We are delighted by your visit to our website and would like to extend our thanks for your interest in power2max and our products. The protection of your privacy when using our website is important to us. Below you will find detailed information about how we use your data.
The controller in the meaning of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and any other relevant data protection rules is:
represented by its Managing Director: Dipl.-Ing. (FH) Andreas Görnitz
02906 Waldhufen OT Nieder Seifersdorf
Phone: + 49 3 58 27 – 84 99 1190
Fax: + 49 3 58 27 – 84 99 1199
Our Data Protection Officer can be reached at the aforementioned address and under the following contact details:
1. Collection, processing and use of personal data
The browser used on your device will automatically send information to our website server when you visit our website www.power2max.com. This information is stored temporarily in so-called log files. The following information is registered without your active involvement and then stored until it is erased automatically:
- IP address of the requesting computer,
- date and time of access,
- name and URL of the accessed file,
- website from which the access took place (referrer URL),
- browser used, possibly the operating system of your computer and the name of your Internet service provider.
We process this data for the following purposes:
- to guarantee the establishment of a stable connection with our website,
- to guarantee ease-of-use of our website,
- to compile analyses on system security and stability, and
- for other administrative purposes.
In addition, we only collect personal data where you communicate it to us by the following actions:
a. opening of a customer account/purchase of a product in our web shop
b. subscription to our newsletter
a. Opening of a customer account/purchase of a product in our web shop
We offer the option of storing your personal data on a permanent basis in a password-protected customer account in order to offer you the greatest possible freedom in the use of our website.
The creation of a customer account is always voluntary and takes place according to your consent pursuant to Art. 6 paragraph 1 point (a) GDPR. You will not be required to enter your data again after opening a customer account. Moreover, you may access and change the data stored in your customer account at any time.
It is only necessary to open a customer account for the performance of a contract if you wish to place orders on our website. The necessary data include:
- first name, surname
- invoice and delivery address
- email address
- invoice and payment data
- date of birth
- telephone number
In this case, the (additional) legal grounds for data processing are set out in Art. 6 paragraph 1 point b GDPR.
In addition to the data requested in order to place an order, you must select an individual password in order to open a customer account. Together with your email address, you access your customer account by entering this password. You have the right to delete your customer account at any time. Kindly take note, however, that by deleting your customer account, the accessible data will not automatically be erased as well, insofar as you have already placed an order with us. We store your data for the duration of the contract and until the end of the contractual, i.e. statutory warranty period. At the end of the aforementioned period, we are obliged to comply with the retention periods under commercial and fiscal law that apply to us: the retention period set out therein for the storage of documentation is ten years, after which your data will be erased automatically. The legal grounds for this data processing are as set out in Art. 6 paragraph 1 point (c) GDPR and Art. 6 paragraph 1 point (f) GDPR.
You have the option to subscribe to our newsletter on our website/applications. We use the so-called double-opt-in procedure in order to ensure that mistakes are not made when entering your email address: this means that when subscribing to our newsletter, you receive an email in which you are requested to confirm that you are the owner of the email address provided and that you consent to receipt of our newsletter. You will receive our newsletter if you provide this consent. The data you provide is only stored for the purpose of sending you the newsletter and to document our entitlement. The data is not passed on to third parties. You may withdraw consent to your subscription to our newsletter and to the storage of your email address at any time. To do so, simply send an email to firstname.lastname@example.org or click on the link at the end of each newsletter.
The legal grounds for this data processing are as set out in Art. 6 paragraph 1 point (a) GDPR.
2. Transfer of personal data
Sales, shipping and payment
The personal data we collect is transferred to the following parties for the purpose of performing a contract as set out in Art. 6 paragraph 1 point (b):
power2max GmbH (service provider for sales and customer care), Breite 1, 15806 Zossen,
and the transport company commissioned for shipping (e.g. DHL, DPD).
Payment by bank transfer
We transfer your payment details to the commissioned banking institution for the settlement of payments.
Payment by PayPal
Payment by credit card, Maestro card, Sofortüberweisung and Giropay
Payment by credit card, Maestro card, Sofortüberweisung and Giropay – as well as the associated collection, processing and storage of data for the settlement of electronic payment transactions – is managed by Heidelberger Payment GmbH, Vangerowstraße 18, 69115 Heidelberg (referred to in the following as Heidelpay). The data is processed on behalf of Saxonar GmbH.
Heidelpay receives the following customer data in connection with an order for the purpose of settling the electronic payment transaction: first name, surname, address, postal code, town/city, country, email address and payment method.
Where payment by credit card is selected, the following information is also collected during the purchase process and transferred directly to Heidelpay: credit card number, credit card holder, credit card expiry date (month and year) and credit card.
Where payment by online bank transfer is selected, some of the following information may also be transferred to Heidelpay, depending on the specific system: account holder, name of the bank, account number or IBAN, bank sort code or BIC.
The legal grounds for this data processing are set out in Art. 6 paragraph 1 lit (a), Art. 6 paragraph 1 point (b) and Art. 6 paragraph 1 point (f) GDPR.
