Data privacy

Data privacy

All person-related designations are always intended to be gender-neutral and are used solely for simplified readability.

1 Data processing controller

The controller, as defined in Art. 4(7) of the General Data Protection Regulation (GDPR),is

SOLID Solar Energy Systems GmbH
Am Pfangberg 117
8045 Graz
Austria

Phone: +43 316 29 28 40
Fax: +43 316 29 28 40 28

Email:privacy@solid.at

2 Processing of the data of individuals connected to our business

We process the data that diverse groups of people have provided to us themselves, for example through emailing us with an enquiry, or through entering into a contract or a business relationship. We also process the data of people who attend events or seminars.

2.1 Data subjects

We process the following data related to prospective customers: company name, contact person’s name and work-related contact data, address.

We process the following data related to customers: company name, title and name of the contact persons, work-related address and contact data, bank details, contract information, including data related to creditworthiness.

We process the following data related to suppliers and business partners: company name, title and name of the contact persons, work-related address and contact data, bank details, contract information.

2.2 Transfer of data

We only pass personal data on to third parties if this is for the purpose of processing and fulfilling a contract, or as a result of statutory requirements.

2.3 Data retention/erasure

The data will be deleted by us as soon as there is no longer a requirement for us to store it, or statutory retention periods – e.g. for VAT-related purposes – have expired. Should the basis for processing constitute consent, we will restrict processing or delete the data if this consent is revoked – unless statutory provisions preclude this.

2.4 Communicating by email

If you contact us by email, the data you provide us with will be stored on the basis that you have consented to this, so that we can answer your enquiry. The data arising out of this exchange will be deleted by us once there is no longer a requirement to process it; or we will restrict its processing if we have to observe a statutory retention period.

2.5 Basis in law

The basis in law for the processing of data is

  • establishment of a contract and contract performance, in accordance with Art. 6(1)(b) GDPR
  • compliance with legal obligations, in accordance with Art. 6(1)(c) GDPR (for example, legally required retention and documentation obligations)
  • legitimate interest on the part of our company, within the meaning of Art. 6(1)(f) GDPR (e.g. for statistical analysis)
  • Art. 6(1)(a) GDPR applies where consent has been obtained (e.g. using images, or data for advertising purposes).

3 Data processing if contact is established via our website, newsletter or a job application

3.1 Establishing contact

If you have used the form on our website to request that we contact you or to send us a message, we will store the data relating to you that is required for communications. This will be your first name and surname, your email address, telephone number and any data you give us in the contact form. The data will be deleted by us as soon as there is no longer a requirement for us to store it or you withdraw your consent to processing.

Legal basis: Art. 6(1)(a) GDPR

3.2 Newsletter

You have the option to subscribe to our newsletter. We need your email address for this. You can cancel the newsletter at any time. Once we have received your cancellation notice, we will no longer use your data for sending out newsletters. If we do not have any form of business relationship with you and we do not have to observe a statutory retention period, your data will be deleted when you cancel the newsletter.

Legal basis: Art. 6(1)(a) GDPR

3.3 Job applicants

If you send us documents supporting a job application, we will process the personal data contained in them along with your curriculum vitae and your references for the purposes of selecting a person for the job. If we do not offer you the job, we will delete your documents 7 months from the date we inform you that you have not been selected.

Legal basis: Art. 6(1)(b) GDPR

If you consent to us holding your information on file for possible contact at a later point, we will send you a formal request to give us your consent. If you explicitly give us this consent, we will store your consent. If no further job opportunities arise within a year, we will delete all your job application data one year from the date you sent us your consent.

Legal basis: Art. 6(1)(a) GDPR

4 Data processed when visiting our website

4.1 Use of the website for information purposes

If you use our website purely for information purposes, we will only capture the personal data transmitted from your browser to our server. If you wish to look at our website, we will capture no more than that data which we require technically to display our website to you and to ensure its stability and security.

