DATA PROTECTION STATEMENT

 

Data controller and scope of application

 

Data controller

The data controller in the sense intended by the GDPR and other national data protection laws passed by member states and by various data protection regulations is:


SecondSol GmbH

Managing director: Frank Fiedler

 

Postal address: Märzenquelle 6 | 98617 Meiningen

Tel.: +49 (0) 3693 886 04 81

Email: datenschutz@SecondSol.de

                

Scope of application

This data protection statement is designed to provide information on the type, scope and purpose of personal data processing as carried out by us  SecondSol GmbH (hereafter "SecondSol") as part of our online services and the web pages, functions and content associated with them (hereafter "Online Service" or "Website"). It applies to all Online Services regardless of the domains, systems, platforms and devices (e.g. desktop or mobile-responsive design) on which the Online Services are used.


General information on data usage 


Terms

For the terms used in this statement, especially "personal data" and its "processing", we refer to the definitions provided under art. 4 General Data Protection Regulation (GDPR).


The gender-neutral term "user" incudes all persons affected by data processing. "Users" are customers, business partners, potential clients and all other visitors to our Online Services.

Scope of personal data processing, art. 12 and 13 GDPR

Below are some examples of the type of personal data (voluntary and compulsory) processed by us as part of our Online Service. Some of this data is voluntary; the rest is compulsory.

  • Contact information e.g.  name, address, phone number and email address;
  • Contract data (e.g. service used, names of case officers);
  • Provision of contact details of your company by authorised person;
  • Location of PV equipment and serial number;
  • Financial information (e.g. payment information such as bank details, payment card number, security code etc.);
  • Content (e.g. information entered on contact form);
  • Additional unique information such as user ID and password, product functions, product and service preferences, preferred contact methods, education and employment information and details of jobs you might be interested in;
  • Location data such as your IP address or physical location if you access location-dependent services;
  • Websites from which user access our Online Services;
  • Websites accessed by user's system via our Online Services.


We process your personal data solely in accordance with applicable data protection regulations. This means that your data is processed only where legally permitted or, where  legally prescribed, in accordance with your consent. Data processing is especially permissible under law where required for services such as:

  • management of your account;
  • providing assistance for transactions or orders;
  • sharing with other users as part of contact liaison;
  • liaison with maintenance/cleaning contractors for your PV equipment;
  • identification and prevention of security threats, fraud and other malicious activity;
  • for notifications regarding our products and services;
  • provision and improvement of service and support;
  • providing personalised marketing offers;
  • selecting content for you;
  • adapting our Online Services to user preferences;
  • evaluation of marketing initiatives, advertising and websites provided by other organisations on our behalf.


Legal basis for the processing of personal data, art. 13 GDPR 

The legal basis for data processing by us is:

  • Art. 6 para. 1 a and art. 7 GDPR where consent is provided;
  • Art. 6 para. 1 lit. GDPR for processing for performance of our services and the implementation of contractual measures;
  • Art. 6 para. 1 c. GDPR for processing for compliance with our legal obligations;
  • Art. 6 para. 1 lit. f. GDPR for processing in our legitimate interests.

The legitimate interests of the data controller or of a third party includes the analysis, optimisation and commercial operation and security of our Online Services in the sense intended by art. 6 para. 1 f. GDPR, especially for the measurement of reach, the creation of profiles for marketing and advertising purposes, the collection of access data and the use of services from third-party providers, insofar as the aforementioned interests are not outweighed by the interests and basic rights and basic freedoms of the data subject.
 

Data deletion and duration of storage, art. 13 para. 2 a) GDPR

The obligation to retain data is based on the statutory regulations or on the contractual relationship. Statutory periods are generally six or ten years. Following expiry of these periods, we delete users' data if it is no longer required for its original purpose (e.g. for contract management). Insofar as personal data no longer needs be retained in accordance with the statutory periods, it will be deleted when the aforementioned reasons for its storage no longer apply.  

 

Rights of users – access and data integrity – right to be informed – right to object/revoke – data deletion – right to object

We make every effort to ensure the greatest possible accuracy of the personal data stored in our system. Registered users have access to some of their personal data in the personal area (dashboard link), so that users can review the data provided and where necessary correct it or to request that it be anonymised, blocked or deleted.

