Privacy policy for the use of our solar manager app
Effective Date: May 20, 2024
Preamble
With the following privacy policy we would like to inform you which types of your personaldata (hereinafter also abbreviated as "data") we process for which purposes and in whichscope. The privacy statement applies to all processing of personal data carried out by us,both in the context of providing our services and in particular on our PVSTAR Manager app,in mobile applications and within external online presences, such as our social media profiles(hereinafter collectively referred to as "online services").
The terms used are not gender-specific.
Last Update: 20. March 2024
Table of contents
Controller
First Name, surname/Company
Chint PVSTAR Energy Solutions GmbH
Strett, house no.
Stralauer Platz 33-34, 10243 Berlin, Germany
Psotcode, City, Coutry
Berlin, Germany
E-mail address:
service@pvstar.com
Phone:
Optional
Legal Notice:
optional (recommended)
Contact information
service@pvstar.com
Overview of processing operations
The following table summarises the types of data processed, the purposes for which they areprocessed and the concerned data subjects.
Categories of Processed Data
Categories of Data Subjects
Purposes of Processing
Relevant legal bases
Relevant legal bases according to the GDPR: In the following, you will find an overview ofthe legal basis of the GDPR on which we base the processing of personal data. Please notethat in addition to the provisions of the GDPR, national data protection provisions of your orour country of residence or domicile may apply. If, in addition, more specific legal bases areapplicable in individual cases, we will inform you of these in the data protection declaration.
National data protection regulations in Germany: In addition to the data protectionregulations of the GDPR, national regulations apply to data protection in Germany. Thisincludes in particular the Law on Protection against Misuse of Personal Data in DataProcessing (Federal Data Protection Act - BDSG). In particular, the BDSG contains specialprovisions on the right to access, the right to erase, the right to object, the processing ofspecial categories of personal data, processing for other purposes and transmission as well asautomated individual decision-making, including profiling. Furthermore, data protection lawsof the individual federal states may apply.
Reference to the applicability of the GDPR and the Swiss DPA: These privacy notices serveboth to provide information in accordance with the Swiss Federal Act on Data Protection(Swiss DPA) and the General Data Protection Regulation (GDPR).
Security Precautions
We take appropriate technical and organisational measures in accordance with the legalrequirements, taking into account the state of the art, the costs of implementation and thenature, scope, context and purposes of processing as well as the risk of varying likelihoodand severity for the rights and freedoms of natural persons, in order to ensure a level ofsecurity appropriate to the risk.
The measures include, in particular, safeguarding the confidentiality, integrity and availabilityof data by controlling physical and electronic access to the data as well as access to, input,transmission, securing and separation of the data. In addition, we have establishedprocedures to ensure that data subjects' rights are respected, that data is erased, and thatwe are prepared to respond to data threats rapidly. Furthermore, we take the protection ofpersonal data into account as early as the development or selection of hardware, softwareand service providers, in accordance with the principle of privacy by design and privacy bydefault.
TLS/SSL encryption (https): To protect the data of users transmitted via our online services,we use TLS/SSL encryption. Secure Sockets Layer (SSL) is the standard technology forsecuring internet connections by encrypting the data transmitted between a website or appand a browser (or between two servers). Transport Layer Security (TLS) is an updated andmore secure version of SSL. Hyper Text Transfer Protocol Secure (HTTPS) is displayed in theURL when a website is secured by an SSL/TLS certificate.
Transmission of Personal Data
In the context of our processing of personal data, it may happen that the data is transferredto other places, companies or persons or that it is disclosed to them. Recipients of this datamay include, for example, service providers commissioned with IT tasks or providers ofservices and content that are embedded in a website. In such cases, the legal requirementswill be respected and in particular corresponding contracts or agreements, which serve theprotection of your data, will be concluded with the recipients of your data.
Data Transmission within the Group of Companies: We may transfer personal data to othercompanies within our group of companies or otherwise grant them access to this data.Insofar as this disclosure is for administrative purposes, the disclosure of the data is based onour legitimate business and economic interests or otherwise, if it is necessary to fulfill ourcontractual obligations or if the consent of the data subjects or otherwise a legal permission is present.
International data transfers
If we process data in a third country (i.e. outside the European Union (EU), the EuropeanEconomic Area (EEA)) or the processing takes place in the context of the use of third partyservices or disclosure or transfer of data to other persons, bodies or companies, this will onlytake place in accordance with the legal requirements.
Subject to express consent or transfer required by contract or law, we process or haveprocessed the data only in third countries with a recognised level of data protection, on thebasis of special guarantees, such as a contractual obligation through so-called standardprotection clauses of the EU Commission or if certifications or binding internal dataprotection regulations justify the processing (Article 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en).
