Privacy Policy
Information on how we collect, process, and protect your personal data within our online offering.
This privacy policy informs you about the type, scope, and purpose of the processing of personal data (hereinafter referred to as "data") within the scope of our online offering and the associated offers, contractual services, websites, mobile applications, functions, and content, as well as external online presences (hereinafter jointly referred to as "online offering").
Section I: Controller and Overview of Data Processing
Responsible Controller
solation GmbH Solation GmbH, Elvirastraße 16, 80636 München
Managing Director: Sebastian Hugl
Phone: +49 89 45237903
Imprint: https://www.solation.de/impressum/
The controller is hereinafter referred to as "we" or "us".
Data Protection Officer
You can reach our data protection officer at: info@solation.de
Description of Our Core Services
As a manufacturer-independent service provider, we offer comprehensive advice, planning, and installation of solar systems.
Online Forms & Configurator: When you fill out our online form or use the solation online configurator, we collect and save your personal data, property information, and key data about the planned solar system to create an individual offer and contact you for coordination.
Customer Support: If you seek the help of a solation customer advisor, we process information received via chat or telephone for individual advice and system planning.
Financing: If you decide to take out financing, we will pass your data on to our contractual partner to submit, review, and carry out a financing request. We are excluded from further processing of this request, but will receive general feedback on its success or rejection.
Order Fulfillment: If you commission us to plan and install a solar system, we pass your data to our affiliated installers, component manufacturers/suppliers, and eventually to the grid operator or energy supplier upon system operation.
Consent & Right of Revocation
Consent Online Configurator: By submitting your contact request, you agree that we may process your name and contact details to process your request and contact you.
Consent Application Form: By submitting your application, you agree that we may process your name, contact details, and other information (CV, availability, etc.) to carry out the application process.
Right of Revocation: Consent can be revoked at any time without any formalities (e.g., by email to info@solation.de or by letter) with effect for the future.
Data Processing Details
Types of Data Processed:
Inventory data (e.g., names, addresses)
Contact details (e.g., email addresses, telephone numbers)
Object & consumption data (e.g., roof type/size, household size)
Contract data (e.g., subject matter, services, remuneration)
Usage data (e.g., websites visited, interest in content, access times)
Meta/communication data (e.g., device information, IP addresses)
Applicant data (e.g., qualifications, application documents)
Special Categories of Data (Art. 9 GDPR): In principle, no special categories of data are processed.
Categories of Data Subjects: Interested parties, online users, customers, business partners, and applicants.
Automated Decisions (Art. 22 GDPR): No exclusively automated decisions are made in individual cases.
Purpose of Processing
Consulting, project management, and installation of solar systems.
Provision of the online offer, contents, and functions.
Provision of contractual services, service, and customer care.
Answering contact requests and communicating with users.
Marketing, advertising, and market research.
Security measures and application management.
Section II: Rights of Data Subjects, Legal Bases, and General Info
Your Rights as a Data Subject
According to the GDPR, you have the following rights regarding your personal data:
Art. 15 GDPR: Right to receive information about the data we process.
Art. 16 GDPR: Right to request the correction or completion of your data.
Art. 17 GDPR: Right to have your data stored by us deleted.
Art. 18 GDPR: Right to restrict the processing of your data.
Art. 20 GDPR: Right to data portability.
Art. 21 GDPR: Right to object to the future processing of your data (in particular for direct marketing).
Art. 77 GDPR: Right to lodge a complaint with a supervisory authority.
Art. 7 Para. 3 GDPR: Right to revoke your consent at any time.
Cookies and Right of Objection in Direct Marketing
We use temporary and permanent cookies. Some are for security or strictly necessary for the operation of our online offering. In addition, we or our technology partners use cookies for range measurement and marketing.
If you do not want cookies to be stored on your computer, please deactivate the corresponding option in your browser's system settings. Stored cookies can also be deleted there. Excluding cookies can lead to functional restrictions of this website.
Deletion of Data and Archiving Obligations
Data is deleted or restricted in accordance with Art. 17 and 18 GDPR when it is no longer required for its intended purpose and no statutory retention periods apply.
6 years: Commercial books, inventories, annual financial statements, etc. (§ 257 Para. 1 HGB).
10 years: Books, records, management reports, documents relevant for taxation, etc. (§ 147 Para. 1 AO).
3 years: Post-contractual storage for warranty and compensation claims (§§ 195, 199 BGB).
Relevant Legal Bases
Unless stated otherwise, the following legal bases apply to our data processing:
Consent: Art. 6 Para. 1 lit. a and Art. 7 GDPR.
Fulfillment of services/contracts: Art. 6 Para. 1 lit. b GDPR.
Legal obligations: Art. 6 Para. 1 lit. c GDPR.
Legitimate interests: Art. 6 Para. 1 lit. f GDPR.
Commercial communication (post, phone, email): Section 7 of the UWG.
Security of Data Processing
In accordance with Art. 32 GDPR, we take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk. This includes controlling physical access, encrypted transmission between your browser and our server, and ensuring confidentiality, integrity, and availability. Our employees are obliged to comply with data protection regulations.
Disclosure and Transfer of Data
Third Parties & Processors: Data is only disclosed based on legal permission, consent, legal obligation, or legitimate interests. Order processing agreements are made based on Art. 28 GDPR.
