Data Privacy Policy of
M10 Solar Equipment GmbH

We, the operators of this website, treat the personal data that is processed during the visit of this website confidentially and in compliance with the applicable data protection regulations.

We would like to point out that data transmission over the internet (e.g., communication per email) may have security gaps; complete data protection against third-party access of is not possible.

Below, we inform about the data processing in connection with the use of our services.

I. Name and Address of the Controller

The Controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the EU member states as well as other data protection regulations is:

M10 Solar Equipment GmbH
Munzinger Str. 10
79111 Freiburg im Breisgau
Germany

Phone: +49-761-7675-400
Fax.: +49-761-7675-403
Email: info@m10solar.com

General

Your personal data (e.g., title, name, address, e-mail address, phone number, bank details, credit card number) will only be processed by us in accordance with the provisions of European and German data protection law. The following information informs you about the type, scope and purpose of the collection, processing, and use of personal data. This privacy policy only applies to our websites. If you are redirected to other sites via links, please inform yourself about the processing of your data on the respective site.

General information on the collection, disclosure and storage period of personal data

(1) We process your personal data in compliance with the provisions of the GDPR, the German Federal Data Protection Act (BDSG) and all other relevant laws.

(2) The primary purpose of data processing is to establish and fulfill a contractual relationship with you. When you contact us by e-mail, via a contact form or by telephone, the data you provide (your e-mail address, your name and telephone number if applicable) will be stored by us in order to answer your questions. The primary legal basis for this is Art. 6 (1) (b) GDPR. In addition, your separate consent pursuant to Art. 6 (1) (a), 7 GDPR may be used as a data protection law permission regulation. We also process your data in order to be able to fulfill our legal obligations, in particular in the area of commercial and tax law. This is done on the basis of Art. 6 (1) (c) GDPR. If necessary, we also process your data on the basis of Art. 6 (1) (f) GDPR in order to protect our legitimate interests or those of third parties.

(3) Your personal data will only be passed on to third parties without your express consent – unless otherwise stated elsewhere in this privacy policy – if this is necessary for the provision of our services. These are in particular technical service providers that we need to provide the website or its functionalities and have commissioned accordingly. The service providers process this data exclusively on our behalf in accordance with our instructions and we have concluded corresponding contracts with these service providers for order processing in accordance with Art. 28 GDPR. Of course, before passing on your personal data, we ensure that the service providers have taken the necessary technical and organizational measures to ensure an appropriate level of protection. The scope of the data transfer is limited to the minimum necessary in each case.

(4) As part of our business relationships, your personal data may be passed on or disclosed to third-party companies. These may also be located outside the European Economic Area (EEA), i.e. in third countries. Such processing takes place exclusively for the fulfillment of contractual and business obligations and for our legitimate interests (legal basis is Art. 6 (1) (b) or (f) in each case in conjunction with Art. 44 ff. GDPR), in individual cases also on the basis of your consent (legal basis is Art. 6 (1) (a) in conjunction with Art. 44 ff. GDPR). We will inform you about the respective details of the transfer at the relevant points below.

(5) We delete your personal data as soon as it is no longer required for the purposes for which it was collected. After termination of the contractual relationship, your personal data will be stored for as long as we are legally obliged to do so. This regularly results from legal obligations to provide evidence and retain data, which are regulated in the German Commercial Code and the German Fiscal Code, among others. The storage periods are up to ten years. In addition, personal data may be stored for the period during which claims can be asserted against us (statutory limitation period of three or up to thirty years).

Processing of personal data when visiting our website

(1) When using the website for information purposes only, i.e., if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we generally collect the following data, which are technically necessary for us to display our website to you and to guarantee stability and security:

IP address
date and time of request
time zone difference to Greenwich Mean Time (GMT)
content of the request (specific page)
access status/http status code
the amount of data transferred in each case
the website from which the request comes from
browser
operating system and its interface
language and version of browser software.

(2) The legal basis for the temporary storage of data and log files is Article 6 (1) (f) GDPR. The temporary storage of the IP address by the system is necessary to enable the website to be delivered to your browser. For this purpose, your IP address must remain stored for the duration of the session. The data is stored in log files to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. These purposes also constitute our legitimate interest in data processing. The data is not analyzed for marketing purposes in this context.

(3) The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. Log files are deleted within 14 days after accessing the website.

