Privacy
DATA PROTECTION INFORMATION in accordance with Articles 13, 14 and 21 GDPR
1. general information
H-Revolution GmbH i.Gr.hereby informs you about the processing of your personal data (Art. 4 No. 2 GDPR) by H-Revolution GmbH i.Gr. and its general partner, H-Invest GmbH (hereinafter referred to as H-Revolution GmbH i.Gr.) and the claims and rights to which you are entitled under data protection regulations.
Which data is processed in detail and how it is used depends largely on the services requested by you or agreed with you. We take the protection of your personal data very seriously. Your privacy is an important concern for us. We process your personal data in accordance with the applicable statutory data protection requirements for the purposes and under the conditions set out below. Below you will find out how we handle this data. For a better overview, we have divided our data protection information into chapters.
2 Responsible body and contact
H-Revolution GmbH i.Gr. is responsible for the processing of your personal data:
Company: H-Revolution GmbH i.Gr.
Registered office: Rheinstraße 3, 56235 Ransbach-Baumbach
If you have any questions or comments about data protection at H-Revolution GmbH i.Gr. (e.g. regarding information and updating your personal data), you can also contact our data protection officer by email at überdatenschutz@h-revolution.de Kontakt under the keyword "Data protection".
3 Subject matter and duration of the agreement
If necessary, H-Revolution GmbH i.Gr. (hereinafter: contractor) processes and stores your personal data for the duration of the business relationship, which includes, for example, the initiation and conclusion of business.
The contractor processes personal data for the client within the meaning of Art. 4 No. 2 and Art. 28 GDPR on the basis of the concluded service contract. The contractually agreed service is provided exclusively in a member state of the European Union or in a state party to the Agreement on the European Economic Area. Any relocation of the service or parts thereof to a third country requires the prior consent of the client and may only take place if the special requirements of Art. 44 et seq. GDPR are met (e.g. adequacy decision of the Commission, standard data protection clauses, approved codes of conduct).
The contract begins with the signing of the contract and is concluded for an indefinite period. The general terms and conditions of H-Revolution GmbH i.Gr. are handed over to the client and become part of each contract. The contract shall end upon termination of the contract by the contractor. The client must be notified of the end of the contract in writing.
The Client may terminate the contract at any time without notice if the Contractor is in serious breach of data protection regulations or the provisions of this contract, if the Contractor is unable or unwilling to carry out an instruction from the Client or if the Contractor refuses the Client's control rights in breach of the contract. In particular, non-compliance with the obligations agreed in this contract and derived from Art. 28 GDPR constitutes a serious breach.
4 Type and purpose of processing, type of personal data and categories of data subjects
The type and purpose of the processing of personal data by the contractor for the client are specifically described in the concluded service contract. In particular, the processing of the order is covered,
billing of the contractual services, sending cost estimates, offers, invoices and, if applicable, reminders as well as communication with you.
The legal basis for the data processing described above is the processing for the fulfillment and execution of the contract. Without this data processing, we cannot conclude and fulfill the contract.
The following data types/categories are subject to the processing of personal data: Personal master data, communication data (e.g. telephone, e-mail), contract master data (contractual relationship, remuneration agreements), information on contract objects (location etc.), customer history, contract billing and payment data, planning and control data, information data (from third parties, e.g. credit agencies, or from public. directories).
The categories of data subjects affected by the processing include Contractors, clients, authorized representatives, interested parties, insurance companies, suppliers, employees, commercial agents, contact persons, etc.
H-Revolution GmbH i.Gr. reserves the right to carry out a credit check before concluding a contract and to include the results of the credit check in the decision to conclude a contract with the contractor in accordance with the legal requirements. In the event of negative information on creditworthiness characteristics, H-Revolution GmbH i.Gr. may refuse to enter into a contractual relationship with you.
H-Revolution GmbH i.Gr. transmits personal data collected within the scope of this contractual relationship regarding the application, execution and termination of this business relationship as well as data on non-contractual behavior or fraudulent behavior to SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden and or CRIF Bürgel GmbH, Radlkoferstraße 2, 81373 Munich.
