PRIVACY POLICY

Fronius International GmbH

I. GENERAL INFORMATION

PREAMBLE

We, Fronius, are a leading technical company in the fields of welding technology, photovoltaics and battery charging technology and a data controller within the meaning of the General Data Protection Regulation (GDPR) (hereinafter "Fronius").

This privacy statement applies to any form of processing of personal data by Fronius.

With the following, Fronius would like to inform you about which personal data Fronius processes, how and for what purpose it is used, and what rights data subjects are entitled to. All data is processed in compliance with the relevant legal regulations on data protection and data security.

You can view, download or print our current data protection declaration at any time on our website. The data protection declaration also constitutes an integral part of our terms of use and/or webshop conditions, which are also made available on our website.

CATEGORIES OF PERSONAL DATA

We process the following categories of data or parts thereof. Which personal data is specifically processed depends on your relationship with us. You will find more detailed information on this in chapters III. and IV.

If necessary, further personal data are processed if this is required for the specific purpose.

 
In the event that Fronius also processes special categories of personal data, so-called sensitive data (e.g. health data), the processing is either based on your express consent (Art 9 para. 2 (a) GDPR) or it is necessary for the assertion, exercise or defense of legal claims (Art 9 Para. 2 (f) GDPR).

PURPOSE OF THE PROCESSING

The processing of your personal data is necessary to achieve the purposes listed above. Failure to provide it could, depending on the category of data, result in us not being able to fulfil the listed purposes in accordance with the contract and the law, a smooth business process is not possible or we are unable to carry out the pre-contractual activities or conclude and implement the contractual relationship with you or your employer.

LEGAL BASES OF PROCESSING

Fronius processes your personal data within the meaning of Art 6 GDPR on the basis of the following legal grounds:

• fulfilment of a contractual relationship or implementation of pre-contractual measures (Art 6 Para. 1 lit b GDPR), 
• fulfilment of a legal or statutory obligation (Art 6 Para. 1 lit c GDPR), 
• protection of the legitimate interests of Fronius or a third party (Art 6 Para. 1 lit f GDPR) or   
• if none of the aforementioned legal grounds apply, on the basis of the consent of the person concerned to the processing of their personal data (Art 6 Para. 1 lit a GDPR).

Fronius processes personal data primarily in the context of a business relationship with the data subject or with a company represented by the data subject, in particular in the area of contractual and pre-contractual relationships (Art. 6 Para. 1 lit b GDPR).

Furthermore, personal data is processed if necessary to comply with a legal or statutory obligation to which Fronius is subject (e.g. storage and documentation obligations under national laws and reporting obligations as an employer to the social security authorities) (Art. 6 Para. 1 lit c GDPR).

The processing of personal data on the legal basis of Art. 6 Para. 1 lit f GDPR is generally based on the following legitimate interests of Fronius:

• Safeguarding operational interests such as the internal administration and optimization of business processes (document, file, customer and supplier management), data backup and ensuring smooth business operations,
• Improvement and further development of our products and troubleshooting, 
• assertion, exercise or defense of legal claims, 
• Containment of damage, 
• Carrying out direct advertising (marketing and information activities, in particular about products and services offered by the person responsible), 
• IT security and technical administration when using our systems such as internet access, communication tools, means of collaboration (telephone, email, video conferencing, instant messaging), 
• Operation of a group-wide customer and supplier management system
• Event planning, invitation and coordination,
• Building security and ensuring general security on company and company premises

Personal data is only processed to protect the legitimate interests of Fronius if there is no reason to assume that the interests of the data subject merit protection.

Personal data may also be processed on the basis of the data subject's consent to processing, which consent may be revoked at any time (Art. 6 Para. 1 (a) GDPR). In this case, the personal data of the data subject is processed for the processing of which the data subject has given prior consent, such as the publication of photographs of the data subject for documentation or advertising purposes or the processing of his or her personal contact data for the purpose of sending newsletters.

Insofar as data is not collected from the data subject himself/herself within the meaning of Article 14 of the GDPR, personal data that can be accessed in publicly accessible databases such as the land register, company register, central register of associations, edict file, central register of residents, credit rating databases), as well as information on the data subject may be collected from search engines, social networks or various websites, from Fronius Group companies or from cooperation partners or from any funding bodies.

In order to guarantee the security of the personal data of the data subjects, Fronius has taken a number of technical and organizational measures as defined in Art. 32 DSGVO, in particular encryption of the services using state-of-the-art encryption methods (e.g. SSL), user authentication controls, secure network infrastructures, restriction of access to personal data, network monitoring solutions, area-restricted alarm systems as well as video surveillance, employee conduct instructions, obligation to maintain data secrecy. A list of technical and organizational measures at Fronius can be found
here.

Fronius does not process personal data for automatic decision-making or profiling.

RECIPIENTS OF PERSONAL DATA

In order to achieve the intended purposes or if there is a legal obligation to do so, it may be necessary on a case-by-case basis for us to transfer and disclose your data to recipients (e.g. authorities/public bodies, courts, banks, higher-level group companies, etc.) or to grant service providers access to your data (e.g. in order to carry out data management on our behalf, to use software and IT infrastructure, for support and maintenance purposes). The transfer of the relevant data in each individual case is based on the legal provisions or contractual agreement or, in part, on your (express) consent.

We only work with third parties who offer sufficient guarantees that your data is in safe hands.

These are the following categories of recipients within the meaning of Art 13 para 1 lit e GDPR:

• Fronius Group companies (in particular the subsidiaries listed at https://www.fronius.com/de/ueber-fronius/locations),
• Processors, insofar as they require the data for the performance of their respective services,
• Authorities, public bodies and institutions in the event of a legal obligation,
• Operators and participants of creditworthiness-related information systems for the purpose of creditor protection and risk minimization,
• Third-party providers and cooperation partners (e.g. customers, suppliers, payment service providers),
• Credit and financial institutions or similar entities,
• Legal and tax advisers and experts for the examination, assertion, exercise or defense of legal claims,
• Courts to assert, exercise or defend legal claims.

Personal data may be transferred to countries outside the EEA in order to carry out pre-contractual measures or in performance of a contract with the data subject or the company represented by the data subject, in particular by Fronius group companies or due to the use of cloud solutions for communication and collaboration, for video conferencing, for maintaining information and data security and for customer care and a corresponding customer relationship management system. Where appropriate, personal data may also be processed when used for promotional purposes on social media channels (e.g. Facebook, Instagram) or websites outside the EEA.

 
Such a transfer outside the EEA may take place on the basis of binding internal data protection rules under Art 47 GDPR, adequacy decisions of the European Commission under Art 45 GDPR or standard data protection clauses under Art 46 Para. 2 lit c and d GDPR. In exceptional cases, a data transfer may also take place on the basis of Art 49 GDPR, either because you have expressly consented to the proposed data transfer after having been informed of the potential risks to you of such data transfers without the existence of an adequacy decision (Art 45 GDPR) and without appropriate safeguards, the transfer is necessary for the performance of a contract between you and Fronius or for the performance of pre-contractual measures at your request, or the transfer is necessary for the conclusion or performance of a contract concluded in your interest by Fronius with another natural or legal person.

Data transfer to the USA / discontinuation of the Privacy Shield
Fronius would like to expressly point out that since 16 July 2020, due to the "Schrems II" decision of the European Court of Justice, the so-called "Privacy Shield", an adequacy decision of the EU Commission pursuant to Article 45 of the GDPR, with which the USA was confirmed an adequate level of data protection under certain circumstances, is no longer valid with immediate effect.
Since then, the Privacy Shield does not constitute a valid legal basis for the transfer of personal data to the USA!
If, in the context of data processing at Fronius, a transfer of data to the USA takes place, cannot be ruled out, or if we use a service provider based in the USA, we refer to this explicitly in this data protection declaration (see in particular the description of the technologies used on our website).

For you as a user, the transfer of personal data to the USA entails risks. These result from the corresponding powers of the US intelligence services and the legal situation in the USA, which currently - in the opinion of the ECJ - no longer ensures an adequate level of data protection in the USA. The issues include:

• Section 702 of the Foreign Intelligence Surveillance Act (FISA) provides no restrictions on the surveillance activities of the intelligence services and no safeguards for non-US citizens. 
• Presidential Policy Directive 28 (PPD-28) does not give data subjects effective remedies against actions taken by US authorities and does not provide for barriers to ensure proportionate measures. 
• The Ombudsman provided for in the Privacy Shield does not have sufficient independence from the executive; he cannot issue binding orders against the intelligence services.

Legally compliant transfer of data to the USA based on the standard contractual clauses
The standard contractual clauses adopted by the European Commission in 2010 (2010/87/EU of 05.02.2010), Art. 46 (2) c GDPR, are still valid, but a level of protection for personal data must be ensured that corresponds to that in the European Union. Therefore, not only the contractual relationships with our service providers are relevant here, but also the possibility of access to the data by authorities in the USA and the legal system there (legislation and jurisdiction, administrative practice of authorities).

By implementing decision of 4 June 2021 (2021/914), the European Commission has now adopted new standard contractual clauses for the transfer of personal data to third countries under Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR).
By the end of 30.09.2021, only the new standard contractual clauses for the transfer of personal data to third countries may be applied; previously agreed standard contractual clauses (2010/87/EU of 05.02.2010) must be updated by 31.12.2022.

 
The standard contractual clauses cannot bind authorities in the U.S. and therefore do not yet provide adequate protection in cases where authorities are empowered under U.S. law to interfere with the rights of data subjects without additional action by us and our service provider.

Our measures to make data transfers to the USA legally compliant
Wherever possible, we always choose to process data on EU servers. This should technically ensure that the data is located within the European Union and the risk of access by US authorities is largely minimized. 

With US service providers, we strive to conclude standard contractual clauses and to demand additional guarantees. In particular, we demand, where possible, the use of technologies that prevent access to data, e.g. the use of encryption that cannot be broken even by US services, or anonymization
or pseudonymisation of the data, so that only Fronius or the service provider can make the assignment. At the same time, we require that the service provider inform us immediately if access to data by third parties is actually requested or occurs, and that the service provider exhaust all legal remedies against requested access to Fronius data. We contractually obligate our service providers or processors, including their subcontractors, to transfer data outside the EU exclusively in compliance with the principles for data transfers pursuant to Art. 44 et seq. of the Data Protection Regulation (GDPR) and to oblige the subcontractors to comply with the data protection level of the GDPR.  

STORAGE PERIOD/DELETION

We store your data for different lengths of time depending on the existence of a legitimate processing purpose.

As a rule, we process your information for the duration of the entire business relationship (from the initiation, processing to the termination of a contract, as well as until the termination of any information interest on your part). In addition, we store your data in compliance with and within the scope of the statutory retention and documentation obligations, the applicable warranty, guarantee and limitation periods, in the event of legal disputes in which the data is required as evidence, until their termination.

Individual retention periods can be found in the special information on data processing. Our retention periods, in each case from the time the data is created, are based on the following principles:

• Data that do not need to be kept for longer for verification purposes will be deleted after 6 months.
• Data that is required for verification purposes and / or is the basis for legal claims that are subject to a limitation period of 3 years (e.g. damages, warranty) and there is no justification for a longer storage, we delete after 3 years.
• Data whose storage is necessary for verification purposes, in particular correspondence and its contents, will be deleted after 5 years. 
• Data whose storage is necessary for purposes relevant to accounting, tax law or customs law, as well as on the basis of subsidies or in the event of the assertion of purchase price, performance or special claims for damages or liability (e.g. product liability), shall be stored for a period of 10 years.
• Data whose retention is necessary for the fulfilment of warranty services and their traceability is retained for a period of 20 years (this period corresponds to the longest warranty period at Fronius).
• The deletion of personal data which are necessary, for example, for the issuing of a reference or which are necessary for the assertion, exercise or defense of legal claims, in particular with regard to an absolute limitation period of 30 years, may in these special cases also take place after 30 years - always taking into account the purpose of the processing.

In the case of consent to data processing (in particular when sending electronic messages), the data is stored - with the exception of other details in the consent text - until revocation by the person concerned, which is possible at any time, whereby the revocation does not affect the processing that has taken place up to this point in time.

RIGHTS OF PERSONS CONCERNED

Data subjects have the following rights at any time:

/ Right to request
You have the right to request information about your personal data that we process at any time within the scope of Art. 15 GDPR.

 
/ Right to rectification and completion
Should your personal data be incorrect or incomplete, you have the right to rectification and completion within the scope of Art. 16 GDPR. 

/ Right to restriction of processing
If the legal requirements are met, you may request restriction of the processing of your personal data within the scope of Art. 18 GDPR.

/ Right to erasure
You may request the erasure of your personal data at any time within the scope of Art. 17 GDPR, unless we are legally obliged or entitled to continue processing your data.

/ Right to data portability
If processing takes place on the basis of a contract or your consent and with the help of automated processes, you have a right to the transfer of the personal data concerning you in a structured, common and machine-readable format within the scope of Art. 20 GDPR, provided that this does not affect the rights and freedoms of other persons.

/ Right to object
You have the right to object to processing within the scope of Art 21. GDPR, insofar as the data processing is carried out for the purposes of direct marketing or profiling. You may object to processing on the basis of a balance of interests by stating the reasons arising from your particular situation.

