Below we provide information in accordance with Art. 13 and 14 GDPR on the processing of personal data when using:
Personal data includes all data that can be linked to a specific natural person, e.g. their name or IP address.
1.1. Contact information
The controller responsible for data processing on this website in accordance with Art. 4 (7) of the EU General Data Protection Regulation (GDPR) is:
TESVOLT AG
Am Heideberg 31
06886 Lutherstadt Wittenberg
Germany
Email: info@tesvolt.com
The controller responsible is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g. names, email addresses, etc.).
We have appointed a data protection officer for our company. They can be reached at the following address.
TESVOLT AG Data Protection Officer
Am Heideberg 31
06886 Lutherstadt Wittenberg
Germany
Phone: +49 (0) 3491 87 97 100
Email: datenschutz@tesvolt.com
1.2. Scope of data processing, purposes of processing and the legal bases
The scope of the data processing, the purposes of the processing, and the legal bases are explained in detail below. The following are generally considered to be the legal bases for data processing:
1.3. Data processing outside the EEA
Where we transfer data to service providers or other third parties outside the EEA, adequacy decisions of the EU Commission pursuant to Art. 45 (3) GDPR guarantee the security of the data in the course of transfer where such decisions exist, as is the case for the UK, Canada and Israel, for example.
In the absence of an adequacy decision (e.g. for the USA), the legal basis for data transfer is standard contractual clauses in most cases, i.e. unless we indicate otherwise. These are a set of rules adopted by the EU Commission and form part of the contract with the respective third party. According to Art. 46 (2) (b) GDPR, they guarantee that the transfer of data is secure. Many of these providers have also issued contractual guarantees that go beyond standard contractual clauses, which provide even greater protection for data. These may include guarantees concerning the encryption of data or the obligation of a third party to inform the data subject if law enforcement agencies wish to access data.
1.4. Storage period
Unless expressly stated in this privacy policy, the data we store is deleted as soon as it is no longer required for its intended purpose, the customer has not consented to further storage in accordance with Art. 6 (1) (1) (a) GDPR, and there are no statutory retention obligations that prevent deletion. If the data is not deleted because it is required for other purposes permitted by law, its processing is restricted, i.e. the data is blocked and not processed for other purposes. This applies, for example, to data that we must retain for reasons of commercial or tax law.
1.5. Rights of data subjects
Data subjects have the following rights vis-à-vis us with regard to their personal data:
Within the framework of the applicable legal provisions, you have the right at any time to information, free of charge, about your stored personal data, its origin, the recipient and the purpose of the data processing and, if necessary, a right to correction or deletion of this data. You can contact us at any time at the address provided in the legal notice for this purpose or for any other questions on the subject of personal data.
You have the right to request that the processing of your personal data be restricted. You can contact us at any time at the address provided in the legal notice for this purpose. The right to restrict processing exists in the following cases:
- If you dispute the accuracy of your personal data that we have stored, we generally need time to review the issue. You have the right to request that processing of your personal data be restricted for the period of this review.
- If the processing of your personal data was/is unlawful, you can request that the processing of your data be restricted instead of deleted.
- If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request that the processing of your personal data be restricted instead of deleted.
- If you have filed an objection in accordance with Art. 21 (1) GDPR, a balance must be struck between your interests and ours. You have the right to request that the processing of your personal data be restricted while the prevailing interest is being determined.
If you have restricted the processing of your personal data, this data – with the exception of its storage – may only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a member state.
If data is processed on the basis of Art. 6 (1) (1) (e) or (f) GDPR, you have the right to object to the processing of your personal data at any time for reasons related to your particular situation. You can find the respective legal basis on which processing is based in this privacy policy. If you file an objection, we cease processing your personal data unless we can demonstrate that we have compelling and legitimate grounds for such processing that override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims (objection pursuant to Art. 21 (1) GDPR).
If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing. If you object, your personal data will no longer be used for the purpose of direct marketing (objection pursuant to Art. 21 (2) GDPR).
You have the right to request that data that we process automatically on the basis of your consent or in fulfilment of a contract be handed over to you or to a third party in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, we will only fulfil your request if it is technically feasible.
Many data processing operations are only possible with your express consent. You can revoke your consent at any time. In the event of revocation, the legality of the processing prior to revocation remains unaffected.
