You haven't found the answer to your question?
Email us at hello@autarc.energy

Privacy statement
‍
Information on data protection for autarc GmbH's online offerings at:
autarc.energy
app.autarc.energy
‍
Table of contents
‍
1. Basic information
2. Who we are (responsible for data protection)
3. Data collection when you visit our online offer
3.1. Intercom
3.2. Webflow
3.3. Bubble
3.4. Hotjar
4. Contact
4.1. Hubspot chat widget
4.2. Typeform
4.3 Zapier
5. Data processing when registering to open a customer account
6. Using your data for advertising purposes (recommendations to platform users)
6.1. Recommendations to platform users
6.2. Service provider for sending emails
7. Information on the use of cookies and tools
7.1. What are cookies?
7.2. Which cookies do we use?
7.3. For what purposes and according to which legal bases do we use cookies?
7.4. How can you turn off cookies?
7.5. Do we use third-party cookies?
7.6. Overview of cookies used
7.7. Google Analytics web analysis service
7.8. Retargeting/Remarketing/Referral Advertising
8. Integration of social media and other services
8.1. PTV (Map & Guide)
8.2. Social media appearances and use of social media icons on our pages
8.3. Google Maps
8.4. linkedin
8.5. Google reCAPTCHA
9. Payment service provider
10. Your rights as a data subject
10.1 The right to information
10.2. Right to rectification
10.3. Right to delete
10.4. Right to restrict processing:
10.5. Right to be informed
10.6. Right to data portability
10.7. Right of objection
10.8. Right to withdraw consent under data protection law
10.9. Right to lodge a complaint with the supervisory authority

1. Basic information
We are pleased that you are visiting our website and thank you for your interest. In the following, we will inform you about the handling of your personal data when using our offers on the Internet, such as our website and our online shop. The following information also relates to the use of our offer with mobile devices, such as smartphones or tablets. Personal data is all data with which you can be personally identified or that makes you identifiable via an identifier, for example via your IP address.
This privacy policy explains on which legal basis and for what purpose this is done. We will also inform you of your rights with regard to the use of personal data. If you have any questions regarding the use of your personal data by us, please contact us as the responsible body (contact under section 2).
For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the person responsible), this online offer uses SSL or TLS encryption. You can recognize an encrypted connection by the string “https://” and the lock icon in your browser line.

2. Who we are (responsible for data protection)
The person responsible for data processing on our website within the meaning of the General Data Protection Regulation (GDPR) is:
autarc GmbH
represented by autarc GmbH (limited liability) (Berlin District Court, HRB 249005), represented by managing director Etienne Krause, Thies Hansen
Hoppestrasse 31
13409 Berlin
(+49) 151 68547823
hello@autarc.energy

Contact details of our company data protection officer: dataprotection@autarc.energy.

3. Data collection when you visit our online offer
Just visiting our website (without registration) automatically results in the anonymized collection of the following data on our server:
- abbreviated IP address,
- date/time/time zone of access,
- access status,
- type of access,
- log type,
- the type and number of pages viewed by us,
- name and size of the files accessed,
- source website,
- web browser used,
- operating system used.
The non-personal information mentioned above is automatically collected through the normal functioning of our Internet services. This usage data about visits to our pages is not combined with the personal data provided via the registration form. For us, any personal reference to the usage data is excluded.
We use the above data for troubleshooting purposes, to compile statistics and to measure activity on the website, with the aim of increasing the value of our offer for you. This also constitutes a legitimate interest, meaning that data processing is justified in accordance with Article 6 (1) (f) GDPR.
Only our IT administrator has access to this data for the purposes mentioned above.
We only collect the above data for the period of use; once use has ended, the data is deleted immediately, but no later than after seven days.
We receive information via so-called cookies and web analysis services as soon as your web browser opens our pages. These identifiers support various service functions on our website and are automatically transmitted via your web browser to the hard drive of your computer or other mobile devices. You can prevent this function by setting your browser accordingly. However, personalized service is not possible in this case. In these cases, your anonymized IP address may also be transferred to the USA. You can find more information about the cookies and web analysis tools we use below under the heading “Information on the use of cookies and tools.”

3.1 Intercom
If you contact us via the Intercom messenger service, data is processed by “Intercom, Inc., 98 Battery Street, Suite 402, San Francisco, CA 94111 USA and 2nd Floor, Stephen Court, 18-21 Saint Stephen's Green, Dublin 2, hereinafter “Intercom”). Insofar as data is transferred to a third country (in particular the USA), we refer to “3. General information and mandatory information” under “Note on data transfer to the USA and other third countries” of this privacy policy.
Further information on data processing by “intercom” can be found at: https://www.intercom.com/de/terms-and-policies.
We have concluded an order processing contract with “Intercom”. This is a contract required by data protection law, which ensures that “Intercom” processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

3.2 Webflow
We use the Webflow website builder and content delivery network (CDN) to host and design this website.
This service is provided by Webflow Inc., 398 11th Street, 2nd Floor, San Francisco, California, 94103, USA (“Webflow”).
As part of the hosting/website builder system, Webflow only processes the data mentioned in “3. Data collection when you visit our online offer”, although this usage data cannot be linked to a personal person.
As part of hosting, Webflow also acts as a content delivery network. A content delivery network (CDN), or also known as a content distribution network, is a network of regionally distributed servers connected via the Internet, with which content is distributed. The distribution of network traffic ensures faster website load time, reliability, and greater protection against data loss. This represents a legitimate interest within the meaning of Article 6 (1) (f) GDPR, because we want to offer you the most reliable, stable service possible. We assume that this is in your interest. If not, you can informally notify us of your withdrawal at any time.
We have concluded an order processing contract with Webflow and a contract in accordance with EU standard data protection clauses, in which we oblige Webflow to protect our customers' data and not to pass it on to third parties.
Webflow is certified under the EU-US Privacy Shield:
https://www.privacyshield.gov/participant?id=a2zt0000000TT9jAAG&status=Active
Webflow's current privacy policy can be found at: https://webflow.com/legal/eu-privacy-policyWeitergabe of the data:
However, according to the case law of the European Court of Justice, the USA does not have an adequate level of data protection. For this reason, we have agreed additional guarantees with Webflow. The subcontractors used by Webflow were also contractually bound accordingly.
However, AWS offers a GDPR Data Processing Addendum for every customer, which includes the standard data processing clauses (Data Processing Addendum):
https://docs.aws.amazon.com/whitepapers/latest/navigating-gdpr-compliance/aws-data-processing-addendum-dpa.html
Webflow works with Amazon Web Services (AWS) as a subcontractor as part of hosting. Data is processed in Germany and Ireland. For technical reasons, the infrastructure may be maintained from the USA.
AWS is certified under the US Privacy Shield:
https://www.privacyshield.gov/participant?id=a2zt0000000TOWQAA4&status=Active
Webflow works with Fastly as a subcontractor for hosting. Here, too, data is processed in the USA. Fastly is certified by the US Privacy Shield:
https://www.privacyshield.gov/participant?id=a2zt0000000TNGUAA4&status=Active
Fastly offers a GDPR Data Processing Addendum for every customer, which contains the standard data protection clauses (Data Processing Addendum): https://www.fastly.com/de/data-processing
To ensure that any processing of personal data in the USA is secure, we have taken the following technical and organizational measures:
Webflow and the subcontractors used by Webflow submit to an EU jurisdiction in terms of data protection and commit to pay damages to data subjects in the event of data protection violations.
If a corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be withdrawn at any time.
The collected data is deleted at the end of each visit to our website.

