Data protection

Privacy statement

Data protection information for autarc GmbH's online offerings

Scope of application:

• autarc.energy
• app.autarc.energy

Table of contents

1. Basic information
2. Who we are (responsible for data protection)
3. Data collection when you visit our online offer
    3.1. Intercom
    3.2. Webflow
    3.3. Bubble
    3.4. Hotjar
4. contacting
    4.1. Hubspot chat widget
    4.2. Typeform
    4.3. Zapier
5. Data processing when registering to open a customer account
6. Using your data for advertising purposes (recommendations to platform users)
    6.1. Recommendations to platform users
    6.2. Service provider for sending emails
7. Information on the use of cookies and tools
    7.1. What are cookies?
    7.2. Which cookies do we use?
    7.3. For what purposes and according to which legal bases do we use cookies?
    7.4. How can you turn off cookies?
    7.5. Do we use third-party cookies?
    7.6. Overview of cookies used
    7.7. Google Analytics web analysis service
    7.8. Retargeting/Remarketing/Referral Advertising
8. Integration of social media and other services
    8.1. PTV (Map & Guide)
    8.2. Social media appearances and use of social media icons on our pages
    8.3. Google Maps
    8.4. linkedin
    8.5. Google reCAPTCHA
9. Payment service provider
10. Your rights as a data subject
     10.1. The right to information
     10.2. Right to rectification
     10.3. Right to delete
     10.4. Right to restrict processing
     10.5. Right to be informed
     10.6. Right to data portability
     10.7. Right to object
     10.8. Right to withdraw consent under data protection law
     10.9. Right to lodge a complaint with the supervisory authority

1. Basic information

We are pleased that you are visiting our website and thank you for your interest. In the following, we will inform you about the handling of your personal data when using our offers on the Internet, such as our website and our online shop. The following information also relates to the use of our offer with mobile devices, such as smartphones or tablets. Personal data is all data with which you can be personally identified or that makes you identifiable via an identifier, for example via your IP address. This privacy policy explains on which legal basis and for what purpose this is done. We will also inform you of your rights with regard to the use of personal data. If you have any questions regarding the use of your personal data by us, please contact us as the responsible body (contact under section 2). For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the person responsible), this online offer uses SSL or TLS encryption. You can recognize an encrypted connection by the string “https://” and the lock icon in your browser line.

2. Who we are (responsible for data protection)

Responsible for data processing on our online offering within the meaning of the General Data Protection Regulation (GDPR) is:autarc GmbH (haftungsbeschränkt) (Amtsgericht Berlin, HRB 249005), represented by the managing director Etienne Krause, Thies HansenHoppestraße 3113409 Berlin (+49) 151 68547823hello@autarc.energyKontaktdaten our company data protection officer: dataprotection@autarc.energy.

3. Data collection when you visit our online offer

Even visiting our website (without registration) automatically results in the anonymized collection of the following data on our server: - abbreviated IP address, - date/time/time zone of access, - access status, - type of access, - protocol type, - type and number of pages accessed by us, - name and size of the files accessed, - source website, - web browser used, - operating system used. Personal information is automatically collected through the normal functioning of our Internet services. This usage data about visits to our pages is not combined with the personal data provided via the registration form. For us, any personal reference of the usage data is excluded. We use the above data for troubleshooting purposes, to compile statistics and to measure activity on the website, with the aim of increasing the usefulness of our offer for you. At the same time, there is a legitimate interest, so that data processing is justified in accordance with Article 6 (1) (f) GDPR. Only our IT administrator has access to this data for the purposes mentioned above. We only collect the above data for the period of use; once use has ended, the data is deleted immediately, but no later than after seven days. We receive information via so-called cookies and web analysis services as soon as your web browser opens our pages. These identifiers support various service functions on our website and are automatically transmitted via your web browser to the hard drive of your computer or other mobile devices. You can prevent this function by setting your browser accordingly. However, personalized service is not possible in this case. In these cases, your anonymized IP address may also be transferred to the USA. You can find more information about the cookies and web analysis tools we use below under the heading “Information on the use of cookies and tools.”

3.1. Intercom

If you contact us via the Intercom messenger service, data is processed by “Intercom, Inc., 98 Battery Street, Suite 402, San Francisco, CA 94111 USA and 2nd Floor, Stephen Court, 18-21 Saint Stephen's Green, Dublin 2, hereinafter “Intercom”). Insofar as data is transferred to a third country (in particular the USA), we refer to “3. General information and mandatory information” under “Note on data transfer to the USA and other third countries” of this privacy policy. Further information on data processing by “intercom” can be found at: https://www.intercom.com/de/terms-and-policies.Wir have concluded an order processing contract with “Intercom”. This is a contract required by data protection law, which ensures that “Intercom” processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

3.2. Webflow

We use the Webflow website builder system and content delivery network (CDN) Webflow to host and design this website. This service is provided by Webflow Inc., 398 11th Street, 2nd Floor, San Francisco, California, 94103, USA (“Webflow”) .As part of the hosting/website builder system, Webflow only processes the data mentioned in “3rd data collection when you visit our online offer”, with a personal relationship This usage data is excluded. As part of hosting, Webflow also acts as a content delivery network. A content delivery network (CDN), or also known as a content distribution network, is a network of regionally distributed servers connected via the Internet, with which content is distributed. The distribution of network traffic ensures faster website load time, reliability, and greater protection against data loss. This represents a legitimate interest within the meaning of Article 6 (1) (f) GDPR, because we want to offer you the most reliable, stable service possible. We assume that this is in your interest. If not, you can informally notify us of your withdrawal at any time. We have concluded an order processing contract with Webflow and a contract in accordance with the standard data protection clauses of the EU, in which we oblige Webflow to protect our customers' data and not to pass it on to third parties. Webflow is certified under the EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TT9jAAG&status=ActiveDie Webflow's current privacy policy can be found at: https://webflow.com/legal/eu-privacy-policyWeitergabe of the data: However, according to the case law of the European Court of Justice, the USA does not have an adequate level of data protection. For this reason, we have agreed additional guarantees with Webflow. The subcontractors used by Webflow have also been contractually bound accordingly. However, AWS offers each customer a GDPR Data Processing Addendum that contains the standard data protection clauses (Data Processing Addendum): https://docs.aws.amazon.com/whitepapers/latest/navigating-gdpr-compliance/aws-data-processing-addendum-dpa.htmlWebflow works with Amazon Web Services (AWS) as a subcontractor as part of hosting. Data is processed in Germany and Ireland. For technical reasons, it may happen that the infrastructure is maintained from the USA. AWS is certified by the US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TOWQAA4&status=ActiveWebflow works with Fastly as a subcontractor as part of hosting. Here, too, data is processed in the USA. Fastly is certified by the US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TNGUAA4&status=ActiveFastly offers every customer a GDPR Data Processing Addendum, which contains the standard data protection clauses (Data Processing Addendum): https://www.fastly.com/de/data-processingUm To make any processing of personal data in the USA secure, we have taken the following technical and organizational measures: Webflow and subject the subcontractors used by Webflow In the data protection of an EU jurisdiction and commit to pay compensation to the data subjects in the event of data protection breaches. If appropriate consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be withdrawn at any time. The collected data is deleted at the end of each visit to our website.

