Data protection regulations Meiser Solar GmbH

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is the:

Meiser Solar GmbH
Prof.-Pirlet-Straße 35
D-66679 Losheim

Phone: +49 (0) 6887 / 9590 – 190

Email: solar@meiser.de

Website: solar.meiser.de

Name and address of the data protection officer

In the following, we provide information about the collection of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior.

The controller pursuant to Art. 4 (7) of the EU General Data Protection Regulation (GDPR) for data processing on this website is Meiser Solar GmbH (see our legal notice). You can reach our data protection officer at solar@meiser.de with the addition “Data Protection Officer”.

When you contact us by e-mail or via a contact form, the data you provide (your name, e-mail address and, if applicable, your address) will be stored by us in order to answer your questions or process your request. We delete the data arising in this context after storage is no longer required, or restrict processing if there are statutory retention obligations.

If we use contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail below about the respective processes. We will also state the specified criteria for the storage period.

Collection of general data and information

If you use the website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR):

• IP address
• Date and time of the request
• Time zone difference to Greenwich Mean Time (GMT)
• Content of the request (specific page)
• Access status/HTTP status code
• Amount of data transferred in each case
• Website from which the request comes
• Browser
• Operating system and its interface
• Language and version of the browser software.

In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard disk and assigned to the browser you are using and through which certain information flows to the body that sets the cookie (in this case us). Cookies cannot execute programs or transfer viruses to your computer. They are used to make the website more user-friendly and effective overall.

Use of cookies:

a) This website uses the following types of cookies, the scope and function of which are explained below:

• Transient cookies (see b)
• Persistent cookies (see c).

b) Transient cookies are automatically deleted when you close the browser. These include session cookies in particular. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.

c) Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete the cookies at any time in the security settings of your browser.

d) You can configure your browser settings according to your wishes and, for example, refuse to accept third-party cookies or all cookies. We would like to point out that you may then not be able to use all the functions of this website.

Other functions and offers on our website

In addition to the purely informational use of our website, we offer various services that you can use if you are interested. To do so, you must generally provide additional personal data that we use to provide the respective service and for which the aforementioned data processing principles apply.

In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored.

Furthermore, we may pass on your personal data to third parties if, for example, contracts or similar services are offered by us together with partners. You will receive more detailed information on this when you provide your personal data or in the description of the offer below.

If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the description of the offer

Cookies

Like many other websites, we also use so-called “cookies”. Cookies are small text files that are transferred from a website server to your hard disk. This automatically provides us with certain data such as IP address, browser used, operating system on your computer and your connection to the Internet.

Cookies cannot be used to start programs or transfer viruses to a computer. Using the information contained in cookies, we can make navigation easier for you and enable our websites to be displayed correctly.
Under no circumstances will the data we collect be passed on to third parties or linked to personal data without your consent.

Of course, you can also view our website without cookies. Internet browsers are regularly set to accept cookies. You can deactivate the use of cookies at any time via your browser settings. Please use the help functions of your Internet browser to find out how to change these settings. Please note that individual functions of our website may not work if you have deactivated the use of cookies.

SSL encryption

To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g. SSL) via HTTPS.

Newsletter

With your consent, you can subscribe to our newsletter, with which we inform you about our current interesting offers. The advertised goods and services are named in the declaration of consent.

We use the so-called double opt-in procedure to subscribe to our newsletter. This means that after you have registered, we will send you an e-mail to the e-mail address you have provided in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store the IP addresses you use and the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.

The only mandatory information for sending the newsletter is your e-mail address. The provision of further, separately marked data is voluntary and is used to address you personally. After your confirmation, we will save your e-mail address for the purpose of sending you the newsletter. The legal basis is Art. 6 para. 1 p. 1 lit. a GDPR.

You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided in every newsletter e-mail or by sending a message to the contact details given in the imprint.

Contact form

Due to legal regulations, we offer on our website a quick electronic contact to our company by e-mail or contact form. If a data subject contacts the data controller by e-mail or via a contact form, the personal data transmitted by the data subject is automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the controller are stored for the purposes of processing or contacting the data subject. This personal data is not passed on to third parties.

Deletion or blocking of the data

We adhere to the principles of data avoidance and data economy. We therefore only store your personal data for as long as is necessary to achieve the storage purposes stated here. Once the respective purpose no longer applies or these periods have expired, the corresponding data is routinely blocked or erased in accordance with the statutory provisions.
Your rights to information, rectification, blocking, erasure and objection
You have the following rights vis-à-vis us with regard to the personal data concerning you:

• Right to information
• Right to rectification or erasure
• Right to restriction of processing,
• Right to object to the processing,
• Right to data portability.