Data subjects also have the right to file a complaint with a data protection supervisory authority about the processing of their personal data. Contact information for the data protection supervisory authorities can be found at https://www.bfdi.bund.de/EN/Service/Anschriften/Laender/Laender-node.html.
1.6. Duty to provide data
As part of a business relationship or other relationship, customers, interested parties and third parties only have to provide us with the personal data that is necessary for the establishment, implementation and termination of the business or other relationship, and the data we are legally obligated to collect. Without this data, we will normally refuse to conclude a contract or provide a service, or will no longer able to fulfil an existing contract or other relationship. Mandatory information is marked as such.
1.7. No automated decision-making in individual cases
Generally, we do not use fully automated decision-making in accordance with Article 22 of GDPR to establish or implement business relationships or any other form of relationship. Should we use these procedures in individual cases, we will inform you separately if this is required by law.
1.8. Contacting us
When you contact us, e.g. by email or telephone, we store the data provided to us (e.g. names and email addresses) in order to answer questions. The legal basis for data processing is our legitimate interest (Art. 6 (1) (1) (f) GDPR) in responding to enquiries addressed to us. We delete the data collected for this purpose after storage is no longer required, or restrict processing if we have a legal obligation to retain the data.
1.9. Customer surveys
From time to time we conduct customer surveys to get to know our customers and their needs better. In each case, we collect the requested data. We have a legitimate interest in better understanding our customers and their wishes, therefore the legal basis for the corresponding data processing is Art. 6 (1) (1) (f) GDPR. We delete the data after the results of the surveys have been analysed.
1.10. SSL and/or TLS encryption
This site uses SSL and/or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us, the site operator. You can recognise an encrypted connection by the browser address line changing from “http://” to “https://” and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
We reserve the right to periodically inform customers who have already used our services or purchased goods from us about our offers by email or other electronic means if they have not objected to this. The legal basis for this data processing is Art. 6 (1) (1) (f) GDPR. Our legitimate interest relates to direct marketing (Recital 47 GDPR). Customers can object to the use of their email address for advertising purposes at any time at no additional cost, for example via the link at the end of each email or by sending an email to our email address above.
Interested parties have the option of subscribing to a free newsletter. We process the data provided upon registration exclusively for the purpose of sending the newsletter. Interested parties can register by selecting the corresponding field on our website, by ticking the corresponding field in a paper document or by another distinct action, thus declaring their consent to the processing of their data, therefore the legal basis is Art. 6 (1) (1) (a) GDPR. Consent can be revoked at any time, for example by clicking on the corresponding link in the newsletter or by sending a message to the email address provided above. In the event of revocation, the legality of the processing prior to revocation remains unaffected.
Based on the consent of the recipients (Art. 6 (1) (1) (a) GDPR), we also measure the opening and click rate of our newsletters in order to understand which content is relevant for our subscribers.
We send newsletters using the Microsoft Dynamics 365 tool from the provider Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (privacy policy: https://privacy.microsoft.com/en-gb/privacystatement?culture=de-de&country=DE). The provider processes content data, usage data, meta/communication data and contact data in the EU.
We send newsletters with Microsoft Dynamics 365 CRM (on servers in the EU). The provider processes content data, usage data, meta/communication data and contact data.
3.1. Notice for website visitors from Germany
Our website stores information on the end device of website visitors (e.g. cookies) or accesses information that is already stored on the end device (e.g. IP addresses). This information can be found in detail in the following sections.
This storage and access takes place on the basis of the following provisions:
Downstream data processing is carried out in accordance with the following sections and on the basis of the provisions contained in the GDPR.
3.2. Use of the website for informational purposes
When the website is used for informational purposes, i.e. when visitors to the site do not transmit information to us separately, we collect the personal data that the browser transmits to our server in order to ensure the stability and security of our website. This is our legitimate interest, therefore the legal basis is Art. 6 (1) (1) (f) GDPR.
This data includes:
This data is also stored in log files. It is deleted when storage is no longer required, no more than 14 days.
3.3. Web hosting and provision of the website
Our website hosts All-Inkl.com. The provider is René Münnich (“ALL-INKL.COM - Neue Medien Münnich”), Hauptstraße 68, 02742 Friedersdorf, Germany. The provider processes the personal data transmitted via the website, e.g. content data, usage data, meta/communication data and contact data, in the EU. Additional information can be found in the provider’s privacy policy at https://all-inkl.com/datenschutzinformationen/.
