We only send newsletters, emails and other electronic notifications with advertising information (hereinafter "newsletter") with your consent or legal permission. In order to be able to prove your registration, the subscribers' data is logged. In addition to your email address, we may collect further information such as your name in order to personalize the newsletter and adapt it to your interests.
Content of the newsletter:
The content of the newsletter includes information about our services and our company, as stated in the registration form.
Data processed:
When processing the data, inventory data (email address) and usage data (registration time, double opt-in confirmation time, IP address, opening of the email, time and place, time and click on a link in the newsletter) are used. No special categories of personal data are processed.
Processing basis:
The processing of the data is based on Art. 6 Para. 1 lit. a, Art. 7 GDPR and Section 7 Para. 2 No. 3 UWG (shipping & performance measurement) as well as Art. 6 Para. 1 lit. c in conjunction with Art. 7 Para. 1 GDPR (logging, performance measurement, if not part of the consent).
Purpose of processing:
The data is processed for the purpose of sending the newsletter, optimizing the content and proving consent.
Type, scope and functioning of the processing:
Processing is carried out using a web beacon. Providing your email address is required, while the other information is voluntary and serves to personalize and optimize the content. Logging serves to prove consent. For users whose consent includes success measurement, success is measured on the basis of consent and otherwise on the basis of legitimate interests in optimizing the content and for business reasons.
A link to unsubscribe is included in every newsletter.
External disclosure:
The newsletter is sent via the Salesforce Privacy Team in the USA. For more information, see Salesforce's privacy policy at the following link: [Link to Salesforce's privacy policy]
Communication via post, email, SMS, fax or telephone:
We use the communication channels post, e-mail, SMS, fax or telephone to send information material and to establish, carry out or terminate contact within the framework of solar system service contracts.
Data processed:
The data processed includes inventory data, contact data, contract data and content data. No special categories of personal data are processed.
Processing basis:
The processing of the data is based on Art. 6 Para. 1 lit. a GDPR in the case of consent, Art. 6 Para. 1 lit. b GDPR in the case of contact in the context of contract execution and Art. 6 Para. 1 lit. f GDPR in conjunction with legal requirements for advertising communications.
Purpose of processing:
The data is processed for advertising purposes.
Type, scope and functioning of the processing:
Contact will only be made with the consent of the contact partner or within the scope of legal permissions.
Necessity / interest in processing:
The processing serves information and business interests.
External disclosure and purpose:
There is no external disclosure of the data.
Processing in third countries:
The processing does not take place in third countries.
Deletion of data:
The data will be deleted if an objection or revocation is made or if the legal basis for contacting us no longer applies. The data of interested parties is stored in accordance with the information on the deletion of the data within the scope of the processing activity mentioned above.
Optimization and security:
In this section you will find information about the data processing that we carry out to optimize our online offering. This data processing primarily serves to improve the user-friendliness and functionality of our online offering.
Buyer protection through Trusted Shops remains in place
In order to display the buyer protection provided by Trusted Shops and, where applicable, to display collected reviews, the Trusted Shops Trustbadge is integrated into this website.
This is done to protect our legitimate interests in the optimal marketing of our offer in accordance with Article 6 paragraph 1 sentence 1 letter f GDPR.
When you access the Trustbadge, the web server automatically saves a server log file that contains information such as your IP address, date and time of access, amount of data transferred and the requesting provider (access data) and documents the access. This access data is not evaluated and is automatically overwritten no later than seven days after your visit to the site.
Further personal data will only be transferred to Trusted Shops if you have consented to this, if you decide to use Trusted Shops products after completing an order, or if you have already registered to use them. In this case, the contractual agreement concluded between you and Trusted Shops applies.
reach measurement, online marketing and technology partners
In this section we inform you about the services we use for online marketing and reach measurement. They are used on the basis of Article 6 paragraph 1 letter f of the GDPR and our interest in increasing user-friendliness, optimizing our offering and increasing profitability. In all cases, usage and metadata are processed. Further explanations of the functions and protective measures can be found at the end of this data protection declaration in the definitions of terms. The data is deleted in accordance with the data protection declarations of the technology partners, unless otherwise stated.
V
Further information on processing procedures, procedures and services
Google Tag Manager
Google Tag Manager is a solution that allows us to manage website tags via an interface (e.g. integrating Google Analytics and other Google marketing services into our online offering). The Tag Manager itself (which implements the tags) does not process any personal data of users. Information on the processing of personal data of users can be found in the following information on Google services.