If you have given your consent to the processing of your data, you can withdraw it at any time. Such a revocation affects the permissibility of the processing of your personal data after you have given it to us.

Insofar as we base the processing of your personal data on the balancing of interests, you can object to the processing. This is the case if, in particular, the processing is not necessary for the performance of a contract with you, which is described by us in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and will either discontinue or adapt the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue the processing.

Of course, you can object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us of your objection to advertising using the following contact details:

MEISER Solar GmbH
Prof.-Pirlet-Straße 35
D-66679 Losheim

Phone: +49 (0) 6887 / 9590 – 190
Email: solar@meiser.de

You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.

Data protection for applications and in the application process

The controller collects and processes the personal data of applicants for the purpose of handling the application process. Processing may also be carried out electronically. This is particularly the case if an applicant submits relevant application documents to the controller by electronic means, for example by email or via a web form on the website. If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted two months after notification of the rejection decision, unless deletion conflicts with any other legitimate interests of the controller. Other legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).

Google Tag Manager

Our website uses Google Tag Manager, a service provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager enables us to manage website tags via an interface. The tool itself does not store any personal data and does not access such data. It merely triggers other tags, which in turn may collect data under certain circumstances. However, Google Tag Manager does not access this data.

Legal basis of the processing

The processing of personal data through the use of Google Tag Manager is based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the efficient management of tags on our website.

Disclosure of data to third parties

By using the Google Tag Manager, data may be transferred to Google servers in the USA. Google is certified under the EU-U.S. Data Privacy Framework, which ensures an adequate level of data protection.

Use of Google Analytics

This website uses Google Analytics, a web analysis service of Google Inc (“Google”). Google Analytics uses so-called cookies, which are stored on your computer and enable your use of the website to be analyzed. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. This website uses Google Analytics with the extension “_anonymizeIp()”. This means that IP addresses are only processed further in abbreviated form, so that they cannot be linked to a specific person. If the data collected about you is personally identifiable, it is immediately excluded and the personal data is deleted immediately. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator.
The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
In addition to the recommendation in § 3 para. 3 lit. d, you can prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking on this link: Opt-Out Cookie (Note: Information on the integration of the opt-out cookie can be found at: https://developers.google.com/analytics/devguides/collection/gajs/?hl=de#disable]. An opt-out cookie will be set to prevent the future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device.
We use Google Analytics to analyze and regularly improve the use of our website. We can use the statistics obtained to improve our offer and make it more interesting for you as a user. The legal basis for the use of Google Analytics is Art. 6 para. 1 p. 1 lit. f GDPR. The maximum storage period for personal data is 14 months.
Information from the third-party provider and URL with its privacy policy: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. User conditions: http://www.google.com/analytics/terms/de.html, overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html, as well as the privacy policy: http://www.google.de/intl/de/policies/privacy. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework

Use of the LinkedIn Insight Tag

We use the LinkedIn Insight Tag on our website. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
The LinkedIn Insight Tag is a JavaScript code that can be used to collect data on the behavior of visitors to our website – in particular to measure conversions, to create target groups for advertisements (“retargeting”) and to analyze LinkedIn campaigns.
The Insight Tag enables LinkedIn to collect information such as:

• IP address,
• Device and browser properties (user agent),
• Referrer URL,
• Page views,
• and timestamp

to record. This data is encrypted, pseudonymized within seven days and deleted within 90 days, unless it is required for advertising purposes.

Purpose of data processing

The Insight Tag is used for marketing and analysis purposes, in particular to measure the success of LinkedIn campaigns and to display targeted advertising outside our website.

Legal basis

Your data is processed on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR, provided that you have given us this consent via our Consent Management Tool.
The LinkedIn Insight Tag is only integrated after you have given your express consent via our Consent Tool. No data will be transferred to LinkedIn without your consent.
You can revoke your consent at any time with effect for the future by adjusting the settings in the consent tool.

