Data Protection Notice of Solar Frontier Europe GmbH

In this data protection notice, Solar Frontier Europe GmbH, Nördliche Münchner Str. 14a, 82031 Grünwald, Germany (Phone: 0049 / 89 / 90 90 15 111; Fax: 0049 / 89 / 90 90 15 109; e-Mail: info@solar-frontier.eu) (hereinafter “we” and “us”) wish to inform you as the controller pursuant to data protection law of how we process your personal data (i) during your visit to our website, (ii) when you apply to work with us, (iii) if you are a business partner of us, or (iv) if we handle end customer requests.

1. Which personal data about you do we collect?

Personal data covers all information about a specific or specifiable natural person which you notify to us or which is generated or collected by us. This is, for example:

Service request data: When you use other services of our website, for example the use of contact forms,  the data entered by you or collected about you in this context as well the information provided to us by you will be processed.

Server log data: When you use our websites, data on your usage (such as the date and time of visit, pages called up and files requested, type and version of the web browser used by you, type and operating system of the end device you use as well as your IP address) is temporarily stored in a log file on our server.

Business partner data: Depending on the circumstances and necessity, we process personal data about our customers and suppliers or other business partners ("business partners") or our contact persons at our business partners in order to properly conduct business. This includes your contact information (e.g., name, gender, title, job title and title, role and position, professional experience, address, telephone number and e-mail address), as well as any payment data (bank accounts, cards and payments), communication data (any e-mails, letters or other communications from and to you including the circumstances of communication); and other data and documents with data about you (e.g. contracts, orders, invoices, delivery notes) required to carry out the business relationship.

End customer data: If you are an end customer who did not purchase our products from us, but contact us (by whatever means) to bring up (legal) claims resulting from warranties or product guaranties provided by us, we may process personal data about you such as contact information (e.g., name, gender, address, telephone number and e-mail address), as well as any payment data (bank account information for payments), communication data (any e-mails, letters or other communications from and to you including the circumstances of communication); and other data and documents with data about you (e.g. contracts, documents, invoices, delivery notes) required to manage your claim.

2. What do we use your personal data for, on what legal basis and for how long?

2.1 Your queries

Should you submit queries to us via a contact form, per e-mail or via a service telephone, e.g. asking for a referral where to buy the product, or asking technical questions regarding the products, we process the information given therein to answer your query as well as the IP address and date/time of the request in order to avoid misuse of the contact form.

The legal basis for the processing is our legitimate interest pursuant to Art. 6 (1) letter f GDPR in providing you with the aforesaid “queries” service. If your query concerns the initiation or processing (including customer service) of a contract, the additional legal basis for the processing is Art. 6 (1) letter b GDPR.

You may oppose the processing of your data on grounds of Art. 6 (1) letter f GDPR. In this case, upon proving mandatory reasons for the processing we can continue the processing. This can, in such case, be particularly necessary in order to prove past queries and communications with you. If no such mandatory reasons exist, we will cease our communication with you and delete already collected data.

This data will be deleted when our communication with you has ended, i.e. when the factual situation at issue has been conclusively clarified and no further legitimate interest exists for the storage, respectively no further statutory obligations exist to store such data.

2.2. Business partners

If you are our contact person in your role as owner or representative of a business partner, such as (potential) customer, supplier, cooperation partner, service provider, etc., we process the business partner data about you for the purpose of (a) communicating with you about planned, current or past business transactions, (b) initiating, executing and processing transactions depending on the contractually agreed service (e.g. fulfilment, delivery, invoicing, follow-up, customer service and assertion of legal claims), (c) if you are a (potential) customer in connection with the marketing and sale of our products and services (cf. also Section 2.5), and (d) for the long-term care and maintenance of the business relationship in our customer or supplier management systems.

You may find further details and additions to the processing purposes in our contractual documents, any declarations of consent and other information provided to you (e.g. on the website or in the terms and conditions).

The legal basis for the necessary processing of business partner data for a specific purpose is Art. 6 para. 1 lit. b GDPR (insofar as the data is required to fulfil a contract with you if you are our business partner), Art. 6 para. 1 lit. c GDPR (insofar as we are subject to legal obligations such as the Money Laundering Act, the Export Control and Sanction Law) as well as in other respects Art. 6 para. 1 letter f) GDPR (our legitimate interest in the initiation, implementation, administration and communication within the scope of a business relationship or the marketing and direct marketing of our products and services).

You can object to the processing of your data on the basis of Art. 6 (1) lit. f GDPR(according to Art. 21 para. 1 GDPR). In principle, we can then prove compelling reasons for the processing in order to continue it.

We process your data for the duration of our business relationship, including the initiation and processing of a contract, as well as, if necessary, for compliance with the legally prescribed retention and limitation periods.