We protect users' privacy and personal data via measures for establishing their identity. To inspect or change personal data, registered users can log in to the personal area (dashboard link).
 

Notification, art. 15 GDPR            

All users are entitled to be informed at any time and without charge as to the personal data held about them.

Correction and completion, art. 16 GDPR

Users are further entitled to the correction of inaccurate data or the completion of incomplete data.

Withdrawal of consent, art. 7 para. 3 GDPR

Users can at any time withdraw their permission with future effect and object to the future processing of their personal data in accordance with the statutory regulations. Objection can especially be made against processing for the purposes of direct marketing and should be addressed to the data controller (see above) for these Online Services.
 

Objection, art. 21 GDPR

Users have the right on grounds personal to them to object at any time to the processing of their personal data as carried out on the basis of art. 6 para. 1  e or f GDPR. This also applies to any profiling based on these regulations. We will cease processing personal data unless we can prove such compelling legal grounds for processing as outweigh the interests, rights and freedoms of the data subject or if the processing aids the assertion of claims or the exercise or defence of rights.

Deletion, art. 17 GDPR

Stored data will be deleted by SecondSol as soon as it is no longer required for its original purpose and no statutory retention obligations prevent such deletion. Insofar as users' data is not deleted because it is needed for other legally permissible purposes, its processing will be restricted. This means the data will be blocked and not processed for other purposes. This includes for example users' data that needs to be retained for commercial law or tax law purposes.

Statutory retention periods are six years under § 257 para. 1 Commercial Code (Handelsgesetzbuch – HGB) for accounts, inventories, opening balances, annual accounts, trade letters, receipts etc. and ten years under § 147 para. 1 Tax Code (Abgabeordnung – AO) for books, records, management reports, receipts, trade and commercial letters and for the assessment of relevant documents.

Right to complain, art. 77 GDPR 

If they believe that the processing of their personal data is in breach of these regulations, 

and regardless of the right to seek legal remedy under administrative law or via judicial process, users have the right to complain to a supervisory authority, especially in the member state of their place of residence, place of work or the place of the alleged infringement.

Right to data transfer

Users are further entitled to receive in a structured, current and machine-readable form personal data that they have provided to us and to have this data transferred to another data controller without hindrance from the data controller to whom the personal data was provided, provided that:

  • the user has consented to the use of their data;
  • the use of the data was required for processing for the purposes of providing services and for the implementation of contractual measures by us.

Data security and data use by third parties

 

Sharing of data with third parties / EU countries/non-EU countries 

Unless the user has consented, we will not sell or lease their personal data to any third party for marketing purposes.


Data will be shared with third parties solely to the extent permitted under statutory regulations. Data will be shared only when required for contractual or accounting purposes (e.g. on the basis of art. 6 para. 1 b) GDPR) only if the user has consented or if required for other purposes or on the basis of our legitimate interest in the efficient and commercial operation of our business as per art. 6 para. 1 f) GDPR.

 

In order to provide our services we use subcontractors. In so doing we put in place appropriate legal precautions as well as technical and administrative measures to ensure personal data is protected in accordance with the applicable statutory regulations.

 

We largely avoid processing data in non-EU and non-EEA countries. Where we have data processed by other persons or companies (contract processors or third parties) and thereby disclose personal data by way of data transfer or the granting of access, this is done solely on the basis of GDPR or national data protection regulations (where, for example, data transfer to payment service providers as per art. 6 para. 1 b GDPR is concerned), the user's consent, legal obligation or our legitimate interests (e.g. for the commissioning of agents, hosting companies etc.).

 

Third-party data processing is carried out on the basis of a contract processing agreement as per art. 28 GDPR.

 

Subject to statutory or contractual licence or consent, we process data (or have it processed) in non-EU countries solely with due regard to art. 44 ff GDPR, whereby data is processed solely on the basis of special guarantees, such as an officially recognised level of data protection that corresponds to that provided by the EU (e.g. the US Privacy Shield programme) or adherence to officially recognised special contractual obligations (known as standard contractual clauses).


