With the following information, we aim to provide you, as the “data subject,” with an overview of how your personal data is processed by us and your rights under data protection laws. Generally, you can use our websites without providing any personal data. However, if you wish to utilise specific services offered by our company via our website, the processing of personal data may become necessary.
If the processing of personal data is required and there is no legal basis for such processing, we will generally obtain your consent.
The processing of personal data, such as your name, address, or email address, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations applicable to “BRC Solar GmbH.” Through this data protection information, we aim to inform you about the scope and purpose of the personal data we collect, use, and process.
As the data controller, we have implemented numerous technical and organisational measures to ensure the most complete protection possible for personal data processed through this website. Nevertheless, internet-based data transmissions can always have security vulnerabilities, so absolute protection cannot be guaranteed. For this reason, you are free to transmit personal data to us via alternative means, such as by telephone or by post.
BRC Solar GmbH
Gehrnstraße 7
76275 Ettlingen
Telephone: +49 7243 924 1660
Email: info@brc-solar.de
Representatives of the Data Controller:
Timm Czarnecki, Managing Director
Pascal Ruisinger, Managing Director
You can reach the Data Protection Officer as follows:
Email: Datenschutz@brc-solar.de
Feel free to contact our Data Protection Officer at any time with any questions or suggestions regarding data protection.
Art. 6(1)(a) GDPR (in conjunction with § 25(1) TDDDG (formerly TTDSG)) serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose.
If the processing of personal data is necessary for the performance of a contract to which you are a party, such as processing operations required for the delivery of goods or the provision of other services or consideration, the processing is based on Art. 6(1)(b) GDPR. The same applies to processing operations necessary for the performance of pre-contractual measures, such as inquiries regarding our products or services.
If our company is subject to a legal obligation requiring the processing of personal data, such as for compliance with tax obligations, the processing is based on Art. 6(1)(c) GDPR.
In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our premises were to be injured and their name, age, health insurance data, or other vital information would need to be disclosed to a doctor, hospital, or other third party. In such cases, the processing is based on Art. 6(1)(d) GDPR.
Finally, processing operations could be based on Art. 6(1)(f) GDPR. This legal basis is used for processing operations not covered by any of the aforementioned legal bases if the processing is necessary for the legitimate interests pursued by our company or by a third party, provided that the interests or fundamental rights and freedoms of the data subject do not override those interests. Such processing operations are particularly permitted because they have been specifically mentioned by the European legislator. The legislator considered that a legitimate interest could be assumed if you are a customer of our company (Recital 47 Sentence 2 GDPR).
5.1 SSL/TLS Encryption
To ensure the security of data processing and protect the transmission of confidential content such as orders, login details, or contact inquiries that you send to us as the operator, this site uses SSL/TLS encryption. You can recognize an encrypted connection by the “https://” in the address bar of your browser and by the padlock symbol in your browser bar. We use this technology to protect your transmitted data.
5.2 Data Collection When Visiting the Website
When you visit our website for informational purposes only, i.e., without registering or otherwise providing information to us, we only collect the data that your browser transmits to our server (in so-called “server log files”). With each access to a page by you or an automated system, our website collects a range of general data and information. This general data and information are stored in the server log files. The following data can be collected:
We do not draw any conclusions about your person when using this general data and information. Instead, we need this information to:
We evaluate this data and information statistically, on the one hand, and also with the aim of increasing data protection and data security within our company to ultimately ensure an optimal level of protection for the personal data we process. The server log files data is stored separately from all personal data provided by a data subject.
The legal basis for data processing is Art. 6(1)(f) GDPR. Our legitimate interest follows from the purposes listed above for data collection.
5.3 Hosting
We host our website with netcup GmbH, Daimlerstraße 25, 76185 Karlsruhe (hereinafter referred to as netcup).
When you visit our website, your personal data (e.g., IP addresses in log files) are processed on netcup servers.
The use of netcup is based on Art. 6(1)(f) GDPR. We have a legitimate interest in the most reliable presentation and provision as well as securing our website.