Terms of Use:https://www.google.com/intl/de/tagmanager/usepolicy.html
Google Analytics
We use Google Analytics to measure reach and create target groups.
Data processed: Usage data, metadata, customer ID with us (Google only receives the customer ID as pseudonymous data without the associated inventory data such as the customer's name, address or email). Type, scope, functionality of processing: Permanent cookies, third-party cookies, tracking, interest-based marketing, profiling, custom audiences, remarketing. Special protective measures: Pseudonymization, IP masking, conclusion of a contract processing agreement, opt-out. Opt-out:https://tools.google.com/dlpage/gaoptout?hl=de (browser add-on for Google Analytics),https://adssettings.google.com/ (advertisement settings). External disclosure: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy:https://www.google.com/policies/privacy/. Processing in third countries: No. Deletion of data: 14 months.
Google AdWords
We use Google AdWords to place ads in the Google advertising network and to show them to users who are likely to be interested in the ads (so-called "conversion"). We also measure the success of the ads. However, the success measurement is limited to the anonymous total number of users who clicked on our ad and were redirected to a page that has a measurement point set by us (so-called "conversion tracking tag"). We do not receive any information that can be used to identify users.
External disclosure: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Legal basis: Consent (Article 6 Paragraph 1 Sentence 1 Letter a GDPR). Website:https://marketingplatform.google.com. Privacy policy:https://policies.google.com/privacy. Further information: Types of processing and data processed:https://privacy.google.com/businesses/adsservices. Data processing conditions between controllers and standard contractual clauses for third country transfers of data:https://business.safety.google/adscontrollerterms.
Google DoubleClick
We use Google AdWords to measure the success of our ads placed on Google.
Data processed: Usage data, metadata, customer ID with us (Google only receives the customer ID as pseudonymous data without the associated inventory data such as the customer's name, address or email). Type, scope, functionality of processing: Permanent cookies, third-party cookies, tracking, conversion measurement, interest-based marketing, profiling. Special protective measures: Pseudonymization, IP masking, conclusion of a contract processing agreement, opt-out. Opt-out:https://tools.google.com/dlpage/gaoptout?hl=de (browser add-on for Google Analytics),https://adssettings.google.com/ (advertisement settings). External disclosure: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy:https://www.google.com/policies/privacy/. Processing in third countries: No. Deletion of data: 14 months.
Google Optimize
Our website uses the web analysis and optimization service "Google Optimize" to increase the attractiveness, content and functionality of our website by displaying new functions and content to a percentage of our users and statistically evaluating changes in usage.
Google Optimize is a service that falls under Google Analytics (see Google Analytics section). Using cookies, Google Optimize enables the optimization and analysis of how users use our website. The information on the use of our website generated through these cookies is usually transferred to a Google server in the USA and stored there. We use Google Optimize with activated IP anonymization, which means that your IP address is shortened by Google within the member states of the European Union or in other contracting states to the Agreement on the European Economic Area before transmission. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google uses this information to evaluate the use of our website, compile reports on optimization tests and related website activity, and provide us with other services related to website and Internet usage.
Type, scope, functionality of processing: Permanent cookies, third-party cookies, tracking, interest-based marketing, profiling, custom audiences, remarketing. Special protective measures: Pseudonymization, IP masking, conclusion of a contract processing agreement, opt-out. Opt-out:https://tools.google.com/dlpage/gaoptout?hl=de (browser add-on for Google Analytics),https://adssettings.google.com/ (advertisement settings). External disclosure: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy:https://www.google.com/policies/privacy/. Processing in third countries: No. Data deletion: 14 months.
Facebook ads: We place ads on the Facebook platform and evaluate the success of the ads. The processing serves the purpose of targeted advertising and target group formation. Event data of users of the Facebook platform is processed, including behavioral and interest information.
External disclosure: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Legal basis: Consent (Art. 6 Para. 1 Clause 1 lit. a GDPR). Website:https://www.facebook.com; Privacy Policy:https://www.facebook.com/about/privacy; Opt-out option: Please refer to the data protection settings for profiles and advertising on the Facebook platform as well as to the contact options provided in Facebook's privacy policy for exercising information and other data subject rights; Further information: We have entered into an agreement with Meta Platforms Ireland Limited regarding joint responsibility with Facebook or Meta ("Add for Controllers",https://www.facebook.com/legal/controller_addendum). Joint responsibility only applies to the collection and transmission of data to Meta Platforms Ireland Limited, a company based in the EU. The further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, in particular the transmission of the data to the parent company Meta Platforms, Inc. in the USA (based on the standard contractual clauses between Meta Platforms Ireland Limited and Meta Platforms, Inc.).
