Data protection an important topic

1. Introduction

With the following information, we aim to provide you, as the “data subject,” an overview of the processing of your personal data by us and your rights under data protection laws. The use of our websites is generally possible without the input of personal data. However, if you wish to avail yourself of specific services provided by our company through our website, the processing of personal data may become necessary.

If the processing of personal data is necessary, and there is no legal basis for such processing, we generally seek your consent.

The processing of personal data, such as your name, address, or email address, always occurs in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations applicable to “BRC Solar GmbH.” Through this privacy policy, we aim to inform you about the scope and purpose of the personal data we collect, use, and process.

As the party responsible for processing, we have implemented numerous technical and organizational measures to ensure the most comprehensive protection of the personal data processed through this website. Nevertheless, internet-based data transmissions can, in principle, have security gaps, so absolute protection cannot be guaranteed. For this reason, you are free to transmit personal data to us through alternative means, such as by phone or post.

2. Person responsible

The responsible party in terms of the GDPR is:

BRC Solar GmbH

Gehrnstraße 7 76275 Ettlingen

Phone: +49 7243 924 1660


Representatives of the responsible party: Timm Czarnecki, Managing Director

Pascal Ruisinger, Managing Director

3. Data Protection Officer

You can contact the Data Protection Officer as follows:


Feel free to reach out to our Data Protection Officer at any time for any questions or suggestions regarding data protection.

4. Legal basis of the processing

Article 6(1)(a) of the General Data Protection Regulation (GDPR) (in conjunction with § 25(1) of the German Federal Data Protection Act – TTDSG) serves as the legal basis for processing operations in our company where we obtain consent for a specific processing purpose.

If the processing of personal data is necessary for the performance of a contract to which you are a party, as is the case, for example, in processing operations required for the delivery of goods or the provision of any other service or consideration, the processing is based on Article 6(1)(b) of the GDPR. The same applies to processing operations that are necessary for the performance of pre-contractual measures, such as in cases of inquiries about our products or services.

If our company is subject to a legal obligation that requires the processing of personal data, such as to fulfill tax obligations, the processing is based on Article 6(1)(c) of the GDPR.

In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor in our establishment were to be injured and their name, age, health insurance data, or other vital information would need to be disclosed to a doctor, hospital, or other third parties. In such a situation, the processing would be based on Article 6(1)(d) of the GDPR.

Ultimately, processing operations could be based on Article 6(1)(f) of the GDPR. Processing on this legal basis is permissible for operations not covered by any of the aforementioned legal bases, provided that the processing is necessary to safeguard the legitimate interests of our company or a third party, unless the interests, fundamental rights, and freedoms of the data subject outweigh those interests. Such processing operations are particularly permitted to us because they have been specifically mentioned by the European legislator. In this regard, the legislator considers that a legitimate interest could be assumed if you are a customer of our company (Recital 47, sentence 2 of the GDPR).

5. Technology

5.1 SSL/TLS encryption

This website employs SSL/TLS encryption to ensure the security of data processing and protect the transmission of confidential content, such as orders, login information, or contact inquiries that you send to us as the operator. You can recognize an encrypted connection by the “https://” in the address bar of your browser instead of “http://” and by the padlock symbol in your browser’s address bar.

We use this technology to safeguard the data you transmit to us.

5.2 Data collection when visiting the website

When you use our website for informational purposes only, without registering or otherwise providing information to us, we only collect the data that your browser transmits to our server (in so-called “server log files”). With each visit to a page by you or an automated system, our website records a series of general data and information. These general data and information are stored in the server’s log files. The following information can be collected:

1. Types and versions of browsers used,

2. The operating system used by the accessing system,

3. The website from which an accessing system reaches our website (so-called referrer),

4. The subpages accessed by an accessing system on our website,

5. The date and time of access to the website,

6. An Internet Protocol address (IP address), and

7. The Internet Service Provider of the accessing system.

When using this general data and information, we do not draw any conclusions about your person. Instead, this information is needed to:

1. Correctly deliver the content of our website,

2. Optimize the content of our website and its advertising,

3. Ensure the ongoing functionality of our IT systems and the technology of our website, and

4. Provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.

We analyze this collected data and information both statistically and with the aim of increasing data protection and data security in our company, ultimately ensuring an optimal level of protection for the personal data we process. The data from the server log files are stored separately from all personal data provided by an individual.

The legal basis for data processing is Art. 6(1)(f) GDPR. Our legitimate interest arises from the purposes listed above for data collection.

5.3 Hosting

We host our website with netcup GmbH, Daimlerstraße 25, 76185 Karlsruhe (hereinafter referred to as netcup).

