Data protection
Privacy statement
Data protection information for autarc GmbH's online offerings
Scope of application:
- autarc.energy
- app.autarc.energy
- scotty.autarc.energy
- scotty.energy
- ai.autarc.energy
Status: July 2025
Table of contents
- Basic information
- Who we are (responsible for data protection)
- Data collection when you visit our online offer
3.1 Intercom
3.2 Webflow
3.3 Bubble
3.4 Hotjar - Contacting
4.1 HubSpot chat widget
4.2 Typeform
4.3 Zapier - Data processing when registering to open a customer account
- Scotty – our AI assistant
6.1 Account data and data collected when you use Scotty
6.2 Connected services and the data Scotty accesses
6.3 How Scotty uses AI to process your data
6.4 Service providers, subprocessors and retention for Scotty - Using your data for advertising purposes
7.1 Recommendations to platform users
7.2 Service provider for sending emails (SendGrid) - Information on the use of cookies and tools
8.1 What are cookies?
8.2 Which cookies do we use?
8.3 For what purposes and on which legal bases?
8.4 How can you turn off cookies?
8.5 Do we use third-party cookies?
8.6 Overview of cookies used
8.7 Google Analytics
8.8 Retargeting, remarketing and conversion tracking - Integration of social media and other services
9.1 Social media icons on our pages
9.2 Google Maps
9.3 LinkedIn
9.4 Google reCAPTCHA - Payment service provider
- Your rights as a data subject
1. Basic information
We are pleased that you are visiting our online offerings and thank you for your interest. In the following, we inform you about the handling of your personal data when you use our offers on the internet — such as our website, our app and our AI assistant Scotty (see section 6). The following information also relates to the use of our offers with mobile devices, such as smartphones or tablets.
Personal data is all data with which you can be personally identified or that makes you identifiable via an identifier, for example via your IP address. This privacy statement explains on which legal basis and for what purpose we process your data, and informs you of your rights. If you have any questions regarding the use of your personal data by us, please contact us as the responsible body (see section 2).
For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the responsible body), our online offerings use SSL/TLS encryption in transit, and data is encrypted at rest. You can recognise an encrypted connection by the string "https://" and the lock icon in your browser line.
2. Who we are (responsible for data protection)
Responsible for data processing on our online offerings within the meaning of the General Data Protection Regulation (GDPR) is:
autarc GmbH (haftungsbeschränkt) (Amtsgericht Berlin, HRB 249005), represented by the managing directors Etienne Krause and Thies Hansen, Hoppestraße 31, 13409 Berlin, Germany.
Telephone: (+49) 151 68547823. Email: hello@autarc.energy.
Contact details of our company data protection officer: dataprotection@autarc.energy.
3. Data collection when you visit our online offer
Even visiting our website without registration automatically results in the anonymised collection of the following data on our server: abbreviated IP address; date, time and time zone of access; access status; type of access; protocol type; type and number of pages accessed; name and size of the files accessed; source website; web browser used; and operating system used.
This usage data is collected through the normal functioning of our internet services and is not combined with the personal data provided via the registration form; any personal reference to the usage data is excluded. We use this data for troubleshooting, to compile statistics and to measure activity on the website, with the aim of increasing the usefulness of our offer for you. There is a legitimate interest in this, so that processing is justified under Art. 6 (1) (f) GDPR. Only our IT administrator has access to this data. We collect it only for the period of use and delete it immediately once use has ended, but no later than after seven days.
We receive information via so-called cookies and web analysis services as soon as your web browser opens our pages. You can find more information about the cookies and tools we use under section 8.
3.1 Intercom
If you contact us via the Intercom messenger service, data is processed by Intercom, Inc., 98 Battery Street, Suite 402, San Francisco, CA 94111, USA, and 2nd Floor, Stephen Court, 18–21 Saint Stephen's Green, Dublin 2, Ireland. Insofar as data is transferred to a third country (in particular the USA), please see our notes on third-country transfers in this statement. We have concluded an order processing agreement with Intercom that ensures it processes our visitors' personal data only in accordance with our instructions and in compliance with the GDPR. Further information: https://www.intercom.com/de/terms-and-policies.
