Data Protection Declaration

Introduction

We, SMA Solar Technology AG, Sonnenallee 1, 34266 Niestetal, are the operator of the online service belonging to the party responsible for processing the personal data of the users of the online service. You can find our contact details in the publication information of the online service and the contact persons for questions concerning the processing of personal data are named directly in this privacy policy.

We take protecting your privacy and private information very seriously. We gather, store and use your personal data only in line with the content of this privacy policy and the applicable data protection provisions, particularly the European General Data Protection Regulation (GDPR) and national data protection provisions.

With this privacy policy, we want to inform you of in which scope and for which purpose personal data is processed in connection with use of the online service.

You can find out more about the tools and cookies we use on the website and customize your cookie settings by selecting “Cookie Settings”. Please note that depending on your settings, you may not be able to use all the functions of the website.

Personal Data

Personal data is information about an identified or identifiable individual. This includes all information about your identity, such as your name, your e-mail address or your address. In contrast, information that cannot be connected to your identity (e.g. statistical information, such as on the number of online service users) is not considered personal information.

As a rule, our online service can be used without disclosing your identity and without declaring personal data. Only general information about your visit to our online service will then be collected. However, personal data will be collected from you for some of the services offered. This information will then be processed by us only for the purpose of using this online service, especially for providing the desired information. When collecting personal data, it is mandatory that only the data that is imperative is given. Furthermore, more information can be possible, whereby this then concerns optional details. We indicate whether it is a mandatory field or optional details. We provide specific details on this in the corresponding section of this privacy policy.

Automated decision-making based on your personal data does not occur in connection with usage of our online service.

Processing Personal Information

We store your information on specially secured servers within the European Union. These are technical and organizational measures to protect against loss, destruction, access, alteration or dissemination of your data by unauthorized persons. Only a few authorized persons are able to access your data. These individuals are responsible for the technical, commercial and editorial supervision of the server. Despite regular inspections, complete protection against all risks is not possible, however.

Your personal data will be encrypted when sent over the internet. For data transmission, we use an SSL encryption (Secure Sockets Layer).

Sharing Personal Data with Third Parties

We generally use your personal information only to carry out the services desired by you. Insofar as we use external service providers to carry out these services, their access to the data will be exclusively for the purpose of this task. Using technical and organizational measures, we ensure compliance with data protection standards and also commit our external service providers to them.

Furthermore, we do not pass on data to third parties without your express permission, especially not for promotional purposes. Your personal data is passed on only if you have consented to it or insofar as we are authorized or obligated to do so due to legal provisions and/or official or judicial instructions. In particular, this may concern giving information for the purpose of criminal prosecution, for hazard prevention or to enforce intellectual property rights.

Legal Basis for Data Processing

Insofar as we receive consent to process your personal data, Article 6 (1) letter a of the GDPR serves as the legal basis for data processing.

Insofar as your personal data is processed because it is required to fulfil a contract or as part of a contract-like relationship with you, Article 6 (1) letter b of the GDPR serves as the legal basis for data processing.

Insofar as we process your personal data to fulfil a legal obligation, Article 6 (1) letter c of the GDPR serves as the legal basis for data processing.

As a legal basis for data processing, Article 6 (1) letter f of the GDPR is taken into further consideration if the processing of your personal data is required to safeguard a justifiable interest of our company or a third party and your interests, basic rights and freedoms do not require personal data to be protected.

In line with this privacy policy, we always indicate on which legal basis we support the processing of your personal data.

Deleting Data and Storage Duration

As a rule, we then always delete or block your personal data when the purpose of the storage is eliminated. However, storage may also take place if this is designated by legal provisions to which we are subject, for example in terms of legal storage and documentation obligations. In a case such as this, we delete or block your personal data after the end of the relevant specifications.

Using Our Online Service

Information about Your Device

Each time our online service is accessed, we gather the following information about your device independently of your registration: the IP address of your device, the web browser request and the time of the request. In addition, the status and the data volume transferred will be collected as part of this request. We also collect product and version information about the web browser used and the device’s operating system. Furthermore, we gather from which website the online service was accessed. The IP address of your device is stored only for the time that the online service is used and is deleted afterward or anonymized by abbreviating it. The other data is stored for an unlimited amount of time.

