Data Protection Declaration

• 1.
  Fundamentals
• 2.
  Name and address of the data controller
• 3.
  Name and address of the data protection officer
• 4.
  Cookies
• 5.
  SSL encryption
• 6.
  Data processing for the purpose of contract processing
• 7.
  Collection of general data and information
• 8.
  Contact possibility via the website
• 9.
  Newsletter mailing
• 10.
  Deletion and blocking of personal data
• 11.
  Data protection for applications and in the application process
• 12.
  Data protection provisions about the application and use of Facebook
• 13.
  Data protection provisions about the application and use of Google Analytics
• 14.
  Data protection provisions about the application and use of Google Web Fonts
• 15.
  Data protection provisions about the application and use of Google+
• 16.
  Data protection provisions about the application and use of Twitter
• 17.
  Data protection provisions about the application and use of XING
• 18.
  Data protection when using Microsoft Office 365 products
• 19.
  Data transfer to third countries
• 20.
  Legal basis for the processing of personal data
• 21.
  Minors
• 22.
  Rights of the person concerned
• 22.1
  Right of confirmation
• 22.2
  Right of information
• 22.3
  Right to correction
• 22.4
  Right to erasure (right to be forgotten)
• 22.5
  Right to restriction of processing
• 22.6
  Right to data portability
• 22.7
  Right to objection
• 22.8
  Right to withdraw data protection consent

TERREPOWER GmbH (hereinafter referred to as TERREPOWER) attaches great importance to data protection.

The TERREPOWER website can be used without providing any personal data.

The processing of personal data is necessary when services are used via our website.

We generally obtain the consent of the data subject if there is no legal basis for such processing.

The processing of personal data (such as the name, address, e-mail address or telephone number of a data subject) is always carried out in accordance with the General Data Protection Regulation and in accordance with the applicable country-specific data protection regulations. By means of this data protection declaration, our company would like to inform the public about the type, scope and purpose of the personal data we process. Furthermore, data subjects are informed of their rights by means of this privacy policy.

TERREPOWER has implemented numerous technical and organizational measures to ensure that personal data is protected as completely as possible. Nevertheless, Internet-based data transmissions can have security gaps, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.

The controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is the:

TERREPOWER GmbHGregor-von-Brück-Ring 114822 Brück DeutschlandTel.: 033844 75 82 0 itGER@terrepower.com

The Internet pages of TERREPOWER use cookies. Cookies are text files that are stored on a computer system.

Numerous websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier for the cookie. It consists of a string of characters that can be used to assign websites and servers to the specific Internet browser through which the cookie was stored. A specific Internet browser can thus be recognized and identified via the unique cookie ID.

Through the use of cookies, TERREPOWER can provide the users of this website with more user-friendly services that would not be possible without the cookie setting.

The data subject can prevent the setting of cookies by our website at any time by means of a corresponding setting of the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be fully usable.

Our website uses SSL encryption. This encryption is used, for example, for inquiries that you send to us via our website. Please make sure that SSL encryption is activated on your side for corresponding activities. The use of encryption is easy to recognize: the display in your browser address bar shows “https://”. Data encrypted via SSL cannot be read by third parties.

TERREPOWER only collects and stores personal data that is necessary for the provision of services and processing of our contractual relationship with you and for payment purposes. These are:

• Your name, date of birth, address, telephone number and e-mail address
• the tariff you have ordered with the respective contract components
• the domain you have ordered
• Your bank details, if you have given us permission to use the direct debit procedure
• Your connection data when placing the order, in particular the IP address used
• Duration of access
• Scope of the data transfer
• Type of teleservice used

We assure you that your above data will only be used by us for the purpose of processing the contract. Your data will only be passed on if this is necessary and required for the execution of the contract and for the provision of our services as well as for payment purposes.

When registering domains, your name, address, e-mail address and, in special cases, your telephone number must be transmitted to the relevant registry. Furthermore, this data is published by the registry in a generally accessible database (whois query). This is necessary for the registration and use of the domain.

The data will only be used for the purposes of advertising, customer advice or market research if you have expressly consented and this is necessary.

