Privacy Policy
The protection of your personal data is very important to us and has the highest priority in our actions. The following information gives a simple overview of what happens to your personal data when you visit our website. Personal data are all data with which you can be personally identified. For detailed information on data protection, please refer to our privacy policy set out below.
The terms used are not gender-specific.
1. Name and address of the controller
The controller responsible for data processing is:
clever-PV GmbH Sebastian-Rieger-Straße 18 86899 Landsberg am Lech
(hereinafter "clever-PV").
For questions and suggestions regarding data protection and these privacy provisions, you can contact us at any time at: info@clever-PV.com
2. Data collection on our website
Personal data is information that relates to an identified or identifiable natural person (Art. 4 No. 1 GDPR). This includes in particular names, address data, telephone numbers or email addresses.
Each time you access our website or our app, information is stored in a log file by our hosting provider. These so-called log files contain information about files accessed, status codes, timestamps and system information. This data is not personal data and does not allow any conclusions to be drawn about a specific person. IP addresses are also stored in log files. For us, these cannot be directly assigned to a specific person.
When you visit our website, we collect the aforementioned data that is technically necessary for us to display our website to you and to ensure stability and security. The legal basis for processing is the necessity to safeguard our legitimate interests in accordance with Art. 6 (1) (f) GDPR.
The provider of the pages automatically collects and stores information in so-called server log files that your browser automatically transmits to us. This includes: browser type and version, operating system used, referrer URL, hostname of the accessing computer, time of server request, IP address. This data is not merged with other data sources.
Some of the data is collected to ensure error-free provision of the website. This includes controlling and regulating systems that you have registered on this website/app yourself, such as vehicles, switches, electricity meters, wallboxes, inverters. Other data may be used to analyse your user behaviour.
3. External hosting
In order to provide our online offer securely and efficiently, we use the services of one or more web hosting providers from whose servers (or servers managed by them) the online offer can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services as well as security and technical maintenance services.
The data processed in the context of providing the hosting offer may include all information relating to users of our online offer that arises in the context of use and communication. This regularly includes the IP address, which is necessary to deliver the contents of online offers to browsers, and all data entered within our online offer or on websites.
Email sending and hosting: The web hosting services we use also include sending, receiving and storing emails. For these purposes, the addresses of recipients and senders as well as other information regarding email transmission (e.g. the providers involved) and the contents of the respective emails are processed. The aforementioned data may also be processed for the purpose of SPAM detection. Please note that emails are generally not sent encrypted on the internet. As a rule, emails are encrypted in transit, but (unless end-to-end encryption is used) not on the servers from which they are sent and received. We cannot therefore assume any responsibility for the transmission path of emails between the sender and receipt on our server.
Collection of access data and log files: We ourselves (or our web hosting provider) collect data on each access to the server (so-called server log files). The server log files may include the address and name of the web pages and files accessed, date and time of access, data volumes transferred, message about successful access, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a rule, IP addresses and the requesting provider.
The server log files can be used for security purposes, e.g. to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks) and to ensure the load and stability of the servers. Legal basis: Legitimate interests (Art. 6 (1) sentence 1 (f) GDPR). Processed data types: Content data (e.g. entries in online forms), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses). Data subjects: Users (e.g. website visitors, users of online services).
4. SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders, registration of third-party systems or enquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
If there is an obligation to transmit your payment data (e.g. account number for direct debit) to us after the conclusion of a paid contract, this data is required for payment processing. Payment transactions via the common means of payment (Visa/MasterCard, direct debit) are carried out exclusively via an encrypted SSL or TLS connection. When encryption is active, your payment data transmitted to us cannot be read by third parties.
5. Cookies
The internet pages sometimes use so-called cookies. Cookies do not cause any damage to your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser. Most of the cookies we use are so-called "session cookies". They are automatically deleted after your visit. Other cookies remain stored on your device until you delete them. These cookies enable us to recognise your browser on your next visit. You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. When cookies are deactivated, the functionality of this website may be restricted. Cookies that are required for the electronic communication process or for the provision of certain functions requested by you (e.g. automatic login) are stored on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimised provision of its services. Insofar as other cookies (e.g. cookies for analysing your surfing behaviour) are stored, these are dealt with separately in this privacy policy.
6. Contact form
If you send us enquiries via the contact form, your details from the enquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We do not pass on this data without your consent. The processing of the data entered in the contact form is therefore based exclusively on your consent (Art. 6 (1) (a) GDPR). You can revoke this consent at any time. An informal notification by email to us is sufficient. The lawfulness of the data processing operations carried out until the revocation remains unaffected by the revocation. The data you entered in the contact form will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your enquiry has been processed). Mandatory statutory provisions – in particular retention periods – remain unaffected.
7. Contact for applications
If you contact us to submit your application as an employee, e.g. by email or via a contact form, the data you provide (e.g. name, email address, desired place of work, application documents, etc.), your message and the application documents submitted will be processed exclusively for the purpose of processing and handling your application.