/ Right to revoke the declaration of consent under data protection law
You  have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

/ Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority pursuant to Article 77 of the GDPR, in particular in the Member State of your residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR. The supervisory authority to which the complaint has been lodged will inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR. The data protection authority or supervisory authority responsible for us can be found below in the contact details.

To exercise your rights as a data subject, please contact us - by post, e-mail or fax - at the address given below. Your request or your data will be processed without affecting the lawfulness of the processing carried out up to the receipt of your request and insofar as the processing is reasonable for Fronius.

II. INFORMATION ON INDIVIDUAL DATA PROCESSING

1. NEWSLETTER

Categories of personal data that Fronius collects and processes as part of this data processing:

• Name (such as first name, last name, name affixes, salutation) 
• Contact details (such as e-mail address, if applicable also address, (mobile) phone number, if applicable company data: E-mail address, address) 
• where applicable, data subjects and IT data (consent and double opt-in status)

The data is collected directly from you and processed in particular on the basis of the following legal grounds:

 
/ Fulfilment of a contractual relationship or for the implementation of pre-contractual measures (Art 6 para 1 lit b GDPR)
Data processing may be carried out for the purposes of initiating pre-contractual measures or fulfilling the obligations arising from a contract concluded with you (such as determining the winner of competitions, authentication for the use of our services, granting extended (warranty) rights) or on the basis of the terms and conditions accepted by you.

/ on the basis of your consent (Art 6 para 1 lit a GDPR)
Consent to the processing of your personal data for the purpose of sending newsletters can be revoked by you at any time with effect for the future. Consents granted before the applicability of the GDPR (25 May 2018) can also be revoked. Processing that took place before the revocation remains unaffected by the revocation.

 
/ Safeguarding of legitimate interests of Fronius within the framework of the balancing of interests (Art 6 para 1 lit f GDPR)
the purposes of the processing result from the safeguarding of our legitimate interests. Our legitimate interest may be used to justify the further processing of the data you have provided, provided that your interests or fundamental rights and freedoms are not overridden. Our legitimate interest here lies in sending information and offers about our products to existing customers, users of our offers and services as well as interested parties.

Duration of processing (criteria for deletion)
the data will generally be stored and processed until the contractual relationship has been completed and beyond that for the purposes of sending the newsletter until you object to the sending of the newsletter or revoke your consent. We will inform you separately about this circumstance in the course of registration or in our terms and conditions.
Consent to the use of your e-mail address for advertising purposes can be revoked at any time with future effect by clicking on the "Unsubscribe" or "Newsletter unsubscribe" link at the end of the newsletter or by sending a message to cancellation(at)fronius.com with the revocation of your consent.
The data for the newsletter dispatch will be stored at the longest until you unsubscribe from the newsletter. We are entitled to check the authenticity and accuracy of your e-mail address on the basis of your other details.

Supplementary information on this data processing
You can receive a newsletter from Fronius if you have given us your consent to do so, if you are an existing customer, or if we process your personal data in return for providing you with our offers.

/ Consent: If you have given your consent to receive interesting offers and news from Fronius by e-mail on a regular basis, we will send you regular newsletters on the basis of this consent until your consent is revoked.

 
/ Existing customers: We will only send newsletter e-mails to existing Fronius customers if we have received their contact information for newsletter distribution in connection with the sale or provision of a service to you, and we have informed you at the time of collection and any subsequent transmission that you may opt out of the use of their contact information for this purpose, and provided you are not included in the list pursuant to Section 7 (2) of the E-Commerce Act.

 
/ Data for the use of our offers: You may also provide us with your personal data in return for the use of our offers or services such as

• the participation in a lottery, 
• to gain access to our contents, 
• the use of our online services, software or apps, or
• the product registration for extended warranty rights

and by accepting the relevant terms and conditions (of participation, use, business or otherwise) for processing for the regular receipt of newsletters about Fronius products and services for promotional purposes by e-mail.

Your e-mail address will not be passed on to third parties for advertising purposes. 

2. ONLINE CONFERENCES AND WEBINARS

Categories of personal data that Fronius collects and processes as part of this data processing:

• Name (such as first name, last name, name affixes, salutation) 
• Contact details (such as e-mail address, if applicable also address, (mobile) phone number, if applicable company data: E-mail address, address) 
• IT data (such as username, password, IP address, log files)
• Image data, if applicable
• Interaction and correspondence data
• Content data

The data is collected directly from you and processed in particular on the basis of the following legal grounds:

 
/ Fulfilment of a contractual relationship or for the implementation of pre-contractual measures (Art 6 para 1 lit b GDPR)
Data processing may be carried out for the purpose of initiating pre-contractual measures or for the fulfilment of obligations arising from a contract concluded with you (such as the discussion of contractual content or processing in online conferences or the holding of a webinar booked by you) and on the basis of the conditions accepted by you.

/ On the basis of your consent (Art 6 para 1 lit a GDPR)
the purposes of the processing of personal data may result from the participant's consent (as in the case of a recording or a separate request for consent). Consent given for the processing of your personal data can be revoked by you at any time with effect for the future. Consents granted before the applicability of the GDPR (25 May 2018) can also be revoked. Processing that took place before the revocation remains unaffected by the revocation.

 
/ Safeguarding Fronius' legitimate interests in the context of the balancing of interests (Art 6 (1) (f) GDPR)
the purposes of the processing result from safeguarding our legitimate interests. Our legitimate interest may be used to justify the processing of the data you have provided, provided that your interests or fundamental rights and freedoms are not overridden. Our legitimate interest here, in the case of open webinars, unless a contractual relationship has arisen through participation in the webinar, is to conduct a webinar and provide information to a wide audience. Legitimate interests may also lie in the further processing for documentation purposes after the conclusion of online conferences or seminars. 

Duration of processing (criteria for deletion)
The processing of the data provided by you is carried out for as long as it is necessary to achieve the contractually agreed purpose, in principle for as long as the contractual relationship with you exists. After termination of the contractual relationship, the data provided by you will be processed to comply with statutory retention obligations or on the basis of our legitimate interests. After the expiry of the statutory retention periods and/or the lapse of our legitimate interests, the data provided by you will be deleted.

Supplementary information on this data processing
When using our tools, various types of data are processed. The scope of the data also depends on the data you provide before or when participating in an "online meeting".
In order to join an online meeting, you must provide a name; you may also choose a pseudonym. This information is stored temporarily in the browser and used for future access to online events.
In order to enable the display of video and the playback of audio, data from the microphone of your terminal device and from a video camera of the terminal device are processed during the meeting. Access can be disabled at any time using the buttons with the respective icons. Participation in online events is generally possible even if access is deactivated. It is also possible to exchange text messages in a group chat. The messages are then visible for all participants of the online event.
If a participant's screen is transferred during an event, the displayed screen content is shown to all other participants in the online meeting. Each participant should therefore ensure that no sensitive data is displayed on the screen before using the function. The screen sharing function can be deactivated at any time using the corresponding button.
In the event that we record online meetings, we will notify you before the recording begins and - if necessary - ask for verbal consent. If you do not wish to be recorded, you can leave the online meeting. If online meetings are being recorded, this will be indicated by a recording icon in the screen area. In this case, all video and audio data will be stored by us.

Online conferencing tools at Fronius and recipient 

We use Microsoft Teams and Skype internally and externally to carry out our daily office communications and for conference calls, online meetings and/or video conferences. For webinars, we also use GotoWebinar.
To participate in an online meeting or a webinar, a participant receives an e-mail containing an invitation link. The e-mail address was either provided to us by the external participant or collected by us during registration for an online meeting or webinar. Fronius employees use their company contact data to participate in online meetings.

Microsoft Teams:
To conduct online meetings and host webinars, we use the Microsoft Teams service provided by Microsoft Ireland Operations, Ltd, South County Business Park Leopardstown, Dublin 18, D18 P521, Ireland, an affiliated company of Microsoft Cooperation, Redmond, WA, USA, https://www.microsoft.com/de-at/microsoft-teams/group-chat-software ("MS Teams"). 

ATTENTION: Within the scope of this service, data transmission to the USA takes place or cannot be ruled out.

Skype for Business:
To conduct online meetings and host webinars, we use the Skype service provided by Microsoft Ireland Operations, Ltd, South County Business Park Leopardstown, Dublin 18, D18 P521, Ireland, an affiliated company of Microsoft Cooperation - Redmond, WA, USA, https://www.skype.com/de/business/ ("Skype").

ATTENTION: Within the scope of this service, data transmission to the USA takes place or cannot be ruled out.

We have concluded an order processing agreement with Microsoft (MS Teams & Skype). For the processing of data in the USA, the level of protection is guaranteed through the use of the EU standard contractual clauses.

Further information on data protection can be found at https://privacy.microsoft.com/privacystatement on the use of this service.

GotoWebinar:
To conduct online meetings, and in particular to host webinars, we use the GotoWebinar service provided by LogMeIn Ireland Unlimited Company, an affiliate of LogMeIn Group LogMeIn, Inc. Boston, 320 Summer Street, Boston, MA 02210, USA.

ATTENTION: Within the scope of this service, data transmission to the USA takes place or cannot be ruled out.

We have concluded an order processing agreement with LogMeIn Ireland. For the processing of data in the USA, the level of protection is guaranteed through the use of the EU standard contractual clauses.

Further information on data protection can be found at https://www.logmein.com/de/trust/privacy on the use of this service.

3. COURSES, TRAINING und WEBINARS

Categories of personal data that Fronius collects and processes as part of this data processing:

• Name (such as first name, last name, name affixes, salutation) 
• Contact details (such as e-mail address, if applicable also address, (mobile) phone number, if applicable company data: E-mail address, address)
• if applicable, company data (such as type and name of the company, professional function)
• Personal data (like language)
• Contract data, if applicable
• Visit data, if applicable
• bank and financial data, if applicable

The data is collected directly from you and processed in particular on the basis of the following legal grounds:

 
/ performance of a contractual relationship or for the implementation of pre-contractual measures (Art 6 para 1 lit b GDPR)
Data processing may be carried out for the purposes of initiating pre-contractual measures or for the performance of obligations arising from a contract concluded with you (or with your company/employer) (such as registration and participation in the relevant course offering or webinar, organization and communication, and implementation and completion of qualifications) and on the basis of the terms and conditions accepted by you.

/ To protect the legitimate interests of Fronius in the context of the balancing of interests (Art 6 para 1 lit f GDPR)
the purposes of the processing result from the protection of our legitimate interests. Our legitimate interest may be used to justify the processing of the data you have provided, provided that your interests or fundamental rights and freedoms are not overridden. For example, our legitimate interest here may lie in the processing of your personal data for the purposes of organizing and holding courses and training sessions, both present and online, as well as in providing information about further course offerings.

Duration of processing (criteria for deletion)
The processing of the data provided by you is carried out for as long as it is necessary to achieve the contractually agreed purpose, in principle for as long as the contractual relationship with you exists. After termination of the contractual relationship, the data provided by you will be processed to comply with statutory retention obligations or on the basis of our legitimate interests. After the expiry of the statutory retention periods and/or the lapse of our legitimate interests, the data provided by you will be deleted.

Supplementary information on this data processing
Pathways to Fronius courses, training and webinarsFronius
offers its customers, business partners, employees and others the opportunity to attend courses, training or even webinars related to Fronius products. Completion of this offer can also be part of an agreement with business partners and a prerequisite for certifications by Fronius (such as certification as a "Certified Partner").

Recipients So far as
we organize courses, trainings or webinars together with partners of ours, you will receive information about this and we will share your personal data with them. For this purpose, we have concluded corresponding order processing contracts or joint responsibility contracts with our partners.

If courses or training sessions are held as webinars, the provisions set out under "Online Conferences and Webinars" shall apply in addition.

 

4. ONLINE-SERVICES, SOFTWARE AND APPS

Categories of personal data that Fronius collects and processes when you register to use our online services or apps:

• Name
• Contact details
• Company data
• Personal data
• Contract data
• IT data
• Product usage data (such as plant and equipment usage data)
• Position data
• Bank and financial data

The data is collected directly from you and processed in particular on the basis of the following legal grounds:

/ Fulfilment of a contractual relationship or for the implementation of pre-contractual measures (Art 6 para 1 lit b GDPR)
Data processing may be carried out for the purposes of initiating pre-contractual measures or fulfilling the obligations arising from a contract concluded with you (or with your company/employer) (such as provision of online services and software, authentication for the use of our services, granting of extended rights) and on the basis of the terms and conditions accepted by you.

The purposes of the processing of personal data may result from your consent to the processing of your data for the purposes of using our online services and software or our services. Consent given for the processing of your personal data can be revoked by you at any time with effect for the future. Consents granted before the GDPR (25 May 2018) came into force can also be revoked. Processing that took place before the revocation remains unaffected by the revocation.

 
/ Safeguarding Fronius' legitimate interests in the context of the balancing of interests (Art 6 (1) (f) GDPR)
the purposes of the processing result from safeguarding our legitimate interests. Our legitimate interest can be used to justify the processing of the data you have provided, provided that your interests or fundamental rights and freedoms are not overridden. Our legitimate interest here is the provision of online services and software for our customers, optimization and expansion of our offer, improved customer service, corporate communication, in the internal administration and optimization of the business process, as well as in the improvement of our products and troubleshooting. After registering to use our online services, software and apps, Fronius also processes the data of your registered systems and devices in accordance with the applicable terms of use. In the process, usage data of your registered systems and devices is regularly transferred to Fronius for the purpose of analyzing this data and subsequently improving performance as well as our products. The system and device data is processed on the basis of Fronius' legitimate interest in using usage data from systems and devices registered with Fronius for analysis and improvement purposes.