3.2 Bubble
We build our website app.autarc.energy with Bubble.io. The provider is Bubble Group, Inc., 55 Hudson Yards, 44th Floor, New York, NY 10001, USA (hereinafter: Bubble.io).
When using and creating a project on our website app.autarc.energy, personal data is collected by Bubble.io on our behalf and stored on a server hosted by AWS. This involves:
- IP addresses (only in abbreviated form)
- First name and last name
- address (zip code, city, street and house number)
- company name
- company address
- email address
- phone number
- Payment information
- heating system
- Consumption values
- number of inhabitants
- Building age
- Project spaces and dimensions
- Radiator data
- Photos and documents related to the project
‍
Bubble is certified under the EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt00000008W5AAAU&status=Active
However, according to the case law of the European Court of Justice, the USA does not have an adequate level of data protection. However, Bubble offers a GDPR Data Processing Addendum for every customer, which includes the standard data protection clauses: https://bubble.io/dpa
To ensure that any processing of personal data in the USA is secure, we have taken the following technical and organizational measures:
Bubble submits to an EU jurisdiction in terms of data protection and undertakes to pay damages to data subjects in the event of data protection breaches.
For more information about data processing at Bubble, please visit: https://bubble.io/privacy
Bubble works with Amazon Web Services (AWS) together as a subcontractor. Data is processed in Frankfurt, Germany and Ireland. For technical reasons, it may happen that the infrastructure is maintained from the USA.
AWS is certified under the US Privacy Shield:
https://www.privacyshield.gov/participant?id=a2zt0000000TOWQAA4&status=Active
However, according to the case law of the European Court of Justice, the USA does not have an adequate level of data protection. However, AWS offers a GDPR Data Processing Addendum for every customer, which includes the standard data processing clauses (Data Processing Addendum):
https://docs.aws.amazon.com/whitepapers/latest/navigating-gdpr-compliance/aws-data-processing-addendum-dpa.html

3.3. Hotjar
This website uses the Hotjar analysis tool from Hotjar Ltd, Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141, Malta (“Hotjar”). When visiting the site, in addition to technical master data and cookies, the user's mouse movements are examined in particular in order to create so-called “heat maps.” This information enables us to make the website even faster and more customer-friendly. Personal data is completely hidden during this process and is therefore not collected.
If you do not agree with Hotjar's approach, you can adjust your browser's cookie settings accordingly or deactivate the features at this link: https://www.hotjar.com/policies/do-not-track/.
You can find more information about data protection at Hotjar here: https://www.hotjar.com/legal/policies/privacy
Contact email address: dpo@hotjar.com and support@hotjar.com
‍
4. Contact
We have stored our contact details on our website, which you can use to contact us electronically, by post or by telephone. Contacting us is always voluntary.
We process your data (e.g. your email address and name when you contact us via e-mail) exclusively for the purpose of answering your request or the desired contact with you and the associated technical administration. The legal basis for this processing is Art. 6 paragraph 1 letter b GDPR, because we need the above data to initiate, execute or terminate a contractual relationship with you.
Our internal customer service department will receive your request.
We do not transfer your inquiries to third countries or organizations outside the EU.
After processing your request, we will delete the data relating to your contact immediately, but no later than seven days after the request has been completed. This storage period may be precluded by legal retention periods, e.g. if your request is related to a contract or warranty or warranty processing. In this case, we will only store your request beyond seven days for the purpose of fulfilling the legal storage obligations (Art. 6 paragraph 1 letter c GDPR). In this case, we will delete your data at the latest upon expiry of the legal retention period (Section 147 (3) AO), i.e. after 10 years, beginning with the conclusion of the contract. When this retention period expires, we will immediately delete this data without you having to ask us to do so.

4.1. Hubspot chat widget
On our pages, we have integrated a chat widget from the provider HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA (hereinafter: “Hubspot”), which you can use to contact us. Contacting us is always voluntary.
We process the data that you provide to us in the chat exclusively for the purpose of answering your request or for the desired contact with you and the associated technical administration. The legal basis for this processing is Art. 6 paragraph 1 letter b GDPR, because we process the above data to initiate, execute or terminate a contractual relationship with you.
Our internal customer service department will receive your request.
We do not transfer your inquiries to third countries or organizations outside the EU. Hubspot stores the data exclusively on servers in Europe.
After processing your request, we will delete the data relating to your contact immediately, but no later than seven days after the request has been completed. This storage period may be precluded by legal retention periods, e.g. if your request is related to a contract or warranty or warranty processing. In this case, we will only store your request beyond seven days for the purpose of fulfilling the legal storage obligations (Art. 6 paragraph 1 letter c GDPR). In this case, we will delete your data at the latest upon expiry of the legal retention period (Section 147 (3) AO), i.e. after 10 years, beginning with the conclusion of the contract. When this retention period expires, we will immediately delete this data without you having to ask us to do so.
Hubspot is certified under the EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TN8pAAG&status=Active
However, according to the case law of the European Court of Justice, the USA does not have an adequate level of data protection. However, Hubspot offers a GDPR Data Processing Addendum for every customer, which includes the standard data protection clauses: https://legal.hubspot.com/dpa
To ensure that any processing of personal data in the USA is secure, we have taken the following technical and organizational measures:
Hubspot submits to an EU jurisdiction in terms of data protection and undertakes to pay damages to data subjects in the event of data protection violations.
You can find out more about data processing at Hubspot in the privacy policy: http://legal.hubspot.com/de/privacy-policy

