Privacy Policy ☀ Autarq: Next Level Roofs

Data protection notice of Autarq GmbH

for the website https://Autarq.com

1.         Name and address of the controller

The controller within the meaning of the General Data Protection Regulation (GDPR), of the data protection regulations applicable in the member states of European Union and of other regulations with provision relating to the protection of personal data is:

Autarq GmbH

Brüssower Allee 87

17291 Prenzlau
Phone: 03984 / 7198928
Website: www.autarq.com 
E-Mail: info@autarq.com

2.         Name and address of the data protection officer

You can reach our data protection officer at:

Datenschutzbeauftragter
c/o Autarq GmbH
Brüssower Allee 87
17291 Prenzlau

e-mail: dpo@autarq.com

3.         Definitions

The data protection information of Autarq GmbH (hereinafter "Autarq") is based on the defined terms of the General Data Protection Regulation (GDPR). Our data protection notice should be easy to read and understand. To ensure this, we explain the terms used in advance:

3.1       Personal data

Personal data is any information relating to an identified or identifiable natural person (hereafter “data subject”). Defined as identifiable is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

3.2       Data subject

Data subject is each identified or identifiable natural person, whose personal data is processed by the controller for the processing.

3.3       Processing

Processing means any operation or set of operations which is carried out in connection with personal data – whether or not by automated means – such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

3.4       Restricting of the processing

Restricting of the processing is the marking of personal data as stored with the objective of restricting its processing in the future.

3.5       Profiling

Profiling is each type of the automated processing of personal data, which consists of this personal data being used to permit particular personal aspects relating to a particular natural person, and here in particular aspects in respect of work performance, economic situation, health, personal likes, interests, reliability, behavior, place of residence or change of place of residence of this natural person to be evaluated, analyzed or forecast.

3.6       Pseudonymization

Pseudonymization is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, in so far as this additional information is kept in a special way and subjected to technical and organizational measures which ensure that the personal data cannot be assigned to an identified or identifiable natural person.

3.7       Controller or party responsible for the processing

Controller or party responsible for the processing (hereafter controller) is the natural person or legal entity, authority, institution or other post, which alone or together with others decides on the purposes and means of the processing of personal data. If the purposes and means of the processing are laid down in European Union legislation or the legislation of the member states, then the controller or the particular criteria of the appointment of this controller in accordance with European Union legislation or the legislation of the member states can be provided.

3.8       Processor

Processor is a natural person or legal entity, authority, institution or other post, which processes the personal data on the instructions of the controller.

3.9       Recipient

Recipient is a natural person or legal entity, authority, institution or other post to which personal data are disclosed regardless of whether this is a third party or not. However, authorities, which receive within the framework of a particular investigation order in accordance with European Union legislation or the legislation of the member states data which possibly may be/contain personal data, do not hold good as recipients.

3.10     Third party

Third party is a natural person or legal entity, authority, institution or other post with the exception of the data subject, the controller, the order processor and those persons which are authorized under the direct responsibility of the controller or of the order processor to process the personal data.

3.11     Consent

Consent is each declaration of will given voluntarily by the data subject for the definite case in an informed and unambiguous manner in the form of a declaration or other unambiguous confirmatory action, with which the data subject makes clear that he/she agrees to the processing of personal data relating to himself/herself.

4          General information on data processing; legal basis, purposes of processing, duration of storage, objection and possibility of removal

4.1       General information on the legal basis

Article 6 para. 1 lit. a EU General Data Protection Regulation (EU GDPR) serves as the legal basis for the processing of personal data in so far as we obtain the consent of the data subject for the processing of personal data.

Article 6 para. 1 lit. b GDPR serves as the legal basis for the processing of personal data which is necessary for the fulfilment of a contract if the data subject is party to this contract. This also holds good for processing processes which are necessary for the execution of pre-contractual measures.

Article 6 para. 1 lit. c GDPR serves as the legal basis in so far as processing of personal data is necessary for the fulfilment of a legal obligation.

