Privacy Policy
 

1.    Introduction
We, SMA Solar Technology AG, Sonnenallee 1, 34266 Niestetal, are the operator of the online offering at www.sma-shop.fr responsible for processing the personal data of the users of the online offering. 

You can find our contact details and the contact details of our data protection officer directly in Article 13 of this privacy policy and in the online service information.

We take protecting your privacy and private information very seriously. We gather, store and use your personal data only in line with the content of this privacy policy and the applicable data protection provisions, particularly the European General Data Protection Regulation (GDPR) and national data protection provisions.

With this privacy policy, we want to inform you of the scope and of purpose of the processing of your personal data, in connection with use of the online service. 

2.    Personal Data and processing purposes
Personal data is information about an identified or identifiable individual. This includes all information about your identity, such as your name, your e-mail address or your address. In contrast, information that cannot be connected to your identity (e.g. statistical information, such as the number of online service users) is not considered as personal information.

As a rule, our online service can be used without disclosing your identity and without providing personal data. Only general information about your visit to our online site will be collected. 

However, personal data will be collected from you if you accept the use of cookies and/or when using some of the services offered (i.e.: online orders center and newsletters subscription, contacts), for the following purposes: 

-    Processing of online orders, invoicing and customer account creation;
-    Sending information and news on SMA and SMA products and personalization of the information sent;
-    Answering to requests received from you and customer relationship management;
-    Identifying and remedying errors in order to determine the utilization of the online service and make adjustments or improvements;
-    Providing an efficient, user-friendly and adapted service and analyzing customers behaviors;
-    Managing your rights relating to data protection. 

When collecting personal data, only the data that is mandatory must be provided. However, further information can be provided on a voluntary basis. We will indicate whether it is a required field or optional details. 

Automated decision-making based on your personal data is not applied to the use of our online service.

3.    Processing Personal Information
Unless otherwise stated in this privacy policy, we or our hosting providers store your information on specially secured servers within the European Union. These are technical and organizational measures to protect against loss, destruction, access, alteration or dissemination of your data by unauthorized persons. Only a few authorized persons are able to access your data. These individuals are responsible for the technical, commercial and editorial supervision of the server. 

Your personal data will be encrypted, for data transmission, we use an SSL encryption (Secure Sockets Layer).

4.    Sharing Personal Data with Third Parties
We generally use your personal information only to carry out the services desired by you. 

Insofar as we use external service providers to carry out these services (payment and logistics service providers), their access to the data will be exclusively for the purpose of this task. Using technical and organizational measures, we ensure compliance with data protection standards and also commit our external service providers to them.

5.    Legal Basis for Data Processing
Insofar as your personal data is processed because it is required to fulfil a contract or as part of a contract-like relationship with you, Article 6 (1) b) GDPR serves as the legal basis for data processing.

Insofar as we process your personal data to fulfil a legal obligation, Article 6 (1) c) GDPR serves as the legal basis for data processing.

As a legal basis for data processing, Article 6 (1) f) GDPR is taken into further consideration if the processing of your personal data is required to protect a legitimate interest of our company or a third party and your interests, basic rights and freedoms do not require personal data to be protected.

In line with this Data Privacy Policy, we always indicate on which legal basis we process your personal data.

6.    Deleting Data and Storage Duration
We keep and store your data in our servers for the time necessary for each processing and for a maximum of 12 years after our last contact, except otherwise requested by law or applicable regulation. 

As a rule, we then always delete your personal data when the purpose of the process is ended. However, storage may take place if this is designated by legal provisions to which we are subject, for example in terms of legal storage and documentation obligations. In a case such as this, we delete your personal data after the end of the relevant specifications.

7.    Using Our Online Service
7.1.    Information about Your Device
Each time our online service is accessed, we gather the following information about your device independently of your registration: 

-    the IP address of your device (subject to your acceptance of the cookie banner), 
-    the web browser request and the time of the request,
-    the status and the data volume transferred, 
-    the product and version information about the web browser used, 
-    the device's operating system,
-    the website address from which the online service was accessed. 