3.3. Bubble

We build our website app.autarc.energy with Bubble.io. The provider is Bubble Group, Inc., 55 Hudson Yards, 44th Floor, New York, NY 10001, USA (hereinafter: Bubble.io). When using and creating projects on our website app.autarc.energy, personal data is collected by Bubble.io on our behalf and stored on a server hosted by AWS. These are: - IP addresses (only in abbreviated form) - First name and last name address (zip code, city, street and house number) - Company name- Company address- Telephone number- Payment information- Heating system- Consumption values- Number of occupants- Building age rooms and dimensions of the project- Radiator data- Photos and documents relating to Project Bubble is certified under the EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt00000008W5AAAU&status=ActiveDie USA has, however, according to the case law of the European Court of Justice no adequate level of data protection. However, Bubble offers a GDPR Data Processing Addendum for every customer, which contains the standard data protection clauses: https://bubble.io/dpa In order to make any processing of personal data in the USA secure, we have taken the following technical and organizational measures: Bubble submits to an EU jurisdiction in data protection and undertakes to pay damages to data subjects in the event of data breaches. Further information on data processing at Bubble can be found at: https://bubble.io/privacyBubble works with Amazon Web Services (AWS) together as a subcontractor. Data is processed in Frankfurt, Germany and Ireland. For technical reasons, the infrastructure may be maintained from the USA. AWS is certified by the US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TOWQAA4&status=ActiveDie However, according to the case law of the European Court of Justice, USA does not have an adequate level of data protection. However, AWS offers a GDPR Data Processing Addendum for every customer, which includes the standard data processing clauses (Data Processing Addendum): https://docs.aws.amazon.com/whitepapers/latest/navigating-gdpr-compliance/aws-data-processing-addendum-dpa.html

3.4. Hotjar

This website uses the Hotjar analysis tool from Hotjar Ltd, Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141, Malta (“Hotjar”). When visiting the site, in addition to technical master data and cookies, the user's mouse movements are examined in particular to create so-called “heat maps.” This information enables us to make the website even faster and more customer-friendly. Personal data is completely hidden during this process and is therefore not collected. If you do not agree with Hotjar's approach, you can adjust your browser's cookie settings accordingly or deactivate the functions under this link: https://www.hotjar.com/policies/do-not-track/.Weitere Information about data protection at Hotjar can be found here: https://www.hotjar.com/legal/policies/privacyKontakt-E-Mail-Adresse: dpo@hotjar.com and support@hotjar.com

4. Contact

We have stored our contact details on our website, which you can use to contact us electronically, by post or by telephone. Contacting us is always voluntary. We process your data (e.g. your email address and name when you contact us via e-mail) exclusively for the purpose of answering your request or the desired contact with you and the associated technical administration. The legal basis for this processing is Art. 6 paragraph 1 letter b GDPR, because we need the above data to initiate, execute or terminate a contractual relationship with you.Our internal customer service receives your request.We do not transfer your inquiries to third countries or organizations outside the EU.After processing your request, we delete the data relating to your contact immediately, but no later than seven days after processing the request. This storage period may be precluded by legal retention periods, e.g. if your request is related to a contract or warranty or warranty processing. In this case, we will only store your request beyond seven days for the purpose of fulfilling the legal storage obligations (Art. 6 paragraph 1 letter c GDPR). In this case, we will delete your data at the latest upon expiry of the legal retention period (Section 147 (3) AO), i.e. after 10 years, beginning with the conclusion of the contract. When this retention period expires, we will immediately delete this data without you having to ask us to do so.

4.1. Hubspot chat widget

On our pages, we have integrated a chat widget from the provider HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA (hereinafter: “Hubspot”), which you can use to contact us. Contacting us is always voluntary. We process your data, which you provide to us in the chat, exclusively for the purpose of answering your request or requesting contact with you and the associated technical administration. The legal basis for this processing is Art. 6 paragraph 1 letter b GDPR, because we process the above data to initiate, execute or terminate a contractual relationship with you. Our internal customer service receives your request. We do not transfer your inquiries to third countries or organizations outside the EU. Hubspot stores the data exclusively on servers in Europe. After processing your request, we delete the data relating to your contact immediately, but no later than seven days after the request has been completed. This storage period may be precluded by legal retention periods, e.g. if your request is related to a contract or warranty or warranty processing. In this case, we will only store your request beyond seven days for the purpose of fulfilling the legal storage obligations (Art. 6 paragraph 1 letter c GDPR). In this case, we will delete your data at the latest upon expiry of the legal retention period (Section 147 (3) AO), i.e. after 10 years, beginning with the conclusion of the contract. Upon expiry of this retention period, we will immediately delete this data without you having to ask us to do so. HubSpot is certified under the EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TN8pAAG&status=ActiveDie USA, however, does not have an adequate level of data protection according to the case law of the European Court of Justice. However, Hubspot offers every customer a GDPR Data Processing Addendum, which contains the standard data protection clauses: https://legal.hubspot.com/dpaUm to make any processing of personal data in the USA secure, we have taken the following technical and organizational measures: HubSpot submits to an EU jurisdiction in data protection and undertakes to pay compensation to the persons concerned in the event of data protection breaches. Refer to the privacy policy: http://legal.hubspot.com/de/privacy-policy

4.2. Typeform

We have integrated Typeform on this website. The provider is TYPEFORM S.L., Carrer Bac de Roda, 163, 08018 Barcelona, Spain (hereinafter Typeform) .Typeform enables us to create online forms and integrate them on our website. The data you enter into our Typeform forms is stored on Typeform's servers until you request us to delete it, revoke any consent you have given us to store it, or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory legal provisions — in particular retention periods — remain unaffected. Typeform is used on the basis of Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in functioning online forms. If a corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be withdrawn at any time. Order processingWe have concluded an order processing contract (AVV) for the use of the above service. This is a contract required by data protection law, which ensures that it only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