The legal basis for data processing is primarily Section 26 of the German Federal Data Protection Act (BDSG). Accordingly, the processing of data that is necessary in connection with the decision on the establishment of an employment relationship is permitted.
If the data is required for the assertion or defence of legal claims after the application procedure has been completed, data processing may be carried out to protect our legitimate interests in accordance with Art. 6 (1) (f) GDPR.
8. Use of the clever-PV service
To use the clever-PV service via the clever-PV app, it is necessary to create a clever-PV user account. In this context, the following personal data that we store must be entered: email address, password for the user account. We collect this data in order to create a user account for you and to provide you with access to the clever-PV service. In addition, the following personal data is stored if voluntarily provided: name, date of birth, address, telephone number, electricity tariff and instalment payment, information on living conditions (household members, type of accommodation, size of accommodation), information on existing electrical appliances, information on existing vehicles, size and design of your photovoltaic system. We use this data to carry out analyses based on your personal circumstances regarding your energy consumption, on the basis of which we provide you with recommendations for savings, cost forecasts for electricity consumption, etc. We also use this data to contact you by email or post if necessary or to send you information about clever-PV services or offers from partners.
When the clever-PV service is activated, we store the following data on energy consumption: meter readings (consumption), meter readings (feed-in), meter readings (electricity production), power values, metering point number, meter ID, energy data from battery storage, energy data from charging stations, energy data from other connected devices, device type. We need this data to provide you with information about your energy consumption. We analyse and aggregate this data to make it available to you in the clever-PV app or for the use of other services you have selected. If you use the clever-PV service via your metering point operator and/or energy supplier, this data will be made available to your metering point operator and/or energy supplier after your release so that they can create a billing based on consumption values and provide you with contractually agreed support and customer services.
9. Recipients of data
Your data remains with clever-PV GmbH and is processed by us; as a rule, we do not pass on or make this data accessible to third parties.
If access to your data is necessary for the use of services from clever-PV partners, you as a user must explicitly (e.g. by consent with third parties) declare that you release your data for use.
The collection of measured values is carried out using the digital electricity meter used by the customer; the evaluation of electricity consumption behaviour for the offer of value-added services within the framework of the data protection consents granted is the responsibility of clever-PV GmbH; the billing of electricity consumption is the responsibility of the partner, while the transmission of the meter reading to the billing date is carried out under joint responsibility. Both partners ensure the security of personal data through technical and organisational measures.
If you wish to subscribe to the newsletter offered on the website, we require an email address from you as well as information that allows us to verify that you are the owner of the email address provided and agree to receive the newsletter.
10. Microsoft Azure
The clever-PV application or app is hosted by the external service provider Microsoft Azure (host). The personal data collected on this website is stored on their servers. This may include in particular IP addresses, contact enquiries, meta and communication data, contract data, contact data, names, website access and other data generated via a website. This is done for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 (1) (b) GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 (1) (f) GDPR). Our host will only process your data to the extent necessary to fulfil its contractual obligations and will follow our instructions with regard to this data. We use the following host: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. To ensure data protection-compliant processing, we have concluded a data processing agreement. Microsoft's level of data protection has been confirmed by the European Commission's adequacy decision.
11. Newsletter
No further data is collected or only on a voluntary basis. For the processing of the newsletter we use the newsletter service provider Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany. Sendinblue is a service that can be used to organise and analyse the sending of newsletters, among other things. The data you enter for the purpose of subscribing to the newsletter is stored on Sendinblue's servers in Germany. With the help of Sendinblue, we are able to analyse our newsletter campaigns. For example, we can see whether a newsletter message was opened and which links were clicked. This allows us to determine which links were clicked particularly often. We can also see whether certain predefined actions were carried out after opening/clicking (conversion rate). For example, we can see whether you made a purchase after clicking on the newsletter. Sendinblue also enables us to subdivide newsletter recipients into different categories ("clustering"). Newsletter recipients can be subdivided by age, gender or place of residence, for example. In this way, newsletters can be better adapted to the respective target groups. If you do not want any analysis by Sendinblue, you must unsubscribe from the newsletter. We provide a corresponding link in each newsletter message. For detailed information on the functions of Sendinblue, see: https://de.sendinblue.com/newsletter-software/. The data you have provided to us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after unsubscribing. Data that we have stored for other purposes remains unaffected. After you have unsubscribed from the newsletter distribution list, your email address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. We have concluded a data processing agreement (DPA) with the provider mentioned above.
12. Google Analytics
This website does not currently use Google Analytics.