The IP address of your device is stored only for the time that the online service is used and is deleted afterward or anonymized by abbreviating it. The other data is stored for an unlimited amount of time.

We use this data to operate the online service, particularly to identify and remedy errors in order to determine the utilization of the online service and make adjustments or improvements. In that case, data is processed in accordance with our legitimate interest (Article 6 (1) letter f of the GDPR) to provide the users with an efficient and functional service. 

7.2.    Access to and use of the SMA Online Order Center
The SMA Online Order Center (“OOC”) is a service whose access is restricted only to existing customers of SMA for which SMA has created an account. 

The use of the OOC service involves the processing of personal data for the purposes of creating a customer account and processing the online orders. 

The legal basis for this two processings  is the initiation of a contract conclusion at the request of the customer, its conclusion and execution, in accordance with Article 6 (1) b) of the GDPR 

7.2.1 Customer account creation
No order on our OOC is possible until the customer has been activated for the OOC by SMA. 

Each customer shall request an access to the OOC (“registration request”), via email or directly to SMA salesforce. SMA then creates a customer account and sends a welcoming e-mail to the customer. To get started, the customer shall activate its account by clicking on the link received by email (“go to registration page”). The registration page allows the customer to create a password and to subscribe to the newsletters (see article 11 below). 

To create the customer account, we gather mostly company-related information, but also personal details such as the name of the contact and the business email address. We use the information provided in the registration request as well as the customer’s master data of which we are already aware (such as address and payment data). 

After activation, the customer can view and change all the information we used to set up the customer account. The customer account is used for the customer’s orders in the OOC. 

7.2.2 Online order processing
For this purpose, we use the personal information (such as name, email address, address, payment data) available in the customer account. This information is kept confidential and not forwarded to third parties who are not involved in the ordering, delivery, or payment process. 

The payments by way of credit card payment or other payment methods (including bank transfers, if indicated) are processed by Adyen N.V., Simon Carmiggelstraat 6-50, 1011 DJ Amsterdam, the Netherlands, or by associated companies. In addition to pure payment processing, Adyen also performs a credit check. In order to prevent and uncover fraud, we transmit your IP address and other data relating to your device (e.g., type of device, browser version) to Adyen along with the data required for payment processing and the credit check. Adyen stores your IP address. All data is encrypted for transmission. We reserve the right to engage additional payment service providers. 

8.    Using Cookies
Cookies are used on our online service, like with many websites. Cookies are small text files that are stored on your computer and store via your web browser the certain settings and data. A cookie usually contains the name of the domain from which the cookie file was sent and information about the age of the cookie and an alphanumerical identifier.

Cookies enable us to recognize your device and make possible default settings available immediately. Cookies help us to improve the online service and be able to provide you with a better service that is even more tailored to you.
 
When you visit our website, you are informed of the use of cookies by the cookies banner. 

Cookies are not displayed on your computer without your consent, to be given through the cookies banner, which must be renewed every 13 months, except for functional cookies, which are strictly necessary for the provision of an online communication service. 

You may withdraw or modify your consent or set up your web browser so that it notifies you as soon as cookies are sent at any time, by following the procedure described in Article 8.4 below. It is also possible to delete already stored cookies manually using the web browser settings. Please note that you may be able to use only a restricted version of our online service or not at all, if you reject the storage of cookies or delete the necessary cookies.

We use different kind of cookies, some are known as session cookies, which are automatically deleted at the end of the web browser session, some others are stored for longer periods, meaning that your default settings and preferences can also be incorporated during your next visit to our online service.

8.1.    Use of Technically Necessary Cookies (Functional cookies)
Some cookies are necessary for technical reasons to enable the use of our online service. With these cookies, we gather and store the following data:

•    Language settings
•    Search settings
•    Information to identify or authenticate the user
•    Data for smooth forwarding of audio or video content

Cookies enable us to recognize your computer and make possible default settings available. Cookies help us to improve the online service and be able to provide you with a better and more user-friendly service. Using cookies is also required to simplify the use of our online service. Some functions can be provided only by using cookies. 

