Note on the responsible party
The responsible party for data processing on this website is:
Contact person: Florian Gösch, Managing Director
Further details about our company and the persons authorized to represent it can be found in our imprint at www.pvwerk.de/impressum.
Data Protection Officer
We have appointed an external data protection officer. This can be reached at the above address of the responsible person with the address addition "personal - confidential for the data protection officer" as well as at firstname.lastname@example.org.
Legal basis of data processing
We process personal data in the operation of this website in principle only to the extent necessary for the provision of a functional website, our content and the associated services.
For this purpose, we invoke the following legal bases:
- Consent according to Art. 6 para. 1 lit. a) DSGVO
- Fulfillment of contracts according to Art. 6 para. 1 lit. b) DSGVO
- Fulfillment of a legal obligation according to Art. 6 para. 1 lit. c) DSGVO
- Justified interest according to Art. 6 para. 1 lit. f) DSGVO
We will state the relevant legal basis in this privacy notice for the respective processing.
If we process personal data on the basis of consent from you, you have the right to revoke your consent at any time with effect for the future.
If we process data on the basis of a balance of interests, you as the data subject have the right to object to the processing of personal data, taking into account the requirements of Art. 21 DSGVO.
Deletion of data
We delete personal data in principle if there is no need for further storage. A requirement may exist in particular if the data is still needed to fulfill contractual services, to check and grant or defend against warranty and, if applicable, guarantee claims. In the case of statutory retention obligations by the European or national legislator in Union regulations, laws or other regulations to which the responsible party is subject, deletion is only considered after the expiry of the respective retention obligation.
Location of data processing
If personal data is processed outside the European Union, you can find this in the explanations in the corresponding processing activities.
You can visit our website without providing any personal information. However, when you access this website, information is automatically sent to the website server by the browser used on your terminal device. This information is temporarily stored in a so-called log file.
The following information is thereby collected without your intervention and stored until the automated deletion of your website visit:
- The access logs of the web servers log which page requests have taken place at what time. They contain the following data: IP, directory protection user, date, time, accessed pages, logs, status code, amount of data, referer, user agent, accessed hostname.
- The IP addresses are stored anonymously. For this purpose, the last three digits are removed, i.e. 127.0.0.1 becomes 127.0.0.* IPv6 addresses are also anonymized. The anonymized IP addresses are retained for 60 days. Information about the directory protection user used is anonymized after one day.
- Error logs, which log erroneous page views, are deleted after seven days. These include, in addition to the error messages, the accessing IP address and, depending on the error, the accessed website.
- Accesses via FTP are logged with anonymized information on user name and IP address and kept for 60 days.
- The mail logs for sending emails from the web environment are anonymized after one day and then kept for 60 days. During anonymization, all data about the sender / recipient etc. is removed. Only the data on the time of sending and the information on how the e-mail was processed are retained (queue ID or not sent). Mail logs for sending via our mail servers are deleted after four weeks. The longer retention period is necessary for ensuring the functionality of the mail services and spam control.
Legal basis for the processing of personal data is our legitimate interest according to Art.6 para 1 p.1 lit. f) DSGVO. The said information is used
- for the purpose of ensuring trouble-free operation of the site
- for evaluation, in order to improve our offer
- to ensure a smooth connection setup
- to ensure a comfortable use of this website
- to be able to evaluate the system security and stability of this website
- for further administrative purposes
In principle, we do not use the collected data for the purpose of drawing conclusions about your person.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Hosted by a third-party provider
This website is hosted by an external provider. We have concluded a hosting agreement and a corresponding order processing agreement with this provider. The server of the hoster is located in Germany.
All data collected in the course of using this website or in forms provided for this purpose are processed on the servers of this hoster. This may be, for example, IP addresses, website accesses, meta and communication data, contact requests and other data generated via a website.
The hoster is used to protect our legitimate interests, which prevail in the context of a balancing of interests, according to Art. 6 para. 1 lit. f) DSGVO in a correct presentation of our offer and a secure, fast and efficient provision of our online offer.
Inquiry by e-mail, telephone or fax
If you contact us by e-mail, telephone or fax, your request including all resulting personal data (name, request) will be stored and processed by us for the purpose of processing your request. We do not disclose this data without your consent.
The processing of this data is based on Art. 6 (1) lit. b DSGVO, provided that your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on your consent (Art. 6 para. 1 lit. a DSGVO) and / or on our legitimate interests (Art. 6 para. 1 lit. f DSGVO), as we have a legitimate interest in the effective processing of requests addressed to us.
The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after your request has been completed). Mandatory legal provisions - in particular legal retention periods - remain unaffected.
Sharing of data
As a matter of principle, we will not share data we receive from you with third parties, in particular not for their advertising purposes. A transfer of your personal data to third parties takes place in principle only if this is necessary for the implementation of the contract with you, the transfer is permissible on the basis of a balancing of interests in the sense of Art. 6 para. 1 lit. f) DSGVO, we are legally obligated to the transfer or you have given your consent in this respect.
We do, however, use service providers for the operation of this website, for example. Here it may happen that a service provider obtains knowledge of personal data. We select our service providers carefully - especially with regard to data protection and data security - and take all measures necessary under data protection law for permissible data processing.
If you have given your consent, Google Analytics, a web analytics service provided by Google LLC, is used on this website. The responsible entity for users in the EU, the EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").
Scope of processing
Google Analytics enables the website operator to analyze the behavior of website visitors. In doing so, the website operator receives various usage data, such as page views, dwell time, operating systems used and origin of the user. This data may be summarized by Google in a profile that is assigned to the respective user or their end device.
Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transmitted to a Google server in the U.S. and stored there.
The legal basis for this data processing is your consent pursuant to Art.6. Abs.1 S.1 lit.a DSGVO.