Our website hosts Cicero. The provider is Werbeagentur Cicero, Kagenhofer Weg 3, 90556 Seukendorf, Germany. The provider processes the personal data transmitted via the website, e.g. content data , usage data, meta/communication data and contact data, in the EU. Additional information can be found in the provider’s privacy policy at https://www.werbeagentur-cicero.de/166/datenschutzerklaerung.
We have a legitimate interest in providing a website, therefore the legal basis for the data processing described is Art. 6 (1) (1) (f) GDPR.
3.4. Contact form
When you contact us via the contact form on our website, we store the data requested there and the content of the message.
The legal basis for data processing is our legitimate interest in responding to enquiries addressed to us. Therefore, the legal basis for the data processing is Art. 6 (1) (1) (f) GDPR.
We delete the data collected for this purpose after storage is no longer required, or restrict processing if we have a legal obligation to retain the data.
3.5. Job advertisements and applications
We publish open positions on our website, on websites linked to our website, and, where applicable, on third-party websites (e.g., job portals or social networks).
The processing of personal data submitted as part of an application is carried out solely for the purpose of conducting the recruitment process and deciding on the establishment of an employment relationship. The legal basis for this processing is Article 6(1)(b) GDPR, as the processing is necessary for the implementation of pre-contractual measures taken at the request of the data subject. For the processing of special categories of personal data that are necessary for establishing the employment relationship (e.g., information relating to health status in connection with a severe disability certificate), the additional legal basis is Article 9(2)(b) GDPR in conjunction with Section 26(3) of the German Federal Data Protection Act (BDSG).
The data that are strictly required for carrying out the recruitment process are marked accordingly in the application form or otherwise explicitly identified. If these mandatory details are not provided, the application cannot be processed.
Any information provided beyond the mandatory requirements is voluntary and not necessary for submitting an application. Where applicants provide such additional information, it is processed on the basis of their consent pursuant to Article 6(1)(a) GDPR.
We expressly ask applicants to refrain from including information in their CVs or cover letters regarding political opinions, religious or philosophical beliefs, trade union membership, ethnic origin, health status, or other similarly sensitive data within the meaning of Article 9(1) GDPR, as such information is not required for the recruitment process. If such information is nevertheless submitted, we cannot prevent its processing as part of the review of the application documents. In such cases, the processing is based on the applicant’s explicit consent pursuant to Article 9(2)(a) GDPR.
Where applicants have given their consent for their data to be retained beyond the current recruitment process and included in a talent pool for consideration in future recruitment procedures, we process the relevant data on the basis of Article 6(1)(a) GDPR. Consent may be withdrawn at any time with effect for the future. The lawfulness of any processing carried out prior to the withdrawal remains unaffected.
Applicant data are shared with employees of the Human Resources Department involved in the recruitment process, as well as with other specialist departments participating in the selection process. In addition, we may engage data processors in the area of recruitment (e.g., providers of applicant management systems), with whom a data processing agreement in accordance with Article 28 GDPR has been concluded. Applicant data will not be disclosed to any other third parties unless such disclosure is required by law or the applicant has expressly consented to it.
If an employment relationship is established following the recruitment process, the applicant’s data will be transferred to the personnel file. The legal basis for further processing is then Article 6(1)(b) GDPR. The data will be deleted only after the employment relationship has ended and the applicable statutory retention periods have expired.
If no employment relationship is established, the applicant’s data will be deleted no later than six months after receipt of the rejection decision, unless legitimate interests prevent deletion (e.g., the preservation of evidence in the event of claims under the German General Equal Treatment Act (AGG); legal basis: Article 6(1)(f) GDPR) or unless consent has been given for inclusion in the talent pool. In the latter case, the data will be stored in the talent pool for the duration of the consent, but for no longer than two years from the date consent was granted.
3.6. Payment service providers
To process payments, we use payment processors who are themselves data controllers within the meaning of Art. 4 No. 7 GDPR. Where they receive the data and payment data we enter in the course of the ordering process, we fulfil the contract concluded with our customers (Art. 6 (1) (1) (b) GDPR).
