Privacy Policy
I. General Information
1. protection of your data
We are very pleased about your interest in our company. The management of TubeSolar AG attaches great importance to data protection.
The processing of personal data, such as the name, address, e-mail address or telephone number of a data subject, is carried out in accordance with the basic data protection regulation and in compliance with the country-specific data protection regulations applicable to TubeSolar AG. By means of this data protection declaration, our company wishes to inform the public about the type, scope and purpose of the personal data collected, used and processed by us. Furthermore, this privacy statement informs data subjects of their rights.
TubeSolar AG, as the party responsible for processing, has implemented numerous technical and organizational measures to ensure the most complete protection possible for personal data processed via this website. Nevertheless, Internet-based data transmissions can generally have security gaps, so that absolute protection cannot be guaranteed.
2. definitions
TubeSolar AG’s data protection declaration is based on the terms used by the European legislator when the basic data protection regulation (DSGVO) was issued. Our privacy policy should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance.
We use the following terms, among others, in this privacy policy:
2.1 Personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, on-line identification, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
person concerned
Data subject means any identified or identifiable natural person whose personal data are processed by the controller.
Processing
Processing is any operation or set of operations, performed with or without the aid of automated means, which is performed upon personal data, such as collection, recording, organisation, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.
Profiling
Profiling is any automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the performance of work, economic situation, health, personal preferences, interests, reliability, conduct, location or change of location of that natural person.
Pseudonymisation
Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the need for additional information, provided that this additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data is not attributed to an identified or identifiable natural person.
Controller or data controller
Controller or data controller is the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or national law, the controller or the specific criteria for his designation may be provided for by Union or national law.
Order Processor
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Receiver
The recipient is any natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not that person is a third party. However, authorities which may receive personal data in the context of a specific investigation mandate under Union or national law shall not be considered as recipients.
Third party
Third party means any natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorized to process the personal data.
Consent
Consent shall mean any freely given and informed unequivocal expression of the data subject’s wishes in the specific case, in the form of a statement or any other unequivocal affirmative act by which the data subject signifies his or her consent to the processing of personal data relating to him or her.
II. the name and address of the body responsible for processing
The person responsible within the meaning of the basic data protection regulation, other data protection laws applicable in the member states of the European Union and other regulations of a data protection nature is the:
TubeSolar AG
Berliner Allee 65
86153 Augsburg
Germany
Phone +49 151 547 29487
E-mail r.egner@tubesolar.de
We have appointed Mr. Jochen Jahn, Bayreuther Gesellschaft für Datenschutz mbH, as data protection officer. He can be reached under the following contact details:
Bayreuther Gesellschaft für Datenschutz mbH
Telemannstr. 1
95444 Bayreuth
Deutschland
Telefon: 0921-16324540
Telefax: 0921-16324541
E-Mail: tubesolar@ds-beauftragter.info
Every person concerned can contact our data protection officer directly at any time with all questions and suggestions regarding data protection.
III. purposes of data processing by us and third parties
We process your personal data only for the purposes stated in this privacy policy. Your personal data will not be transferred to third parties for purposes other than those mentioned.
We only pass on your personal data to third parties if:
you have given your express consent,
the processing is necessary for the execution of a contract with you or
the processing is necessary to fulfil a legal obligation, the processing is necessary to protect legitimate interests and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data.
IV. Categories of personal data processed
We process the following categories of personal data:
Usage data (access times, websites visited, etc.)
Stock data (name, address, etc.)
Contact details (telephone and fax numbers, e-mail, etc.)
Contract data (subject matter of the contract, duration, etc.)
Content data (text entries, videos, photos, etc.)
Meta/communication data (IP address etc.)
V. Persons concerned by the data processing
website visitor
User of the website
Customers
The data subjects will hereinafter be referred to collectively as “users” or “data subjects”.