Group Companies: Data transmission within our group is for administrative purposes based on a data processing agreement.
Third Countries: Processing outside the EU/EEA only occurs if necessary to fulfill obligations, based on consent, or legitimate interests, and strictly under the requirements of Art. 44 ff. GDPR (e.g., standard contractual clauses).
Joint Responsibility (Art. 26 GDPR)
solation GmbH and solation Wow I GmbH form a group of companies. The legal basis for joint processing is the legitimate interest of the parties involved (Art. 6 Para 1 lit. f in conjunction with Recital 48 GDPR) for internal administrative purposes.
This privacy policy was last updated on May 22, 2023.
Section III: Specific Processing Activities
1. Order Initiation, Offer Preparation, and Logging
We process information provided by interested parties to establish and implement contracts. We log this information to demonstrate fulfillment of legal accountability obligations (Art. 5 Para. 2 GDPR).
Data Processed: Inventory data, communication data, contract data, content data, usage/metadata (including IP address and form screenshots).
Processing Basis: Art. 6 Para. 1 lit. b and c GDPR.
Cloud & CRM Services used: Google Cloud Storage (USA) and Monday CRM (Salesforce, USA).
Deletion: Generally 30 days after the purpose is fulfilled, or up to 6 months post-contract. Inventory data stored for up to 3 years. Statutory limits apply.
2. Web Server and Security
Hosting: Hosted within the EU via a US-operated data center under EU standard contractual clauses.
Server Logs: We process usage and metadata for security and optimization (Art. 6 Para. 1 lit. f GDPR). Deleted after 7 days.
3. Payment Service Providers & Credit Checks
PayPal: If you select PayPal, data (name, address, email, IP, phone, order details) is automatically transmitted to PayPal for payment processing and fraud prevention (Art. 6 Para. 1 lit. b and f GDPR).
Credit Checks: To reduce payment defaults, we work with credit agencies for identity and credit checks. This may involve automated individual decisions (Art. 22 GDPR) based on your consent or our legitimate interest.
4. Marketing and Communication
Personalized Newsletter: Sent via Salesforce (USA) with your consent. We track usage data (open rates, clicks) via web beacons to optimize content. You can unsubscribe at any time.
Direct Communication: Post, email, SMS, fax, or phone communications are based on consent, contract execution, or legal requirements for advertising.
5. Reach Measurement, Online Marketing, and Technologies
We use the following services based on our legitimate interest (Art. 6 Para. 1 lit. f GDPR) or your consent, to optimize our offering:
Trusted Shops: Trustbadge integrated to display buyer protection and reviews. Access data logged for 7 days.
Google Tag Manager: Manages website tags; does not process personal data itself.
Google Analytics & Optimize: Reach measurement, target group creation, and A/B testing via cookies and IP masking. Data deleted after 14 months. Opt-out available.
Google AdWords & DoubleClick: Ad placement and conversion tracking.
Facebook Ads & Pixel: Targeted advertising, custom audiences, and conversion measurement in joint responsibility with Meta Platforms Ireland Limited. Cross-device tracking may apply.
Bing Universal Event Tracking (UET): Usage profile creation via pseudonyms.
6. Application Process and Recruiting
We process applicant data strictly for the purpose of the application procedure (Art. 6 Para. 1 lit. b GDPR, Section 26 BDSG).
Application Form: Processed via Personio GmbH (Germany) in encrypted form. Deleted 4 months after withdrawal/completion, provided no follow-up questions or AGG proof requirements exist.
XING TalentManager & TalentpoolManager: We may search for and contact you via your XING profile (Art. 6 Para. 1 lit. f GDPR). You can object by emailing jobs@solation.de.
LinkedIn Recruiter & Job Slot: We may search for and contact you via LinkedIn.
Glossary of Terms
Advanced Matching: A Facebook pixel option that sends user inventory data to Facebook in encrypted form to create audiences.
Conversion: A method of measuring the effectiveness of marketing efforts, typically via cookies.
Cookies: Small files stored on devices. "Session cookies" are deleted upon closing the browser; "Permanent cookies" remain. "Third-party cookies" belong to external providers.
Demographic Data: General information about groups (age, gender, location, occupation).
Embedding: Integrating third-party content (videos, posts) into our site, which requires the provider to process your IP address.
IP Address: A string of numbers identifying devices on the internet.
IP Masking: Deleting the last numbers of an IP address to pseudonymize it.
Interest-based Marketing: Using profiling to determine potential interest in advertisements.
Opt-In / Double Opt-In (DOI): Registration / Registration confirmed via a second step (like an email link).
Opt-Out: Unsubscribing or objecting to processing.
Personal Data: Any information relating to an identified or identifiable natural person.
Plugins / Social Plugins: External software functions integrated into the website (e.g., a "Like" button).
Profiling: Automated processing of personal data to analyze or predict personal aspects (behavior, interests).
Pseudonymisation: Processing data so it cannot be attributed to a specific person without additional, separately kept information.
Reach Measurement: Evaluating visitor flows, behavior, and demographics on a website.
Third Country: Countries outside the EU/EEA where the GDPR does not directly apply.
Tracking: Monitoring user behavior across multiple online offerings.
