Information on the processing of your data in accordance with Article 13 of the General Data Protection Regulation (GDPR)

1. responsible person

Responsible for this website:
Meiser Solar GmbH
Prof.-Pirlet-Straße 35
D-66679 Losheim
Phone: +49 6887 / 9590-190
E-mail: solar@meiser.de
Website: https://solar.meiser.de

2. data protection officer

We have appointed the following data protection officer:
Verimax GmbH
Warndtstr. 116
66127 Saarbrücken
E-mail: dsb.meiser-solar@verimax.de
E-mail: datenschutz@meiser.de (alternatively: solar@meiser.de, subject “Data Protection Officer”)
Postal address as above (for the attention of the Data Protection Officer)

3. provision of the website & server log files

Purpose of the processing:

When you visit our website, our server automatically processes the following personal data:

• IP address,
• Date/time of access,
• Host name of the accessing computer,
• Website from which our website was accessed,
• Websites that are accessed from our website,
• Visited page on our website,
• Message indicating whether the retrieval was successful,
• Amount of data transferred,
• Information about the browser type and version used,
• Information about the operating system.

The temporary storage of the data is necessary for the course of a website visit in order to enable the website to be delivered. Further storage in log files takes place to ensure the functionality and stability of the website and the security of the information technology systems (e.g. to prevent misuse). This is also the basis of our legitimate interest in data processing.

Legal basis:
The data is processed on the basis of Art. 6 para. 1 lit. f GDPR.

Recipients of the data:
Your data will only be transmitted to the employees of our company responsible for the underlying circumstances.

As we also use service providers for some of the above-mentioned purposes, it is possible that they may also have access to personal data. A data processing agreement (DPA) has been concluded with the relevant service providers.

For some processing operations, it cannot be ruled out that data may also be transferred to third countries. In these cases, we ensure the implementation of data protection regulations by means of suitable guarantees (Art. 46 GDPR).

Storage period:
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the provision of the website, this is the case when the respective session has ended. The log files are stored directly for a maximum of 24 hours and are only accessible to administrators. After that, they are only available indirectly via the reconstruction of data backups and are permanently deleted after 4 weeks.

4. no automated decision-making

We do not use exclusively automated decision-making including profiling within the meaning of Art. 22 GDPR.

5. obligation to provide

The provision of personal data is generally voluntary. It is required for certain services (e.g. appointment booking, newsletter, contact requests). We cannot provide the respective service without the relevant information. External content (e.g. videos, maps) will not be loaded without consent.

6. as the person concerned

You have the following rights:

• Right to information (Art. 15),
• Right to rectification (Art. 16),
• Right to erasure (Art. 17),
• Right to restriction of processing (Art. 18),
• Right to data portability (Art. 20),
• Right to object (Art. 21 GDPR).

You can revoke your consent at any time with effect for the future (e.g. in the CMP).

You also have the right to lodge a complaint with a data protection supervisory authority. The supervisory authority responsible for us can be contacted as follows:

Independent Data Protection Center Saarland
Fritz-Dobisch-Straße 12, 66111 Saarbrücken
Phone: +49(0)681/947810
E-mail: poststelle@datenschutz.saarland.de

Contact for rights/revocation: see responsible person/data protection officer.

7. contact (e-mail/contact form)

When you contact us, we process the data you provide (e.g. name, e-mail, message) to process your request.
Legal basis: Art. 6 para. 1 lit. b GDPR (unfortunately, we cannot process your request without the provision of basic information) or lit. a GDPR (processing is based on the information you provide to us and the associated consent).
You have the option of withdrawing your consent at any time with effect for the future.

Storage period:
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. The statutory retention obligations remain unaffected.

Please note that a request by e-mail is generally transmitted unencrypted via various providers and therefore access to your e-mail before it is stored in our systems can also be unauthorized. Furthermore, it cannot be ruled out that e-mails may be transmitted to third countries and that we can only guarantee the security of processing in our systems.

If you use our contact form, we need basic information to process your request. It is therefore mandatory to provide the following information: name, telephone number, e-mail address.