4.3. Zapier

We use “Zapier” to connect various web apps. This allows us to automate actions between different web apps. Zapier is a service provided by Zapier Inc., 548 Market St #6241, San Francisco, CA 94104, USA. When using Zapier, it is not ruled out that data will be transferred to Zapier servers in the USA. We have concluded an order processing agreement with Zapier. In addition, data processing is secured by EU standard contractual clauses. We use Zapier to automate actions between different apps and thus improve our website and make it more time-efficient, which also represents our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR. Further information on Zapier's data protection can be found at: https://zapier.com/privacy/

5. Data processing when registering to open a customer account

You have the option to register as a specialist partner or customer on our website. We process this data exclusively to carry out the contract concluded with you for the use of our online offer or to record projects. This data processing is justified under Article 6 (1) (b) GDPR. If you have registered with us as a specialist partner or customer, we save your project data or its evaluation in your customer account. You have control over the storage of this data and can delete it at any time by deleting the corresponding project. We store this history for the purpose of optimizing our offer in order to make the user experience on our platform as pleasant as possible for you. This processing is justified on the basis of our legitimate interest in accordance with Art. 6 paragraph 1 letter f DSGVO. All information is voluntary. To create an account, we need at least the data marked with an asterisk (*) during the registration process. Our internal customer service and marketing, IT only to correct faults or system maintenance, have access to this data. If we transfer data to third countries or organizations outside the EU, this is set out accordingly in this data protection declaration. It is possible to delete your specialist partner or customer account at any time. You can delete it yourself or send us a corresponding message to the above address. After complete processing of the contract in the event of guest access or deletion of your specialist partner or customer account, your data will be blocked in accordance with tax and commercial retention periods and deleted after expiry of these periods, unless you have expressly consented to further use of your data or a legally permitted further use of data has been reserved by our site, through which we inform accordingly. If you are registered with us as a specialist partner or customer and have created project data, we will delete it no later than 10 years from the date of purchase. We delete your data at the latest upon expiry of the legal retention period (Section 147 (3) AO), i.e. after 10 years, beginning with the conclusion of the contract. When this retention period expires, we will immediately delete this data without you having to ask us to do so. Our admins can view all data, which is the only way to manually check the plausibility of projects.

6. Using your data for advertising purposes

6.1. Recommendations to platform users

If you have ordered products or used services from us and have provided your e-mail address, we allow ourselves, within the scope of legal requirements, to send you recommendations for our own similar services if you have agreed by means of a double opt-in or if we have notified you of this during registration and you have not objected to this. This type of contact is exclusively for the purpose of sending the recommendation by electronic mail to you as a platform user. We are thus pursuing our legitimate interest in personalized direct advertising from existing platform users. The basis for this is based on Article 6 paragraph 1 letter f GDPR in conjunction with Section 7 (3) Act against Unfair Competition (UWG). If you have initially objected to the use of your email address for this purpose, we will not send you the above information by email. You are entitled to object to the use of your email address for the above mentioned advertising purpose at any time with effect for the future by sending us a message. After receipt of your objection, the use of your email address for the above mentioned advertising purpose will be immediately discontinued.

6.2. Service provider for sending emails

If you have signed up to our platform, we will contact you via email (transactional, automated) in order to execute the contract with you (Article 6 (1) (b) GDPR). For these emails, we use the SendGrid tool from the following service provider: Twilio Inc., 899 Winslow St. Redwood City, CA 94063, USA (“SendGrid”). This service provider acts on our behalf strictly in accordance with our instructions and, for this purpose, receives knowledge of your e-mail address and, if applicable, your name. This data is processed on SendGrid's servers in Germany and Ireland. On our behalf, SendGrid uses this information to send emails to you in the following cases: - Email address confirmation email if password is forgotten email when requesting a Magic Login linkWe have concluded an order processing contract with SendGrid and the EU standard data protection clauses for the above purposes, in which we oblige SendGrid to protect our customers' data and not to pass it on to third parties .More Information about data processing at SendGrid is available here: https://www.twilio.com/legal/privacy.Wir save your email address and name in your profile on our platform only as long as you are logged on to our platform. After deleting your profile with us, we will delete your data. Automated decision-making or profiling does not take place. SendGrid is certified by the US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TNLbAAO&status=ActiveDie However, according to the case law of the European Court of Justice, USA does not have an adequate level of data protection. However, SendGrid offers every customer a GDPR Data Processing Addendum (https://www.twilio.com/legal/data-protection-addendum), which contains the standard data protection clauses (Data Processing Addendum). In order to make any processing of personal data in the USA secure, we have taken the following technical and organizational measures: SendGrid submits to an EU jurisdiction in data protection and undertakes to pay compensation to data subjects in the event of data protection violations.

7. Information on the use of cookies and tools

7.1. What are cookies?

In order to make visiting our online offering attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your device. These text files are used to archive information for a limited period of time. Your browser stores cookies in the form of a readable text file as soon as you visit our pages. If you are registered with us, cookies help us recognize your device (computer, tablet or smartphone) the next time you visit our online offering. Some cookies may contain personal information.

7.2. Which cookies do we use?

By type, we divide the cookies we use into the following classes: necessary cookies, function, analysis & statistics and advertising & marketing. Necessary cookies enable you to use our online offering (so-called session or session cookies). If this cookie is switched off, you will not be able to access our pages. The authentication cookie gives you access to the login area. Without this cookie, neither registration nor access to the login area is possible. These session cookies are deleted after the end of the browser session, i.e. after closing your browser (so-called session or session cookies). Other cookies remain on your device and enable us or our partner companies (third-party cookies) to recognize your browser the next time you visit (so-called persistent cookies). Persistent cookies are automatically deleted after a specified period of time, which may differ depending on the cookie. We use a so-called retargeting cookie for advertising purposes. This allows us to display interesting promotional offers for you on the Internet even outside of our offers. For more information, see the following overview of the cookies used.

