Privacy Policy

Introduction
We, Emerce GmbH, Sonnenallee 1, 34266 Niestetal, are the operator of the online offering at www.emerce-shop.com belonging to the party responsible for processing the personal data of the users of the online offering. You can find our contact details in the publication information of the online service and the contact persons for questions concerning the processing of personal data are named directly in this privacy policy.

We take protecting your privacy and private information very seriously. We gather, store and use your personal data only in line with the content of this privacy policy and the applicable data protection provisions, particularly the European General Data Protection Regulation (GDPR) and national data protection provisions.

With this privacy policy, we want to inform you of in which scope and for which purpose personal data is processed in connection with use of the online service.

Personal Data
Personal data is information about an identified or identifiable individual. This includes all information about your identity, such as your name, your e-mail address or your address. In contrast, information that cannot be connected to your identity (e.g. statistical information, such as on the number of online service users) is not considered personal information.

As a rule, our online service can be used without disclosing your identity and without providing personal data. Only general information about your visit to our online site will be collect-ed. However, personal data will be collected from you for some of the services offered. This information will then be processed by us only for the purpose of using this online service, especially for providing the desired information. When collecting personal data, only the data that is mandatory must be provided. Further information can be provided on a voluntary basis. We will indicate whether it is a required field or optional details. We provide specific details on this in the corresponding section of this Data Privacy Policy.

Automated decisionmaking based on your personal data is not applied to the use of our online service.

Processing Personal Information
Unless otherwise stated in this Privacy Policy, we or our hosting providers store your information on specially secured servers within the European Union. These are technical and organizational measures to protect against loss, destruction, access, alteration or dissemination of your data by unauthorized persons. Only a few authorized persons are able to access your data. These individuals are responsible for the technical, commercial and editorial supervision of the server. Despite regular inspections, complete protection against all risks is not possible, however.

Your personal data will be encrypted when transmitted on the internet. For data transmission, we use an SSL encryption (Secure Sockets Layer).

Sharing Personal Data with Third Parties
We generally use your personal information only to carry out the services desired by you. Insofar as we use external service providers to carry out these services, their access to the data will be exclusively for the purpose of this task. Using technical and organizational measures, we ensure compliance with data protection standards and also commit our external service providers to them.

Furthermore, we do not pass on data to third parties without your express permission, especially not for promotional purposes. Your personal data is passed on only if you have consent-ed to it or insofar as we are authorized or obligated to do so due to legal provisions and/or official or judicial instructions. In particular, this may concern giving information for the purpose of criminal prosecution, for hazard prevention or to enforce intellectual property rights.

Legal Basis for Data Processing
Insofar as we obtain consent to process your personal data, Article 6 (1) a) GDPR serves as the legal basis for data processing.
Insofar as your personal data is processed because it is required to fulfil a contract or as part of a contractlike relationship with you, Article 6 (1) b) GDPR serves as the legal basis for data processing.

Insofar as we process your personal data to fulfil a legal obligation, Article 6 (1) c) GDPR serves as the legal basis for data processing.

As a legal basis for data processing, Article 6 (1) f) GDPR is taken into further consideration if the processing of your personal data is required to protect a legitimate interest of our company or a third party and your interests, basic rights and freedoms do not require personal data to be protected.

In line with this Data Privacy Policy, we always indicate on which legal basis we process your personal data.

Deleting Data and Storage Duration
As a rule, we then always delete or block your personal data when the purpose of the storage is eliminated. However, storage may also take place if this is designated by legal provisions to which we are subject, for example in terms of legal storage and documentation obligations. In a case such as this, we delete or block your personal data after the end of the relevant specifications.

Using Our Online Service

Information about Your Device
Each time our online service is accessed, we gather the following information about your de-vice independently of your registration: the IP address of your device, the web browser re-quest and the time of the request. In addition, the status and the data volume transferred will be collected as part of this request. We also collect product and version information about the web browser used and the device’s operating system. Furthermore, we gather from which website the online service was accessed. The IP address of your device is stored only for the time that the online service is used and is deleted afterward or anonymized by abbreviating it. The other data is stored for an unlimited amount of time.