The legal basis for these transfers is Article 6(1)(b) and Article 6(1)(f) of the General Data Protection Regulation (GDPR). Transfers on the basis of Article 6(1)(f) GDPR may only take place insofar as this is necessary to safeguard the legitimate interests of H-Revolution GmbH i.Gr. and are not overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data. SCHUFA and CRIF Bürgel process the data received and also use it for the purpose of profiling (scoring) in order to provide its contractual partners in the European Economic Area and Switzerland and, if applicable, other third countries (provided that an adequacy decision of the European Commission exists for these) with information, among other things, to assess the creditworthiness of natural persons.
Further information on SCHUFA's activities can be found in the SCHUFA information sheet in accordance with Art. 14 GDPR or online at the web address www.schufa.de/datenschutz. Further information on the activities of CRIF Bürgel can be found in the CRIF Bürgel information sheet in accordance with Art. 14 GDPR or online at the web address https://www.crifbuergel.de/de/datenschutzeingesehen.
This processing of your aforementioned data is necessary to protect the legitimate interests of H-Revolution GmbH i.Gr. and is justified by a balancing of interests in favor of H-Revolution GmbH i.Gr. is justified. Without disclosure to companies such as SCHUFA or CRIF Bürgel, H-Revolution GmbH i.Gr. cannot check your creditworthiness. H-Revolution GmbH i.Gr. also has a legitimate interest in processing your aforementioned data for the purpose of credit assessment, namely the associated assessment of your creditworthiness prior to the conclusion of the contract and the reduction of the risk of payment defaults for H-Revolution GmbH i.Gr.. Your legitimate interest in not having your above-mentioned data used for this purpose does not outweigh this legitimate interest of H-Revolution GmbH i.Gr., as H-Revolution GmbH i.Gr. uses this data appropriately for the
H-Revolution GmbH i.Gr. uses this data appropriately for the processing purpose described and you can expect such use of your data for credit checks when initiating contractual relationships. In addition, you are equally protected by this processing, as you can be protected from entering into contracts that exceed your capacity.
If other purposes for data use arise in addition to the existing purposes, we will check whether these other purposes are compatible and compatible with the original collection purposes. If this is not the case, H-Revolution GmbH i.Gr. will inform you of such a change of purpose. If there is no other legal basis for the further use of data, H-Revolution GmbH i.Gr. will not use your personal data without your consent.
5 Rights and obligations as well as powers of instruction of the client
The client is solely responsible for assessing the permissibility of the processing in accordance with Art. 6 para. 1 GDPR and for safeguarding the rights of the data subjects in accordance with Art. 12 to 22 GDPR.
Nevertheless, the Contractor is obliged to forward all such requests to the Client without delay, provided that they are recognizably addressed exclusively to the Client.
Changes to the object of processing and procedural changes must be jointly agreed between the Client and the Contractor and set out in writing or in a documented electronic format. As a rule, the Client shall issue all orders, partial orders and instructions in writing or in a documented electronic format. Verbal instructions must be confirmed immediately in writing or in a documented electronic format.
The Client shall be entitled to verify compliance with the technical and organizational measures taken by the Contractor and the obligations set out in this Agreement as set out in No. 5 before the start of processing and then regularly in an appropriate manner. The Client shall inform the Contractor immediately if it discovers errors or irregularities when checking the results of the order. The Client shall be obliged to treat as confidential all knowledge of the Contractor's business secrets and data security measures acquired in the course of the contractual relationship. This obligation shall remain in force even after termination of this contract.
6. persons authorized to issue instructions on behalf of the client, recipients of instructions on behalf of the contractor
The person authorized to issue instructions to the Client is solely the Client and the authorized representatives deposited in the contractual relationship. The recipients of the Contractor's instructions are all of the Contractor's employees entrusted with the processing. Communication channels to be used for instructions: personal conversation, telephone, e-mail, fax and letter post.
If the contact persons are unavailable, the contractual partner must be informed immediately and in principle in writing or electronically of the successors or representatives. The instructions must be kept for their period of validity and subsequently for three full calendar years.