The TERREPOWER website collects a range of general data and information each time it is accessed by a data subject or an automated system. This general data and information is stored in the server log files. The (a) browser types and versions used, (b) the operating system used by the accessing system, (c) the website from which an accessing system accesses our website (so-called referrer), (d) the sub-websites which are accessed via an accessing system on our website can be recorded, (e) the date and time of access to the website, (f) an internet protocol address (IP address), (g) the internet service provider of the accessing system and (h) other similar data and information used for security purposes in the event of attacks on our IT systems.

When using this general data and information, TERREPOWER does not draw any conclusions about the data subject. Rather, this information is required to (1) correctly deliver the contents of our website, (2) optimize the contents of our website and the advertising for it, (3) ensure the long-term functionality of our IT systems and the technology of our website, and (4) provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack. Therefore, TERREPOWER analyzes anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

The website of TERREPOWER contains information that enables a quick electronic contact to our enterprise, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts the data controller by email or via a contact form, the personal data transmitted by the data subject will be stored automatically. Such personal data transmitted on a voluntary basis by a data subject to the controller are stored for the purposes of processing or contacting the data subject. This personal data is not passed on to third parties.

If you would like to receive the newsletter offered on the website, we require a valid e-mail address from you as well as your consent that you agree to receive it. Furthermore, we require your consent to verify that you are the owner of the e-mail address provided. If you are not, we require the express consent of the owner to receive the newsletter. The e-mail address and the declaration of consent are stored by us. No other data is collected or stored.

You can revoke your consent to the storage of the data, the e-mail address and its use for sending the newsletter at any time.

The controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage or where provided for by law or regulation.

If the storage purpose no longer applies or if a prescribed storage period expires, the personal data will be blocked or deleted in accordance with the statutory provisions.

The controller collects and processes the personal data of applicants for the purposes of the application process. Processing may also be carried out electronically. This is particularly the case if an applicant submits corresponding application documents to the controller by electronic means. If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents will be deleted three months after notification of the rejection decision, unless deletion conflicts with any other legitimate interests of the controller. Other legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).

Our website links to services of the social network facebook.com, which is operated by Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA. No data is transferred to Facebook when you visit our website, as no Facebook plugins are integrated.

However, clicking on a Facebook link or Facebook button will take you to Facebook, where data will be collected by Facebook. We have no influence on the scope of the data that Facebook collects.

The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as your rights in this regard and setting options to protect your privacy can be found in Facebook's privacy policy.

If you are a Facebook member and do not want Facebook to collect data about you and link it to your membership data stored on Facebook, you must log out of Facebook before clicking on a Facebook link or a Facebook button.

This website uses Google Analytics, a web analysis service of Google Inc (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.

We would like to point out that on this website Google Analytics has been extended by the code “anonymizeIp” in order to ensure an anonymized collection of IP addresses (so-called IP masking). (Source: www.datenschutzbeauftragter-info.de)

Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address), as well as the processing of this data by Google, by downloading and installing the browser plug-in available under the following link (https://tools.google.com/dlpage/gaoptout?hl=de).

You can prevent Google Analytics from collecting your data by clicking on the following link. An opt-out cookie will be set which prevents the future collection of your data when you visit this website: Deactivate Google Analytics

You can find more information on terms of use and data protection at https://www.google.com/analytics/terms/de.html or at https://www.google.de/intl/de/policies/.

A contract for order processing has been concluded with the company "Google Inc.

This site uses so-called web fonts provided by Google for the uniform display of fonts. When you access a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.

For this purpose, the browser you are using must connect to Google's servers. As a result, Google becomes aware that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

If your browser does not support web fonts, a standard font will be used by your computer.

Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://www.google.com/policies/privacy/

Our pages use functions of Google+. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Collecting and sharing information: You can use the Google+ button to publish information worldwide. You and other users receive personalized content from Google and our partners via the Google+ button. Google stores both the information that you have given +1 for a piece of content and information about the page you viewed when you clicked +1. Your +1s can be displayed as references together with your profile name and your photo in Google services, such as in search results or in your Google profile, or in other places on websites and advertisements on the Internet.