These payment service providers are:
3.7. Cookies required for technical reasons
Our website uses cookies. Cookies are small text files that are stored in the web browser on the end device of a website visitor. Cookies help to make the website more user-friendly, effective and secure. To the extent that these cookies are necessary for the operation of our website or its functions (hereinafter referred to as “Cookies required for technical reasons”), the legal basis for the corresponding data processing is Art. 6 (1) (1) (f) GDPR. We have a legitimate interest in providing customers and other site visitors with a functional website.
More specifically, we place cookies that are technically necessary for the following purpose or purposes:
3.8. Third-party providers
3.8.1. LinkedIn Insight Tag
We use LinkedIn Insight Tag for conversion tracking. The provider is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The provider processes usage data (e.g. websites visited, interest in content, access times) and meta/communication data (e.g. device information, IP addresses) in the EU.
The legal basis for processing is Art. 6 (1) (1) (a) GDPR. Data is processed on the basis of consent. Data subjects can revoke their consent at any time, e.g. by contacting us via the contact information provided in our privacy policy. In the event of revocation, the legality of the processing prior to revocation remains unaffected.
The data is deleted when the purpose for which it was collected no longer applies and there is no obligation to retain it. Additional information can be found in the provider’s privacy policy at https://www.linkedin.com/legal/privacy-policy.
3.8.2. Google Webfonts
We use Google Webfonts for fonts on the website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. However, data is only processed on our servers. We process meta/communication data (e.g. device information, IP addresses) in the EU.
The legal basis for processing is Art. 6 (1) (1) (f) GDPR. We have a legitimate interest in using readily applicable and cost-effective fonts on our website.
Additional information can be found in the provider’s privacy policy at https://policies.google.com/privacy.3.8.3. Hotjar
We use Hotjar for analysis purposes. The provider is Hotjar Ltd, Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian’s, STJ 3141, Malta. The provider processes usage data (e.g. websites visited, interest in content, access times) and meta/communication data (e.g. device information, IP addresses) in the EU.
The legal basis for processing is Art. 6 (1) (1) (a) GDPR. Data is processed on the basis of consent. Data subjects can revoke their consent at any time, e.g. by contacting us via the contact information provided in our privacy policy. In the event of revocation, the legality of the processing prior to revocation remains unaffected.
The data is deleted when the purpose for which it was collected no longer applies and there is no obligation to retain it. Additional information can be found in the provider’s privacy policy at https://www.hotjar.com/legal/policies/privacy/.
3.8.4. YouTube Videos
We use YouTube videos for videos on the website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes usage data (e.g. websites visited, interest in content, access times) and meta/communication data (e.g. device information, IP addresses) in the USA.
The legal basis for processing is Art. 6 (1) (1) (a) GDPR. Data is processed on the basis of consent. Data subjects can revoke their consent at any time, e.g. by contacting us via the contact information provided in our privacy policy. In the event of revocation, the legality of the processing prior to revocation remains unaffected.
The legal basis for transferring data to a country outside the EEA is consent.
Additional information can be found in the provider’s privacy policy at https://policies.google.com/privacy.
3.8.5. Calendly
We use Calendly to plan appointments. The provider is Calendly LLC, BB&T Tower, 271 17th St NW, Atlanta, GA 30363, USA. The provider processes usage data (e.g. websites visited, interest in content, access times), contact data (e.g. email addresses, telephone numbers) and master data (e.g. names, addresses) in the USA.
The legal basis for processing is Art. 6 (1) (1) (a) GDPR. Data is processed on the basis of consent. Data subjects can revoke their consent at any time, e.g. by contacting us via the contact information provided in our privacy policy. In the event of revocation, the legality of the processing prior to revocation remains unaffected.
The legal basis for transferring data to a country outside the EEA is standard contractual clauses. The security of the data transferred to the third country (i.e. a country outside the EEA) is guaranteed by standard data protection clauses issued in accordance with the review procedure pursuant to Art. 93 (2) GDPR (Art. 46 (2) (c) GDPR) that we have agreed with the provider.
We delete the data when the purpose for which it was collected no longer applies. Additional information can be found in the provider’s privacy policy at https://calendly.com/pages/privacy.