4.2. Typeform
We have integrated Typeform on this website. The provider is TYPEFORM S.L., Carrer Bac de Roda, 163, 08018 Barcelona, Spain (hereinafter Typeform).
Typeform allows us to create online forms and integrate them on our website. The data you enter into our Typeform forms is stored on Typeform's servers until you request us to delete it, revoke any consent you have given us to store it, or the purpose for storing the data no longer applies (e.g. after your request has been processed). Mandatory legal provisions — in particular retention periods — remain unaffected.
Typeform is used on the basis of Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in functioning online forms. If a corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be withdrawn at any time.
Order processing
We have concluded an order processing contract (AVV) for the use of the above service. This is a contract required by data protection law, which ensures that it only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

4.3. Zapier
We use “Zapier” to connect various web apps. This allows us to automate actions between different web apps. Zapier is a service provided by Zapier Inc., 548 Market St #6241, San Francisco, CA 94104, USA. When using Zapier, it is not ruled out that data will be transferred to Zapier servers in the USA. We have concluded an order processing agreement with Zapier. In addition, data processing is secured by EU standard contractual clauses. We use Zapier to automate actions between different apps and thus improve our website and make it more time-efficient, which also represents our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR.
For more information about Zapier's privacy policy, please visit: https://zapier.com/privacy/

5. Data processing when registering to open a customer account
You have the option to register as a specialist partner or customer on our website. We process this data exclusively to carry out the contract concluded with you for the use of our online offer or to record projects. This data processing is justified under Article 6 (1) (b) GDPR. If you have registered with us as a specialist partner or customer, we save your project data or its evaluation in your customer account. You have control over the storage of this data and can delete it at any time by deleting the corresponding project. We store this history for the purpose of optimizing our offer in order to make the user experience on our platform as pleasant as possible for you. This processing is justified on the basis of our legitimate interest in accordance with Article 6 (1) (f) GDPR.
All information is voluntary. To create an account, we need at least the data marked with an asterisk (*) during the registration process.
Internal customer service and marketing, and IT only have access to this data to fix faults or system maintenance.
If we transfer data to third countries or organizations outside the EU, this is set out accordingly in this privacy policy.
You can delete your specialist partner or customer account at any time. You can delete it yourself or send us an appropriate message to the above address.
After complete processing of the contract in the event of guest access or deletion of your specialist partner or customer account, your data will be blocked in accordance with tax and commercial retention periods and deleted after expiry of these periods, unless you have expressly consented to further use of your data or reserved further use of data permitted by law by our side, about which we will inform you accordingly. If you are registered with us as a specialist partner or customer and have created project data, we will delete it no later than 10 years from the date of purchase. We delete your data at the latest upon expiry of the legal retention period (Section 147 (3) AO), i.e. after 10 years, beginning with the conclusion of the contract. When this retention period expires, we will immediately delete this data without you having to ask us to do so. Our admins can view all data, which is the only way to manually check the plausibility of projects.

6. Using your data for advertising purposes (recommendations to platform users)‍
6.1. Recommendations to platform users
If you have ordered products or used services from us and have provided your e-mail address, we allow ourselves, within the scope of legal requirements, to send you recommendations for our own similar services if you have agreed by means of a double opt-in or if we have notified you of this during registration and you have not objected to this. This type of contact is exclusively for the purpose of sending the recommendation by electronic mail to you as a platform user. We are thus pursuing our legitimate interest in personalized direct advertising from existing platform users. The basis for this is based on Article 6 paragraph 1 letter f GDPR in conjunction with Section 7 (3) Act against Unfair Competition (UWG). If you have initially objected to the use of your email address for this purpose, we will not send you the above information by email. You are entitled to object to the use of your email address for the above mentioned advertising purpose at any time with effect for the future by sending us a message. After receipt of your objection, the use of your email address for the above mentioned advertising purpose will be immediately discontinued.

6.2 Service providers for sending emails
If you have signed up to our platform, we will contact you via email (transactional, automated) in order to execute the contract with you (Article 6 (1) (b) GDPR). For these emails, we use the SendGrid tool from the following service provider: Twilio Inc., 899 Winslow St. Redwood City, CA 94063, USA (“SendGrid”). This service provider acts on our behalf strictly in accordance with our instructions and, for this purpose, receives knowledge of your e-mail address and, if applicable, your name. This data is processed on SendGrid's servers in Germany and Ireland.
On our behalf, SendGrid uses this information to send emails to you in the following cases:
- Email address confirmation
- Email if password is forgotten
- Email when requesting a Magic Login Link
‍
We have concluded an order processing contract with SendGrid and the EU standard data protection clauses for the above purposes, in which we oblige SendGrid to protect our customers' data and not to pass it on to third parties.
For more information about data processing at SendGrid, click here: https://www.twilio.com/legal/privacy.
We only store your email address and name in your profile on our platform as long as you are logged on to our platform. After deleting your profile with us, we will delete your data.
Automated decision-making or profiling does not take place.
SendGrid is certified by the US Privacy Shield:
https://www.privacyshield.gov/participant?id=a2zt0000000TNLbAAO&status=Active
However, according to the case law of the European Court of Justice, the USA does not have an adequate level of data protection. However, SendGrid offers a GDPR Data Processing Addendum (GDPR) for every customer https://www.twilio.com/legal/data-protection-addendum, which contains the standard data protection clauses (Data Processing Addendum).
To ensure that any processing of personal data in the USA is secure, we have taken the following technical and organizational measures:
SendGrid submits to an EU jurisdiction in terms of data protection and undertakes to pay compensation to data subjects in the event of data protection breaches.

7. Information on the use of cookies and tools
7.1. What are cookies?
In order to make visiting our online offering attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your device. These text files are used to archive information for a limited period of time. Your browser stores cookies in the form of a readable text file as soon as you visit our pages. If you are registered with us, cookies help us recognize your device (computer, tablet or smartphone) the next time you visit our online offering. Some cookies may contain personal information.

7.2. Which cookies do we use?
By type, we divide the cookies we use into the following classes: necessary cookies, function, analysis & statistics and advertising & marketing. Necessary cookies enable you to use our online offering (so-called session or session cookies). If this cookie is switched off, you will not be able to access our pages. The authentication cookie gives you access to the login area. Without this cookie, neither registration nor access to the login area is possible. These session cookies are deleted after the end of the browser session, i.e. after closing your browser (so-called session or session cookies).
Other cookies remain on your device and enable us or our partner companies (third-party cookies) to recognize your browser the next time you visit (so-called persistent cookies). Persistent cookies are automatically deleted after a specified period of time, which may differ depending on the cookie. We use a so-called retargeting cookie for advertising purposes. This allows us to display interesting promotional offers for you on the Internet even outside of our offers. For more information, see the following overview of the cookies used.