We use this data to operate the online service, particularly to identify and remedy errors in order to determine the utilization of the online service and make adjustments or improvements. As our justifiable interest in data processing in accordance with Article 6 (1) letter f of the GDPR, these purposes are also the legal basis for this processing.

Using Cookies

Cookies are used on our online service, like with many websites. Cookies are small text files that are stored on your computer and store via your web browser the certain settings and data to share with our online service. A cookie usually contains the name of the domain from which the cookie file was sent and information about the age of the cookie and an alphanumerical identifier.

Cookies enable us to recognize your device and make possible default settings available immediately. Cookies help us to improve the online service and be able to provide you with a better service that is even more tailored to you. In this, we also observe our justifiable interest in data processing in accordance with Article 6 (1) letter f of the GDPR.

The cookies used by us are known as session cookies, which are automatically deleted at the end of the web browser session. We also use cookies that are stored for longer periods, meaning that your default settings and preferences can also be incorporated during your next visit to our online service.

Most web browsers are set up so that you automatically accept cookies. However, you can deactivate cookie storage or set up your web browser so that it notifies you as soon as cookies are sent. It is also possible to delete already stored cookies manually using the web browser settings. Please note that you may be able to use only a restricted version of our online service or not at all, if you reject the storage of cookies or delete the necessary cookies.

Use of Technically Necessary Cookies

Some cookies are necessary for technical reasons to enable the use of our online service. With these cookies, we gather and store the following data:

  • Language settings
  • Search settings
  • Information to identify or authenticate the user
  • Data for smooth forwarding of audio or video content

Cookies enable us to recognize your computer and make possible default settings available. Cookies help us to improve the online service and be able to provide you with a better and more user-friendly service. Using cookies is also required to simplify the use of our online service. Some functions can be provided only by using cookies. This concerns the search function, language settings and similar. From this follows our justifiable interest for the legal basis for processing data by means of cookies in accordance with Article 6 (1) letter f of the GDPR.

Use of Analysis Cookies (Google Analytics)

Furthermore, we use cookies on our website, making it possible to analyze your user behavior, which is known as a cookie analysis. With these cookies, we gather and store the following data:

  • Frequency of page views
  • Search terms
  • Use of website functions
  • Duration of visit

Your data, collected using cookies, is pseudonymized so that it is no longer possible to assign data to a respective user if they have not clearly and actively given their consent.

We use cookie analysis to improve and optimize the quality of our online service and its content and to also review and improve the range and retrievability of our online service. At the same time, these purposes constitute a legitimate interest within the meaning of the legal basis for processing under Article 6 (1), letter f, of the GDPR.

To analyze user behavior for the aforementioned purposes, we use the software called Google Analytics, which itself employs cookies as explained.

We use Google Analytics for statistical evaluations. Google Analytics is a web analytics service from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94034, USA (“Google”). Google Analytics uses “cookies,” which are text files saved on your computer to help the website analyze how users use the site. The information generated by these cookies about your use of the website will generally be transmitted to and saved by Google in the United States. In the event that IP anonymization is activated on this website, however, your IP address will be abbreviated in advance by Google within the member states of the European Union or in other countries that are members of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the U.S. and abbreviated there. On behalf of the operator of this website, Google will use the information to evaluate your use of the website, to collect reports on the website activities, and to perform other services related to the website use and internet use for the website operator. The IP address sent by your browser for Google Analytics will not be combined with other data owned by Google. You can prevent cookies from being stored on your computer by using the relevant setting in your browser software. However, please note that in this case you may not be able to use all functions of this website fully. You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by opening the following link and downloading and installing the browser plug-in http://tools.google.com/dlpage/gaoptout?hl=en. As an alternative, you can install an opt-out cookie to specifically deactivate Google Analytics using the slider labeled “Analysis” at the bottom of this Privacy Policy.

More information can be found at http://tools.google.com/dlpage/gaoptout?hl=en and http://www.google.com/intl/de/analytics/privacyoverview.html (general information on Google Analytics and data protection). Please note that on our websites Google Analytics was expanded by the code “anonymizeIp();” to anonymize IP addresses, whereby the last byte is deleted.