VI. embedding of content from other websites
Contributions on this website may contain embedded content (e.g. videos, pictures, articles etc.). Embedded content from other websites behaves exactly as if the visitor had visited the other website. These sites may collect information about you, use cookies, embed additional third-party tracking services and record your interaction with that embedded content, including your interaction with the embedded content if you have an account and are logged on to this site.
VII. SSL Encryption
This site uses SSL encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If SSL encryption is activated, the data you transmit to us cannot be read by third parties.
VIII. Informational use of the website
1. cookies
1.1 Description and scope of data processing in the context of cookies
The internet pages of TubeSolar AG use cookies. Cookies are text files which are stored on a computer system via an Internet browser. Many websites and servers use cookies.
Cookies are small text files that are stored on your hard disk, assigned to the browser you are using, and through which certain information flows to the site that sets the cookie (here by us). Cookies cannot run programs or deliver viruses to your computer. They serve the purpose of making the Internet offer altogether more user-friendly and effective
This website uses the following types of cookies, the scope and function of which are explained below:
Transient cookies
These are automatically deleted when you close the browser. These include in particular the so-called session cookies. These store a session ID with which various requests from your browser can be assigned to the shared session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.
Persistent cookies
These are automatically deleted after a predetermined period of time, which may vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
Furthermore, a distinction can be made between First Party Cookies, Third Party Cookies and Third Party Requests.
first party cookies
First Party cookies are stored by us or our website itself in your browser to provide you with the best possible user experience. These are in particular functional cookies.
These are used or set by us.
third-party cookies
Third party cookies are stored in your browser by a third party provider. These are usually tracking or marketing tools that evaluate your user behavior and allow the third-party provider to recognize you on other websites you visit.
These cookies do not exist on our website.
Third Party Requests
Third Party Request are all requests that you as a site user make to third parties via our site – for example, if you use social networks with plugins. In this case, no cookies will be stored in your browser, but it cannot be excluded that personal data will be sent to this third party provider through the interaction. For this reason, we also inform you in detail in our privacy policy about the tools & applications we use.
The following requests are available on our site:
googleapis.com
gstatic.com
1.2 Legal basis of the data processing
The legal basis for the processing of personal data in this case is Art. 6 I 1 lit. f) DSGVO.
1.3 Purposes of the processing of personal data
Through the use of cookies, TubeSolar AG can provide users of this website with more user-friendly services that would not be possible without the setting of cookies. By means of a cookie, the information and offers on our website can be optimised in the interest of the user. Cookies enable us, as already mentioned, to recognize the users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, the user of a website that uses cookies does not have to re-enter his or her access data each time he or she visits the website, as this is done by the website and the cookie stored on the user’s computer system. Another example is the cookie of an object in the notepad. The notepad remembers the articles that a customer has noted on the virtual notepad via a cookie.
1.4 Possibility of objection and removal for services that use cookies
The person concerned can prevent the setting of cookies by our website at any time by means of a corresponding setting in the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies already set can be deleted at any time via an Internet browser or other software programs. This is possible in all common Internet browsers. If the person concerned deactivates the setting of cookies in the Internet browser used, it is possible that not all functions of our website can be fully used.
Below you will find links to information on how to manage and disable cookies for some of the most important browsers:
Mozilla Firefox : https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Microsoft Edge: https://support.microsoft.com/de-at/help/4027947/windows-delete-cookies?tid=311127328
Chrome Browser: https://support.google.com/accounts/answer/61416?hl=de
Safari : https://support.apple.com/de-at/guide/safari/sfri11471/mac?tid=311127328
2. collection of general data and information
2.1 Description and scope of data processing
The TubeSolar AG website collects a number of general data and information each time a person or automated system accesses the website. This general data and information is stored in the log files of the server. The following data can be recorded:
Browser types and versions used
the operating system used by the accessing system
the website from which an accessing system accesses our website (so-called referrer)
the sub-websites that are accessed via an accessing system on our website
the date and time of access to our website
the Internet Protocol address (IP address)
the Internet service provider of the accessing system
other similar data and information which serve to avert danger in the event of attacks on our information technology systems
2.2 Legal basis of the data processing
The legal basis of the processing is Art. 6 I 1 lit. f) DSGVO. The legitimate interest lies in the delivery of the website to the user’s computer and the proper display of the website.