If we process data in a third country (i.e. outside the European Union (EU), the EuropeanEconomic Area (EEA)) or the processing takes place in the context of the use of third partyservices or disclosure or transfer of data to other persons, bodies or companies, this will onlytake place in accordance with the legal requirements.Subject to express consent or transfer required by contract or law, we process or haveprocessed the data only in third countries with a recognised level of data protection, on thebasis of special guarantees, such as a contractual obligation through so-called standardprotection clauses of the EU Commission or if certifications or binding internal dataprotection regulations justify the processing (Article 44 to 49 GDPR, information page of theEU Commission:https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en).Data Processing in Third Countries: If we process data in a third country (i.e., outside theEuropean Union (EU) or the European Economic Area (EEA)), or if the processing is donewithin the context of using third-party services or the disclosure or transfer of data to otherindividuals, entities, or companies, this is only done in accordance with legal requirements. Ifthe data protection level in the third country has been recognized by an adequacy decision(Article 45 GDPR), this serves as the basis for data transfer. Otherwise, data transfers onlyoccur if the data protection level is otherwise ensured, especially through standardcontractual clauses (Article 46 (2)(c) GDPR), explicit consent, or in cases of contractual orlegally required transfers (Article 49 (1) GDPR). Furthermore, we provide you with the basisof third-country transfers from individual third-country providers, with adequacy decisionsprimarily serving as the foundation. "Information regarding third-country transfers andexisting adequacy decisions can be obtained from the information provided by the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en.
EU-US Trans-Atlantic Data Privacy Framework: Within the context of the so-called "Data Privacy Framework" (DPF), the EU Commission has also recognized the data protection level for certain companies from the USA as secure within the adequacy decision of 10th July 2023. The list of certified companies as well as additional information about the DPF can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/. We will inform you which of our service providers are certified under the Data Privacy Framework as part of our data protection notices.
Erasure of data
The data processed by us will be erased in accordance with the statutory provisions as soon as their processing is revoked or other permissions no longer apply (e.g. if the purpose of processing this data no longer applies or they are not required for the purpose). If the data is not deleted because they are required for other and legally permissible purposes, their processing is limited to these purposes. This means that the data will be restricted and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax reasons or for which storage is necessary to assert, exercise or defend legal claims or to protect the rights of another natural or legal person. In the context of our information on data processing, we may provide users with further information on the deletion and retention of data that is specific to the respective processing operation.
Rights of Data Subjects
Rights of the Data Subjects under the GDPR: As data subject, you are entitled to various rights under the GDPR, which arise in particular from Articles 15 to 21 of the GDPR:
Business services
We process data of our contractual and business partners, e.g. customers and interested parties (collectively referred to as "contractual partners") within the context of contractual and comparable legal relationships as well as associated actions and communication with the contractual partners or pre-contractually, e.g. to answer inquiries.
We process this data in order to fulfill our contractual obligations. These include, in particular, the obligations to provide the agreed services, any update obligations and remedies in the event of warranty and other service disruptions. In addition, we process the data to protect our rights and for the purpose of administrative tasks associated with these obligations and company organization. Furthermore, we process the data on the basis of our legitimate interests in proper and economical business management as well as security measures to protect our contractual partners and our business operations from misuse, endangerment of their data, secrets, information and rights (e.g. for the involvement of telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). Within the framework of applicable law, we only disclose the data of contractual partners to third parties to the extent that this is necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners will be informed about further forms of processing, e.g. for marketing purposes, within the scope of this privacy policy.
Which data are necessary for the aforementioned purposes, we inform the contracting partners before or in the context of the data collection, e.g. in online forms by special marking (e.g. colors), and/or symbols (e.g. asterisks or the like), or personally.
We delete the data after expiry of statutory warranty and comparable obligations, i.e. in principle after expiry of 4 years, unless the data is stored in a customer account or must be kept for legal reasons of archiving. The statutory retention period for documents relevant under tax law as well as for commercial books, inventories, opening balance sheets, annual financial statements, the instructions required to understand these documents and other organizational documents and accounting records is ten years and for received commercial and business letters and reproductions of sent commercial and business letters six years. The period begins at the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance sheet, the annual financial statements or the management report was prepared, the commercial or business letter was received or sent, or the accounting document was created, furthermore the record was made or the other documents were created.
If we use third-party providers or platforms to provide our services, the terms and conditions and privacy policies of the respective third-party providers or platforms shall apply in the relationship between the users and the providers.
Further information on processing methods, procedures and services used:
Provision of online services and web hosting
We process user data in order to be able to provide them with our online services. For this purpose, we process the IP address of the user, which is necessary to transmit the content and functions of our online services to the user's browser or terminal device.
Further information on processing methods, procedures and services used:
Purchase of applications via Appstores
The purchase of our apps is done via special online platforms operated by other service providers (so-called "appstores"). In this context, the data protection notices of the respective appstores apply in addition to our data protection notices. This applies in particular with regard to the methods used on the platforms for web analytics and for interest-related marketing as well as possible costs.
Further information on processing methods, procedures and services used:
Communication via Messenger
the following information regarding the functionality of the messenger services, encryption, use of the metadata of the communication and your objection options.
You can also contact us by alternative means, e.g. telephone or e-mail. Please use the contact options provided to you or use the contact options provided within our online services.