7.3. For what purposes and according to which legal bases do we use cookies?

Most cookies we use do not store information that identifies or makes you identifiable as a person. Instead, these cookies provide us with general and anonymized information about visitors to our online offers, the browsers and operating systems used, and which cities our visitors come from. We only record the IP address in abbreviated form in such a way that individual recognition and allocation is not possible. In some cases, the cookies are used to simplify the ordering process by saving settings (e.g. remembering the content of a virtual shopping cart for a later visit to the website). If individual cookies used by us also process personal data, the processing is carried out in accordance with Art. 6 paragraph 1 letter b GDPR to execute the contract with you. Insofar as we collect data with cookies, this is done on the one hand to gain insights to optimize the functionalities and content of our online offering. With such functional cookies, we are pursuing a legitimate interest (Art. 6 paragraph 1 letter f GDPR), because this allows us to adapt our offer to meet technical requirements and makes it easier for you to access our pages. On the other hand, we use cookies to measure how successful our online advertising measures are. Based on statistical data, we can also identify faults and understand how we calculate advertising costs. We only carry out this processing if you have given us your consent to use these cookies for analysis & statistics or for advertising & marketing (Art. 6 para. 1 letter a GDPR). Once you have given your consent, you can withdraw it at any time with effect for the future. Data processing remains permitted until revocation. Click here to view and change your cookie settings.

7.4. How can you turn off cookies?

You can set your browser so that you are informed when cookies are set and decide individually whether to accept them or can exclude the acceptance of cookies in certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in each browser's help menu, which explains how you can change your cookie settings. These can be found for the respective browsers under the following links: - Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies - Edge: https://support.microsoft.com/de-de/help/4027947/microsoft-edge-delete-cookies - Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen - Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647 - Safari: https://support.apple.com/de-de/guide/safari/sfri11471/12.0/mac/10.14 - Opera: https://help.opera.com/de/latest/web-preferences/#cookiesAlternativ Contact the Digital Advertising Alliance at www.aboutads.info to find out more about the setting of cookies and make settings for this.

7.5. Do we use third-party cookies?

We sometimes work with advertising partners who help us make our website more interesting for you. For this purpose, cookies from partner companies may also be stored on your device when you visit our online offerings (third-party cookies). The information on the use of such cookies and the scope of the data collected in each case is explained in more detail below. We use some cookies or tools because they are necessary so that we can provide you with our online offer. In this case, the legal basis for processing is the user contract concluded with you (Article 6 (1) (b) GDPR) or our legitimate interest, provided that no conflicting interests are discernible and there is also no objection (Article 6 (1) (f) GDPR). We use all other cookies exclusively on the basis of your consent (Article 6 (1) (a) GDPR). Some of the cookies we use from third parties result in data processing in the USA. Even in this case, we only use cookies with your consent (Art. 6 para. 1 letter a GDPR). These providers (e.g. Google, Facebook) have committed to comply with the data protection provisions of the EU-US Privacy Shield, the legal framework for transatlantic transfer of data agreed by the European Commission and the United States (COMMISSION IMPLEMENTING DECISION (EU) 2016/1250 of 12 July 2016 in accordance with Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the EU-US Privacy Shield (notified under file number C (2016) 4176)). These providers are also registered with the US Department of Commerce's “Privacy Shield” program. However, the European Court of Justice has declared this agreement invalid and found that the USA does not have a level of data protection comparable with the EU (ECJ, judgment of 16.07.2020 — C-311/18, paragraph 200, Facebook/Schrems II). The laws of the USA give various security agencies unlimited monitoring powers, including through the use of monitoring programs that make mass collection and evaluation of data possible. According to national laws, US providers are required to grant security authorities access to the data they process, even if it is processed by a foreign company. By granting consent, there is a risk that the data collected via cookies will become part of mass surveillance in the USA. There is no legal remedy or efficient legal process available in the USA against such monitoring.

7.6. Overview of cookies used

Here is an overview of the cookies we use:

‍Necessary cookies:

‍
‍fs-cc-updated, fs-cc
Storage of consent/rejection of optional cookies.Duration of use: 1 day

‍mission-bagger_u1main, mission-bagger_live_u2main, mission-bagger_live_u2main.sig
Bubble.io cookies: These cookies are required to save your session when you are logged in. As a result, you don't have to log in again every time you click on different areas of our platform.Duration: session, 1 day

‍function:

__hs_cookie_cat_pref
Hubspot cookie: storage of consent/rejection of optional cookies.Duration of operation: 6 months

‍__hssrc
Hubspot cookie: Whenever the HubSpot software changes the session cookie, this cookie is also set. This determines whether the visitor has restarted the browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session. It contains the value “1” when available. It expires at the end of the session.Operating time: Session

‍__hstc
Hubspot cookie: The main cookie for visitor tracking. It contains the domain, the user token (utk), the first timestamp (of the first visit), the last timestamp (of the last visit), the current timestamp (for this visit) and the number of sessions (increases with each subsequent session) .Duration: 6 months

‍__hssc
Hubspot cookie: This cookie tracks sessions. It is used to determine whether the HubSpot software needs to increase the number of sessions and timestamps in the __hstc cookie. It contains the domain, the number of page views (ViewCount, increases with every page view [PageView] in a session), and the session start timestamp function time: 30 minutes

‍Hubspotutk

‍Hubspot cookie: This cookie tracks a visitor's identity. This cookie is passed to HubSpot software when a form is submitted and is used when de-duplicating contacts. It includes an opaque GUID to represent the current visitor. Duration of use: 6 months

‍1P_JAR, AEC, CONSENT, DV, NID, UULE
Google API cookies: These cookies enable you to use the autocomplete function when entering addresses.

‍_ga, _GA_vjk4f2q9mr
Analysis tool from Google, which gives website and app owners insight into how their users interact with their offerings, creates website usage statistics.Duration of use: 2 years

7.7. Google Analytics web analysis service

After consent has been given, we use the web analysis service Google Analytics in our online offering. In the EU, EEA and Switzerland, this service is offered by Google Ireland Limited Gordon House, Barrow Street Dublin 4. Ireland, in the USA by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses cookies, which are stored on your computer and which enable an analysis of the use of our online offering. The information generated by the cookie about your use of our online offering (including your abbreviated IP address) is transmitted to a Google server in the USA and stored there. In this way, Google evaluates your use of our online offering in order to create statistical reports for us on the activities on our online offering and to provide us with other services related to the use of our online offering. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google. We use Google Analytics in our online offering exclusively with the addition of the “anonymize IP” function for web analysis purposes. This setting ensures that Google Analytics deletes the last part of your IP address. This anonymization of your IP address precludes direct personal identification. As a result of the extension, your IP address will be abbreviated beforehand by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and abbreviated there. As a result, we also do not have data that allows us to draw conclusions about you personally. With Google Analytics, we also use the Universal Analytics functions. Universal Analytics allows us to analyze activities on our online offerings across devices (e.g. when accessed via a notebook and later via a tablet). As a user, you are assigned a pseudonymous user ID as soon as you log on to our pages. The system also recognizes your user ID when you visit our site with another device. However, we do not assign names to the pseudonymous user ID. We also do not transfer any personal data to Google. Data protection measures, such as IP masking or the browser add-on, are not restricted by the Universal Analytics function. You can prevent the installation of cookies by setting your browser software accordingly. You can also prevent Google from collecting the data generated by the cookie and related to your use of our online offering (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link: https://support.google.com/analytics/answer/181881?hl=deDamit will prevent Google Analytics from collecting this data within our online offering in the future. This opt-out cookie only works in this browser and only for this domain. If you have made one of the above deactivations, you may not be able to use all functions of our website in full. Google is certified under the EU-US Privacy Shield, but as a result alone does not offer an adequate level of data protection: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=ActiveWir have concluded a contract with Google in accordance with the EU's standard data protection clauses. According to the case law of the European Court of Justice, further data protection guarantees are required, which do not yet exist. More information on the handling of user data by Google Analytics can be found in Google's privacy policy: https://policies.google.com/privacy?hl=de

