PRIVACY POLICY

1. **General Information and Data Processing Principles**
We are pleased that you are visiting our website. Protecting your privacy and personal data, known as personally identifiable information, when using our website is very important to us.

According to Article 4 No. 1 of the GDPR, personal data includes all information related to an identified or identifiable natural person. This includes, for example, your first and last name, address, phone number, email address, and IP address.
Information that cannot be associated with your identity, such as through anonymization, is not considered personal data. The processing of personal data (e.g., collection, storage, reading, querying, use, transmission, deletion, or destruction) as per Article 4 No. 2 of the GDPR always requires a legal basis or your consent. Processed personal data must be deleted once the purpose of processing is achieved and there are no legally required retention periods.
This policy outlines how we handle your personal data when you visit our website. To provide the functionalities and services of our website, we need to collect personal data about you.
We also explain the type and scope of data processing, the purpose, the corresponding legal basis, and the storage duration for each case.

This privacy policy applies only to this website. It does not apply to other websites that we merely refer to via a hyperlink. We cannot be responsible for the confidential handling of your personal data on these third-party websites as we have no influence over whether these companies comply with data protection regulations. Please refer directly to these websites for information on how they handle your personal data.

2. **Responsible Entity**
The entity responsible for processing personal data on this website is (see Impressum): Klimazentral GmbH, represented by the authorized managing director Ivan Kertikov, Am Kuckhofer Feld 8, 41470 Neuss, and info@klimazentral.de

3. **Provision and Use of the Website/Server Log Files**
a) **Type and Scope of Data Processing**
When you use this website without otherwise transmitting data to us (e.g., through registration or use of the contact form), we collect technically necessary data through server log files, which are automatically transmitted to our server, including:
– IP address
– Date and time of the request
– Name and URL of the accessed file
– Website from which access is made (referrer URL)
– Access status/HTTP status code
– Browser type
– Language and version of the browser software
– Operating system

b) **Purpose and Legal Basis**
This processing is technically necessary to display our website to you. We also use the data to ensure the security and stability of our website. The legal basis for this processing is Article 6(1)(f) of the GDPR. The processing of the mentioned data is necessary to provide a website and thus serves to protect the legitimate interests of our company.

c) **Storage Duration**
As soon as the aforementioned personal data is no longer necessary for displaying the website, it will be deleted. The collection of data to provide the website and the storage of data in log files are essential for the operation of the website. Therefore, there is no possibility of objection from the user regarding this aspect. Further storage may occur in individual cases if required by law.

4. **Use of Cookies**
a) **Type, Scope, and Purpose of Data Processing**
We use cookies. Cookies are small files sent to your device’s browser and stored there during your visit to our website. Some features of our website cannot be offered without using technically necessary cookies. Other cookies allow us to perform various analyses. For instance, some cookies can recognize the browser you use on a return visit to our website and transmit different information to us. We use cookies to make the use of our website easier and more effective, allowing us to track your usage and identify your preferences (e.g., country and language settings). If third parties process information through cookies, they collect it directly via your browser. Cookies do not damage your device; they cannot execute programs or contain viruses. Different types of cookies used on our website and their functions are explained below.

Temporary Cookies/Session Cookies
Our website uses temporary or session cookies, which are automatically deleted when you close your browser. These cookies allow us to track your session ID, making it possible to recognize your device during future visits.

Permanent Cookies
Our website also uses permanent cookies, which are stored in your browser for an extended period and can transmit information. The storage duration varies depending on the cookie. You can delete permanent cookies yourself via your browser settings.

Third-Party Cookies
We use analytical cookies to monitor anonymous user behavior on our website. Additionally, we use advertising cookies to track user behavior for advertising and targeted marketing purposes. Social media cookies allow you to connect to your social networks and share content from our website within your networks.