Security art. 32 GDPR

We put in place the most up-to-date administrative, contractual and technical security measures to ensure that statutory data protection regulations are adhered to and that the data we process is protected against accidental or intentional manipulation, loss or destruction and against unauthorised access. In so doing, and in order to ensure a level of protection commensurate with the level of risk, we take into account the costs of implementation of the measures and the type, scope and process of the processing as well as the probability of the onset of the aforementioned risks and extent to which they may jeopardise users' rights.

 

These measures protect personal data from unauthorised third-party access by controlling physical access to user data, inputting and sharing and by ensuring availability and separation of data.

 

For the exercise of the rights of data subjects as users we have set up a special process. When developing, programming and initiating hardware, software and processes, we pay due regard to data protection principles by designing the technology appropriately and using settings that promote data protection.

 

One of our security measures involves the encrypted transfer of data (ref. to https or SSL certificate) between your browser and our server. Furthermore our data processing is subject to documentation.

 

Data use for communication and marketing

 

Recording contact details

If users of our Online Services make contact via our contact form or via email, their details will be processed for the purposes of dealing with the enquiry as per art. 6 para. 1 b) GDPR.

Users' details can be saved in our customer relationship management (CRM) system or in similar systems for the following purposes: 

  • processing and resolving enquiries;
  • supporting our internal commercial purposes, namely data analysis, revision, new product development, improving our Online Services, improving our services, recognising usage trends and evaluating the effectiveness of our marketing campaigns (such use is however anonymised, i.e. the data cannot be used to identify the user personally);
  • for the avoidance of misuse or of risk to the interests of other users or to our legitimate interests in the sense intended by art. 6 para. 1 f. GDPR.


Newsletter

The following information is intended to inform users about the content of the SecondSol newsletter (editorial content, advertising and information with marketing content), registration, despatch and statistical evaluation procedures as well as users' opt-out rights. In allowing the use of their email address/contact data for receipt of our newsletter and information emails, users consent to the receipt of such communications and to the procedures described.

 

Newsletters, emails and other electronic messages send by SecondSol for the purposes of information (e.g. amendment of conditions of use), marketing and information with marketing content (hereafter "Newsletter") are sent solely with the user's consent or where statutorily permitted. Users' consent is inferred from their registration for the newsletter. The SecondSol newsletter also contains information on products, offers, campaigns and corporate news.

 

Registration for the SecondSol newsletter is via the double opt-in process. To receive the newsletter, you need to provide your email address. You will also have the option of providing a name to enable us to personalise the newsletter to you. Following registration, you will receive an email inviting you to confirm your registration. This step is necessary to prevent people from registering using other people's email addresses. Registering for the newsletter is recorded by us so that we can if necessary provide proof of registration as required by law. We also record the time of registration and your confirmation and IP address.

 

The collection and analysis of data  as explained below and the recording of the registration process are done on the basis of our legitimate interests as per art. 6 para. 1 f GDPR.

 

Alternative version if subscription to newsletter also involves consent to performance measurement:

The despatch of the newsletter and performance measurement are carried out on the basis of recipient's consent as per art. 6 para. 1 a, art. 7 GDPR in conjunction with § 7 para. 2 no. 3 Unfair Competition Act [UWG] and on the basis of statutory permission as per § 7 para. 3 UWG.

 

Our interest lies in the deployment of a user-friendly and secure newsletter system that not only serves our own interests but also helps to meet users' expectations.

 

Newsletter despatch via MailChimp despatch service

We despatch our newsletter and emails containing marketing information via the MailChimp despatch service as provided by US service provider Rocket Science Group LLC.  The names and email addresses of our newsletter recipients are saved on MailChimp's servers in the US and MailChimp uses this information to send and evaluate the newsletter on our behalf. MailChimp also uses this data itself to optimise and improve its own service.

 

When you open the newsletter, a file from MailChimp's server will be accessed enabling technical information (e.g. your browser and operating system as well as your IP address and time of access) to be collected. It can also be ascertained whether the newsletter was opened and which links were clicked on and when. This information aids the technical improvement of our service and the optimisation of newsletter content.