2.3 Purposes of the processing of personal data
When using this general data and information, TubeSolar AG will not draw any conclusions about the person concerned. This information is rather needed to
to deliver the contents of our website correctly,
to optimize the contents of our website and the advertising for it,
to guarantee the permanent operability of our information technology systems and the technology of our website and
to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.
These anonymously collected data and information are therefore statistically evaluated by TubeSolar AG on the one hand and also with the aim of increasing data protection and data security in our company, in order to ultimately ensure an optimal level of protection for the personal data processed by us. The anonymous data of the server log files are stored separately from all personal data provided by a person concerned.
2.4 Deletion and duration of storage of personal data
The data will be deleted as soon as they are no longer necessary for the purpose of their collection. In the case of the collection of data for the provision of the website, this is the case when the respective session is ended.
IX. Other functions and offers of our website and related data processing
1. contact possibility via contact form, e-mail and post
1.1 Description and scope of data processing
Due to legal regulations, the TubeSolar AG website contains information that enables rapid electronic contact with our company and direct communication with us.
On our website we provide you with a form to get in contact with us. The data entered there in the mask will be transmitted to us and stored when the message is sent. In the input mask we ask for the following: Name, e-mail address, subject and your request. However, only your name and your e-mail address are obligatory information. In addition, in addition to your IP address, we also save the time of sending your message to us. Within the scope of the sending process we will obtain your consent. To create the contact form we use the plug-in Contact Form 7, which is only used to forward registered form data to the e-mail address of our company. An additional storage, e.g. in the database of WordPress, a product of Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA, which we use, does not take place.
Alternatively, it is possible to contact us via an e-mail address provided by us. In this case, the personal data transmitted by you in the e-mail will be stored. This includes in any case your e-mail address.
You can also contact us by post via our address. In this context, the data you send by post will also be stored. This includes, for example, your address.
1.2 Legal basis of the data processing
The legal basis for data processing in the case of the use of our contact form is Art. 6 I 1 lit. a) DSGVO. If you send us an e-mail or contact us by post, the legal basis for data processing is Art. 6 I 1 lit. f) DSGVO. Insofar as the purpose of the contact is the conclusion of a contract, Art. 6 I 1 lit. b) DPA additionally provides the legal basis for data processing.
1.3 Purposes of data processing
Such personal data transmitted on a voluntary basis from a data subject to the controller shall be stored for the purposes of processing or for contacting the data subject. This personal data will not be passed on to third parties. We also have an interest in preserving evidence, among other things for reasons of liability, and to comply with our legal obligations to preserve the records of business letters. Otherwise, the other data transmitted during the sending process serve to prevent the misuse of the contact form and to ensure the security of our information technology systems.
1.4 Deletion and duration of storage of personal data
We delete the data arising in this connection if they are no longer necessary for the achievement of the purpose. For the personal data from the input mask of the contact form and those that are sent by e-mail, this is the case when the respective conversation is finished. The conversation ends when it is clear from the circumstances that the matter in question has been conclusively clarified. Inquiries from customers who have concluded a contract with us will be stored for up to two years after the end of the contract. In the event of the intervention of statutory archiving obligations, we may in individual cases be required to store your data for up to 10 years. Your data will then be destroyed after the expiry of the archiving obligations.
1.5 Further information on Contact Form 7
Further information and Contact Form’s applicable privacy policy can be found at https://de.wordpress.org/plugins/contact-form-7/. Contact Form is an open source software.