Duration of processing (criteria for deletion)
the data is generally processed for the duration of the contractual relationship. After deactivation of your account, your personal data will be stored for 3 years for the purpose of reversing erroneous deactivation and a possible legal defense and then deleted.
In the event that you have given your consent to data processing, we will delete your data as soon as you revoke your consent.

 
Supplementary information on this data processing

Ways to our online services, software and apps

For the use of our online services, software and apps, an online registration by means of email address and password as well as, if applicable, the entry of your further data is required, in which the data is collected directly from you. In the course of registration, you accept the terms and conditions of the respective offer.

Recipients

 
Your data will not be passed on to third parties.
For the operation of our online services, software and apps, we use cloud solutions and service providers with whom we have concluded corresponding order processing agreements. Regarding data transfers to third countries, the information in the general section applies in addition.
After registering for our services, you can partially make your user name visible to other members. In addition, you can release or publish further data of your profile or your attachment and make it visible for other members. Within your profile, you have the option to adjust the extent to which your data is published by making the appropriate settings. It is at your discretion to decide which and to what extent this data is released or published for other users. Details are explained in more detail on the websites in the respective function of the respective online services and apps.

Fronius as a processor

 
Where our business customers are considered "controllers" when using our online services, software and apps and we are "processors" within the meaning of the GDPR, the order processing agreement available here for our business customers
applies.

PRIVACY POLICY

Fronius International GmbH

I. GENERAL INFORMATION

PREAMBLE

We, Fronius, are a leading technical company in the fields of welding technology, photovoltaics and battery charging technology and a data controller within the meaning of the General Data Protection Regulation (GDPR) (hereinafter "Fronius").

This privacy statement applies to any form of processing of personal data by Fronius.

With the following, Fronius would like to inform you about which personal data Fronius processes, how and for what purpose it is used, and what rights data subjects are entitled to. All data is processed in compliance with the relevant legal regulations on data protection and data security.

You can view, download or print our current data protection declaration at any time on our website. The data protection declaration also constitutes an integral part of our terms of use and/or webshop conditions, which are also made available on our website.

CATEGORIES OF PERSONAL DATA

We process the following categories of data or parts thereof. Which personal data is specifically processed depends on your relationship with us. You will find more detailed information on this in chapters III. and IV.

If necessary, further personal data are processed if this is required for the specific purpose.

 
In the event that Fronius also processes special categories of personal data, so-called sensitive data (e.g. health data), the processing is either based on your express consent (Art 9 para. 2 (a) GDPR) or it is necessary for the assertion, exercise or defense of legal claims (Art 9 Para. 2 (f) GDPR).

PURPOSE OF THE PROCESSING

The processing of your personal data is necessary to achieve the purposes listed above. Failure to provide it could, depending on the category of data, result in us not being able to fulfil the listed purposes in accordance with the contract and the law, a smooth business process is not possible or we are unable to carry out the pre-contractual activities or conclude and implement the contractual relationship with you or your employer.

LEGAL BASES OF PROCESSING

Fronius processes your personal data within the meaning of Art 6 GDPR on the basis of the following legal grounds:

• fulfilment of a contractual relationship or implementation of pre-contractual measures (Art 6 Para. 1 lit b GDPR), 
• fulfilment of a legal or statutory obligation (Art 6 Para. 1 lit c GDPR), 
• protection of the legitimate interests of Fronius or a third party (Art 6 Para. 1 lit f GDPR) or   
• if none of the aforementioned legal grounds apply, on the basis of the consent of the person concerned to the processing of their personal data (Art 6 Para. 1 lit a GDPR).

Fronius processes personal data primarily in the context of a business relationship with the data subject or with a company represented by the data subject, in particular in the area of contractual and pre-contractual relationships (Art. 6 Para. 1 lit b GDPR).

Furthermore, personal data is processed if necessary to comply with a legal or statutory obligation to which Fronius is subject (e.g. storage and documentation obligations under national laws and reporting obligations as an employer to the social security authorities) (Art. 6 Para. 1 lit c GDPR).

The processing of personal data on the legal basis of Art. 6 Para. 1 lit f GDPR is generally based on the following legitimate interests of Fronius:

• Safeguarding operational interests such as the internal administration and optimization of business processes (document, file, customer and supplier management), data backup and ensuring smooth business operations,
• Improvement and further development of our products and troubleshooting, 
• assertion, exercise or defense of legal claims, 
• Containment of damage, 
• Carrying out direct advertising (marketing and information activities, in particular about products and services offered by the person responsible), 
• IT security and technical administration when using our systems such as internet access, communication tools, means of collaboration (telephone, email, video conferencing, instant messaging), 
• Operation of a group-wide customer and supplier management system
• Event planning, invitation and coordination,
• Building security and ensuring general security on company and company premises

Personal data is only processed to protect the legitimate interests of Fronius if there is no reason to assume that the interests of the data subject merit protection.

Personal data may also be processed on the basis of the data subject's consent to processing, which consent may be revoked at any time (Art. 6 Para. 1 (a) GDPR). In this case, the personal data of the data subject is processed for the processing of which the data subject has given prior consent, such as the publication of photographs of the data subject for documentation or advertising purposes or the processing of his or her personal contact data for the purpose of sending newsletters.

Insofar as data is not collected from the data subject himself/herself within the meaning of Article 14 of the GDPR, personal data that can be accessed in publicly accessible databases such as the land register, company register, central register of associations, edict file, central register of residents, credit rating databases), as well as information on the data subject may be collected from search engines, social networks or various websites, from Fronius Group companies or from cooperation partners or from any funding bodies.

In order to guarantee the security of the personal data of the data subjects, Fronius has taken a number of technical and organizational measures as defined in Art. 32 DSGVO, in particular encryption of the services using state-of-the-art encryption methods (e.g. SSL), user authentication controls, secure network infrastructures, restriction of access to personal data, network monitoring solutions, area-restricted alarm systems as well as video surveillance, employee conduct instructions, obligation to maintain data secrecy. A list of technical and organizational measures at Fronius can be found
here.

Fronius does not process personal data for automatic decision-making or profiling.

RECIPIENTS OF PERSONAL DATA

In order to achieve the intended purposes or if there is a legal obligation to do so, it may be necessary on a case-by-case basis for us to transfer and disclose your data to recipients (e.g. authorities/public bodies, courts, banks, higher-level group companies, etc.) or to grant service providers access to your data (e.g. in order to carry out data management on our behalf, to use software and IT infrastructure, for support and maintenance purposes). The transfer of the relevant data in each individual case is based on the legal provisions or contractual agreement or, in part, on your (express) consent.

We only work with third parties who offer sufficient guarantees that your data is in safe hands.

These are the following categories of recipients within the meaning of Art 13 para 1 lit e GDPR:

• Fronius Group companies (in particular the subsidiaries listed at https://www.fronius.com/de/ueber-fronius/locations),
• Processors, insofar as they require the data for the performance of their respective services,
• Authorities, public bodies and institutions in the event of a legal obligation,
• Operators and participants of creditworthiness-related information systems for the purpose of creditor protection and risk minimization,
• Third-party providers and cooperation partners (e.g. customers, suppliers, payment service providers),
• Credit and financial institutions or similar entities,
• Legal and tax advisers and experts for the examination, assertion, exercise or defense of legal claims,
• Courts to assert, exercise or defend legal claims.

Personal data may be transferred to countries outside the EEA in order to carry out pre-contractual measures or in performance of a contract with the data subject or the company represented by the data subject, in particular by Fronius group companies or due to the use of cloud solutions for communication and collaboration, for video conferencing, for maintaining information and data security and for customer care and a corresponding customer relationship management system. Where appropriate, personal data may also be processed when used for promotional purposes on social media channels (e.g. Facebook, Instagram) or websites outside the EEA.

 
Such a transfer outside the EEA may take place on the basis of binding internal data protection rules under Art 47 GDPR, adequacy decisions of the European Commission under Art 45 GDPR or standard data protection clauses under Art 46 Para. 2 lit c and d GDPR. In exceptional cases, a data transfer may also take place on the basis of Art 49 GDPR, either because you have expressly consented to the proposed data transfer after having been informed of the potential risks to you of such data transfers without the existence of an adequacy decision (Art 45 GDPR) and without appropriate safeguards, the transfer is necessary for the performance of a contract between you and Fronius or for the performance of pre-contractual measures at your request, or the transfer is necessary for the conclusion or performance of a contract concluded in your interest by Fronius with another natural or legal person.

Data transfer to the USA / discontinuation of the Privacy Shield
Fronius would like to expressly point out that since 16 July 2020, due to the "Schrems II" decision of the European Court of Justice, the so-called "Privacy Shield", an adequacy decision of the EU Commission pursuant to Article 45 of the GDPR, with which the USA was confirmed an adequate level of data protection under certain circumstances, is no longer valid with immediate effect.
Since then, the Privacy Shield does not constitute a valid legal basis for the transfer of personal data to the USA!
If, in the context of data processing at Fronius, a transfer of data to the USA takes place, cannot be ruled out, or if we use a service provider based in the USA, we refer to this explicitly in this data protection declaration (see in particular the description of the technologies used on our website).

For you as a user, the transfer of personal data to the USA entails risks. These result from the corresponding powers of the US intelligence services and the legal situation in the USA, which currently - in the opinion of the ECJ - no longer ensures an adequate level of data protection in the USA. The issues include:

• Section 702 of the Foreign Intelligence Surveillance Act (FISA) provides no restrictions on the surveillance activities of the intelligence services and no safeguards for non-US citizens. 
• Presidential Policy Directive 28 (PPD-28) does not give data subjects effective remedies against actions taken by US authorities and does not provide for barriers to ensure proportionate measures. 
• The Ombudsman provided for in the Privacy Shield does not have sufficient independence from the executive; he cannot issue binding orders against the intelligence services.

Legally compliant transfer of data to the USA based on the standard contractual clauses
The standard contractual clauses adopted by the European Commission in 2010 (2010/87/EU of 05.02.2010), Art. 46 (2) c GDPR, are still valid, but a level of protection for personal data must be ensured that corresponds to that in the European Union. Therefore, not only the contractual relationships with our service providers are relevant here, but also the possibility of access to the data by authorities in the USA and the legal system there (legislation and jurisdiction, administrative practice of authorities).

By implementing decision of 4 June 2021 (2021/914), the European Commission has now adopted new standard contractual clauses for the transfer of personal data to third countries under Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR).
By the end of 30.09.2021, only the new standard contractual clauses for the transfer of personal data to third countries may be applied; previously agreed standard contractual clauses (2010/87/EU of 05.02.2010) must be updated by 31.12.2022.

 
The standard contractual clauses cannot bind authorities in the U.S. and therefore do not yet provide adequate protection in cases where authorities are empowered under U.S. law to interfere with the rights of data subjects without additional action by us and our service provider.

Our measures to make data transfers to the USA legally compliant
Wherever possible, we always choose to process data on EU servers. This should technically ensure that the data is located within the European Union and the risk of access by US authorities is largely minimized. 

With US service providers, we strive to conclude standard contractual clauses and to demand additional guarantees. In particular, we demand, where possible, the use of technologies that prevent access to data, e.g. the use of encryption that cannot be broken even by US services, or anonymization
or pseudonymisation of the data, so that only Fronius or the service provider can make the assignment. At the same time, we require that the service provider inform us immediately if access to data by third parties is actually requested or occurs, and that the service provider exhaust all legal remedies against requested access to Fronius data. We contractually obligate our service providers or processors, including their subcontractors, to transfer data outside the EU exclusively in compliance with the principles for data transfers pursuant to Art. 44 et seq. of the Data Protection Regulation (GDPR) and to oblige the subcontractors to comply with the data protection level of the GDPR.  

STORAGE PERIOD/DELETION

We store your data for different lengths of time depending on the existence of a legitimate processing purpose.

As a rule, we process your information for the duration of the entire business relationship (from the initiation, processing to the termination of a contract, as well as until the termination of any information interest on your part). In addition, we store your data in compliance with and within the scope of the statutory retention and documentation obligations, the applicable warranty, guarantee and limitation periods, in the event of legal disputes in which the data is required as evidence, until their termination.

Individual retention periods can be found in the special information on data processing. Our retention periods, in each case from the time the data is created, are based on the following principles:

• Data that do not need to be kept for longer for verification purposes will be deleted after 6 months.
• Data that is required for verification purposes and / or is the basis for legal claims that are subject to a limitation period of 3 years (e.g. damages, warranty) and there is no justification for a longer storage, we delete after 3 years.
• Data whose storage is necessary for verification purposes, in particular correspondence and its contents, will be deleted after 5 years. 
• Data whose storage is necessary for purposes relevant to accounting, tax law or customs law, as well as on the basis of subsidies or in the event of the assertion of purchase price, performance or special claims for damages or liability (e.g. product liability), shall be stored for a period of 10 years.
• Data whose retention is necessary for the fulfilment of warranty services and their traceability is retained for a period of 20 years (this period corresponds to the longest warranty period at Fronius).
• The deletion of personal data which are necessary, for example, for the issuing of a reference or which are necessary for the assertion, exercise or defense of legal claims, in particular with regard to an absolute limitation period of 30 years, may in these special cases also take place after 30 years - always taking into account the purpose of the processing.