3.8.6. Google Ads
We use Google Ads as an online advertising programme to analyse user behaviour on our website (e.g. clicking on certain products, or “remarketing”). The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms into Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on the user data available to Google (e.g. location data and interests) (target group targeting). As website operators, we can evaluate this data quantitatively by analysing, for example, which search terms led to the display of our advertisements and how many advertisements led to corresponding clicks.
The legal basis for processing is Art. 6 (1) (1) (f) GDPR. As the website operator, we have a legitimate interest in marketing our services and products as effectively as possible.
3.8.7. Google Analytics
We use Google Analytics for analysis purposes. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Dublin, Ireland. The provider processes usage data (e.g. websites visited, interest in content, access times) and meta/communication data (e.g. device information, IP addresses) in the USA.
We have activated the IP anonymisation function on this website. As a result, your IP address is shortened by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google uses this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data.
This website uses the “demographic characteristics” function of Google Analytics to display suitable advertisements to website visitors within the Google advertising network. This allows reports to be created that contain information on the age, gender and interests of website visitors. This data comes from interest-based advertising from Google and third-party visitor data. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as described in the section “Objection to data collection”.
The legal basis for processing is Art. 6 (1) (1) (a) GDPR. Data is processed on the basis of consent. Data subjects can revoke their consent at any time, e.g. by contacting us via the contact information provided in our privacy policy. In the event of revocation, the legality of the processing prior to revocation remains unaffected.
The legal basis for transferring data to a country outside the EEA is standard contractual clauses. The security of the data transferred to the third country (i.e. a country outside the EEA) is guaranteed by standard data protection clauses issued in accordance with the review procedure pursuant to Art. 93 (2) GDPR (Art. 46 (2) (c) GDPR) that we have agreed with the provider.
Data stored by Google at user and event level that is linked to cookies, user IDs or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) is anonymised or deleted after 14 months. Additional information can be found in the provider’s privacy policy at https://policies.google.com/privacy.
3.8.8. Google reCAPTCHA
We use “Google reCAPTCHA” (hereinafter referred to as “reCAPTCHA”) on our websites. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
The purpose of reCAPTCHA is to check whether the data input on our websites (e.g. in a contact form) is made by a human or by an automated program. For this purpose, reCAPTCHA analyses the behaviour of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For its analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent on the website by the website visitor or mouse movements made by the user). The data collected for the analysis is forwarded to Google.
Data processing is carried out on the basis of Art. 6 (1) (1) (f) GDPR. The website operator has a legitimate interest in protecting its website from abusive automated spying or improper use.
Additional information about Google reCAPTCHA and Google’s privacy policy can be found here: https://policies.google.com/privacy and https://www.google.com/recaptcha/about/.
3.8.9. Meta Pixel
We use Meta Pixel for analysis purposes. The provider is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The provider processes usage data (e.g. websites visited, interest in content, access times) in the USA.
The legal basis for processing is Art. 6 (1) (1) (a) GDPR. Data is processed on the basis of consent. Data subjects can revoke their consent at any time, e.g. by contacting us via the contact information provided in our privacy policy. In the event of revocation, the legality of the processing prior to revocation remains unaffected.
The legal basis for transferring data to a country outside the EEA is standard contractual clauses. The security of the data transferred to the third country (i.e. a country outside the EEA) is guaranteed by standard data protection clauses issued in accordance with the review procedure pursuant to Art. 93 (2) GDPR (Art. 46 (2) (c) GDPR) that we have agreed with the provider.
The data is deleted when the purpose for which it was collected no longer applies and there is no obligation to retain it. Additional information can be found in the provider’s privacy policy at https://www.facebook.com/policy.php.
3.8.10. Zoom
We use Zoom to conduct webinars, online meetings and video and telephone conferences. The provider is Zoom Video Communications Inc, 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA. The provider processes usage data in the USA.
The legal basis for processing the personal data of registered participants in the context of organising webinars is Art. 6 (1) (b) GDPR. The legal basis is Art. 6 (1) (f) GDPR if there is no contractual relationship (registration for a webinar). We are also interested in the effective organisation of webinars and conferences. The legal basis for transferring data to a country outside the EEA is standard contractual clauses. The security of the data transferred to the third country (i.e. a country outside the EEA) is guaranteed by standard data protection clauses issued in accordance with the review procedure pursuant to Art. 93 (2) GDPR (Art. 46 (2) (c) GDPR) that we have agreed with the provider.