When you visit our website, your personal data (e.g., IP addresses in log files) is processed on netcup’s servers.

The use of netcup is based on Art. 6(1)(f) GDPR. We have a legitimate interest in ensuring the most reliable presentation and provision as well as securing our website.

We have entered into a Data Processing Agreement (DPA) pursuant to Art. 28 GDPR with netcup. For more information on netcup’s privacy policy, please refer to:

6. Cookies

6.1 General information about cookies

Cookies are small files that your browser automatically creates and stores on your device (e.g., laptop, tablet, smartphone) when you visit our site.

These cookies contain information that results from the context with the specific device used. However, this does not mean that we immediately gain knowledge of your identity.

The use of cookies is intended to make your use of our offering more enjoyable. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after leaving our site.

Furthermore, we also use temporary cookies to optimize user-friendliness, which are stored on your device for a specified period. If you visit our site again to use our services, it is automatically recognized that you have already been with us and what inputs and settings you have made, so you don’t have to enter them again.

On the other hand, we use cookies to statistically record the use of our website and to evaluate our offering for optimization purposes. These cookies enable us to automatically recognize, upon a revisit to our website, that you have already visited it. The cookies set in this way are automatically deleted after a defined period. The respective storage duration of the cookies can be found in the settings of the consent tool used.

6.2 Legal basis for the use of cookies

The data processed by cookies that are necessary for the proper functioning of the website are required to safeguard our legitimate interests and those of third parties, in accordance with Art. 6(1)(f) of the General Data Protection Regulation (GDPR).

For all other cookies, you have given your consent through our opt-in cookie banner in accordance with Art. 6(1)(a) GDPR (in conjunction with § 25(1) of the German Federal Data Protection Act – TTDSG).

6.3 Complianz GDPR/CCPA (Consent Management Tool)

We use the Consent Management Tool “Complianz GDPR/CCPA Cookie Consent” (Complianz) provided by Complianz B.V., Kalmarweg 14-5, 9723 JG Groningen, Netherlands. This service allows us to obtain and manage user consent for data processing on our website.

Complianz collects data through cookies generated by end-users who use our website. When an end-user gives consent, the following data is automatically logged by Complianz:

• Browser information,

• Date and time of access,

• Device information,

• The URL of the visited page,

• Banner language,

• Consent ID,

The consent status of the end-user, serving as proof of consent.

The consent status is also stored in the end-user’s browser, allowing the website to automatically read and comply with the end-user’s consent for all subsequent page requests and future end-user sessions for up to 12 months. Consent data (consent and withdrawal of consent) is stored for three years. The retention period corresponds to the regular statute of limitations under § 195 BGB. The data is then promptly deleted.

The functionality of the website is not guaranteed without the described processing. As long as there is a legal obligation to obtain user consent for certain data processing operations (Art. 7(1), 6(1)(c) GDPR), users do not have the option to object.

Complianz is the recipient of your personal data and acts as a data processor on our behalf. The data processing takes place exclusively within the European Union.

For detailed information on the use of Complianz, please refer to:

7. Contents of our website

7.1 Contact / Contact form

In the course of contacting us (e.g., through a contact form or email), personal data is collected. The specific data collected when using a contact form is evident from the respective form. This information is stored and used solely for the purpose of addressing your inquiry or facilitating contact and the associated technical administration. The legal basis for processing the data is our legitimate interest in responding to your inquiry, as per Art. 6(1)(f) of the GDPR. If your contact aims at concluding a contract, the additional legal basis for processing is Art. 6(1)(b) of the GDPR. Your data will be deleted after the final processing of your request. This occurs when it can be inferred from the circumstances that the matter in question has been conclusively clarified, and no statutory retention obligations hinder deletion.

7.2 Application management / job exchange

We collect and process personal data of applicants for the purpose of handling the application process. The processing may also occur electronically, especially when an applicant submits relevant application documents electronically, such as via email or through a web form on the website. If we enter into an employment or service contract with an applicant, the transmitted data will be stored for the purpose of managing the employment relationship in compliance with legal regulations.

If no contract is concluded with the applicant, the application documents will be automatically deleted two months after the decision to reject the application is communicated, unless there are other legitimate interests on our part that oppose deletion. Another legitimate interest in this context could be, for example, the obligation to provide evidence in a proceeding under the General Equal Treatment Act (AGG).

The legal basis for processing your data is Art. 88 GDPR in conjunction with § 26(1) BDSG (German Federal Data Protection Act).