We use this data to operate the online service, particularly to identify and remedy errors in order to determine the utilization of the online service and make adjustments or improvements. As our justifiable interest in data processing in accordance with Article 6 (1) letter f of the GDPR, these purposes are also the legal basis for this processing.

Access to and use of the emerce-shop
An order in our online store (“SHOP”) is not possible until the customer has been activated for the SHOP. Customers are activated at our discretion only after they have requested access to the SHOP (“registration request”). The registration request gathers mostly company-related information, but also personal details such as the name of the contact and the business email address. When we set up access to the SHOP on the basis of the registration request, we create a personal customer account. In doing so, we use the information provided in the registration request as well as the customer’s master data of which we are already aware (such as ad-dress and payment data). After activation, the customer can view and (in some cases after checking with us) change all the information we used to set up the customer account. The customer account is used for the customer’s orders in the SHOP. The legal basis for this processing is the initiation of a contract conclusion at the request of the customer in accordance with Article 6 (1) b) of the GDPR and our legitimate interest in this design of the order process in accordance with Article 6 (1) f) of the GDPR.

We use the personal information (such as name, email address, address, payment data) available in the customer account for the purpose of ordering goods in order to implement and pro-cess the order.  This information is kept confidential and not forwarded to third parties who are not involved in the ordering, delivery, or payment process. The legal basis for this processing is the initiation of a contract conclusion at the request of the customer and the conclusion and performance of a contract with the customer in accordance with Article 6 (1) b) of the GDPR.

The payments by way of credit card payment or other payment methods (including bank transfers, if indicated) are processed by Adyen N.V., Simon Carmiggelstraat 6-50, 1011 DJ Amsterdam, the Netherlands, or by associated companies. In addition to pure payment processing, Adyen also performs a credit check. In order to prevent and uncover fraud, we transmit your IP address and other data relating to your device (e.g., type of device, browser version) to Adyen along with the data required for payment processing and the credit check. Adyen stores your IP address. All data is encrypted for transmission. We reserve the right to engage additional payment service providers.

Using Cookies
Cookies are used on our online service, like with many websites. Cookies are small text files that are stored on your computer and store via your web browser the certain settings and data to share with our online service. A cookie usually contains the name of the domain from which the cookie file was sent and information about the age of the cookie and an alphanumerical identifier.

Cookies enable us to recognize your device and make possible default settings available immediately. Cookies help us to improve the online service and be able to provide you with a better service that is even more tailored to you. In this, we also observe our justifiable interest in data processing in accordance with Article 6 (1) letter f of the GDPR.

The cookies used by us are known as session cookies, which are automatically deleted at the end of the web browser session. We also use cookies that are stored for longer periods, meaning that your default settings and preferences can also be incorporated during your next visit to our online service.

Most web browsers are set up so that you automatically accept cookies. However, you can deactivate cookie storage or set up your web browser so that it notifies you as soon as cookies are sent. It is also possible to delete already stored cookies manually using the web browser settings. Please note that you may be able to use only a restricted version of our online service or not at all, if you reject the storage of cookies or delete the necessary cookies.

Use of Technically Necessary Cookies
Some cookies are necessary for technical reasons to enable the use of our online service. With these cookies, we gather and store the following data:

  • Language settings
  • Search settings
  • Information to identify or authenticate the user
  • Data for smooth forwarding of audio or video content

Cookies enable us to recognize your computer and make possible default settings available. Cookies help us to improve the online service and be able to provide you with a better and more user-friendly service. Using cookies is also required to simplify the use of our online service. Some functions can be provided only by using cookies. This concerns the search function, language settings and similar. From this follows our justifiable interest for the legal basis for processing data by means of cookies in accordance with Article 6 (1) letter f of the GDPR.