Article 6 para. 1 lit. d GDPR serves as the legal basis for the situation that vital interests of the data subject or another natural person make the processing of personal data necessary.

Article 6 para. 1 lit. f GDPR serves as the legal basis for the situation that processing is necessary for ensuring a legitimate interest of our company or of a third party and if the interests, fundamental rights and fundamental freedoms of the data subject do not exceed the first named interest.

4.2       General information on data deletion and storage duration

The personal data of the data subject are deleted or disabled as soon as the purpose for which the data was stored lapses. In addition, storage can take place if this was stipulated by the European or national legislatures in orders, laws or other regulations in accordance with European Union law to which the controller is subject. Disabling or deletion of the data is also carried out if a storage period prescribed by the standards as named expires unless there is a necessity for the continued storage of the data for the concluding or fulfilling of a contract.

4.3       General information about processing on our website         

Data protection, data security and data secrecy are high priorities for us. The durable protection of your personal data, your company data and your business secrets is especially important to us.

You can always visit our website without providing any personal information. However, if you make use of our company's services via our website, this makes it necessary to provide your personal data. As a rule, we use the data provided by you and collected by the website and stored during use exclusively for our own purposes, namely for the implementation and provision of our website and the initiation, implementation and processing of the services/offers offered via the website (fulfilment of contract) and do not pass them on to external third parties unless there is an officially ordered obligation to do so. In all other cases, we obtain your separate consent.

Your personal data is processed in accordance with the requirements of the General Data Protection Regulation and in compliance with the country-specific data protection provisions applicable to us. By means of this data protection notice, we would like to inform you about the type, scope and purpose of the personal data processed by us. In addition, we inform you about your rights by means of this data protection notice.

We have implemented technical and organizational measures to ensure an appropriate level of protection for the personal data processed via this website. Nevertheless, internet-based data transmissions can always have security gaps, so that absolute protection cannot be guaranteed.

5.         Collection of general data and information

The website of Autarq collects a series of general data and information every time a data subject or automated system calls up the website. This general data and information is stored in the log files of the server. The following data may be collected: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub-websites which are accessed via an accessing system on our website, (5) the date and time of an access to the website, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system and (8) other similar data and information that serve to avert danger in the event of attacks on our information technology systems.

When using these general data and information, Autarq does not draw any conclusions about the data subject. Rather, this information is needed (1) to deliver the contents of our website correctly, (2) to optimize the contents of our website as well as the advertising for these, (3) to ensure the long-term operability of our information technology systems and the technology of our website, and (4) to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber-attack. Therefore, Autarq analyzes anonymously collected data and information on one hand for statistical purposes, and on the other hand for the purpose of increasing the data protection and data security of our enterprise, and ultimately to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from any personal data provided by a data subject.

6.         Contact

On our website there is also the possibility for roofers, homeowners and architects to make a contact request. The following personal data is collected via the input mask:

-        Subject*
-        I Am (Roofer/Homeowner/Architect)*
-        First name*
-        Surname*
-        Email*
-        Phone*
-        Postcode*
-        Country*
-        Message

* Mandatory data

At the time of sending the message, the following data is also stored:

-        IP address of the user
-        Date and time of sending

Furthermore, contact information is provided on our website. It is possible to contact us via the provided e-mail address or telephone number. If you contact us via one of these options, your personal data transmitted to us will be stored automatically (e-mail) or collected by us and stored manually.

In this context, the data will not be passed on to third parties. The data will be used exclusively for the processing of the conversation or the processing of your request.

7.         Configurator

On our website we offer you the possibility to calculate the energy potential of your roof with an Autarq solar system. To do this, you must enter certain personal data that allow us to identify you. Furthermore, you can provide information regarding your project. Which data is actually required can be seen from the respective input mask, in particular, the following data is collected:

-        Address*
-        New building/renovation/built before or after 1990
-        Building type*
-        Building size/roof area/type*
-        Number of people in the household*
-        Roof orientation*
-        Roof pitch*
-        Power consumption*

* Mandatory data

At the time of sending the message, the following data is also stored:

-        IP address of the user
-        Date and time of sending

The results can be sent to the user's e-mail address. The following personal data is collected for this purpose:

-        First name
-        Surname
-        Email

If you submit a contact request after using the configurator, the data specified in section 6 will also be processed.

