Safe shopping
Idosell security badge

Privacy Policy

This privacy policy is based on the legal provisions for the protection of your data, which are found in the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), and the Telecommunications-Telemedia Data Protection Act (TTDSG).



1. Contact Details

OneStep.Solar Germany
Hochstraße 17, 47228 Duisburg
Email: kontakt@onestep.solar
Phone: +498000010465



2. Scope of the Statement

This privacy policy provides information about what personal data is stored, processed, and shared in what manner and for what purpose when you visit our website.
Personal data according to Art. 4 No. 1 GDPR includes all information related to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;



3. Information on the Transmission to Third Countries according to Art. 13 Para. 1 lit. f) GDPR

Possibly, in the context of calling up and using our website and associated offers, data may be transmitted to third countries, such as the USA, via subcontractors or affiliated companies. The processing is based on the Adequacy Decision between the USA and the EU of July 10, 2023. Furthermore, we minimize the risk as far as possible by concluding data processing agreements, if a contractual relationship exists, as well as concluding standard contractual clauses along with effective supplements required by the supervisory authorities.



4. Data we collect based on legitimate interests according to Art. 6 Para. 1 S. 1 lit. f) GDPR:

Server Data
When you visit our site, various server statistics are automatically saved, which your browser transmits to our provider's server. Each access to our website and every retrieval of a file stored on the website is logged. The storage serves internal system-related and statistical purposes. Logged are: Name of the retrieved file, date and time of retrieval, amount of data transferred, notification of successful retrieval, web browser and requesting domain. Additionally, the IP addresses of the requesting computers are logged in anonymized form.
These data serve the statistical evaluation of visits to our site and are not assignable to specific persons for us. A merging of these data with other data sources is not carried out. Based on the data, we can optimize our offer for users, for example, by preventing access from malicious sites or optimizing access through certain browsers, and by logging the IP address, the delivery of the site to the visitor is first made possible. The data are automatically deleted after 14 days for the aforementioned purposes.
For the transmission of your data, we use a secure server with SSL technology (Secure Socket Layer) with 256-bit encryption. This ensures that your data is transmitted securely and unreadably to us by unauthorized persons.

Hosting
IdoSell (Shop)
We use the web hosting service IdoSell. The service is operated by IAI S.A., al. Piastów 30, 71-064 Szczecin, Poland. IdoSell enables us to maintain a domain under which we can publish our website and shop. Additionally, IdoSell provides us with a sales platform. Furthermore, we use IdoSell's email system, cloud, and servers. Which data and the purpose of collection and storage are explained in the section above ("Server Data"). Our legitimate interest lies in enabling the operation of a website on the Internet.
We have concluded a data processing agreement (DPA) with mydevil.net, through which this company ensures and documents the implementation of appropriate technical and organizational measures. More information can be found in mydevil.net's privacy policy at https://www.iai-sa.com/en/privacy-and-security-policy/.

Hostinger (Website)
We use the web hosting service "Hostinger." The service is operated by HOSTINGER INTERNATIONAL LIMITED, 61 Lordou Vironos Street Lumiel Building, 4th floor CYP-6023 Larnaca, Cyprus. In the EU, the data are stored and kept by HOSTINGER UAB, Jonavos str. 60C, LT-44192 Kaunas, Lithuania. Hostinger enables us to maintain a domain under which we can publish our website and shop. Additionally, we use Hostinger's email system, cloud, CDN, and servers. Which data and the purpose of collection and storage are explained in the section above ("Server Data"). Our legitimate interest lies in enabling the operation of a website on the Internet.
We have concluded a data processing agreement (DPA) with Hostinger, through which this company ensures and documents the implementation of appropriate technical and organizational measures. More information can be found in Hostinger's privacy policy at https://www.hostinger.com/privacy-policy.

