Privacy Policy

Data processing when visiting the website

Thank you for visiting our website. In the following, we would like to inform you about the handling of your data according to Art. 13 of the General Data Protection Regulation (GDPR).

Data Controller

The data controller for the data processing presented below is the:

Solaris SE
Cuvrystraße 53
10997 Berlin

E-mail address: privacy@solarisgroup.com

Contact details of the data protection officer

Our external data protection officer will be happy to provide you with information on the subject of data protection using the following contact details:

datenschutz nord GmbH
Konsul-Smidt-Strasse 88
28217 Bremen

E-mail: office@datenschutz-nord.de

If you contact our data protection officer, please also indicate the data controller named in the imprint.

Usage data

When you visit our web pages, so-called usage data is temporarily evaluated on our web server for statistical purposes as a log in order to improve the quality of our web pages. This data set consists of

  • the name and address of the requested content,
  • the date and time of the query,
  • the amount of data transferred,
  • the access status (content transferred, content not found),
  • the description of the web browser and operating system used,
  • the referral link, which indicates from which page you have reached ours,
  • the IP address of the requesting computer, which is shortened so that a personal reference can no longer be established.

The aforementioned log data is only evaluated anonymously. The legal basis for the processing of usage data is Art. 6 para. 1 p. 1 lit. f GDPR. The processing is carried out in the legitimate interest of providing the content of the website and ensuring a device- and browser-optimized display.

Required cookies

We use cookies on our websites, which are necessary for the use of our websites. Cookies are small text files that are stored on your terminal device and can be read. A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. We do not use these necessary cookies for analysis, tracking or advertising purposes. In some cases, these cookies only contain information about certain settings and are not personally identifiable. They may also be necessary to enable user navigation, security and implementation of the site. The data processed by these cookies are necessary for the aforementioned purposes to protect our legitimate interests pursuant to Art. 6 (1) p. 1 lit. f GDPR in conjunction with Section 25 (2) No. 2 TTDSG to provide a service you requested.

You can set your browser to inform you about the placement of cookies. In addition, you can delete them at any time via the corresponding browser setting and prevent the setting of new cookies. Please note that our websites may then not be fully displayed and some functions may no longer be technically available.

Consent banner

We use the consent management platform (CMP) PIWIK Pro Consent Manager. We use the CMP to obtain and manage a user's consent to data processing. The CMP processes a user's consent status using a Consent ID, time of consent, IP address, and other device-related data for the aforementioned purpose. We use the CMP on the basis of Art. 6 (1) lit. c GDPR in conjunction with Art. 7 GDPR, § 25 (1) TTDSG (fulfillment of a legal obligation to which we are subject as the responsible party).

Cookie Settings/Opt-Out:

Manage your privacy settings:

PRIVACY SETTINGS

Website Analytics

We use web analytics tools for the demand-oriented design of our websites. The data processing is based on your consent according to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, if you have given your consent via our cookie banner. You can revoke your consent at any time with effect for the future. You can make the appropriate settings in our cookie banner by accessing the cookie banner in the footer of our website ("Privacy Settings").

How does the tracking work?

The web analytics tool providers used create usage profiles for us based on pseudonyms. The usage profiles created are used to analyze visitor behavior and are evaluated to improve and tailor our offer. For this purpose, permanent cookies are stored on your terminal device and read by us. In addition, it is possible that we retrieve recognition features for your browser or end device (e.g. with the help of tracking pixels or so-called browser fingerprints). In this way, we are able to recognize returning visitors and count them as such.

Which third-party providers do we use in this context?

Below you will find an overview of the third-party providers with whom we cooperate for analysis purposes. Data processing may also take place outside the EU or EEA. If the data is processed outside the EU or EEA in this context, we provide information on the appropriate level of data protection.