Use of Analysis Cookies (Google Analytics)
Furthermore, we use cookies on our website, making it possible to analyze your user behavior, which is known as a cookie analysis. With these cookies, we gather and store the following data:

  • Frequency of page views
  • Search terms
  • Use of website functions
  • Duration of visit

Your data, collected using cookies, is pseudonymized so that it is no longer possible to assign data to a respective user if they have not clearly and actively given their consent.

We use cookie analysis to improve and optimize the quality of our online service and its con-tent and to also review and improve the range and retrievability of our online service. At the same time, these purposes constitute a legitimate interest within the meaning of the legal basis for processing under Article 6 (1), letter f, of the GDPR.

To analyze user behavior for the aforementioned purposes, we use the software called Google Analytics, which itself employs cookies as explained. We use Google Analytics for statistical evaluations. Google Analytics is a web analytics service from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94034, USA (“Google”). Google Analytics uses “cookies,” which are text files saved on your computer to help the website analyze how users use the site. The information generated by these cookies about your use of the website will generally be transmitted to and saved by Google in the United States. In the event that IP anonymization is activated on this website, however, your IP address will be abbreviated in advance by Google within the member states of the European Union or in other countries that are members of the European Economic Area agreement. Only in exceptional cases will the full IP ad-dress be sent to a Google server in the U.S. and abbreviated there. On behalf of the operator of this website, Google will use the information to evaluate your use of the website, to collect reports on the website activities, and to perform other services related to the website use and internet use for the website operator. The IP address sent by your browser for Google Analytics will not be combined with other data owned by Google. You can prevent cookies from being stored on your computer by using the relevant setting in your browser software. How-ever, please note that in this case you may not be able to use all functions of this website. You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by opening the following link and downloading and installing the browser plug-in tools.google.com/dlpage/gaoptout. As an alternative, you can install an opt-out cookie to specifically deactivate Google Analytics using the slider labeled “Analysis” at the bottom of this Privacy Policy.

More information can be found at tools.google.com/dlpage/gaoptout and http://www.google.com/intl/de/analytics/privacyoverview.html (general information on Google Analytics and data protection). Please note that on our websites Google Analytics was expanded by the code “anonymizeIp();” to anonymize IP addresses, in which case the last byte is deleted.

We are of the opinion that due to the protective measures taken (anonymization and the right of withdrawal), data processing to optimize our online service can be considered a legitimate interest in data processing pursuant to Article 6 (1) f) GDPR.

Use of Salesforce Pardot
We use the cloud-based software product “Pardot” (“Pardot”) from Salesforce.com EMEA Lim-ited (“Salesforce”), village 9, floor 26 Salesforce Tower, 110 Bishopsgate, London, UK, EC2N 4AY.

Pardot is marketing automation software that allows us to maintain, assess, and expand our online service and marketing communication and optimize the content on our websites. We also use Pardot in particular for sending our newsletter (see “Newsletter” section). Further-more, to protect users and partners, fraud and security risks can be detected and eliminated, if necessary.

Pardot tracks the activity of all visitors to our website by setting cookies in their browsers. This makes it possible to recognize returning users (or rather their browsers) and track online activity on our website. Here More detail on how Pardot uses cookies can be found here: (https://help.salesforce.com/articleView?id=pardot_basics_cookies.htm&typ e=5).

You can deactivate the storage of cookies in your web browser settings. [You can specifically deactivate Pardot cookies using the slider labeled “Advertising” at the bottom of this Privacy Policy.] However, this may restrict the functions and the user-friendliness of our online service.

When you visit our website, your full IP address and the data stipulated in the “Information about Your Device” section are also transmitted to Salesforce, but not saved.

If you sign up or register for a service on our website, e.g., if you register for the Online Order Center or subscribe to a newsletter, we link (retroactively, as the case may be) the data acquired by the Pardot cookies to your email address and an individual ID, also using the Pardot software product. With the data thus acquired, we create a user profile in order to make you offers tailored to your individual interests and to improve our service. Further information on the use of Pardot in connection with the newsletter is available in the “Newsletter” section.