In order to guarantee the full functionality of the web pages, we or the third parties commissioned by us place so-called cookies on the hard drive of our customers’ devices. A cookie is a small text file that enables the collection of information concerning the usage of a website, among other things. These cookies do not contain any personal data, cannot be associated with a certain person and are automatically deleted after no more than one year, except where stated otherwise. The data collected in this way is not associated with other data. Our website can also be used without cookies. You can disable cookies or restrict their use to certain websites by adjusting the settings in your browser, or adjust your browser such that you receive an alert any time a cookie is sent. You can also delete cookies from the hard drive of your computer any time.
The data processed by these cookies is required for the protection of our legitimate interests and the legitimate interests of third parties according to Art. 6 paragraph 1 sentence 1 point (f).
Kindly note that certain functionalities of our website may not be accessible or may only be partially accessible if you adjust the settings of your browser to disable cookies.
4. Use of Facebook, Twitter and Instagram plug-ins
Our website uses so-called social plug-ins (“Plug-ins”) by the social networks Facebook and the microblogging services Twitter and Instagram. This takes place according to our legitimate interest pursuant to Art. 6 paragraph 1 point (f) GDPR, i.e. the continued advertisement of our company and the optimisation of our online services. These services are provided by the companies Facebook Inc., Twitter Inc. and Instagram LLC. (“Providers”“).
Facebook is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). For an overview of the plug-ins used by Facebook and their appearance, visit: https://developers.facebook.com/docs/plugins
Twitter is operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA (“Twitter”). For an overview of the Twitter buttons and their appearance, visit: https://twitter.com/about/resources/buttons
Instagram is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). For an overview of the Instagram buttons and their appearance, visit: http://blog.instagram.com/post/36222022872/introducing-instagram-badges
If you access a page on our web presence that contains this kind of plug-in, your browser will establish a direct connection to the servers of Facebook, Twitter or Instagram. The content of the plug-in will be transferred directly to the browser by the respective provider and integrated in the web page. Through integration of the plug-in, the provider will receive information that your browser has accessed the relevant page on our web presence, even if you do not have a profile or are not currently logged in. This information, including your IP address, will be transferred directly by your browser to the server of the respective provider in the United States and stored there.
If you are logged into the services, the providers can directly associate your visit to our website with your profile on Facebook, Twitter or Instagram. When you interact with the plug-ins – for instance by clicking on “Like”, “Tweet” or on the “Instagram” button – the information will also be transferred directly to the provider’s server and stored there. In addition, the information will be posted on the social network, i.e. on your Twitter or Instagram account, and shown to your contacts.
If you do not want Facebook, Twitter or Instagram to associate the data collected in regard to our web presence with your profile on the respective service, you must log out of the respective service before visiting our website.
You may prevent loading of the plug-ins, also by installing an add-on for your browser, e.g. the script blocker “NoScript” https://noscript.net/
5. Web Analytics Services
a) Google Analytics
This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how you use the site. The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States. In case IP anonymization is activated on this website, your IP address will be truncated by Google within the area of Member States of the European Union or in other countries which are party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the United States and truncated there.
Furthermore, you can prevent the collection of data generated by the cookie and related to the usage of the website (including your IP address) and the processing of this data by Google by downloading and installing the browser plugin available under the following link: (http://tools.google.com/dlpage/gaoptout?hl=en). As an alternative to the browser add-on, especially for mobile devices, you can also opt out from being tracked by Google Analytics by using this link https://adssettings.google.com/authenticated?hl=de. An opt-out cookie will be set, which will prevent your data from being collected in future when you visit this website. This opt out cookie only applies to this particular browser and our website and is placed on your device. You must place another opt-out cookie if you have deleted the cookies in your active browser. For information on the integration of the opt-out cookie, visit: https://developers.google.com/analytics/devguides/collection/gajs/?hl=de#disable.
Moreover, we use Google Analytics to analyse data from double-click cookies and AdWords for statistical purposes. If you do not want us to do so, you can disable this function using Google Ads Settings (http://www.google.com/settings/ads/onweb/?hl=de).
Google is certified according to the Privacy Shield Framework and therefore guarantees compliance with European data protection laws (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google Analytics is used for the protection of our legitimate interests for the aforementioned purposes pursuant to Art. 6 paragraph 1 point (f) GDPR.
We use Hotjar in order to better understand our users’ needs and to optimize our service and users’ experience. This is provided by Hotjar Ltd, Level 2, St Julians Business Center, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe. Hotjar is used for the protection of our legitimate interests for the aforementioned purposes pursuant to Art. 6 paragraph 1 point (f) GDPR.
The information is transmitted to the Hotjar servers in Ireland and stored there. By using Hotjar, the following information is collected:
- the IP address of your device (in an anonymous format)
- Your e-mail address including your first and last name, as far as you have provided us with this information
- referring domain
- visited pages
- geographical position (country only)
- Date and time of access to our website
- Screen size of your device
- Device type and browser information
With Hotjar we can follow your movements on our website (with the help of so-called heatmaps). For example, we can see how far you scroll and which buttons you click and how often. Furthermore, with the help of Hotjar it is also possible to get feedback directly from you. We will use this information to evaluate your visit on our website, to generate reports of use and to evaluate other services related to the website. In this way, we receive valuable information to make our website even more customer-friendly.