We process the data from the planning inquiry form exclusively for processing your inquiry (calculation of energy potential). You will then receive a response from us via the contact data you have provided.

8.         Data protection with job applications and job application process

We collect and process personal data from applicants for the purpose of processing the application procedure. The processing can also be carried out electronically. This is particularly the case if an applicant sends us the relevant application documents electronically, for example by e-mail.

If we conclude an employment contract with you as an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If we do not conclude an employment contract with the applicant, the application documents will be automatically deleted six months after notification of the rejection decision, provided that no other legitimate interests conflict with such deletion. Other legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the German General Equal Treatment Act (AGG).

9.         Cookies

9.1.      Description and scope of data processing:

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. When a user calls up a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.

The following data is stored and transmitted in the cookies:

• Language settings
• Log-in information

We also use cookies on our website that are not technically necessary and, for example, enable an analysis of the user's surfing behaviour ("other cookies").

In the case of analysis cookies, for example, the following data may be transmitted:

• Search terms entered
• Frequency of page views
• Use of website functions

The user data collected in this way is pseudonymized by technical precautions. The data is not stored together with other personal data of the users.

When calling up our website, the user is informed about the use of technically unnecessary cookies and his or her consent to the processing of personal data used in this context is obtained. In this context, a reference to this data protection notice is also made.

In addition, users can find out how to disable cookies in the main browsers by following the links below:

• Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen  
• Chrome Browser: https://support.google.com/accounts/answer/61416?hl=de  
• Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies

9.2.      Essential Cookies

9.3.      Functional Cookies

9.4.      Marketing Cookies

10.       Third-party technologies

10.1     Google Analytics

We have integrated the Google Analytics component (with anonymization function) on this website. The operating company of the Google Analytics component is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, an affiliated company of Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. Google Analytics is a web analysis service. Web analytics is the collection, collation, and analysis of data about the behavior of visitors to websites. The purpose of the Google Analytics component is to analyze the flow of users of our website. Google uses the data and information obtained to, among other things, evaluate the use of our website, to compile online reports for us showing the activities on our website and to provide other services related to the use of our website.

Each time one of the individual pages of this website operated by us and on which a Google Analytics component has been integrated is called up, the internet browser on the information technology system of the data subject is automatically caused by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. As part of this technical process, Google obtains knowledge of personal data, such as the IP address of the data subject, which Google uses, among other things, to track the origin of visitors and clicks and subsequently to enable commission calculations.

The cookie is used to store personal data, such as the access time, the location from which an access originated and the frequency of visits to our website by the data subject. Each time the data subject visits our website, this personal data, including the IP address of the internet connection used by the data subject, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may share this personal data with third parties.

We use the addition "_gat._anonymizeIp" for web analysis via Google Analytics. By means of this addition, the IP address of the internet connection of the person concerned is shortened and anonymized by Google if access to our website is from a member state of the European Union or from another state party to the Agreement on the European Economic Area.

We obtain your consent for the operation of Google Analytics on this website. You can revoke your consent at any time by changing your cookie settings. Please also refer to the information in the cookie consent mechanism and in section 9 of this privacy notice.

Further information and the applicable Google privacy policy can be found at https://www.google.de/intl/de/policies/privacy/ and at http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail under this link https://www.google.com/intl/de_de/analytics/.

10.2     Google Ads

We have integrated Google AdWords on this website. Google AdWords is an Internet advertising service that allows advertisers to place ads both in Google's search engine results and in the Google advertising network. Google AdWords allows an advertiser to specify certain keywords in advance, by means of which an ad is displayed in Google's search engine results exclusively when the user retrieves a keyword-relevant search result using the search engine. In the Google advertising network, the ads are distributed to topic-relevant websites by means of an automatic algorithm and in compliance with the previously defined keywords.