2.3 Advertising and product development

We also wish to use the data entered by you in any event or collected during your use of the websites to inform you about products and services relating to our product range (advertising) or to improve our product offers and services (product development).

We use the anonymised and/or aggregated data collected with the aid of analysis tools, to be able to understand the surfing behaviour of all visitors and therewith improve the design of our website and of our product range in general. For details of the analysis tools, see point 4 below.

The legal basis for the processing is our legitimate interests (Art. 6 (1) letter f GDPR.

2.4 Provision of the website and rendering of services

The processing of the server log data is necessary for technical reasons in order to provide the website and render the services and thereafter to ensure the system security.
The legal basis for the processing is our legitimate interest in providing the website with our services (Art. 6 (1) letter f GDPR). The processing is a mandatory prerequisite for the use of our website; no objection right is hence available.

This data is deleted after 12 days at the latest.

The server log data may then be assessed in anonymised form for statistical purposes and to improve the quality of our internet presence. There is no link between the server log data and your personal data nor is the server log data combined in any way with other personal data sources.

2.5 End customer claims handling

If you contact us (by whatever means) to bring up (legal) claims resulting from warranties or product guaranties provided by us, we will use the end customer data in order to review your request, check the legitimacy of it, and, based on our decision, either comply with it and make payments, or reject it and defend ourselves if necessary.

The legal basis for the processing of your personal data is, according to the respective purpose, the “performance of a contract with the data subject according to Art. 6 (1) lit. b GDPR, or Art. 6 (1) lit. f GDPR (our legitimate interest in the handling and defense against legal claims).

In principle, you have a right to object to the processing of your data on the basis of Art. 6 (1) lit. f GDPR according to Art. 21 (1) GDPR, but because we process your data for the exercise of defence of legal claims, this right is excluded for this purpose.

We process your data for the duration of the management of your claims, as well as, if necessary, for compliance with the legally prescribed retention and limitation periods.

3. Transfer of the data

3.1 Transfer of data to data processors

We partially use service providers, in observance of the statutory requirements, by means of data processor relationships, i.e. processing is performed on the basis of a respective contract, for our account, according to our directions and subject to our control.

Data processors are, in particular

  • technical service providers whose services we retain for the provision of the website, e.g. service providers for software maintenance, data-processing operations and hosting
  • technical service providers, whose services we retain for the provision of functionalities, e.g. technically required cookies.

In such cases we remain responsible for the data processing; the transfer and processing of personal data to or by our data processors is made on the legal basis upon which we are permitted to process data in each case. No separate legal basis is required.

3.2 Data transfer to third parties

We partially also transmit your data to third parties, i.e. partners with whom we collaborate outside of a contracted processing. Such partners render their services on their own responsibility; the processing of your data by our partners is exclusively governed by the data protection notices of such third party.

3.2.1 Other group companies

In order to manage and handle claims or our customers and end customers, we may need to transfers or disclose personal data to other group companies, in particular our group quality organization to make a decision on the warranty and to evaluate the cause of the defect. Such transfer is based on our legitimate interest for internal group administration purposes according to Art. 6 (1) lit. f GDPR).

This may include a data transfer to other group companies located in countries outside the EU that do not provide the same level of data protection. In these circumstances we will, as required by applicable law, ensure that your data protection rights are adequately protected by technical, contractual or other lawful means. Please contact our data protection officer (see 20) for a copy of the safeguards which we have put in place to protect your personal data and data privacy rights in these circumstances

3.2.2 Other vendors or manufacturers

In case you request our assistance to handle requests or claims for other vendors or manufacturer (e.g. if we sold power sets, which include products of a third party, such as inverters), we may need to forward your request to such third parties.

In those cases, we will either ask for your consent or may rely on the legitimate interests exemption according to Art. 6 (1) lit. f GDPR, in case we have legal claims against the third party.

3.2.3 Social networks

To the extent you want to share one of our websites in a social network (e.g. Facebook or Twitter) and for this purpose click one of the “share” buttons, the respective information will be transferred to the social network. Of course, you have to be logged into the respective social network. The legal basis for the transfer is our legitimate interest to provide you with the opportunity to “share”, Art. 6 (1) letter f GDPR.

4. Cookies and web analysis

4.1 What are Cookies?

We and our partners use so-called “Cookies” to fashion our website in a most user-friendly way. Cookies are small files stored on the user’s device. They allow the storage of information for a determinate period of time and the identification of the user’s device. For this purpose, also tracking-pixel might be used that are not stored on the user’s hard drive, but that may in the same way help to recognize a user’s device. When using the term “cookie”, this refers to cookies in the technical sense as well as tracking pixel and other technologies.