8. Newsletter dispatch

8.1 Advertising newsletter

On our website, you have the option to subscribe to the newsletter of our company. The personal data transmitted to us when ordering the newsletter is determined by the input mask used for this purpose.

We regularly inform our customers and business partners about our offers through newsletters. You can generally only receive our company’s newsletter if:

1. You have a valid email address, and

2. You have registered for the newsletter.

A confirmation email in the double opt-in procedure will be sent to the email address you first entered for newsletter delivery, for legal reasons. This confirmation email is intended to verify whether you, as the owner of the email address, have authorized the receipt of the newsletter.

When registering for the newsletter, we also store the IP address assigned by your Internet service provider (ISP) to your IT system at the time of registration, as well as the date and time of registration. Collecting this data is necessary to trace any potential misuse of your email address at a later date, providing legal protection.

The personal data collected during newsletter registration is exclusively used for sending our newsletter. Subscribers to the newsletter may also be informed by email if this is necessary for the operation of the newsletter service or relevant registration, such as in the case of changes to the newsletter offer or technical changes. The personal data collected within the framework of the newsletter service is not passed on to third parties. You can cancel your subscription to our newsletter at any time. The consent to store personal data that you provided for the purpose of newsletter delivery can be revoked at any time. Each newsletter contains a corresponding link for revoking consent. Furthermore, there is the option to unsubscribe from the newsletter directly on our website at any time or to inform us in another way.

The legal basis for data processing for the purpose of newsletter delivery is Art. 6(1)(a) GDPR.

8.2 Newsletter tracking

Our newsletters contain so-called pixel tags. A pixel tag is a miniature graphic embedded in emails sent in HTML format to enable log file recording and analysis. This allows for a statistical evaluation of the success or failure of online marketing campaigns. Through the embedded pixel tag, the company can determine if and when an email was opened by you and which links within the email were accessed.

Personal data collected through these pixel tags in the newsletters is stored and analyzed by us to optimize newsletter delivery and better tailor the content of future newsletters to your interests. This personal data is not shared with third parties. Individuals are entitled to revoke the separate consent given through the double opt-in process at any time. After revocation, this personal data will be deleted by us. We automatically interpret unsubscribing from the newsletter as a revocation.

Such analysis is carried out in accordance with Art. 6(1)(f) GDPR, based on our legitimate interests in displaying personalized advertising, conducting market research, and/or customizing our website to meet user needs.

8.3 CleverReach

This website uses CleverReach for the dispatch of newsletters. The provider is CleverReach GmbH & Co. KG, (CRASH Building), Schafjückenweg 2, 26180 Rastede. CleverReach is a service that allows the organization and analysis of newsletter delivery. The data you enter for the purpose of receiving the newsletter (e.g., email address) is stored on CleverReach’s servers in Germany or Ireland.

The newsletters sent with CleverReach enable us to analyze the behavior of newsletter recipients. This includes, among other things, the analysis of how many recipients opened the newsletter message and how often each link in the newsletter was clicked. With the help of the so-called conversion tracking, it can also be analyzed whether, after clicking the link in the newsletter, a predefined action (e.g., purchasing a product on our website) took place. Further information on data analysis by CleverReach newsletters can be found at: CleverReach Reporting and Tracking.

The data processing is based on your consent (Art. 6(1)(a) GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing already carried out remains unaffected by the revocation.

If you do not wish for analysis by CleverReach, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in each newsletter message. Furthermore, you can also unsubscribe from the newsletter directly on the website.

You can revoke your consent at any time. You can also prevent processing at any time by unsubscribing from the newsletter. You can prevent the storage of cookies by adjusting your web browser settings accordingly. Additionally, the storage and transmission of personal data can be prevented by disabling JavaScript in your web browser or by using a JavaScript blocker (e.g., or Please note that these measures may result in some functions of our website no longer being available.

The data you provide for the purpose of newsletter subscription will be stored by us until you unsubscribe from the newsletter. After unsubscribing from the newsletter, the data will be deleted from both our servers and CleverReach’s servers. Data stored by us for other purposes (e.g., email addresses for the member area) remains unaffected by this.

You can view CleverReach’s privacy policy at:

9. Our activities in social networks

In order to communicate with you and provide information about our services on social media platforms, we maintain our own pages there. When you visit one of our social media pages, we, as defined by Art. 26 GDPR, jointly responsible for the processing with the provider of the respective social media platform.

We are not the primary provider of these pages but use them within the opportunities provided by the respective providers.