Provider Maximum Storage duration Adequate level of data protection
PIWIK Pro Ltd. Maximum 14 months The data processing takes place within the EU.
Marketing Cloud Account Engagement (formerly Pardot), salesforce.com Inc. Maximum 12 months For transfers to the U.S., an adequate level of data protection is ensured due to the certification of the provider under the adequacy decision (EU-U.S. Data Privacy Framework).
LinkedIn Ireland Unlimited Company Maximum 30 days The data processing takes place within the EU.

Third-party tracking technologies for advertising purposes (remarketing and conversion tracking)

We use cross-device tracking technologies so that you can be shown targeted advertising on other websites based on your visit to our websites and so that we can see how effective our advertising measures have been. The data processing is based on your consent pursuant to Art. 6 (1) lit. a GDPR and § 25 (1) TTDSG, provided that you have given your consent via our cookie banner. You can revoke your consent at any time with effect for the future. You can make the appropriate settings in our cookie banner by accessing the cookie banner in the footer of our website ("Privacy settings").

How does the tracking work?

When you visit our websites, it is possible that the third-party providers mentioned below retrieve recognition features for your browser or terminal device (e.g. a so-called browser fingerprint), evaluate your IP address, store or read recognition features on your terminal device (e.g. cookies) or gain access to individual tracking pixels. The individual features can be used by the third-party providers to recognize your terminal device on other websites. We can commission the corresponding third-party providers to display advertising based on the pages visited on our site.

What does cross-device tracking mean?

If you log in to the third-party provider with your own user data, the respective recognition features of different browsers and end devices can be linked to each other. If, for example, the third-party provider has created a separate feature for the laptop, desktop PC or smartphone or tablet you use, these individual features can be assigned to each other as soon as you use a service of the third-party provider with your login data. In this way, the third-party provider can also target our advertising campaigns across different end devices.

Which third-party providers do we use in this context?

In the following, we name the third-party providers with whom we cooperate for advertising purposes.

Provider Maximum Storage duration Adequate level of data protection
DoubleClick, AdWords Conversion, AdServices (Google Inc.) Maximum 13 months For transfers to the U.S., an adequate level of data protection is ensured due to the certification of the provider under the adequacy decision (EU-U.S. Data Privacy Framework).
LinkedIn Ads (LinkedIn Ireland Unlimited Company) Maximum 6 months The data processing takes place within the EU.
Demandbase Maximum 13 months For transfers to the U.S., an adequate level of data protection is ensured due to the certification of the provider under the adequacy decision (EU-U.S. Data Privacy Framework).
Twitter Advertising (X Corp.) Maximum 18 months For transfers to the U.S., an adequate level of data protection is ensured due to the certification of the provider under the adequacy decision (EU-U.S. Data Privacy Framework).

Contact

When contacting us (e.g. via contact form, email, telephone or via social media) as well as in the context of existing user and business relationships, the information of the inquiring persons is processed insofar as this is necessary to answer the contact inquiries and any requested measures. The response to the contact inquiries as well as the management of contact and inquiry data in the context of contractual or pre-contractual relationships is carried out to fulfill our contractual obligations or to respond to (pre)contractual inquiries pursuant to Art. 6 (1) f) GDPR and otherwise on the basis of legitimate interests pursuant to Art. 6 (1) f) GDPR in responding to the inquiries and maintaining user or business relationships. We use various service providers for this purpose, including providers of CRM solutions and ticketing tools, providers for digital contract signing, providers of cloud solutions for office products.

Social plugins

We enable you to use social plugins. For reasons of data protection, however, we only integrate the social plugins we use in deactivated form. When you call up our websites, no data is therefore transmitted to social media services. However, you have the option of activating and using the social plugins integrated on our websites. For this purpose, we use a solution that results in all data and functions required to display the social plugin being provided by our web server in a first step. Only when you decide to activate the respective social plugin and click on the corresponding preview image or icon, a connection to the servers of the operator of the respective social media service is established by your browser in a second step. When you activate a plugin, the social media service receives in particular your IP address and, among other things, knowledge about your visit to our websites (usage data). This occurs regardless of whether you have an account with the respective social media service. If you are logged in, the data can be directly assigned to your social media profile.

