Privacy Policy
As of: June 2018
We take the protection of your personal data very seriously. We therefore process your personal data (“data” for short) exclusively on the basis of statutory provisions.
This Data Privacy Policy provides information about the processing of your data in our company and covers extensively the data protection entitlements and rights granted to you within the meaning of the European General Data Protection Regulation (EU-GDPR).
1. Who is responsible for data processing and who can I contact in this regard?
The responsible party is Seasolar GmbH, Kürfürstendamm 194 10707 Berlin Germany, email: info@seasolargroup.com.
The internal Data Protection Officer at Seasolar GmbH can be reached at the above address or by email at info@seasolargroup.com.
Seasolar GmbH has set up a service centre to handle the concerns of data subjects, which can be reached by email at info@seasolargroup.com, by post at Seasolar GmbH, Kürfürstendamm 194 10707 Berlin Germany, or via an online form at www.seasolargroup.com.
2. What type of data is processed and from which sources does this data come?
We process data that we receive from you during our initial business contact and business relationship.
In addition, we duly process data that we receive from credit agencies, creditor protection associations, publicly accessible sources (e.g. company register, register of associations, land register, media), and other companies with which we maintain long-standing business relations.
Personal data includes:
Your master/contact data such as:
– as a private customer: first and last name, address, contact details (email address, telephone number, fax), date of birth, details from proof of identity provided (copy of ID), bank details;
– as a corporate client or supplier: name of legal representative, company, commercial register number, VAT ID number, company number, address, contact details for point of contact (email address, telephone number, fax), bank details.
Furthermore, we also process the following additional personal data:
– information about the nature and content of our business relationship such as contractual data, order data, sales and document data, customer and supplier history, consultation documents, vehicle data,
– information about your financial status (e.g. credit rating data),
– advertising and sales data,
– documentation data (e.g. code of conduct), image data,
– information from your electronic communications with Seasolar Group (e.g. IP address, login data),
– other data that we receive from you as part of our business relationship (e.g. in customer talks),
– data that we generate ourselves from master/contact data and other data, e.g. through customer requirement and customer potential analyses,
– documentation of your declaration of consent for the receipt of e.g. newsletters,
– image data from video monitoring systems,
– photos taken at public events.
3. For which purposes and on what legal basis is the data processed?
We process your data in accordance with the latest provisions contained in the General Data Protection Regulation (GDPR) and the Federal Data Protection Act of 2018 (BDSG 2018):
• to fulfil (pre-)contractual obligations (Art. 6 Sec. 1 letter b of the GDPR):
Your data are processed for the sale and distribution of our goods and services, for procurement and logistics purposes, and for supplier and customer management and analysis. In particular, the data are processed when initiating business contact and when executing contracts with you, for example, in the following cases:
• creation and management of customer accounts or supplier accounts,
• delivery of orders,
• management of customer cards,
• participation in competitions,
• sending of information, e.g. catalogue request.
• to fulfil legal obligations (Art. 6 Sec. 1 letter c of the GDPR):
Your data must be processed in order to fulfil various legal obligations, e.g. from the commercial code or tax code, anti-money laundering legislation, product-specific regulations such as the Ordinance on Hazardous Substances.
• to safeguard legitimate interests (Art. 6 Sec. 1 letter f of the GDPR):
With respect to a balancing of interests, we can process data beyond the actual fulfilment of the contract in order to safeguard legitimate interests of ourselves or of third parties. Data are processed for the safeguarding of legitimate interests in the following cases, for example:
– consultation of and exchange of data with credit agencies and creditor protection associations so as to determine credit rating data and manage a group-wide credit rating database in order to identify financial default risks in common customers;
– advertising or marketing;
– measures to control business processes and develop services and products;
– management of a group-wide customer database to improve customer service;
– measures to protect Seasolar Group locations from conduct that is unlawful or in breach of contract, e.g. access controls, video monitoring;
– in the pursuit of legal prosecution.
• in terms of your consent (Art. 6 Sec. 1 letter a of the GDPR):
If you grant us your consent to the processing of your data, this shall only be done according to the purposes specified in the declaration of consent and to the extent agreed therein. Informed consent can be revoked at any time with future effect, e.g. newsletter subscription. Please contact the service centre of Seasolar Group listed under point 1 in this regard.
4. Processing personal data for promotional purposes.
We also use your personal data in order to communicate with you about your orders, specific products, or marketing campaigns, and to recommend products or services that might be of interest to you.
You can object to the use of your personal data for promotional purposes at any time, either entirely or in certain cases, without any costs arising beyond the basic costs of transmission. Please contact the service centre of Seasolar Group listed under point 1 in this regard.
Product recommendations by email
Seasolar is authorised, under the legal requirements of Section 7 Par. 3 of the Unfair Competition Act (UWG), to use the email address provided to us by you when ordering a product or service for direct marketing of its own similar products or services. You shall receive these product recommendations irrespective of whether you have subscribed to the newsletter.
If you no longer wish to receive product recommendations from us by email, you can object to the use of your email for this purpose at any time, without any costs arising beyond the basic costs of transmission. Please contact the service centre of Seasolar listed under point 1 in this regard. An unsubscription link is of course always included in every email.
Newsletter
We use the so-called double opt-in procedure for sending the newsletter, i.e. we will only send you a newsletter by email if you have expressly confirmed to us beforehand that we should activate the newsletter service. We will then send you an email notification and ask you to confirm that you would like to receive our newsletter by clicking a link contained in this email.
If you no longer wish to receive the newsletter from us, you can object to this at any time, without any costs arising beyond the basic costs of transmission. Notification in written text to the service centre of Seasolar Group listed under point 1 is sufficient here. An unsubscription link is of course included in every newsletter.
5. Processing credit rating information
Data transmission to SCHUFA
Seasolar GmbH transmits personal data collected within the scope of this contractual relationship related to the application for, performance, and termination of this business relationship, as well as data regarding conduct that is in breach of contract or fraudulent, to SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden. The legal basis for this transmission is Article 6 Par. 1 letter b and Article 6 Par. 1 letter f of the General Data Protection Regulation (GDPR). Data may only be transmitted on the basis of Article 6 Par. 1 letter f of the GDPR to the extent necessary for the safeguarding of legitimate interests pursued by Seasolar GmbH or third parties, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, where the protection of personal data is required. Furthermore, the exchange of data with SCHUFA facilitates the fulfilment of statutory obligations to perform an evaluation of the creditworthiness of customers (Section 505a and 506 of the German Civil Code). SCHUFA processes data that it receives and also uses such data for purposes of profile creation (scoring) in order to provide its contractual partners, based in the European Economic Area and Switzerland as well as non-member countries as applicable (to the extent an adequacy decision from the European Commission is available for such countries), with information to be used to evaluate the creditworthiness of natural persons, among other things. Additional information regarding SCHUFA’s activities can be found in the SCHUFA Information Sheet under Art. 14 of the GDPR or online at www.schufa.de/datenschutz.
Data transmission to other credit agencies
For the rest, Seasolar GmbH uses the following credit agencies to collect credit rating information if there is a legitimate interest: Bisnode Deutschland GmbH, Robert-Bosch-Straße 11, 64293 Darmstadt, Coface Central Europe Holding AG, Stubenring 24, A-1010 Vienna, CRIF Bürgel GmbH, Radlkoferstraße 2, 81373 Munich, CRIF GmbH, Diefenbachgasse 35, AT-1150 Vienna , Creditreform, Machtlfinger Straße 13, 81302 Munich EOS Deutschland GmbH, Gottlieb-Daimler-Ring 7-9, 74906 Bad Rappenau.
Managing a group-wide credit rating database
If we, within the scope of legal admissibility, collect credit rating data about you from a credit agency, we shall save this information in a system to which affiliates participating in Seasolar credit management have access. The objective here is to facilitate processing and identify financial default risks in common customers. The credit rating database may only be accessed if there is a legitimate interest on the part of the respective affiliate.
6. Who receives my data?
If we use a service provider to process data on our behalf, we shall still be responsible for protecting your data. All such data processors are contractually obligated to treat your data as confidential and only process it to the extent necessary to provide the service. The data processors commissioned by us shall receive your data provided that they require these data to render their respective service. These include IT service providers, which we require for the operation and security of our IT system, and commercial and directory publishers for our own advertising campaigns.
Your data shall be processed in the Seasolar customer database. The Seasolar customer database helps to increase the quality of existing customer data (clean-up of duplicate entries, moved out/died indicator, correction of addresses) and enrich it with information from public sources. This data is provided to Seasolar affiliates that participate in Seasolar credit management (participating affiliates) and can be used for personalised direct marketing campaigns (e.g. newsletter), targeted online marketing, and personalised online shop presentation.
The Seasolar customer database allows participating affiliates that support the same customers to use information about these customers across the organisation. The aim of this approach is to consistently provide customers with the latest and most relevant information. This processing of customer interests constitutes profiling within the meaning of Art. 4 of the GDPR; automated decision-making does not take place. Customer data is stored separately at the company level, whereby Seasolar Group GmbH acts as a service provider for the various participating affiliates.
If an offer is submitted or a sale takes place via manufacturer portals, data provided by you shall be processed directly in the manufacturer’s portal.
If there is a legal obligation and legal prosecution is pursued, authorities, courts, and external auditors can all become recipients of your data.
On top of this, for the purpose of initiating or fulfilling the contract, insurance companies, banks, credit agencies, and service providers can also become recipients of your data.
7. For how long are my data stored?
We process your data up until the business relationship ends or until the applicable warranty periods, guarantee terms, periods of limitation, and statutory retention periods have lapsed (for example, from the commercial code or tax code); additionally, until any disputes where this data are required as proof have concluded.
Image data are usually deleted after seven days in the case of video monitoring; they are deleted after three days at manned filling stations and after 40 days at unmanned filling stations.
8. Processing of applicant data
If you submit your application to us via the applicant portal, we shall save your personal data in a secure operating environment to protect them from loss or misuse. Your applicant data shall only be made accessible to authorised persons involved in the application process at Seasolar GmbH and its affiliates, e.g. in the event that you might be offered an alternative position. After the application process has concluded (i.e. after you have received confirmation of acceptance or rejection from us), we shall save your data for a maximum of nine months. You can request an earlier deletion of your data, but not before five months have elapsed after the conclusion of the application process, because we need to save your data for this period in order to satisfy the legal requirements pertaining to the proper processing of an application and to be able to answer any questions relating to your application and/or its rejection that might arise. If you wish to have your data deleted after this five-month period has expired, please send an email to info@seasolargroup.com.
9. Communication by email
Please note that sending unencrypted emails is regarded as unsafe because unauthorised parties may gain access to the email’s contents and possibly manipulate it. We therefore recommend that you do not send any sensitive information when communicating with us by email. Please use our applicant portal as an applicant because your application documents can be transferred in a secure manner there. If you do have to send sensitive data by email, please ensure that they are sent with content encryption.
10. What data are collected when visiting this website?
Use of cookies
Our website uses so-called cookies. These are small text files that are stored by the browser on your device. They are harmless. We use cookies to make our offering user-friendly. Some cookies remain stored on your device until you delete them. They allow us to identify your browser the next time you pay a visit. If you do not want this, you can configure your browser in such a way that it informs you of the placement of cookies and allows you to permit them only in individual cases. You may not be able to use all of the functions of our website if you disable cookies.
Data transmission and logging for system-internal and statistical purposes
Your Internet browser automatically transmits data to our web server when accessing our website for technical reasons. Such data include, among other things, the date and time of access, the URL of the referring website, the accessed file, the volume of data sent, the browser type and version, the operating system, and your IP address. These data are saved separately from other data entered by you when using our website. We cannot assign these data to a specific person. These data are analysed only for statistical purposes or as part of a criminal prosecution.
Web analysis
Analysis tools are used on our website to collect general information about visitors’ usage behaviour. Such information includes, for example, pages accessed, length of visit, referring sites, and general information on your computer system, such as operating system, screen resolution, browser used, etc. All data collected are saved with anonymisation and cannot be assigned to you personally. If you wish to revoke your consent to this anonymised collection of your usage behaviour, you can do so by disabling cookies in your browser.
Use of Google Analytics
This website also uses Google Analytics, an Internet analysis service provided by Google. Google Analytics uses so-called cookies (small text files), which are stored on your computer and make it possible to analyse your use of the website.
The information that is generated by the cookies about your use of this home page (including your IP address) is transmitted to a Google server in the USA where it is saved. Google uses this information for the purpose of evaluating your use of the website, compiling reports on website activity, and providing other services relating to website activity and Internet usage for the home page operator. Google may also transfer this information to third parties where required to do so by law, or where such third parties process this data on Google’s behalf. Google will never associate your IP address with any other data held by Google. You can prevent cookies from being installed by adjusting the settings in your browser software accordingly; you should be aware, however, that by doing so you may not be able to make full use of all the functions of this website. By using this home page, you consent to the processing of data collected about you by Google in the manner and for the purposes set out above.
We would like to point out that this website uses Google Analytics exclusively by utilising a deactivation add-on ‘anonymizeIp()’. Your IP address will not be saved in full. Identification of the website visitor is not possible.
By installing the browser add-on to disable Google Analytics (http://tools.google.com/dlpage/gaoptout?hl=en) you can object to its use. You thereby communicate to Google Analytics that no information about the website visit is to be transmitted to Google Analytics.
We will not use tracking tools without your express consent to:
• collect personal data about you;
• transmit such data to third-party providers and marketing platforms; or
• link the data to your personal information (name, address etc.).
Use of Google’s remarketing and AdWords function
We use Google’s remarketing and AdWords function on this website. This technology enables users who have visited our website before to be addressed again by targeted advertising on the pages within the Google Partner Network. For this purpose, Google stores small text files
(so-called cookies) on your computer, which it uses to analyse your visit to the website and subsequently for targeted product recommendations and interest-based advertising. You have the option to disable the use of cookies for advertising purposes. To do this, go to Google’s Ads Preferences Manager or alternatively you can prevent third-party cookies from being used by visiting the Network Advertising Initiative’s opt-out page.
Use of Hotjar
This website uses functions of the web service Hotjar, operated by Hotjar Ltd. Hotjar Ltd. is a European company based in Malta. Hotjar uses cookies. These are small text files which are stored on your computer and make it possible to analyse your use of the website. The analysis is always anonymous; a reference to your person cannot be established. The information generated by the cookie about your use of this website is transmitted to and stored on a Hotjar server located within the European Union. If you do not agree with an anonymous recording of your usage behaviour, you can opt out of Hotjar at any time at: https://www.hotjar.com/opt-out.
Shop evaluation by eKomi
If you have consented to the eKomi shop evaluation in the shopping cart process, your data (first and last name, email address, order number) will be forwarded to our service provider ekomi (eKomi Ltd, Markgrafenstraße 11, 10969 Berlin, Germany). Please also refer to the data privacy policy of ekomi: http://www.ekomi.co.uk/uk/privacy/. Subsequent to your order, you will receive an email from eKomi with a link, which you can use to rate our shop and the item purchased. eKomi has committed itself to the privacy-compliant handling of your transmitted data.
Use of Microsoft Tracking
Our online offerings also use Microsoft Conversion Tracking (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). A cookie is placed on your computer by Microsoft Bing Ads if you have accessed our website via a Microsoft Bing advert. This enables
Microsoft Bing and ourselves to see that someone clicked on an ad, was redirected to our website, and reached a predefined landing page (conversion page). We can only see the total number of users who clicked on a Bing ad and were then redirected to the conversion page. No personal information about the identity of the user is communicated. If you do not wish to participate in the tracking process, you can decline the required cookie setting – for example, via a browser setting that generally disables the automatic setting of cookies. For more information about data privacy and the cookies used with Microsoft Bing, visit the Microsoft website: https://privacy.microsoft.com/en-us/privacystatement.
Use of CRITEO
On our websites, anonymised information about the surfing behaviour of website visitors is collected and stored by a technology of Criteo GmbH for marketing purposes. This data are stored in cookies on the visitor’s computer. Based on an algorithm, Criteo GmbH analyses the anonymously recorded surfing behaviour and can then display targeted product recommendations as personalised advertising banners on other websites (so-called publishers). This data can never be used to personally identify you as a visitor to our websites.
The collected data will only be used to improve the offer. Any other use or disclosure of this information to third parties does not occur. You can object to the completely anonymous analysis of your surfing behaviour on our web pages by clicking here on Criteo’s opt-out page. For more information on the technology used, please refer to the data protection provisions of Criteo GmbH.
Use of social plug-ins
We have included social plug-ins on our site; however, these are disabled by default for privacy reasons. Therefore, when you access our site, no data are transmitted to social media services such as Facebook, Twitter, or Google +, meaning that there is no profiling by third parties.
Deactivated social plug-ins can be recognised by the fact that they are greyed out.
However, you have the option of activating the social plug-ins with one click and thus granting your consent to communication with the respective social network. If you activate the social plug-in, certain data will be transmitted to the respective social network, such as your IP address, information about the browser used and the operating system, the website you are visiting, and the date and time. As part of this communication, data from a server of the social media provider are also downloaded to our website. The respective provider of the social plug-in receives information about which particular websites you visit, regardless of whether you are logged in to the provider of the social media plug-in (e.g. Facebook) or not, or whether you have clicked on the plug-in or not. The provider can also process these data outside the European Union and is also able to create individualised usage profiles. We have no influence over the type, scope, and purpose of the data processing by the provider of the social media service.
An activated social plug-in will be displayed in colour, and data will be transferred to the social media service as described above. You can then use the social plug-in with a second click.
Facebook: At http://developers.facebook.com/plugins, you can receive more information from Facebook about the plug-in and the corresponding social media service. The so-called Facebook data usage guidelines are available at: http://www.facebook.com/about/privacy.
Twitter: At https://twitter.com/logo, you can receive more information from Twitter about the plug-in and the corresponding social media service. Twitter’s data privacy policy is available at: https://twitter.com/privacy.
Google+: At https://support.google.com/plus/answer/6320398?hl=en&rd=2&visit_id=1-636622344038730368-373916493, you can receive more information from Google about the plug-in and the corresponding social media service. Google’s data privacy statement is available at: http://www.google.com/intl/gb/policies/privacy.
Profiling when visiting this website
Profiling based on your click behaviour is performed on our website. This serves to improve your customer experience when you visit our website. For example, if you are mainly interested in products and contents relating to agriculture, you will be redirected to the “Agriculture” landing page the next time you visit the site.
In addition, various specialist articles or offers will be suggested to you based on your surfing behaviour on our website. For example, you will be shown new articles from the “animal feed” section of our start page if you have previously purchased animal feed in our online shop or viewed content relating to pets/animals here in the past.
We use cookies to enable this. If you do not want this, you can configure your browser in such a way that it informs you of the placement of cookies and allows you to permit them only in individual cases. You may not be able to use all of the functions of our website if you disable cookies.
Profiling is also performed as part of our customer relationship management, based on your purchasing behaviour in our subsidiaries and based on customer talks.
In all of these cases, automated decision-making does not take place within the meaning of the GDPR.
11. Are personal data transmitted to non-member states?
In principle, we do not transmit data to non-member states. In individual cases, data are transmitted only as a result of an adequacy decision from the European Commission, standard contractual clauses, appropriate guarantees, or your express consent.
12. What are my data protection rights?
You have the right to information, rectification, erasure, or restriction of the processing of your stored data, the right to object to the processing of your data, the right to data portability, and the right of complaint in accordance with the provisions of Data Protection Law, at any time.
Right to information:
You may demand confirmation from us as to whether and to what extent we process your data.
Right to rectification:
If we process your personal data, and if it is incomplete or incorrect, you may demand, at any time, that we correct or supplement it.
Right to erasure:
You may demand that we delete your personal data if we process it illegally or if such processing disproportionately interferes with your justified interest of protection. Please note that there may be reasons that prevent an immediate deletion, e.g. statutory retention obligations.
Irrespective of your right to erasure, we will delete your data immediately and completely unless such action is prevented by an applicable contractual or legal retention period.
Right to restriction of processing:
You may demand that we limit the processing of your data if
• you dispute the accuracy of the data, that is for such a period of time that we can verify its correctness;
• processing the data is illegal, but you are opposed to its deletion and demand limitation of its use instead;
• we no longer need the data for the intended purpose, but you still need them to assert or defend any claims; or
• you have filed an objection against the processing of the data.
Right to data portability:
You have the right to receive the data, which you have provided to us, in a structured, commonly used, and machine-readable format, and have the right to transmit these data to another responsible party without hindrance from us, provided that:
• we process these data on the basis of a revocable declaration of consent provided by you or to perform a contract concluded between us; and
• the processing is carried out by automated means.
If technically feasible, you have the right to have your data transmitted directly to another responsible party by us.
Right to object:
If we process your data on the basis of legitimate interests, you have the right to object to this processing, on grounds relating to your particular situation, at any time; this also applies to profiling based on these provisions. We shall then no longer process your data unless we can demonstrate compelling, legitimate grounds for its processing, which override your interests, rights, and freedoms or for the establishment, exercise, or defence of legal claims. You have the right to object to the processing of your data for direct marketing purposes at any time, without stating a reason.
Right of complaint:
If you believe that we are processing your data in violation of German or European data protection law, please contact us to clear up any questions. You are of course entitled to file a complaint with the supervisory authority responsible for Seasolar Group GmbH, the Berliner Beauftragter für Datenschutz und Informationsfreiheit.
If you want to assert any of the above-mentioned rights vis-à-vis our company, please contact the service centre of Seasolar Group GmbH listed under point 1. In cases of doubt, we may request additional information to confirm your identity.
13. Am I obligated to provide data?
The processing of your data is required in order to conclude or fulfil the contract that you have entered into with us. If you do not provide us with these data, generally speaking, we cannot conclude the contract or execute the order; similarly, we cannot continue to implement an existing contract and this may result in its termination. However, with regard to data not relevant or not legally required for the fulfilment of the contract, you are not obligated to give your consent to data processing.