  • IP address
  • Date and time of the query
  • Time zone difference to Coordinated Universal Time (UTC)
  • Query content (specific pages)
  • Access status/HTTP status code
  • Website from which the query originates
  • Browser
  • Operating system and its interface
  • Language and version of the browser software

Legal basis: Art. 6(1)(f) GDPR

4.2 Cookies

In addition to the abovementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are assigned to the browser you are using and stored on your hard drive; and which provide certain information back to the site which set the cookie (in this case, ours). Cookies cannot run programs or transmit viruses to your computer.

The cookie allows you to be recognised when you revisit the website, without you having to re-enter data already entered.

The information contained in the cookies is used, for instance, to determine whether you are logged in, or what data you have already entered, or to recognise you as a user if a link is established between our web server and your browser. Cookies are automatically accepted by most web browsers.

If your browser settings accept cookies, by using our websites you agree to the deployment of these cookies.

4.2.1 Transient cookies

Transient cookies are automatically deleted when you close the browser. This type of cookie includes, in particular, session cookies. These store a so-called session ID, which allows it to assign various queries from your browser to the session. This allows your computer to be recognised when you return to our website. Session cookies are deleted when you logout or close the browser.

4.2.2 Persistent cookies

Persistent cookies are automatically deleted after a specified period of time which can vary according to the cookie deployed. You can delete these cookies in your browser’s security settings at any time.

4.2.3 Third-party cookies

These come from providers other than the website operator. They can be used, for instance, to collect information for marketing purposes, user-defined content and web statistics.

4.2.4 Browsers

Most browsers are set to accept all cookies as standard. You can set your browser to inform you when cookies are being set and to allow cookies only on an individual basis; to stop cookies being set for specific cases or, indeed, generally; and to automatically delete cookies when you close the browser. If cookies are deactivated, this can restrict the functionality of our website.

You yourself can delete any cookies stored on your PC at any time, by deleting temporary internet files.

Legal basis: Art. 6(1)(f) GDPR (in the case of technical cookies),Art. 6(1)(a) GDPR (for all other cookies)

4.3 Data processing in the USA

When you visit our website, it cannot be precluded that personal data will be transmitted to the USA. Where this is the case, we point this out separately in this Privacy Statement.

In order to transmit personal data to a third country or an international organisation, Art. 46 GDPR specifies that so-called appropriate safeguards must be provided. These do not exist for the USA.

Possible risks which, in conjunction with the aforementioned information, cannot be precluded for you as a data subject at this time, include in particular:

  • Your personal data could possibly be transmitted, for purposes over and above those required for the actual intended transaction, by the service provider in question to other third parties (e.g. to US public authorities).
  • You might not be able to assert or enforce your rights to be informed by the service provider in question.
  • There is potentially a higher probability that data might not be correctly processed, as the technical and organisational measures in place to protect personal data do not fully meet the requirements of the GDPR, both quantitatively and qualitatively.

By giving your consent to have (advertising and marketing) cookies processed, you are consenting explicitly to your data being transferred to the USA. You can delete any cookies stored on your PC at any time, by deleting temporary internet files.

Legal basis: Art. 6(1)(a) GDPR

5 Data processing when using Facebook Connect

Your Facebook profile can also be used to login to the website by way of the Facebook Connect facility of the social network Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland).

By clicking on the button for this, a pop-up opens which has the same design as the Facebook login screen. You enter your Facebook login data in it, agree to data transmission and are logged in to our website as a result. If you are already logged in to Facebook, you do not need to login to our website. The link between Facebook and our website is established automatically. You must nevertheless have clicked to agree to certain data on Facebook being accessed.

Our contract is with Facebook Ireland – however, it is possible that Facebook Ireland will transmit personal data to Facebook USA.

Using this service causes personal data to be transmitted to the USA – or, at least, it cannot be precluded that such transmission occurs! – For more information, please see 4.3. of this Statement.

You can get further information from the Facebook Data Policy at https://de-de.facebook.com/policy.php.

You will find information specifically about Facebook pixel at https://de-de.facebook.com/business/help/651294705016616.