In the case of consent to data processing (in particular when sending electronic messages), the data is stored - with the exception of other details in the consent text - until revocation by the person concerned, which is possible at any time, whereby the revocation does not affect the processing that has taken place up to this point in time.

RIGHTS OF PERSONS CONCERNED

Data subjects have the following rights at any time:

/ Right to request
You have the right to request information about your personal data that we process at any time within the scope of Art. 15 GDPR.

 
/ Right to rectification and completion
Should your personal data be incorrect or incomplete, you have the right to rectification and completion within the scope of Art. 16 GDPR. 

/ Right to restriction of processing
If the legal requirements are met, you may request restriction of the processing of your personal data within the scope of Art. 18 GDPR.

/ Right to erasure
You may request the erasure of your personal data at any time within the scope of Art. 17 GDPR, unless we are legally obliged or entitled to continue processing your data.

/ Right to data portability
If processing takes place on the basis of a contract or your consent and with the help of automated processes, you have a right to the transfer of the personal data concerning you in a structured, common and machine-readable format within the scope of Art. 20 GDPR, provided that this does not affect the rights and freedoms of other persons.

/ Right to object
You have the right to object to processing within the scope of Art 21. GDPR, insofar as the data processing is carried out for the purposes of direct marketing or profiling. You may object to processing on the basis of a balance of interests by stating the reasons arising from your particular situation.

/ Right to revoke the declaration of consent under data protection law
You  have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

/ Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority pursuant to Article 77 of the GDPR, in particular in the Member State of your residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR. The supervisory authority to which the complaint has been lodged will inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR. The data protection authority or supervisory authority responsible for us can be found below in the contact details.

To exercise your rights as a data subject, please contact us - by post, e-mail or fax - at the address given below. Your request or your data will be processed without affecting the lawfulness of the processing carried out up to the receipt of your request and insofar as the processing is reasonable for Fronius.

II. INFORMATION ON INDIVIDUAL DATA PROCESSING

1. NEWSLETTER

Categories of personal data that Fronius collects and processes as part of this data processing:

• Name (such as first name, last name, name affixes, salutation) 
• Contact details (such as e-mail address, if applicable also address, (mobile) phone number, if applicable company data: E-mail address, address) 
• where applicable, data subjects and IT data (consent and double opt-in status)

The data is collected directly from you and processed in particular on the basis of the following legal grounds:

 
/ Fulfilment of a contractual relationship or for the implementation of pre-contractual measures (Art 6 para 1 lit b GDPR)
Data processing may be carried out for the purposes of initiating pre-contractual measures or fulfilling the obligations arising from a contract concluded with you (such as determining the winner of competitions, authentication for the use of our services, granting extended (warranty) rights) or on the basis of the terms and conditions accepted by you.

/ on the basis of your consent (Art 6 para 1 lit a GDPR)
Consent to the processing of your personal data for the purpose of sending newsletters can be revoked by you at any time with effect for the future. Consents granted before the applicability of the GDPR (25 May 2018) can also be revoked. Processing that took place before the revocation remains unaffected by the revocation.

 
/ Safeguarding of legitimate interests of Fronius within the framework of the balancing of interests (Art 6 para 1 lit f GDPR)
the purposes of the processing result from the safeguarding of our legitimate interests. Our legitimate interest may be used to justify the further processing of the data you have provided, provided that your interests or fundamental rights and freedoms are not overridden. Our legitimate interest here lies in sending information and offers about our products to existing customers, users of our offers and services as well as interested parties.

Duration of processing (criteria for deletion)
the data will generally be stored and processed until the contractual relationship has been completed and beyond that for the purposes of sending the newsletter until you object to the sending of the newsletter or revoke your consent. We will inform you separately about this circumstance in the course of registration or in our terms and conditions.
Consent to the use of your e-mail address for advertising purposes can be revoked at any time with future effect by clicking on the "Unsubscribe" or "Newsletter unsubscribe" link at the end of the newsletter or by sending a message to cancellation(at)fronius.com with the revocation of your consent.
The data for the newsletter dispatch will be stored at the longest until you unsubscribe from the newsletter. We are entitled to check the authenticity and accuracy of your e-mail address on the basis of your other details.

Supplementary information on this data processing
You can receive a newsletter from Fronius if you have given us your consent to do so, if you are an existing customer, or if we process your personal data in return for providing you with our offers.

/ Consent: If you have given your consent to receive interesting offers and news from Fronius by e-mail on a regular basis, we will send you regular newsletters on the basis of this consent until your consent is revoked.

 
/ Existing customers: We will only send newsletter e-mails to existing Fronius customers if we have received their contact information for newsletter distribution in connection with the sale or provision of a service to you, and we have informed you at the time of collection and any subsequent transmission that you may opt out of the use of their contact information for this purpose, and provided you are not included in the list pursuant to Section 7 (2) of the E-Commerce Act.

 
/ Data for the use of our offers: You may also provide us with your personal data in return for the use of our offers or services such as

• the participation in a lottery, 
• to gain access to our contents, 
• the use of our online services, software or apps, or
• the product registration for extended warranty rights

and by accepting the relevant terms and conditions (of participation, use, business or otherwise) for processing for the regular receipt of newsletters about Fronius products and services for promotional purposes by e-mail.

Your e-mail address will not be passed on to third parties for advertising purposes. 

2. ONLINE CONFERENCES AND WEBINARS

Categories of personal data that Fronius collects and processes as part of this data processing:

• Name (such as first name, last name, name affixes, salutation) 
• Contact details (such as e-mail address, if applicable also address, (mobile) phone number, if applicable company data: E-mail address, address) 
• IT data (such as username, password, IP address, log files)
• Image data, if applicable
• Interaction and correspondence data
• Content data

The data is collected directly from you and processed in particular on the basis of the following legal grounds:

 
/ Fulfilment of a contractual relationship or for the implementation of pre-contractual measures (Art 6 para 1 lit b GDPR)
Data processing may be carried out for the purpose of initiating pre-contractual measures or for the fulfilment of obligations arising from a contract concluded with you (such as the discussion of contractual content or processing in online conferences or the holding of a webinar booked by you) and on the basis of the conditions accepted by you.

/ On the basis of your consent (Art 6 para 1 lit a GDPR)
the purposes of the processing of personal data may result from the participant's consent (as in the case of a recording or a separate request for consent). Consent given for the processing of your personal data can be revoked by you at any time with effect for the future. Consents granted before the applicability of the GDPR (25 May 2018) can also be revoked. Processing that took place before the revocation remains unaffected by the revocation.

 
/ Safeguarding Fronius' legitimate interests in the context of the balancing of interests (Art 6 (1) (f) GDPR)
the purposes of the processing result from safeguarding our legitimate interests. Our legitimate interest may be used to justify the processing of the data you have provided, provided that your interests or fundamental rights and freedoms are not overridden. Our legitimate interest here, in the case of open webinars, unless a contractual relationship has arisen through participation in the webinar, is to conduct a webinar and provide information to a wide audience. Legitimate interests may also lie in the further processing for documentation purposes after the conclusion of online conferences or seminars. 

Duration of processing (criteria for deletion)
The processing of the data provided by you is carried out for as long as it is necessary to achieve the contractually agreed purpose, in principle for as long as the contractual relationship with you exists. After termination of the contractual relationship, the data provided by you will be processed to comply with statutory retention obligations or on the basis of our legitimate interests. After the expiry of the statutory retention periods and/or the lapse of our legitimate interests, the data provided by you will be deleted.

Supplementary information on this data processing
When using our tools, various types of data are processed. The scope of the data also depends on the data you provide before or when participating in an "online meeting".
In order to join an online meeting, you must provide a name; you may also choose a pseudonym. This information is stored temporarily in the browser and used for future access to online events.
In order to enable the display of video and the playback of audio, data from the microphone of your terminal device and from a video camera of the terminal device are processed during the meeting. Access can be disabled at any time using the buttons with the respective icons. Participation in online events is generally possible even if access is deactivated. It is also possible to exchange text messages in a group chat. The messages are then visible for all participants of the online event.
If a participant's screen is transferred during an event, the displayed screen content is shown to all other participants in the online meeting. Each participant should therefore ensure that no sensitive data is displayed on the screen before using the function. The screen sharing function can be deactivated at any time using the corresponding button.
In the event that we record online meetings, we will notify you before the recording begins and - if necessary - ask for verbal consent. If you do not wish to be recorded, you can leave the online meeting. If online meetings are being recorded, this will be indicated by a recording icon in the screen area. In this case, all video and audio data will be stored by us.

Online conferencing tools at Fronius and recipient 

We use Microsoft Teams and Skype internally and externally to carry out our daily office communications and for conference calls, online meetings and/or video conferences. For webinars, we also use GotoWebinar.
To participate in an online meeting or a webinar, a participant receives an e-mail containing an invitation link. The e-mail address was either provided to us by the external participant or collected by us during registration for an online meeting or webinar. Fronius employees use their company contact data to participate in online meetings.

Microsoft Teams:
To conduct online meetings and host webinars, we use the Microsoft Teams service provided by Microsoft Ireland Operations, Ltd, South County Business Park Leopardstown, Dublin 18, D18 P521, Ireland, an affiliated company of Microsoft Cooperation, Redmond, WA, USA, https://www.microsoft.com/de-at/microsoft-teams/group-chat-software ("MS Teams"). 

ATTENTION: Within the scope of this service, data transmission to the USA takes place or cannot be ruled out.

Skype for Business:
To conduct online meetings and host webinars, we use the Skype service provided by Microsoft Ireland Operations, Ltd, South County Business Park Leopardstown, Dublin 18, D18 P521, Ireland, an affiliated company of Microsoft Cooperation - Redmond, WA, USA, https://www.skype.com/de/business/ ("Skype").

ATTENTION: Within the scope of this service, data transmission to the USA takes place or cannot be ruled out.

We have concluded an order processing agreement with Microsoft (MS Teams & Skype). For the processing of data in the USA, the level of protection is guaranteed through the use of the EU standard contractual clauses.

Further information on data protection can be found at https://privacy.microsoft.com/privacystatement on the use of this service.

GotoWebinar:
To conduct online meetings, and in particular to host webinars, we use the GotoWebinar service provided by LogMeIn Ireland Unlimited Company, an affiliate of LogMeIn Group LogMeIn, Inc. Boston, 320 Summer Street, Boston, MA 02210, USA.

ATTENTION: Within the scope of this service, data transmission to the USA takes place or cannot be ruled out.

We have concluded an order processing agreement with LogMeIn Ireland. For the processing of data in the USA, the level of protection is guaranteed through the use of the EU standard contractual clauses.

Further information on data protection can be found at https://www.logmein.com/de/trust/privacy on the use of this service.

3. COURSES, TRAINING und WEBINARS

Categories of personal data that Fronius collects and processes as part of this data processing:

• Name (such as first name, last name, name affixes, salutation) 
• Contact details (such as e-mail address, if applicable also address, (mobile) phone number, if applicable company data: E-mail address, address)
• if applicable, company data (such as type and name of the company, professional function)
• Personal data (like language)
• Contract data, if applicable
• Visit data, if applicable
• bank and financial data, if applicable

The data is collected directly from you and processed in particular on the basis of the following legal grounds:

 
/ performance of a contractual relationship or for the implementation of pre-contractual measures (Art 6 para 1 lit b GDPR)
Data processing may be carried out for the purposes of initiating pre-contractual measures or for the performance of obligations arising from a contract concluded with you (or with your company/employer) (such as registration and participation in the relevant course offering or webinar, organization and communication, and implementation and completion of qualifications) and on the basis of the terms and conditions accepted by you.

/ To protect the legitimate interests of Fronius in the context of the balancing of interests (Art 6 para 1 lit f GDPR)
the purposes of the processing result from the protection of our legitimate interests. Our legitimate interest may be used to justify the processing of the data you have provided, provided that your interests or fundamental rights and freedoms are not overridden. For example, our legitimate interest here may lie in the processing of your personal data for the purposes of organizing and holding courses and training sessions, both present and online, as well as in providing information about further course offerings.

Duration of processing (criteria for deletion)
The processing of the data provided by you is carried out for as long as it is necessary to achieve the contractually agreed purpose, in principle for as long as the contractual relationship with you exists. After termination of the contractual relationship, the data provided by you will be processed to comply with statutory retention obligations or on the basis of our legitimate interests. After the expiry of the statutory retention periods and/or the lapse of our legitimate interests, the data provided by you will be deleted.

Supplementary information on this data processing
Pathways to Fronius courses, training and webinarsFronius
offers its customers, business partners, employees and others the opportunity to attend courses, training or even webinars related to Fronius products. Completion of this offer can also be part of an agreement with business partners and a prerequisite for certifications by Fronius (such as certification as a "Certified Partner").

Recipients So far as
we organize courses, trainings or webinars together with partners of ours, you will receive information about this and we will share your personal data with them. For this purpose, we have concluded corresponding order processing contracts or joint responsibility contracts with our partners.