Nevertheless, when using Hotjar we pay particular attention to the protection of your personal data. The areas of our website in which personal data of you or third parties are displayed are automatically hidden by Hotjar and are at no time traceable.
In addition, Hotjar offers the option of using a “Do Not Track header” to prohibit the use of Hotjar, so that no data about the visit of the respective website are recorded. This setting is supported by all common browsers in current versions. To function your browser sends a request to Hotjar, with a command to disable the tracking. If you use our website with different browsers, you must set up the “Do Not Track header” for each of these browsers / devices separately.
Detailed instructions with information about your browser can be found here: https://www.hotjar.com/opt-out
More information about Hotjar Ltd. and about the Hotjar tool can be found on the Hotjar website: https://www.hotjar.com
6. Retargeting/remarketing/Online Marketing
This website uses the retargeting technology AdRoll, Semantic Sugar, Inc. (dba AdRoll), 972 Mission Street, San Francisco CA, 94103, United States
b) Facebook Custom Audience
We have integrated the Remarketing feature “Custom Audience” of Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA (“Facebook”) on our website. This allows us to provide interest-based advertisement (“Facebook Ads”) to users of our website as part of their visit to the social network Facebook or other websites that also use this process.
For this marketing function, we use the “Facebook pixel” on our website, a so-called web beacon or tracking pixel. When you visit our website, this tracking pixel establishes a direct link between your browser and the Facebook server. Facebook receives the information from your browser that our website has been called up by your device. We point out that we have no influence on the extent of the transmitted data and their further use by Facebook and therefore inform you according to our knowledge. By integrating Facebook Custom Audience, Facebook receives the information that you have accessed the corresponding website or clicked an ad from us. If you are registered with a service of Facebook, Facebook can assign the visit to your account. Even if you are not registered with Facebook or have not logged in, there is a chance that the provider will find out and store your IP address and other identifying features.
You may object to the use of Facebook Website Custom Audience anytime in the future via https://www.facebook.com/settings/?tab=ads.
For more information about privacy and your related options, visit https://www.facebook.com/settings/?tab=ads and https://www.facebook.com/about/privacy.
c) Google Adwords
We have integrated Google AdWords into our website. Provider is the Google LLC., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). Google AdWords is an internet advertising service that allows us to serve ads both on Google’s search engine and on the Google Network. Google AdWords allows us to set certain keywords, which will only display an ad on Google’s search engine results when the search engine retrieves a keyword-related search result. In the Google Network, ads are distributed on topic related web pages using an automated algorithm and according to pre-defined keywords.
The purpose of using Google AdWords is to advertise our website by displaying interest-based advertising on third-party websites and in the search engine results of Google’s search engine, and by displaying advertisements on our website.
The data and information collected is used by Google to provide visitor statistics for our website. We use the visitor statistics to determine the total number of users, to measure the success or failure of each AdWords ad, and to optimize our AdWords ads for the future. Neither our company nor any other Google AdWords advertiser receives any information from Google that identifies users. The conversion cookie stores personal information, such as the websites you visit. Each time you visit our website, your personal information is transferred to Google.
7. Data security
We use the widespread SSL (Secure Socket Layer) technology – in connection with the highest level of encryption supported by your browser – when you visit our website. The individual pages of our Internet presence are encrypted if a closed key or closed padlock icon is shown in the lower status bar of your browser.
Otherwise, we use suitable technical and organisational measures to protect your data against coincidental or wilful manipulation, partial or complete loss and destruction and against unauthorised access by third parties. Our security measures are kept up-to-date in line with technological progress.
8. Rights of the data subjects
You have the right to obtain confirmation of whether data concerning you is processed, the right to obtain information about this data and the right to obtain a copy of this data as set out in Art. 15 GDPR.
Moreover, you have the right according to Art. 16 GDPR to obtain completion of the data concerning you, as well as rectification of incorrect data concerning you.
Pursuant to Art. 17 GDPR, you have the right to obtain erasure of the data concerning you, or alternatively to obtain restriction of processing of the data concerning you, as set out in Art. 18 GDPR.
You have the right to obtain a copy of the data that you have provided to us in accordance with Art. 20 GDPR and to obtain the transfer of this data to another controller.
Further, you have the right to lodge a complaint with the competent supervisory authority in accordance with Art. 77 GDPR.
9. Right of withdrawal
You have the right to withdraw at any time the consent you have provided pursuant to Art. 7 paragraph 3, Art. 14 paragraph 2 point (d) GDPR, effective for the future. Withdrawal of your consent does not mean that data processing conducted until the withdrawal of your consent is unlawful.
10. Right to object
You may object to the processing of your data as set out in Art. 21 GDPR, effective for the future. In particular, you have the right to object to processing for the purposes of direct marketing.
Last update: August 2018