7.3. For what purposes and according to which legal bases do we use cookies?
Most cookies we use do not store information that identifies or makes you identifiable as a person. Instead, these cookies provide us with general and anonymized information about visitors to our online offers, the browsers and operating systems used, and which cities our visitors come from. We only record the IP address in abbreviated form in such a way that individual recognition and allocation is not possible.
In some cases, cookies are used to simplify the ordering process by saving settings (e.g. remembering the content of a virtual shopping cart for a later visit to the website). If individual cookies used by us also process personal data, the processing is carried out in accordance with Art. 6 paragraph 1 letter b GDPR to execute the contract with you. Insofar as we collect data with cookies, this is done on the one hand to gain insights to optimize the functionalities and content of our online offering. With such functional cookies, we are pursuing a legitimate interest (Art. 6 paragraph 1 letter f GDPR), because this allows us to adapt our offer to meet technical requirements and makes it easier for you to access our pages. On the other hand, we use cookies to measure how successful our online advertising measures are. Based on statistical data, we can also identify faults and understand how we calculate advertising costs. We only carry out this processing if you have given us your consent to use these cookies for analysis & statistics or for advertising & marketing (Art. 6 para. 1 letter a GDPR). Once you have given your consent, you can withdraw it at any time with effect for the future. Data processing remains permitted until revocation. Click here to view and change your cookie settings.
‍
7.4. How can you turn off cookies?
You can set your browser so that you are informed when cookies are set and decide individually whether to accept them or can exclude the acceptance of cookies in certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in each browser's help menu, which explains how you can change your cookie settings. These can be found for the respective browsers under the following links:
- Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
- Edge: https://support.microsoft.com/de-de/help/4027947/microsoft-edge-delete-cookies
- Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
- Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647
- Safari: https://support.apple.com/de-de/guide/safari/sfri11471/12.0/mac/10.14
- Opera: https://help.opera.com/de/latest/web-preferences/#cookies
Alternatively, you can find out more about the setting of cookies and make settings for this from the Digital Advertising Alliance at the Internet address www.aboutads.info.

7.5. Do we use third-party cookies?
We sometimes work with advertising partners who help us make our website more interesting for you. For this purpose, cookies from partner companies may also be stored on your device when you visit our online offerings (third-party cookies). The information on the use of such cookies and the scope of the data collected in each case is explained in more detail below. We use some cookies or tools because they are necessary so that we can provide you with our online offer. In this case, the legal basis for processing is the user contract concluded with you (Article 6 (1) (b) GDPR) or our legitimate interest, provided that no conflicting interests are discernible and there is also no objection (Article 6 (1) (f) GDPR). We use all other cookies exclusively on the basis of your consent (Article 6 (1) (a) GDPR). Some of the cookies we use from third parties result in data processing in the USA. Even in this case, we only use cookies with your consent (Art. 6 para. 1 letter a GDPR). These providers (e.g. Google, Facebook) have committed to comply with the data protection provisions of the EU-US Privacy Shield, the legal framework for transatlantic transfer of data agreed by the European Commission and the United States (COMMISSION IMPLEMENTING DECISION (EU) 2016/1250 of 12 July 2016 in accordance with Directive 95/46/EC of the European Parliament and of the Council on the adequate protection offered by the EU-US Privacy Shield (notified under file number C (2016) 4176)). These providers are also registered with the US Department of Commerce's “Privacy Shield” program. However, the European Court of Justice has declared this agreement invalid and found that the USA does not have a level of data protection comparable with the EU (ECJ, judgment of 16.07.2020 — C-311/18, paragraph 200, Facebook/Schrems II). The laws of the USA give various security agencies unlimited monitoring powers, including through the use of monitoring programs that make mass collection and evaluation of data possible. According to national laws, US providers are required to grant security authorities access to the data they process, even if it is processed by a foreign company. By granting consent, there is a risk that the data collected via cookies will become part of mass surveillance in the USA. There is no legal remedy or efficient legal process available in the USA against such monitoring.

7.6. Overview of cookies used
Here is an overview of the cookies we use:
‍
Necessary cookies:
‍
fs-cc-updated, fs-cc
Storage of consent/rejection of optional cookies.
Duration of use: 1 day

mission-bagger_u1main, mission-bagger_live_u2main, mission-bagger_live_u2main.sig
Bubble.io cookies: These cookies are required to save your session when you are logged in. As a result, you do not have to log in again every time you click on different areas of our platform.
Working time: session, 1 day
‍
function:

__hs_cookie_cat_pref
Hubspot cookie: Saving consent/rejection of optional cookies.
Duration of operation: 6 months

__hssrc
Hubspot cookie: Whenever the HubSpot software changes the session cookie, this cookie is also set. This determines whether the visitor has restarted the browser.
If this cookie doesn't exist when HubSpot manages cookies, it's considered a new session. It contains the value “1” when available. It expires at the end of the session.
Working time: session

__hstc
Hubspot cookie: The main cookie for visitor tracking. It contains the domain, the user token (utk), the first timestamp (of the first visit), the last timestamp (of the last visit), the current timestamp (for this visit) and the session count (increases with each subsequent session).
Duration of operation: 6 months

__hssc
Hubspot cookie: This cookie tracks sessions. It is used to determine whether HubSpot software needs to increase the session count and timestamps in the __hstc cookie.
It contains the domain, the number of page views (viewCount, increases with every page view [PageView] in a session) and the session start timestamp
Working time: 30 minutes

Hubspotutk
Hubspot cookie: This cookie tracks a visitor's identity. This cookie is passed to HubSpot software when a form is submitted and is used when de-duplicating contacts. It includes an opaque GUID to represent the current visitor.
Duration of operation: 6 months

1P_JAR, AEC, CONSENT, DV, NID, UULE
Google API cookies: These cookies enable you to use the autocomplete function when entering addresses.
‍
_ga, _GA_vjk4f2q9mr
Analysis tool from Google, which gives website and app owners insight into how their users interact with their offers, creates website usage statistics.
Duration of operation: 2 years