If courses or training sessions are held as webinars, the provisions set out under "Online Conferences and Webinars" shall apply in addition.

 

4. ONLINE-SERVICES, SOFTWARE AND APPS

Categories of personal data that Fronius collects and processes when you register to use our online services or apps:

• Name
• Contact details
• Company data
• Personal data
• Contract data
• IT data
• Product usage data (such as plant and equipment usage data)
• Position data
• Bank and financial data

The data is collected directly from you and processed in particular on the basis of the following legal grounds:

/ Fulfilment of a contractual relationship or for the implementation of pre-contractual measures (Art 6 para 1 lit b GDPR)
Data processing may be carried out for the purposes of initiating pre-contractual measures or fulfilling the obligations arising from a contract concluded with you (or with your company/employer) (such as provision of online services and software, authentication for the use of our services, granting of extended rights) and on the basis of the terms and conditions accepted by you.

The purposes of the processing of personal data may result from your consent to the processing of your data for the purposes of using our online services and software or our services. Consent given for the processing of your personal data can be revoked by you at any time with effect for the future. Consents granted before the GDPR (25 May 2018) came into force can also be revoked. Processing that took place before the revocation remains unaffected by the revocation.

 
/ Safeguarding Fronius' legitimate interests in the context of the balancing of interests (Art 6 (1) (f) GDPR)
the purposes of the processing result from safeguarding our legitimate interests. Our legitimate interest can be used to justify the processing of the data you have provided, provided that your interests or fundamental rights and freedoms are not overridden. Our legitimate interest here is the provision of online services and software for our customers, optimization and expansion of our offer, improved customer service, corporate communication, in the internal administration and optimization of the business process, as well as in the improvement of our products and troubleshooting. After registering to use our online services, software and apps, Fronius also processes the data of your registered systems and devices in accordance with the applicable terms of use. In the process, usage data of your registered systems and devices is regularly transferred to Fronius for the purpose of analyzing this data and subsequently improving performance as well as our products. The system and device data is processed on the basis of Fronius' legitimate interest in using usage data from systems and devices registered with Fronius for analysis and improvement purposes.

Duration of processing (criteria for deletion)
the data is generally processed for the duration of the contractual relationship. After deactivation of your account, your personal data will be stored for 3 years for the purpose of reversing erroneous deactivation and a possible legal defense and then deleted.
In the event that you have given your consent to data processing, we will delete your data as soon as you revoke your consent.

 
Supplementary information on this data processing

Ways to our online services, software and apps

For the use of our online services, software and apps, an online registration by means of email address and password as well as, if applicable, the entry of your further data is required, in which the data is collected directly from you. In the course of registration, you accept the terms and conditions of the respective offer.

Recipients

 
Your data will not be passed on to third parties.
For the operation of our online services, software and apps, we use cloud solutions and service providers with whom we have concluded corresponding order processing agreements. Regarding data transfers to third countries, the information in the general section applies in addition.
After registering for our services, you can partially make your user name visible to other members. In addition, you can release or publish further data of your profile or your attachment and make it visible for other members. Within your profile, you have the option to adjust the extent to which your data is published by making the appropriate settings. It is at your discretion to decide which and to what extent this data is released or published for other users. Details are explained in more detail on the websites in the respective function of the respective online services and apps.

Fronius as a processor

 
Where our business customers are considered "controllers" when using our online services, software and apps and we are "processors" within the meaning of the GDPR, the order processing agreement available here for our business customers
applies.

Privacy Policy

Last update:  26. May 2025

Thank you for your interest in the information on our website!

With the help of this Privacy Policy we would like to inform the users of our website about the type, scope and purpose of the personal data processed. Personal data in this context is all information that can be used to personally identify you as a user of our website (theoretically in an alternative way or by linking various data), including your IP address. Information that is stored in cookies is generally not or only in exceptional cases personally identifiable; however, cookies are covered by specific regulations that makes the permissibility of the use of cookies dependent on their purpose to a large extent on the active consent of the user.

In a general section of this Privacy Policy, we provide you with information on data protection, which generally applies to our processing of data, including data collection on our website. In particular, you as a data subject will be informed about the rights to which you are entitled.

The terms used in our Privacy Policy and our data protection practice are based on the provisions of the EU General Data Protection Regulation ("GDPR") and other relevant national legal provisions.

Controller according to the GDPR

Fronius International GmbH
Registration Number: 149888z
Froniusstraße 1
4643 Pettenbach
Austria

e: dataprotection@fronius.com
t: +43/7242/241-0 

Data collection on our website

On the one hand, personal data is collected from you when you expressly communicate such data to us, on the other hand, data, especially technical data, is automatically collected when you visit our website. Some of this data is collected to ensure that our website functions without errors. Other data may be used for analysis purposes. However, you can use our website without a need to provide personal information.

Technologies on our website

Google Fonts

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company Google LLC (USA), https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
Purpose: Integration of fonts
Category: Statistics
Recipients: EU, USA (possible)
Data processed: IP address, language settings, screen resolution, version and name of browser.
Data subjects: website visitors
Technology: JavaScript call
Legal basis: Consent, Data Privacy Framework
Website: www.google.com
Further information: https://developers.google.com/fonts/faq https://policies.google.com/privacy https://www.google.com/about/datacenters/inside/locations/

To display fonts consistently, our website uses Web Fonts which are provided by Google. 

To display web fonts, the web browser you use must connect with a Google server. This informs Google that our website is being accessed via your IP address. The IP address from the browser of the device you are using to access our site is also stored by Google. If your browser does not support Web Fonts, your device will display the site using a standard font type. With each Google Font request, your IP address is automatically transferred to a Google server along with information such as your language preferences, display resolution, version and name of your browser. The usage data collected by Google enables them to determine the popularity of specific font types. Google publishes these findings on internal analytics sites (e.g. Google Analytics).

Google Fonts enables us to use fonts on our own website without uploading them to our server. Google Fonts is an important building block for maintaining the high quality of our website. All Google fonts are automatically optimized for the web. This reduces the data volume and is particularly advantageous for use on mobile devices. When you visit our site, the low file size allows for quicker loading times. Furthermore, Google Fonts are secure Web Fonts that support all major browsers.  

Google stores requests for CSS assets for one day on its servers. This enables us to use the fonts with the support of a Google style sheet. The font files are stored by Google for one year. To delete data prematurely, you must contact Google Support ( https://support.google.com ).

Google Maps

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC (USA)
Purpose: Integration of Map Services
Category: Statistics
Recipients: EU, USA
Data processed: IP Address, Website Visit Details, User Data
Data subjects: Users
Technology: JavaScript Call, Cookies
Legal basis: Consent, Data Privacy Framework, https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
Website: https://www.google.com
Further information:
https://policies.google.com/privacy
https://safety.google/intl/en/principles/
https://business.safety.google/adsprocessorterms/
Here you can find out where exactly Google data centers are located: https://www.google.com/about/datacenters/inside/locations/

On our website, the service Google Maps is integrated in order to better display geographical information about locations for users. 

Google Maps is an online map service with which geographic information can be made more legible via a terminal device. Among other things, directions are displayed or map sections of a location can be integrated into a website. 

When Google Maps is called up, the browser establishes a connection to Google's servers. This enables Google to know that our website has been accessed via the user's IP address. The use of Google Maps enables Google to collect and process data about the use of the service.

For the provision of this service, Google Maps processes, among other things, entered search terms as well as latitude and longitude coordinates on the basis of the IP address. If the route planner function of Google Maps is used, the entered starting address is also stored. This data processing is carried out exclusively by Google and is not within our sphere of influence.

We would like to point out that a cookie called "NID" is set by Google when running this service. Google Maps does not currently offer us the option to run this service in a mode without this cookie. The NID cookie contains information about your user behavior, which Google uses to optimize its own services and to provide individual, personalized advertising for you.

Google anonymizes data in server logs by deleting a portion of the IP address and cookie information after 9 and 18 months, respectively.

Location and activity data is stored for either 3 or 18 months and then deleted. Users can also manually clear history at any time via a Google account. To completely prevent location tracking, a user must turn off the "Web and App Activity" section in their Google account.

Google reCAPTCHA

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company Google LLC (USA),
Purpose: Protection against Misuse, Spam Prevention
Category: Technically Required
Recipients: EU, USA
Data processed: IP Address, Website Visit Details
Data subjects: User
Technology: JavaScript Call, Cookies, Local Storage
Legal basis: Legitimate Interest, Data Privacy Framework, https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
Website: https://www.google.com
Further information:
https://policies.google.com/privacy https://developers.google.com/recaptcha/
https://policies.google.com/privacy
https://safety.google/intl/en/principles/
https://business.safety.google/adsprocessorterms/
Here you can find out where exactly Google data centers are located: https://www.google.com/about/datacenters/locations/

On our website, the Google reCAPTCHA service is used to protect against abuse by non-human visitors (bots) and to prevent spam.

When reCAPTCHA is started, the browser establishes a connection to Google's servers. This enables Google to know that our website has been accessed via a user's IP address.

The purpose of reCAPTCHA is to verify whether the data entry on our website is made by a human or by an automated program. For this purpose, reCAPTCHA analyzes the user's behavior based on various characteristics. This analysis begins automatically as soon as the user starts our website. For the analysis, reCAPTCHA evaluates various information.

According to our information, the following data is processed by Google:

• the address of the page from which the visitor comes
• IP address
• Information about the operating system
• Cookies
• Mouse and keyboard behavior
• Date and language settings
• All Java-Script Objects
• Screen resolution

The data collected during the analysis is forwarded to and used by Google. The reCAPTCHA analyses run entirely in the background.

Cookies are used for the processing of the service.  These cookies require a unique identifier for tracking purposes. According to Google, the IP address is not merged with other data from other Google services, unless a user is logged into his Google account while using the reCAPTCHA plug-in. Furthermore, reCAPTCHA also uses the local storage on the user's device to store data.

Google Tag Manager

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC (USA)
Purpose: Launching Tools and Plugins
Category: Technically Required
Recipients: EU, USA (possible)
Data processed: IP Address
Data subjects: User
Technology: JavaScript Call
Legal basis: legitimate interest, Data Privacy Framework, https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
Website: https://www.google.com
Further information:
https://policies.google.com/privacy
https://safety.google/intl/en/principles/
https://business.safety.google/adsprocessorterms/
Here you can find out where exactly Google data centers are located: https://www.google.com/about/datacenters/locations/

The Google Tag Manager service is used on our website.

The Tag Manager is a service that allows us to manage website tags via an interface. This allows us to include code snippets such as tracking codes or conversion pixels on websites without interfering with the source code. In doing so, the data is only forwarded by the Tag Manager, but neither collected nor stored. The Tag Manager itself is a cookie-less domain and does not process any personal data, as it serves purely to manage other services in our online offering. 

When the Google Tag Manager is started, the browser establishes a connection to Google's servers.  These are mainly located in the U.S. Through this, Google obtains knowledge that our website was called up via the IP address of a user. 

The Tag Manager ensures the resolution of other tags, which in turn may collect data. However, the Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, this remains in place for all tracking tags that are implemented with the Tag Manager.

Hosting

In the process of hosting our website, we store all data related to the operation of our website. This is necessary for enabling operation of our website. Therefore, we process this data on the legal grounds of our legitimate interest in optimising our website. To provide access to our website, we use the services of web hosting providers, to whom we supply the aforementioned data within the context of contractual processing.

JQuery Content Delivery Network

Provider: Fastly Inc, 475 Brannan St. Suite 300 San Francisco, CA 94107, USA
Purpose: Optimization of the loading speed of the website
Category: technically required
Recipient country: USA (third country)
Processed data: IP address
Data subjects: Website visitors
Technology: JavaScript libraries, Content Delivery Network (CDN)
Legal basis: legitimate interest (improvement of the website), US Data Privacy Framework certification.
Website: https://www.fastly.com/
Further information:
https://www.fastly.com/privacy/
https://www.fastly.com/data-processing/
https://www.fastly.com/terms/
https://www.fastly.com/acceptable-use/

We use the JavaScript library jQuery on our website. jQuery is provided via a Content Delivery Network (CDN). This service enables our website to load much faster, especially for users from abroad, as our website can be delivered from a server nearby.

The jQuery library primarily enables a modern design of our websites.
The developer of the jQuery JavaScript library is the jQuery team of the Open JS Foundation: https://jquery.org/team/, https://js.foundation/contact. To increase the loading speed of our website, we use the provider's CDN (Content Delivery Network) to load the jQuery library. Even if your browser already has a copy of the jQuery library in its cache, a connection to the jQuery server is established and your IP address is transmitted to the service provider.

The provider has distributed servers in various countries and a user's data can therefore be stored both in the USA and within the EU. The provider stores personal data on our behalf for as long as is necessary for the provision of our services and to fulfill our legal obligations.

Contact

We offer various ways to get in touch with us on our website. Whenever you contact us, your information is used to process and handle your contact request in the course of fulfilling pre-contractual rights and obligations. To handle and answer your request it is necessary for us to process your data; otherwise we are unable to answer your request or only able to partially answer it. Your information can be stored in a database of customers and leads on the grounds of our legitimate interest in direct marketing.