 

MailChimp is certified under the US-EU data protection treaty known as Privacy Shield and is therefore bound by EU data protection regulations.


https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG

 

In addition we have formed a data processing agreement with MailChimp. This constitutes a contract under which MailChimp is bound to protect our users' data and not to share it with any third party.

We may sometimes direct users directly to the MailChimp website, where cookies may be used and personal data may be processed by MailChimp, its partners and other service providers (e.g. Google Analytics). We have no control over this data collection.

 

For more information on MailChimp and the Privacy Shield data protection treaty see:


https://mailchimp.com/legal/privacy/
 

 

and

 

https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG.

 

Newsletter – usage measurement

As part of our newsletter offering we uses web beacons. These are small files that, when you open the newsletter, are accessed by the server operated by the despatch service provider and that access technical information (browser, operating system, IP address and access time). On the basis of this information, SecondSol optimises its technical services on the basis of technical data, target groups, user behaviour and time and place of access. This method is also used by us to see whether and when users open the newsletter and which links they click on. For technical reasons, this information can be assigned to individual newsletter subscriptions, but neither we nor any of our despatch service providers can observe individual users. This evaluation helps us optimise our newsletter by, for example, using user behaviour to modify content. 

 

Unsubscribing from the newsletter

You can unsubscribe from the newsletter at any time by withdrawing your consent by clicking on the link at the end of every newsletter. Alternatively, in the log-in area, users with a customer account can adjust their settings for receiving the newsletter. In so doing they can revoke their consent for despatch of the newsletter by the despatch service provider and their consent to statistical analysis. Termination extends to revocation of despatch by the despatch service provider or of statistical evaluation. Users who have registered for the newsletter and have then de-registered will have their stored personal data deleted.

 

Data usage as part of Online Services

 

Registration for use of Online Services – performance of contractual services

 

SecondSol processes core data (e.g. user's name, address and contact details), contract data (e.g. services accessed, names of contact persons, payment information) as per art. 6 para. 1 b. GDPR for the purposes of complying with our contractual obligations and providing our services.

 

You have the option to set up a user account, after which you can log in to the personal area of the website (dashboard link) and see the offers and subscriptions relevant to you. The details you have to provide will be notified to you as part of the registration process. User accounts cannot be accessed or seen by any third party and search machines cannot index/read them. Once your user account is deleted, the data held about you will be deleted immediately, unless we are compelled to retain it for commercial or tax-related legal reasons as per art. 6 para. 1 c GDPR. In the event of termination, the securing of user data prior to contract end is a matter for the user. We are entitled to irretrievably delete all user data as saved during the contractual period.

 

When you register or re-register or use our Online Services, we save the IP address that you used to register and the time of the action concerned. This storage is based on our legitimate interests and on the need to protect users from misuse and other unauthorised use of your data. We do not share this data with third parties unless required for the upholding of our rights or there is a statutory obligation to do so under art. 6 para. 1 c GDPR.

 

For marketing purposes, we process usage data (e.g. websites visited as part of our Online Services, interest in our products) and content data (e.g. data provided on the contact form or user profile) in a user profile in order to show the user items such as product notices based on services used so far.

 

Commentary function/user contributions

If users submit contributions or comment on editorial content or on comments from third parties (user comments), we save the user's IP address for seven days on the basis of our legitimate interests in the sense intended by art. 6 para. 1 f. GDPR.

When registered users submit comments, their personal details (name and where applicable their photo) will be visible to third parties. If you to avoid this, please avoid using the comment function or adjust the settings in your user account (link) so that third parties cannot see your details. 


If you publish personal data such as photos in a public forum offered as part of our Online Services, in a social network or on a blog or other forum or leave a comment or disclose such data, please be aware that this information can be read, seen, collected and used by other users, who may use it to contact you, send you unsolicited messages or for other purposes and you will not have any control over such use. We therefore accept no liability for personal data published by users in forums or on other platforms . We recommend that as far as possible users avoid providing personal data in this way.

IP addresses are saved in order to protect us and users' security in the event that comments and contributions might contain content that is unlawful or that infringes third-party rights (defamation, unlawful political content, infringement of property rights etc.). In such cases we must ensure that we cannot ourselves be pursued for comments or contributions and we therefore have an interest in establishing the identity of the author.