These purposes constitute our legitimate interest within the meaning of the legal basis for processing under Article 6 (1) letter f of the GDPR. 

8.2.    Use of Analysis Cookies (Google Analytics)
Furthermore, we use cookies on our website, making it possible to analyze your user behavior, which is known as a cookie analysis. With these cookies, we gather and store the following data:

•    IP address 
•    Frequency of page views
•    Search terms
•    Use of website functions
•    Duration of visit

In order to ensure the confidentiality, your data, collected using cookies, is pseudonymized.

We use cookie analysis to improve and optimize the quality of our online service and its content and to also review and improve the range and retrievability of our online service and for statistical evaluations. 

These purposes constitute our legitimate interest within the meaning of the legal basis for processing under Article 6 (1), letter f, of the GDPR.

We use the software called Google Analytics.

Google Analytics is a web analytics service from Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94034, USA (“Google”). The information generated by these cookies about your use of the website will generally be transmitted to and saved by Google in the United States. 

Please note that on our websites Google Analytics was expanded by the code “anonymizeIp();” to anonymize IP addresses, in which case the last byte is deleted by Google within the member states of the European Union or in other countries that are members of the European Economic Area agreement. Only in exceptional cases will the full IP address be sent to a Google server in the U.S. and abbreviated there. 

Google will use the information to evaluate your use of the website, to collect reports on the website activities, and to perform other services related to the website use and internet use. The IP address sent by your browser for Google Analytics will not be combined with other data owned by Google. 

Google LLC is certified in accordance with the regulations of the EU-US-Privacy-Shield, https://www.privacyshield.gov/EU-US-Framework, which ensures that the level of data protection applicable within the EU is respected.

You can prevent analysis cookies from being stored on your computer by using the relevant setting in your browser software (see article 8.4 below). However, please note that in this case you may not be able to use all functions of this website. 

You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by opening the following link and downloading and installing the browser plug-in tools.google.com/dlpage/gaoptout. More information can be found at tools.google.com/dlpage/gaoptout and http://www.google.com/intl/de/analytics/privacyoverview.html (general information on Google Analytics and data protection).
 
8.3.    Use of third-party tools 
8.3.1.    Use of Salesforce Pardot
We use the cloud-based software product “Pardot” (“Pardot”) from Salesforce.com EMEA Limited (“Salesforce”), village 9, floor 26 Salesforce Tower, 110 Bishopsgate, London, UK, EC2N 4AY. 

Pardot is marketing automation software used to maintain, assess, and expand our online service and marketing communication and optimize the content on our websites. We also use Pardot in particular for sending our newsletter (see “Newsletters” section). Furthermore, to protect users and partners, fraud and security risks can be detected and eliminated, if necessary, thanks to Pardot. 

These purposes constitute our legitimate interest within the meaning of the legal basis for processing of your personal data under Article 6 (1) letter f of the GDPR. 
Pardot tracks the activity of all visitors to our website by setting cookies in their browsers. This makes it possible to recognize returning users (or rather their browsers) and track online activity on our website. More detail on how Pardot uses cookies can be found here. 

When you visit our website (subject to your acceptance of the cookies banner), your full IP address and the data stipulated in the “Information about Your Device” section are also transmitted to Salesforce, but not saved.

If you sign up or register for a service on our website, e.g., if you register for the Online Order Center or subscribe to a newsletter, we link (retroactively, as the case may be) the data acquired by the Pardot cookies to your email address and an individual ID, also using the Pardot software product. With the data thus acquired, we create a user profile in order to make you offers tailored to your individual interests and to improve our service. Further information on the use of Pardot in connection with the newsletters is available in the “Newsletters” section. 

Salesforce works for us as a processor only and acts exclusively in accordance with our instructions. SMA has concluded the legally required contractual agreements with Salesforce. 