Facebook pixel: We use the Facebook pixel to only show advertisements to those Facebook users who have shown interest in our online offering or who have certain characteristics (e.g. interest in certain topics or services that can be seen from the websites visited) that we transmit to Facebook (so-called "custom audiences"). The Facebook pixel also enables us to record the effectiveness of Facebook advertisements statistically and for market research purposes by checking whether users were redirected to our website after clicking on a Facebook advertisement (so-called "conversion measurement").
Data processed: Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses), location data (data that indicates the location of an end user's device). Purposes of processing: Tracking (e.g. interest/behavior-related profiling, use of cookies), remarketing, evaluation of website activities, interest- and behavior-based marketing, profiling (creation of user profiles), conversion measurement (measurement of the effectiveness of marketing measures), reach measurement (e.g. access statistics, recognition of returning visitors), target group formation (determination of target groups relevant for marketing purposes or provision of other content), cross-device tracking (processing of user data across multiple devices for marketing purposes). Special protective measures: IP masking (pseudonymization of the IP address), encrypted communication between Facebook and our online offering. Legal basis: Consent (Art. 6 Para. 1 Clause 1 lit. a. GDPR), legitimate interests (Art. 6 Para. 1 Clause 1 lit. f. GDPR). Opt-out: We refer to the data protection information of the respective providers and the objection options specified there (so-called "opt-out"). If no explicit opt-out option is specified, you can deactivate cookies in the settings of your browser. However, this may limit the functions of our online offering. We therefore also recommend the following opt-out options:https://www.facebook.com/settings?tab=ads,https://www.youronlinechoices.com/uk/yourad-choices/ (EU),https://www.aboutads.info/choices/ (USA). External disclosure: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA. Privacy Policy:https://www.facebook.com/about/privacy/. Data deletion: The data will be deleted by Facebook as part of the termination.
Bing Universal Event Tracking (UET): Our website uses Bing Ads technologies to collect and store data from which usage profiles are created using pseudonyms. A Bing UET tag is integrated into our website. This tag is a code that, in conjunction with the cookie, stores certain non-personal data about the use of the website.
Data processed: time spent on the website, areas of the website accessed and the advert through which users reached the website. No information about identity is collected.
Application process: Applicants can submit their applications by email or using our application form on the website. Please note that emails are generally sent unencrypted and applicants are responsible for encryption themselves. When using the application form, the data is processed by Personio GmbH, which acts as a processor on our behalf. The application data is transmitted in encrypted form, stored exclusively in Germany and not passed on to third parties.
During the application process, the HR department and authorized persons, in particular the managers involved in the application process, use the data to check the suitability of the applicants for the advertised position. Publicly accessible directories and career networks (such as Xing, LinkedIn) are also used.
Data processed: inventory data, contact data, content data (application content, correspondence, internal comments).
Special categories of personal data: Yes, if necessary for the application process or provided by the applicant (e.g. health data).
Processing basis: Art. 6 Para. 1 lit. b GDPR, Section 26 BDSG, Art. 28 Para. 3 S. 1 GDPR.
Data subject: applicant.
Purpose of processing: Conducting the application procedure, selecting applicants.
Special protective measures: Access to application documents is restricted to those involved in the application process, encrypted transmission.
External disclosure: Personio GmbH, Buttermelcherstr. 16, 80469 Munich.
Necessity/interest in processing: applicants’ interest in a quick and effective application process, business interests, ensuring the rights of those affected.
Processing in third countries: No.
Deletion of data: The data protection regulations for the applicant system apply. If the application is successful, the data provided by applicants can be further processed for the purposes of the employment relationship. Applicants' data will be deleted if an application is withdrawn, which applicants are entitled to do at any time. Deletion will take place after a period of four months, provided there are no further follow-up questions about the application and the proof requirements of the General Equal Treatment Act (AGG) have been met. An informal declaration of revocation is possible at any time and can be sent to jobs@solation.de.
Recruiting via the XING TalentManager and the XING TalentpoolManager: If you have a XING profile, we can use the XING TalentManager and the XING TalentpoolManager to discover your profile and contact you. The XING TalentManager enables us to search for potential employees on XING and to manage applications and profiles of XING users for recruiting purposes. The XING TalentManager can only be accessed by our recruiters who are registered as members and authorized by us.
In XING TalentManager, our recruiters can collaborate and share information and content (correspondence, conversations, projects, notes, comments, etc.) to ensure that applicants are not contacted multiple times and important information is not lost.