 

Automated data capture 

The following sections contain additional information on frequently used web technology tools.

 

Cookies are small text files or other types of information storage that are saved on the user's hard-drive by our Online Services or by third-party websites.

 

Cookies fall into one of two categories: technically necessary cookies and technically optional cookies.


Necessary cookies

These cookies are necessary for specific website functions. They can be placed if, for example, you place a product in your shopping basket and then surf elsewhere online before completing your purchase. In this way we can ensure that the contents of your basket remain there even after the browser window is closed.

 

Performance cookies

These cookies provide us with information on user behaviour with regard to our Online Services, especially on whether, where, when and why the user receives an error message. This includes measuring loading times for our Online Services and/or the accessibility of these services as it relates to various browser types.

 

Function cookies

Function cookies increase the usage value of our Online Services. These cookies are not essential but they are used, for example, to save the user's inputted location so that, the next time the user visits the website, their location can be immediately displayed.

 

Advertising cookies

Advertising or targeting cookies are cookies that, although not strictly necessary, can be used to show users advertising tailored to their surfing behaviour.

 

Use of cookies by SecondSol 

For the period of your use of our Online Services, we use session cookies, which help to ensure the functionality of our services (e.g. by saving your log-in details or the contents of your shopping basket). Session cookies contain a randomly generated unique ID number (session ID) as well as details of its origination and the storage period, thereby enabling the user's computer to be recognised on future visits to our website.  If you log out, end your use of our Online Services or close your browser, session cookies are deleted.

 

As well as session cookies, we also save permanent cookies on your computer. These remain on your device until you delete them in your browser or they expire.

 

Under the law as it currently stands, we have to inform users that cookies are being used. This data protection statement is made available for that purpose. In continuing to use our Online Services, you consent to the use of cookies by us.

 

Prevention of data capture 

Most browsers are configured for the use and acceptance of permanent cookies but you can prevent cookies from being saved on your device by adjusting your browser's settings. Each browser manages cookie settings differently. For more information, see your browser's help menu:


Internet Explorer™: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies


Safari™: https://support.apple.com/kb/PH21411?locale=de_DE


Chrome™: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647

Firefox™ https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen

Opera™ : http://help.opera.com/Windows/10.20/de/cookies.html

 

ePrivacy Regulation

In future, browsers are supposed to ensure via their default settings that cookies can only be deployed subject to the user adjusting their settings ("privacy by default"). This is not currently a legal requirement. In future, we will notify users prior to their use of our Online Services that cookies will be used and, by using the opt-in procedure, will ensure that the decision to allow cookies will be taken by the user.

 

This may result in some of the functions of our Online Services no longer being available or not being displayed correctly.

Information on browsers currently in use and on adjusting your cookie settings can be found on your browser's help pages.

 

If you have any questions about the opt-out process or the use of cookies, please contact us at:

 

Tel. +49 (0) 3693 886 0481

Email datenschutz@SecondSol.de

 

Web beacons – integrated weblinks

Some of our emails and newsletters contain integrated weblinks. These allow us to establish whether users click on the links in an email. This interaction information may be linked to other user information. The use and functioning of web beacons in connection with the despatch of newsletters is described above in the Newsletter section.

           

Google services/marketing and advertising

 

Google Analytics

For the analysis, optimisation and commercial operation of our Online Services as part of our legitimate interests in the sense intended by art. 6 para. 1 f GDPR, we use Google Analytics, a web analysis service by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, US ("Google"). The functioning of Google Analytics is based on cookies, whereby the cookie creates information on the use of our Online Services. The usage information captured via cookies is usually transferred to a Google server in the US and stored there.

 

Google is a certified member of the Privacy Shield scheme and guarantees compliance with European data protection law. For details on the Privacy Shield scheme see:

 

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

 

Google evaluates this information, and thus also the use of our Online Services, on our behalf. It also compiles reports on user activities within these Online Services and provides us with additional services connected to the use of these Online Services and Internet usage in general. Google can use the data processed to create anonymous usage profiles.

 

Why do we use Google Analytics?