Salesforce works for us as a processor only and acts exclusively in accordance with our instructions. SMA has concluded the legally required contractual agreements with Salesforce.

The Pardot cloud is located on the computers of Salesforce or its parent company Salesforce.com Inc. in the USA (i.e., outside the European Union (EU) and the European Economic Area (EEA)). Therefore, personal data collected and processed in connection with our use of Pardot is stored and processed by Salesforce or its parent company Salesforce.com Inc. on servers in the USA. Salesforce.com Inc. is certified in accordance with the EU – US- Privacy Shield Framework Certified and has also obtained the TRUSTe Privacy Seal (https://www.trustarc.com/). Salesforce.com Inc. thus offers an additional guarantee to com-ply with European data protection laws.

For more information on data protection at Salesforce, visit https://www.salesforce.com/de/company/privacy/.

In accordance with Article 6 (1) f) of the GDPR, we have a legitimate interest in the transmission to Salesforce in order to enable processing for the above purposes.

Use of Retargeting and Remarketing
Retargeting and remarketing refer to technologies in which users who have visited a certain website are shown applicable advertisements also after leaving this website. For this, it is required that internet users recognize, beyond the company website, for what purpose the cookies of the corresponding service provider are used; the previous usage behavior is also taken into account. For example, if a user views certain products, these or similar products could then be shown later as advertisements on other websites. This concerns personalized advertisements that are adapted to the needs of the individual user. For these personalized advertisements, it is not necessary for the user to be identified beyond initial recognition. The data used for retargeting or remarketing is therefore not combined with further data. We use these kinds of technologies to connect advertisements on the internet. We rely on third-party providers to connect advertisements. We use Google services (Google AdWords Conversion and Google Remarketing).

The conversion tracking by the advertising program “Google AdWords” provides us with information on the success of our advertisements. Google AdWords allows us to track whether users respond to our advertisements placed on other websites by Google or its partners. If a user clicks on such an advertisement and is thus redirected to our website, a cookie is stored on the user’s PC. In addition, Google AdWords can identify which specific advertisement brought a user to our website. According to Google, the cookie normally expires after 30 days. We only receive statistical analyses of this data, which we can use to determine the success of our advertising. We do not receive information that can personally identify users. We have no influence on Google’s use of the data.

In addition, we use the Google Remarketing advertising program in connection with personalized advertising on our website. With this program, you can be shown advertising for us and our products when using other websites after visiting ours. This is enabled by cookies stored in your browser that record internet usage when visiting various websites. For example, Google can identify your previous visit to our website and place relevant advertisements for us. Google states that the data collected in connection with remarketing cannot be linked to your personal data that Google may have stored. In particular, Google claims to practice pseudonymization with regard to remarketing.

For more information about data privacy by Google, see at: http://www.google.com/intl/de/policies/privacy und https://services.google.com/sitestats/de.html. Google is certified in accordance with the regula-tions of the EU-US-Privacy-Shield, https://www.privacyshield.gov/EU-US-Framework. The installation of cookies for Google remarketing and Google AdWords conversion tracking can be prevented by a setting on the respective web browser software by calling up the website https://support.google.com/ads/answer/7395996?hl=de? and changing the corresponding set-ting.

Connecting advertisements is our justifiable interest in data processing pursuant to Article 6 (1) letter f of the GDPR.

Use of YouTube
Our online service includes videos for the forwarding of which we use a plug-in belonging to YouTube (“YouTube”), which is operated by Google. The operator of this service is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, U.S.A. If you call up a website of our online service that includes a video, this creates a connection to YouTube’s servers. This communicates to YouTube’s servers which websites of our online server you have visited.