We delete your request and contact information when your request has been definitively answered and there is no legally required time limit for storing this data prior to deletion (e.g. pursuant to a subsequent contractual relationship). This is usually the case when there is no further contact with you for three years in a row.

Server Log Files

For technical reasons, particularly to ensure a functioning and secure website, we process the technically necessary data about accesses to our website in so-called server log files which your browser automatically sends to us. 

The access data we process includes:

• The name of the website you are accessing  
• The browser type (including version) you use
• The operating system you use
• The site you visited before  accessing our site (referrer URL)
• The time of your server request
• The amount of data transferred
• The host name of computer (IP address) you are using to access the site

This data cannot be traced back to any natural person and is used solely to perform statistical analyses and to operate and improve our website while also optimising our site and keeping it secure. This data is sent exclusively to our website operator. The data is neither connected nor aggregated with other data sources. In case of suspicion of unlawful use of our website, we reserve the right to examine the data retroactively. This data processing takes place on the legal grounds of our legitimate interest in maintaining a technically fault-free and optimal website.

The access data is deleted within a short period of time after serving its purpose (usually within a few days) unless further storage is required for evidence purposes. In such cases, the data is stored until the incident is definitively resolved.

SSL Encryption

Within your visit to our website, we use the widespread SSL procedure (Secure Socket Layer) in conjunction with the highest level of encryption supported by your browser. You can tell whether an individual page of our website is transmitted in encrypted form by the closed representation of the key or lock symbol in the lower status bar of your browser. We use this encryption procedure on the basis of our justified interest in the use of suitable encryption techniques.

We also make use of suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments and kept state-of-the-art.

General information on data protection

The following provisions in its principles apply not only to the data collection on our website, but also in general to other processing of personal data.

Personal data

Personal data is information that can be assigned to you individually. Examples include your address, your name as well as your postal address, email address or telephone number. Information such as the number of users who visit a website is not personal data because it is not assigned to a person.

Legal basis for the processing of personal data

Unless more specific information is provided in this Privacy Policy (e.g. in the case of the technologies used), we may process personal data from you on the basis of the following legal principles:

• consent in accordance with Art. 6 paragraph 1 lit. a of the GDPR - The data subject has given his or her consent to the processing of his or her personal data for one or more specific purposes.
• Fulfillment of a contract and pre-contractual measures pursuant to Art. 6 paragraph 1 lit. b of the GDPR - Processing is necessary for the fulfillment of a contract to which the data subject is a party or for the implementation of pre-contractual measures.
• Legal obligation pursuant to Art. 6 paragraph 1 lit. c of the GDPR - Processing is necessary for the performance of a legal obligation.
• Protection of vital interests pursuant to Art. 6 paragraph 1 lit. d of the GDPR - Processing is necessary to protect the vital interests of the data subject or of another natural person.
• Reasonable interests pursuant to Art. 6 paragraph 1 lit. f of the GDPR - The processing is necessary to protect the legitimate interests of the controller or of a third party unless the interests or fundamental rights and freedoms of the data subject prevail.

Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our home country.

Transfer of personal data

Your personal data will not be transferred to third parties for purposes other than those listed in this Privacy Policy.

We will only transfer your personal data to third parties if:

• you have given your express consent in accordance with Art. 6 paragraph 1 lit. a of the GDPR,
• the transfer pursuant to Art. 6 paragraph 1 lit. f of the GDPR is necessary to safeguard reasonable interests, as well as to assert, exercise or defend legal claims and there is no reason to assume that you have a prevailing interest worthy of protection by not disclosing your data,
• there is a legal obligation to transfer the data in accordance with Art. 6 paragraph 1 lit. c of the GDPR, as well as this is legally permissible and / or
• it is required according to Art. 6 paragraph 1 lit. b of the GDPR for the processing of contractual relationships with you.

Cooperation with processors

We carefully select our service providers who process personal data on our behalf. If we commission third parties to process personal data on the basis of a data processing agreement, this is done in accordance with Art. 28 of the GDPR.

Transfer to third countries

If we process data to a third country or if this is done in the context of using the services of third parties or disclosure or transfer of data to other persons or companies, this is only done on the legal basis described above for the transfer of data.

Subject to express consent or contractual necessity, we process or allow data to be processed only in third countries  in accordance with Art. 44 - 49 of the GDPR with a recognized level of data protection or on the basis of special guarantees, such as contractual obligations through so-called standard contractual clauses of the EU Commission, the existence of certifications or binding corporate rules.

Data transfer to the U.S.

We would like to explicitly point out that as of July 10, 2023, the EU Commission has issued an adequacy decision on the EU-US data protection framework (Data Privacy Framework) pursuant to Art. 45 paragraph 1 GDPR. Accordingly, organizations or companies (as data importers) in the US that are registered in a public list as part of the self-certification of the Data Privacy Framework provide an adequate level of protection for data transfers. Whether the specific provider of a service is already certified can be found here: https://www.dataprivacyframework.gov/s/participant-search

The Data Privacy Framework provides a valid legal basis for the transfer of personal data to the USA. This creates binding guarantees to comply with all ECJ requirements; for example, it provides that access by U.S. intelligence services to EU data is limited to a necessary and proportionate level and that a data protection review court is created to which individuals in the EU also have access.

If a transfer of data by us to the US takes place at all or if a service provider based in the US is used by us, we refer to this explicitly in this Privacy Policy (see in particular the description of the technologies used on our website).

It should be noted that aside from significant improvements, the Data Privacy Framework is only partial and only applies to data transfers to those data importers in the U.S. that appear on the public list of certified organizations/companies.

What can the transfer of personal data to the US mean for you as a user and what risks are involved?

Risks for you as a user as far as data importers in the USA are concerned, which are not covered by the Data Privacy Framework, are in any case the powers of the US secret services and the legal situation in the U.S., which currently, according to the European Court of Justice, no longer ensure an adequate level of data protection. Among others, these are the following:

• Section 702 of the Foreign Intelligence Surveillance Act (FISA) does not provide for any restrictions on the surveillance measures of the secret services or guarantees for non-US citizens.
• Presidential Policy Directive 28 (PPD-28) does not provide effective remedies for those affected against actions by U.S. authorities and does not provide barriers to ensuring proportionate measures.
• The ombudsman provided for in the Privacy Shield does not have sufficient independence from the executive; he cannot issue binding orders to the U.S. secret services.

Legally compliant transfer of data to the U.S. on the basis of the standard contractual clauses for data importers not covered by the Data Privacy Framework?

In June 2021, the European Commission adopted new Standard Contractual Clauses (SCC) in Decision 2021/914/EU. These create a new legal basis for data transfers where the level of data protection is not the same as in the EU.

Legally compliant transfer of data to the U.S. based on consent?

If a data transfer to a service provider based in the U.S. takes place that is not covered by the Data Privacy Framework and this data transfer is based on explicit consent, we provide explicit information about this in this privacy policy, in particular in the description of the technologies used on our website.

What measures do we take to ensure that data transfers to the U.S. are legally compliant?

Where US providers offer the option, we choose to process data on EU servers. This should technically ensure that the data is located within the European Union and that access by US authorities is not possible.

Storage periods in general

If no explicit storage period is specified during the collection of data (e.g. in the context of a declaration of consent), we are obliged to delete personal data in accordance with Art. 5 paragraph 1 lit. e of the GDPR as soon as the purpose for processing has been fulfilled. In this context, we would like to point out that legal storage obligations represent a legitimate purpose for the further processing of affected personal data.

Personal data will be stored and retained by us in principle until the termination of a business relationship or until the expiry of any applicable guarantee, warranty or limitation periods, in addition, until the end of any legal disputes in which the data is required as evidence, or in any event until the expiry of the third year following the last contact with a business partner.

Storage periods in particular

As part of the description of individual technologies on our website, there are specific references to the storage period of data. In our cookie table, you will be informed about the storage period of individual cookies. In addition, you always have the possibility to ask us directly about the specific storage period of data. To do so, please use the contact data listed in this Privacy Policy.

Rights of data subjects

Data subject have the right:

• (i) in accordance with Art. 15 of the GDPR, to request information about your personal data processed by us. In particular, you may request information on the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned duration of storage, the existence of a right of rectification, deletion, restriction of processing or opposition, the existence of a right of appeal, the origin of your data, if not collected by us, as well as the existence of automated decision making including profiling and, where applicable, meaningful information on the details thereof;
• (ii) in accordance with Art. 16 of the GDPR, to demand without delay the correction of incorrect or incomplete personal data stored by us;
• (iii) in accordance with Art. 17 of the GDPR, under specific circumstances  to demand the deletion of your personal data stored with us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
• (iv) in accordance with Art. 18 of the GDPR, to demand the (temporary) restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer require the data, but you require it for the assertion, exercise or defense of legal claims or you have lodged an objection to the processing in accordance with Art. 21 of the GDPR;
• (v) in accordance with Art. 20 of the GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller; However, this only covers those of your personal data that we process with the help of automated processes after your consent or on the basis of a contract with you;
• (vi) in accordance with Art. 21 of the GDPR, if your personal data are processed on the basis of our legitimate interest, to object to the processing of your personal data for reasons arising from your specific situation or if the objection is directed against direct advertising. In the latter case, you have a general right of objection, which we will implement without indicating a specific situation.
• (vii) in accordance with Art. 7 paragraph 3 of the GDPR, you may at any time revoke your consent to us. As a result, we may no longer continue the data processing based on this consent in the future. Among other things, you have the option of revoking your consent to the use of cookies on our website with effect for the future by calling up our Cookie Settings.
• (viii) in accordance with Art. 77 of the GDPR to complain to a data protection authority regarding the illegal processing of your data by us. As a rule, you can contact the data protection authority at your usual place of residence or workplace or at the headquarters of our company.

The responsible data protection authority for Fronius International GmbH is:

Österreichische Datenschutzbehörde
Barichgasse 40-42, 1030 Wien, Österreich
Tel.: +43 1 52 152-0, dsb@dsb.gv.at

Assertion of rights of data subjects

You yourself decide on the use of your personal data. Should you therefore wish to exercise one of your above-mentioned rights towards us, you are welcome to contact us by email at dataprotection@fronius.com or by post, as well as by telephone.

Please assist us in specifying your request by answering questions from our responsible employees regarding the specific processing of your personal data. If there are reasonable doubts about your identity, we may request a copy of your identification.

For questions regarding data protection, you can reach us at dataprotection@fronius.com or at the other contact details stated in this Privacy Policy.

Pettenbach, on  26. May 2025

Download as PDF

III. Special data protection information

Information on individual data processing within the scope of our offer can be found hier.

IV. Individual information for this website

Detailed information on the individual cookies on our website can be found in our Cookie Policy. There you can also change your cookie settings as well as subsequently reject cookies that are not necessary.

Modules with special information

In the following, we provide you with extensive information about the services and technologies we use, in addition to our Cookie Policy.

Google Analytics

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC (USA).
Purpose: Web Analytics, Performance Measurement, Conversion Tracking, Collection of Statistical Data
Category: Statistics
Recipients: EU, USA
Data processed: IP Address, Website Visit details, User Data.
Data subjects: Users
Technology: JavaScript Call, Cookies
Legal basis: Consent, Data Privacy Framework, https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
Website: https://www.google.com
Further information:
https://policies.google.com/privacy
https://safety.google/intl/en/principles/
https://business.safety.google/adsprocessorterms/
Here you can find out where exactly Google data centers are located: https://www.google.com/about/datacenters/locations/

On our website, we use the functions of the web analysis service Google Analytics to analyze user behavior and to optimize our website. The reports provided by Google are used to analyze the performance of our website and to measure the success of possible campaigns via our website.

Google Analytics uses cookies that enable an analysis of the use of our website.

Information about the use of the website such as browser type/version, operating system used, the previously visited page, host name of the accessing computer (IP address), time of server request are usually transmitted to a Google server and stored there. We have concluded a contract with Google for this purpose.

On our behalf, Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. According to Google, the IP address transmitted by your browser is not merged with other data from Google. 

We only use Google Analytics with IP anonymization activated by default. This means that the IP address of a user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. According to Google, the IP address transmitted by a user's browser within the scope of Google Analytics is not linked to other Google data. 

During the website visit, the user behaviour is recorded in the form of so-called events. These can represent the following:

• Page views, the click path of a user.
• first visit to our website
• visited websites
• start of a session
• interaction with our website
• user behavior (for example, clicks, scrolls, dwell time, bounce rates)
• file downloads
• ads seen / clicked
• interaction with videos
• internal search queries

furthermore, the following is recorded:

• approximate location (region)
• date and time of visit
• IP address (in shortened form)
• technical information about the browser or the end devices used (e.g. language setting, screen resolution)
• Internet service provider
• Referrer URL (via which website/advertising medium a user came to our website).

The processing of this data is essentially done by Google for its own purposes such as profiling (without our ability to influence).

The data about the use of our website is deleted immediately after the end of the retention period set by us in each case. Google Analytics gives us a default of 2 months for the retention period of user and event data, with a maximum retention period of 14 months. This retention period also applies to conversion data. For all other event data, the following options are available: 2 months, 14 months, 26 months (Google Analytics 360 only), 38 months (Google Analytics 360 only), 50 months (Google Analytics 360 only). We will choose the shortest storage period that corresponds to our intended use. You can ask us at any time for the retention period currently set by us.