 

As part of our marketing activity, we place ads with Google and its partners. Using information evaluated by Google Analytics allows us to show ads only to those users who have expressed an interest in our Online Services or have requested specific product features. Analysis of preferences is sent by us to Google (known as remarketing or Google Analytics Audiences). These tools are designed to ensure that our ads are shown only to interested potential users and do not represent an inconvenience for the user.

We use Google Analytics only with activated IP anonymisation. This involves the abbreviation of IP addresses of users within the European Union and the European Economic Area. Occasionally full IP addresses are transferred to a Google server without abbreviation.

 

Users' browser data is not merged with other data held by Google.

 

You can reject cookies by adjusting your browser settings. Go to  

 

http://tools.google.com/dlpage/gaoptout?hl=de

 

to download and install a browser plug-in that will prevent data produced by the cookie being captured and processed by Google.

 

For more information on data usage by Google and how you can change your settings and opt out, visit:

 

 

Google re-marketing services/audience

 As part of our Online Services, we use Google's remarketing function, known as Similar Audiences . This enables users of our Online Services to be shown ads tailored to their interests within the Google marketing network. The user's browser saves "cookies", or text files, on your computer, which enable the visitor to be recognised when visiting websites that are part of the Google marketing network. On these websites, the user can then be shown ads relating to content that the visitor has accessed previously on websites that use the Google remarketing function. According to Google, it does not gather any personal data during this process.


User data is processed solely anonymously. Google does not save or process users' names or email addresses but processes the relevant cookie-based data within anonymous user profiles. This means that, according to Google, ads are managed and displayed not for a specific, identifiable person but for the 'owner' of the cookie, regardless of who the 'owner' is. This is not the case, however, if a user has expressly permitted Google to process this data without anonymisation. The information gathered on the user by Google's marketing services is transferred to Google and saved on its servers in the US.

 

The Google marketing services that we use include the online marketing programme Google AdWords, for which each customer of the programme receives a "conversion cookie". Cookies cannot be tracked beyond the websites of AdWords customers. The information obtained from the cookies helps to create conversion statistics for AdWords customers who use conversion tracking. AdWords customers learn the total number of users who have clicked on their ads and been taken to a page equipped with a conversion tracking tag, but they do not receive any information with which users can be personally identified.

You can opt out of the Google remarketing function by adjusting your settings at

 

http://www.google.com/settings/ads 

 

Alternatively you can deactivate the use of cookies for interest-based advertising by the marketing network initiative by following the instructions at:

 

http://www.networkadvertising.org/managing/opt_out.asp

 

Cards and typefaces

 

We use external typefaces and cards from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, https://www.google.com/fonts ("Google Fonts"). Google Fonts are embedded through access to Google's server, which is usually in the US. For details on the relevant data protection visit: 

 

https://www.google.com/policies/privacy/

 

To prevent the processing and use of your usage data click here:

 

Opt-out: https://www.google.com/settings/ads/

 

Online presence in social media

In order to establish contact with users of these networks, potential customers and other users and to provide editorial content or information about our services, we have accounts with

 

Facebook

Twitter

google+

XING


The use of these networks is subject to the terms and conditions and data processing guidelines of the operators concerned.


If users contact us within these networks, their data is processed by us in line with this data protection statement.

As part of our Online Services we create links to our social media accounts. Ordinary usage of our Online Services will not result in any connection being established with the platform concerned and nor will any data be sent automatically to Facebook, but if you click on a link to any of our social media accounts, data can be sent to the platform concerned. If you have an account with the platform, and you are already logged in to it, then when you click on the link the platform will match your visit with your user account. If you as a platform user want to prevent the transfer of your data to the platform, you should log out of your account before using our Online Services and delete the cookies.

 

To completely exclude the possibility of any data transfer to the platform concerned, you are advised not to use the Facebook link.

 

Facebook/google+/Twitter

Facebook/google+/Twitter are certified under the Privacy Shield scheme and guarantee compliance with European data protection law. For details of the Privacy Shield treaty visit:

 

facebook: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active


google+: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active


Twitter: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO

 

You can opt out of the processing and use of data here.