The operating company of the Google AdWords services is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, an affiliated company of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The purpose of Google AdWords is to advertise our website by displaying interest-relevant advertising on the website of third-party companies and in the search engine results of the Google search engine and a display of third-party advertising on our website.

If a data subject accesses our website via a Google ad, a so-called conversion cookie is stored by Google on the data subject's information technology system. What cookies are has already been explained above. A conversion cookie loses its validity after thirty days and is not used to identify the data subject. The conversion cookie is used to track whether certain subpages, for example the shopping cart from an online store system, have been called up on our website, provided the cookie has not yet expired. Through the conversion cookie, both we and Google can track whether a data subject who arrived on our website via an AdWords ad generated a turnover, i.e. completed or cancelled a purchase of goods.

The data and information collected through the use of the conversion cookie are used by Google to create visit statistics for our website. These visit statistics are in turn used by us to determine the total number of users who were referred to us via AdWords ads, i.e. to determine the success or failure of the respective AdWords ad and to optimize our AdWords ads for the future. Neither our company nor other advertisers of Google AdWords receive information from Google by means of which the data subject could be identified.

By means of the conversion cookie, personal information, for example the websites visited by the data subject, is stored. Whenever our websites are visited, personal data, including the IP address of the internet connection used by the data subject, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical procedure to third parties.

The data subject can prevent the setting of cookies by our website, as already described above, at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a conversion cookie on the information technology system of the data subject. In addition, a cookie already set by Google AdWords can be deleted at any time via the internet browser or other software programs.

Furthermore, the data subject has the option to object to interest-based advertising by Google. To do this, the data subject must call up the link www.google.de/settings/ads from any of the internet browsers he or she uses and make the desired settings there.

Autarq is aware of the transfer of its personal data to a third country and has implemented appropriate safeguards pursuant to Art. 46 GDPR to ensure lawful and secure processing of its personal data.

Further information and the applicable Google privacy policy can be found at https://www.google.de/intl/de/policies/privacy/.

10.3     Google Tag Manager

Google Tag Manager is a solution that allows us to manage website tags through one interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain and does not collect any personal data. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager. If you do not wish to use Google Tag Manager, please change your settings in your browser.

10.4     Use and application of external scripts and libraries: jQuery and CDN

We use external JavaScript codes and libraries. The libraries of the various providers are integrated externally via a CDN (Content Delivery Network) in order to always have access to the latest and most secure version. In addition, this reduces the loading times of our pages, as it is very likely that you have already used the CDN on another page. In this case, your browser can access the cached copy and does not have to download it again. If your browser does not have a cached copy, data such as your IP address will be transferred from your browser to the corresponding CDN. The data may also be processed in the USA for this purpose.

Autarq is aware of the transfer of its personal data to a third country and has implemented appropriate safeguards in accordance with Article 46 GDPR to ensure lawful and secure processing of its personal data. For more information, please see the privacy information of the respective providers, such as jQuery: https://openjsf.org/wp-content/uploads/sites/84/2019/11/OpenJS-Foundation-Privacy-Policy-2019-11-15.pdf  

11.       Social media

11.1     Social media pages and channels

11.1.1  YouTube channel

Data processed by YouTube

We, Autarq, operate a YouTube channel (https://www.youtube.com/channel/UCtjFZaOrr90d_F8EiSU89EA) owned by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. We would like to point out that you use the YouTube channel offered here and its functions on your own responsibility. This applies in particular to the use of the "Discussion" function. Information on which data is processed by Google and for which purposes can be found in Google's data protection statement: https://policies.google.com/privacy?hl=de&gl=de#infocollect

We have no influence on the type and scope of the data processed by Google, the type of processing and use or the transfer of this data to third parties. We also have no effective means of control in this respect. By using Google, your personal data will be collected, transferred, stored, disclosed and used by Google and transferred to, and stored and used in, the United States, Ireland and any other country in which Google does business, regardless of your country of residence. There is a transfer to Google affiliates and other trusted companies or individuals who process it on Google's behalf.