7 Obligations of the contractor
The Contractor shall process personal data exclusively within the framework of the agreements made and in accordance with the instructions of the Client, unless the Contractor is obliged to do so by the law of the Union or the Member States to which the processor is subject (e.g. investigations by law enforcement or state security authorities); in such a case, the processor shall inform the controller of these legal requirements prior to processing, unless the law in question prohibits such notification on grounds of an important public interest (Art. 28 para. 3 sentence 2 lit. a GDPR). The contractor shall not use the personal data provided for processing for any other purposes, in particular not for its own purposes. Copies or duplicates of the personal data will not be made without the
knowledge of the client. In the area of the processing of personal data in accordance with the contract, the Contractor warrants that all agreed measures will be carried out in accordance with the contract. It shall ensure that the data processed for the client is strictly separated from other data stocks. The data carriers that originate from the client or are used for the client shall be specially marked. Incoming and outgoing data and their ongoing use are documented in the file.
The Contractor shall cooperate to the extent necessary in the fulfillment of the rights of the data subjects pursuant to Art. 12 to 22 GDPR by the Client, in the preparation of the records of processing activities and in any necessary data protection impact assessments of the Client and shall provide the Client with appropriate support as far as possible (Art. 28 para. 3 sentence 2lit e and f GDPR).
The Contractor shall inform the Client immediately if, in its opinion, an instruction issued by the Client violates statutory provisions (Art. 28 para. 3 sentence 3 GDPR). The Contractor shall be entitled to suspend the implementation of the corresponding instruction until it is confirmed or amended by the controller at the Client after review. The Contractor shall rectify, erase or restrict the processing of personal data from the contractual relationship if the Client requests this by means of an instruction and this does not conflict with the legitimate interests of the Contractor. The Contractor may only provide information about personal data from the contractual relationship to third parties or the data subject following prior instruction or consent from the Client. The Contractor agrees that the Client - in principle by appointment - is entitled to check compliance with the regulations on data protection and data security, as well as the contractual agreements to the appropriate and necessary extent itself or through third parties commissioned by the Client, in particular by obtaining information and inspecting the stored data and the data processing programs, as well as through on-site checks and inspections (Art. 28 para. 3 sentence 2 lit. h GDPR). The Contractor warrants that it will assist with these checks where necessary.
The processing of data in private residences (teleworking or working from home by employees of the contractor) is only permitted with the consent of the client. If the data is processed in a private home, access to the employee's home for the employer's inspection purposes must be contractually ensured in advance. The measures pursuant to Art. 32 GDPR must also be ensured in this case. The Contractor confirms that it is aware of the relevant data protection provisions of the GDPR for the order processing. It undertakes to also observe the following secrecy protection rules relevant to this order, which are the responsibility of the client (e.g. banking secrecy, telecommunications secrecy, social secrecy, etc.). The Contractor undertakes to maintain confidentiality when processing the Client's personal data in accordance with the order. This obligation shall continue to exist even after termination of the contract. The Contractor warrants that it shall familiarize the employees engaged in the performance of the work with the relevant data protection provisions before they commence their work and shall oblige them to maintain confidentiality in an appropriate manner for the duration of their work and after termination of the employment relationship (Art. 28 para. 3 sentence 2 lit. b and Art. 29 GDPR). The Contractor shall monitor compliance with data protection regulations in its company. Philipp Hörter Email: p.hoerter@h-revolution.com has been appointed as the Contractor's data protection officer.
8. notification obligations of the contractor in the event of disruptions to processing and breaches of personal data protection
The Contractor shall notify the Client without delay of any disruptions, breaches by the Contractor or the persons employed by the Contractor, breaches of data protection provisions or of the stipulations made in the order, as well as any suspicion of data protection breaches or irregularities in the processing of personal data. This also applies in particular with regard to any reporting and notification obligations of the Client pursuant to Art. 33 and Art. 34 GDPR. The Contractor warrants that, if necessary, it will provide the Client with appropriate support in fulfilling its obligations under Art. 33 and 34 GDPR (Art. 28 para. 3 sentence 2 lit. f GDPR). The Contractor may only carry out notifications pursuant to Art. 33 or 34 GDPR for the Client after prior instruction in accordance with Section 4 of this contract.
9. subcontracting relationships with subcontractors (Art. 28 para. 3 sentence 2 lit. d GDPR)
The contractor is only permitted to commission subcontractors to process the client's data with the client's consent, Art. 28 para. 2 GDPR, which must be given via one of the above-mentioned communication channels (Section 4) with the exception of verbal consent. Consent can only be granted if the processor informs the controller of the name and address as well as the intended activity of the subcontractor.