Your rights

(1) You have the following rights over your personal data against us under the respective legal conditions:

right to information,
right to correction or deletion,
right to restriction of processing,
right to objection to processing, provided that the processing is carried out on the basis of Art. 6 (1) (e) or (f) GDPR (safeguarding public interests or legitimate interest),
right to withdraw consent that has been given,
right to data portability.

(2) You have the right to objection to processing, provided that the processing is carried out on the basis of Art. 6 (1) (e) or (f) GDPR (safeguarding public interests or legitimate interest). Of course, you can object to the processing of your personal data for the purposes of direct advertising and related data analysis at any time. You can send your objection to our contact details above.

(3) You also have the right to complain to a data protection authority about our processing of your personal data.

Use of contact forms and e-mail

(1) We collect your personal data when you provide it to us via our contact forms or contact us by e-mail. We then record the information that comes about when you contact us. This includes, in particular, names and transmitted contact data, date and reason for contacting us. The personal data collected from you will only be used for the purpose of providing you with the requested products or services and corresponding with you. If you contact us and are interested in an offer, your personal data will be processed for the purpose of initiating a contract in accordance with Art. 6 (1) (b) GDPR. Otherwise, your request will be processed to protect our legitimate interest in the proper processing and answering of your request on the basis of Art. 6 (1) (f) GDPR. Your data will be forwarded to us by email via our provider. If it is not provided, we will unfortunately not be able to contact you and process your request.

(2) The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input screen of the contact form, this is the case when the respective conversation with you has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. If the data provided is subject to retention obligations under tax and commercial law, it will be stored for the duration of the statutory retention obligations and then deleted, unless you have consented to further storage or further processing of the data is necessary for the assertion, exercise or defense of legal claims.

Information on Cookies

1) We use cookies and other technologies on our website. Cookies are small text files that are assigned and stored on your hard drive to the browser you are using by a characteristic string and through which certain information flows to the entity that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer and therefore cannot cause any damage. Cookies optimize your internet browsing experience by displaying websites more user-friendly and effective.

(2) Cookies can contain data that make it possible to recognize the device used or merely contain information on certain settings that cannot be related to a specific person. However, cookies cannot directly identify a user. There are two types of cookies: so-called session cookies, which are deleted as soon as you close your browser, and so-called permanent cookies, which are stored beyond the individual session. You can find more information about the cookies we set in our Consent Management Tool. This tool will also enable you to customize your settings and withdraw consent that has been given. You can open our Consent Management Tool (cookie banner) at any time by clicking on “Privacy Settings” at the bottom of our website.

Go to the Consent Management Tool

Change privacy settings

(3) We use technically necessary cookies that are necessary to navigate the website, use basic functions and ensure the security of the website. These cookies neither collect information about you for marketing purposes nor store which websites you have visited. These cookies are deleted as soon as the browser session is ended. The data processing carried out on the basis of technically necessary cookies is necessary for the purposes mentioned to safeguard our legitimate interests in accordance with Art. 6 (1) (f) GDPR. The legal basis for the use of technically necessary cookies or similar technologies on your end device is Section 25 (2) No. 2 TDDDG.

(4) We only set various cookies with your consent, which you can select via the cookie consent tool cookie banner on your first visit to our website. The functions are only activated with your consent and are used in particular to analyze and improve visits to our website, to make it easier for you to use different browsers or end devices, to recognize you during a visit or to integrate videos on our website. The legal basis for this data processing is your consent in accordance with Art. 6 (1) (a) GDPR. The legal basis for the use of functional cookies or similar technologies on your end device is your consent in accordance with Section 25 (1) TDDDG. You can revoke your consent at any time via the cookie banner without affecting the permissibility of data processing until revocation.

Real Cookie Banner

(1) This website uses the cookie consent technology “Real Cookie Banner” to obtain your consent to the storage of certain cookies on your terminal device or to the use of certain technologies and to document this in accordance with data protection law. The provider of this technology is devowl.io GmbH, Tannet 12, 94539 Grafling (hereinafter “Real Cookie Banner”).

(2) When you visit our website, the following personal data is transferred to Real Cookie Banner:

Your consent(s) or revocation of your consent(s)
Your IP address
Information about your browser
Information about your terminal device
Time of your visit to the website

Furthermore, Real Cookie Banner stores a cookie in your browser in order to be able to assign the consent(s) given or their revocation to you. The data collected in this way will be stored until you request us to delete it, until Real Cookie Banner deletes the cookies itself, or until the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.