2. application and use of Google Fonts
2.1 Description and scope of data processing
We use the so-called Google Fonts on our website. These are external fonts provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Fonts are integrated into our website via an interface (“API”) to the Google services. Due to the integration of Google Fonts, Google has the possibility to collect and process information, possibly also personal data. It cannot be excluded that Google may transfer the information and data collected to a server located in a third country.
We ourselves do not collect any data within the scope of the provision of Google Fonts.
2.2 Legal basis of the data processing
The legal basis for the present data processing is Art. 6 I 1 letter f) DSGVO.
2.3 Purposes of data processing
By integrating Google Fonts, we can display uniform fonts on your end device and keep the quality of our website high as well as present the internet presence in a uniform and as beautiful as possible design. The design effort is less than if font standards of different operating systems or browsers with their own graphically adapted web pages had to be used and reacted to. Furthermore, Google has a legitimate interest in the personal data collected in order to improve its own services.
2.4 Further information about Google Web Fonts and the options for setting and objecting to them
Further information on Google’s use of data, setting and objection options can be obtained on Google’s websites at https://policies.google.com/technologies/partner-sites?hl=de (data use by Google when you use websites or apps of our partners), http://www.google.com/policies/technologies/ads (data use for advertising purposes) and http://www.google.de/settings/ads (manage information that Google uses to show you advertising). Information about Google’s privacy settings can be found at https://safety.google/privacy/zu
3. use and application of jQuery
3.1 Description and scope of data processing
On our website we use the JavaSkript library jQuery. jQuery is a software library used on many websites, i.e. a collection of functions that a programmer can use. The operator of https://jquery.com/ is the JS Foundation (formerly jQuery Foundation).
Even if your browser already has a copy of the jQuery library in the cache of the browser, a connection to the jQuery server in the USA is established.
We do not store any personal data within the framework of jQuery. We do not transmit personal data to other recipients.
3.2 Purposes of data processing
By using jQuery, we pursue the legitimate interest of optimizing the graphic design and navigation of our website.
3.3 Legal basis of the data processing
Art. 6 I 1 lit. f) DSGVO must be cited as the legal basis.
3.4 Further information
Developer of the jQuery JavaScript library is the jQuery Team of the JS Foundation, which can be found at https://jquery.org/team/gefunden. The contact to the JS Foundation can be established via https://js.foundation/contact.
X. Integration of external web services and processing of data outside the EU
On our website we use web services from external providers. By calling up our website, these external providers may receive personal information about your visit to our website. It may be possible to process data outside the EU.
We use the following external web services:
1. google
On our website a web service of the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland is loaded. We use this data to ensure the full functionality of our website. In this context, your browser may transmit personal data to Google.
The legal basis for data processing is Art. 6 I 1 lit. f) DSGVO. The legitimate interest consists in an error-free functioning of the website.
Google has certified itself under the EU-US Privacy Shield Agreement.
The data will be deleted as soon as the purpose for which they were collected has been fulfilled.
Further information on the handling of the transferred data can be found in the Google data protection declaration at https://policies.google.com/privacy.
2. fonts.googleapis
On our website, Google API is loaded from the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland. API stands for Application Programmer Interface. The API is an important interface for programmers between the device to be programmed (e.g. operating system) and the program. Thus it is possible to trigger functions by simple command complexes.
We use this data to ensure the full functionality of our website. In this context, your browser may transmit personal data to Google-Apis.
The legal basis for data processing is Art. 6 I 1 lit. f) DSGVO. The legitimate interest consists in an error-free functioning of the website.
Google API has been certified under the EU-US Privacy Shield Agreement.
The data will be deleted as soon as the purpose for which they were collected has been fulfilled.
Further information on the handling of the transferred data can be found in the privacy policy of Google-Apis: https://policies.google.com/privacy. You can prevent the collection and processing of your data by Google-Apis by deactivating the execution of script codes in your browser or by installing a script blocker in your browser. You can find it e.g. at www.noscript.net or www.ghostery.com.