Browser Configuration
Most web browsers are set to accept cookies automatically. You can configure your browser to accept only certain cookies or no cookies at all. However, this may limit the functionality of our website. You can also delete cookies already stored in your browser and set your browser to notify you before cookies are saved. As browser functions can vary, please use your browser’s help menu for specific configuration options. Disabling cookies may require the storage of a permanent cookie on your computer. If you delete this cookie, you will need to disable cookies again.

b) **Legal Basis**
The legal basis for processing personal data using cookies is Article 6(1)(f) of the GDPR. If you have given your consent to the use of cookies based on a notice („cookie banner“) on our website, the legal basis is also Article 6(1)(a) of the GDPR.

c) **Storage Duration**
Data transmitted via cookies will be deleted as soon as they are no longer required for the purposes mentioned above. Further storage may occur in individual cases if required by law.

5. **Data Collection for Pre-Contractual Measures and Contract Fulfillment**
a) **Type and Scope of Data Processing**
In the pre-contractual area and upon contract conclusion, we collect personal data about you, such as first and last name, address, email address, phone number, or bank details.

b) **Purpose and Legal Basis of Data Processing**
We collect and process this data solely to fulfill the contract or pre-contractual obligations. The legal basis is Article 6(1)(b) of the GDPR. If you have given consent, an additional legal basis is Article 6(1)(a) of the GDPR.

c) **Storage Duration**
The data will be deleted as soon as it is no longer necessary for processing purposes. Legal retention obligations may apply, such as those under the Commercial Code (HGB) or the Fiscal Code (AO). If such retention obligations exist, we will block or delete your data at the end of these periods.

6. **Order Form**
Our website features an order form for electronic pre-orders.
a) **Type and Scope of Data Processing**
We collect the following data:
– First and last name
– Phone number
– Email address
– Account details
– Product name

b) **Purpose and Legal Basis**
The purpose of data processing is to properly process your order. The legal basis is Article 6(1)(b) of the GDPR. Data processing serves to fulfill a contract or carry out pre-contractual measures upon your request.

c) **Storage Duration**
The data will be deleted as soon as it is no longer needed for processing purposes. Legal retention obligations may apply, such as those under the Commercial Code (HGB) or the Fiscal Code (AO). If such obligations exist, we will block or delete your data at the end of these periods.

7. **Registration**
a) **Type and Scope of Data Processing**
You can register on our website. When you register, we collect and store the data you enter in the input mask (e.g., last name, first name, email address). No data will be shared with third parties.

b) **Purpose and Legal Basis of Data Processing**
Your registration is necessary for using certain content and services on our website or for fulfilling a contract or carrying out pre-contractual measures. You can modify or delete the personal data provided during registration at any time.
The legal basis for processing is Article 6(1)(a) of the GDPR. If your registration prepares for a contract conclusion, Article 6(1)(b) of the GDPR serves as an additional legal basis.

c) **Storage Duration**
The data collected during registration is stored as long as you are registered on our website and then deleted. Legal retention periods remain unaffected. Registered personal data will also be deleted upon your request.

8. **Data Transmission**
We share your personal data with third parties only if:
a) You have given your explicit consent according to Article 6(1)(a) of the GDPR.

b) It is legally permissible and necessary to fulfill a contractual relationship with you or to carry out pre-contractual measures according to Article 6(1)(b) of the GDPR.

c) A legal obligation exists for the transmission according to Article 6(1)(c) of the GDPR. For example, we are legally required to transmit data to government authorities such as tax authorities, social insurance carriers, health insurance companies, regulatory authorities, and law enforcement agencies.

d) The transmission is necessary to protect legitimate interests of the company, as well as to assert, exercise, or defend legal claims, and there is no reason to believe that you have a predominant interest worthy of protection in not having your data disclosed according to Article 6(1)(f) of the GDPR.

e) We use external service providers as processors according to Article 28 of the GDPR. These service providers are obligated to handle your data carefully.

We use such service providers in the following areas:
– IT
– Logistics
– Telecommunications

When transmitting to external entities in third countries, i.e., outside the EU or EEA, we ensure that these entities handle your

personal data with the same care as within the EU or EEA. We only transmit personal data to third countries where the EU Commission has confirmed an adequate level of protection or when we ensure careful handling of personal data through contractual agreements or other appropriate guarantees.