On the one hand, Google processes your voluntarily entered data such as name and user name, email address, telephone number. Google also processes the content that you create, upload or receive from others when using the services. This includes, for example, photos and videos that you save, documents and spreadsheets that you create, and comments that you write on YouTube videos. Google also evaluates the content you share to determine what topics you are interested in, stores and processes confidential messages you send directly to other users, and may use GPS data, wireless network information or your IP address to determine your location in order to serve you advertising or other content. Google may use analytics tools such as Google Analytics to analyse this. We have no influence on the use of such tools by Google and have not been informed about such potential use. If tools of this kind are used by Google for our YouTube channel, we have neither commissioned nor otherwise supported this in any way.

Nor are the data obtained during the analysis made available to us. Moreover, we have no possibility to prevent or turn off the use of such tools on our YouTube channel. Finally, Google also receives information when you view content, for example, even if you have not created an account. This so-called "log data" may be the IP address, browser type, operating system, information about the website you previously visited and the pages you viewed, your location, your mobile provider, the terminal device you use (including device ID and application ID), the search terms you used and cookie information. You have options to limit the processing of your data in the general settings of your Google account. In addition to these tools, Google also offers privacy settings specific to YouTube. You can find out more about this in the guide to data protection in Google products from Google: https://policies.google.com/technologies/product-privacy?hl=de&gl=de

You can find further information on these points in Google's data protection declaration under the term "Data protection settings": https://policies.google.com/privacy?hl=de&gl=de#infochoices Furthermore, you have the option of requesting information via the Google data protection form: https://support.google.com/policies/troubleshooter/7575787?visit_id=637054532384299914-2421490167&hl=en&rd=2

Data processed by us

We also process your data when you communicate with us via YouTube. The processing is for the purposes of customer loyalty, customer information and advertising (Art. 6 para. 1 lit. f GDPR). The recipient of the data is initially Google, where it may be passed on to third parties for Google's own purposes and under Google's responsibility. The recipient of publications is also the public, i.e. potentially anyone.

11.1.2  Facebook Fanpage

Fundamental

We, Autarq, operate a Facebook fan page (https://de-de.facebook.com/pages/category/Solar-Energy-Service/Autarq-1844126979140144/). As the operator of this Facebook page, we are jointly responsible with the provider of the social network Facebook (Meta Platforms Ireland Ltd.; “Facebook”) within the meaning of Art. 4 No. 7 of the General Data Protection Regulation (GDPR). When visiting the Facebook page, personal data of the page visitors are processed by both controllers.

We have concluded a data protection joint controller agreement (Page Controller Addendum) with Facebook. With this agreement, Facebook recognizes the joint responsibility with regard to so-called insights data and assumes essential obligations under data protection law for informing data subjects, for data security or for reporting data protection breaches. The agreement also stipulates that Facebook is the primary contact for the exercise of data subjects' rights (Art. 15 - 22 DSGVO). As the provider of the social network, Facebook alone has direct access to the necessary information and can also take any necessary measures and provide information immediately. However, should our support be required, we can be contacted at any time.

Use of Insights and Cookies

In connection with the operation of this Facebook fan page, we use the Insights function from Facebook to obtain anonymized statistical data on the users of our Facebook fan page. Facebook provides information on Insights and Facebook fan pages, for example, via its data protection information.

Facebook also uses cookies and other similar storage technologies in connection with visits to this and other Facebook pages. For more information on Facebook's use of cookies, please refer to their cookie policy.

Comments and messages; participation in competitions

On this Facebook fan page, you also have the opportunity to comment on posts, rate them and contact us via private messages or take part in competitions.

Passing on data

It cannot be ruled out that some of the information collected may also be processed outside the European Union by Meta Platforms Inc. based in the USA.

Meta Platforms Inc. has submitted to the standard contractual clauses of the EU Commission and thus guarantees lawful data transfer.