Google records information about your +1 activities in order to improve Google services for you and others. To be able to use the Google+ button, you need a globally visible, public Google profile, which must contain at least the name chosen for the profile. This name is used in all Google services. In some cases, this name can also replace another name that you have used when sharing content via your Google account. The identity of your Google profile can be displayed to users who know your e-mail address or have other identifying information about you.

Use of the information collected: In addition to the uses described above, the information you provide will be used in accordance with the applicable Google privacy policy. Google may publish summarized statistics about the +1 activities of users or pass them on to users and partners, such as publishers, advertisers or associated websites.

Functions of the Twitter service are integrated on our pages. These functions are offered by Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the “Re-Tweet” function, the websites you visit are linked to your Twitter account and made known to other users. Data is also transmitted to Twitter in the process. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Twitter. Further information on this can be found in Twitter's privacy policy at https://twitter.com/privacy.

You can change your data protection settings on Twitter in the account settings under https://twitter.com/account/settings.

Our website links to services of the social network of XING SE (“XING”). However, clicking on a XING link or XING button will take you to XING, where data will be collected by XING. We have no influence on the scope of the data that XING collects.

The purpose and scope of the data collection and the further processing and use of the data by XING as well as your rights in this regard and setting options to protect your privacy can be found here https://privacy.xing.com/de/datenschutzerklaerung.

If you are a XING member and do not want XING to collect data about you and link it to your member data stored on XING, you must log out of XING before clicking on a XING link or a Xing button.

If you, as our customer, obtain Microsoft Office 365 products through us and use them in whole or in part as an online or cloud service, your customer data or support data in this regard will be transferred to the USA or another country in which Microsoft or its affiliates or contractual partners have facilities, and will be stored and processed there. Microsoft ensures that the applicable data protection laws and relevant protection standards and levels are complied with. In particular, Microsoft ensures that the transfer of personal data to third countries is subject to the safeguards applicable under EU rules and that the respective data transfers and safeguards are documented.

Following the repeal of the European Commission's Safe Harbor Decision 2000/520/EC by the ECJ in the so-called Schrems ruling (Case C-362/14), the European Commission's decision (2016/1250) of July 12, 2016, the “EU-US Privacy Shield” provides a new legal basis for data transfers to the USA in the form of an adequacy decision.

Microsoft Corporation is listed as an active participant in the EU-U.S. Privacy Shield Framework, which you can view here: https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK&status=Active

Further information on data protection at Office 365 Germany can be found here: https://products.office.com/de-de/office-365-deutschland/german-data-residency

Data is transferred to third countries at:

• the registration of top level domains
• the registration of Microsoft licenses
• and the registration for Acronis backup (account data)

The transfer takes place on the basis of the EU-US Privacy Shield, on the basis of standard data protection clauses or on the basis of Art. 49 GDPR, para. 1b.

If we obtain the consent of the data subject for the processing of personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.

For the processing of personal data necessary to fulfill a contract to which the data subject is a party, Article 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations necessary to implement pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) (d) GDPR serves as the legal basis.

If processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 (1) (f) GDPR serves as the legal basis for processing.

Persons under the age of 18 should not send us any personal data without the consent of their parents or guardians.

Every data subject has the right granted by the European legislator to obtain confirmation from the controller as to whether or not personal data concerning him or her are being processed. If a data subject wishes to exercise this right of confirmation, they may contact our data protection officer or another employee of the controller at any time.

Any person affected by the processing of personal data has the right, granted by the European legislator, to obtain from the controller free information about the personal data concerning him or her stored at any time and a copy of this information. Furthermore, the European legislator has granted the data subject the right to obtain the following information:

• the processing purposes
• the categories of personal data being processed
• the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations
• where possible, the envisaged period for which the personal data will be stored, or, where not possible, the criteria used to determine that period
• the existence of a right to rectification or erasure of personal data concerning them or to restriction of processing by the controller or a right to object to such processing
• the existence of a right of appeal to a supervisory authority
• if the personal data are not collected from the data subject: all available information about the origin of the data
• the existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject

Furthermore, the data subject has the right to information as to whether personal data has been transferred to a third country or to an international organization. Where this is the case, the data subject also has the right to receive information about the appropriate safeguards related to the transfer.