9. **Job Applications**

a) **Type and Scope of Data Processing**
You can apply via our website or email. When you apply, we collect and store the data you enter in the input mask or send to us via email.

b) **Purpose and Legal Basis**
We process your data solely to handle your application. No data will be shared with third parties. The legal basis for processing is Article 88(1) of the GDPR in conjunction with § 26 BDSG and additionally Article 6(1)(b) of the GDPR. If you consent to being added to our applicant pool, the legal basis is Article 6(1)(a) of the GDPR.

c) **Storage Duration**
If we cannot offer you a position, we will store your data for up to six months after the application process ends, considering § 61b(1) ArbGG in conjunction with § 15 AGG. The period begins upon receipt of the rejection letter.

If you consent to being added to our applicant pool, we will store your data for a maximum of two years.

d) **Data Disclosure**
Only the departments involved in the decision process (e.g., HR or relevant department heads, management, works council) will receive your data. We are also required to transmit your data to public authorities and institutions (e.g., prosecutor’s office, police, regulatory authorities, tax office, social insurance carriers).

Additional data recipients may be those for whom you have given us consent to transfer your data.

10. **Comment Function**

a) **Type and Scope of Data Processing**
You can comment on posts on our website. When you comment, we collect and store the data you enter in the input mask. Besides the comments you leave, we store and publish the time of comment entry and, if provided, the username you chose (pseudonym). Additionally, the IP address assigned by your Internet Service Provider (ISP) is stored. No data will be shared with third parties.

b) **Purpose and Legal Basis**
The data you submit (e.g., IP address) is collected for security reasons and in case the person concerned violates the rights of third parties or posts illegal content through a comment.
No data will be shared with third parties unless required by law or necessary for legal defense of the responsible entity.

The legal basis for processing personal data when using the comment function is your consent according to Article 6(1)(a) of the GDPR. You can withdraw your consent at any time. The legality of the data processing carried out up to the withdrawal remains unaffected.
Another legal basis is Article 6(1)(f) of the GDPR.
We have a legitimate interest in processing if third-party rights are violated or illegal content is posted. This serves security purposes in case someone writes illegal content in comments and posts (insults, prohibited political propaganda, etc.).

c) **Storage Duration**
Comments and associated data (e.g., IP address) are stored and remain on our website until the commented content is completely deleted or the comments must be deleted for legal reasons.

11. **Contact Form**
a) **Type and Scope of Data Processing**
Our website offers a contact form for you to reach out to us. When submitting your inquiry through the contact form, reference to this privacy policy will be made to obtain your consent.

If you use the contact form, the following personal data will be processed:
– Salutation
– First name
– Last name
– Title
– Company
– Industry
– Function
– Street
– Street number
– Postal code
– City
– Country
– Email address
– Phone number
– Subject
– Content of the message

b) **Purpose and Legal Basis**
Your email address is used to respond to your inquiry. No personal data will be shared with third parties when using the contact form.
The legal basis for processing is your consent according to Article 6(1)(a) of the GDPR, given voluntarily and revocable at any time for the future.

c) **Storage Duration**
Data entered in the contact form will be retained until you request deletion, withdraw your consent for storage, or the purpose for data storage no longer applies (e.g., after completing your inquiry). Mandatory statutory provisions—especially retention periods under the Commercial Code (HGB) or Fiscal Code (AO)—remain unaffected.

12. **Contact via Email**
Our website offers a contact option via email.
a) **Type and Scope of Data Processing**
You can contact us via email. We only collect the email address of the account used to contact us and any personal data you provide during the contact process.

b) **Purpose and Legal Basis**
The purpose of data processing is to respond appropriately to your inquiry. The legal basis is Article 6(1)(f) of the GDPR. There is a legitimate interest in processing the above-mentioned personal data to handle your inquiry appropriately.

c) **Storage Duration**
The storage duration of the above-mentioned data depends on the background of your contact. Personal data will be regularly deleted if the purpose of the communication has been achieved and storage is no longer necessary, such as after handling your inquiry.

13. **Newsletter**

a) **Type and Scope of Data Processing**

Our website offers the option to subscribe to a free regular email newsletter. To send you the newsletter regularly, we need your email address.