If you specify solation as your preferred employer in your XING profile, we will also process your profile in the XING Talent Pool Manager. This allows us to create so-called "talent pools" in which we manage interested XING users in order to stay in touch and consider them for future job offers. In the XING Talent Pool Manager, we are informed about relevant activities of the candidates in the talent pool and can easily stay in touch with them via campaigns.
In the XING TalentManager and TalentpoolManager we process the data from your XING profile as well as other information that you provide to us when you contact us. We do not save or copy your XING profile, but only create a link to your profile via the services provided by XING.
Legal basis: The legal basis for this data processing is Art. 6 (1) (f) GDPR. We have a legitimate interest in finding and contacting suitable applicants via the professional network XING. In addition, we have a legitimate interest in adding your profile to the talent pool if you have specified solation as your preferred employer.
Possibility of objection: You can object to the processing of your personal data at any time by sending a corresponding message to jobs@solation.de. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds that outweigh your interests or the processing serves to assert, exercise or defend legal claims.
We will delete the link to your profile if we determine that we no longer wish to contact you, e.g. if suitable job offers no longer exist or if you indicate to us that you are not interested in working at solation. If you delete your XING profile, your data in the TalentManager and TalentpoolManager will also no longer be visible to us.
You also have the option of restricting the visibility of your data in your XING profile. You can make the relevant settings athttps://www.xing.com/settings/privacy.
Further information about XING TalentManager and XING TalentpoolManager can be found at:
https://www.xing.com/app/user?op=tandc&what=dp_xtm (XING TalentManager)
https://www.xing.com/app/user?op=tandc&what=dp_xtp (XING TalentpoolManager)
https://privacy.xing.com/de/datenschutzerklaerung (XING's privacy policy)
Recruiting via LinkedIn Recruiter and LinkedIn Job Slot: If you have a LinkedIn profile, we may use LinkedIn Recruiter and LinkedIn Job Slot to find your profile on LinkedIn and contact you. We have concluded a data processing agreement with LinkedIn in accordance with Art. 28 GDPR.
We can use LinkedIn Recruiter to search for candidates on LinkedIn and manage applications and profiles of LinkedIn users for recruiting purposes. Access to the LinkedIn Recruiter account is only granted to our recruiters.
LinkedIn Recruiter allows multiple recruiters to collaborate on LinkedIn recruiting and share information and content (correspondence, conversations, projects, notes, comments, etc.) to ensure candidates are not contacted multiple times and important information is not lost.
In LinkedIn Recruiter, we process the data from your LinkedIn profile as well as other information that you provide to us when contacting us.
Legal basis: The legal basis for this data processing is Art. 6 (1) (f) GDPR. We have a legitimate interest in searching for and contacting suitable applicants via the professional network LinkedIn.
Possibility of objection: You can object to the processing of your personal data at any time by sending a corresponding message to jobs@solation.de. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds that outweigh your interests or the processing serves to assert, exercise or defend legal claims.
We delete your personal data if we determine that we no longer wish to contact you, e.g. if suitable job offers no longer exist or if you indicate to us that you are not interested in working at solation. If you delete your LinkedIn profile, your data will also no longer be visible to us in LinkedIn Recruiter.
You also have the option of restricting the visibility of your data in your LinkedIn profile. You can make the relevant settings using the following links:
https://www.linkedin.com/psettings/data-visibility (visibility of profile and network)
https://www.linkedin.com/psettings/data-privacy (Use of your data on LinkedIn)
https://www.linkedin.com/psettings/advertising-data (advertising settings)
For more information, see LinkedIn's privacy policy athttps://www.linkedin.com/legal/privacy-policy
Conversion - Conversion or conversion measurement is a method of measuring the effectiveness of marketing efforts. It typically involves storing a cookie on users' devices when they visit websites that carry out marketing efforts. This cookie is then retrieved again when users visit the target website, for example to determine whether the ads placed on other websites were successful.
Cookies - "Cookies" are small files that are stored on users' computers. A cookie can store various information. A cookie is mainly used to store information about a user (or the device on which the cookie is stored) during or after visiting an online service. Temporary cookies, also called "session cookies" or "transient cookies", are deleted after a user leaves an online service and closes their browser. Such a cookie can, for example, store the contents of a shopping cart in an online shop or the login status in a community. "Permanent" or "persistent" cookies, on the other hand, remain stored even after the browser is closed. For example, they can store the login status in a community when users visit it again after several days. Such cookies can also store the interests of users, which are used for range measurement or marketing purposes (e.g. remarketing). "Third-party cookies" are cookies from providers other than the controller who operates the online service. If only cookies from the responsible party are used, these are called "first-party cookies".