(3) Real Cookie Banner is used to obtain the legally required consent for the use of certain technologies. The legal basis for this is Section 25 (2) No. 2 TDDDG and Art. 6.(1) sentence 1 (c) GDPR.

(4) For more information on the Real Cookie Banner, please visit the provider’s website.

WPML

(1) On our website we use the service WPML of the provider OnTheGoSystems Limited, 22/F 3 Lockhart Road, Wanchai, Hong Kong (hereinafter: “WPML”). WPML is a multi-language plugin for WordPress. We use WPML to be able to display our online presence in different languages. When you visit our website, WPML stores a cookie on your terminal device to save the language setting you have selected. This allows personal data to be stored and analyzed, in particular the user’s activity (especially which pages have been visited and which elements have been clicked on) as well as device and browser information (especially the IP address and the operating system). Since these are session cookies, the cookies are deleted again as soon as you close your browser.

(2) The use of WPML serves to display our website in multiple languages and to save your settings. The legal basis for data processing is Section 25 (2) No. 2 TDDDG and Art. 6 (1) sentence 1 (f) GDPR. Our legitimate interest lies in addressing visitors to our online presence in your native language.

(3) For more information on the processing of data by WPML, please refer to the provider’s privacy policy.

Elementor

(1) We use the plugin Elementor Website Builder for WordPress on our website, from the provider Elementor 8 THE GRN STE A DOVER, DE 19901 USA (hereinafter “Elementor”). Elementor is a software used to create the layout of this website. Cookies are used to store the number of page accesses and active sessions of the user. The collected data is not used for analysis purposes, but only for technical purposes to ensure that, e.g. hidden elements are not displayed again during several active sessions. Since the plugin uses session cookies, the cookies are deleted again as soon as you close your browser.

(2) The use of Elementor serves to be able to present our website in a user-friendly manner. The legal basis for data processing is Section 25 (2) No. 2 TDDDG and Art. 6 (1) sentence 1 (f) GDPR.

(3) For more information on the processing of data by Elementor, please refer to the provider’s privacy policy.

Wordfence

(1) This website uses the WordPress plugin Wordfence for security purposes. The provider is Defiant, Inc, 800 5th Ave Ste 4100, Seattle, WA 98104, USA (hereinafter “Wordfence”). The plugin protects the website against attempts by third parties to gain unauthorized access to the website and thereby obtain personal data, embed malware on the website or perform other illegal activities.

(2) The plugin sets cookies to detect whether the website is actually visited by a person or by a robot. For the purpose of protection against so-called brute force attacks (numerous automated login attempts from the same identity) or against hacker comment spam, IP addresses are stored on the Wordfence servers. IP addresses classified as harmless are placed on a whitelist. Wordfence Security secures this website and thus also protects visitors to the website from viruses and malware.

(3) Wordfence is used to increase the security of this website and thus also the security of the website users. This represents our legitimate interest in using the plugin. The legal basis for the data processing is Section 25 (2) No. 2 TDDDG and Art. 6 (1) sentence 1 (f) GDPR.

(4) For more information on the processing of data by Wordfence, please refer to the provider’s privacy policy.

Tagembed

(1) On our website we use the plugin Tagembed of the provider Tagembed, 237 Kearny Street San Francisco, California 94108, USA (hereinafter: “Tagembed”). Tagembed is a tool for integrating the most recent postings on our LinkedIn profile (https://www.linkedin.com/company/77668850) on our website. For this purpose, our website establishes a permanent connection to LinkedIn’s servers.

(2) To ensure that visiting our website with embedded content does not automatically lead to content from the third-party provider being reloaded, we only display a button in a first step. This does not provide the third-party provider with any information. Only when you agree to the use of Tagembed in our Consent Management Tool (under functional cookies) is third-party content reloaded. Through this, LinkedIn receives the information that you have accessed our site as well as the usage data technically required in this context. In addition, LinkedIn is then able to implement tracking technologies. Finally, LinkedIn also receives information when you view content, for example, even if you have not created an account. This so-called “log data” may be the IP address, browser type, operating system, information about the website you previously visited and the pages you viewed, your location, your mobile provider, the terminal device you use (including device ID and application ID), the search terms you used and cookie information. We have no influence on the further data processing by LinkedIn. By activating the Tagembed tool, you give us consent to reload third-party content. You can withdraw this consent at any time in our Consent Management Tool.