We are of the opinion that due to the protective measures taken (anonymization and the right of withdrawal), data processing to optimize our online service can be considered a justifiable interest in data processing pursuant to Article 6 (1) letter f of the GDPR.

Use of Advertising Cookies (Salesforce Pardot Services)

SMA Solar Technology AG (SMA) stores only and exclusively the personal data belonging to website users that have registered voluntarily/on their own initiative on our websites in order to receive information on products and services, because they want to subscribe to the SMA Newsletter or download documents. If they have given their consent, they can also receive promotional e-mails that are relevant to their interests.

Some forms on SMA websites are linked to Pardot. Pardot is a marketing automation software by Salesforce.com EMEA Limited (Salesforce), village 9, floor 26 Salesforce Tower, 110 Bishopsgate, London, UK, EC2N 4AY.

Personal data provided voluntarily is initially stored in Pardot to then be processed using the Salesforce CRM system for the purpose of contacting and/or sending you information. Salesforce does not store any IP addresses but uses the individual assignment references “unique visitor ID” and “unique identifier.” Deriving personal information is not possible.

You can learn about how Salesforce processes your information when visiting websites by following this link: (LINK: https://help.salesforce.com/articleView?id=pardot_basics_cookies.htm&type=5).

SMA uses Pardot as a marketing analysis service that makes it possible to maintain, assess and expand the SMA online service and SMA marketing communication and to optimize the content on SMA websites. Furthermore, to protect users and partners, fraud and security risks can be detected and parried, if necessary. Data will be processed in Salesforce on our behalf using cookies.

You can deactivate the storage of cookies in your web browser settings. You can specifically deactivate Pardot cookies using the slider labeled “Advertising” at the bottom of this Privacy Policy.

If you choose this option, it can lead to functions being restricted and to the SMA online service being less user-friendly.

Use of Google Maps

Our online service contains an interface to the Google Maps service. This service is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94034, USA (“Google”).

To enable you to use the functions of Google Maps, we need to store your IP address. That information is generally transmitted to a Google server in the United States and stored there. The provider of this site has no influence on this data transmission.

We use Google Maps to make it easier for you to locate the places named on our website. This constitutes a legitimate interest within the meaning of Art. 6 (1) letter f of the GDPR, which is also the legal basis for our use of Google Maps.

More information on the handling of user data can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=en&gl=de.

Use of Eventbrite

Our our website, we also give users the opportunity to register to attend events. For this purpose, we use the Eventbrite tool, which is operated by Eventbrite, Inc., 155 5th Street, Floor 7, San Francisco, CA 94103, USA (“Eventbrite”). If you register for an event, you will be redirected to Eventbrite’s website. We have no influence on data processing by Eventbrite. Eventbrite, Inc., participates in the EU-U.S. Privacy Shield Framework Programme as set forth by the US Department of Commerce and the European Commission regarding the collection, use, and retention of personal data from European Economic Area member countries. To receive information on what information Eventbrite, Inc., collects, processes, and uses as part of the EU-U.S. Privacy Shield Framework Program and for what purposes, follow this link:

https://www.eventbrite.de/support/articles/de/Troubleshooting/Informationen-zum-EU-US-Datenschutzschild?lg=de.

To allow you to register for an event through Eventbrite, you will need to share the following information with Eventbrite, Inc.:

  • First and last names
  • E-mail address
  • Location
  • Date of birth
  • Ticket type
  • Event ID (which webinar has been booked)
  • Redeemed vouchers

You can find additional information on how Eventbrite, Inc., uses personal information in the Eventbrite privacy policy:

https://www.eventbrite.de/support/articles/de/Troubleshooting/datenschutzrichtlinien-von-eventbrite?lg=de.

As the organizer, we receive from Eventbrite access to the information listed above on the individuals attending an event. We use the information for purposes of preparing for and following up on the event. To enable better planning of events we offer in the future, we use data on attendance at events to analyze how many people sign up for and are present at the events.

Use of YouTube

Our online service includes videos for the forwarding of which we use a plug-in belonging to YouTube (“YouTube”), which is operated by Google. The operator of this service is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, U.S.A. If you call up a website of our online service that includes a video, this creates a connection to YouTube’s servers. This communicates to YouTube’s servers which websites of our online server you have visited.