The Pardot cloud is located on the computers of Salesforce or its parent company Salesforce.com Inc. in the USA (i.e., outside the European Union (EU) and the European Economic Area (EEA)). Therefore, personal data collected and processed in connection with our use of Pardot is transmitted in the USA. 

Salesforce.com Inc. is certified in accordance with the EU - US- Privacy Shield Framework Certified https://www.privacyshield.gov/EU-US-Framework and has also obtained the TRUSTe Privacy Seal (https://www.trustarc.com/) which ensures that the level of data protection applicable within the EU is respected. Salesforce.com Inc. thus offers an additional guarantee to comply with European data protection laws.

For more information on data protection at Salesforce, visit https://www.salesforce.com/company/privacy/ 

8.3.2.    Use of Retargeting and Remarketing
Retargeting and remarketing refer to technologies in which users who have visited a certain website are shown applicable advertisements also after leaving this website. 

For example, if a user views certain product, these or similar products could then be shown later as advertisements on other websites. This concerns personalized advertisements that are adapted to the needs of the individual user. For these personalized advertisements, it is not necessary for the user to be identified beyond initial recognition. The data used for retargeting or remarketing is therefore not combined with further data. We use these kinds of technologies to connect advertisements on the internet. We rely on third-party providers to connect advertisements. We use Google services (Google AdWords Conversion and Google Remarketing). 

In addition, we use the Google Remarketing advertising program in connection with personalized advertising on our website. With this program, you can be shown advertising for us and our products when using other websites after visiting ours. This is enabled by cookies stored in your browser that record internet usage when visiting various websites. For example, Google can identify your previous visit to our website and place relevant advertisements for us. Google states that the data collected in connection with remarketing cannot be linked to your personal data that Google may have stored. In particular, Google claims to practice pseudonymization with regard to remarketing.

The conversion tracking by the advertising program “Google AdWords” provides us with information on the success of our advertisements. Google AdWords allows us to track whether users respond to our advertisements placed on other websites by Google or its partners. If a user clicks on such an advertisement and is thus redirected to our website, a cookie is stored on the user’s PC. In addition, Google AdWords can identify which specific advertisement brought a user to our website. According to Google, the cookie normally expires after 30 days. We only receive statistical analyses of this data, which we can use to determine the success of our advertising. We do not receive information that can personally identify users. We have no influence on Google’s use of the data. 

These purposes of implementation of personalized advertising constitute our legitimate interest within the meaning of the legal basis for processing under Article 6 (1) letter f of the GDPR.

Google LLC is certified in accordance with the regulations of the EU-US-Privacy-Shield, https://www.privacyshield.gov/EU-US-Framework, which ensures that the level of data protection applicable within the EU is respected. The installation of cookies for Google remarketing and Google AdWords conversion tracking can be prevented by a setting on the respective web browser software by calling up the website https://support.google.com/ads/answer/7395996?hl=de? and changing the corresponding setting. 

For more information about data privacy by Google, see at: https://policies.google.com/privacy?hl=en&gl=  and https://services.google.com/sitestats/en.html.

8.3.3.    Use of Google ReCaptcha
We use Google ReCaptcha to ensure that the data entry is carried out by a natural person and not in an abusive way by means of mechanical and automated processing. 

This purpose constitutes our legitimate interest within the meaning of the legal basis for processing under Article 6 (1) letter f of the GDPR.

This tool is published by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. 

Google LLC is certified under the EU-US Privacy-Shield https://www.privacyshield.gov/EU-US-Framework, which ensures that the level of data protection applicable within the EU is respected. 

For more information about data privacy by Google, see at: https://www.google.com/intl/fr/policies/privacy/ and https://services.google.com/sitestats/fr.html. 

8.4.    Cookies settings
In accordance with the applicable regulations on the protection of personal data, you may, at any time, oppose the recording of cookies or delete them by referring to the user manuals of your browser and/or your computer. 

As mentioned above, for technical reasons, the deactivation of cookies may limit your access to some services provided in our website. 