Legal basis: Art. 6(1)(a) GDPR

6 Data processing with Google services

We have a contract with Google Ireland Limited (“Google”),which is a company registered (company register no. 368047) in Ireland and operating under Irish law. The company’s registered office is at Gordon House, Barrow Street, Dublin 4, Ireland. It is nevertheless possible that data from Europe will be relayed to the USA – as a company, we have no influence on this.

Using this service causes personal data to be transmitted to the USA – or, at least, it cannot be precluded that such transmission occurs! – For more information, please see 4.3. of this Statement.

Legal basis: Art. 6(1)(a) GDPR

6.1 Google Analytics

This website uses the “activation of IP anonymization” function (that means, Google Analytics has been enhanced with the code “gat._anonymizeIp();”, which causes IP addresses to be captured anonymously (so-called IP masking)). As a result, your IP address is truncated by Google in member states of the European Union or in states that are parties to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address sent to a Google server in the USA and truncated there.

Google states that it uses the information gleaned in order to analyse your use of the website, compile reports on website activity and provide us with further services linked to website and internet usage. The IP address relayed by your browser and captured by Google Analytics is not amalgamated with other data from Google. Google will, however, pass this information on to third parties in certain circumstances if this is a statutory requirement or where third parties process the data for Google. You can prevent the cookies being stored by adjusting the relevant setting in your browser software. However, we should point out to you that if you do, you may not be able to use all the features of the websites to the full. Furthermore, you can prevent Google from capturing the data relating to your usage of the websites that is generated by the cookie (including your anonymised IP address) and from processing this data by downloading and installing the browser plug-in available through this link (https://tools.google.com/dlpage/gaoptout?hl=de).

You will find more detailed information about the terms and conditions of use and about data protection at https://www.google.com/analytics/terms/de.html and  https://support.google.com/analytics/answer/6004245?hl=de.

6.2 Google Analytics Conversion Tracking (Google Ads)

This website also uses the Google Conversion Tracking facility. This causes Google Ads to set a cookie on your computer if you came to our website via an advert on Google. These cookies expire after 30 days and are not used for personal identification. If a user visits certain pages on an Ads customer’s website and the cookie has not yet expired, Google and the customer can see that the user clicked on the advert and was taken to this page. Every Ads customer receives a different cookie. Cookies can therefore not be tracked and monitored across the websites of Ads customers. The information obtained with the aid of the conversion cookies is used to compile conversion statistics for Ads customers who have signed up for conversion tracking. The Ads customers find out the total number of users who clicked on their advert and were taken to a page which has a conversion tracking tag on it. But they do not receive any information allowing them to identify users personally. If you do not want to be part of the tracking process, you can reject having the required cookie set on your device – for example, through the browser setting that deactivates the setting of cookies in general. You can also deactivate conversion tracking cookies by changing your browser settings to block cookies from the domain “www.googleadservices.com”. Google’s data protection guidance can be found here.

If you use SSL search, Google’s encrypted search function, in most cases the search keywords will not be sent as part of the URL in the referrer URL. There are, however, a few exceptions to this – for example, if you use certain less popular browsers. You can find further information on SSL searches here. Search requests or information in the referrer URL can, in certain circumstances, also be viewed in Google Analytics or an Application Programming Interface (API). Additionally, advertisers may possibly receive information on the exact search keywords used that led to users clicking on an advert. https://policies.google.com/faq?hl=de.

6.3 Google Fonts

We use Google Fonts. There is no authentication involved in using Google Fonts and no cookies are sent to the Google Fonts API. If you have a Google account, none of your Google account information is relayed to Google whilst using Google Fonts. Google only records that CSS has been used and which fonts were used, and stores this data securely. More information on this and the answers to other questions can be found here: https://developers.google.com/fonts/faq.

You can find out what data is captured by Google and what it is used for here: https://www.google.com/intl/de/policies/privacy/.