If you are logged into your YouTube account, you enable YouTube to assign your surfing activity directly to your personal profile. You can prevent this by logging out of your YouTube account. More information on handling user data can be found in Google’s privacy policy at https://policies.google.com/privacy?hl=en&gl=de, which also applies to YouTube.

We use YouTube to show you videos and so communicate more to you about us and our services; at the same time, this is the justifiable interest in terms of Article 6 (1) letter f of the GDPR.

Use of EQS Stock Charts

We incorporate external services of EQS Group AG (EQS Group AG, Karlstrasse 47, 80333 Munich) for visual presentation of our stock chart. If you use a service such as this, or if you are shown third-party content, communication data will be exchanged between you and the respective provider for technical reasons.

Therefore, please refer to the privacy policy of EQS Group AG at https://germany.eqs.com/de/legal for more information on the purpose and scope of collection and processing of your information.

Our use of this program constitutes a legitimate interest in data processing under Art. 6 (1) letter f of the GDPR.

Use of Retargeting and Remarketing

Retargeting and remarketing refer to technologies in which users who have visited a certain website are shown applicable advertisements also after leaving this website. For this, it is required that internet users recognize, beyond the company website, for what purpose the cookies of the corresponding service provider are used; the previous usage behavior is also taken into account. For example, if a user views certain products, these or similar products could then be shown later as advertisements on other websites. This concerns personalized advertisements that are adapted to the needs of the individual user. For these personalized advertisements, it is not necessary for the user to be identified beyond initial recognition. The data used for retargeting or remarketing is therefore not combined with further data.

We use these kinds of technologies to connect advertisements on the internet. We rely on third-party providers to connect advertisements. This includes an offer from Google that enables an automatic display for products that are interesting to the internet user. This function is implemented using cookies. More information on this technology can be found in the Google data protection regulations under https://policies.google.com/privacy?hl=de. The installation of cookies for Google remarketing and Google AdWords conversion tracking can be prevented by a setting on the respective web browser software by calling up the website http://www.google.com/policies/privacy/ads/ and changing the corresponding setting.

Connecting advertisements is our justifiable interest in data processing pursuant to Article 6 (1) letter f of the GDPR.

Communicating with Us

There are a variety of ways to contact us, including via the contact form on our website. In addition, you can stay up-to-date regularly with our newsletter by e-mail.

Contact Form

If you wish to use the contact form on our website, we will collect the personal data that you enter in the contact form, especially your name and e-mail address. We will also store your IP address as well as the date and time of the request. We process the data sent via the contact form only for the purpose of responding to your inquiries or concerns.

You can decide for yourself what information to send us in the contact form. The legal basis for processing your data is your consent in accordance with Article 6 (1) letter a of the GDPR.

After your concerns have been addressed, we will store your data temporarily in case we have any further questions. You can request that your data be deleted at any time; otherwise, it will be deleted after the matter has been addressed in full. This is without prejudice to legal retention obligations.

Newsletter

Registration for the SMA Newsletter is done via the double opt-in process, which requires a personal reconfirmation via e-mail approval. The newsletter can be canceled at any time.

Investor Relations Newsletter

We use the services of EQS Group AG to distribute our investor relations newsletter (hereinafter referred to as the “IR Newsletter”). Distribution on our behalf takes place on the basis of a processing agreement in accordance with Art. 28 (3) sentence 1 of the GDPR. We provide the head of distribution with your information exclusively for the purpose of sending the e-mail.

Subscriptions to our IR Newsletter are performed using a process called double opt-in. That means, after you sign up, you will receive an e-mail asking you to confirm your subscription. This confirmation is necessary so that no one can subscribe using e-mail addresses that do not belong to them. As record is kept of subscriptions to the IR Newsletter so that we can show proof of the subscription process as required by law. This includes storing the times at which the subscription and the confirmation were received as well as the IP address. We also record any changes in your information stored by the head of distribution.

To allow us to process your information, we obtain your consent during the subscription process and refer you to this Privacy Policy (Art. 6 (1) letter a of the GDPR).

Your information is used exclusively for the purpose of mailing the IR Newsletter.