Email Inquiry
If you send us an inquiry via email, we collect and store the email address and the data contained in the email to respond to your inquiry. Our legitimate interest lies in communication and responding to your inquiries.
Should the inquiry lead to a contractual relationship in the course of contract initiation or if the inquiry relates to an existing contractual relationship, the legal basis is Art. 6 Para. 1 lit. b) GDPR, as the storage of data is necessary for fulfilling a pre-contractual or contractual obligation. The deletion of data occurs when the purpose of storage no longer applies, i.e., after your email/contact form inquiry has been answered or the matter associated with the inquiry is conclusively resolved. In the case of an existing or resulting contractual relationship from the inquiry, deletion occurs after the expiry of statutory retention periods.

Use of Own Cookies for Functional Purposes
Our website uses so-called "cookies" in some places. A cookie is a text information that our website places on the end device you use via the web browser. They are used to make our offer more user-friendly, effective, and secure. Most of the cookies we use are so-called "session cookies." They are automatically deleted after your visit. You can exclude the acceptance of cookies in your web browser. However, this may lead to impairments in functionality. Additionally, we use cookies that save your shopping cart and facilitate logging into the customer account.

Cookie-Consent Tool (Consent Cookie)
To obtain your consent, we use a cookie-consent tool. The tool stores in a cookie whether you have given consent for the storage of other cookies or have refused consent. Depending on your preferences, cookies from third parties are set or not. Should you have given consent, the tool automatically logs the following data:

  • The IP number of the end-user in anonymized form (the last three digits are set to '0')
  • Date and time of consent
  • User agent of the end user's browser
  • The URL from which the consent was sent
  • An anonymous, random, and encrypted key
  • The consent status of the end-user, which serves as proof of consent

The key and the consent status are also stored in the end user's browser in the cookie so that the website can automatically read and comply with the end user's consent in all subsequent page requests and future end-user sessions for up to 12 months. Our legitimate interest arises from the fact that this is the only way we can obtain necessary consent and provide the required proof in case of an audit.



5. Data We Collect Based on Explicit Consent According to Art. 6 Para. 1 S. 1 lit. a) GDPR:

Analysis
Google Analytics 4
We use the following "Google services." The responsible entity is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Data transfers to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, occur from Google Ireland, to which we always draw attention.
Further information on whether and which data are collected by Google through the use of these services can be found in Google's privacy policy.
Our website uses Google Tag Manager. With this solution, so-called tags are created and updated, which we can then manage. The Tag Manager implements tags from the services we use and thus triggers other tags. The tool itself does not collect any personal data but only serves for management. However, the tags triggered by it can independently collect personal data (see below). However, the Google Tag Manager does not access this collected data. If the tool is deactivated, the deactivation applies to all tags implemented via the tool.
This website uses the web analysis service Google Analytics 4:
Google Analytics uses so-called "cookies" for the purpose of analyzing user behavior on the website and measuring reach. An overview of how Google uses cookies and which cookies are used can be found in this overview.
By granting your consent to the use of Google Analytics, you consent to the processing of your data. Google Analytics automatically anonymizes IP addresses and only captures GEO-location. It is therefore not possible for us to assign the collected analysis data to a specific person.
Google assures that data from end devices are stored and processed on EU servers within the EU. However, indirect data transfer to the USA cannot be excluded. Due to the automatic IP anonymization, Google will previously shorten your IP address within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activities, and to provide further services related to website use and internet use to the website operator.
The data transfer is based on the EU-US Adequacy Decision (EU-US Data Privacy Framework). By joining, Google demonstrates to us the compliance with appropriate and suitable technical and organizational measures to protect your personal data. In addition, we have concluded EU standard contractual clauses with Google.
You can revoke your consent at any time by deleting all set (consent) cookies in your browser.
You can generally prevent the storage of cookies by adjusting your browser software settings or in the cookie-consent tool. However, we would like to point out that in this case, you may not be able to use all functions of this website to their full extent.
Further information on data protection in Google Analytics can be found at https://support.google.com/analytics/answer/6004245?hl=en.
Data stored by Google are automatically deleted within 14 months.