If you are logged into your YouTube account, you enable YouTube to assign your surfing activity directly to your personal profile. You can prevent this by logging out of your YouTube account. More information on handling user data can be found in Google’s privacy policy at https://policies.google.com/privacy?hl=en&gl=de, which also applies to YouTube.

We use YouTube to show you videos and so communicate more to you about us and our services; at the same time, this is the justifiable interest in terms of Article 6 (1) letter f of the GDPR.

Communicating with Us
Personal data is collected when contact is made with us (by email). This is stored and used exclusively for the purpose of responding to your concern or for making contact and the associated technical administration. The legal basis for the processing of the data is our legitimate interest in responding to your concern in accordance with Article 6 (1) f) of the GDPR. If your contact is aimed at entering into a contract, Article 6 (1) b) of the GDPR is an additional legal basis for the processing.

After your concerns have been addressed, we will store your data temporarily in the event of any other questions. You can request at any time that your data be deleted, otherwise it will be deleted after the matter has been addressed in full. This is without prejudice to legal retention obligations.

Newsletter
Registration for the emerce Newsletter is done via the double opt-in process, which requires a personal reconfirmation via e-mail approval. You can unsubscribe from the newsletter at any time.

When you register for our newsletter, your e-mail address will be used for our own advertising purposes until you unsubscribe. You will receive regular information via e-mail on current topics and e-mails on special occasions, e.g. for special promotions or training offers. These e-mails may be personalized and tailored based on our information about you.

For subscribing to our newsletter, if you have not provided your consent in writing, we use what is known as the double opt-in process, which means that we will only send you a news-letter by e-mail when you have expressly confirmed to us in advance that we should activate newsletter delivery.  We will then send you a notification e-mail and ask you to confirm that you want to receive our newsletter by clicking the link included in the e-mail.

The legal basis for processing your data is your consent in accordance with Article 6 (1) a) GDPR, if you have expressly subscribed to the newsletter. In line with the legal specifications, it may also be possible for you to receive our newsletter from us without express consent be-cause you have ordered goods or services from us, we obtained your e-mail address in this context and you did not object to receiving information by e-mail. In this case, the legal basis is our legitimate interest to communicate direct advertising to you in accordance with Article 6 (1) f) GDPR.

We use the Salesforce Pardot marketing automation tool to send the newsletter (see “Use of Salesforce Pardot” above). Please note that we will analyze your user behavior when we send the newsletter. For the purpose of this analysis, the emails that are sent contain web beacons or tracking pixels. For the analyses, we link the data transmitted via these tracking pixels with your email address and a personalized ID. We use the data thereby obtained to create a user profile so that we can tailor the newsletter to your particular interests. When you read our newsletter, we record which links you click to infer your personal interests. We link this data to actions that you carry out on our website. If you do not want us to do this, you should cancel your subscription. Tracking of this nature will also not be possible if your email application default settings have disabled the display of images. In this case, you will not see the full con-tent of the newsletter and may not be able to use all functions. If you manually display the images, the tracking referred to above will take place. If you have subscribed to our marketing newsletter and we, as described above, analyze your user behavior, we will share the information collected in the process for marketing purposes with the companies named below, which are affiliated with us:

SMA Solar Technology AG, Sonnenallee 1, 34266 Niestetal, Germany
Tel.: +49 561 9522-0 / www.SMA.de / Info@SMA.de

SMA Sunbelt Energy GmbH, Sonnenallee 1, 34266 Niestetal, Germany
Tel.: +49 561 9522-0 / www.SMA.de / Info@SMA.de

coneva GmbH, Dingolfingerstraße 15, 81673 München, Germany
Tel.: +49 561 9522-0 / www.coneva.com / Info@coneva.com

Your information is shared with these companies so we can put together in our newsletter the best possible offers for you – ones that you will find relevant and interesting. The companies named above will not use your personal information to contact you via other marketing channels (for example, phone calls). Emerce GmbH has concluded agreements governing processing on our behalf with these companies. Furthermore, because the data is shared only if you expressly consented to the provisions of this Privacy Policy, and thus to this sharing of your information, during the process of subscribing to the newsletter, processing will be based on Art. 6 (1) letter a of the GDPR. Furthermore, our customers also benefit from our sharing of the collected data with our affiliated companies so they can receive customized information in line with their interests. The data processing is therefore also based on a legitimate interest under Art. 6 (1) letter f of the GDPR. This is especially true since customers can cancel the newsletter at any time.