The deletion of data whose retention period has been reached takes place automatically once a month.

Google Fonts

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company Google LLC (USA), https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
Purpose: Integration of fonts
Category: Statistics
Recipients: EU, USA (possible)
Data processed: IP address, language settings, screen resolution, version and name of browser.
Data subjects: website visitors
Technology: JavaScript call
Legal basis: Consent, Data Privacy Framework
Website: www.google.com
Further information: https://developers.google.com/fonts/faq https://policies.google.com/privacy https://www.google.com/about/datacenters/inside/locations/

To display fonts consistently, our website uses Web Fonts which are provided by Google. 

To display web fonts, the web browser you use must connect with a Google server. This informs Google that our website is being accessed via your IP address. The IP address from the browser of the device you are using to access our site is also stored by Google. If your browser does not support Web Fonts, your device will display the site using a standard font type. With each Google Font request, your IP address is automatically transferred to a Google server along with information such as your language preferences, display resolution, version and name of your browser. The usage data collected by Google enables them to determine the popularity of specific font types. Google publishes these findings on internal analytics sites (e.g. Google Analytics).

Google Fonts enables us to use fonts on our own website without uploading them to our server. Google Fonts is an important building block for maintaining the high quality of our website. All Google fonts are automatically optimized for the web. This reduces the data volume and is particularly advantageous for use on mobile devices. When you visit our site, the low file size allows for quicker loading times. Furthermore, Google Fonts are secure Web Fonts that support all major browsers.  

Google stores requests for CSS assets for one day on its servers. This enables us to use the fonts with the support of a Google style sheet. The font files are stored by Google for one year. To delete data prematurely, you must contact Google Support ( https://support.google.com ).

Google Maps

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC (USA)
Purpose: Integration of Map Services
Category: Statistics
Recipients: EU, USA
Data processed: IP Address, Website Visit Details, User Data
Data subjects: Users
Technology: JavaScript Call, Cookies
Legal basis: Consent, Data Privacy Framework, https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
Website: https://www.google.com
Further information:
https://policies.google.com/privacy
https://safety.google/intl/en/principles/
https://business.safety.google/adsprocessorterms/
Here you can find out where exactly Google data centers are located: https://www.google.com/about/datacenters/inside/locations/

On our website, the service Google Maps is integrated in order to better display geographical information about locations for users. 

Google Maps is an online map service with which geographic information can be made more legible via a terminal device. Among other things, directions are displayed or map sections of a location can be integrated into a website. 

When Google Maps is called up, the browser establishes a connection to Google's servers. This enables Google to know that our website has been accessed via the user's IP address. The use of Google Maps enables Google to collect and process data about the use of the service.

For the provision of this service, Google Maps processes, among other things, entered search terms as well as latitude and longitude coordinates on the basis of the IP address. If the route planner function of Google Maps is used, the entered starting address is also stored. This data processing is carried out exclusively by Google and is not within our sphere of influence.

We would like to point out that a cookie called "NID" is set by Google when running this service. Google Maps does not currently offer us the option to run this service in a mode without this cookie. The NID cookie contains information about your user behavior, which Google uses to optimize its own services and to provide individual, personalized advertising for you.

Google anonymizes data in server logs by deleting a portion of the IP address and cookie information after 9 and 18 months, respectively.

Location and activity data is stored for either 3 or 18 months and then deleted. Users can also manually clear history at any time via a Google account. To completely prevent location tracking, a user must turn off the "Web and App Activity" section in their Google account.

Google Marketing Platform / Google Ad Manager

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC (USA)
Purpose: Personalized Advertising, Conversion Tracking, Remarketing, Campaign Performance Measurement
Category: Marketing
Recipients: EU, USA
Data processed: IP Address, Website Visit details, User data
Data subjects: Users
Technology: JavaScript Call, Cookies
Legal basis: Consent, Data Privacy Framework, https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
Website: https://www.google.com
Further information:
https://policies.google.com/privacy
https://safety.google/intl/de/principles/
https://business.safety.google/adsprocessorterms/
Here you can find out where exactly Google data centers are located: https://www.google.com/about/datacenters/inside/locations/

On this website, the Google Ads service is used for the purpose of advertising our products and services.  Google Ads is Google's in-house online advertising system. 

It is important for us to know whether an interested visitor ultimately becomes our customer. To be able to measure this, there is the so-called conversion tracking. Furthermore, we would like to be able to address visitors to our website again and in a targeted manner. We achieve this through so-called remarketing (retargeting).

Google Ads serves both conversion tracking and remarketing, i.e. we can see what happened after you clicked on one of our ads. In order for this service to work, cookies are used and visitors are sometimes included in remarketing lists in order to be served only with certain advertising campaigns.

This is done by means of a pseudonymous identification number (pID), which the browser of a user receives and is assigned to him. This pID enables the service to recognize which ads have already been displayed to a user and which have been called up. The data is used to serve ads across websites by enabling Google to identify the pages visited by the user. 

Our goal is that the offer of our website through the use of Google Ads targeted to those visitors who are actually interested in our offer. The data from conversion tracking allows us to measure the benefit of individual advertising measures and optimize our website for our visitors. Conversion can be measured through the use of cookies.

The information generated is transferred by Google to a server in the U.S. for evaluation and stored there. A transfer of data by Google to third parties only takes place due to legal regulations or in the context of commissioned data processing. Under no circumstances will Google link data of a user with other data collected by Google.

Google reCAPTCHA

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company Google LLC (USA),
Purpose: Protection against Misuse, Spam Prevention
Category: Technically Required
Recipients: EU, USA
Data processed: IP Address, Website Visit Details
Data subjects: User
Technology: JavaScript Call, Cookies, Local Storage
Legal basis: Legitimate Interest, Data Privacy Framework, https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
Website: https://www.google.com
Further information:
https://policies.google.com/privacy https://developers.google.com/recaptcha/
https://policies.google.com/privacy
https://safety.google/intl/en/principles/
https://business.safety.google/adsprocessorterms/
Here you can find out where exactly Google data centers are located: https://www.google.com/about/datacenters/locations/

On our website, the Google reCAPTCHA service is used to protect against abuse by non-human visitors (bots) and to prevent spam.

When reCAPTCHA is started, the browser establishes a connection to Google's servers. This enables Google to know that our website has been accessed via a user's IP address.

The purpose of reCAPTCHA is to verify whether the data entry on our website is made by a human or by an automated program. For this purpose, reCAPTCHA analyzes the user's behavior based on various characteristics. This analysis begins automatically as soon as the user starts our website. For the analysis, reCAPTCHA evaluates various information.

According to our information, the following data is processed by Google:

• the address of the page from which the visitor comes
• IP address
• Information about the operating system
• Cookies
• Mouse and keyboard behavior
• Date and language settings
• All Java-Script Objects
• Screen resolution

The data collected during the analysis is forwarded to and used by Google. The reCAPTCHA analyses run entirely in the background.

Cookies are used for the processing of the service.  These cookies require a unique identifier for tracking purposes. According to Google, the IP address is not merged with other data from other Google services, unless a user is logged into his Google account while using the reCAPTCHA plug-in. Furthermore, reCAPTCHA also uses the local storage on the user's device to store data.

Google Tag Manager

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC (USA)
Purpose: Launching Tools and Plugins
Category: Technically Required
Recipients: EU, USA (possible)
Data processed: IP Address
Data subjects: User
Technology: JavaScript Call
Legal basis: legitimate interest, Data Privacy Framework, https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
Website: https://www.google.com
Further information:
https://policies.google.com/privacy
https://safety.google/intl/en/principles/
https://business.safety.google/adsprocessorterms/
Here you can find out where exactly Google data centers are located: https://www.google.com/about/datacenters/locations/

The Google Tag Manager service is used on our website.

The Tag Manager is a service that allows us to manage website tags via an interface. This allows us to include code snippets such as tracking codes or conversion pixels on websites without interfering with the source code. In doing so, the data is only forwarded by the Tag Manager, but neither collected nor stored. The Tag Manager itself is a cookie-less domain and does not process any personal data, as it serves purely to manage other services in our online offering. 

When the Google Tag Manager is started, the browser establishes a connection to Google's servers.  These are mainly located in the U.S. Through this, Google obtains knowledge that our website was called up via the IP address of a user. 

The Tag Manager ensures the resolution of other tags, which in turn may collect data. However, the Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, this remains in place for all tracking tags that are implemented with the Tag Manager.

Hosting

In the process of hosting our website, we store all data related to the operation of our website. This is necessary for enabling operation of our website. Therefore, we process this data on the legal grounds of our legitimate interest in optimising our website. To provide access to our website, we use the services of web hosting providers, to whom we supply the aforementioned data within the context of contractual processing.

Contact

Whenever you contact us, your information is used to process and handle your contact request in the course of fulfilling pre-contractual rights and obligations. To handle and answer your request it is necessary for us to process your data; otherwise we are unable to answer your request or only able to partially answer it. Your information can be stored in a database of customers and leads on the grounds of our legitimate interest in direct marketing.

We delete your request and contact information when your request has been definitively answered and there is no legally required time limit for storing this data prior to deletion (e.g. pursuant to a subsequent contractual relationship). This is usually the case when there is no further contact with you for three years in a row.

LinkedIn Insight Tag

Provider: LinkedIn Ireland Unlimited Company, Ireland, Parent: LinkedIn Corporation (USA).
Purpose: Conversion tracking, Web analytics
Category: Marketing
Recipient: EU, USA
Data processed: IP address, website visit details, online-related data
Data subjects: website visitors, LinkedIn users
Technology: JavaScript call, cookies
Legal basis: Consent, Data Privacy Framework,
https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000L0UZAA0&status=Active
Website: https://www.linkedin.com/
Further information:
https://www.linkedin.com/legal/privacy-policy
https://www.linkedin.com/help/lms/answer/85787 https://www.linkedin.com/help/linkedin/answer/87150/

Our website uses LinkedIn Insight Tag, a web analytics service. Through this service, LinkedIn users on our website are recorded and analyzed. This gives us insights into our target groups. Furthermore, we can use it to measure the attractiveness of our offers and services as well as the success of LinkedIn campaigns.

LinkedIn members also have the option to opt-out of LinkedIn conversion tracking and to block and delete cookies or disable demographic features at https://www.linkedin.com/psettings/advertising/. In LinkedIn's settings, there is no separate opt-out option for third-party impressions or click tracking for campaigns running on LinkedIn, as all underlying campaigns respect LinkedIn members' settings.

Information about the use of our website collected by the LinkedIn Insight tag is encrypted. LinkedIn anonymizes the data within 7 days. Within 90 days, the data is deleted again. We as site operator do not receive any personal data, only reports on demographic information, information around the respective jobs to our target groups and the success of LinkedIn campaigns.

Meta-Pixel

Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, Parent Company: Meta Platforms, Inc (USA).
Purpose: Web Analysis, Tracking (Conversion)
Category: Marketing
Recipients: EU, USA
Data processed: IP Address, User Data, Website Visit Details
Data subjects: Users
Technology: JavaScript Call, Cookies
Legal basis: Consent, Data Privacy Framework, https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000GnywAAC&status=Active
Website: www.facebook.com
Further information: https://en-gb.facebook.com/privacy/policy https://en-gb.facebook.com/business/help/742478679120153

On our website, the service Meta-Pixel of the social network Facebook is used for the analysis, optimization and economic operation of our online offer.

With the help of Meta-Pixel, it is possible for Meta, on the one hand, to determine the visitors to our website as a target group for the display of personalized ads. Accordingly, we use Meta-Pixel to display the ads placed by us only to users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Meta (so-called "Custom Audiences"). With the help of Meta-Pixel, we also want to ensure that our Meta Ads correspond to the potential interest of users and do not have a harassing effect. With the help of Meta-Pixel, we can, on the other hand, track the effectiveness of Meta Ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Meta Ad (so-called "conversion").

Your actions are stored in one or more cookies in the process. These cookies allow Meta to match your user data (such as IP address, user ID) with your Facebook account data. The collected data is anonymous and not visible to us and can only be used in the context of advertisements. You can prevent the linking with your Facebook account by logging out before you take any action. 

To set which types of ads are displayed to you within Facebook, you can visit the page set up by Meta and follow the instructions there for the settings of usage-based advertising: https://www.facebook.com/settings?tab=ads

The settings are done in a platform-independent manner, which means that they are applied to all devices, such as desktop computers or mobile devices.

Server Log Files

For technical reasons, particularly to ensure a functioning and secure website, we process the technically necessary data about accesses to our website in so-called server log files which your browser automatically sends to us. 

The access data we process includes:

• The name of the website you are accessing  
• The browser type (including version) you use
• The operating system you use
• The site you visited before  accessing our site (referrer URL)
• The time of your server request
• The amount of data transferred
• The host name of computer (IP address) you are using to access the site

This data cannot be traced back to any natural person and is used solely to perform statistical analyses and to operate and improve our website while also optimising our site and keeping it secure. This data is sent exclusively to our website operator. The data is neither connected nor aggregated with other data sources. In case of suspicion of unlawful use of our website, we reserve the right to examine the data retroactively. This data processing takes place on the legal grounds of our legitimate interest in maintaining a technically fault-free and optimal website.

The access data is deleted within a short period of time after serving its purpose (usually within a few days) unless further storage is required for evidence purposes. In such cases, the data is stored until the incident is definitively resolved.