The data is deleted when the purpose for which it was collected no longer applies and there is no obligation to retain it. Additional information can be found in the provider’s privacy policy at https://explore.zoom.us/en/privacy/.
4.1. Partner account
Visitors to the website can open an account on the Partner Portal of our website – available at tesvoltpartner.b2clogin.com. We process the data requested in this context based on the consent of the site visitor. Therefore, the legal basis for the data processing is Art. 6 (1) (1) (a) GDPR.
Consent can be revoked at any time, e.g. via the contact details provided in our privacy policy. In the event of revocation, the legality of the processing prior to revocation remains unaffected. If consent is withdrawn, we delete the data unless we are obligated or authorised to retain it.
In addition to the data entered upon registration, we also process IP addresses for registration purposes.
4.2. Goods and services offered
We offer goods and services via our partner portal. We process the following data as part of the order:
The data is processed to fulfil the contract concluded with the respective website visitor (Art. 6 (1) (1) (b) GDPR).
We pass on the aforementioned data to the service providers if this is required as part of the order. This data includes in particular:
The legal basis for the data processing is Art. 6 (1) (1) (b) GDPR because it is necessary for the fulfilment of the contract.
Certain TESVOLT battery storage systems are sold by TESVOLT in combination with the TESVOLT Energy Manager. The TESVOLT Energy Manager is an energy management system consisting of a small box with the TESVOLT Energy Manager software, which enables optimised management of the TESVOLT battery storage system. Users can open an account via TESVOLT’s web-based myTESWORLD portal, which can be accessed at mytesworld.tesvolt.com. We process the data requested in this context to make the portal available to users and to enable the individual configuration and management of TESVOLT battery storage systems and the resulting energy flows.
The legal basis for the data processing is Art. 6 (1) (b) GDPR because it is necessary for the performance of the contract.
If legally permitted and required for the performance of contractual relationships with users pursuant to Art. 6 (1) (1) (b) GDPR, personal data of users is disclosed to third parties. In particular, this includes disclosure within the framework of providing the portal and disclosure of payment details to payment service providers or credit institutions in order to carry out a payment process. The personal data disclosed may only be used by the third party for the specified purposes.
In addition, the data generated via the portal can be used and analysed in pre-anonymised form for research purposes and also passed on to third parties in the same form for commercial use.
As part of the planning, design, and optimization of TESVOLT storage systems, we rely on cloud-based software solutions provided by specialized service providers. In doing so, we process in particular users’ contact data (e.g., name, business email address) as well as project-related information (e.g., project/site designation, address details, load and consumption data, technical parameters of the planned installations) in order to create use-case analyses, system designs, simulations, and evaluations for storage systems and to handle corresponding project and customer inquiries. Depending on the specific circumstances, the processing is carried out on the basis of Art. 6(1) sentence 1 lit. b GDPR, insofar as we fulfill a contractual obligation towards you, or on the basis of Art. 6(1) sentence 1 lit. f GDPR in conjunction with our legitimate interests in efficient technical planning and design of storage systems, the economical and qualitatively consistent handling of project and customer inquiries, the optimization of internal planning and sales processes, and the improvement of consulting, support, and service offerings in the B2B sector. Where applicable, processing may also be based on consent pursuant to Art. 6(1) sentence 1 lit. a GDPR.
The software providers used act as processors within the meaning of Art. 28 GDPR. We conclude data processing agreements with these service providers, which in particular provide for appropriate technical and organizational measures to protect your data, regulations on the use of sub-processors, and provisions for the deletion or return of the data after completion of the processing. For hosting, backups, or media storage, the service providers may also use cloud infrastructures of external providers, in particular Amazon Web Services (AWS). Processing primarily takes place within the European Union or the European Economic Area. If, in individual cases, personal data are transferred to recipients in the United States that are certified under the EU–U.S. Data Privacy Framework, the transfer is based on the European Commission’s adequacy decision pursuant to Art. 45 GDPR (; information on the framework: ).
If certification under the EU–U.S. Data Privacy Framework does not exist or is not applicable, transfers to third countries take place only on the basis of appropriate safeguards pursuant to Art. 46 GDPR, in particular the European Commission’s Standard Contractual Clauses (https://commission.europa.eu/publications/standard-contractual-clauses-controllers-and-processors-eueea_en>).