8. newsletter (double opt-in)

We only need your e-mail address to send you the newsletter. After registration you will receive a confirmation email (double opt-in). We log registration/confirmation (IP, times) for verification purposes.
Legal basis: Art. 6 para. 1 lit. a GDPR.
Revocation: at any time via unsubscribe link or contact us.
Storage duration DOI logs: e.g. 3 years (limitation periods).

9. applications

We process applicant data to carry out the application process; in the case of recruitment to carry out the employment relationship.
Legal basis: § 26 BDSG (Germany) or Art. 6 para. 1 lit. b GDPR; if applicable Art. 6 para. 1 lit. f GDPR (legal defense). Storage period: in the event of rejection, usually 2 months after notification of the decision; longer storage only with consent or legitimate interest (e.g. obligation to provide evidence under the AGG).

10. cookies & consent management

We use various cookies and third-party services on our website, which we describe below.

Technically necessary cookies
Technically necessary cookies are required to enable you to view the content of our website as well as basic required functionalities.
This constitutes our legitimate interest as a legal basis (Art. 6 para. 1 lit. f GDPR). Without the storage of any cookies, visiting and displaying our website is unfortunately only possible to a very limited extent.

Analysis/statistics/marketing cookies
We only set analysis, statistics and marketing cookies with your consent (Art. 6 para. 1 lit. a GDPR).

You can adjust your settings at any time in the cookie settings (revocation with effect for the future). You can find the duration and categories of individual cookies in the cookie list there.

11 Borlabs Cookie (Consent Management Platform – CMP)

Provider: Borlabs GmbH, Hamburger Str. 11, 22083 Hamburg, Germany.

Purpose: We use the Borlabs Cookie Consent Management Tool (CMP) to obtain and manage the legally required consent to the storage of certain cookies and the use of certain third-party services. The tool logs your decisions (acceptance/rejection) for the verifiability of consent.
Data: Borlabs stores a technically necessary cookie (borlabs-cookie) in your browser, which stores the consent preferences you have made. This cookie does not store any direct personal data (such as name or IP address), but pseudonymous information about the status of your consent. In addition, the time of granting/withdrawing consent and a pseudonymous identifier are stored.
Legal basis:

• The storage of consent in a cookie is based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in conjunction with Section 25 para. 2 no. 2 TDDDG in order to ensure the lawful implementation of cookie consent management.
• Consent is documented on the basis of accountability (Art. 5 para. 2 GDPR) in conjunction with Art. 6 para. 1 lit. c GDPR.

Storage period: The Borlabs cookie (borlabs-cookie) has a typical duration of 12 months. The logging of consent is usually stored for 3 years for verification purposes (taking into account the regular limitation period).

12 Google Tag Manager (GTM)

Provider: Google Ireland Limited.
The GTM manages tags but does not store any personal data itself. Non-essential tags (e.g. analytics/marketing) are only activated after consent has been given. You can revoke this at any time with effect for the future.
Legal basis: Art. 6 para. 1 lit. a GDPR
Third country transfer: Google LLC (USA) – EU-US Data Privacy Framework (DPF).

13. web analytics with Google Analytics 4 (GA4)

Provider: Google Ireland Limited
Purpose: Reach measurement/statistics.
Data: including page views, events/interactions, device/browser data; IP anonymization is active by default.
Legal basis: Consent (Art. 6 para. 1 lit. a GDPR)
Storage period for event data: configuration-dependent (e.g. 2 or 14 months).
Third country transfer: Google LLC (USA) – EU-US Data Privacy Framework (DPF)
Revocation: Consent can be revoked at any time with effect for the future in the CMP (cookie settings). Google also offers a browser opt-out add-on.

14th LinkedIn Insight Day

Provider: LinkedIn Ireland Unlimited Company.
Purposes: Conversion measurement, target group formation (retargeting), campaign analysis.
Data: IP address, user agent, referrer, page views, timestamp; according to LinkedIn pseudonymization within 7 days, deletion within 90 days.
Legal basis: Consent (Art. 6 para. 1 lit. a GDPR).
Third country transfer: LinkedIn Corporation (USA) – EU-US Data Privacy Framework (DPF)
Revocation: Consent can be revoked at any time with effect for the future in the CMP (cookie settings).