Marketing Newsletter

When you subscribe to our marketing newsletter, your e-mail address will be used for our own advertising purposes until you unsubscribe. You will receive regular information via e-mail on current topics and e-mails on special occasions, e.g. for special promotions or training offers. These e-mails may be personalized and tailored based on our information about you.

When you subscribe to our marketing newsletter, if you have not provided your consent in writing, we use what is known as the double opt-in process, which means that we will only send you a marketing newsletter by e-mail when you have expressly confirmed to us in advance that we should activate marketing newsletter delivery. We will then send you a notification e-mail and ask you to confirm that you want to receive our newsletter by clicking the link included in this e-mail.

The legal basis for processing your data is your consent in accordance with Article 6 (1) letter a of the GDPR if you have expressly subscribed to our marketing newsletter. In line with legal provisions, you may also receive our marketing newsletter from us without your express consent because you have ordered goods or services from us, we obtained your e-mail address in this context, and you did not object to receiving information by e-mail. In this case, the legal basis is our justifiable interest to communicate direct advertising to you in accordance with Article 6 (1) letter f of the GDPR.

We use the Salesforce Pardot marketing automation tool to distribute our marketing newsletter. Pardot is a marketing automation software by Salesforce.com EMEA Limited (Salesforce), Village 9, Floor 26 Salesforce Tower, 110 Bishopsgate, London, UK, EC2N 4AY.

The personal data you share with us when subscribing to our marketing newsletter is also processed in the US for the purposes of mailing the marketing newsletter and for marketing activities. We transmit that information to Salesforce.com EMEA Limited (Salesforce). We also use Salesforce Pardot software for the purposes stated above with regard to customer data. Thus, in cooperation with Salesforce.com, we are better able to customize our communications by evaluating the specific interests of our customers. We believe that communications that specifically address our customers’ interests also benefit the customers. Because Salesforce.com is also a member of Privacy Shield in the US (https://www.privacyshield.gov/participant_search), we are confident that customers’ data is also processed in the US with a similar level of data protection to that provided under German law.

Please note that we will analyze your user behavior when we mail the marketing newsletter. For the purpose of this analysis, the emails that are sent contain web beacons or tracking pixels. For the analyses, we link the data transmitted via these tracking pixels with your e-mail address and a personalized ID. We use the information thus obtained to create a user profile so that we can tailor the marketing newsletter to your particular interests. We record when you read our marketing newsletters and which links you click on in order to infer your personal interests. We link this data to actions that you carry out on our website. If you do not want us to do this, you should cancel your subscription. Tracking of this nature will also not be possible if your e-mail application settings prevent images from being displayed. In this case, you will not see the full content of the newsletter and may not be able to use all its features. If you display the images manually, the tracking referred to above will take place.

If you have subscribed to our marketing newsletter and we, as described above, analyze your user behavior, we will share the information collected in the process for marketing purposes with the companies named below, which are affiliated with us:

SMA Solar Technology AG, Sonnenallee 1, 34266 Niestetal, Germany
Tel.: +49 561 9522-0 / www.SMA.de / Info@SMA.de

SMA Energy Direct GmbH, Sonnenallee 1, 34266 Niestetal, Germany
Tel.: +49 561 9522-0 / www.SMA.de / Info@SMA.de

SMA Sunbelt Energy GmbH, Sonnenallee 1, 34266 Niestetal, Germany
Tel.: +49 561 9522-0 / www.SMA.de / Info@SMA.de

coneva GmbH, Dingolfingerstraße 15, 81673 Munich, Germany
Tel.: +49 561 9522-0 / www.coneva.com / Info@coneva.com

Your information is shared with these companies so we can put together in our newsletter the best possible offers for you – ones that you will find relevant and interesting. The companies named above will not use your personal information to contact you via other marketing channels (for example, phone calls). SMA Solar Technology AG has concluded agreements governing processing on our behalf with these companies. Furthermore, because the data is shared only if you expressly consented to the provisions of this Privacy Policy, and thus to this sharing of your information, during the process of subscribing to the newsletter, processing will be based on Art. 6 (1) letter a of the GDPR. Furthermore, our customers also benefit from our sharing of the collected data with our affiliated companies so they can receive customized information in line with their interests. The data processing is therefore also based on a legitimate interest under Art. 6 (1) letter f of the GDPR. This is especially true since customers can cancel the newsletter at any time. The information will be stored as long as your subscription to the newsletter lasts. If you unsubscribe, we will store data anonymously and purely for statistical purposes.