If a data subject wishes to exercise this right to information, he or she may contact our data protection officer or another employee of the controller at any time.

Any person affected by the processing of personal data has the right granted by the European legislator to request the immediate rectification of inaccurate personal data concerning him or her. Furthermore, taking into account the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including by means of providing a supplementary statement.

If a data subject wishes to exercise this right to rectification, he or she may contact our data protection officer or another employee of the controller at any time.

Any person affected by the processing of personal data has the right granted by the European legislator to obtain from the controller the erasure of personal data concerning him or her without undue delay, where one of the following grounds applies and where processing is not necessary:

• The personal data were collected or otherwise processed for purposes for which they are no longer necessary.
• The data subject withdraws his or her consent on which the processing is based according to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR, and there is no other legal ground for the processing.
• The data subject objects to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21 (2) GDPR.
• The personal data was processed unlawfully.
• The erasure of personal data is necessary to fulfil a legal obligation under Union or Member State law to which the controller is subject.
• The personal data were collected in relation to information society services offered in accordance with Art. 8 (1) GDPR.

If one of the above reasons applies, and a data subject wishes to request the erasure of personal data stored by TERREPOWER, they may contact our data protection officer or another employee at any time. TERREPOWER's data protection officer or another employee will ensure that the erasure request is complied with immediately.

If TERREPOWER has made personal data public and our company, as the controller, is obliged to delete the personal data pursuant to Art. 17 (1) GDPR, TERREPOWER shall take appropriate measures, taking into account available technology and implementation costs, to inform other data controllers that process the published personal data that the data subject has requested the deletion of all links to these personal data or of copies or replications of these personal data from these other data controllers, unless processing is required. TERREPOWER's data protection officer or another employee will arrange the necessary measures in individual cases.

Any person affected by the processing of personal data has the right granted by the European legislator to request the controller to restrict processing if one of the following conditions applies:

• The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
• The processing is unlawful, the data subject opposes the erasure of the personal data and requests the restriction of the use of the personal data instead.
• The controller no longer needs the personal data for the purposes of the processing, but the data subject needs them to assert, exercise or defend legal claims.
• The data subject has objected to processing pursuant to Art. 21 (1) GDPR and it has not yet been determined whether the legitimate grounds of the controller outweigh those of the data subject.

If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of personal data stored by TERREPOWER, they may contact our data protection officer or another employee of the controller at any time. TERREPOWER's data protection officer or another employee will arrange for the restriction of processing.

Every data subject shall have the right granted by the European legislator to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format. He or she shall also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, as long as the processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR or on a contract pursuant to point (b) of Article 6(1) of the GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, when exercising his or her right to data portability pursuant to Article 20(1) GDPR, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.

To assert the right to data portability, the data subject may contact the data protection officer appointed by TERREPOWER or another employee at any time.

Any person affected by the processing of personal data has the right granted by the European legislator to object at any time to the processing of personal data concerning him or her which is based on Article 6 (1) (e) or (f) of the GDPR, for reasons related to his or her particular situation.

In the event of an objection, TERREPOWER will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.

If TERREPOWER processes personal data for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data for such advertising purposes. If the data subject objects to TERREPOWER processing for direct marketing purposes, TERREPOWER will no longer process the personal data for these purposes.

To exercise the right to object, the data subject may contact TERREPOWER's Data Protection Officer or another employee directly. Furthermore, in connection with the use of information society services, the data subject is free to exercise his or her right of objection by means of automated procedures using technical specifications, notwithstanding Directive 2002/58/EC.

Any person affected by the processing of personal data has the right granted by the European legislator to withdraw his or her consent to the processing of personal data at any time.

If the data subject wishes to exercise his or her right to withdraw consent, he or she may contact our data protection officer or another employee of the controller at any time.

Version 1.0 from May 25, 2018