We have concluded a contract for order processing (AVV) according to Art. 28 GDPR with netcup. For more information on netcup’s privacy policy, please visit: netcup Privacy Policy
6.1 General Information about Cookies
Cookies are small files that your browser automatically creates and stores on your IT system (laptop, tablet, smartphone, etc.) when you visit our site.
The cookie stores information that results from the context with the specific end device used. However, this does not mean that we immediately become aware of your identity.
The use of cookies is intended to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after leaving our site.
Furthermore, we also use temporary cookies to optimize user-friendliness, which are stored on your end device for a specific defined period. When you visit our site again to use our services, it is automatically recognized that you have already been with us and what inputs and settings you have made so that you do not have to enter them again. On the other hand, we use cookies to statistically record the use of our website and to evaluate our offer for optimization purposes. These cookies allow us to automatically recognize that you have already visited our website when you visit it again. The cookies set in this way are automatically deleted after a defined period of time. The respective storage duration of the cookies can be found in the settings of the consent tool used.
6.2 Legal Basis for the Use of Cookies
The data processed by cookies that are necessary for the proper functioning of the website are required to safeguard our legitimate interests and those of third parties in accordance with Art. 6(1)(f) GDPR. For all other cookies, you have given your consent via our opt-in cookie banner in accordance with Art. 6(1)(a) GDPR (in conjunction with § 25(1) TDDDG).
6.3 Complianz GDPR/CCPA (Consent Management Tool)
We use the Consent Management Tool “Complianz GDPR/CCPA Cookie Consent” (Complianz) provided by Complianz B.V., Kalmarweg 14-5, 9723 JG Groningen, Netherlands. This service allows us to obtain and manage consent from website users for data processing.
Complianz collects data using cookies generated by end users who use our website. When an end user gives consent, the following data is automatically logged by Complianz:
The consent status is also stored in the end user’s browser, allowing the website to automatically read and comply with the end user’s consent for up to 12 months for all subsequent page requests and future end user sessions. Consent data (consent and withdrawal of consent) is stored for three years. The retention period corresponds to the regular limitation period pursuant to § 195 BGB. The data is then deleted immediately.
The functionality of the website is not guaranteed without the described processing. There is no option for the user to object as long as there is a legal obligation to obtain the user’s consent for certain data processing operations (Art. 7(1), 6(1)(c) GDPR).
Complianz is the recipient of your personal data and acts as a data processor for us. Data processing takes place exclusively in the European Union.
For detailed information on the use of Complianz, please visit: Complianz Legal Information
7.1 Contact / Contact Form
When contacting us (e.g., via contact form or email), personal data is collected. The data collected when using a contact form can be found in the respective contact form. This data is stored and used exclusively for the purpose of processing your request or for contacting you and the associated technical administration. The legal basis for processing the data is our legitimate interest in responding to your request in accordance with Art. 6(1)(f) GDPR. If your contact aims at concluding a contract, an additional legal basis for processing is Art. 6(1)(b) GDPR. Your data will be deleted after final processing of your inquiry, which is the case when it can be inferred from the circumstances that the matter concerned has been finally clarified and there are no statutory retention obligations opposing deletion.
7.2 Job Application Management / Job Board
We collect and process the personal data of applicants for the purpose of handling the application process. Processing may also take place electronically, especially if an applicant submits corresponding application documents electronically, for example, by email or via a web form on the website. If we conclude an employment or service contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with legal requirements. If no contract is concluded with the applicant, the application documents will be automatically deleted two months after the decision to reject the application is communicated, provided that there are no other legitimate interests on our part opposing deletion. Another legitimate interest in this sense is, for example, a burden of proof in a procedure under the General Equal Treatment Act (AGG).
The legal basis for the processing of your data is Art. 6(1)(b), Art. 88 GDPR in conjunction with § 26(1) BDSG.
8.1 Advertising Newsletter
On our website, you have the option to subscribe to our company’s newsletter. The personal data transmitted to us when ordering the newsletter can be seen in the input mask used for this purpose.
We regularly inform our customers and business partners about our offers via newsletter. You can only receive the newsletter of our company if:
For legal reasons, a confirmation email will be sent to the email address you first registered for newsletter delivery using the double opt-in procedure. This confirmation email serves to verify whether you, as the owner of the email address, have authorized receipt of the newsletter.