LinkedIn provides information on this in its privacy policy and cookie policy.

(3) We point out that when Tagembed is embedded and data is processed by LinkedIn, users’ data may be processed outside the area of the European Union. We expressly point out that in these cases of data transfer to third countries, the level of data protection in the third country may not have been established by the EU Commission in accordance with Art. 45 of the GDPR, nor are there any suitable guarantees within the meaning of Art. 46 of the GDPR. It is therefore possible that a level of data protection exists in the third country that is not equivalent to that in the GDPR. Data may be used for commercial interests, for example, to display specific advertising to users. There may also be risks for users because, for example, it could be more difficult to enforce users’ rights. For details, please refer to the LinkedIn privacy policy.

(4) The legal basis for setting the cookies and further data processing is your consent and thus Section 25 (1) TDDDG and Art. 6 (1) sentence 1 (a) GDPR. Insofar as a transfer of data to the USA or another third country takes place, such a third country transfer is based on your consent according to Art. 49 (1) sentence 1 (a) GDPR, which you can give and withdraw in the Consent Management Tool.

(5) For further information on the processing of data by Tagembed, please refer to the provider’s privacy policy.

Web analysis with Google Analytics

(1) This website uses Google Analytics, a web tracking service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) (“Google”). Google Analytics uses cookies to analyze the interactions of a website user. The data collected is used to optimize our website and to improve advertising measures. The information generated by the cookie about your use of this website will be transmitted to and stored by Google on servers in the United States. However, if IP anonymization is activated on this website and you access this website from member states of the European Union or other contracting states to the Agreement on the European Economic Area, your IP address will be truncated beforehand by Google. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. This website uses Google Analytics with the extension “anonymizeIP()”. Accordingly, IP addresses are only processed in abbreviated form to exclude direct personal references. The legal basis for the use of Google Analytics is Art. 6 (1) sentence 1 (f) GDPR.

(2) Under the terms of the Order Processing Agreement, which the website operators have concluded with Google, the latter uses the collected information to evaluate website usage and website activity and provides services related to internet usage.

(3) The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Deletion of data at user and event level linked to cookies, user IDs (e.g. user ID) and advertising IDs takes place no later than 14 months after their collection.

(4) You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en

(5) For more information on the scope of services provided by Google Analytics, please refer to Google’s terms of use. Google provides information on data processing when using Google Analytics here. General information on data processing, which according to Google should also apply to Google Analytics, can be found in Google’s privacy policy.

(6) We use Google Analytics as explained to analyze the use of our website and to be able to continuously develop our website in terms of user-friendliness. We only activate Google Analytics if you consent to data processing by Google Analytics for these purposes. The legal basis for the use of Google Analytics is therefore Art. 6 (1) sentence 1 (a) GDPR and Section 25 (1) TDDDG. You can withdraw an already granted consent for your respective end device at any time with effect for the future by making changes in our Consent Management Tool.

(7) In connection with the provision of services, Google may also transfer the data processed to servers outside the EU, in particular in the USA, insofar as this is necessary for the provision of these services. As we have already explained, there is no adequacy decision by the EU Commission for the USA and there is no consistently high level of data protection due to differing legal provisions. The transfer of data to servers in the USA may therefore give rise to additional risks, for example, it may be more difficult to enforce the rights of the data subject to this data. We have therefore concluded the EU standard data protection clauses with Google, which also stipulate the implementation of appropriate protective measures, which may also include encryption of the data depending on the need for protection, and which are improved in accordance with the legal and technical conditions for appropriate protection of the data. Insofar as a transfer of data to the USA or another third country takes place, such a third country transfer is based on your consent in accordance with Art. 49 (1) sentence 1 (a) GDPR, which you can grant and withdraw in our Consent Management Tool.