The information will be stored for as long as you are subscribed to the newsletter. If you unsubscribe, we will store data anonymously and purely for statistical purposes. If you do not want to receive a newsletter from us at all, you can withdraw your given consent at any time with effect for the future or object to further receipt of emails. Just use the unsubscribe link included in every newsletter or send a message to us or our data protection officer.

Social media
In our online service, you can find hyperlinks to the social network Facebook, professional network LinkedIn and short message service Twitter. The hyperlinks can be recognized by the provider’s respective logo.

Clicking on the links will open the corresponding social media pages, for which this privacy policy does not apply. Please check the relevant privacy policies of the individual providers for details on the applicable terms and conditions; these can be found under:

Facebook: www.facebook.com/policy.php

LinkedIn: https://www.linkedin.com/legal/privacy-policy

Twitter: twitter.com/privacy

Before calling up the relevant hyperlinks, your personal information is not transferred to the respective provider. At the same time, your calling up the linked site is the legal basis for data processing by the relevant provider.

Your Rights and Contact
We place strong emphasis on explaining the processing of personal data as transparently as possible and informing you of your rights. If you would like more detailed information or wish to exercise your rights, you can contact us at any time so that we can take care of your concerns.

Data Subject Rights
With regard to processing your personal data, you are entitled to extensive rights. In addition, you have a comprehensive right to information and can demand the correction and/or deletion or blocking of your personal data, if applicable. You can also demand a restriction of processing and have the right of objection. With regard to the personal data you transferred to us, you also have the right to data portability.

If you wish to exercise your rights and/or receive more information about them, please contact our customer service. Alternatively, you can also contact our data protection officer.

Revoking Consent and Objection
Any consent that you have provided can be withdrawn on request at any time with effect for the future. Withdrawing consent will not affect the lawfulness of the processing that was carried out between the time of consent and withdrawal. Both our customer service and our data protection officer are contact persons for this matter.

Insofar as processing your personal data is not based on consent but another legal basis, you can object to this data processing. Once you object, there will be a review and, if necessary, termination of data processing. You will be informed of the results of the review and receive – if the data processing is to continue nevertheless – detailed information from us about why data processing is permitted.

Data Protection Officer and Contact
We have commissioned an external data protection officer who provides us with support in issues relating to data protection and who you can contact directly. Our data protection officer and their team is available for questions related to our handling of personal data or more information on issues relating to data protection:

SMA Solar Technology AG
Data protection officer
Sonnenallee 1
34266 Niestetal

Email: datenschutz@SMA.de

Complaints
If you conclude that the processing of your personal data by us is not in line with this privacy policy or the applicable data protection requirements, you can complain to our data protection officer. The data protection officer will then review the matter and inform you of the result of the review. Furthermore, you also have the right to complain to a supervisory authority.

More Information and Changes

Links to Other Websites
Our online service may contain links to other websites. These hyperlinks are generally labeled as such. We have no influence on to what extent the linked websites comply with the applicable data protection regulations. Therefore, we recommend that you inform yourself of the relevant privacy policies for other websites as well.

Changes to this Privacy Policy
The version of this privacy policy will be indicated by the date information (below). We reserve the right to change this privacy policy at any time with effect for the future. A change occurs particularly with technical adjustments to the online service or changes to issues concerning data protection. The current version of the privacy policy can always be accessed directly via the online service. We recommend that you regularly inform yourself of changes to this privacy policy.

Version of this privacy policy: September 2018

Version 1.0

NewsletterFacebookLinkedIn