Data transfer to third countries

The data collected may also be processed outside the European Union, in particular in the USA. LinkedIn is certified under the EU-U.S. Data Privacy Framework and is thus committed to maintaining an adequate level of data protection in accordance with the GDPR.
Further information on data protection at LinkedIn can be found at:
https://www.linkedin.com/legal/privacy-policy

Use of social media plug-ins

We currently use the following social media plug-ins: Facebook, Xing, LinkedIn, Google Maps. We use the so-called two-click solution. This means that when you visit our website, no personal data is initially passed on to the providers of the plug-ins. You can recognize the provider of the plug-in by the marking on the box above its initial letter or the logo. We give you the option of communicating directly with the provider of the plug-in via the button. Only if you click on the marked field and thereby activate it will the plug-in provider receive the information that you have accessed the corresponding website of our online offering. In addition, the data mentioned under “Collection of general data and information” in this statement is transmitted. In the case of Facebook and Xing, according to the respective providers in Germany, the IP address is anonymized immediately after collection. By activating the plug-in, your personal data is therefore transmitted to the respective plug-in provider and stored there (for US providers in the USA). Since the plug-in provider collects data in particular via cookies, we recommend that you delete all cookies via your browser’s security settings before clicking on the grayed-out box.
We have no influence on the data collected and data processing operations, nor are we aware of the full extent of data collection, the purposes of processing or the storage periods. We also have no information on the deletion of the data collected by the plug-in provider.
The plug-in provider stores the data collected about you as usage profiles and uses these for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to display needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. We offer you the opportunity to interact with the social networks and other users via the plug-ins so that we can improve our offering and make it more interesting for you as a user.
Data is passed on regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, your data collected by us will be assigned directly to your existing account with the plug-in provider. If you click the activated button and, for example, link the page, the plug-in provider also saves this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as this way you can avoid being assigned to your profile with the plug-in provider.
Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the data protection declarations of these providers provided below. There you will also receive further information on your rights in this regard and setting options to protect your privacy.

Addresses of the respective plug-in providers and URL with their data protection notices:

a) Facebook Inc, 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

b) Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

c) Xing AG, Gänsemarkt 43, 20354 Hamburg, DE; http://www.xing.com/privacy.

d) LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy. LinkedIn has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

Integration of YouTube videos

We have integrated YouTube videos into our online offering, which are stored on http://www.YouTube.com and can be played directly from our website. These are all integrated in “extended data protection mode”, i.e. no data about you as a user is transferred to YouTube if you do not play the videos. Only when you play the videos will the data mentioned in paragraph 2 be transmitted. We have no influence on this data transfer.
The legal basis for the integration of YouTube videos is Art. 6 para. 1 p. 1 lit. f GDPR.
By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned under § 3 of this declaration will be transmitted. This takes place regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on YouTube, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.
Further information on the purpose and scope of data collection and its processing can be found in Google’s data protection declarations, cf. 5.

Vimeo (video integration)

Description & Purpose

We integrate videos from the Vimeo platform on individual pages in order to present our content clearly. The provider is Vimeo, Inc, 330 West 34th Street, 5th Floor, New York, NY 10001, USA (“Vimeo”).

Functionality / Two ways of activation

We use a “two-click solution” to protect your data. This means

1. release via the cookie consent tool

If you activate the “External media” category in the content tool, Vimeo content is automatically loaded on the corresponding pages. This establishes a connection to Vimeo and data can be transferred (see “Data categories” below).

2. release via button on the page (“click to load”)

If you have not given your consent in the consent tool, we will initially show a placeholder instead of the video. Only when you actively click on “Load Vimeo” (and thus consent to data transmission) will the video be loaded and a connection to Vimeo established. This consent applies to the video clicked on or – if offered and selected by you – to the page/session.

Legal basis

The legal basis for loading and playing Vimeo videos is your consent (Art. 6 para. 1 lit. a GDPR).

Insofar as we use technologies to preload placeholder elements that are purely technically necessary (without data transmission to Vimeo), this is done on the basis of our legitimate interest in a data protection-friendly and functional presentation (Art. 6 para. 1 lit. f GDPR).
Technologies used (cookies/storage/pixels)

Upon activation, cookies and similar technologies can be set or read by Vimeo and associated domains (e.g. vuid, player, as well as content from player.vimeo.com, i.vimeocdn.com, vimeo.com). The expiry periods vary (sometimes up to 2 years for individual cookies). In addition, local storage (local storage/session storage) can be used to save your settings (e.g. volume, autoplay).

Data categories
– IP address, date and time of access, URL/referrer accessed
– device and browser information (user agent, operating system, screen resolution)
– interaction data with the video (play, pause, seek, duration viewed)
– technical IDs/cookie IDs if applicable; depending on configuration, also approximate location data (derived from IP)

If you are logged in to Vimeo, Vimeo can assign the page view and the interactions to your account.