Cookies instructions on the most commonly used browsers are available at the following links:

-    Internet Explorer: https://support.microsoft.com/fr-fr/help/17442/windows-internet-explorer-delete-manage-cookies
-    Mozilla Firefox®: https://support.mozilla.org/fr/kb/activer-desactiver-cookies
-    Google Chrome® : https://support.google.com/chrome/answer/95647?hl=en
-    Apple Safari® :http://support.apple.com/kb/HT1677?viewlocale=fr_FR&locale=fr_FR

For more information on cookies, how to manage them and delete them, please consult the information provided by the CNIL at: www.cnil.fr/vos-droits/vos-traces/les-cookies.

9.    Use of YouTube
Our online service includes videos for the forwarding of which we use a plug-in belonging to YouTube (“YouTube”), which is operated by Google. The operator of this service is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, U.S.A. If you call up a website of our online service that includes a video, this creates a connection to YouTube's servers. This communicates to YouTube's servers which websites of our online server you have visited.

If you are logged into your YouTube account, you enable YouTube to assign your surfing activity directly to your personal profile. You can prevent this by logging out of your YouTube account. More information on handling user data can be found in Google's privacy policy at https://policies.google.com/privacy?hl=en&gl=de, which also applies to YouTube.

We use YouTube to show you videos and so communicate more to you about us and our services; at the same time, this is the justifiable interest in terms of Article 6 (1) letter f of the GDPR.
 
10.    Communicating with Us
Your personal data (address email and any personal data you provide us with in your message) is collected when contact is made with us (by email). This is stored and used exclusively for the purpose of responding to your concern or for making contact and the associated technical administration. 

The legal basis for the processing of the data is our legitimate interest in responding to your concern in accordance with Article 6 (1) f) of the GDPR. If your contact is aimed at entering into a contract for the purchase of goods, Article 6 (1) b) of the GDPR is the legal basis for the processing. 

After your concerns have been addressed, we will store your data temporarily in the event of any other questions. You can request at any time that your data be deleted, otherwise it will be deleted under the conditions defined in article 6 above. This is without prejudice to legal retention obligations.

11.    Newsletters

11.1.    SMA offers the possibility to subscribe to the online shop newsletter and to the SMA general newsletter, in order to send you information and news on SMA, SMA products and special occasions, e.g. for special promotions or training offers. 
In addition, this information may be tailored especially for you, by taking into account your habits and behaviors. 

11.2.    Registration for the SMA Newsletters is done via the double opt-in process at the time of activation of customers account, which requires a personal reconfirmation via e-mail approval.  Indeed, we will only send you our newsletters by e-mail when you have expressly asked to receive our newsletters. We will then send you a notification e-mail and ask you to confirm your wish to receive our newsletters by clicking the link included in the e-mail. 
You can also subscribe to SMA Newsletters by sending an express request by email. In this case, the same double opt-in process applies. 
11.3.    We use the Salesforce Pardot marketing automation tool to send the newsletters (see “Use of Salesforce Pardot” above). 

Please note that we will analyze your user behavior when we send the newsletters. For the purpose of this analysis, the emails that are sent contain web beacons or tracking pixels. For the analyses, we link the data transmitted via these tracking pixels with your email address and a personalized ID. We use the data thereby obtained to create a user profile so that we can tailor the newsletters to your particular interests. When you read our newsletters, we record which links you click to infer your personal interests. We link this data to actions that you carry out on our website. If you do not want us to do this, you should cancel your subscription. Tracking of this nature will also not be possible if your email application default settings have disabled the display of images. In this case, you will not see the full content of the newsletter and may not be able to use all functions. If you manually display the images, the tracking referred to above will take place. 

11.4.    The legal basis for processing your data is our legitimate interest in keeping our customers and prospects informed of the latest news about our products and our company and giving them an adapted and targeted information, in accordance with Article 6 (1) f) GDPR.