The information will be stored as long as your subscription to the newsletter lasts. If you unsubscribe, we will store data anonymously and purely for statistical purposes.

If you no longer wish to receive marketing newsletters from us, you can withdraw your given consent at any time with effect for the future or object to the further receipt of e-mails without any additional expenses besides the basic rates of notifying us. Just use the unsubscribe link included in every newsletter or send a message to us or our data protection officer.

Comments

You have the option to comment on our articles in our online service. You need to provide your name but you can also use a pseudonym. In addition, you need to give your e-mail address. Specifying your e-mail address is required so that we can contact you if there are complaints about your comments and we can ask you for a statement on them; we also store the IP address. You cannot post comments without this information. However, when publishing a comment, only the name or pseudonym chosen by you will be shown. The legal basis for processing your data is your consent in accordance with Article 6 (1) letter a of the GDPR.

Social Media

In our online service, you can find hyperlinks to the social network Facebook, professional network LinkedIn and short message service Twitter. The hyperlinks can be recognized by the provider’s respective logo.

Clicking on the links will open the corresponding social media pages, for which this privacy policy does not apply. Please check the relevant privacy policies of the individual providers for details on the applicable terms and conditions; these can be found under:

Facebook: http://www.facebook.com/policy.php

LinkedIn: https://www.linkedin.com/legal/privacy-policy

Twitter: https://twitter.com/en/privacy

Before calling up the relevant hyperlinks, your personal information is not transferred to the respective provider. At the same time, your calling up the linked site is the legal basis for data processing by the relevant provider.

Your Rights and Contact

We place strong emphasis on explaining the processing of personal data as transparently as possible and informing you of your rights. If you would like more detailed information or want to exercise your rights, you can contact us at any time so that we can take care of your issue.

Data Subject Rights

With regard to processing your personal data, you are entitled to extensive rights. In addition, you have a comprehensive right to information and can demand the correction and/or deletion or blocking of your personal data, if applicable. You can also demand a restriction of the processing and have the right to cancel. With regard to the personal data you transferred to us, you also have the right to data portability.

If you want to claim your rights and/or receive more information about them, please contact our customer service. Alternatively, you can also contact our data protection officer.

Revoking Consent and Objection

Provided consent can be freely withdrawn with effect for the future at any time. Revoking consent will not affect the validity of the processing carried out because of the consent until revocation. Both our customer service and our data protection officer are contact persons for this matter.

Insofar as processing your personal data is not based on permission but occurs on the basis of another legal basis, you can object to this data processing. Your objection will lead to a review and, if necessary, the end of the data processing. You will be informed of the results of the review and receive – if the data processing is to continue nevertheless – from us detailed information on why the data processing is permitted.

Data Protection Officer and Contact

We have commissioned an external data protection officer who provides us with support in issues relating to data protection and who you can contact directly. Our data protection officer and their team is available for questions related to our handling of personal data or more information on issues relating to data protection:

SMA Solar Technology AG
Data protection officer
Sonnenallee 1
34266 Niestetal

E-mail: datenschutz@SMA.de

Complaints

If you conclude that the processing of your personal data by us is not in line with this privacy policy or the applicable data protection requirements, you can complain to our data protection officer. The data protection officer will then review the matter and inform you of the result of the review. Furthermore, you also have the right to complain to a supervisory authority.

More Information and Changes

Links to Other Websites

Our online service may contain links to other websites. These hyperlinks are generally labeled as such. We have no influence on to what extent the linked websites comply with the applicable data protection regulations. Therefore, we recommend that you inform yourself of the relevant privacy policies for other websites as well.

Changes to this Privacy Policy

The version of this privacy policy will be indicated by the date information (below). We reserve the right to change this privacy policy at any time with effect for the future. A change occurs particularly with technical adjustments to the online service or changes to issues concerning data protection. The current version of the privacy policy can always be accessed directly via the online service. We recommend that you regularly inform yourself of changes to this privacy policy.

Version of this privacy policy: May 2018

Version 4.0