Demographic data – Demographic data is general information about groups of people or individuals, such as age, gender, place of residence and social characteristics such as occupation, marital status or income. Demographic data is used in the context of reach measurement and in online marketing to determine target groups or for business analyses.
Third party – A “third party” means a natural or legal person, public authority, agency or other body other than the data subject, controller, processor or persons authorised to process personal data under the direct responsibility of the controller or processor.
Third country – “Third countries” are countries in which the General Data Protection Regulation (GDPR) does not directly apply. These are generally countries that belong neither to the European Union (EU) nor to the European Economic Area (EEA).
Consent – “Consent” of the data subject occurs when the data subject freely gives his or her informed and unambiguous indication of his or her agreement to the processing of his or her personal data, by a statement or by a clear affirmative action.
Embedding – Embedding involves integrating third-party content or software functions into your own online presence and displaying or executing them there. No copy of the content is created, but it is retrieved from the original server (e.g. videos, images, posts on social networks, rating widgets). When embedding, it is technically necessary for the content provider to record the user's IP address in order to display the embedded content in the user's browser. The content provider can also store cookies on the user's devices.
Advanced Matching - "Advanced Matching" is a Facebook pixel option that sends user inventory data such as phone numbers, email addresses, or Facebook IDs to Facebook in encrypted form to create audiences for Facebook ads and use them exclusively for that purpose.
IP address - The IP address (Internet Protocol address) is a string of numbers that can be used to identify devices connected to the Internet. When a user visits a website on a server, they tell the server their IP address. The server then knows to send the data packets containing the website's content to that IP address.
IP masking – "IP masking" is a method in which the last two numbers of an IP address are deleted in order to prevent the IP address from being clearly assigned to a specific person. IP masking is used to pseudonymize processing procedures, especially in online marketing.
Interest-based marketing or interest and behavioral advertising - Interest and behavioral advertising refers to the use of profiling to determine users' potential interest in advertisements (also known as "online behavioral advertising", or OBA for short). This process typically uses cookies and web beacons.
Opt-In – The term "opt-in" means registration. With double opt-in (DOI), a registration (e.g. by entering an email address in an online form field) is confirmed by sending a confirmation email to the owner of the email address.
Opt-Out – The term "opt-out" means unsubscribing and can, for example, represent an objection (e.g. against tracking) or a cancellation (e.g. for newsletter subscriptions).
Personal data/personal reference – “Personal data” means all information relating to an identified or identifiable natural person (hereinafter “data subject”). A natural person is considered identifiable if he or she can be identified, directly or indirectly, in particular by assignment to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more special characteristics that express his or her physical, physiological, genetic, mental, economic, cultural or social identity.
Plugins/Social Plugins – "Plugins" (or "social plugins" in the case of social functions) are external software functions that are integrated into the online offering. They can, for example, provide interaction elements (e.g. "Like" button) or content (e.g. external comment functions or posts in social networks).
Profiling - "Profiling" refers to any form of automated processing of personal data where these data are used to analyse, evaluate or predict certain personal aspects relating to a natural person. This may include information such as age, gender, location data, interactions with websites and their content, shopping behaviour or social interactions with other people. Cookies and web beacons are often used for profiling purposes.
Pseudonymisation/pseudonyms – Pseudonymisation refers to the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without additional information, provided that this additional information is kept separately. This allows data to be processed pseudonymously, for example by storing a precise profile of the user's interests in a cookie, but without the user's name. However, if personal data such as the name or IP address is stored, the processing is no longer pseudonymous.
Reach measurement – Reach measurement is used to evaluate the flow of visitors to an online offering and can include information about behavior, interests or demographic characteristics such as age or gender. Using reach analysis, website operators can, for example, identify what type of people visit their website at what time and what content they are interested in. This enables them to better adapt the content of their website to the needs of their visitors. Cookies and web beacons are often used for reach analysis.
Session cookies – See “Cookies”.
Tracking – Tracking refers to the tracking of user behavior across multiple online offerings, e.g. for remarketing purposes. Behavioral and interest information collected in connection with the online offerings used is stored in cookies or on servers of marketing service providers (e.g. Google or Facebook).
Controller – The “controller” is the natural or legal person, public authority, agency or other body which, alone or jointly with others, decides on the purposes and means of processing personal data.
Processing – "Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. This term is very broad and covers virtually any handling of data.