7.7 Web analytics services
7.7.1 Google Analytics
After consent has been given, we use the web analysis service Google Analytics in our online offering. In the EU, EEA and Switzerland, this service is offered by Google Ireland Limited Gordon House, Barrow Street Dublin 4. Ireland, in the USA by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses cookies, which are stored on your computer and which enable an analysis of the use of our online offering. The information generated by the cookie about your use of our online offering (including your abbreviated IP address) is transmitted to a Google server in the USA and stored there. In this way, Google evaluates your use of our online offering in order to create statistical reports for us on the activities on our online offering and to provide us with other services related to the use of our online offering. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google.
We use Google Analytics in our online offering exclusively with the addition of the “anonymize IP” function for web analysis purposes. This setting ensures that Google Analytics deletes the last part of your IP address. This anonymization of your IP address precludes direct personal identification. As a result of the extension, your IP address will be abbreviated beforehand by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and abbreviated there. As a result, we also do not have access to data that allows us to draw conclusions about you personally.
With Google Analytics, we also use the Universal Analytics features. Universal Analytics allows us to analyze activities on our online offerings across devices (e.g. when accessed via a notebook and later via a tablet). As a user, you are assigned a pseudonymous user ID as soon as you log on to our pages. The system also recognizes your user ID when you visit our site with another device. However, we do not assign any names to the pseudonymous user ID. We also do not transfer any personal data to Google. Data protection measures, such as IP masking or the browser add-on, are not restricted by the Universal Analytics feature.
You can prevent the installation of cookies by setting your browser software accordingly. You can also prevent Google from collecting the data generated by the cookie and related to your use of our online offering (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link: https://support.google.com/analytics/answer/181881?hl=de
This will prevent Google Analytics from collecting data within our online offering in the future. This opt-out cookie only works in this browser and only for this domain.
If you have made one of the above deactivations, you may not be able to use all functions of our website in full.
Google is certified under the EU-US Privacy Shield, but this alone does not offer an adequate level of data protection: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
We have concluded a contract with Google in accordance with the EU's standard data protection clauses.
In addition, according to the case law of the European Court of Justice, further data protection guarantees are required, which are not yet available.
More information about how Google Analytics handles user data can be found in Google's privacy policy: https://policies.google.com/privacy?hl=de
‍
7.8 Retargeting/Remarking/Referral Advertising
7.8.1 Google Ads Manager (Ad Manager)
The Google ad manager is a platform for all ad formats. This service is operated in the EU, EEA and Switzerland by Google Ireland Limited Gordon House, Barrow Street Dublin 4. Ireland, in the USA by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). The ad manager uses cookies to present you with advertisements that are relevant to you. This assigns a pseudonymous identification number (ID) to your browser to check which ads have been displayed in your browser and which ads have been viewed. The cookies do not contain any personal information. Using the ad manager only allows Google and its partner websites to place ads based on previous visits to our online offering or other websites on the Internet. With the Google ad manager, we can design ads interactively and dynamically in various formats (e.g. video or individual). We can also manage and evaluate our ads. Ad manager cookies enable Google to recognize your browser. This gives us the information that someone clicked on an ad and was redirected to our site. We ourselves do not collect or process any personal data in the mentioned advertising measures. We only receive statistical evaluations of our campaigns from Google. Based on these evaluations, we can identify which of the advertising measures used are particularly effective. We do not receive any further data from the use of advertising materials; in particular, we cannot identify users based on this information.
The information generated by the cookies is transferred by Google to a server in the USA for evaluation and stored there. Google only transfers data to third parties due to legal regulations or as part of order data processing. Under no circumstances will Google combine your data with other data collected by Google.
You can prevent data collection by the Google Ads Manager as follows:
You can prevent cookies from being saved by setting your browser software accordingly. Information about this can be found here: https://support.google.com/ads/answer/7395996
You can also prevent cookies from collecting and processing data by installing a browser plug-in (https://support.google.com/ads/answer/7395996).
Alternatively, you can use Google cookies on the Digital Advertising Alliance website at the following link (http://optout.aboutads.info/?c=2 #! /) deactivate.
If you have made one of the above deactivations, you may not be able to use all functions of our website in full.
Google is certified under the EU-US Privacy Shield, but this alone does not offer an adequate level of data protection: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
We have concluded a contract with Google in accordance with the EU's standard data protection clauses.

7.8.2 Google Tag Manager
We use Google Tag Manager in our online offering for personalized, interest-based and location-based online advertising. This service is operated in the EU, EEA and Switzerland by Google Ireland Limited Gordon House, Barrow Street Dublin 4. Ireland, in the USA by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Tag Manager allows us to manage website tags via an interface. As a result, we neither use cookies nor collect personal data. The tag manager was developed specifically for advertisers and is a container that can be used to mark and manage elements (tags) from Google and other providers. In this way, data can be forwarded to other cookies or tools. Tags can be added for conversion tracking, website analytics, and other purposes, for example. Google is certified under the EU-US Privacy Shield, but this alone does not offer an adequate level of data protection: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
We have concluded a contract with Google in accordance with the EU's standard data protection clauses.
You can find more information about Google Tag Manager here: http://www.google.de/tagmanager/use-policy.html
Further information and Google's privacy policy can be found at: http://www.google.com/policies/technologies/ads/ and http://www.google.de/policies/privacy/

7.8.3 Google Ads Remarketing
Our online offering uses the remarketing features of Google Ads, which we use to advertise our online offer in Google search results, as well as on third-party websites. The provider is operated in the EU, in the EEA and Switzerland by Google Ireland Limited Gordon House, Barrow Street Dublin 4. Ireland, in the USA by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). For this purpose, we have embedded a pixel (a code snippet, so-called remarketing tag) into our online offering, which Google uses to set a cookie in the browser of your device. This cookie allows us to show you interest-based advertising. For this purpose, a pseudonymous cookie ID is generated and the websites that you have visited are analyzed.
Any further data processing will only take place if you have agreed with Google that your Internet and app browsing history will be linked by Google to your Google account and that information from your Google account will be used to personalize ads that you view on the Internet. Information on the integration of user consent can be found here: http://www.google.com/about/company/user-consent-policy.html
In this case, if you are logged in to Google while visiting our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing. For this purpose, Google temporarily links your personal data with Google Analytics data to form target groups. You can find more information about this here: https://policies.google.com/technologies/ads?hl=de and https://support.google.com/google-ads/answer/7664943?hl=de&ref_topic=3122875.
You can permanently deactivate the setting of cookies for ad preferences by downloading and installing the browser plug-in available at the following link: https://support.google.com/ads/answer/7395996.
Alternatively, you can find out more about the setting of cookies and make settings for this from the Digital Advertising Alliance at the Internet address www.aboutads.info. Finally, you can set your browser so that you are informed when cookies are set and decide individually whether to accept them or to exclude the acceptance of cookies in certain cases or in general. If you do not accept cookies, the functionality of our website may be limited.
Google is certified under the EU-US Privacy Shield, but as a result alone does not offer an adequate level of data protection: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=ActiveWir have concluded a contract with Google in accordance with the EU's standard data protection clauses.
More information about how Google handles user data can be found in Google's privacy policy: https://policies.google.com/privacy?hl=de