6. Data We Collect for the Fulfillment of a Contract According to Art. 6 Para. 1 S. 1 lit. b) GDPR:

Contract Processing
For the purpose of contract processing and invoicing, we collect and store personal data transmitted by you, such as name, address, and email address. Should you have already provided us with this data during your registration, we will use it for the purposes stated there for contract processing. Data transfer occurs in the context of billing to tax advisors and banks. In addition, billing data are transmitted to the tax office in accordance with tax law requirements according to Art. 6 Para. 1 lit. c) GDPR. The deletion of this data occurs after the expiry of applicable statutory retention obligations. If we are not subject to any statutory retention obligations, deletion of the data occurs once the purpose is no longer applicable.

Payment Service Providers
IdoSell (Shop)
For processing orders through our online shop, processing personal data (name, address, contact, and payment data) is necessary. We process these data exclusively for order processing and, if desired, for opening a customer account.
Data is transferred to the necessary extent to the company responsible for delivery (e.g., Zadbano, Baselinker, Hermes) or the payment service provider (Stripe).
For the operation of our online shop, we use IdoSell, a service provided by IAI S.A., al. Piastów 30, 71-064 Szczecin, Poland. IdoSell provides an e-commerce platform through which we offer our goods for sale. The data specified during the ordering process are stored on IdoSell servers in the European Union. More information can be found in IdoSell's privacy policy at https://www.iai-sa.com/pl/polityka-prywatnosci-i-bezpieczenstwa/.

Stripe (Payments)
For processing and managing payments, we use the payment service provider Stripe. Stripe is a service of Stripe, Inc., 354 Oyster Point Blvd, South San Francisco, CA 94080, USA. For the European Union, Stripe Payments Europe Ltd. based in Ireland is responsible. To carry out a payment and to offer various payment methods, Stripe queries certain personal data. The scope of data depends on Stripe. Information on the type, scope, and purpose of data processing by Stripe can be found in Stripe's global privacy policy at https://stripe.com/en/privacy. The data transfer is based on the EU-US Adequacy Decision (EU-US Data Privacy Framework). By joining, Stripe demonstrates to us the compliance with appropriate and suitable technical and organizational measures to protect your personal data.



7. Rights of Data Subjects Available to You at Any Time:

a. Right to Object, Art. 21 GDPR
If we process your data to protect legitimate interests (Art. 6 Para. 1 lit. f) GDPR), you can object to this processing for reasons arising from your particular situation. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights, and freedoms, or the processing serves to establish, exercise, or defend legal claims. In the case of an objection to data processing for direct marketing purposes, processing for this purpose will no longer occur.

b. Right of Access, Art. 15 GDPR
You have the right to request confirmation from us as to whether we process personal data concerning you and, if so, a right to information about the personal data and related information (Art. 15 Para. 1 lit. a – h GDPR)

c. Right to Rectification, Art. 16 GDPR
You have the right to demand the immediate correction of incorrect personal data concerning you. Furthermore, taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data – also by means of a supplementary statement.

d. Right to Erasure, Art. 17 GDPR
You have the right to demand the immediate erasure of personal data concerning you, and we are obliged to erase personal data immediately if one of the reasons listed in Art. 17 GDPR applies.

e. Right to Restriction of Processing, Art. 18 GDPR
You have the right to demand the restriction of processing of your personal data if one of the conditions listed in Art. 18 GDPR exists.

f. Right to Data Portability, Art. 20 GDPR
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, common, and machine-readable format, and you have the right to transmit this data to another controller, provided the processing is based on consent according to Article 6 (1) (a) or Article 9 (2) (a) or on a contract according to Article 6 (1) (b) and the processing is carried out by automated means.

g. Right to Lodge a Complaint, Art. 77 GDPR
If you believe that the processing of your personal data violates the Data Protection Regulation, you can lodge a complaint with a supervisory authority.

Urzad Ochrony Danych Osobowych
ul. Stawki 2,
PL 00-193 Warsaw
Phone: + 48 22 53 10 300
Email: kancelaria@uodo.gov.pl
Homepage: https://www.uodo.gov.pl/

Responsible:
OneStep.Solar Sp. z o.o.
ul. Chmielna 73B/14
00-801 Warsaw
Poland
Represented by: Mr. Robert Pabierowski
Email: kontakt@onestep.solar
Phone: +498000010465

pixel