As part of the flexibility marketing of battery storage on behalf of customers, we process the following personal data:
· Name
· Address
· Email address
· Company name and designation
· Storage data/storage availability
· Energy data
The legal basis for the data processing is Art. 6 (1) (b) GDPR because it is necessary for the performance of the contract.
If legally permitted and required for the performance of contractual relationships with users pursuant to Art. 6 (1) (1) (b) GDPR, the personal data of users is disclosed to third parties. The personal data disclosed may only be used by the third party for the specified purposes.
We are present on social media networks to represent our organisation and our services. The operators of these networks regularly process their users’ data for advertising purposes. This includes creating user profiles from their online behaviour which are used, for example, to display advertising on the network pages and elsewhere on the internet that corresponds to the interests of the users. For this purpose, the operators of the networks use cookies to store information about user behaviour on the user’s computer. Furthermore, it cannot be ruled out that the operators will merge this information with other data. Additional information and instructions on how users can object to processing by the site operators can be found in the privacy policy declarations of the respective operators listed below. It is also possible that the operators or their servers are located in non-EU countries, which means that they can process data there. This can result in risks for users, e.g. because it makes it more difficult to enforce their rights or because government authorities have access to the data.
When users of the networks contact us via our profiles, we process the data provided to us in order to respond to the enquiries. This is our legitimate interest, therefore, the legal basis is Art. 6 (1) (1) (f) GDPR.
This section applies to our processing of personal data via our Facebook presence. Responsibility for the collection and further processing of users’ personal data on Facebook generally lies with Meta Platforms Ireland Limited (“Facebook”), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Please note that Facebook collects and processes certain information about your visit to our Facebook page even if you do not have a Facebook account or are not logged in to Facebook. Information about Facebook’s processing of personal data can be found in Facebook’s Privacy Policy.
As the operator of this Facebook page, we can only view your public Facebook profile. The information visible to us depends on your profile settings. In addition, we process your personal data (such as your name and the content of your messages, inquiries, or other contributions) when you contact us via our Facebook page or publish content through our Facebook presence, for example by posting a comment. We process this data for the purpose of handling and, where appropriate, responding to your contributions. Our legitimate interest pursuant to Article 6(1)(f) GDPR also lies in these purposes.
We store your personal data on our systems, i.e., outside Facebook, if and for as long as it is necessary for the purposes for which it was collected or if statutory retention obligations apply.
Facebook’s Privacy Policy also contains information on how you can exercise your rights of access, rectification, portability, and erasure vis-à-vis Facebook. It also provides information on your right to object to certain processing activities. Further details on your control options can be found in Facebook’s help resources. The Privacy Policy also contains information on storage periods and the criteria used to determine them. Facebook may transfer data to third countries. Please note that where personal data is processed in the United States, the level of protection may be lower than within the EU.
This section applies to our Instagram presence: https://www.instagram.com/tesvolt/
Instagram is part of the Meta group of companies and shares infrastructure, systems, and technology with Facebook and other Meta companies.
We expressly point out that Meta stores users’ data (e.g., personal information, IP addresses, etc.) and may use such data for business purposes. More information on Instagram’s data processing practices can be found in Instagram’s Privacy Policy.
We have no influence over Meta’s/Instagram’s collection and further processing of data. Furthermore, we cannot determine the extent, location, or duration of data storage, whether Meta/Instagram complies with deletion obligations, what analyses and correlations are carried out, or to whom data is disclosed. Where personal data is processed in connection with our Instagram page and Meta alone determines the purposes and means of processing, Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, is solely responsible for such processing.
Meta’s Data Protection Officer can be contacted via the designated contact form. Instagram’s Privacy Policy describes the categories of personal data processed, the purposes of processing, and the categories of recipients who may receive such data. It also explains the legal bases for processing and how consent may be withdrawn. Additional information on the legal bases can be found in Meta’s privacy documentation.
The Privacy Policy also explains how you can exercise your rights of access, rectification, portability, and erasure, as well as your right to object to certain processing activities. Meta/Instagram may transfer data to third countries. Please note that processing personal data in the United States may result in a lower level of protection than within the EU.
When you visit our Instagram page and your browser permits the storage of cookies, Meta/Instagram stores information in the form of cookies in your browser and may access this information when you visit Instagram or websites that incorporate Instagram technologies. Further information about cookies and your options for managing them can be found in Instagram’s help resources.