13. Payment provider Mollie
We use mollie B.V., Keizersgracht 121, NL-1015CJ Amsterdam, Netherlands, as our payment service provider for payment processing, regardless of which payment method you use. Your payment data is collected, stored and only passed on to the companies involved in the payment process in accordance with Art. 6 (1) sentence 1 (b) GDPR. As a company based in the EU, Mollie is subject to the provisions of the European General Data Protection Regulation (GDPR). For more information on data protection by mollie, please refer to mollie's privacy policy: https://www.mollie.com/de/privacy. You can object to the processing of your data at any time by sending a message to mollie. However, mollie may still be entitled to process your personal data if this is necessary for contractual payment processing. A revocation does not affect the validity of past data processing operations.
14. Ticket system
a) ClickUp: For processing support requests we use the ticket tool ClickUp of Mango Tegnologies Inc, 215 Lowell Ave, Palo Alto, CA 94301, United States (hereinafter "ClickUp"). We process the data of your request that you send to us. This also results in data transfers to ClickUp's AWS servers in the United States of America. There is no adequacy decision of the EU Commission for data transfers to the USA. ClickUp therefore ensures an adequate level of data protection through the use of EU standard contractual clauses.
b) Zendesk: We use the CRM system Zendesk to process user enquiries. The provider is Zendesk, Inc., 1019 Market Street, San Francisco, CA 94103, USA. We use Zendesk to be able to process your enquiries quickly and efficiently. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. You can only submit enquiries with your email address and without your name. The messages sent to us will remain with us until you ask us to delete them or the purpose for storing the data no longer applies (e.g. after your enquiry has been processed). Mandatory statutory provisions – in particular retention periods – remain unaffected. Zendesk has Binding Corporate Rules (BCR) that have been approved by the Irish data protection authority. We have concluded a data processing agreement (DPA) for the use of the above-mentioned service.
15. Facebook, Twitter and YouTube
Our website contains social plugins from "Facebook" (Facebook Inc.), "Twitter" (Twitter, Inc.) and "YouTube" (YouTube LLC.). These services are offered by the respective companies ("providers"). As part of our online presence, the social plugins are identified by the respective buttons belonging to the service. The data transmitted to the respective service via the social plugins may allow the service to assign you to your account with them. To increase the protection of your data, the social plugins are integrated using the so-called "2-click solution". This ensures that when you call up a page on our website that contains such social plugins, no automatic connection is initially established with the servers of the respective providers. The activation of the respective social plugin takes place in two stages. To activate a social plugin, you must first click on the link on our website. This activates the social plugin and your browser establishes a connection to the servers of the respective provider. With a second click, you can then interact with the social plugin and, for example, submit your recommendation. If you are already logged in to one of the providers' social networks, the providers can immediately assign your visit to this website to your profile. When you interact with the social plugins by clicking, the corresponding information is also transmitted directly to a server of the providers and stored there. The information may also be published on the social network and displayed there to your contacts. If you wish to prevent such direct assignment of your collected data to your profile, you must log out of your account with the respective provider. Please refer to the data protection notices of the respective service for the scope and purpose of data collection by the respective service and the further processing and use of your data there. a) Facebook: https://www.facebook.com/about/privacy/ b) Twitter: https://twitter.com/privacy?lang=de c) YouTube: https://policies.google.com/privacy?hl=en&gl=de
16. Legal basis
Art. 6 (1) (a) GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, the processing is based on Art. 6 (1) (b) GDPR. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of enquiries about our products or services. If our company is subject to a legal obligation which makes the processing of personal data necessary, such as for the fulfilment of tax obligations, the processing is based on Art. 6 (1) (c) GDPR. In rare cases, the processing of personal data may become necessary to protect the vital interests of the data subject or another natural person (Art. 6 (1) (d) GDPR). If the processing is necessary to safeguard a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest, the processing is based on Art. 6 (1) (f) GDPR.
17. Rights of data subjects
As a data subject of the data processing, you have the following rights in relation to your personal data in accordance with the statutory provisions: right of access, right to rectification or erasure, right to restriction of processing, right to object to processing, right to data portability. You also have the right to lodge a complaint with a data protection supervisory authority about the processing of your personal data by us. If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 (1) sentence 1 (f) GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation. You can object in particular to processing for the purposes of direct advertising. To exercise your right of objection, an email to one of the controllers mentioned above is sufficient. You have the right to lodge a complaint with the supervisory authority responsible for us against the processing of your personal data if you believe that your rights under the GDPR have been violated. Alternatively, you can also contact the data protection authority at your place of residence. Your request will then be forwarded to the authority responsible for us. For questions regarding the processing of your personal data, for information, rectification, blocking, objection or deletion of data or the wish to transfer data to another company, please contact info@clever-PV.com.
18. Storage period
We only store your personal data for as long as permitted by law. The stored personal data will be deleted when the user revokes their consent to storage or when knowledge of this data is no longer necessary for the fulfilment of the purpose pursued with the storage, in particular if their storage is inadmissible for other legal reasons. This does not affect relevant statutory retention periods under the German Commercial Code or the Fiscal Code. During the statutory retention period, your personal data will be blocked and not used for any other data processing.
Last updated: 03.09.2024