When registering for the newsletter, we also store the IP address assigned by your Internet service provider (ISP) to the IT system used by you at the time of registration, as well as the date and time of registration. The collection of this data is necessary to be able to trace any (possible) misuse of your email address at a later date and therefore serves our legal protection.
The personal data collected as part of a newsletter registration will only be used for sending our newsletter. Furthermore, newsletter subscribers may be informed by email if this is necessary for the operation of the newsletter service or registration, such as in the event of changes to the newsletter offer or changes to the technical conditions. The personal data collected as part of the newsletter service will not be passed on to third parties. You can cancel your subscription to our newsletter at any time. The consent to the storage of personal data that you have given us for newsletter delivery can be revoked at any time. Each newsletter contains a corresponding link for revoking consent. Furthermore, you have the option to unsubscribe from the newsletter delivery at any time directly on our website or to inform us by other means.
The legal basis for data processing for newsletter delivery is Art. 6(1)(a) GDPR.
8.2 Newsletter Tracking
Our newsletters contain so-called tracking pixels. A tracking pixel is a miniature graphic embedded in emails sent in HTML format to enable log file recording and analysis. This allows for a statistical evaluation of the success or failure of online marketing campaigns. Using the embedded tracking pixel, the company can determine whether and when an email from you has been opened and which links contained in the email were clicked by you.
The personal data collected via tracking pixels contained in newsletters are stored and analyzed by us in order to optimize newsletter delivery and better tailor the content of future newsletters to your interests. This personal data will not be passed on to third parties. Data subjects are entitled to revoke their separate consent given via the double opt-in procedure at any time. After revocation, this personal data will be deleted by us. Unsubscribing from the newsletter automatically signifies revocation.
Such evaluation is carried out, in particular, in accordance with Art. 6(1)(f) GDPR, based on our legitimate interests in displaying personalized advertising, market research, and/or needs-based design of our website.
8.3 CleverReach
This website uses CleverReach for newsletter delivery. The provider is CleverReach GmbH & Co. KG, (CRASH Building), Schafjückenweg 2, 26180 Rastede. CleverReach is a service that can be used to organize and analyze newsletter delivery. The data entered by you for the purpose of newsletter subscription (e.g., email address) is stored on CleverReach servers in Germany or Ireland.
Our newsletters sent via CleverReach enable us to analyze the behavior of newsletter recipients. This includes, among other things, analyzing how many recipients have opened the newsletter message and how often each link in the newsletter was clicked. With the help of so-called conversion tracking, it is also possible to analyze whether a predefined action (e.g., the purchase of a product on our website) was taken after clicking on the link in the newsletter. For more information on data analysis through CleverReach newsletters, please visit: CleverReach Reporting and Tracking
Data processing is based on your consent (Art. 6(1)(a) GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of data processing already carried out remains unaffected by the revocation.
If you do not wish for CleverReach to perform analysis, you must unsubscribe from the newsletter. We provide a corresponding link for this purpose in every newsletter message. Furthermore, you can also unsubscribe from the newsletter directly on the website.
You can revoke the consent you have given at any time. You can also prevent processing at any time by unsubscribing from the newsletter. You can also prevent the storage of cookies by adjusting your web browser settings accordingly. Additionally, you can prevent the storage and transmission of personal data by deactivating JavaScript in your web browser or by installing a JavaScript blocker (e.g., https://noscript.net or https://www.ghostery.com). We would like to point out that by taking these measures, not all functions of our website may be available.
The data you have provided to us for the purpose of newsletter subscription will be stored by us until you unsubscribe from the newsletter, and after unsubscribing from the newsletter, it will be deleted from both our servers and CleverReach servers. Data that has been stored by us for other purposes (e.g., email addresses for the member area) remains unaffected by this.
You can view CleverReach’s privacy policy here: CleverReach Privacy Policy
To communicate with you and inform you about our services on social networks, we have our own pages there. When you visit one of our social media pages, we, in terms of Art. 26 GDPR, share responsibility with the provider of the respective social media platform for the processing activities triggered thereby.
We are not the primary provider of these pages but merely use them within the framework provided by the respective providers.