Overall, we have no influence on whether and to what extent the respective social media service processes personal data after activation. However, it is likely that the social media service will create usage profiles from your data and use them for the purpose of personalized advertising. In addition, your data will be used to inform other users of the social media service about your activities on our websites. The embedding is based on your consent, provided that you have given your consent by clicking on the preview image.

If you no longer wish your personal data to be processed by the activated social plugins, you can prevent future processing by no longer clicking on the preview image or icon of the respective social plugin.

Provider Maximum storage time Adequate level of data protection Revocation of consent
Meta (Facebook/­Instagram) Maximum 90 days For transfers to the U.S., an adequate level of data protection is ensured due to the certification of the provider under the adequacy decision (EU-U.S. Data Privacy Framework). Once you have clicked on a preview image, the third-party content is immediately reloaded. If you do not want such reloading on other pages, please do not click the thumbnails anymore.
Twitter/X Maximum 18 months For transfers to the U.S., an adequate level of data protection is ensured due to the certification of the provider under the adequacy decision (EU-U.S. Data Privacy Framework). Once you have clicked on a preview image, the third-party content is immediately reloaded. If you do not want such reloading on other pages, please do not click the thumbnails anymore.
LinkedIn   For transfers to the U.S., an adequate level of data protection is ensured due to the certification of the provider under the adequacy decision (EU-U.S. Data Privacy Framework). Once you have clicked on a preview image, the third-party content is immediately reloaded. If you do not want such reloading on other pages, please do not click the thumbnails anymore.

Embedded videos

On our websites, we embed videos that are not stored on our servers. To ensure that calling up our web pages with embedded videos does not automatically lead to content from the third-party provider being reloaded, we only display locally stored preview images of the videos in a first step. This does not provide the third-party provider with any information.

Only after a click on the preview image, content of the third-party provider will be reloaded. This provides the third-party provider with the information that you have accessed our site as well as the usage data technically required in this context. In addition, the third-party provider is then able to implement tracking technologies. We have no influence on the further data processing by the third-party provider. The embedding is based on your consent, provided that you have given your consent by clicking on the preview image. Please note that the embedding of many videos results in your data being processed outside the EU or EEA (in particular the USA).

Provider Maximum storage time Adequate level of data protection Revocation of consent
Google (Youtube) For transfers to the U.S., an adequate level of data protection is ensured due to the certification of the provider under the adequacy decision (EU-U.S. Data Privacy Framework). Once you have clicked on a preview image, the third-party content is immediately reloaded. If you do not want such reloading on other pages, please do not click the thumbnails anymore.
Vimeo https://vimeo.com/privacy For transfers to the U.S., an adequate level of data protection is ensured due to the certification of the provider under the adequacy decision (EU-U.S. Data Privacy Framework).

Newsletter registration and dispatch

You can subscribe to our newsletter on our websites. Please note that we require certain data (at least your e-mail address) to subscribe to the newsletter. The newsletter will only be sent if you have given us your express consent. Once you have subscribed to our newsletter, you will receive a confirmation e-mail at the e-mail address you provided (so-called double opt-in). You can revoke your consent at any time. You can easily revoke your consent, for example, by clicking on the unsubscribe link in every newsletter.

As part of the newsletter registration process, we store additional data beyond the data already mentioned, insofar as this is necessary for us to be able to prove that you have ordered our newsletter. This may include the storage of the full IP address at the time of the order or the confirmation of the newsletter, as well as a copy of the confirmation email sent by us. The corresponding data processing takes place on the basis of Art. 6 para. 1 p. 1 lit. f GDPR and in the legitimate interest of being able to account for the lawfulness of the newsletter dispatch.

If you give us the corresponding consent, we will include individual tracking pixels in our newsletters, with which we can recognize when the newsletter sent to you was accessed or opened and individualize the links present in the newsletter to be able to evaluate when you clicked on which link. If you wish to revoke your consent, please use the link provided in each newsletter to unsubscribe or adjust your consent.