15. vimeo (video integration)

We embed videos from the platform Vimeo, Inc, 330 West 34th Street, New York, USA on individual pages.

The integration only takes place after your consent (CMP category “External media”).

Data: IP address, date/time, URL/referrer, device/browser information, interaction data (play/pause), technical IDs if applicable.
Cookies/storage: e.g. vuid, player (duration up to 2 years).
Legal basis: Art. 6 para. 1 lit. a GDPR
Third country transfer: USA – DPF or SCCs.
Revocation: Consent can be revoked at any time with effect for the future in the CMP (cookie settings).

16 WPML (Multilingual WordPress plugin)

Provider: OnTheGoSystems Limited, 22/F 3 Lockhart Road, Hong Kong, Wanchai, China.
Purpose: WPML (WordPress Multilingual Plugin) is used to manage the multilingualism of our website in order to display the content in your preferred language.
Cookies/Data: WPML may set technically necessary cookies to store the user’s current language and to manage language selection during browsing.
Cookies/storage: e.g: _icl_current_language (duration: 1 day)
Legal basis: The processing is technically necessary to provide the functionality (multilingualism) and thus serves our legitimate interest (Art. 6 para. 1 lit. f GDPR) in the user-friendly and functional design of our website.
Storage period: Up to 1 day (except session cookies).

17. online appointment booking with Calendly

Provider: Calendly LLC, 115 E Main St, Buford, GA 30518, USA.
Purpose: Making appointments (booking, confirmation/reminder emails).
Data: Name, e-mail, telephone if applicable, company, position, selected appointment, time zone, free text; technical data (IP, browser, times).

a) Integration & legal basis

The widget will only be loaded once you have given your consent via the cookie/consent tool (category “External media”).
Legal basis:

• Art. 6 para. 1 lit. b GDPR (making an appointment)
• Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TDDDG (embedding/tracking)
• Art. 6 para. 1 lit. f GDPR (IT security e.g. reCAPTCHA)

b) Active integrations within Calendly

The following integrations are active in our Calendly account:

• Meta Pixel (Meta Platforms Ireland Ltd. / Inc.)
  Purpose: Measurement of conversions and advertising success. Data: IP address, browser, device, page views, interactions.
• Google Analytics 4 (Google Ireland Ltd. / LLC)
  Purpose: Analysis of interactions on the Calendly booking pages. Data: Events, browser/device, IP (shortened).
• Stripe Payments (Stripe Payments Europe Ltd. / Inc.)
  Purpose: Processing of payments for chargeable appointments. Data: Payment information, name, e-mail, amount.

These integrations are managed within the Calendly widget by Calendly and run technically independent of our CMP (from Calendly domain).
The processing is carried out under the independent responsibility of Calendly and the respective third-party providers (controller-to-controller relationship).
Legal basis: Your consent (Art. 6 para. 1 lit. a GDPR, § 25 para. 1 TDDDG) for loading the widget (“External media”).
Third country transfer: USA – EU-US Data Privacy Framework (DPF) or Standard Contractual Clauses (SCCs).
Recipients: Calendly LLC (USA), Meta Platforms Inc (USA), Google LLC (USA), Stripe Inc (USA) and their EU units.

c) Further resources in the widget

When activated, the following are loaded:

• Google Fonts (IP transmission technically required)
• Google reCAPTCHA (_GRECAPTCHA cookie) for spam protection
• CDNs (e.g. Cloudflare / AWS) for fast provisioning

d) Storage period

Date data = as long as required for processing or project purpose (e.g. 12 months after contact); system data according to Calendly guidelines.

18. recipients & third country transfers (overview)

We only pass on data if there is a legal basis (e.g. order processing, consent, contract, legitimate interest).

19. changes to this data protection information

We will adapt these notes if the legal situation, our services or technical principles change. The current version is available on this website.