We use the double opt-in procedure for newsletter subscriptions.

This means we will only send you an email newsletter if you expressly confirm that you consent to receiving the newsletter. We will then send you a confirmation email asking you to click a link to confirm that you wish to receive newsletters from us in the future.

This ensures that only you, as the owner of the provided email address, can subscribe to the newsletter. Your confirmation must be given promptly after receiving the confirmation email, otherwise, your newsletter registration will be automatically deleted from our database.
When you subscribe to the newsletter, we collect and store the data you enter in the input mask (e.g., last name, first name, email address).
When registering for the newsletter, we also store your IP address and the date and time of registration to trace any potential misuse of your email address at a later time. We also store the date and time of your click on the confirmation link and the IP address provided by the Internet Service Provider (ISP) at the time of the double opt-in confirmation email.

b) **Purpose and Legal Basis**

The data collected during newsletter registration is used exclusively for promotional purposes through the newsletter.
The legal basis for processing your personal data for newsletter distribution is your voluntary consent according to Article 6(1)(a) of the GDPR and § 7(2) No. 3 UWG.

c) **Storage Duration**
Your email address will be stored as long as you are subscribed to the newsletter. After unsubscribing from the newsletter, your email address will be deleted unless you have expressly consented to further use of your data.

14. **Tracking and Analysis Tools**

An exact overview of the web analysis and social media tools we use can be found here.

15. **Data Security and Safeguards**
We are committed to protecting your privacy and handling your personal data confidentially. We implement extensive technical and organizational security measures, which are regularly reviewed and updated to keep pace with technological progress.
This includes using recognized encryption procedures (SSL or TLS). However, data disclosed without encryption, such as when communicated via unencrypted email, can be read by third parties. We have no influence over this. It is the user’s responsibility to protect the data they provide through encryption or other means against misuse.

16. **Changes to the Privacy Policy**
We reserve the right to update this policy as needed at any time.

17. **Your Rights**
Here you will find your rights concerning your personal data. Details can be found in Articles 7, 15-22, and 77 of the GDPR. You can contact the responsible entity (Section 2) regarding these rights.

**Right to Withdraw Consent** under Article 7(3) Sentence 1 of the GDPR
You can withdraw your consent to the processing of your personal data at any time with future effect. The lawfulness of the processing carried out based on the consent until withdrawal remains unaffected.

a) **Right of Access** under Article 15 of the GDPR
You have the right to request confirmation of whether we process personal data concerning you. If this is the case, you have the right to access this personal data and further information, such as processing purposes, categories of processed personal data, recipients, and the planned storage duration or criteria for determining the duration.

b) **Right to Rectification** under Article 16 of the GDPR
You have the right to request the correction of incorrect data without delay. Considering the purposes of the processing, you have the right to request the completion of incomplete data.

c) **Right to Erasure („Right to be Forgotten“)** under Article 17 of the GDPR
You have the right to request the deletion of your data unless processing is necessary. This is the case, for example, if your data is no longer needed for the original purposes, you withdraw your consent, or the data was processed unlawfully.

d) **Right to Restriction of Processing** under Article 18 of the GDPR
You have the right to request the restriction of processing, for instance, if you believe the personal data is incorrect.

e) **Right to Data Portability** under Article 20 of the GDPR
You have the right to receive the personal data concerning you in a structured, commonly used, and machine-readable format.

f) **Right to Object** under Article 21 of the GDPR
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you.

In

the case of direct marketing, you have the right to object at any time to the processing of personal data for such advertising purposes, including profiling, as far as it is related to direct marketing. 

g) **Automated Decision-Making** including profiling under Article 22 of the GDPR
You have the right not to be subject to a decision based solely on automated processing, including profiling, except in the exceptional cases mentioned in Article 22 of the GDPR.
Automated decision-making, including profiling, does not take place.

h) **Right to Complain** to a Data Protection Supervisory Authority under Article 77 of the GDPR
You also have the right to lodge a complaint with a supervisory authority, especially if you believe that the data processing does not comply with data protection regulations.