3.2 Webflow
We use the Webflow website builder and content delivery network (CDN) to host and design this website. This service is provided by Webflow Inc., 398 11th Street, 2nd Floor, San Francisco, California 94103, USA. As part of hosting, Webflow only processes the data mentioned in section 3, with any personal reference excluded; as a CDN it distributes content across regionally distributed servers for faster load times, reliability and protection against data loss (legitimate interest, Art. 6 (1) (f) GDPR). We have concluded an order processing agreement and EU Standard Contractual Clauses with Webflow.
Webflow uses Amazon Web Services (AWS) and Fastly as subprocessors; data is processed in Germany and Ireland, and for technical reasons infrastructure may be maintained from the USA. Where consent is requested for the storage of, or access to, information on your device within the meaning of the TTDSG, processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR and § 25 (1) TTDSG, and can be withdrawn at any time. Webflow's privacy policy: https://webflow.com/legal/eu-privacy-policy.
3.3 Bubble
We build our app app.autarc.energy with Bubble.io. The provider is Bubble Group, Inc., 55 Hudson Yards, 44th Floor, New York, NY 10001, USA. When you use and create projects in the app, personal data is collected by Bubble.io on our behalf and stored on servers hosted by AWS. This may include: abbreviated IP addresses; first and last name; address (postcode, city, street and house number); company name and address; telephone number; payment information; heating system; consumption values; number of occupants; building age; rooms and dimensions of the project; radiator data; and photos and documents relating to the project.
Bubble uses AWS as a subprocessor, with data processed in Frankfurt (Germany) and Ireland; for technical reasons infrastructure may be maintained from the USA. Bubble offers a GDPR Data Processing Addendum containing the EU Standard Contractual Clauses. Further information: https://bubble.io/privacy.
3.4 Hotjar
This website uses the Hotjar analysis tool from Hotjar Ltd, Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville, St Julian's STJ 3141, Malta. In addition to technical data and cookies, the user's mouse movements are examined to create so-called heat maps, which help us make the website faster and more user-friendly. Personal data is hidden during this process. You can deactivate the function here: https://www.hotjar.com/policies/do-not-track/. Privacy information: https://www.hotjar.com/legal/policies/privacy.
4. Contacting
We have stored our contact details on our website, which you can use to contact us electronically, by post or by telephone. Contacting us is always voluntary. We process your data (e.g. your email address and name) exclusively to answer your request and for the associated technical administration. The legal basis is Art. 6 (1) (b) GDPR, because we need this data to initiate, perform or terminate a contractual relationship with you. Our internal customer service receives your request, and we do not transfer your inquiries to third countries or organisations outside the EU.
After processing your request, we delete the related data immediately, but no later than seven days after completion — unless statutory retention periods apply (e.g. for contract, warranty or guarantee processing under Art. 6 (1) (c) GDPR). In that case we delete your data at the latest upon expiry of the statutory retention period (Section 147 (3) AO), i.e. after 10 years from conclusion of the contract.
4.1 HubSpot chat widget
We have integrated a chat widget from HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA. Contacting us via the chat is voluntary, and we process the data you provide exclusively to answer your request (Art. 6 (1) (b) GDPR). HubSpot stores this data exclusively on servers in Europe. Retention follows the rules above. HubSpot offers a GDPR Data Processing Addendum containing the EU Standard Contractual Clauses: https://legal.hubspot.com/dpa.
4.2 Typeform
We use Typeform to create online forms and integrate them on our website. The provider is TYPEFORM S.L., Carrer Bac de Roda 163, 08018 Barcelona, Spain. The data you enter is stored on Typeform's servers until you request deletion, withdraw your consent, or the purpose no longer applies. Typeform is used on the basis of our legitimate interest in functioning online forms (Art. 6 (1) (f) GDPR); where consent for cookies or device access is requested, processing is based on Art. 6 (1) (a) GDPR and § 25 (1) TTDSG and can be withdrawn at any time. We have concluded an order processing agreement with Typeform.