We ourselves do not share any personal data that we receive through our Facebook page.

Information on contact options and further rights as a person concerned

For further information on our contact details, including our data protection officer, the rights of data subjects vis-à-vis us and how we process personal data in other respects, please refer to the relevant sections of this privacy policy.

11.1.3  LinkedIn page

Fundamental

We operate our own LinkedIn fan page (https://de.linkedin.com/company/autarq). As the operator of this LinkedIn page, we are jointly responsible with the provider of the social network LinkedIn (LinkedIn Ireland Unlimited Company) within the meaning of Art. 4 No. 7 of the General Data Protection Regulation (GDPR). When visiting our LinkedIn page, personal data of the page visitors are processed by both controllers.

We have concluded a data protection joint controller agreement (Page Insights Joint Controller Addendum) with LinkedIn. With this agreement, LinkedIn recognizes the joint responsibility with regard to so-called insights data and assumes essential data protection obligations for informing data subjects, for data security or for reporting data protection breaches. In addition, the agreement stipulates that LinkedIn is the primary contact for the exercise of data subjects' rights (Art. 15 - 22 GDPR). As the provider of the social network, LinkedIn alone has direct access to the necessary information and can also take any necessary measures and provide information immediately. However, should our support be required, we can be contacted at any time.

Use of insights and cookies

In connection with the operation of this LinkedIn fan page, we use the LinkedIn insights function to obtain anonymised statistical data on the users of our LinkedIn fan page. LinkedIn provides information on the insights and LinkedIn fan pages, for example, via its data protection information.

In connection with visiting our and other LinkedIn pages, cookies and other similar storage technologies are also used by LinkedIn. You can find more information on the use of cookies by LinkedIn in their cookie policy.

Comments and messages; participation in competitions

On our LinkedIn fan page, you also have the option of commenting on our posts, rating them and contacting us via private messages or taking part in competitions.

Passing on data

It cannot be ruled out that some of the information collected will also be processed outside the European Union by the LinkedIn Corporation, which is based in the USA. The LinkedIn Corporation has submitted to the standard contractual clauses adopted by the EU Commission and thus undertakes to comply with European data protection requirements.

We do not ourselves share any personal data that we receive through our LinkedIn page.

Information on contact options and further rights as a person concerned

For further information on our contact details, including our data protection officer, the rights of data subjects vis-à-vis us and how we process personal data in other respects, please refer to the relevant sections of this privacy policy.

11.1.4  Instagram

When you visit our Instagram page https://www.instagram.com/autarq_gmbh/?hl=de and your browser allows cookies to be stored, Meta Platform Ireland Ltd. stores information in the form of small text files in your browser's memory (hereinafter "cookies") and can access this information when you visit the Facebook platform or a website that embeds Facebook technologies. For more information about the purpose of the cookies used, the integration of these cookies by other websites and your control options in this regard, please refer to the information on Instagram cookies.

We would like to point out that Meta Platforms Ireland Ltd. is able, by means of the cookies used, to track your user behavior (across devices for registered users) on other websites beyond the Instagram platform. This applies both to persons registered with the Instagram platform and to persons not registered there.

We would also like to point out that we have no influence on the data processing carried out in connection with cookies by Meta Platforms Ireland Ldt. Visiting our Instagram page is also possible if you configure your browser so that no cookies are stored by the platform. Information on how to adjust the settings for cookies in your browser can usually be found in the help section of the browser you use.

If you are registered or logged in to the Instagram or Facebook platform and want to avoid Meta Platforms Ireland Ldt. being able to associate your visit to our Instagram page with your Instagram or Facebook user account, you should log out of Instagram or disable the "stay logged in" feature, delete the cookies present on your device, and exit and restart your browser.

Data processing during interactions on our Instagram page

Our Instagram page offers you the opportunity to respond to and comment on our posts, view our Stories, participate in Story interactions, and send us private messages. Please carefully consider what personal information you share with us through our Instagram page. If you would like to avoid Meta Platforms Ireland Ldt. processing any personal data you submit to us, please contact us by other means.