Use of social media plug-ins

(1) Currently, we are using the following social media plug-ins for our social media pages: Facebook, Twitter, LinkedIn and Xing. Thereby, we use the so-called two-click solution, whereafter initially no personal data is passed on to the providers of the plug-ins. Nonetheless, you can recognize the provider of the plug-in via the relevant logo. We then enable you to communicate directly with the provider of the plug-in via the button. The plug-in provider will only receive the information that you accessed our website if you click on the marked area and thereby activate it. Moreover, the above-mentioned personal data is transmitted, which your browser sends to our server.

(2) By activating the plug-in, your personal data is transmitted to the respective plug-in provider and stored there (in the case of US providers, in the USA). Since the plug-in provider collects the data mainly via cookies, we recommend that you delete all cookies via your browser’s security settings before clicking on the logo.

(3) The plug-in provider stores the data collected about you as user profiles for purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out particularly (also for users who are not logged in) to display tailored advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. However, you must contact the respective plug-in provider to exercise this right. Via the plug-ins, we enable you to interact with the social networks and other users to improve our services and make it more interesting for you as a user.

(4) Our data processing in connection with the use of the plugins is based on Art. 6 (1) sentence 1 (f) GDPR. Our legitimate interest in the use of the plugins is the improvement and optimal design of our website based on the wishes and preferences of users, which we learn through the interaction with the plugins in connection with our website and implement in terms of user preferences. Your interests are taken into account by the fact that the data transmission to the social networks only takes place when you activate the plugin yourself by clicking on it.

(5) The data transfer takes place regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in to the plug-in provider, the data we collect is directly assigned to your account with the plug-in provider. If you activate the button and link to the page, for example, the plug-in provider also saves this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as this allows you to avoid an assignment to your profile with the plug-in provider.

(6) For more information on the purpose and scope of data collection and processing by the plug-in provider, please refer to the data protection declarations of these providers provided below. There, you will also receive further information about your rights in this regard and setting options for protecting your privacy.

Facebook, which is offered by Meta Platforms Ireland Ltd, Grand Canal Square, Grand Canal Har-bour, Dublin 2, Ireland. https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0
X (formerly Twitter), which is offered by X Internet Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland. https://x.com/de/privacy
Xing, which is offered by New Work SE, Am Strandkai 1, 20457 Hamburg, Gänsemarkt 43, 20354 Hamburg, Germany. https://privacy.xing.com/de/datenschutzerklaerung
LinkedIn, which is offered by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. https://de.linkedin.com/legal/privacy-policy

Information on Applications

(1) If you apply to us by e-mail or post, we will store your details for the purpose of carrying out and for the duration of the application process. This concerns the personal data you provide in your application documents, e.g., name, address, e-mail address, date of birth, telephone number, interests, qualifications, educational and professional background, and possibly also sensitive data, such as religious affiliation or severely disabled status. If you apply to us via portals operated by third parties, we will receive your data from the source to which you have declared your consent to the transfer of data. You can obtain more information on data collection from the source in question.

(2) The provision of your personal data is necessary to carry out the application process. The legal basis for the aforementioned data processing is Art. 6 (1) (b) GDPR and Art. 88 GDPR in conjunction with Section 26 of the German Data Protection Act (BDSG).

(3) We generally store your application data for a period of six months after the conclusion of an unsuccessful application process, unless this conflicts with statutory retention obligations. The legal basis for the aforementioned data processing is Art. 6 (1) (c) and (f) GDPR. As part of the application process, we also check whether we can offer you another vacancy that matches your application. If we are interested in retaining your application documents for a later date, we will ask you for separate consent to this effect. The legal basis in this case is Article 6 (1) (a) of the GDPR.

(4) As a matter of principle, your data will be processed exclusively by us and will not be passed on to third parties. Exceptions concern cases in which the legislator requires or provides for the disclosure of data (for example, in the context of tax audits by the tax authorities). In certain cases, the disclosure of your data to third parties is necessary to protect your or our interests or to fulfill our contractual obligations. This occurs particularly when we use external service providers. In these cases, the service provider is bound by instructions and receives personal data only to the extent and for the period that is necessary for the provision of the services in question. A transfer abroad does not take place and is not intended.

No automated decision-making (including profiling)

We do not use automated decision-making (including profiling) in accordance with Art. 22 GDPR.

Updating of data protection information

Since this data protection notice may change from time to time due to legal changes or new functions within the scope of our offer, we recommend that you call it up regularly.

Last update: November 2025

Data Privacy Policy of M10 Solar Equipment GmbH