7.8. Retargeting/Remarketing/Referral Advertising

7.8.1 Google Ads Manager (Ad Manager)

The Google ad manager is a platform for all ad formats. This service is operated in the EU, EEA and Switzerland by Google Ireland Limited Gordon House, Barrow Street Dublin 4. Ireland, in the USA by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). The ad manager uses cookies to present you with advertisements that are relevant to you. This assigns a pseudonymous identification number (ID) to your browser to check which ads have been displayed in your browser and which ads have been viewed. The cookies do not contain any personal information. Using the ad manager only allows Google and its partner websites to place ads based on previous visits to our online offering or other websites on the Internet. With the Google ad manager, we can design ads interactively and dynamically in various formats (e.g. video or individual). We can also manage and evaluate our ads. Ad manager cookies enable Google to recognize your browser. This gives us the information that someone clicked on an ad and was redirected to our site. We ourselves do not collect or process any personal data in the mentioned advertising measures. We only receive statistical evaluations of our campaigns from Google. Based on these evaluations, we can identify which of the advertising measures used are particularly effective. We do not receive any further data from the use of advertising materials, in particular we cannot identify users on the basis of this information. The information generated by the cookies is transmitted by Google to a server in the USA for evaluation and stored there. Google only transfers data to third parties due to legal regulations or as part of order data processing. Under no circumstances will Google combine your data with other data collected by Google. You can prevent data collection by the Google ad manager as follows: You can prevent cookies from being saved by setting your browser software accordingly. Information about this can also be found here: https://support.google.com/ads/answer/7395996Sie can also prevent cookies from collecting and processing data by installing a browser plug-in (https://support.google.com/ads/answer/7395996).Alternativ, you can use Google cookies on the Digital Advertising Alliance website at the following link (http://optout.aboutads.info/?c=2 #! /) Deactivate. If you have made one of the above deactivations, not all functions of our website may be fully available for you to use. Google is certified under the EU-US Privacy Shield, but as a result alone does not offer an adequate level of data protection: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=ActiveWir have concluded a contract with Google in accordance with the EU's standard data protection clauses.

7.8.2 Google Tag Manager

We use Google Tag Manager in our online offering for personalized, interest-based and location-based online advertising. This service is operated in the EU, EEA and Switzerland by Google Ireland Limited Gordon House, Barrow Street Dublin 4. Ireland, in the USA by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Tag Manager allows us to manage website tags via an interface. As a result, we neither use cookies nor collect personal data. The tag manager was developed specifically for advertisers and is a container that can be used to mark and manage elements (tags) from Google and other providers. In this way, data can be forwarded to other cookies or tools. Tags can be added for conversion tracking, website analytics, and other purposes, for example. Google is certified under the EU-US Privacy Shield, but as a result alone does not offer an adequate level of data protection: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=ActiveWir have concluded a contract with Google in accordance with the EU's standard data protection clauses. More information about Google Tag Manager can be found here: http://www.google.de/tagmanager/use-policy.htmlWeiterführende Information and Google's privacy policy can be found at: http://www.google.com/policies/technologies/ads/ and http://www.google.de/policies/privacy/

7.8.3 Google Ads Remarketing

Our online offering uses the remarketing features of Google Ads, which we use to advertise our online offer in Google search results, as well as on third-party websites. The provider is operated in the EU, in the EEA and Switzerland by Google Ireland Limited Gordon House, Barrow Street Dublin 4. Ireland, in the USA by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). For this purpose, we have embedded a pixel (a code snippet, so-called remarketing tag) into our online offering, which Google uses to set a cookie in the browser of your device. This cookie allows us to show you interest-based advertising. For this purpose, a pseudonymous cookie ID is generated and the websites you have visited are analyzed. Further data processing only takes place if you have agreed to Google that your Internet and app browsing history will be linked by Google to your Google account and that information from your Google account will be used to personalize ads that you view on the Internet. Information on how to integrate user consent can be found here: http://www.google.com/about/company/user-consent-policy.htmlSofern If you are logged in to Google while visiting our website, Google uses your data together with Google Analytics data to create and define target group lists for cross-device remarketing. For this purpose, Google temporarily links your personal data with Google Analytics data to form target groups. You can find more information about this here: https://policies.google.com/technologies/ads?hl=de and https://support.google.com/google-ads/answer/7664943?hl=de&ref_topic=3122875. You can permanently deactivate the setting of cookies for advertising preferences by downloading and installing the browser plug-in available at the following link: https://support.google.com/ads/answer/7395996.Alternativ, you can find out about the setting of cookies and make settings for this at the Digital Advertising Alliance at the Internet address www.aboutads.info. Finally, you can set your browser so that you are informed when cookies are set and decide individually whether to accept them or to exclude the acceptance of cookies in certain cases or in general. Failure to accept cookies may limit the functionality of our website. Google is certified under the EU-US Privacy Shield, but as a result alone does not offer an adequate level of data protection: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=ActiveWir have concluded a contract with Google in accordance with the EU's standard data protection clauses.More information on how Google handles user data can be found in Google's privacy policy: https://policies.google.com/privacy?hl=de‍