Recipients & third country transfer

The recipient of the data is Vimeo, Inc. (USA) and any sub-processors used by Vimeo (e.g. for CDN/streaming). A transfer to the USA cannot be ruled out. If Vimeo is certified for the EU-US Data Privacy Framework, the transfer takes place on this basis; otherwise it is based on EU standard contractual clauses (Art. 46 GDPR). Please note that risks (e.g. access by authorities) cannot be completely ruled out in the case of third country transfers.

Storage duration

We ourselves do not store any personal video usage profiles via the Vimeo integration. The storage duration of cookies/IDs depends on the specifications of Vimeo (e.g. vuid up to 2 years). Further details can be found in Vimeo’s privacy policy.

Revocation of consent / opt-out

You can revoke your consent at any time with effect for the future:
– via our cookie consent tool: [insert link to “cookie settings”] (deactivate the category [category name])
– by reloading the page without enabling it or by deleting the cookies/storage entries set in your browser

Please note: Without consent, the Vimeo video will not be loaded; you will see the placeholder instead.

Notes on data-saving integration

As far as technically possible, we use data protection-friendly integration (e.g. placeholders until release, use of the dnt=1 parameter in the player if necessary). However, data will only be transferred to Vimeo after you have given your active consent.

Further information from the third-party provider

Details on data processing can be found in Vimeo’s privacy policy: https://vimeo.com/privacy
Information on cookies/tracking at Vimeo: https://vimeo.com/cookie_policy

Obligation to provide

The provision of your personal data is neither legally nor contractually required. However, the videos cannot be displayed without your consent.

OpenStreetMap

We incorporate maps from the OpenStreetMap service (https://www.openstreetmap.org), which are offered on the basis of the Open Data Commons Open Database License (ODbL) by the OpenStreetMap Foundation (OSMF). The privacy policy of the OpenStreetMap Foundation can be found here: https://wiki.osmfoundation.org/wiki/Privacy_Policy. Our website obtains the map content from https://www.openstreetmap.de, which is operated by FOSSGIS e.V., Römerweg 5, 79199 Kirchzarten. You can find the privacy policy of FOSSGIS e.V. here: https://www.fossgis.de/datenschutzerklaerung.

To our knowledge, your data is used by OpenStreetMap exclusively for the purpose of displaying the map functions and temporarily storing the selected settings. This data may include in particular:
IP address for the delivery of data, storage in logs is anonymized,
browser and device type,
operating system
the fact that you are accessing OpenStreetMap content from this website, and
the date and time of the request.

OpenStreetMap is used for the purpose of making it easy to find the locations specified by us on the website.

Online appointment booking with Calendly

Purpose and scope of processing

We use the Calendly service of the provider Calendly, LLC, 115 E Main St, Ste A1B, Buford, GA 30518, USA (“Calendly”) to make appointments.

Depending on use, the following data in particular is processed:

– Master data: Name, e-mail address, telephone number if applicable, company, position.
– Appointment data/content: selected appointment, time zone, request/release text, invitation/confirmation e-mails.
– Technical data: IP address, date/time, device/browser information, referrer.
– When embedded in our website (widget/iFrame): cookies/similar technologies may be used and third-party resources may be loaded (see “Embedding & cookies” and “External resources” below).
Legal basis
– Contract / pre-contractual measures (Art. 6 para. 1 b GDPR): Making appointments with (potential) customers/prospects, support/project appointments.
– Legitimate interest (Art. 6 para. 1 f GDPR): efficient organization of appointments and reduction of queries; use is voluntary for you.
– Consent (Art. 6 para. 1 a GDPR in conjunction with § 25 para. 1 TTDSG): for the embedded Calendly widget as well as optional marketing/analysis integrations and the reloading of external resources, unless they are absolutely necessary.
Integration via our consent tool (CMP) – two triggers, one legal basis (consent)
We control the integration of Calendly via our cookie/consent tool (CMP):
1. Already permitted: If you have previously accepted the relevant “External media” categories in the CMP, the Calendly widget is automatically loaded as soon as you call up the relevant page.
2. not yet allowed: If the categories have not yet been accepted, we first show a placeholder/hint. By clicking on “Unlock content”, you give your consent for the required categories in the CMP; the widget is then loaded.
Revocation: You can change your consent at any time with effect for the future in the cookie settings; the widget is then no longer loaded and the placeholder appears again.