In addition to the content you submit, information about your profile, likes and posts will be visible to us depending on your privacy settings.

The processing of your data when contacting or interacting with our site or its content is carried out by us on the basis of Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interest is to respond to your request. If your contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 p. 1 lit. b DSGVO.

We process the data you provide in this context and which may be accessible to us in order to protect our legitimate interests in contacting and communicating with our interested parties, which outweigh our interests in the context of a balancing of interests. This is also our legitimate interests in data processing pursuant to Art. 6 (1) p. 1 lit. f DSGVO.

Your data will be deleted, insofar as it is possible for us, when we cease to operate our Instagram page. Insofar as further storage of this data by Meta Platforms Ireland takes place, this is governed exclusively by the provisions in the Instagram Privacy Policy and Instagram Terms of Use.

Processing anonymized data for statistical purposes

We have set up our Instagram page as a business profile and use anonymized page statistics ("Instagram Insights") provided by Meta Platforms Ireland Ldt. to provide us with insights about visitors to our Instagram page and their interactions with our Instagram page and its content. We do not contribute to the decision on the means and purposes of processing event data used to generate page statistics. The statistics include the following information:

- Reach, page views, time spent on video posts.
- Interactions such as tagging a post with "like," commenting, or sharing posts
- Demographics such as age, gender, and location.

We use this data to identify trends. It is not possible for us to link back to individuals who triggered these events.

Third country transfer

It is not excluded that data from users is processed on systems outside the European Union. Meta Platforms Inc. has subjected itself to the standard contractual clauses and has thus undertaken to comply with EU data protection standards.

Information on contact options and further rights as a data subject

For further information on our contact details, including our data protection officer, the rights of data subjects vis-à-vis us and how incidentally personal data is processed by us, please refer to the relevant sections of this privacy policy.

11.2     Facebook Social Plugin

This website uses social plugins ("plugins") of the social network facebook.com, which is operated by Meta Platforms Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). The plugins are recognizable by one of the Facebook logos (white "f" on a blue tile or a "thumbs up" sign) or are marked with the addition "Facebook Social Plugin". The list and appearance of the Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/?locale=de_DE

When a user calls up a website that contains such a plugin, his/her browser establishes a direct connection with the Facebook servers. The content of the plugin is transmitted by Facebook directly to your browser, which then integrates it into the website. The provider therefore has no influence on the scope of the data that Facebook collects with the help of this plugin and therefore informs the participants according to its level of knowledge (https://www.facebook.com/help/186325668085084):
By integrating the plugins, Facebook receives the information that a user has called up the corresponding page of the offer. If the user is logged in to Facebook, Facebook can assign the visit to his/her Facebook account. If users interact with the plugins, for example by clicking the Like button or posting a comment, the corresponding information is transmitted directly from their browser to Facebook and stored there. If a user is not a member of Facebook, there is still the possibility that Facebook will find out and store his or her IP address. According to Facebook, only an anonymized IP address is stored in Germany.

The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as the related rights and settings options for protecting the privacy of users, can be found here in Facebook's privacy policy: https://www.facebook.com/policy.php.

If a user is a Facebook member and does not want Facebook to collect data about him/her via this offer and link it to his/her membership data stored with Facebook, he/she must log out of Facebook before visiting the website. It is also possible to block Facebook social plugins with add-ons for your browser, for example with the "Facebook Blocker".

12.       Your rights

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

12.1     Right of access

You may request confirmation from the controller as to whether personal data relating to you is being processed by us.

If there is such processing, you can request information from the controller about the following:

(1)            the purposes for which the personal data are processed;

(2)            the categories of personal data concerned;

(3)            the recipients or categories of recipients to whom the personal data have been or will be disclosed;

(4)            the planned duration of the storage of the personal data relating to you or, if specific information on this is not possible, criteria for determining the storage duration;

(5)            the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;

(6)            the right to lodge a complaint with a supervisory authority;

(7)            all available information on the source of the data if the personal data are not collected from the data subject;

(8)            the existence of automated decision-making, including profiling, referred to in Article 22 para. 1 and para. 4 GDPR and, at least in these cases, meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to request information on whether personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

12.2     Right of rectification

You have a right of rectification and/or completion vis-à-vis the controller if the personal data processed concerning you are inaccurate or incomplete. The controller shall carry out the rectification without undue delay.