7.8.4 Use of Google Ads Conversion Tracking

Our online offering uses the “Google Ads” online advertising program and conversion tracking as part of Google Ads. Conversion tracking is a free tool from Google that can be used to measure interactions or transactions related to our ads. For example, we can use the tool to evaluate whether users subscribe to our newsletters or how often clicks on our ads lead to activities on our online offering (e.g. registrations). In doing so, we can define the usage actions that are to be evaluated (so-called conversions). Conversion tracking works technically via the conversion tracking code (so-called “tag”), which is integrated into our online offering. The data on ad clicks is collected using cookies. Conversion tracking is set as a cookie when you, as a user, click on an ads ad placed on Google. This cookie usually loses its validity after 30 days and is used for non-personal (anonymized) identification. If you, as a user, visit certain pages of our online offering as long as the cookie has not yet expired, Google and we can recognize that you originally clicked on the ad and were redirected from there to our online offering. Google assigns us certain (customer-specific) cookies as an ads customer. As an Ads customer, we are therefore unable to track cookies personally via our online offering. Instead, we receive statistical evaluations from Google of the information that Google has obtained using the conversion cookie. We only learn the total number of users who clicked on our ads ad and were redirected to our online offering with the conversion tracking tag. However, these statistical evaluations do not contain any information with which you can be personally identified as a user. If you do not want to participate in conversion tracking or would like to permanently deactivate cookies for ad preferences, you can deactivate this use in the user settings of your Internet browser. Alternatively, you can download and install the browser plug-in available at the following link: http://www.google.com/settings/ads/plugin?hl=de. In this case, your user behavior will not be recorded by the conversion tracking statistics. However, deactivating conversion tracking or advertising preferences cookies may result in restrictions in the functions of our online offering. Google may process your data when using conversion tracking on servers in the USA. Google is certified under the EU-US Privacy Shield, but as a result alone does not offer an adequate level of data protection: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=ActiveWir have a contract with Google in accordance with the EU's standard data protection clauses Completed. More information on how Google handles user data can be found in Google's privacy policy: https://policies.google.com/privacy?hl=de

7.8.5 Facebook Custom Audience Pixel

We use the visitor action pixel from Facebook (so-called Custom Audience Pixel), a service provided in the EU, EEA and Switzerland by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, and in the USA by Meta Platforms Inc., 1601 Willow Road, Menlo Park, California 94025. “Custom Audiences” means creating a “custom target group.” This is a piece of Javascript code. Javascript is a scripting language that is used to evaluate user interactions in web browsers, apps, or other applications. The use of this pixel on our pages enables us to mark, segment and target visitors via ads. This allows us to measure the success of advertising campaigns and understand which person clicked on an ad and then made a purchase. As soon as this pixel is loaded, it first transmits general, anonymized data about user behavior, the websites accessed (URL) and any existing Facebook cookie to Facebook. Tracking is done via cookie, not via pixel. Facebook compares this data with users registered on Facebook. If you are registered with Facebook, Facebook will associate this data with your Facebook user profile. This data processing can take place on servers in the USA. We have no influence on this data processing on Facebook. The Facebook pixel collects the following data: input in the browser (everything that is available in the web protocol, the so-called HTTP headers), namely IP addresses, information about the web browser, the location of the page, the document, the sender and the user.Pixel-specific data, namely the pixel ID and the Facebook cookie.Button click data, namely all buttons that you have clicked on as a visitor to the website, the names of this website Buttons and all pages that were visited as a result of button clicks. Measurement data the success of an advertising campaign, namely clicks on ads (so-called conversion rate), page type, purchase.Purchase details such as email, address, quantity.You can suppress or deactivate the JavaScript functions of the retargeting pixel via your web browser. You can also set up online-based advertising through Facebook yourself at the following page: https://www.facebook.com/ads/settingsDie The pixel is only used with your consent. We have also concluded a contract with Facebook between joint controllers (Art. 26 GDPR). In doing so, we have committed ourselves to instructing you accordingly. Facebook only transfers user data to countries for which there is an adequacy decision by the European Commission in accordance with Article 45 GDPR or on the basis of appropriate guarantees under Article 46 GDPR. Meta Platforms Inc. is certified under the EU-US Privacy Shield with all affiliated companies, but as a result alone does not offer an adequate level of data protection: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.Wir have concluded a contract with Facebook in accordance with the EU's standard data protection clauses.

8. Integration of social media and other services

In our online offering, we refer to our profiles on social networks. You can only access these profiles via our online offer if you click on a corresponding linked icon and thus leave our website to access our profile on the social network. These providers who provide social networks (e.g. Google, Facebook) have indeed committed to comply with the data protection provisions of the EU-US Privacy Shield, the legal framework for transatlantic transfer of data agreed by the European Commission and the United States (COMMISSION IMPLEMENTING DECISION (EU) 2016/1250 of 12 July 2016 in accordance with Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection offered by the EU-US Privacy Shield (announced under File number C (2016) 4176)). These providers are also registered with the US Department of Commerce's “Privacy Shield” program. However, the European Court of Justice has declared this agreement invalid and found that the USA does not have a level of data protection comparable with the EU (ECJ, judgment of 16.07.2020 — C-311/18, paragraph 200, Facebook/Schrems II). The laws of the USA give various security agencies unlimited monitoring powers, including through the use of monitoring programs that make mass collection and evaluation of data possible. According to national laws, US providers are required to grant security authorities access to the data they process, even if it is processed by a foreign company. If consent is given, there is a risk that the data collected through visits to the social network or other service will become part of mass surveillance in the USA. There is no legal remedy or efficient legal process available in the USA against such monitoring.

8.1. Social media appearances and use of social media icons on our pages

We do not use social plug-ins as active buttons in our online offering. We only use icons to refer to our offer on the following social networks: LinkedIn, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, IrelandWe only display the social media icons on our site. They are designed as inactive icons. To protect data protection, we use a solution that only transmits the address of our server and not your IP address to these services if you have activated a social media icon by clicking on it. If you click on such a social media icon on our site, it is activated with your consent and a connection to these third-party providers is established via your web browser in a separate tab (tab). These third parties can thus track visits to our pages (so-called referrers). If you are a member of one of the social networks, you can share the content of our site with other members from your social network by activating the button. Your data may be processed outside the EU as a result of your participation in social networks or by visiting or accessing our social media sites. This may result in risks because, for example, it may be difficult to enforce your rights. When you access a social network, cookies are usually stored on your device to record user behavior. If you have a user account on the respective network and are logged in there, your usage behavior can be saved for your user account. Social networks can analyze usage behavior and use it for market research and advertising purposes. This may result in advertising being shown to you on and off social networks. We have no influence on this. We have no influence on the data collected and stored about you by social networks. Through our above-mentioned social media sites, we receive evaluations of user data and can address users with interest-based advertising. If users interact with our social media presence and are logged in with a user account, we can generally also recognize the user profile and see the content of comments or postings about our website. This data processing is therefore carried out jointly with the respective provider of the social network. For the evaluation of data in connection with our social media sites, we have therefore concluded a joint responsibility contract with each provider (Art. 26 GDPR). In it, we have committed ourselves to providing you with this data protection information. Further information can be found in the privacy policies of the respective social networks. You can also assert your rights against us. However, the social network provider can fulfill your rights more comprehensively because the data for use and evaluation is also stored there.