When you visit our website for the first time, the entry page will show information on privacy and respective wording regarding the consent to the use of Cookies. By actively continuing to use the website and not actively objecting to the use of Cookies, you agree to the use of Cookies and such consent will be stored in your browser (in the form of a Cookie), so that the information does not have to be repeated on every page of our website. Should the consent be missing in your browser (e.g. if you deleted your browser history) the privacy information will appear again the next time you visit our website.

4.2 What Cookies do we use on what legal basis and for how long?

On this website we use only one type of Cookies: (1) Cookies required for technical purposes, without which the functionality of our website would be reduced.

Cookies required for technical purposes.
These Cookies are indispensable if we want to ensure proper functioning and easy navigation of our website. They allow, e.g., offer you the opportunity to search for local retailers selling our products (e.g. by showing a map of your neighbourhood), or store your consent/non-consent to the use of Cookies and your selected Cookie settings. Such Cookies do not collect any information about you for marketing purposes and do not record the sites you visit when surfing the internet. A deactivation of this type of Cookies would reduce all or part of the functions of the website.
The legal basis for this processing is our legitimate interest (Art. 6 (1) lit f GDPR).
These Cookies are specifically set for individual sessions and expire when you leave the website and end the session.

5. Links and embedded content

We use links to other internet presences of us on websites and services of third parties, e.g. to social media channels such as Facebook,Twitter or Youtube. These third parties are exclusively responsible for the data processing by such other service providers on their websites and their data protection notices apply.

In particular, this website uses the Youtube embedding function for the display and playback of videos of the provider "Youtube". In this respect, according to provider information, the extended data protection mode is used to ensure that user information will only be stored once the playback of the video(s) is started. When the playback of embedded Youtube videos is started, the provider sets "Youtube" cookies, in order to collect information on user behaviour. According to the information supplied by "Youtube", the use of these cookies serves to record video statistics, improve user-friendliness and prevent misuse. Irrespective of whether the embedded videos are played back, a connection to the Google network "DoubleClick" is established every time this website is accessed, which may cause additional data processing operations which are beyond our control.

You will find further information on data protection at "YouTube" in the provider's privacy policy at: www.google.de/intl/de/policies/privacy/

6. Security

We and our service providers take technical and organisational security measures to protect your personal data managed by us against accidental or deliberate manipulation, loss, destruction or access by unauthorised persons. Our data processing and our security measures are improved on a constant basis according to the technical developments.

During the transfer of your personal data to us it is encrypted with Secure Socket Layer (SSL). Personal data which is exchanged between you and us or other participating enterprises is fundamentally transmitted via encrypted connections which meet the latest technical standards.

Our employees and our retained service providers are naturally obliged to maintain confidentiality.

7. Your rights to information, correction, blocking or deletion

Every natural person whose personal data we process has, in principle (i.e. depending on the respective preconditions), the following rights vis-à-vis us:

  • Should you have questions regarding our processing of your personal data, we would be pleased to provide you at any time and at no charge with information on the data stored about you (Art. 15 GDPR).
  • You have a right to the correction of incorrect data as well as completion of incomplete data (Art. 16 GDPR).
  • You have a right to the blocking/limitation of the processing or to deletion of personal data concerning you which is no longer required or stored on grounds of legal obligations (Art. 17, 18 GDPR).
  • You have a right to the transfer of the data in a structured, standard and machine-readable format, insofar as you have provided us with the data on grounds of a consent or contract between us and you (Art. 20 GDPR).
  • You have the right to object at any time to the processing of your data for direct marketing purposes (cf. also clause 5; Art. 21 para. 2 and 3 GDPR).
  • You have the right to object to a processing on the basis of legitimate interest, in which case we are entitled to demonstrate our compelling reasons (Art. 21 para. 1 GDPR). We have pointed out above (clause 2) in which cases this right applies.
  • Insofar as you have consented to a data processing, you can revoke this consent at any time with effect for the future, i.e. the legality of the data processing remains unaffected until the date of the revocation. After a revocation of consent, you may no longer be able to use our services.

Please address your concerns in writing (reference: data protection) or by e-mail to the contact details given in point 8 below. We reserve the right to check your identity to ensure that your personal data is not disclosed to unauthorised persons.

Furthermore, you are entitled to file a complaint with a supervisory authority for data protection.

8. Data protection officer

You can reach our data protection officer as follows:
Solar Frontier Europe GmbH
Nördliche Münchner Straße 14 A
82031 Grünwald, Germany
GDPR@solar-frontier.eu

9. Amendments

From time to time the content of this data protection notice may have to be modified. We therefore reserve the right to amend them at any time. We will also publish the amended version of the data protection notice at this place. When you revisit us, you should therefore reread the data protection notice.