We use contract processors to help us send the newsletter and manage customer data.

Provider Technical function or content Maximum storage period Adequate level of data protection
Mailjet API document newsletter https://www.mailjet.com/legal/privacy-policy/ The data processing takes place within the EU. https://www.mailjet.com/legal/security-privacy/
Marketing Cloud Account Engagement (formerly Pardot), salesforce.com Inc. Solaris newsletter Maximum 12 months For transfers to the U.S., an adequate level of data protection is ensured due to the certification of the provider under the adequacy decision (EU-U.S. Data Privacy Framework).

Integration of other technical third-party content and functions

We use the technical functions and content of third-party providers mentioned below to present our web pages. A call to our pages leads to the content of the third-party provider being reloaded, which provides these functions and content. Through this, the third-party provider receives the information that you have called up our site as well as the usage data technically required in this context. We have no influence on the further data processing by the third-party provider. The data processing is based on your consent, provided that you have previously given your consent via our banner solution. Please note that the use of third-party content and functions may result in your data being processed outside the EU or EEA (in particular in the USA).

Provider Technical function or content Maximum storage period Adequate level of data protection
Apple CDN Content Delivery Network Maximum 1 month For transfers to the U.S., an adequate level of data protection is ensured due to the certification of the provider under the adequacy decision (EU-U.S. Data Privacy Framework).
Google Google Fonts Maximum 18 months For transfers to the U.S., an adequate level of data protection is ensured due to the certification of the provider under the adequacy decision (EU-U.S. Data Privacy Framework).
Rss.com Podcast hosting platform No maximum storage duration https://rss.com/privacy-policy/
PIWIK Piwik Tag Manager Maximum 14 months The data processing takes place within the EU.
Zendesk Help centre Maximum 3 months

https://support.zendesk.com/hc/en-us/articles/4408883628954-Zendesk-Service-Data-Deletion-Policy
For transfers to the U.S., an adequate level of data protection is ensured due to the certification of the provider under the adequacy decision (EU-U.S. Data Privacy Framework).

Storage duration

Unless we have already informed you in detail about the storage period, we delete personal data when they are no longer required for the aforementioned processing purposes and no legitimate interests or other (legal) retention reasons prevent deletion.

Your rights as a data subject

When processing your personal data, the GDPR grants you certain rights as a data subject:

Right of access (Art. 15 GDPR)

You have the right to request confirmation as to whether personal data concerning you is being processed; if this is the case, you have a right to information about this personal data and to the information listed in detail in Article 15 of the GDPR.

Right to rectification (Art. 16 GDPR)

You have the right to request the correction of inaccurate personal data concerning you and, if necessary, the completion of incomplete data without delay.

Right to erasure (Art. 17 GDPR)

You have the right to request that personal data concerning you be deleted without undue delay, provided that one of the reasons listed in detail in Art. 17 GDPR applies.

Right to restriction of processing (Art. 18 GDPR)

You have the right to request the restriction of processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if you have objected to the processing, for the duration of the review by the controller.

Right to data portability (Art. 20 GDPR)

In certain cases, which are listed in detail in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, common and machine-readable format or to request the transfer of this data to a third party.

Right of withdrawal (Art. 7 GDPR)

If the processing of data is based on your consent, you are entitled to revoke your consent to the use of your personal data at any time in accordance with Art. 7 (3) GDPR. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected.

Right of objection (Art. 21 GDPR)

If data is collected on the basis of Art. 6 (1) p. 1 lit. f GDPR (data processing for legitimate interests) or on the basis of Art. 6 (1) p. 1 lit. e GDPR (data processing for the protection of public interest or in the exercise of official authority), you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you are of the opinion that the processing of data concerning you violates data protection provisions. The right of complaint may be asserted in particular before a supervisory authority in the Member State of your habitual residence, your place of work or the place of the alleged infringement.

Assertion of your rights

Unless otherwise described above, please contact the data controller mentioned in the imprint to assert your data protection rights.

Start building your own banking service