Cookies enable Meta/Instagram to track user behavior across websites beyond the Instagram platform and to create profiles based on that behavior. This applies to both registered and non-registered users. If you wish to prevent such tracking, you should log out of Instagram, disable the “Keep me logged in” function, delete cookies stored on your device, and restart your browser.
Where you contact us or interact with us through our Instagram presence, we process your personal data on the basis of Article 6(1)(f) GDPR. Our legitimate interest lies in responding to your inquiry and maintaining appropriate and purpose-oriented communication with you. If your contact is aimed at concluding a contract, the additional legal basis is Article 6(1)(b) GDPR.
This section applies to our LinkedIn presence: https://www.linkedin.com/company/tesvolt
Responsibility for the collection and further processing of personal data on the LinkedIn platform generally lies with LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. Information on LinkedIn’s processing of personal data can be found in LinkedIn’s Privacy Policy.
As the operator of this LinkedIn page, we can only view your public profile. The information visible depends on your profile settings. LinkedIn also provides us with aggregated, non-personal statistics (“Page Insights”) regarding the use of our company page, enabling us to optimize our presence and content. With regard to these Insights data, TESVOLT AG and LinkedIn Ireland Unlimited Company act as joint controllers within the meaning of Article 26 GDPR. Further details can be found in LinkedIn’s Joint Controller Addendum.
We also process your personal data (such as your name and the content of your messages or posts) when you contact us through our LinkedIn page or publish content through our LinkedIn presence. We process this data for the purpose of handling and responding to your inquiries. The legal basis is Article 6(1)(f) GDPR. Our legitimate interest lies in maintaining appropriate communication with users of our LinkedIn page and presenting our company to the public.
We store your personal data on our systems, outside LinkedIn, for as long as necessary for the purposes of collection or as required by statutory retention obligations. LinkedIn may transfer data to the United States. Please note that the level of protection for personal data in the U.S. may be lower than within the EU.
This section applies to our YouTube channel: https://www.youtube.com/@TESVOLT
YouTube is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google/YouTube”). Responsibility for the collection and further processing of personal data on YouTube generally lies with Google/YouTube. Information on Google’s data processing practices can be found in Google’s Privacy Policy.
Please note that YouTube collects and processes certain information about your visit to our channel even if you do not have a Google account or are not logged in to YouTube. We have no influence over Google’s collection and processing of this data.
We process your personal data (such as your name and the content of your comments or messages) when you contact us via our YouTube channel or post comments under our content. We process this data to handle and, where appropriate, respond to your contributions. The legal basis is Article 6(1)(f) GDPR. Our legitimate interest lies in maintaining appropriate communication with users of our YouTube channel and presenting our company publicly.
Information about exercising your data protection rights and your right to object can be found in Google’s Privacy Policy. Google may transfer data to the United States, where the level of data protection may be lower than within the EU.
This section applies to our XING presence: https://www.xing.com/pages/tesvoltag-the-energy-storage-experts
Responsibility for the collection and further processing of personal data on the XING platform generally lies with New Work SE, Am Strandkai 1, 20457 Hamburg, Germany. Information about XING’s data processing practices can be found in XING’s Privacy Policy.
As the operator of this XING page, we can only view your public profile. The information visible depends on your profile settings. We also process your personal data (such as your name and the content of your messages or posts) when you contact us via our XING page. We process this data in order to handle and, where appropriate, respond to your inquiries. The legal basis is Article 6(1)(f) GDPR. Our legitimate interest lies in maintaining appropriate communication with users of our XING page and presenting our company publicly.
We store your personal data on our systems, outside XING, for as long as necessary for the purposes of collection or as required by statutory retention obligations. Since XING is headquartered in Germany and is subject to the GDPR as a European company, the level of protection for your personal data generally corresponds to the level applicable within the EU. Information on how to exercise your rights of access, rectification, portability, and erasure can be found in XING’s Privacy Policy.
We reserve the right to amend this privacy policy at any time with future effect. A current version is available at https://www.tesvolt.com/en/privacy.html.
If you have any questions or comments regarding this privacy policy, please do not hesitate to contact us using the contact information provided above.
Last revised: 05.06.2026
by Cicero Design
German