12.3     Right to restriction of processing

You may request the restriction of the processing of personal data concerning you where one of the following applies:

(1)   if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;

(2)   the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;

(3)   the controller no longer needs the personal data for the purposes of processing, but you need it for the establishment, exercise or defense of legal claims, or

(4)   if you have objected to the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been determined whether the legitimate grounds of the controller outweigh your grounds.

Where the processing of personal data relating to you has been restricted, those data may be processed, with the exception of their storage, only with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or of a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

12.4     Right of cancellation

12.4.1  Duty to delete

You may request the controller to erase the personal data concerning you without delay and the controller is obliged to erase this data without delay if one of the following reasons applies:

(1)   The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.

(2)   You withdraw your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for the processing.

(3)   You object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 para. 2 GDPR.

(4)   The personal data concerning you has been processed unlawfully.

(5)   The deletion of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.

(6)   The personal data concerning you was collected in relation to information society services offered pursuant to Art. 8 para. 1 GDPR.

12.4.2  Information to third parties

If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Article 17 para. 1 GDPR, it shall take reasonable steps, including technical measures, having regard to the available technology and the cost of implementation, to inform controllers which process the personal data that you, as the data subject, have requested that they erase all links to, or copies or replications of, that personal data.

12.4.3  Exceptions

The right to erasure does not exist insofar as the processing is necessary

(1)            to exercise the right to freedom of expression and information;

(2)            for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3)            for reasons of public interest in the area of public health pursuant to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;

(4)            for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Article 89 para. 1 GDPR, where the right referred to in Section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing, or

(5)            for the assertion, exercise or defense of legal claims.

Furthermore, the right to deletion does not exist if the personal data must be stored by the controller due to statutory retention obligations and periods. In such a case, the personal data will be blocked instead of deleted.

12.5     Right to information

If you have asserted the right to rectification, erasure, or restriction of processing against the controller, the controller is obliged to communicate this rectification or erasure of the data or restriction of processing to all recipients to whom the personal data concerning you have been disclosed, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed of these recipients by the controller.

12.6     Right to data portability

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data has been provided, provided that

(1)   the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and

(2)   the processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data concerning you transferred directly from one controller to another controller, insofar as this is technically feasible. This must not affect the freedoms and rights of other persons.

The right to data portability shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

12.7     Right to object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Art. 6 para. 1 lit. e or lit. f GDPR; this also applies to profiling based on these provisions.

The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.

If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.

12.8     Right to withdraw from the declaration of consent under data protection law

You have the right to withdraw your declaration of consent under data protection law at any time and without giving reasons. In the event of withdrawal, we will immediately delete your personal data and no longer process it.  The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

12.9     Automated decision-making in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

(1)   is necessary for the conclusion or performance of a contract between you and the responsible person,

(2)   is authorized by legislation of the Union or the Member States to which the controller is subject and that legislation contains adequate measures to safeguard your rights and freedoms and your legitimate interests, or

(3)   is done with your express consent.

However, these decisions must not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit a or lit. g applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.

With regard to the cases referred to in para. 1 and para. 3, the controller shall take reasonable steps to safeguard the rights and freedoms of, and your legitimate interests, including at least the right to obtain the intervention of a person on the part of the controller, to express his or her point of view and to contest the decision.

12.10   Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

13.       Changes to this data protection notice

We always keep this data protection notice up to date. Therefore, we reserve the right to change it from time to time and to update any changes in the collection, processing, or use of your personal data. The current version of the data protection notice is always available under "Privacy Policy" within the website.

Date: August 2023

Controller: Autarq GmbH