11.5.    If you have subscribed to our newsletters, we will share the information collected in the process for marketing purposes with the companies named below, which are affiliated with us:
emerce GmbH, Sonnenallee 1, 34266 Niestetal, Germany
Tel.: +49 561 9522-422004 / www.emerce-energy.com / info@emerce-shop.com
SMA Sunbelt Energy GmbH, Sonnenallee 1, 34266 Niestetal, Germany
Tel.: +49 561 9522-0 / www.SMA.de / Info@SMA.de
coneva GmbH, Dingolfingerstraße 15, 81673 München, Germany
Tel.: +49 561 9522-0 / www.coneva.com / Info@coneva.com

Your information is shared with these companies so we can put together in our newsletters the best possible offers for you – ones that you will find relevant and interesting. The companies named above will not use your personal information to contact you via other marketing channels (for example, phone calls). SMA Solar Technology AG has concluded agreements governing processing on our behalf with these companies. 
Furthermore, our customers also benefit from our sharing of the collected data with our affiliated companies so they can receive customized information in line with their interests. 

11.6.    The information will be stored for as long as you are subscribed to the newsletter. 
If you unsubscribe, we will store data anonymously and purely for statistical purposes. To unsubscribe, use the unsubscribe link included in every newsletter or send a message to us or our data protection officer.

12.    Social media
In our online service, you can find hyperlinks to the social network Facebook, professional network LinkedIn and short message service Twitter. The hyperlinks can be recognized by the provider's respective logo.

Clicking on the links will open the corresponding social media pages, for which this privacy policy does not apply. Please check the relevant privacy policies of the individual providers for details on the applicable terms and conditions; these can be found under: 

Facebook: www.facebook.com/policy.php 
LinkedIn: https://www.linkedin.com/legal/privacy-policy
Twitter: twitter.com/privacy

Before calling up the relevant hyperlinks, your personal information is not collected by the respective provider.

13.    Your Rights and Contact
We place strong emphasis on explaining the processing of personal data as transparently as possible and informing you of your rights. If you would like more detailed information or wish to exercise your rights, you can contact our data protection officer (see article 13.2 bellow) at any time so that we can take care of your concerns.

13.1.    Data Subject Rights 
With regard to processing your personal data, you are entitled to extensive rights. 

Indeed, you have a comprehensive right of information. 

You have a right of access to your personal data and you can demand the correction and/or deletion of your personal data, if applicable. 

You can also demand a restriction of processing and have the right of objection. Insofar as processing your personal data is not based on consent but another legal basis, you can object to this data processing. Once you object, there will be a review and, if necessary, termination of data processing. You will be informed of the results of the review and receive – if the data processing is to continue nevertheless – detailed information from us about why data processing is permitted.

With regard to the personal data you transferred to us, you also have the right to data portability.

13.2.    Data Protection Officer and Contact
We have commissioned an external data protection officer who provides us with support in issues relating to data protection and who you can contact directly. Our data protection officer and their team is available for questions related to our handling of personal data or more information on issues relating to data protection: 

SMA Solar Technology AG
Data protection officer
Sonnenallee 1
34266 Niestetal
Email: datenschutz@SMA.de

14.    Complaints
If you conclude that the processing of your personal data by us is not in line with this privacy policy or the applicable data protection requirements, you can complain to our data protection officer. The data protection officer will then review the matter and inform you of the result of the review. Furthermore, you also have the right to complain to the French supervisory authority: the Commission Nationale de l’informatique et des libertés (CNIL - https://www.cnil.fr/).

15.    More Information and Changes

15.1.    Links to Other Websites
Our online service may contain links to other websites. These hyperlinks are generally labeled as such. We have no influence on to what extent the linked websites comply with the applicable data protection regulations. Therefore, we recommend that you inform yourself of the relevant privacy policies for other websites as well.

15.2.    Changes to this Privacy Policy
The version of this privacy policy will be indicated by the date information (below). We reserve the right to change this privacy policy at any time with effect for the future. A change occurs particularly with technical adjustments to the online service or changes to issues concerning data protection. The current version of the privacy policy can always be accessed directly via the online service. We recommend that you regularly inform yourself of changes to this privacy policy.

Version of this privacy policy: June 2019
Version 1.0