3. fonts.gstatic
On our website gstatic is reloaded. Gstatic is a web service of the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland. We use this data to ensure the full functionality of our website. In this context, your browser may transmit personal data to gstatic.
The legal basis for the data processing is Art. 6 para. 1 lit. f DSGVO. The legitimate interest consists in an error-free functioning of the website.
Gstatic has certified itself under the EU-US Privacy Shield Agreement.
The data will be deleted as soon as the purpose for which they were collected has been fulfilled.
Further information about the handling of the transferred data can be found in the privacy policy of gstatic under https://policies.google.com/privacy . You can prevent the collection as well as the processing of your data by gstatic by deactivating the execution of script codes in your browser or by installing a script blocker in your browser. You can find it e.g. at www.noscript.net or www.ghostery.com.
XI Duration for which the personal data are stored
The criterion for the duration of storage of personal data is the respective legal retention period. After the expiry of this period, the corresponding data is routinely deleted if it is no longer required for the fulfilment or initiation of the contract.
XII Routine deletion and blocking of personal data
We process and store personal data of the data subject only for the period of time required to achieve the purpose of storage or if this is provided for by the European Directive and Regulation Giver or another legislator in laws or regulations to which the data controller is subject. If the purpose of storage ceases to apply or if a storage period prescribed by the European Directive and Regulation Giver or another competent legislator expires, the personal data will be blocked or deleted as a matter of routine and in accordance with the statutory provisions.
XIII Transfer of personal data to third countries
The European Data Protection Basic Regulation (the DSGVO) has created a uniform legal basis for data protection in the European Union. Your personal data is therefore mainly collected and processed by companies to which the European Data Protection Basic Regulation applies.
If we process data in a third country, i.e. a country outside the European Union (EU) or the European Economic Area (EEA), or if this is done in the context of using the services of third parties or the disclosure or transfer of data to third parties, this will only be done if it is done to fulfil our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests.
Subject to legal or contractual permissions, we process or leave the data in a third country only if the special conditions of the Art. Art. 44 ff. DSGVO, i.e. the processing is carried out on the basis of special guarantees, for example. This is the case, for example, if the European Commission has decided that a particular third country offers an adequate level of data protection or officially recognised specific contractual obligations, so-called ‘standard contractual clauses’, are respected. If, for example, an American company submits to the so-called “Privacy Shield”, i.e. the data protection agreement between the USA and the European Union, the aforementioned conditions are currently fulfilled.
XIV. transmission of personal data to third parties and processors
As a matter of principle, we only pass on data with your consent. If we, despite their absence, pass on data, this is done on the basis of the legal bases mentioned. This is the case, for example, when data is transferred to payment service providers for the purpose of fulfilling a contract, to credit agencies for age verification, to public bodies for the fulfilment of overriding legal obligations or by court order or under a legal obligation to surrender data for the purpose of criminal prosecution, to avert dangers or to protect and enforce intellectual property rights.
The addressees of your personal data may be third parties and processors, as mentioned above.
If data is forwarded to a processor, this is done on the basis of an agreement on order processing and on the basis of Art. 28 DSGVO. Contract processors must ensure that appropriate technical and organisational measures are implemented in such a way that personal data is processed in accordance with the requirements of the DSGVO and the BDSG. The processor and any person under our authority or under the authority of the processor who has access to personal data may process such data only on our instructions, unless they are obliged to do so by Union or national law. We select our contract processors carefully and check them at regular intervals
XV. legal or contractual provisions making the personal data available; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of not providing the data
We would like to inform you that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual regulations (e.g. information on the contractual partner). Sometimes it may be necessary for the conclusion of a contract that a data subject provides us with personal data, which must subsequently be processed by us. Failure to provide the personal data would mean that the contract with the data subject could not be concluded. Before the person concerned provides personal data, he or she can contact one of our employees. Our employee will inform the person concerned on a case-by-case basis whether the provision of the personal data is required by law or contract or necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and what the consequences would be if the personal data were not provided.