8.2. Google Maps

This website uses Google Maps (in detail: Google Maps Javascript API, the Google Places API and the Google Geocoding API) to represent the locations of the projects. Google Maps is a map service in the EU and in the EEA provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The integrated Google Maps map will only be shown to you after you have given your consent (Article 6 (1) (a) GDPR) .On our website, you will first see a preview image with a reference to Google Maps. There is no data transfer to Google yet. Only when you give your consent via our cookie consent banner, i.e. consent to the use of Google Maps, does a data transfer take place with Google. When Google Maps is activated and used via our website, information about the use of this website, including your IP address and device information (operating system), can be transmitted to Google in the USA and stored there. Google may also transfer this information to third parties if this is required by law or if third parties process this data on behalf of Google. We have no influence on the amount of data collected by Google in this way. To the best of our knowledge, Google Maps processes at least the following data: date and time of visit to our website, Internet address or URL of the accessed website, IP address, location dataWe only process the location data of the projects you have entered. On the one hand, when completing a project, we offer you an autocomplete function when entering the data about the location of your projects. Google is certified by the US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=ActiveUm to make any processing of personal data in the USA secure, we have taken the following technical and organizational measures: Google submits to an EU jurisdiction in data protection and undertakes to pay compensation in the event of data protection violations to the persons concerned. Further information can be found in Google's privacy policy at: https://policies.google.com/privacy?hl=de. Google Maps is used in accordance with Google's terms of use at https://policies.google.com/terms?hl=de&gl=de and the terms and conditions at https://www.google.com/intl/de_de/help/terms_maps/.Weitere Information about data protection at Google can be found at https://business.safety.google/gdpr/. The data processing conditions between those responsible for Google advertising products (including Google Maps) can be found at https://business.safety.google/adscontrollerterms/.

8.3. linkedin

We operate a social media presence through which we present photos and posts about our company, provide information about our services, publish job advertisements if necessary and communicate with customers. When using and accessing our LinkedIn page, user data is also processed by the Ireland-based company LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland and the US-based LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA 94085 (hereinafter “LinkedIn”). LinkedIn enables, among other things, a system in which LinkedIn distributes advertising across its network. We analyze the views and interactions on our LinkedIn page. LinkedIn creates user profiles for this purpose, but only provides us with anonymous data in this regard, so-called page analyses. This is summarized data that gives us information about how users interact with our LinkedIn page. The statistics created are transmitted to us exclusively in anonymized form. We have no access to the respective underlying data. Based on this analysis service, we process your personal data together with LinkedIn. For this reason, we have concluded a contract with LinkedIn between joint controllers (Art. 26 GDPR). You can access our LinkedIn page regardless of whether you have a LinkedIn account yourself or not. In doing so, we process your personal data when you interact with our LinkedIn page, e.g. make a comment, click a Like button or send us a message. We do not share the data with other third parties. LinkedIn's terms of use at: https://ch.linkedin.com/legal/user-agreement?trk=hb_ft_useragRechtsgrundlage, depending on the type of your activity, this data processing is also subject to your consent (Article 6 (1) letter a GDPR) or our legitimate interest (Article 6 (1) letter f GDPR) in customer-friendly marketing. LinkedIn users can withdraw their consent when publishing their comment or like at any time with effect for the future by deleting the comment or the relevant content. Withdrawal does not affect the lawfulness of the processing carried out on the basis of consent. LinkedIn offers the option to object to certain data processing; related information and opt-out options can be found at https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out?trk=microsites-frontend_legal_cookie-policy.Nutzer/Nutzerinnen by LinkedIn can influence at https://www.linkedin.com/psettings/advertising to what extent your usage behavior when you visit our LinkedIn Page may be recorded. Data processing using cookies used by LinkedIn can also be prevented by settings in the browser. LinkedIn only transfers user data to countries for which there is an adequacy decision by the European Commission in accordance with Article 45 GDPR or on the basis of appropriate guarantees under Article 46 GDPR. LinkedIn Corporation is certified under the EU-US Privacy Shield, but does not offer an adequate level of data protection as a result (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active).

8.4. Google reCAPTCHA

If you have given us your consent when you visit the website, we use the “reCAPTCHA” service to protect input forms on our site. The provider is operated in the EU, in the EEA and Switzerland by Google Ireland Limited Gordon House, Barrow Street Dublin 4. Ireland, in the USA by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). By using this service, it is possible to distinguish whether the corresponding input is of human origin or is misused through automated machine processing. For this purpose, a JavaScript element is integrated into the website, which analyses the user behavior of users. From this data, reCAPTCHA calculates a so-called CAPTCHA score, which indicates the probability of whether the user is a natural person or a bot. We use this information on our website to register, fill out forms and to order the referral. To our knowledge, Google uses the reCAPTCHA software to collect the referrer URL (address of the website from which the visitor comes), the IP address, the behavior of website visitors, information about the operating system, browser and length of stay, cookies, display instructions and scripts, the user's input behavior and mouse movements in the area of “reCAPTCHA” tcha” checkbox.IP addresses are used within the Member states of the EU/EEA are usually abbreviated before the data is transferred to the servers in the USA and stored there. Google does not clarify exactly where this data is stored. The IP address transmitted as part of “reCAPTCHA” will not be combined with other data from Google unless you are logged into your Google account at the time you use the “reCAPTCHA” plug-in. If you want to prevent “Google” from transmitting and storing data about you and your behavior on our website, you must log out of “Google” before you visit our site or use the reCAPTCHA plugin. Google uses and analyses this data even before you click on the “I am not a robot” check mark. With the Invisible reCAPTCHA version, even ticking is omitted and the entire recognition process runs in the background. Google does not tell you in detail how much and which data Google stores. For more information on Google's handling of personal data: https://www.google.com/intl/de/policies/privacy/.Sofern You have given us your consent to data processing, the data is processed using the Google tool reCAPTCHA on the basis of Art. 6 para. 1 lit. a, f DSGVO. Your consent to data processing can be withdrawn at any time with effect for the future. To do this, you can change your settings for the cookie consent platform available on the website. Withdrawing consent does not affect the lawfulness of the processing carried out on the basis of the consent up to the time of withdrawal. If you do not want personal data from you to be transmitted to Google, you should not give us consent to use Google reCAPTCHA. Alternatively, you can log out completely and delete all Google cookies before you visit our website; for more information, see: https://support.google.com/?hl=de&tid=331618988690.Google is certified by the US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active In order to securely process any personal data in the USA, we have taken the following technical and organizational measures: Google submits to an EU jurisdiction in data protection and undertakes to pay compensation to the persons concerned in the event of data protection violations. You can find further information about Google's data protection regulations at the following Internet address: http://www.google.de/policies/privacy/