7.8.4 Use of Google Ads Conversion Tracking
Our online offering uses the “Google Ads” online advertising program and conversion tracking as part of Google Ads. Conversion tracking is a free tool from Google that can be used to measure interactions or transactions related to our ads. For example, we can use the tool to evaluate whether users subscribe to our newsletters or how often clicks on our ads lead to activities on our online offering (e.g. registrations). In doing so, we can define the usage actions that should be evaluated (so-called conversions).
Conversion tracking works technically via the conversion tracking code (so-called “tag”), which is integrated into our online offering. Ad click data is collected using cookies.
Conversion tracking is set as a cookie when you, as a user, click on an ads ad placed on Google. This cookie usually loses its validity after 30 days and is used for non-personal (anonymized) identification. If you, as a user, visit certain pages of our online offering as long as the cookie has not yet expired, Google and we can recognize that you originally clicked on the ad and were redirected from there to our online offer.
As an ads customer, Google assigns us certain (customer-specific) cookies. As an Ads customer, we are therefore unable to track cookies personally via our online offering. Instead, we receive statistical evaluations from Google of the information that Google has obtained using the conversion cookie. We only learn the total number of users who clicked on our ads ad and were redirected to our online offering with the conversion tracking tag. However, these statistical analyses do not contain any information with which you can be personally identified as a user.
If you do not want to participate in conversion tracking or permanently disable cookies for ad preferences, you can deactivate this use in the user settings of your Internet browser. Alternatively, you can download and install the browser plug-in available at the following link: http://www.google.com/settings/ads/plugin?hl=de. In this case, your user behavior will not be recorded by the conversion tracking statistics. However, deactivating conversion tracking or ad preferences cookies may result in restrictions on the functions of our online offering.
When using conversion tracking, Google may process your data on servers in the USA.
Google is certified under the EU-US Privacy Shield, but this alone does not offer an adequate level of data protection: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
We have concluded a contract with Google in accordance with the EU's standard data protection clauses. More information on how Google handles user data can be found in Google's privacy policy: https://policies.google.com/privacy?hl=de

7.8.5 Facebook Custom Audience Pixel
We use the visitor action pixel from Facebook (so-called Custom Audience Pixel), a service provided in the EU, EEA and Switzerland by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, and in the USA by Meta Platforms Inc., 1601 Willow Road, Menlo Park, California 94025. “Custom Audiences” means creating a “custom target group.” This is a piece of Javascript code. Javascript is a scripting language that is used to evaluate user interactions in web browsers, apps, or other applications. The use of this pixel on our pages enables us to mark, segment and target visitors via ads. This allows us to measure the success of advertising campaigns and understand which person clicked on an ad and then made a purchase. As soon as this pixel is loaded, it first transmits general, anonymized data about user behavior, the websites accessed (URL) and any existing Facebook cookie to Facebook. Tracking is done via cookie, not via the pixel.
Facebook compares this data with users registered on Facebook. If you are registered with Facebook, Facebook will associate this data with your Facebook user profile. This data processing can take place on servers in the USA. We have no influence on this data processing on Facebook. The Facebook pixel collects the following data: input in the browser (everything that is available in the web log, the so-called HTTP headers), namely IP addresses, information about the web browser, the location of the page, the document, the transmitter and the user.
Pixel-specific data, namely the pixel ID and the Facebook cookie.
Button click data, i.e. all buttons that you clicked on as a visitor to the website, the names of these buttons, and all pages that were visited as a result of the button clicks.
Data to measure the success of an advertising campaign, namely clicks on ads (so-called conversion rate), page type, purchase.
Purchase details such as email, address, quantity.
You can suppress or deactivate the JavaScript functions of the retargeting pixel via your web browser. You can also set up online-based advertising through Facebook yourself at the following page: https://www.facebook.com/ads/settings
The pixel is only used with your consent. We have also concluded a contract with Facebook between joint controllers (Art. 26 GDPR). In doing so, we have committed ourselves to instructing you accordingly.
Facebook only transfers user data to countries for which there is an adequacy decision by the European Commission in accordance with Article 45 GDPR or on the basis of appropriate guarantees under Article 46 GDPR. Meta Platforms Inc. is certified under the EU-US Privacy Shield with all affiliated companies, but as a result alone does not offer an adequate level of data protection:
https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.Wir have concluded a contract with Facebook in accordance with the EU's standard data protection clauses.

8. Integration of social media and other services
In our online offering, we refer to our profiles on social networks. You can only access these profiles via our online offer if you click on a corresponding linked icon and thus leave our website to access our profile on the social network. These providers who provide social networks (e.g. Google, Facebook) have indeed committed to comply with the data protection provisions of the EU-US Privacy Shield, the legal framework for transatlantic transfer of data agreed by the European Commission and the United States (COMMISSION IMPLEMENTING DECISION (EU) 2016/1250 of 12 July 2016 in accordance with Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection offered by the EU-US Privacy Shield (announced under File number C (2016) 4176)). These providers are also registered with the US Department of Commerce's “Privacy Shield” program. However, the European Court of Justice has declared this agreement invalid and found that the USA does not have a level of data protection comparable with the EU (ECJ, judgment of 16.07.2020 — C-311/18, paragraph 200, Facebook/Schrems II). The laws of the USA give various security agencies unlimited monitoring powers, including through the use of monitoring programs that make mass collection and evaluation of data possible. According to national laws, US providers are required to grant security authorities access to the data they process, even if it is processed by a foreign company. If consent is given, there is a risk that the data collected through visits to the social network or other service will become part of mass surveillance in the USA. There is no legal remedy or efficient legal process available in the USA against such monitoring.

8.1 Social media appearances and use of social media icons on our pages
We do not use social plug-ins as active buttons in our online offering. We only use icons to refer to our offer on the following social networks:
LinkedIn, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
We only display the social media icons on our site. They are designed as inactive icons. To protect data protection, we use a solution that only transmits the address of our server to these services and not your IP address if you have activated a social media icon by clicking on it.
If you click on such a social media icon on our site, it will be activated with your consent and a connection to these third parties will be established via your web browser in a separate tab (tab). These third parties can thus track visits to our pages (so-called referrers). If you are a member of one of the social networks, you can share the content of our site with other members from your social network by activating the button. Your data may be processed outside the EU as a result of your participation in social networks or by visiting or accessing our social media sites. This may result in risks, for example because it may make it more difficult to enforce your rights.
When you access a social network, cookies are usually stored on your device to record user behavior. If you have a user account on the respective network and are logged in there, your usage behavior can be saved for your user account. Social networks can analyze usage behavior and use it for market research and advertising purposes. This may result in advertising being shown to you on and off social networks. We have no influence on this.
We have no influence on the data collected and stored about you by social networks. Through our above-mentioned social media sites, we receive evaluations of user data and can address users with interest-based advertising. If users interact with our social media presence and are logged in with a user account, we can generally also recognize the user profile and see the content of comments or postings about our website. This data processing is therefore carried out jointly with the respective provider of the social network. For the evaluation of data in connection with our social media sites, we have therefore concluded a joint responsibility contract with each provider (Art. 26 GDPR). In it, we have committed ourselves to providing you with this data protection information. Further information can be found in the privacy policies of the respective social networks. You can also assert your rights against us. However, the social network provider can fulfill your rights more comprehensively because the data for use and evaluation is also stored there.