 

(Create opt-out link and paste here)

 

For information on the purpose and scope of data collection and the further processing and use of data by Facebook/google+/Twitter as well as rights and setting options for the protection of your privacy, see the following data protection notices:

 

facebook: https://www.facebook.com/about/privacy/

google+:   https://policies.google.com/privacy?hl=de

Twitter:    https://twitter.com/privacy

 

Additional settings and opt-outs from the use of data for marketing purposes can be found within the platform concerned under profile settings or from the following external websites:

 

US website http://www.aboutads.info/choices/ 

EU website http://www.youronlinechoices.com/

  

The settings cover all platforms (i.e. they will be applied to all devices, whether desktop or mobile).

 

Third party content

 On the basis of our legitimate interests (such as our interest in analysing, optimising and operating our Online Services as per art. 6 para. 1 f GDPR), we use content and services from third parties (hereafter "Third-Party Providers"). This means that content and services, especially videos and typefaces, are embedded in our Online Services and visible to users (hereafter "Content").


For Content from Third-Party Providers to be displayed, we need your IP address. The Third-Party Provider can send Content only to a known IP address, so your IP address is a precondition for the display of Content. We try to use only Content whose Third-Party Provider uses IP addresses solely for the display of content.

Nonetheless Third-Party Providers also use pixel tags. These are also known as web beacons and are explained in the Newsletter section above. Web beacons are invisible graphics used by Third-Party Providers for statistical and marketing purposes. These pixel tags can be used to evaluate information on user behaviour.

 

Pixel tags are used to save anonymous information in cookies on your device. Also saved is technical information on the software configuration of your device (operating system, browser etc.), usage time and further details of your use of our Online Services. This information can then be combined with information from other sources.

 

The following list of Third-Party Providers and their Content contains links to their data protection statements and further information on the processing of data and, where applicable, opt-out:

 

Vimeo and Youtube 

We use Twitter for communication purposes and embed Content from the Vimeo platform as part of our Online Services.

 

Vimeo

We use plug-ins from vimeo.com. The provider is Vimeo LCC, 555 West 18th Street, New York, New York 10011, USA. Every time you access Online Services from SecondSol that involve Vimeo functions (Vimeo plug-in) a connection to the servers of Linked-In will be created. Vimeo will therefore learn which of our Online Services you have accessed. Logged-in Vimeo users will be matched by Vimeo to the personal user account concerned. You can prevent the linking to information about your use of our Online Services by logging out of your Vimeo user account before you use the plug-in. For information on the collection and use of data by the aforementioned platform or plug-ins, see the following data protection information:

 

http://vimeo.com/privacy

 

Youtube 

Videos from the YouTube platform owned by Third-Party Provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, US.

 

Data protection statement: https://www.google.com/policies/privacy/


Opt-out: https://www.google.com/settings/ads/

 

Payment service provider

If you use third-party payment services such as PayPal or instant transfer, the terms and conditions and data protection notices of the Third-Party Provider concerned will apply. These can be found on the websites or transaction applications concerned. 

For users of the Klarna payment service, we request consent to send to Klarna the data necessary for payment processing and identity and credit checking. In Germany, for identity and credit checking, the credit reference agencies specified in Klarna's data protection statement are used.

You can at any time inform Klarna that you revoke your consent for this processing of your personal data.

Data protection notice: https://cdn.klarna.com/1.0/shared/content/policy/data/de_de/data_protection.pdf

 

Changes to this data protection statement

In light of possible changes to the legal situation or to our Online Services, we reserve the right to amend this data protection statement. Where users have provided consent, or where parts of the data protection statement are at the same time provisions of our contractual relationship with users, the changes will be subject to users' consent.

Therefore please ensure you remain up to date with the contents of the most recent version of this data protection statement.



Contact

We takes compliance with statutory regulations for the protection of user data extremely seriously. Users and third parties can contact us at any time if they have any questions regarding this data protection statement and/or the vouchsafing of their rights:

 

SecondSol GmbH

 

Postal address: Märzenquelle 6 | 98617 Meiningen

Tel.: +49 (0) 3693 886 04 81

Email: datenschutz@SecondSol.de