4.3 Zapier
We use Zapier to connect and automate actions between various web apps. Zapier is provided by Zapier Inc., 548 Market St #6241, San Francisco, CA 94104, USA. Data may be transferred to Zapier servers in the USA. We have concluded an order processing agreement with Zapier and rely on the EU Standard Contractual Clauses; the legal basis is our legitimate interest (Art. 6 (1) (f) GDPR). Further information: https://zapier.com/privacy/.
5. Data processing when registering to open a customer account
You have the option to register as a specialist partner or customer on our website. We process this data exclusively to perform the contract concluded with you for the use of our online offer or to record projects (Art. 6 (1) (b) GDPR). If you have registered, we save your project data and its evaluation in your customer account. You control the storage of this data and can delete it at any time by deleting the corresponding project. We store this history to optimise our offer and make your user experience as pleasant as possible, based on our legitimate interest (Art. 6 (1) (f) GDPR).
All information is voluntary; to create an account we need at least the data marked with an asterisk (*) during registration. Our internal customer service and marketing teams, and IT (only for fault correction or system maintenance), have access to this data. You can delete your account at any time yourself or by sending us a message. After complete processing of the contract, your data will be blocked in accordance with tax and commercial retention periods and deleted after they expire. Project data is deleted no later than 10 years from conclusion of the contract (Section 147 (3) AO). Our admins can view all data, which is the only way to manually check the plausibility of projects.
6. Scotty – our AI assistant
Scotty is an AI assistant offered by autarc GmbH as an extension of our online offerings, available at scotty.autarc.energy, scotty.energy and ai.autarc.energy. With your authorisation, Scotty connects to the tools you already use — such as email, calendar, messaging and CRM systems — to draft replies, prepare meetings, organise your work and keep you briefed. To do this, Scotty processes personal data on your behalf. We do not use your content to train foundation AI models.
6.1 Account data and data collected when you use Scotty
When you create a Scotty account, we process the data required to provide the service, such as your name, email address, organisation, role and authentication data (Art. 6 (1) (b) GDPR). When you use Scotty, we automatically process technical data necessary to operate the service securely and reliably — such as an abbreviated IP address, date and time of access, device and browser information, and event/usage logs — for authentication, troubleshooting, security, abuse prevention and to improve the service (Art. 6 (1) (f) GDPR). We also process the instructions, prompts and feedback you provide so that Scotty can carry out the tasks you ask of it.
6.2 Connected services and the data Scotty accesses
Scotty only accesses data from a third-party service after you explicitly connect that service and grant the corresponding permissions (for example via OAuth). You can review and revoke these permissions at any time, both within Scotty and in the settings of the connected provider. Depending on which integrations you enable, Scotty may access and process:
- emails, drafts and attachments (e.g. Gmail / Google Workspace);
- calendar events and availability (e.g. Google Calendar);
- messages and contact details (e.g. WhatsApp Business);
- contacts, deals, notes and activities from CRM systems (e.g. HubSpot, Pipedrive).
We process this connected-account data solely to provide the features you request — such as drafting and sending replies, summarising threads, preparing meeting briefings, and creating or updating records. We do not sell this data and we do not use it to train foundation AI models. Access is limited to what is required to perform the requested task. The legal basis is the performance of our contract with you (Art. 6 (1) (b) GDPR) and our legitimate interest in providing a functioning assistant (Art. 6 (1) (f) GDPR). Connected providers (such as Google, Meta/WhatsApp, HubSpot and Pipedrive) act as independent controllers for the data held in their own systems; their own privacy policies apply to that processing.
6.3 How Scotty uses AI to process your data
To generate drafts, summaries and suggestions, Scotty sends the relevant content to large language model (LLM) providers acting as our processors. These providers process the content only to return a result to us and, under our agreements, do not use your content to train their models. AI-generated output can be inaccurate or incomplete — you remain responsible for reviewing Scotty's output before relying on or sending it, particularly in communications with customers. Scotty does not make legally significant decisions about you through solely automated means without your involvement. Where required, content sent to AI providers may be processed on servers outside the EU/EEA, safeguarded by the EU Standard Contractual Clauses and additional technical and organisational measures (see section 10).
