Data Protection Declaration and consent

to data use and storage

The website http://heliotec.de/en/ is operated by Heliotec Betriebs- und Verwaltungsgesellschaft mbH, Am Steinberg 7 in 09603 Großschirma. We take data protection very seriously and will strictly follow the data protection regulations when using your personal data. This declaration applies only to the content on our servers and does not include the websites linked on the page.

Below, we will inform you about the type, scope and purposes of the collection, processing and use of personal data. You can access this information at any time on our website. Our data protection regulations are in accordance with the General Data Protection Regulation (GDPR) and the German Telemedia Act. Reference is explicitly made to the right of objection under 6. g).

1. Definitions

We use the following terms, among others, in this data protection declaration and on our website:

a) Personal data

Personal data are all information relating to an unidentified or identifiable natural person (hereinafter “data subject”). A natural person is considered to be identifiable who, directly or indirectly, in particular by association with an identifier such as name, an identification number, location data, an online identifier or one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identify of that natural person.

b) Data subject

Data subject is any identified or identifiable natural person whose personal data are processed by the person responsible.

c) Processing

Processing means any operation or series of operations carried out with or without the aid of automated procedures in relation to personal data, such as the collection, organization, storage, adaption or alteration, reading, retrieval, use, disclosure by transmission, dissemination or any other form of provision, comparison or linking, restriction, erasure or destruction.

d) Pseudonymization

Pseudonymization is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organizational measures which ensure that the personal data are not assigned to an identified or identifiable natural person.

e) Person responsible

The person responsible is the natural or legal person, authority, institution, or other body that alone or together with others decides on the purposes and means of processing personal data.

f) Data processor

Data processor is a natural or legal person, authority, institution or other body that processes personal data on behalf of the responsible person.

g) Consent

Consent shall mean any informed and unequivocal expression of will voluntarily given by the data subject in the particular case in the form of a declaration or other clear affirmative act by which the data subject indicates his or her consent to the processing of personal data concerning him or her.

2. Collection and storage of general information and registration

a) When using the website

If you want to use this website for information purposes only without registering, we do not collect any personal data from you, but only log information (IP address, browser type, date, time, name and URL of the file accessed, website from which access is made). This data is used exclusively for smooth connection establishment, to ensure comfortable use of our website, to evaluate system security and stability, and for administrative and statistical purposes. They are neither passed on nor are they combined with the personal data provided. The legal basis is Art. 6 para. 1 Sentence 1 lit. f GDPR. The use of session cookies according to Section 4 is explicitly pointed out.

b) When using the contact form

We collect and store, in compliance with § 14 para. 1 of the German Telemedia Act, those personal data which are necessary to enable you to use our internet offer. If you log in to energysolutions24.de or use functions of energysolutions24.de that require you to log in and create a customer account, we therefore store your name, your address, your e-mail address and your password as well as your payment data for billing, if applicable. We would like to point out that data transmission over the internet (e.g. communication by e-mail) can have security gaps. We strive for a complete protection of the data against access by third parties, but this is not possible. The person responsible for the processing may arrange for the data to be transferred to one or more data processors, such as a parcel service, who also uses the personal data exclusively for internal use attributable by the person responsible. Your data will only be passed on to other third partied if we are legally obliged to do so.

3. Disclosure of data

Your personal data will not be transmitted to third parties for purposes other than those listed below. We will only pass on your data to third parties if:

  • You have given your explicit consent pursuant to Art. 6 para. 1 Sentence 1 lit. a GDPR,

  • the disclosure pursuant to Art. 6 para. 1 Sentence 1 lit. f GDPR is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,

  • in the event that a legal obligation exists for the transfer pursuant to Art. 6 para. 1 Sentence 1 lit. c GDPR, and

  • this is permitted by law and is necessary for the processing of contractual relationships with you pursuant to Art. 6 para. 1 Sentence 1 lit. b GDPR

4. Cookies

We use cookies with which data is sent to your computer during your visit and stored there. Cookies are small data records that are generated when web pages are called up. These session cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a random string of characters through which internet pages and servers can be assigned to the specific internet browser in which the cookie was stored. This enables the visited internet pages and servers to distinguish the individual browser of the data subject from other internet browsers that contain other cookies. A particular internet browser can be recognized and identified by its unique cookie ID. If personal data is also processed by individual session cookies implemented by us, the processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR either for the execution of the contract or in accordance with Art. 6 para. 1. lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the website.

By means of a cookie, the information and offers on our website can be optimized for the user. These session cookies enable us to recognize the users of our website during their visit to the website. The purpose of this recognition is to make it easier for users to use our website. With the help of session cookies, the web server can therefore retrieve user-specific information which servers to make the use of the website easier and more convenient for you. They serve exclusively to make your use of the site more pleasant.

If you refuse the use of cookies, you can set your browser so that cookies are generally rejected or that you must confirm the acceptance of cookies in each case. If you choose not to accept cookies, you may not be able to use certain functions on our website. Most web browsers have a function in the menu bar (usually under “Tools / Settings / Privacy” or under “Tools / Internet Options / Privacy”) with which you prevent your browser from accepting new cookies, with which you let your browser inform you when you receive a new cookie or with which you can also deactivate all cookies received.