Therefore, we would like to inform you that your data may also be processed outside the European Union or the European Economic Area. Your use may therefore entail data protection risks, as safeguarding your rights, such as the right to information, deletion, objection, etc., may be more difficult, and processing in social networks often occurs directly for advertising purposes or for analyzing user behavior by the providers, without our influence. If usage profiles are created by the provider, cookies are often used, or the usage behavior is assigned to your own member profile created in the social networks.
The described processing activities of personal data are carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest and the legitimate interest of the respective provider to communicate with you in a contemporary manner or to inform you about our services. If you as a user need to give consent for data processing to the respective providers, the legal basis refers to Art. 6(1)(a) GDPR in conjunction with Art. 7 GDPR.
Since we do not have access to the data stored by the providers, we would like to point out that you are best advised to assert your rights (e.g., to information, correction, deletion, etc.) directly with the respective provider. Further information on the processing of your data in social networks is provided below for each social network provider we use:
9.1 Facebook
Data controller (jointly responsible for processing in Europe): Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Privacy Policy (Data Policy): Facebook Data Policy
9.2 Instagram
Data controller (jointly responsible for processing in Germany): Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Privacy Policy (Data Policy): Instagram Data Policy
9.3 LinkedIn
Data controller (jointly responsible for processing in Europe): LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland
Privacy Policy: LinkedIn Privacy Policy
9.4 YouTube
Data controller (jointly responsible for processing in Europe): Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy Policy: YouTube Privacy Policy
9.5 XING (New Work SE)
Data controller (jointly responsible for processing in Germany): New Work SE, Am Strandkai 1, 20457 Hamburg, Germany
Privacy Policy: XING Privacy Policy
Data Disclosure Requests for XING Members: XING Data Disclosure
10.1 Matomo
We have integrated the open-source web analytics service Matomo from the provider InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, on this website. Matomo is a software tool for web analysis, i.e., for the collection, compilation, and evaluation of data about the behavior of visitors to websites. This is used to optimize the website and to analyze the cost-benefit of internet advertising.
The use of this analytics tool is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both its web offering and its advertising.
If consent is requested, the processing is based exclusively on Art. 6(1)(a) GDPR and § 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
IP anonymization: We use IP anonymization in the analysis with Matomo. This means that your IP address is shortened before analysis, so it cannot be uniquely assigned to you.
Cookieless analysis: We have configured Matomo not to store cookies in your browser.
You can view the privacy policy of Matomo at: Matomo Privacy Policy.
10.2 Google Analytics 4 (GA4)
On our websites, we use Google Analytics 4 (GA4), a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
In this context, pseudonymous usage profiles are created and cookies (see “Cookies” section) are used. The information generated by the cookie about your use of this website can include:
The pseudonymized data may be transmitted by Google to a server in the USA and stored there.
The information is used to evaluate the use of the website, to compile reports on website activity, and to provide other services related to website and internet use for market research and the needs-based design of these websites. This information may also be transferred to third parties if required by law or if third parties process this data on behalf of Google. Under no circumstances will your IP address be merged with other data from Google.
These processing operations are carried out only with the explicit consent according to Art. 6(1)(a) GDPR.
The parent company Google LLC is certified under the EU-US Data Privacy Framework as a US company. A adequacy decision according to Art. 45 GDPR exists, allowing the transfer of personal data without further guarantees or additional measures.
For more information on data protection when using GA4, please visit: Google Analytics 4 Privacy Policy
11.1 Microsoft Teams
We use the tool “Microsoft Teams” (“MS Teams”) for our communication, including written communication (chat), as well as telephone conferences, online meetings, and video conferences. The operator of the service is Microsoft Ireland Operations Ltd., 70 Sir John Rogerson’s Quay, Dublin, Ireland. Microsoft Ireland Operations Ltd. is part of the Microsoft Corporation, headquartered at One Microsoft Way, Redmond, Washington, USA.
When using MS Teams, the following personal data is processed:
If consent is requested, the processing is based exclusively on Art. 6(1)(a) GDPR. In the context of an employment relationship, such data processing is based on § 26 BDSG. The legal basis for the use of “MS Teams” in contractual relationships is Art. 6(1)(b) GDPR. In all other cases, the legal basis for the processing of your personal data is Art. 6(1)(f) GDPR.