In the case of encryption of content (i.e. the content of your message and attachments), we point out that the communication content (i.e. the content of the message and attachments) is encrypted end-to-end. This means that the content of the messages is not visible, not even by the messenger service providers themselves. You should always use a current version of the messenger service with activated encryption, so that the encryption of the message contents is guaranteed.
However, we would like to point out to our communication partners that although messenger service providers do not see the content, they can find out that and when communication partners communicate with us and process technical information on the communication partner's device used and, depending on the settings of their device, also location information (so-called metadata).
Information on Legal basis: If we ask communication partners for permission before communicating with them via messenger services, the legal basis of our processing of their data is their consent. Otherwise, if we do not request consent and you contact us, for example, voluntarily, we use messenger services in our dealings with our contractual partners and as part of the contract initiation process as a contractual measure and in the case of other interested parties and communication partners on the basis of our legitimate interests in fast and efficient communication and meeting the needs of our communication partners for communication via messenger services. We would also like to point out that we do not transmit the contact data provided to us to the messenger service providers for the first time without your consent.
Withdrawal, objection and deletion: You can withdraw your consent or object to communication with us via messenger services at any time. In the case of communication via messenger services, we delete the messages in accordance with our general data retention policy (i.e. as described above after the end of contractual relationships, archiving requirements, etc.) and otherwise as soon as we can assume that we have answered any information provided by the communication partners, if no reference to a previous conversation is to be expected and there are no legal obligations to store the messages to prevent their deletion.
Reservation of reference to other means of communication: Finally, we would like to point out that we reserve the right, for reasons of your safety, not to answer inquiries about messenger services. This is the case if, for example, internal contractual matters require special secrecy or if an answer via the messenger services does not meet the formal requirements. In such cases we refer you to more appropriate communication channels.
Further information on processing methods, procedures and services used:
Newsletter and Electronic Communications
We send newsletters, e-mails and other electronic communications (hereinafter referred to as "newsletters") only with the consent of the recipient or a legal permission. Insofar as the contents of the newsletter are specifically described within the framework of registration, they are decisive for the consent of the user. Otherwise, our newsletters contain information about our services and us.
In order to subscribe to our newsletters, it is generally sufficient to enter your e-mail address. We may, however, ask you to provide a name for the purpose of contacting you personally in the newsletter or to provide further information if this is required for the purposes of the newsletter.
Double opt-in procedure: The registration to our newsletter takes place in general in a so-called Double-Opt-In procedure. This means that you will receive an e-mail after registration asking you to confirm your registration. This confirmation is necessary so that no one can register with external e-mail addresses.
The registrations for the newsletter are logged in order to be able to prove the registration process according to the legal requirements. This includes storing the login and confirmation times as well as the IP address. Likewise the changes of your data stored with the dispatch service provider are logged.
Deletion and restriction of processing: We may store the unsubscribed email addresses for up to three years based on our legitimate interests before deleting them to provide evidence of prior consent. The processing of these data is limited to the purpose of a possible defense against claims. An individual deletion request is possible at any time, provided that the former existence of a consent is confirmed at the same time. In the case of an obligation to permanently observe an objection, we reserve the right to store the e-mail address solely for this purpose in a blocklist
The logging of the registration process takes place on the basis of our legitimate interests for the purpose of proving its proper course. If we commission a service provider to send e-mails, this is done on the basis of our legitimate interests in an efficient and secure sending system.
Contents:
Information about us, our services, promotions and offers.
Commercial communication by E-Mail, Postal Mail, Fax or Telephone
We process personal data for the purposes of promotional communication, which may be carried out via various channels, such as e-mail, telephone, post or fax, in accordance with the legal requirements.
The recipients have the right to withdraw their consent at any time or to object to the advertising communication at any time.
After revocation or objection, we store the data required to prove the past authorization to contact or send up to three years from the end of the year of revocation or objection on the basis of our legitimate interests. The processing of this data is limited to the purpose of a possible defense against claims. Based on the legitimate interest to permanently observe the revocation, respectively objection of the users, we further store the data necessary to avoid a renewed contact (e.g. depending on the communication channel, the e-mail address, telephone number, name).
Plugins and embedded functions and content
Within our online services, we integrate functional and content elements that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These may, for example, be graphics, videos or city maps (hereinafter uniformly referred to as "Content").
The integration always presupposes that the third-party providers of this content process the IP address of the user, since they could not send the content to their browser without the IP address. The IP address is therefore required for the presentation of these contents or functions. We strive to use only those contents, whose respective offerers use the IP address only for the distribution of the contents. Third parties may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may include technical information about the browser and operating system, referring websites, visit times and other information about the use of our website, as well as may be linked to such information from other sources.
Further information on processing methods, procedures and services used:
Terminology and Definitions
In this section, you will find an overview of the terminology used in this privacy policy. Where the terminology is legally defined, their legal definitions apply. The following explanations, however, are primarily intended to aid understanding.