6.4 Service providers, subprocessors and retention for Scotty
We work with carefully selected processors who support us in operating Scotty (e.g. for cloud hosting, AI model inference, messaging delivery, error monitoring and product analytics) and conclude data processing agreements with them under Art. 28 GDPR. We retain Scotty data only as long as necessary: account data for the duration of your contract; technical and event logs for a limited period for security and troubleshooting before deletion or anonymisation. You can delete connected-account data at any time by disconnecting the relevant integration or deleting the corresponding items in Scotty. After you delete your account, we delete or anonymise your personal data unless we are legally required to retain it (e.g. Section 147 (3) AO).
7. Using your data for advertising purposes
7.1 Recommendations to platform users
If you have ordered products or used services from us and provided your email address, we may — within the scope of legal requirements — send you recommendations for our own similar services, provided you have agreed via double opt-in or we notified you of this during registration and you did not object. We pursue our legitimate interest in personalised direct advertising to existing platform users (Art. 6 (1) (f) GDPR in conjunction with Section 7 (3) UWG). You can object to this use of your email address at any time with effect for the future; after we receive your objection, we will discontinue it immediately.
7.2 Service provider for sending emails (SendGrid)
If you have signed up to our platform, we contact you via transactional, automated emails to perform our contract with you (Art. 6 (1) (b) GDPR). For these emails we use SendGrid from Twilio Inc., 899 Winslow St., Redwood City, CA 94063, USA. SendGrid acts strictly on our instructions and receives your email address and, where applicable, your name; this data is processed on servers in Germany and Ireland. Use cases include email-address confirmation, password reset and magic login links. We have concluded an order processing agreement and the EU Standard Contractual Clauses with SendGrid. Further information: https://www.twilio.com/legal/privacy. We store your email address and name in your profile only as long as you are signed up; after you delete your profile, we delete this data. No automated decision-making or profiling takes place.
8. Information on the use of cookies and tools
8.1 What are cookies?
Cookies are small text files stored on your device that archive information for a limited period. Your browser stores them as soon as you visit our pages. If you are registered with us, cookies help us recognise your device the next time you visit. Some cookies may contain personal information.
8.2 Which cookies do we use?
By type, we divide cookies into: necessary, function, analysis & statistics, and advertising & marketing. Necessary (session) cookies enable you to use our offer and access the login area; without them, registration and login are not possible, and they are deleted at the end of the browser session. Other (persistent) cookies remain on your device so that we or partner companies can recognise your browser on your next visit; these are deleted automatically after a defined period. For advertising, we use a retargeting cookie to display relevant offers outside our own pages.
8.3 For what purposes and on which legal bases?
Most cookies do not store information that identifies you; they provide anonymised information about visitors, browsers, operating systems and cities, with the IP address recorded only in abbreviated form. Where cookies process personal data to perform the contract, the basis is Art. 6 (1) (b) GDPR. Functional cookies that help us optimise our offer are based on our legitimate interest (Art. 6 (1) (f) GDPR). Cookies for analysis & statistics or advertising & marketing are used only with your consent (Art. 6 (1) (a) GDPR), which you can withdraw at any time with effect for the future.
8.4 How can you turn off cookies?
You can set your browser to inform you when cookies are set and to decide individually whether to accept them, or to exclude their acceptance generally. Each browser manages cookie settings differently; see your browser's help menu. Alternatively, you can manage cookie settings via the Digital Advertising Alliance at https://www.aboutads.info.
8.5 Do we use third-party cookies?
We sometimes work with advertising partners whose cookies may be stored on your device when you visit our offerings (third-party cookies). Necessary cookies are based on the user contract (Art. 6 (1) (b) GDPR) or our legitimate interest (Art. 6 (1) (f) GDPR); all other cookies are used exclusively on the basis of your consent (Art. 6 (1) (a) GDPR). Some third-party cookies result in data processing in the USA, which — according to ECJ case law (judgment of 16.07.2020, C-311/18, Schrems II) — does not necessarily offer an adequate level of data protection. By granting consent you accept this risk; you can withdraw consent at any time.
8.6 Overview of cookies used
Necessary cookies:
fs-cc-updated, fs-cc
Storage of consent/rejection of optional cookies (duration: 1 day).
mission-bagger_u1main, mission-bagger_live_u2main, mission-bagger_live_u2main.sig
Bubble.io cookies required to save your session when logged in (session / 1 day).