5. Services of Google

We have embedded fonts of the following company on our website:

Google LLC (1600 Amphitheatre Parkway – Mountain View – CA 94043 – USA)

Data Protection Declaration: https://policies.google.com/privacy

Opt-Out: https://adssettings.google.com/authenticated

This website may contain so-called plugins in the form of maps, satellite photos and route planning from Google Maps™. These can be used by you to calculate routes and make it easier for you to find our companies. These maps are a service of Google Inc., 1600 Menlo Park, Mountain View, CA 94043 USA. Each time you visit our website, which contains such a map, data is loaded from Google’s web servers that create the visual appearance and functionality of the map on our website. Your browser also transmits data to Google, where it is stored and processed. Information on the collection and use of the transmitted data can be viewed on the Google website. By using our websites that contain Google maps, you consent to the processing of your data by Google. The terms of use of Google Maps can be found here: https://www.google.com/intl/de_de/help/terms_maps.html

6. Your rights

a) Deletion of personal data (Right to be forgotten)

The person responsible shall process and store the personal data of the data subject only for the time necessary to achieve the data retention purpose or, as the case may be, by the European legislator of directives and regulations or by any other legislator in laws or regulations to which the person responsible is subject. If the storage purpose ceases to apply or if a storage period prescribed by the European legislator of directives and regulations or another competent legislator expires, the personal data is routinely blocked or deleted in accordance with the statutory provisions.

The data subject also has the right to require the person responsible to delete personal data concerning him/her immediately and the person responsible is obliged to delete personal data immediately if one of the following reasons applies:

  • the personal data are no longer necessary for the purposes for which they were collected or otherwise processed

  • the data subject withdraws his/her consent on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for processing

  • the data subject objects to processing under Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for processing or the data subject objects to processing under Art. 21 para. 2 GDPR

  • the personal data have been processed unlawfully

  • the deletion of personal data is necessary to fulfill a legal obligation under Union Law or the law of the Member States to which the data controller is subject

  • the personal data was collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR.

b) Right of confirmation

Every data subject shall have the right granted by the European legislator of directives and regulations to require the person responsible to confirm whether personal data concerning him/her are being processed.

c) Right of information

According to the provisions of the GDPR you have the right to receive written information free of charge about your personal data stored by us and the extent of our use as well as a copy of this information.

Furthermore, you have a right of access to the following information:

  • the purposes of the processing

  • the categories of personal data to be processed

  • the recipients or categories of recipients to whom the personal data have been or are still being disclosed, in particular recipients in third countries or international organizations

  • if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration

  • the existence of a right of rectification or deletion of personal data concerning them or of a restriction on processing by the person responsible or of a right of objection to such processing

  • the existence of a right of appeal to a supervisory authority

  • all available information on the origin of the data, provided that the personal data were not collected from the data subject

  • the existence of automated decision-making, including profiling in accordance with Art. 22 paras. 1 and 4 GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended impact of such processing on the data subject

  • Whether personal data have been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to obtain information on the appropriate guarantees in connection with the transfer.

If you wish to make use of this option, please inform us by e-mail to info@heliotec.de. The postal address is: Heliotec Betriebs- und Verwaltungsgesellschaft mbH, Am Steinberg 7, 09603 Großschirma.

d) Right of rectification

The data subject has the right to demand from the person responsible the correction of incorrect personal data concerning him or her without delay. In consideration of the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary statement.

e) Right to limitation of the processing

The data subject has the right to require the person responsible to restrict the processing if one of the following conditions is met:

  • the accuracy of the personal data is disputed by the data subject for a period which enables the person responsible to verify the accuracy of the personal data,

  • the processing is unlawful and the data subject refuses to delete the personal data and instead requests the restriction of the use of personal data;

  • the person responsible no longer needs the personal data for processing purposes, but the data subject requires them to assert, exercise or defend legal claims; or

  • the data subject has lodged an objection to the processing pursuant to Art. 21 para. 1 GDPR, as long as it is not yet clear whether the legitimate reasons of the data subject outweigh those of the data subject.

f) Right of data portability

The data subject has the right to receive personal data concerning him/her which he/she has provided to a person responsible in a structured, current and machine-readable format and to transmit this data to another person responsible without interference by the person responsible to whom the personal data have been provided, provided that

  • the processing is based on consent pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and

  • the processing is carried out using automated methods.

g) Right of objection

The data subject has the right, at any time, to object to the processing of personal data concerning him/her resulting from his/her special situation, pursuant to Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions. The person responsible no longer processes the personal data unless he can prove compelling legitimate grounds for processing that outweigh the interests, rights and freedoms of the data subject, or the processing is for the purpose of enforcing, pursuing or defending legal claims. If you would like to exercise your right of revocation or objection, please send an e-mail to info@heliotec.de.

h) Automated decisions

The data subject shall have the right not to be subject to a decision based exclusively on automated processing, including profiling, which has a legal effect on him or significantly affects him or her in a similar manner, unless the decision:

  • is necessary for the conclusion or performance of a contract between the data subject and the person responsible,

  • is admissible under Union or Member State law to which the person responsible is subject and that law contains appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject; or

  • is made with the explicit consent of the data subject.

i) Right to revoke consent under data protection law

Any data subject has the right to revoke his/her consent to the processing of personal data at any time.

7. Changes to our data privacy policy

We reserve the right to occasionally change this data protection declaration so that it always complies with current legal requirements or to implement changes to our services in the data protection regulation, e.g. when introducing new services. The new data protection declaration will then apply for your next visit.