Therefore, we would like to inform you that your data may also be processed outside the European Union or the European Economic Area. Use may involve privacy risks for you, as the preservation of your rights, such as information, deletion, objection, etc., may be more difficult, and processing in social networks often occurs directly for advertising purposes or for analyzing user behavior by the providers, without our influence. If the provider creates user profiles, cookies are often used, or user behavior is assigned to your own member profile created by you in the social networks.

The described processing of personal data is carried out in accordance with Art. 6(1)(f) GDPR based on our legitimate interest and the legitimate interest of the respective provider to communicate with you in a contemporary manner or to inform you about our services. If you need to give your consent to data processing as a user with the respective providers, the legal basis refers to Art. 6(1)(a) GDPR in conjunction with Art. 7 GDPR.

As we do not have access to the databases of the providers, we would like to point out that you are best advised to assert your rights (e.g., information, correction, deletion, etc.) directly with the respective provider. Further information on the processing of your data in social networks is provided below for each of the social network providers we use:

9.1 Facebook

(Co-) Responsible for data processing in Europe:

Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Privacy Policy (Data Policy):

9.2 Instagram

(Co-) Responsible for data processing in Germany:

Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Privacy Policy (Data Policy):

9.3 LinkedIn

(Co-) Controller for data processing in Europe:

LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

Privacy Policy:

9.4 YouTube

(Co-) Responsible for data processing in Europe:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Privacy Policy:

9.5 XING (New Work SE)

(Co-) Responsible for data processing in Germany:

New Work SE, Am Strandkai 1, 20457 Hamburg, Germany

Privacy Policy:

Information requests for XING members:

10. Web analysis

10.1 Matomo

On this website, we have integrated the open-source web analytics service Matomo from the provider InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand. Matomo is a software tool for web analysis, which involves collecting and evaluating data about the behavior of visitors to websites. This is used to optimize the website and for cost-benefit analysis of internet advertising.

The use of this analytics tool is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both its web offering and its advertising.

If consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of TTDSG. Consent can be revoked at any time.

IP anonymization

For analysis with Matomo, we use IP anonymization. This means that your IP address is shortened before analysis, making it no longer uniquely identifiable.

Cookie-less analysis

We have configured Matomo so that it does not store cookies in your browser.

You can view Matomo’s privacy policy at:

10.1 Google Analytics 4 (GA4)

On our websites, we use Google Analytics 4 (GA4), a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

In this context, pseudonymous user profiles are created, and cookies (see “Cookies” section) are used. The information generated by the cookie about your use of this website may include:

• Temporary collection of the IP address without permanent storage

• Location data

• Browser type/version

• Operating system used

• Referrer URL (previously visited page)

• Time of the server request

The pseudonymous data may be transmitted to a server in the United States by Google and stored there.

The information is used to evaluate the use of the website, compile reports on website activity, and provide other services related to website usage and internet usage for market research and the customization of these websites. This information may also be transferred to third parties if required by law or if third parties process this data on behalf of Google. Under no circumstances will your IP address be merged with other Google data.

These processing operations are carried out only with your explicit consent in accordance with Art. 6(1)(a) GDPR.

The parent company, Google LLC, is certified as a US company under the EU-US Data Privacy Framework. Thus, an adequacy decision pursuant to Art. 45 GDPR exists, allowing the transfer of personal data without further guarantees or additional measures.

For further information on data protection when using GA4, please visit:

11. Plugins and other services

11.1 Microsoft Teams

To conduct our communication in both written form (chat) and in the form of phone conferences, online meetings, and video conferences, we use the tool “Microsoft Teams” (“MS Teams”). The operating company of the service is Microsoft Ireland Operations (“Microsoft”) Ltd., 70 Sir John Rogerson’s Quay, Dublin, Ireland. Microsoft Ireland Operations, Ltd. is part of the Microsoft corporate group headquartered at One Microsoft Way, Redmond, Washington, USA.

When using MS Teams, the following personal data is processed:

• Meetings, chats, voicemails, shared files, recordings, and transcriptions.

• Data shared about you, such as your email address, profile picture, and phone number.

• Detailed call history of the phone calls you make.

• Data related to call quality.

• Support/feedback data, information related to troubleshooting tickets or feedback sent to Microsoft.

• Diagnosis and service data, diagnosis data related to service usage.

To enable the display of video and playback of audio, data from your device’s microphone and video camera are processed during the meeting. You can deactivate or mute the camera or microphone at any time using the “Microsoft Teams” applications.

If explicit consent is requested, the processing is based solely on Art. 6(1)(a) GDPR. In the context of an employment relationship, the corresponding data processing is based on § 26 BDSG. The legal basis for the use of “MS Teams” in contractual relationships is Art. 6(1)(b) GDPR. In all other cases, the legal basis for the processing of your personal data is Art. 6(1)(f) GDPR, where we have an interest in the effective conduct of online meetings.