Function cookies:
__hs_cookie_cat_pref
HubSpot: storage of consent/rejection of optional cookies (6 months).
__hssrc
HubSpot: detects whether the visitor has restarted the browser (session).
__hstc
HubSpot: main visitor-tracking cookie (6 months).
__hssc
HubSpot: tracks sessions and page views (30 minutes).
hubspotutk
HubSpot: tracks a visitor's identity, used for form submissions and contact de-duplication (6 months).
1P_JAR, AEC, CONSENT, DV, NID, UULE
Google API cookies enabling address autocomplete.
Analysis & statistics:
_ga, _ga_VJK4F2Q9MR
Google Analytics: insight into how users interact with our offerings; website usage statistics (2 years).
8.7 Google Analytics
After consent, we use Google Analytics, provided in the EU/EEA/Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and in the USA by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. We use Analytics exclusively with IP anonymisation enabled, so the last part of your IP address is deleted, precluding direct personal identification. We also use Universal Analytics functions with a pseudonymous user ID; we do not assign names to it and do not transfer personal data to Google. You can prevent data collection with the browser add-on at https://support.google.com/analytics/answer/181881?hl=de. We have concluded the EU Standard Contractual Clauses with Google.
8.8 Retargeting, remarketing and conversion tracking
For interest-based advertising we use the following Google services (provided in the EU/EEA/Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and in the USA by Google LLC):
- Google Ad Manager — serves relevant ads using a pseudonymous ID; we receive only statistical campaign evaluations and cannot identify users.
- Google Tag Manager — manages website tags via an interface; it sets no cookies and collects no personal data itself.
- Google Ads Remarketing — uses a remarketing tag/pixel to set a cookie for interest-based advertising via a pseudonymous cookie ID.
- Google Ads Conversion Tracking — measures whether interactions (e.g. registrations) follow an ad click, using a cookie that typically expires after 30 days; only anonymised statistics are provided to us.
You can prevent these cookies via your browser settings or the plug-in at https://support.google.com/ads/answer/7395996, or via the Digital Advertising Alliance at https://www.aboutads.info. We have concluded the EU Standard Contractual Clauses with Google.
We also use the Facebook visitor-action pixel (Custom Audiences), provided in the EU/EEA/Switzerland by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, and in the USA by Meta Platforms Inc., 1601 Willow Road, Menlo Park, CA 94025. The pixel lets us measure the success of advertising campaigns and address visitors via ads. Data may be processed on servers in the USA. The pixel is used only with your consent, and we have concluded a joint-controller agreement with Facebook (Art. 26 GDPR) and the EU Standard Contractual Clauses. You can manage ad settings at https://www.facebook.com/ads/settings.
9. Integration of social media and other services
In our online offerings we refer to our profiles on social networks. You only access these profiles if you click a corresponding linked icon and thereby leave our website. Where providers process data in the USA, this may — according to ECJ case law (Schrems II, C-311/18) — not offer an adequate level of data protection, and there may be no effective legal remedy against access by US authorities. Where consent is given, you accept this risk.
9.1 Social media icons on our pages
We do not use active social plug-ins. We only display inactive icons that link to our profiles (e.g. LinkedIn, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland). A connection to these third parties is only established — in a separate tab — if you activate an icon by clicking it, with your consent. For the joint evaluation of data via our social media presence, we have concluded joint-controller agreements with the respective providers (Art. 26 GDPR).
9.2 Google Maps
This website uses Google Maps (Maps JavaScript API, Places API and Geocoding API) to represent project locations, provided in the EU/EEA by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The map is only shown after you give consent (Art. 6 (1) (a) GDPR); until then you see only a preview image and no data is transferred. When activated, information including your IP address and device information may be transmitted to Google in the USA. Google's privacy policy: https://policies.google.com/privacy?hl=de.
9.3 LinkedIn
We operate a social media presence on LinkedIn, where user data is processed by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, and LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA 94085, USA. LinkedIn provides us with anonymised page analytics; we have no access to the underlying data. We process your data when you interact with our page (e.g. comments, likes, messages). Depending on your activity, the basis is your consent (Art. 6 (1) (a) GDPR) or our legitimate interest in customer-friendly marketing (Art. 6 (1) (f) GDPR). For this joint processing we have concluded a joint-controller agreement (Art. 26 GDPR). Opt-out: https://www.linkedin.com/psettings/advertising.