You can revoke your consent at any time with effect for the future by calling the cookie settings and change your selection there. The legality of the processing carried out on the basis of the consent until the revocation remains unaffected.
We have activated the IP anonymization function on this website. This means that your IP address will be shortened by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.
Third Country Transfer
To the extent that data is processed outside the EU or EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU or the EEA. If applicable, you are not entitled to any legal remedies against access by authorities.
Receivers of the data are or. may be:
- Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor under Art. 28 GDPR)
- Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
- Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
It cannot be ruled out that US authorities access the data stored by Google.
Data stored by Google at user and event level, which are linked to cookies, user IDs (e.g. User ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID), are anonymized or deleted after 14 months. For details, please see the following link: https://support.google.com/analytics/answer/7667196?hl=de
Demographic characteristics at Google Analytics
This website uses the "demographic characteristics" function of Google Analytics to display suitable advertisements to website visitors within the Google advertising network. This allows reports to be generated that contain statements about the age, gender and interests of site visitors. This data comes from interest-based advertising from Google as well as from visitor data from third-party providers. This data cannot be assigned to a specific person. You can disable this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as shown in the item "Objection to data collection".
This website uses the Google Tag Manager. The Google Tag Manager is a utility service and itself processes personal data only for technically necessary purposes. The Google Tag Manager takes care of loading other components, which may in turn collect data. The Google Tag Manager does not access this data.
The legal basis for the use of the technically necessary cookie is our legitimate interest pursuant to Art. 6 para. 1 p. 1 lit. f DSGVO.
Legal basis for the storage of cookies, device identifiers and similar tracking technologies or for the storage of information in the end user's terminal equipment and access to this information are the European ePrivacy Directive in conjunction with the Telecommunications and Telemedia Data Protection Act (TTDSG).
For the processing of personal data collected in this context, the legal basis regularly arises from Art. 6 para. 1 p. 1 DSGVO.
The primary legal basis for the storage of information in the end user's terminal equipment - thus in particular for the storage of cookies - is your consent pursuant to Section 25 (1) p.1 TTDSG. The consent is given when you visit our website - although of course it does not have to be given - and can be revoked at any time in the cookie settings.
According to Section 25 (2) No. 2 TTDSG, consent is not required if the storage of information in the terminal equipment of the end user or access to information already stored in the terminal equipment of the end user is absolutely necessary so that the provider of a telemedia service can provide a telemedia service expressly requested by the user. You can see from the cookie settings which cookies are to be classified as strictly necessary and therefore fall under the exception of Section 25 (2) TTDSG and thus do not require consent.
We use the consent management service Cookiebot, of Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (Cybot). This enables us to obtain and manage consent from website users for data processing. The legal basis for the data processing is Art. 6 para.1 lit. f DSGVO. The legitimate interest of the provider is the user-friendliness of the website and the fulfillment of the legal requirements from the DSGVO. For this purpose, the following data is processed with the help of cookies:
- Your IP address (the last three digits are set to '0'),
- Date and time of consent,
- URL from which the consent was sent,
- User agent of the end user's browser,
- An anonymous, random and encrypted key and
- Consent status of the end user as proof of consent.
The key and consent status are stored for 12 months in the browser using the cookie "CookieConsent". This preserves your cookie preference for subsequent page requests. With the help of the key, their consent can be proven and tracked.
The functionality of the website is not guaranteed without the processing.
Cybot is a recipient of your personal data and acts as a processor for us.
The processing takes place in the European Union. For more information on opt-out and opt-out options vis-à-vis Cybot, please visit: https://www.cookiebot.com/de/privacy-policy/
Your personal data will be deleted consecutively after 12 months or immediately after the termination of the contract between us and Cybot.
We embed videos on this website that have been provided to us by ENERPARC AG. For the integration of the videos we use the video portal Vimeo. The provider is Vimeo Inc, USA.
The legal basis for the transmission of the technically required data to Vimeo is Art. 6 para. 1 lit. f) DSGVO. In order to ensure an adequate level of data protection when transferring data to the USA, we have concluded the EU standard contractual clauses with Vimeo in the so-called "controller to controller" variant.
In addition, the videos from Vimeo are generally integrated in the "Do Not Track" variant, so that personal data is only transmitted to Vimeo in a minimal way.
No automated decision making/profiling
We do not use automated decision making or profiling.
Rights of data subjects
You have the following rights against us regarding the personal data concerning you:
You have the right to information about the personal data concerning you. You can contact us for information at any time. In the case of a request for information that is not in writing, we ask for your understanding that we may require evidence from you that proves that you are the person you claim to be.
Furthermore, you have a right to correction or deletion or to restrictionof processing, insofar as you are entitled to this by law.
Finally, you have a right of objection (see.below) against the processing within the framework of the legal requirements.
A right to data portability also exists within the framework of the data protection requirements.
Right of objection
To the extent that we process personal data as explained above in order to protect our legitimate interests that prevail within the framework of a balance of interests, you can object to this processing with effect for the future. If the processing is carried out for direct marketing purposes, you may exercise this right at any time. If the processing is carried out for other purposes, you have the right to object only on grounds relating to your particular situation.
After you have exercised your right to object, we will no longer process your personal data for these purposes, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the purpose of asserting, exercising or defending legal claims.
This does not apply if the processing is for direct marketing purposes. Then we will not further process your personal data for this purpose.
Right to complain to the competent supervisory authority
You have the right to complain about the processing of personal data by us to a supervisory authority for data protection.
Objection to advertising mails
The use of contact data published within the framework of the imprint obligation to send unsolicited advertising and information materials is hereby prohibited. The operators of the pages expressly reserve the right to take legal action in the event of unsolicited promotional information, such as spam e-mails.
Additional privacy notices: