HEMA Solar TB GmbH in a new design

HEMA_Logo_Navigation

Privacy Policy

1. General information

Personal data may be processed when you visit this website. Personal data is any information relating to an identified or identifiable natural person. This privacy policy explains which data is collected and processed, for what purpose, and on which legal basis this takes place. It is intended to provide information in a transparent, clear and easily accessible manner. The following information gives a simple overview of what happens to your personal data when you visit this website.

2. Controller and associated parties

a. Data controller

The data controller responsible for data processing on this website is:

HEMA Solar TB GmbH
Melm 1D-96274 Itzgrund
Phone: +49 151 51207524
Email: info@hema–solar.com

b. Website host as data processor

This website is hosted by the external service provider Raidboxes GmbH, Hafenstraße 32, 48153 Münster, Germany. Personal data collected on this website is stored on the host’s servers. This may include, in particular, IP addresses, metadata and communication data, contract data, contact details, names, website access data and other data generated via a website.

Our hosting provider will only process your data to the extent necessary to fulfil its contractual obligations and will follow our instructions regarding this data.

To ensure GDPR-compliant processing, we have concluded a data processing agreement with our hosting provider.

3. Legal basis for processing

If your consent has been requested and granted, data processing is based on Article 6(1)(a) GDPR.

Where data processing is necessary for the performance of a contract or for pre-contractual measures, it is based on Article 6(1)(b) GDPR.

Processing may also be required to comply with a legal obligation (Article 6(1)(c) GDPR).

In all other cases, data processing is permitted where there is a legitimate interest pursuant to Article 6(1)(f) GDPR. The existence of such legitimate interests is explained below for each processing activity.

4. Details of data processing

a. Purpose of data collection

Some data is collected to ensure the proper functioning of the website. This includes technical measures to maintain the security and stability of IT systems. Such data is collected automatically by IT systems when you visit the website, including technical data such as browser type, operating system or time of access.

Additional data is collected via the contact form on the website for the purpose of initiating a contract and processing your enquiry.

b. Data collection on this website

Cookies

Our website uses so-called cookies. Cookies are small text files and do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or permanently (persistent cookies). Session cookies are automatically deleted at the end of your visit. Persistent cookies remain on your device until you delete them or your browser deletes them automatically.

Cookies serve different functions. Technically necessary cookies are essential for the basic functions of the website. Cookies required for electronic communication or to provide certain functions requested by you are stored on the basis of Article 6(1)(b) and (f) GDPR. The website operator has a legitimate interest in storing cookies to ensure technically error-free and optimised provision of its services.

We only use technically necessary cookies.

Server log files

The provider of the website automatically collects and stores information in server log files, which your browser transmits to us automatically. These include:

  • browser type and browser version
  • operating system used
  • referrer URL
  • hostname of the accessing computer
  • time of the server request
  • IP address

This data is not merged with other data sources.

The collection of this data is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of the website.

Contact forms and enquiries by email or telephone

If you contact us via the contact form, email or telephone, your details, including the contact information you provide, will be stored for the purpose of processing your enquiry and in case of follow-up questions or for initiating a contract. This data will not be passed on without your consent.

Processing is based on Article 6(1)(b) GDPR if your enquiry relates to a contract or pre-contractual measures. In all other cases, processing is based on our legitimate interest in handling enquiries efficiently (Article 6(1)(f) GDPR) or on your consent (Article 6(1)(a) GDPR), where applicable.

Embedded content: enquiry form via GREYD.Forms

When using the contact form, the personal data entered is processed for the purpose of handling your enquiry.

Processing is based on Article 6(1)(b) GDPR where the enquiry relates to a contract, alternatively on Article 6(1)(f) GDPR.

Data is transmitted by email to the website operator.

Data is deleted once it is no longer required for processing the enquiry and no legal retention obligations apply.

SSL encryption

For security reasons and to protect the transmission of confidential content, this website uses SSL encryption. You can recognise an encrypted connection by the change in the browser address line from “http://” to “https://” and by the lock symbol in your browser bar.

When SSL encryption is activated, the data you transmit cannot be read by third parties.

c. Data collection through third-party providers (plug-ins)

The following primarily technical or administrative extensions are used on this website:

Borlabs Cookie

This website uses Borlabs Cookie, provided by Borlabs GmbH, Hamburg, Germany.

Borlabs Cookie enables us to obtain, document and manage user consent for cookies and similar technologies in a legally compliant manner. Users can decide individually which categories of data processing they consent to and can manage or withdraw their consent at any time.

Processed data may include consent decisions, technical information (such as pseudonymised IP address, timestamp, browser), consent ID and records of changes or withdrawals.

Processing is based on Article 6(1)(a) GDPR and § 25(1) TDDDG.

GREYD Plugin

This website uses the GREYD Plugin, provided by GREYD GmbH, Munich, Germany.

It enables consent management for cookies and similar technologies and ensures compliance with legal requirements. Data processed includes consent decisions, technical data and consent IDs.

Processing is based on Article 6(1)(a) GDPR and § 25 TDDDG.

GREYD.Forms

This website uses GREYD.Forms to provide forms in a GDPR-compliant manner and process submissions securely.

Processed data may include form inputs (such as name, email, phone), technical data, timestamps and interaction data.

Processing is based on:

  • Article 6(1)(b) GDPR for enquiries and contractual measures
  • Article 6(1)(a) GDPR for consent-based services (e.g. newsletters)
  • Article 6(1)(f) GDPR for security and technical functionality

Data is processed within the EU and not shared beyond what is necessary.

WPCode Lite

This website uses WPCode Lite (WPCode LLC, USA) to manage scripts and integrations.

The plugin allows structured implementation of functionalities without modifying source code. Third-party scripts are only loaded with your consent.

Processing is based on Article 6(1)(f) GDPR for technical operation and Article 6(1)(a) GDPR for non-essential processing.

Where data is transferred to third countries (e.g. USA), this is done based on EU standard contractual clauses where required.

d. Data minimisation (privacy by design)

We ensure that only data necessary for the stated purposes is processed. Default settings are privacy-friendly and non-essential processing requires active consent.

e. Data retention

Personal data is deleted once it is no longer required for its original purpose, unless legal retention obligations apply.

f. Data transfers

Data collected via the website is not shared with third parties except in the cases described above. Any further transfer will be communicated separately.

5. Data subject rights

You may contact us at any time to exercise your rights.

a. Withdrawal of your consent to data processing

Many data processing operations are only possible with your explicit consent. You may withdraw any consent you have already given at any time. An informal notification by email is sufficient. The lawfulness of the data processing carried out until the withdrawal remains unaffected.

b. Right to object to processing

If data processing is based on Article 6(1) sentence 1 lit. f GDPR, you have the right at any time to object to the processing of your personal data on grounds relating to your particular situation.

If you object, we will no longer process your personal data unless this is necessary for the establishment, exercise or defence of legal claims or we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms.

Where data is processed for direct marketing purposes, you also have the right to object to such processing at any time.

c. Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. The right to restriction of processing exists in the following cases:

  • If you contest the accuracy of your personal data stored by us, we usually require time to verify this. For the duration of the verification, you have the right to request restriction of the processing of your personal data.
  • If the processing of your personal data was/is unlawful, you may request restriction of processing instead of erasure.
  • If we no longer need your personal data, but you require it for the establishment, exercise or defence of legal claims, you have the right to request restriction of processing instead of erasure.
  • If you have objected pursuant to Article 21(1) GDPR, a balancing of interests must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to request restriction of the processing of your personal data.

If you have restricted the processing of your personal data, such data may – apart from storage – only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.

d. Right of access, erasure and rectification

Within the framework of the applicable legal provisions, you have the right at any time to obtain information free of charge about your stored personal data, its origin and recipients and the purpose of the data processing and, where applicable, a right to rectification or erasure of this data.

For this purpose, as well as for further questions on the subject of personal data, you may contact us at any time at the address provided in the legal notice.

e. Right to data portability

You have the right to receive data that we process automatically on the basis of your consent or in fulfilment of a contract, in a commonly used, machine-readable format, either for yourself or for transmission to a third party.

If you request the direct transfer of the data to another controller, this will only be done where technically feasible.

f. Right to lodge a complaint with the competent supervisory authority

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or the place of the alleged infringement.

This right exists without prejudice to any other administrative or judicial remedies.

6. Currency and amendments to this privacy policy

We reserve the right to amend this privacy policy in order to reflect changes to our services or changes in the legal situation. Please review the current version when visiting our website.

Back to homepage