6.4 Google APIS/AJAX and JQUERY

In order to optimise loading speed, usability and indexing of our website, we use JavaScript technologies and the corresponding program libraries and CDNs (Content Delivery Networks) provided by third-party suppliers – specifically, the jQuery JavaScript library from the jQuery Foundation, the Google APIs programming interface and the Google AJAX Search API, both from Google. When you visit our website, these third-party suppliers may receive information about your visit to our website containing personal data – in particular, through the transmission of your IP address. It is possible that this data will be processed outside the EU. You can prevent this by installing a JavaScript blocker or by deactivating JavaScript in your browser. Deactivating or blocking JavaScript may lead to functional limitations on internet pages using JavaScript technologies. You can find further information on data processing at/by Google in the Google data protection policies, which can be retrieved currently at https://www.google.de/intl/de/policies/privacy/; and in the case of jQuery on the JS Foundation website at js.foundation/about/governance/privacy-policy.

6.5 Google+ button

We have integrated the +1 button from Google Plus into our website. If you access our website, your browser establishes a direct link with the Google server. If you do not click on the button, Google states that no personal data will be processed. Personal data will only be processed if you are logged in to your Google Plus account. If you wish to prevent Google Plus from processing your data, you should log out of Google Plus before visiting our website.

6.6 Google Gstatic

Gstatic is a domain used by Google to load static content to another domain name in order to reduce bandwidth usage and to increase network performance for the end user.

6.7 Google Maps

We use the Google Maps service offering on this website. It allows us to show you interactive maps directly in the website and to enjoy convenient usage of the maps function. By visiting the website, Google receives the information that you have accessed the relevant sub-page on our website. In addition, the data described in the section “Use of the website for information purposes” above is transmitted. This happens independently of whether Google is providing a user account that you are logged into, or whether no such user account exists. If you are logged in to Google, your data will be directly attributed to your account. If you do not wish this data to be attributed to your Google profile, you must log out prior to clicking on the button. Google saves your data as a usage profile and uses it for the purposes of advertising, market research and/or demand-oriented design of its website. This analysis is performed in particular (even for users who are not logged in) to provide demand-oriented advertising and to inform other users of the social network of your activities on our website. You have the right to object to the creation of these user profiles, but you must contact Google directly to exercise this right.

You will find further information on the purpose and scope of the data capture and its processing by the plug-in provider in the provider’s data protection declaration. You will also find further information there on your rights and settings options available to protect your privacy: http://www.google.de/intl/de/policies/privacy.

6.8 Google Remarketing

We use the Google Remarketing service on this website. Google Remarketing allows the posting of adverts aimed at users who have already visited our website in the past. As a result of this, adverts modified to take account of their interests can be displayed on our page within the Google advertising network. Google Remarketing uses cookies for this analysis.

6.9 Google Tag Manager

We use so-called Google tag managers to identify your user behaviour. Google Tag Manager is a solution allowing marketers to manage website tags via an interface. The tool itself (which implements the tags) is a cookie-free domain and does not capture any personal data. The tool triggers other tags which may themselves capture data. Google Tag Manager does not access this data. If the facility is deactivated at domain or cookie level, it will apply for all tracking tags implemented using Google Tag Manager.

More detailed information can be found here: https://www.google.com/intl/de/tagmanager/faq.html.

Legal basis: Art. 6(1)(a) GDPR

7 Data processing when using server log files

In order to optimise this website in respect of system performance, user friendliness and the provision of useful information about our services, the website provider captures and stores information automatically in so-called server log files, which your browser relays to us automatically. This covers the Internet Protocol address (IP address) of the computer (or mobile device) accessing the website, browser and language settings, operating system, referrer URL, your internet service provider and the date/time. This data is not amalgamated with any personal data sources. We reserve the right to examine this data retroactively should we have any specific indications of illegal usage of the system and – if a hacking attack has taken place – to pass the data to the law enforcement authorities. Over and above this, there will be no sharing of data with third parties.