8.2 Google Maps
This website uses Google Maps (in detail: Google Maps Javascript API, the Google Places API and the Google Geocoding API) to represent the locations of the projects. Google Maps is a map service in the EU and in the EEA provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The integrated Google Maps map will only be shown to you after you have given your consent (Art. 6 para. 1 letter a GDPR).
On our website, you will first see a preview image with a reference to Google Maps. There is no data transfer to Google yet. Only when you give your consent via our cookie consent banner, i.e. consent to the use of Google Maps, does a data transfer take place with Google.
When Google Maps is activated and used via our website, information about the use of this website, including your IP address and device information (operating system), may be transmitted to Google in the USA and stored there. Google may also transfer this information to third parties if this is required by law or if third parties process this data on behalf of Google. We have no influence on the amount of data collected by Google in this way.
To the best of our knowledge, Google Maps processes at least the following data:
date and time of visit to our website,
Internet address or URL of the accessed web page,
IP address,
Location dataWe ourselves only process the location data you have entered for the projects. On the one hand, when filling out a project, we offer you an autocomplete function when entering the data about the location of your projects.
Google is certified by the US Privacy Shield:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
To ensure that any processing of personal data in the USA is secure, we have taken the following technical and organizational measures:
Google submits to an EU jurisdiction in terms of data protection and undertakes to pay damages to data subjects in the event of data protection violations.
For more information, see Google's privacy policy at: https://policies.google.com/privacy?hl=de. Google Maps is used in accordance with Google's terms of use at https://policies.google.com/terms?hl=de&gl=de and the terms and conditions at https://www.google.com/intl/de_de/help/terms_maps/.
For more information about Google's privacy policy, please visit https://business.safety.google/gdpr/. The data processing conditions between those responsible for Google advertising products (including Google Maps) can be found at https://business.safety.google/adscontrollerterms/.

8.3 LinkedIn
We operate a social media presence through which we present photos and posts about our company, provide information about our services, publish job advertisements if necessary and communicate with customers. When using and accessing our LinkedIn page, user data is also processed by the Ireland-based company LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland and the US-based LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA 94085 (hereinafter “LinkedIn”). LinkedIn enables, among other things, a system in which LinkedIn distributes advertising across its network. We analyze the views and interactions on our LinkedIn page. LinkedIn creates user profiles for this purpose, but only provides us with anonymous data in this regard, so-called page analyses. This is summarized data that gives us information about how users interact with our LinkedIn page. The statistics created are transmitted to us exclusively in anonymized form. We have no access to the respective underlying data. Based on this analysis service, we process your personal data together with LinkedIn. For this reason, we have concluded a contract with LinkedIn between joint controllers (Art. 26 GDPR).
You can access our LinkedIn page regardless of whether you have a LinkedIn account yourself or not. We process your personal data when you interact with our LinkedIn page, e.g. make a comment, click a Like button or send us a message. We do not share the data with other third parties. LinkedIn's terms of use at: https://ch.linkedin.com/legal/user-agreement?trk=hb_ft_userag are also decisive
Depending on the type of activity, the legal basis for this data processing is your consent (Article 6 (1) (a) GDPR) or our legitimate interest (Article 6 (1) (f) GDPR) in customer-oriented marketing. LinkedIn users can withdraw their consent when publishing their comment or like at any time with effect for the future by deleting the comment or the relevant content. Withdrawal does not affect the lawfulness of the processing carried out on the basis of consent up to the withdrawal.
LinkedIn offers the option to object to certain data processing; relevant information and opt-out options can be found at https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out?trk=microsites-frontend_legal_cookie-policy.
LinkedIn users can influence the extent to which their usage behavior may be recorded when visiting our LinkedIn page at https://www.linkedin.com/psettings/advertising.
Data processing using cookies used by LinkedIn can also be prevented by settings in the browser.
LinkedIn only transfers user data to countries for which there is an adequacy decision by the European Commission in accordance with Article 45 GDPR or on the basis of appropriate guarantees under Article 46 GDPR. LinkedIn Corporation is certified under the EU-US Privacy Shield, but does not offer an adequate level of data protection as a result (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active).

8.4 Google reCAPTCHA
If you have given us your consent when you visit the website, we use the “reCAPTCHA” service to protect input forms on our site. The provider is operated in the EU, in the EEA and Switzerland by Google Ireland Limited Gordon House, Barrow Street Dublin 4. Ireland, in the USA by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
By using this service, it is possible to distinguish whether the corresponding input is of human origin or is misused through automated machine processing. For this purpose, a JavaScript element is integrated into the website, which analyses the user behavior of users. From this data, reCAPTCHA calculates a so-called CAPTCHA score, which indicates the probability of whether the user is a natural person or a bot.
We use this information on our website to register, fill out forms and to commission the agency.
To the best of our knowledge, Google uses the reCAPTCHA software to collect the referrer URL (address of the website from which the visitor comes), the IP address, the behavior of website visitors, information about the operating system, browser and length of stay, cookies, display instructions and scripts, the user's input behavior and mouse movements in the “reCAPTCHA” checkbox area.
IP addresses are usually abbreviated within the member states of the EU/EEA before the data is transferred to the servers in the USA and stored there. Google does not clarify exactly where this data is stored.
The IP address transmitted as part of “reCAPTCHA” will not be combined with other data from Google unless you are logged into your Google account at the time you use the “reCAPTCHA” plug-in. If you want to prevent “Google” from transmitting and storing data about you and your behavior on our website, you must log out of “Google” before you visit our site or use the reCAPTCHA plugin.
Google uses and analyses this data even before you click on the “I'm not a robot” check mark. With the Invisible reCAPTCHA version, even ticking is omitted and the entire recognition process runs in the background. Google does not tell you in detail how much and which data Google stores. For more information on Google's handling of personal data: https://www.google.com/intl/de/policies/privacy/.Sofern You have given us your consent to data processing, the data is processed using the Google tool reCAPTCHA on the basis of Art. 6 para. 1 lit. a, f DSGVO. Your consent to data processing can be withdrawn at any time with effect for the future. To do this, you can change your settings for the cookie consent platform available on the website. Withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent up to the withdrawal.
If you do not want your personal data to be transmitted to Google, you should not give us consent to use Google reCAPTCHA. Alternatively, you can log out completely and delete all Google cookies before you visit our website; you can find more information about this at: https://support.google.com/?hl=de&tid=331618988690.Google is certified by the US Privacy Shield:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active To ensure that any processing of personal data in the USA is secure, we have taken the following technical and organizational measures:
Google submits to an EU jurisdiction in terms of data protection and undertakes to pay damages to data subjects in the event of data protection violations.
You can find further information about Google's data protection regulations at the following Internet address: http://www.google.de/policies/privacy/