Detailed information on data protection regarding Microsoft, in connection with “MS Teams,” can be found at: Microsoft Teams Privacy
11.2 Font Awesome
Our website uses web fonts provided by Fonticons Inc., 307 S Main St Ste 202 Bentonville, AR, USA, for consistent font representation. When a page is accessed, your browser loads the necessary web fonts into your browser cache to display text and fonts correctly.
For this purpose, the browser you are using must establish a connection to the servers of Fonticons, Inc. This enables Fonticons, Inc. to know that our website has been accessed via your IP address. The use of Font Awesome is based exclusively on explicit consent according to Art. 6(1)(a) GDPR.
If your browser does not support Font Awesome, a standard font will be used from your device. For more information on Fonticons Inc.’s privacy policy, please visit: Font Awesome Privacy
11.3 YouTube (Videos)
We have integrated components of YouTube on this website. The operator of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
YouTube is an internet video portal that allows video publishers to freely upload video clips, and users to view, rate, and comment on them for free. YouTube allows the publication of all types of videos, including full-length films and TV shows, music videos, trailers, or user-generated videos. When you access any page of our website that contains a YouTube component (YouTube video), your internet browser is automatically prompted by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube to your IT system. YouTube and Google may also load Google WebFonts, Google Video, and Google Photo services. Further information about YouTube can be found at: YouTube About
If you are simultaneously logged into YouTube, YouTube recognizes with each call-up to a subpage that contains a YouTube video, which specific subpage of our website you visit. This information is collected by YouTube and Google and assigned to your YouTube account.
These processing operations are carried out only with the explicit consent according to Art. 6(1)(a) GDPR.
The parent company Google LLC is certified under the EU-US Data Privacy Framework as a US company. A adequacy decision according to Art. 45 GDPR exists, allowing the transfer of personal data without further guarantees or additional measures.
You can view the privacy policy of YouTube at: YouTube Privacy
12.1 Right to Confirmation
You have the right to request confirmation from us as to whether personal data concerning you is being processed.
12.2 Right to Information (Art. 15 GDPR)
You have the right to obtain free information from us at any time about the personal data stored about you, as well as a copy of this data in accordance with legal requirements.
12.3 Right to Rectification (Art. 16 GDPR)
You have the right to request the correction of inaccurate personal data concerning you. Furthermore, you have the right to request the completion of incomplete personal data, taking into account the purposes of the processing.
12.4 Right to Erasure (Art. 17 GDPR)
You have the right to demand that the personal data concerning you be deleted without delay, provided that one of the legally prescribed reasons applies and to the extent that the processing or storage is not necessary.
12.5 Right to Restriction of Processing (Art. 18 GDPR)
You have the right to request the restriction of processing from us if one of the legal conditions is met.
12.6 Right to Data Portability (Art. 20 GDPR)
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us, provided that the processing is based on consent pursuant to Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR or on a contract pursuant to Art. 6 (1) lit. b GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
Furthermore, when exercising your right to data portability pursuant to Art. 20 (1) GDPR, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible and where this does not adversely affect the rights and freedoms of others.
12.7 Right to Object (Art. 21 GDPR)
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you, which is based on Art. 6 (1) lit. e (processing in the public interest) or f (processing based on legitimate interests) GDPR, including profiling based on those provisions.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims.
In individual cases, we process personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to us processing personal data for direct marketing purposes, we will no longer process the personal data for these purposes. You have the right to exercise your right to object in connection with the use of information society services – notwithstanding Directive 2002/58/EC – by means of automated procedures using technical specifications.
12.8 Withdrawal of Consent to Data Processing
You have the right to withdraw your consent to the processing of personal data at any time with effect for the future.
12.9 Complaint to a Supervisory Authority
You have the right to lodge a complaint with a supervisory authority for data protection regarding our processing of personal data.
This privacy information is currently valid and dated: May 2024.
Due to the further development of our websites and offers or changes in legal or regulatory requirements, it may be necessary to amend this privacy information. The current privacy information can be accessed and printed by you at any time on the website at: https://brc-solar.de/en/privacy-policy