Legal basis: Art. 6(1)(f) GDPR

8 Data processing when using Twitter

Functions of the Twitter service have been integrated into our website. These functions are offered by the company Twitter, Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA. Twitter International Unlimited Company, an Irish company headquartered at One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland, is responsible for operations in Europe.

Using this service causes personal data to be transmitted to the USA – or, at least, it cannot be precluded that such transmission occurs! – For more information, please see 4.3. of this Statement.

By using Twitter and the functions of the Twitter button, the websites you visit will be linked to your Twitter account and notified to other users. Data will also be transferred to Twitter. We wish to point out that we, as provider of the web pages, have no knowledge of the content of the data transmitted, nor of how it is used by Twitter. You can find further information on this in Twitter’s Privacy Policy at https://twitter.com/privacy?lang=de. You can adjust your privacy settings for Twitter in your account settings at https://twitter.com/settings/account.

Legal basis: Art. 6(1)(a) GDPR

9 Data processing when using YouTube

When you view one of our YouTube videos, a link to YouTube servers is established. YouTube receives information on the pages/websites you are visiting. The management company for YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

Using this service causes personal data to be transmitted to the USA – or, at least, it cannot be precluded that such transmission occurs! – For more information, please see 4.3. of this Statement.

You can find out more about data protection at YouTube in the service provider’s Privacy Policy at r: https://www.google.de/intl/de/policies/privacy/.

Legal basis: Art. 6(1)(a) GDPR

10 Data processing when using LinkedIn

Our website uses functions of the social media network LinkedIn. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time you access one of our websites that contains LinkedIn functions, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited our website with your IP address. If you click on the LinkedIn buttons and are logged into your LinkedIn account, it is possible for LinkedIn to associate your visit to our website with you and your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by LinkedIn. Further information on this can be found in LinkedIn’s privacy policy at: https://www.linkedin.com/legal/privacy-policy.

The GDPR requires so-called suitable guarantees according to Art. 46 GDPR for a data transfer to a third country or to an international organisation. Such guarantees do not exist for the USA.

For the USA, there is currently no adequacy decision by the EU Commission within the meaning of Article 45 (1),(3) of the General Data Protection Regulation (GDPR). This means that the EU Commission has not yet positively determined that the country-specific data protection level of this country corresponds to that of the European Union on the basis of the GDPR (Article 46 appropriate safeguards).

Possible risks that cannot currently be excluded for you as a data subject in connection with the aforementioned information are in particular:

  • Your personal data could possibly be disclosed by LinkedIn to other third parties (e.g.: US authorities) beyond the actual purpose of fulfilling the order.
  • You may not be able to sustainably assert or enforce your rights of access against LinkedIn.
  • There may be a higher probability that incorrect data processing may occur, as the technical organisational measures for the protection of personal data do not fully comply with the requirements of the GDPR in terms of quantity and quality.

With your consent to the processing of (advertising and marketing) cookies, you explicitly consent to the transfer of data to the USA. You can remove cookies stored on your PC yourself at any time by deleting the temporary internet files.

Legal basis: Art. 6(1)(a) GDPR

11 Your rights

You have the following rights vis-à-vis our company with respect to your personal data:

  • the right to information, rectification and erasure
  • the right to restrict processing
  • the right to object to processing
  • the right to data portability

Please email any queries or concerns you may have to privacy@solid.at or contact us by one of the contact methods shown above.

Should you feel that we have infringed Austrian or European data protection legislation in the way we have processed your data and as a result violated your rights, please contact us so that we can investigate and answer any questions.

You also have the right to complain to the supervisory authority in Austria:

Austrian Data Protection Authority [Datenschutzbehörde], Barichgasse 40-42, 1030 Vienna, telephone: +43 1 52 152-0 Email: dsb@dsb.gv.at

12 Changes to this Privacy Statement

We reserve the right to modify our Privacy Statement from time to time. All changes to our Privacy Statement will be published on this website. Please therefore be sure to refer to the latest version of our Privacy Statement.

back to top