The Processor shall always inform the Controller of any intended change with regard to the involvement of new subcontractors or the replacement of previous subcontractors, giving the Principal the opportunity to object to such changes (& 28 para. 2 sentence2 GDPR).
10. technical and organizational measures pursuant to Art. 32 GDPR (Art. 28 para. 3 sentence 2 lit. c GDPR)
A level of protection appropriate to the risk to the rights and freedoms of natural persons affected by the processing is ensured for the specific order processing. For this purpose, at least the protection goals of confidentiality, availability and integrity of the systems and services, as well as their resilience in relation to the type, scope, circumstances and purpose of the processing, are taken into account in such a way that the risk is permanently contained by appropriate technical and organizational measures.
The Contractor shall carry out a review, assessment and evaluation of the effectiveness of the technical and organizational measures to ensure the security of the processing when appropriate, but at least annually (Art. 32 para. 1 lit. d GDPR). Decisions regarding the organization of data processing and the procedures used that are relevant to security must be coordinated between the contractor and the client. If the measures taken by the Contractor do not meet the Client's requirements, the Contractor shall inform the Client immediately. The measures taken by the Contractor may be adapted to technical and organizational developments during the course of the contractual relationship, but may not exceed the agreed standards. The Contractor must agree significant changes with the Client in documented form (in writing, electronically). Such agreements must be retained for the duration of this contract.
11 Obligations of the contractor after completion of the contract, Art. 28 para. 3 sentence 2 lit. g GDPR
After completion of the contractual work, the contractor must hand over to the client on request all data, documents and processing or usage results created in connection with the contractual relationship that have come into its possession and to subcontractors.
In addition, H-Revolution GmbH i.Gr.. is subject to various retention and documentation obligations, including those arising from the German Commercial Code (HGB). The retention and documentation periods specified there are two to ten years. Finally, the storage period is also determined by the statutory limitation periods, which, for example, according to Sections 195 et seq. of the German Civil Code (BGB), are generally three years, but in certain cases can be up to thirty years. Due to the EEG contracts, which run for up to 20 years from the construction of photovoltaic systems and due to the long lifetimes of photovoltaic systems of up to forty years, deletion or destruction in connection with orders for the installation of photovoltaic systems regularly only takes place forty years after the end of the order. The
deletion must be confirmed to the client on request in writing or in a documented electronic format, stating the date.
12 Liability
Reference is made to Art. 82 GDPR.
13. contractual penalty
If the Contractor violates the provisions of this contract, in particular with regard to compliance with data protection, a contractual penalty of 5% of the net final invoice, up to a maximum of € 100.00, is agreed.
14 Miscellaneous
Agreements on technical and organizational measures, as well as control and audit documents (including those relating to subcontractors) shall be retained by both contracting parties for their period of validity and subsequently for five full calendar years.
Ancillary agreements must always be made in writing or in a documented electronic format.
Should the property or the personal data of the Client to be processed by the Contractor be jeopardized by third-party measures (such as seizure or confiscation), by insolvency or composition proceedings or by other events, the Contractor must inform the Client immediately.
The defense of the right of retention within the meaning of & 273 BGB is excluded with regard to the data processed for the client and the associated data carriers.
Should individual parts of this agreement be invalid, this shall not affect the validity of the remainder of the agreement.
15. information about your right to object in accordance with Art. 21 of the General Data Protection Regulation (GDPR)
1. individual right of objection
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(f) GDPR (data processing on the basis of a balancing of interests); this also applies to profiling based on this provision within the meaning of Article 4(4) GDPR which H-Revolution GmbH i.Gr. uses to assess creditworthiness or for advertising purposes.
If you object, H-Revolution GmbH i.Gr.will no longer process your personal data unless H-Revolution GmbH i.Gr. can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defense of legal claims.
Right to object to the processing of data for direct marketing purposes
If you object to processing for direct marketing purposes, H-Revolution GmbH i.Gr. will no longer process your personal data for these purposes. The objection can be made informally and should preferably be addressed to: H-Revolution GmbH i.Gr., Rheinstraße 3, 56235 Ransbach-Baumbach, or by email to
info@h-revolution.com.
H-Revolution
info@h-revolution.com