9.4 Google reCAPTCHA
With your consent we use Google reCAPTCHA to protect input forms, provided in the EU/EEA/Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and in the USA by Google LLC. reCAPTCHA analyses user behaviour to distinguish humans from bots and may collect data such as the referrer URL, IP address, behaviour, device and browser information, and mouse movements. IP addresses within the EU/EEA are usually abbreviated before transfer to servers in the USA. The basis is your consent (Art. 6 (1) (a), (f) GDPR), which you can withdraw at any time via your cookie settings.
10. Payment service provider
When you make a payment in our app or for a paid Scotty plan, you can pay by Google Pay, Apple Pay, debit card, credit card, PayPal or instant bank transfer. The provider is Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland. Stripe collects the data necessary to process the payment, such as name, address and payment details, and sets cookies to carry out and secure the payment process. We have concluded a data processing agreement with Stripe under Art. 28 GDPR. The legal basis for the transfer of payment data is Art. 6 (1) (b) GDPR; data is passed on only for payment processing and only to the extent necessary. Stripe may process data outside the EU/EEA and relies on the EU Standard Contractual Clauses. Further information: https://stripe.com/de/privacy.
11. Your rights as a data subject
We are happy to inform you below about the rights you have vis-à-vis us with regard to the processing of your personal data.
11.1 Right to information
You have the right to request confirmation as to whether your personal data is being processed (Art. 15 GDPR) and, if so, information about the data and, in particular, the purposes of processing; the recipients or categories of recipients; the planned storage period or the criteria for determining it; the existence of the further rights set out below; where the data was not collected from you, all available information about its origin; and the existence of automated decision-making, including profiling. Where your data is transferred to a third country, you have the right to be informed about the appropriate safeguards under Art. 46 GDPR.
11.2 Right to rectification
You have the right to request that we correct inaccurate or incomplete personal data concerning you without undue delay (Art. 16 GDPR).
11.3 Right to erasure
You can request that we delete your personal data (Art. 17 GDPR). We are obliged to do so without undue delay where, for example: the data is no longer necessary for the purposes for which it was collected; you withdraw your consent and there is no other legal basis; you object and there are no overriding legitimate grounds; the data has been processed unlawfully; or deletion is required to comply with a legal obligation.
11.4 Right to restriction of processing
You have the right to ask us to restrict processing (Art. 18 GDPR) where: you contest the accuracy of the data; the processing is unlawful and you request restriction instead of erasure; we no longer need the data but you require it to establish, exercise or defend legal claims; or you have objected and it is not yet clear whether our legitimate grounds override yours.
11.5 Right to notification
Where you have exercised the right to rectification, erasure or restriction, we will notify all recipients to whom your data has been disclosed accordingly, unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients.
11.6 Right to data portability
You have the right to receive the personal data you provided to us in a structured, commonly used and machine-readable format, and to transmit it to another controller without hindrance (Art. 20 GDPR), where processing is based on consent or a contract and is carried out by automated means. Where technically feasible, you may request that we transmit the data directly to another controller.
11.7 Right to object
For reasons arising from your particular situation, you have the right to object at any time to processing based on our legitimate interests (Art. 21 GDPR), including related profiling. Where we process your data for direct marketing, you have the right to object at any time; after we receive your objection, we will no longer process your data for that purpose.
11.8 Right to withdraw consent
Where processing is based on your consent, you can withdraw it at any time with effect for the future (e.g. by email). This does not affect the lawfulness of processing carried out before the withdrawal.
11.9 Right to lodge a complaint with a supervisory authority
If you believe that the processing of your personal data infringes applicable law, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement — for example the Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstraße 219, 10969 Berlin. Any other administrative or judicial remedy remains unaffected.
Questions about your data? Email us at hello@autarc.energy or contact our data protection officer at dataprotection@autarc.energy.
Status: July 2026 · © autarc GmbH
You haven't found the answer to your question?
Email us at hello@autarc.energy