XVI. rights of the data subject
In the following, we inform you about your rights, which you are entitled to according to Art. 15 ff. DSGVO in the context of the processing of personal data.
Right to confirmation
Every data subject shall have the right to obtain confirmation from the controller as to whether personal data relating to him or her are being processed. If a data subject wishes to exercise this right of confirmation, he or she may at any time contact an employee of the controller.
Right to information
Any person concerned by the processing of personal data has the right to obtain at any time and free of charge from the controller information on personal data relating to him/her and a copy thereof. Furthermore, the European Directive and Regulation maker has granted the data subject access to the following information:
the purposes of the processing of personal data
the categories of personal data processed
the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular to recipients in third countries or international organisations
if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
the existence of a right of rectification or erasure of personal data relating to him or her or of a restriction on processing by the controller or a right to object to such processing
the existence of a right of appeal to a supervisory authority
if the personal data are not collected from the data subject:
all available information on the origin of the data
the existence of automated decision making, including profiling, in accordance with Article 22 I, IV DPA and, at least in these cases, meaningful information about the logic involved and the scope and intended impact of such processing on the data subject Furthermore, the data subject has the right to obtain information as to whether personal data have been transferred to a third country or to an international organisation. If this is the case, the data subject shall also have the right to obtain information on the appropriate guarantees in connection with the transfer.
If a data subject wishes to exercise this right of access, he or she may at any time contact an employee of the controller.
Right of rectification
Any person concerned by the processing of personal data shall have the right to obtain the rectification without delay of inaccurate personal data relating to him. Furthermore, the data subject has the right, taking into account the purposes of the processing, to request the completion of incomplete personal data, also by means of a supplementary declaration, cf. art. 16 DPA.
If a data subject wishes to exercise this right of rectification, he or she may at any time contact a member of staff of the controller.
Right of cancellation (right to be forgotten)
Any person affected by the processing of personal data has the right, granted by the European Directives and Regulations, to obtain from the controller the immediate deletion of personal data relating to him. We are then immediately obliged to delete the data, unless legal or contractual obligations to retain data or other legal rights and obligations conflict with this, Art. 17 DSGVO.
Legal retention periods can be up to 10 years on the basis of commercial and tax law provisions. Limitation periods for claims are up to 30 years.
Right to restrict processing
Any person concerned by the processing of personal data shall have the right to obtain from the controller the restriction of the processing if one of the following conditions is met:
The accuracy of the personal data is contested by the data subject, for a period of time that allows us to verify the accuracy of the personal data.
The processing is unlawful and the data subject refuses to have the personal data deleted and instead requests that the use of the personal data be restricted.
The controller no longer needs the personal data for the purposes of the processing. However, the data subject needs them for the assertion, exercise or defence of legal claims.
The data subject has lodged an objection to the processing pursuant to Art. 21 para. 1 DPA and it is not yet clear whether the legitimate reasons of the controller outweigh those of the data subject.
If one of the above-mentioned conditions is met and a data subject wishes to request the restriction of personal data stored by TubeSolar AG, he/she can contact an employee of the person responsible for processing at any time. The employee of TubeSolar AG will arrange for the restriction of the processing.
If the processing of personal data relating to you has been restricted, such data, apart from being stored, may be processed only with your consent or for the purpose of pursuing, exercising or defending legal claims or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or a Member State.
Right to data portability
Every data subject shall have the right to obtain, in a structured, standard and machine-readable format, the personal data concerning him/her which have been supplied by the data subject to a controller.
It shall also have the right to transfer such data to another controller without hindrance from the controller to whom the personal data have been made available, provided that the processing is based on the consent pursuant to Art. 6 I 1 lit. a) DPA or Art. 9 II lit. a) DPA or on a contract pursuant to Art. 6 I 1 lit. b) DPA and the processing is carried out by means of automated procedures, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, when exercising their right to data transfer in accordance with Art. 20 I DSGVO, the data subject has the right in accordance with Art. 20 II DSGVO to obtain that the personal data be transferred directly from one person responsible to another person responsible, insofar as this is technically feasible and insofar as this does not affect the rights and freedoms of other persons.