9. Payment service provider
9.1 Payment processing with Stripe
When you make a payment in our app, you can pay with Google Pay, Apple Pay, debit cards, credit cards, PayPal and instant bank transfer. The provider of this payment service is Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland. Stripe collects data such as name and address as well as bank details such as payment method, credit card number, account numbers and contract amount. In addition,
Stripe cookies to complete the payment process and to ensure the security of the payment process.
We have concluded an agreement with Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland on data processing in accordance with Art. 28 GDPR.
The agreement can be found here: https://support.stripe.com/questions/accept-and-downloadyour-data-processing-agreement-(dpa)-with-stripe.
We would like to point out that when using Stripe, user data may be processed outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce users' rights. Stripe has implemented the standard contractual clause for data transfer in its contracts, see https://
support.stripe.com/questions/does-stripe-offer-new-standard-contractualclauses- (sccs).
For a detailed description of the respective forms of processing carried out by Stripe and the options for objection, we refer to Stripe's privacy policies and information at https://stripe.com/de/privacy and https://stripe.com/de/guides/generaldata-protection-regulation.

The legal basis for the transfer of data is Art. 6 (1) (b) GDPR. Your data will only be passed on for the purpose of payment processing and only to the extent necessary for this purpose.

10. Your rights as a data subject
We are happy to inform you below about the rights that you, as a data subject, have vis-à-vis us with regard to the processing of your personal data.

10.1 The right to information
You have the right to request confirmation from us as to whether your personal data has been processed. If this is the case, you have the right to obtain information about the data collected, stored or used about you as well as to the following information:
the purposes of processing;
the recipients or categories of recipients to whom we have disclosed or will disclose the personal data;
the storage period or the criteria for determining this period;
the existence of further rights (see below);
if the personal data is not collected from you, all available information about the origin;
the existence of automated decision-making, including profiling, and, if applicable, more detailed information about this.
You have the right to be informed about the appropriate guarantees under Article 46 GDPR when forwarding your data to a third country or an international organization.

10.2 Right to rectification
You have the right to request us to correct incorrect or incomplete personal data concerning you without undue delay.

10.3 Right to deletion
You can request that we delete your personal data immediately. We are required to delete your personal data immediately if one of the following reasons applies:
Your personal data is no longer necessary for the purposes for which we collected or otherwise processed it.
You withdraw your consent and there is no other legal basis for processing.
You file an objection (see below) against the processing.
Your personal data was processed unlawfully.
It is necessary for us to delete your personal data to fulfill a legal obligation under Union law or the law of the member states.
We collected personal information based on a child's consent.
‍
10.4 Right to restrict processing:
You have the right to ask us to restrict processing if one of the following conditions is met: You dispute the accuracy of the personal data.
The processing of the data is unlawful and you refuse to delete the personal data and instead demand that the use of the personal data be restricted.
We no longer need the personal data for processing purposes, but you need the data to assert, exercise or defend legal claims; or
You have filed an objection to the processing (see below) and it is not yet clear whether our legitimate reasons outweigh yours.
‍
10.5 Right to be informed
If you have asserted the right to correct, delete or restrict processing against us, we are obliged to notify all recipients to whom your personal data has been disclosed of this correction or deletion of the data or restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right vis-à-vis us to be informed about these recipients.
‍
10.6 Right to data portability
You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another person responsible without hindrance from us, provided that the processing is based on consent in accordance with Article 6 paragraph 1 letter a GDPR or Article 9 paragraph 2 letter a GDPR or on a contract in accordance with Article 6 paragraph 1 letter b GDPR and
processing is carried out using automated procedures.
In exercising this right, you can request that the personal data concerning you be transmitted directly by us to another person responsible, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected as a result. The right to data portability does not apply to processing of personal data that is necessary for the performance of a task that is in the public interest or in the exercise of official authority that has been transferred to the person responsible.
‍
10.7 Right of objection
For reasons arising from your particular situation, you have the right to object at any time to the processing of personal data concerning you, which is based on one of the following bases:
The processing of your personal data by us is necessary for the performance of a task that is in the public interest or in the exercise of official authority that has been delegated to us; or
processing is necessary to protect our legitimate interests or those of a third party, unless your interests or fundamental freedoms prevail, which require the protection of your personal data.
You also have the right to object to profiling based on this processing.
If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such marketing. This also applies to profiling, insofar as it is associated with such direct advertising.
You also have the right, for reasons arising from your particular situation, to object to processing concerning your personal data that we carry out for scientific or historical research purposes or for statistical purposes, unless the processing is necessary to perform a task in the public interest.
‍
10.8 Right to withdraw consent under data protection law
Once you have given us, you can withdraw your consent at any time with effect for the future. You can withdraw your consent informally at any time, e.g. by sending us an email. However, this does not affect the lawfulness of the processing carried out up to the time of withdrawal.

10.9 Right to lodge a complaint with the supervisory authority
Do you believe that the processing of your personal data violates applicable law? Then you have the right to lodge a complaint with a supervisory authority, in particular in the country of your place of residence or place of work or the place of the alleged infringement. If you have any doubts, you can contact the Hamburg Commissioner for Data Protection and Freedom of Information. You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us (e.g. Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstraße 219, 10969 Berlin). In addition to exercising this right, any other administrative or judicial remedy remains unaffected.

Image sources:
1. Image in the footer of the website, house with heat pump: Viessmann Newsroom
2. Testimonial logos: vinci, Daume, Team Steffen, leonard, WagenEnergy, Klaus Klein, Mehner Haustechnik, Hörmann, Bernese electrical engineering, Jörg Freitag, Theodor Bergmann, Vattenfall, MF Mercedöl, Koster
3. Manufacturer logos: IMI Heimeier, Danfoss, Oventrop, resideo, Viessmann, Vaillant, Stiebel Eltron, Daikin, Buderus, samsung, bosch
‍

Status: May 2023
© autarc GmbH