When we record online meetings, we will notify you of this before it starts and request your consent for the recording if necessary. If you do not wish for this, you can leave the online meeting.

As a cloud-based service, “MS Teams” processes the mentioned data as part of the service provision. To the extent that “MS Teams” processes personal data in connection with Microsoft’s legitimate business operations, Microsoft is an independent data controller for this usage and is responsible for compliance with applicable laws and obligations as a data controller. When you access the MS Teams website, Microsoft is responsible for data processing. Accessing the website is necessary to download the MS Teams software.

For detailed information on data protection at Microsoft in connection with “MS Teams,” please visit:

11.2 YouTube (Videos)

On this website, we have integrated components from YouTube. The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

YouTube is an internet video portal that allows video publishers to upload video clips for free, and users can watch, rate, and comment on them for free. YouTube allows the publication of all types of videos, including full movies and TV shows, as well as music videos, trailers, or user-generated videos accessible through the internet portal. Every time you visit one of the individual pages on this website operated by us, and a YouTube component (YouTube video) is integrated, the internet browser on your IT system is automatically prompted by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. Google WebFonts, Google Video, and Google Photo services can also be loaded from YouTube. Further information about YouTube can be found at As part of this technical process, YouTube and Google gain knowledge about which specific subpage of our website you visited.

If you are logged in to YouTube at the same time, YouTube recognizes, with the visit to a subpage that contains a YouTube video, which specific subpage of our website you are visiting. This information is collected by YouTube and Google and assigned to your YouTube account.

YouTube and Google always receive information through the YouTube component that you have visited our website if you are logged in to YouTube at the time you visit our website, whether or not you click on a YouTube video. If you do not want this information to be transmitted to YouTube and Google, you can prevent the transmission by logging out of your YouTube account before visiting our website.

These processing operations are carried out exclusively with your explicit consent in accordance with Art. 6(1)(a) GDPR.

The parent company Google LLC is certified as a US company under the EU-US Data Privacy Framework. This constitutes an adequacy decision pursuant to Art. 45 GDPR, allowing the transfer of personal data without further guarantees or additional measures.

You can view the privacy policy of YouTube at

12. Your rights as a data subject

12.1 Right to confirmation

You have the right to request confirmation from us as to whether personal data concerning you is being processed.

12.2 Right to information Art. 15 GDPR

You have the right to receive free information from us at any time about the personal data stored about you and a copy of this data in accordance with the statutory provisions.

12.3 Right to rectification Art. 16 GDPR

You have the right to request the rectification of inaccurate personal data concerning you. You also have the right to request the completion of incomplete personal data, taking into account the purposes of the processing.

12.4 Erasure Art. 17 GDPR

You have the right to demand that we delete your personal data immediately if one of the reasons provided for by law applies and insofar as the processing or storage is not necessary.

12.5 Restriction of processing Art. 18 GDPR

You have the right to demand that we restrict processing if one of the legal requirements is met.

12.6 Data portability Art. 20 GDPR

You have the right to receive the personal data concerning you, which you provided to us, in a structured, commonly used, and machine-readable format. Additionally, you have the right to transmit these data to another controller without hindrance from us, to whom the personal data have been provided, where the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR, and the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

Furthermore, when exercising your right to data portability under Article 20(1) GDPR, you have the right to have personal data transmitted directly from one controller to another, where technically feasible, and provided that this does not adversely affect the rights and freedoms of others.

12.7 Objection Art. 21 GDPR

You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you based on Article 6(1)(e) (processing in the public interest) or (f) (processing based on legitimate interests) of the GDPR. This also applies to profiling based on these provisions as defined in Article 4(4) of the GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.

In some cases, we process personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data for such advertising purposes, including profiling related to such direct marketing. If you object to us processing your personal data for direct marketing purposes, we will no longer process your personal data for these purposes.

You have the right to exercise your right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, using automated procedures where technical specifications are used.

12.8 Revocation of Consent

You have the right to revoke your consent to the processing of personal data at any time with effect for the future.

12.9 Complaint to a Supervisory Authority

You have the right to lodge a complaint with a supervisory authority responsible for data protection regarding our processing of personal data.

13. Up-to-dateness and amendment of the privacy policy

This privacy policy is currently valid and is dated: January 2024.

It may become necessary to amend this privacy policy as a result of the further development of our website and services or due to changes in legal or official requirements. You can access and print out the current privacy policy at any time on the website at: .