In order to assert the right to data transfer, the person concerned can contact an employee of TubeSolar AG at any time.
Right to information
If you have asserted the right to correct, delete or restrict the data concerning you, we are obliged to notify all recipients to whom personal data concerning you have been disclosed of this correction or deletion of the data or the restriction of the processing of the data, unless this proves impossible or involves a disproportionate effort, cf. Art. 19 DSGVO.
We have the right to be informed about these recipients.
right of appeal
Every person concerned by the processing of personal data has the right to object at any time, for reasons arising from his or her particular situation, to the processing of personal data concerning him or her carried out pursuant to Art. 6 I 1 letter e) or letter f) DPA. This also applies to profiling based on these provisions.
In the event of an objection, TubeSolar AG will no longer process the personal data, unless we can prove compelling reasons for processing that are worthy of protection and outweigh the interests, rights and freedoms of the person concerned, or the processing serves to assert, exercise or defend legal claims.
If TubeSolar AG processes personal data for the purpose of direct advertising, the person concerned has the right to object to the processing of personal data for the purpose of such advertising at any time. This also applies to profiling, insofar as it is associated with such direct mail. If the data subject objects to TubeSolar AG processing for direct marketing purposes, TubeSolar AG will no longer process the personal data for these purposes.
In addition, the data subject has the right to object, for reasons arising from his/her particular situation, to the processing of personal data concerning him/her that takes place at TubeSolar AG for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 I DSGVO, unless such processing is necessary for the fulfilment of a task in the public interest.
You can exercise the right of objection free of charge. To lodge an appeal, you can contact us using the following contact details:
TubeSolar AG
Berliner Allee 65
86153 Augsburg
Germany
Phone +49 151 547 29487
E-mail r.egner@tubesolar.de
Automated decisions in individual cases including profiling
Every data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him/her or significantly affects him/her in a similar way.
However, this shall not apply if the decision
is necessary for the conclusion or performance of a contract between the data subject and the controller, or
is authorised by Union or national legislation to which the controller is subject and that legislation provides for adequate measures to safeguard the rights and freedoms and legitimate interests of the data subject, or
with the express consent of the data subject.
If the decision is necessary for the conclusion or the fulfilment of a contract between the data subject and the responsible person or if it is made with the explicit consent of the data subject, TubeSolar AG will take appropriate measures to protect the rights and freedoms as well as the legitimate interests of the data subject, including at least the right to obtain the intervention of a person on the part of the responsible person, to present its own position and to challenge the decision.
If the data subject wishes to exercise rights relating to automated decisions, he or she may at any time contact a member of staff of the controller.
Right of revocation of a data protection consent
Every person affected by the processing of personal data has the right to revoke at any time the consent to the processing of personal data that he/she has given for one or more purposes of Art. 6 I 1 lit. a) DPA, Art. 7 III DPA.
However, consent shall not affect the lawfulness of the processing of personal data carried out on the basis of the consent until revoked.
If the data subject wishes to exercise his/her right to revoke consent, he/she can contact us free of charge using the following contact details:
TubeSolar AG
Berliner Allee 65
86153 Augsburg
Germany
Phone +49 151 547 29487
E-mail r.egner@tubesolar.de
Right of appeal
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence, your place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you is in breach of the DPA, cf. Art. 77 DPA.
The supervisory authority to which a complaint has been submitted shall inform the complainant of the status and the results of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 DSGVO.
XVII Existence of automated decision making
As a responsible company, we do not use automatic decision making or profiling.
XVIII. Changes to our privacy policy
We reserve the right to adapt this data protection declaration so that it always meets current legal requirements or to implement changes to our services in the data protection declaration, e.g. when introducing new services. The new privacy policy will then apply to your new visit.