Roles, order processing & subcontracted processing

– For appointment/invitee data, Calendly processes the data as our processor on the basis of a Data Processing Addendum (Art. 28 GDPR).
– Calendly uses sub-processors (e.g. infrastructure, email, CDN, security, support service providers) within the framework of the DPA; Calendly publishes the current list of sub-processors and informs about changes with a reasonable lead time.
– Special case of embedding: We and Calendly can each be independently responsible for cookie/tracking data from the embedded iFrame (controller-to-controller constellation). We only load the widget after consent.

Third country transfer

Personal data may be transferred to third countries (in particular the USA). Where relevant, Calendly relies on adequacy decisions (e.g. EU-US Data Privacy Framework) or appropriate safeguards such as EU Standard Contractual Clauses (SCCs). Calendly provides further information in its data protection documents.

External resources within the Calendly widget

These resources are only loaded when the widget is released – in accordance with the above CMP logic (automatically after prior approval or after clicking in the placeholder):

Web fonts (Google Fonts)

Google web fonts can be loaded from fonts.googleapis.com/fonts.gstatic.com to display the form. For technical reasons, the IP address is transmitted to Google; according to the manufacturer, Google Fonts does not set any cookies.
Legal basis: Consent (Art. 6 para. 1 lit. a GDPR; § 25 para. 1 TTDSG)
Recipient: Google LLC, USA

Bot/spam protection (Google reCAPTCHA)

Google reCAPTCHA (v3) can be used to prevent abuse/spam. Usage/device information (including IP address, user agent, interactions) is processed; reCAPTCHA sets the required _GRECAPTCHA cookie for this purpose. Content is loaded from www.google.com/recaptcha and www.gstatic.com/recaptcha (regionally also www.recaptcha.net), among others.
Legal basis: Consent (see CMP logic above) or legitimate interest (Art. 6 para. 1 lit. f GDPR) in IT security
Recipient: Google LLC, USA

Content Delivery Networks (CDN)

CDNs such as Amazon CloudFront and/or Cloudflare can be used for fast/secure delivery of static content. Connection data (e.g. IP address, time, requested resources) is processed.
Legal basis: Consent (for embedding), alternatively legitimate interest for compelling security/performance purposes
Recipients: Amazon Web Services, Inc.; Cloudflare, Inc.; other service providers named in Calendly’s sub-processor list
Optional integrations (only if activated by us)

Meta/Facebook Pixel

If we use the Meta Pixel integration in Calendly, interactions on the Calendly booking pages (e.g. page views, date selection, appointment booking) are transmitted to Meta Platforms; the script is usually loaded from connect.facebook.net.
Legal basis: Consent (Art. 6 para. 1 lit. a GDPR; Section 25 para. 1 TTDSG – Marketing) via the CMP
Revocation: at any time in the cookie settings

Google Analytics 4 (GA4)

If we have stored GA4 in Calendly, Google measures interactions on the Calendly booking pages (events such as calls/appointment bookings).

Legal basis: Consent (Art. 6 para. 1 lit. a GDPR; § 25 para. 1 TTDSG – Analysis) via the CMP
Revocation: at any time in the cookie settings

Payments via Stripe (only for chargeable appointments)

We use Stripe for paid event types in Calendly. For payment processing, content/scripts are loaded from Stripe domains (e.g. js.stripe.com, m.stripe.com); Stripe may use necessary cookies/similar technologies for fraud prevention/session management.
Legal basis: Art. 6 para. 1 lit. b GDPR (implementation of pre-contractual/contractual measures); TTDSG as far as necessary

Storage duration

We delete appointment data as soon as it is no longer required for the purpose for which it was collected; specific deadlines:
– appointment details/communication: [e.g. 12 months] after the last contact, provided there are no statutory retention periods to the contrary.
– System/account data at Calendly: in accordance with Calendly’s guidelines.
Obligation to provide
The provision of contact and appointment details is required to make an appointment. No booking is possible without this information. Use of the embedded widget is voluntary; alternatively, you can contact us by email/phone, for example.
Security & Compliance
Calendly provides information on technical and organizational measures (TOMs) and security/compliance certifications (e.g. SOC/ISO). We check these regularly as part of our supplier management.

Your rights

You have – within the scope of the legal requirements – the right to information, correction, deletion, restriction, data portability and objection to processing on the basis of Art. 6 para. 1 f GDPR. You can revoke your consent at any time with effect for the future.

To exercise your rights, please contact us (see above). You also have the right to lodge a complaint with a data protection supervisory authority.