9. Payment service provider

9.1. Payment processing with Stripe

When you make a payment in our app, you can pay with Google Pay, Apple Pay, debit cards, credit cards, PayPal and instant bank transfer. The provider of this payment service is Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland. Stripe collects data such as name and address as well as bank details such as payment method, credit card number, account numbers and contract amount. Stripe also sets cookies to carry out the payment process and to ensure the security of the payment process. We have reached an agreement with Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland on data processing in accordance with Article 28 of the GDPR. The agreement can be found here: https://support.stripe.com/questions/accept-and-downloadyour-data-processing-agreement-(dpa)-with-stripe.Wir indicates that when using Stripe, processes user data outside the European Union area can be. This may result in risks for users because, for example, it could make it more difficult to enforce users' rights. Stripe has implemented the standard contractual clause for data transfer in its contracts, cf. https://support.stripe.com/questions/does-stripe-offer-new-standard-contractualclauses-(sccs).Für a detailed description of the respective forms of processing carried out by Stripe and the options for objection, we refer to Stripe's privacy statements and information at https://stripe.com/de/privacy and https://stripe.com/de/guides/generaldata-protection-regulation.Rechtsgrundlage for the transfer of data is Art. 6 para. 1 p. 1 lit. b DSGVO. Your data will only be passed on for the purpose of payment processing and only to the extent necessary for this purpose.

10. Your rights as a data subject

We are happy to inform you below about the rights that you, as a data subject, have vis-à-vis us with regard to the processing of your personal data.

10.1. The right to information

You have the right to request confirmation from us as to whether your personal data has been processed. If this is the case, you have the right to obtain information about the data collected, stored or used about you and to the following information: the purposes of processing; the recipients or categories of recipients to whom we have or will disclose the personal data; the storage period or the criteria for determining this period; the existence of further rights (see below); if the personal data is not collected from you, all available information about the origin; the Exist automated decision-making, including profiling and, where applicable, more detailed information. You have the right to be informed about the appropriate guarantees in accordance with Article 46 GDPR when your data is transferred to a third country or an international organization.

10.2. Right to rectification

You have the right to request us to correct incorrect or incomplete personal data concerning you without undue delay.

10.3. Right to delete

You can request that we delete your personal data immediately. We are obliged to delete your personal data immediately if one of the following reasons applies: Your personal data is no longer necessary for the purposes for which we collected or otherwise processed it.You withdraw your consent and there is no other legal basis for the processing.You object (see below) to the processing.Your personal data has been processed unlawfully. The deletion of your personal data is for us to fulfill required by a legal obligation under Union law or the law of the member states. We have collected personal data on the basis of a child's consent.

10.4. Right to restrict processing

You have the right to ask us to restrict processing if one of the following conditions is met: You dispute the accuracy of the personal data. The processing of the data is unlawful and you refuse to delete the personal data and instead request the restriction of the use of the personal data. We no longer need the personal data for the purposes of processing, but you need the data to assert, exercise or defend legal claims; Or you have filed an objection to the processing (see below) and it is not yet clear whether our legitimate reasons outweigh yours.

10.5. Right to be informed

If you have asserted the right to correct, delete or restrict processing against us, we are obliged to notify all recipients to whom your personal data has been disclosed of this correction or deletion of the data or restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right vis-à-vis us to be informed about these recipients.

10.6. Right to data portability

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. In addition, you have the right to transfer this data to another person responsible without hindrance by us, provided that the processing is based on consent in accordance with Article 6 paragraph 1 letter a GDPR or Article 9 paragraph 2 letter a GDPR or on a contract in accordance with Article 6 paragraph 1 letter b GDPR and the processing is carried out using automated procedure.In exercising this right, you can request that the personal data concerning you be transmitted directly by us to another person responsible, insofar as this is technically feasible is. The freedoms and rights of other persons must not be affected as a result. The right to data portability does not apply to processing of personal data that is necessary for the performance of a task that is in the public interest or in the exercise of official authority that has been transferred to the person responsible.

10.7. Right to object

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you on one of the following grounds: The processing of your personal data by us is necessary for the performance of a task that is in the public interest or in the exercise of official authority that has been transferred to us; or processing is necessary to protect our legitimate interests or those of a third party, unless your Interests or fundamental freedoms prevail which require the protection of your personal data. You also have the right to object to profiling based on this processing. If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such marketing. This also applies to profiling, insofar as it is associated with such direct marketing. You also have the right to object, for reasons arising from your particular situation, to processing concerning your personal data that we carry out for scientific or historical research purposes or for statistical purposes, unless the processing is necessary to perform a task in the public interest.

10.8. Right to withdraw consent under data protection law

Once you have given us, you can withdraw your consent at any time with effect for the future. You can withdraw your consent informally at any time, e.g. by sending us an email. However, this does not affect the lawfulness of the processing carried out up to the time of withdrawal.

10.9. Right to lodge a complaint with the supervisory authority

Do you believe that the processing of your personal data violates applicable law? Then you have the right to lodge a complaint with a supervisory authority, in particular in the country of your place of residence or place of work or the place of the alleged infringement. If you have any doubts, you can contact the Hamburg Commissioner for Data Protection and Freedom of Information. You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us (e.g. Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstraße 219, 10969 Berlin). In addition to exercising this right, any other administrative or judicial remedy remains unaffected.

Image sources:

1. Testimonial logos: Vinci, Daume, Team Steffen, Leonard, WagenEnergy, Klaus Klein, Mehner Haustechnik, Hörmann, Bernese Electrical Engineering, Jörg Freitag, Theodor Bergmann, Vattenfall, Mf Mercedoel, Koster, Vattenfall, EWE, D,5 Energie GmbH
2. Manufacturer logos: IMI Heimeier, Danfoss, Oventrop, Resideo, Viessmann, Vaillant, Stiebel Eltron, Daikin, Buderus, Samsung, Bosch

Status: July 2025
© autarc GmbH