SSL Encryption

Within your visit to our website, we use the widespread SSL procedure (Secure Socket Layer) in conjunction with the highest level of encryption supported by your browser. You can tell whether an individual page of our website is transmitted in encrypted form by the closed representation of the key or lock symbol in the lower status bar of your browser. We use this encryption procedure on the basis of our justified interest in the use of suitable encryption techniques.

We also make use of suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments and kept state-of-the-art.

TikTok Pixel

On our website, we use the so-called TikTok pixel of the social network TikTok, which is operated by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland ("TikTok"). The parent company of TikTok is based in China.

ATTENTION: Within the scope of this service, data transfer to China takes place or cannot be ruled out.

With the help of the TikTok pixel, it is possible for TikTok, on the one hand, to determine you as a visitor to our online offer as a target group for the display of advertisements (so-called "TikTok ads"). Accordingly, we use the TikTok pixel to display the TikTok ads placed by us only to those TikTok users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to TikTok (so-called "Custom Audiences"). 

With the help of the TikTok pixel, we also want to ensure that our TikTok ads correspond to the potential interest of users and are not harassing. The TikTok pixel also allows us to track the effectiveness of the TikTok ads for statistical and market research purposes by seeing whether users have been redirected to our website after clicking on a TikTok ad (so-called "conversion").

The processing of the data by TikTok takes place within the framework of the data use policy at https://www.tiktok.com/legal/privacy-policy?lang=en of TikTok. 

Specific information and details about the TikTok Pixel and how it works can be found in the TikTok help section at https://support.tiktok.com/en

The use of the TikTok pixel as well as the storage of "conversion cookies" is based on your consent according to Art. 6 paragraph 1 lit. a GDPR. You can revoke this consent at any time.

For the processing of data for which TikTok acts as a data processor, we have concluded a data processing agreement with TikTok in which we oblige TikTok to protect our customers' data and not to pass it on to third parties.

Contact details

Fronius International GmbH
Fronius Strasse 5
4642Sattledt
Austria

dataprotection@fronius.com

Data Protection Authority

Österreichische Datenschutzbehörde
Barichgasse 40-42, 1030 Wien, Österreich
Phone: +43 1 52 152-0, dsb@dsb.gv.at

Sattledt,  20. March 2024

III. Special data protection information

Information on individual data processing within the scope of our offer can be found hier.

IV. Individual information for this website

Detailed information on the individual cookies on our website can be found in our Cookie Policy. There you can also change your cookie settings as well as subsequently reject cookies that are not necessary.

Modules with special information

In the following, we provide you with extensive information about the services and technologies we use, in addition to our Cookie Policy.

Google Analytics

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC (USA).
Purpose: Web Analytics, Performance Measurement, Conversion Tracking, Collection of Statistical Data
Category: Statistics
Recipients: EU, USA
Data processed: IP Address, Website Visit details, User Data.
Data subjects: Users
Technology: JavaScript Call, Cookies
Legal basis: Consent, Data Privacy Framework, https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
Website: https://www.google.com
Further information:
https://policies.google.com/privacy
https://safety.google/intl/en/principles/
https://business.safety.google/adsprocessorterms/
Here you can find out where exactly Google data centers are located: https://www.google.com/about/datacenters/locations/

On our website, we use the functions of the web analysis service Google Analytics to analyze user behavior and to optimize our website. The reports provided by Google are used to analyze the performance of our website and to measure the success of possible campaigns via our website.

Google Analytics uses cookies that enable an analysis of the use of our website.

Information about the use of the website such as browser type/version, operating system used, the previously visited page, host name of the accessing computer (IP address), time of server request are usually transmitted to a Google server and stored there. We have concluded a contract with Google for this purpose.

On our behalf, Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. According to Google, the IP address transmitted by your browser is not merged with other data from Google. 

We only use Google Analytics with IP anonymization activated by default. This means that the IP address of a user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. According to Google, the IP address transmitted by a user's browser within the scope of Google Analytics is not linked to other Google data. 

During the website visit, the user behaviour is recorded in the form of so-called events. These can represent the following:

• Page views, the click path of a user.
• first visit to our website
• visited websites
• start of a session
• interaction with our website
• user behavior (for example, clicks, scrolls, dwell time, bounce rates)
• file downloads
• ads seen / clicked
• interaction with videos
• internal search queries

furthermore, the following is recorded:

• approximate location (region)
• date and time of visit
• IP address (in shortened form)
• technical information about the browser or the end devices used (e.g. language setting, screen resolution)
• Internet service provider
• Referrer URL (via which website/advertising medium a user came to our website).

The processing of this data is essentially done by Google for its own purposes such as profiling (without our ability to influence).

The data about the use of our website is deleted immediately after the end of the retention period set by us in each case. Google Analytics gives us a default of 2 months for the retention period of user and event data, with a maximum retention period of 14 months. This retention period also applies to conversion data. For all other event data, the following options are available: 2 months, 14 months, 26 months (Google Analytics 360 only), 38 months (Google Analytics 360 only), 50 months (Google Analytics 360 only). We will choose the shortest storage period that corresponds to our intended use. You can ask us at any time for the retention period currently set by us.

The deletion of data whose retention period has been reached takes place automatically once a month.

Google Fonts

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company Google LLC (USA), https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
Purpose: Integration of fonts
Category: Statistics
Recipients: EU, USA (possible)
Data processed: IP address, language settings, screen resolution, version and name of browser.
Data subjects: website visitors
Technology: JavaScript call
Legal basis: Consent, Data Privacy Framework
Website: www.google.com
Further information: https://developers.google.com/fonts/faq https://policies.google.com/privacy https://www.google.com/about/datacenters/inside/locations/

To display fonts consistently, our website uses Web Fonts which are provided by Google. 

To display web fonts, the web browser you use must connect with a Google server. This informs Google that our website is being accessed via your IP address. The IP address from the browser of the device you are using to access our site is also stored by Google. If your browser does not support Web Fonts, your device will display the site using a standard font type. With each Google Font request, your IP address is automatically transferred to a Google server along with information such as your language preferences, display resolution, version and name of your browser. The usage data collected by Google enables them to determine the popularity of specific font types. Google publishes these findings on internal analytics sites (e.g. Google Analytics).

Google Fonts enables us to use fonts on our own website without uploading them to our server. Google Fonts is an important building block for maintaining the high quality of our website. All Google fonts are automatically optimized for the web. This reduces the data volume and is particularly advantageous for use on mobile devices. When you visit our site, the low file size allows for quicker loading times. Furthermore, Google Fonts are secure Web Fonts that support all major browsers.  

Google stores requests for CSS assets for one day on its servers. This enables us to use the fonts with the support of a Google style sheet. The font files are stored by Google for one year. To delete data prematurely, you must contact Google Support ( https://support.google.com ).

Google Maps

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC (USA)
Purpose: Integration of Map Services
Category: Statistics
Recipients: EU, USA
Data processed: IP Address, Website Visit Details, User Data
Data subjects: Users
Technology: JavaScript Call, Cookies
Legal basis: Consent, Data Privacy Framework, https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
Website: https://www.google.com
Further information:
https://policies.google.com/privacy
https://safety.google/intl/en/principles/
https://business.safety.google/adsprocessorterms/
Here you can find out where exactly Google data centers are located: https://www.google.com/about/datacenters/inside/locations/

On our website, the service Google Maps is integrated in order to better display geographical information about locations for users. 

Google Maps is an online map service with which geographic information can be made more legible via a terminal device. Among other things, directions are displayed or map sections of a location can be integrated into a website. 

When Google Maps is called up, the browser establishes a connection to Google's servers. This enables Google to know that our website has been accessed via the user's IP address. The use of Google Maps enables Google to collect and process data about the use of the service.

For the provision of this service, Google Maps processes, among other things, entered search terms as well as latitude and longitude coordinates on the basis of the IP address. If the route planner function of Google Maps is used, the entered starting address is also stored. This data processing is carried out exclusively by Google and is not within our sphere of influence.

We would like to point out that a cookie called "NID" is set by Google when running this service. Google Maps does not currently offer us the option to run this service in a mode without this cookie. The NID cookie contains information about your user behavior, which Google uses to optimize its own services and to provide individual, personalized advertising for you.

Google anonymizes data in server logs by deleting a portion of the IP address and cookie information after 9 and 18 months, respectively.

Location and activity data is stored for either 3 or 18 months and then deleted. Users can also manually clear history at any time via a Google account. To completely prevent location tracking, a user must turn off the "Web and App Activity" section in their Google account.

Google Marketing Platform / Google Ad Manager

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC (USA)
Purpose: Personalized Advertising, Conversion Tracking, Remarketing, Campaign Performance Measurement
Category: Marketing
Recipients: EU, USA
Data processed: IP Address, Website Visit details, User data
Data subjects: Users
Technology: JavaScript Call, Cookies
Legal basis: Consent, Data Privacy Framework, https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
Website: https://www.google.com
Further information:
https://policies.google.com/privacy
https://safety.google/intl/de/principles/
https://business.safety.google/adsprocessorterms/
Here you can find out where exactly Google data centers are located: https://www.google.com/about/datacenters/inside/locations/

On this website, the Google Ads service is used for the purpose of advertising our products and services.  Google Ads is Google's in-house online advertising system. 

It is important for us to know whether an interested visitor ultimately becomes our customer. To be able to measure this, there is the so-called conversion tracking. Furthermore, we would like to be able to address visitors to our website again and in a targeted manner. We achieve this through so-called remarketing (retargeting).

Google Ads serves both conversion tracking and remarketing, i.e. we can see what happened after you clicked on one of our ads. In order for this service to work, cookies are used and visitors are sometimes included in remarketing lists in order to be served only with certain advertising campaigns.

This is done by means of a pseudonymous identification number (pID), which the browser of a user receives and is assigned to him. This pID enables the service to recognize which ads have already been displayed to a user and which have been called up. The data is used to serve ads across websites by enabling Google to identify the pages visited by the user. 

Our goal is that the offer of our website through the use of Google Ads targeted to those visitors who are actually interested in our offer. The data from conversion tracking allows us to measure the benefit of individual advertising measures and optimize our website for our visitors. Conversion can be measured through the use of cookies.

The information generated is transferred by Google to a server in the U.S. for evaluation and stored there. A transfer of data by Google to third parties only takes place due to legal regulations or in the context of commissioned data processing. Under no circumstances will Google link data of a user with other data collected by Google.

Google reCAPTCHA

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company Google LLC (USA),
Purpose: Protection against Misuse, Spam Prevention
Category: Technically Required
Recipients: EU, USA
Data processed: IP Address, Website Visit Details
Data subjects: User
Technology: JavaScript Call, Cookies, Local Storage
Legal basis: Legitimate Interest, Data Privacy Framework, https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
Website: https://www.google.com
Further information:
https://policies.google.com/privacy https://developers.google.com/recaptcha/
https://policies.google.com/privacy
https://safety.google/intl/en/principles/
https://business.safety.google/adsprocessorterms/
Here you can find out where exactly Google data centers are located: https://www.google.com/about/datacenters/locations/

On our website, the Google reCAPTCHA service is used to protect against abuse by non-human visitors (bots) and to prevent spam.

When reCAPTCHA is started, the browser establishes a connection to Google's servers. This enables Google to know that our website has been accessed via a user's IP address.

The purpose of reCAPTCHA is to verify whether the data entry on our website is made by a human or by an automated program. For this purpose, reCAPTCHA analyzes the user's behavior based on various characteristics. This analysis begins automatically as soon as the user starts our website. For the analysis, reCAPTCHA evaluates various information.

According to our information, the following data is processed by Google:

• the address of the page from which the visitor comes
• IP address
• Information about the operating system
• Cookies
• Mouse and keyboard behavior
• Date and language settings
• All Java-Script Objects
• Screen resolution

The data collected during the analysis is forwarded to and used by Google. The reCAPTCHA analyses run entirely in the background.

Cookies are used for the processing of the service.  These cookies require a unique identifier for tracking purposes. According to Google, the IP address is not merged with other data from other Google services, unless a user is logged into his Google account while using the reCAPTCHA plug-in. Furthermore, reCAPTCHA also uses the local storage on the user's device to store data.

Google Tag Manager

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC (USA)
Purpose: Launching Tools and Plugins
Category: Technically Required
Recipients: EU, USA (possible)
Data processed: IP Address
Data subjects: User
Technology: JavaScript Call
Legal basis: legitimate interest, Data Privacy Framework, https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active
Website: https://www.google.com
Further information:
https://policies.google.com/privacy
https://safety.google/intl/en/principles/
https://business.safety.google/adsprocessorterms/
Here you can find out where exactly Google data centers are located: https://www.google.com/about/datacenters/locations/

The Google Tag Manager service is used on our website.

The Tag Manager is a service that allows us to manage website tags via an interface. This allows us to include code snippets such as tracking codes or conversion pixels on websites without interfering with the source code. In doing so, the data is only forwarded by the Tag Manager, but neither collected nor stored. The Tag Manager itself is a cookie-less domain and does not process any personal data, as it serves purely to manage other services in our online offering. 

When the Google Tag Manager is started, the browser establishes a connection to Google's servers.  These are mainly located in the U.S. Through this, Google obtains knowledge that our website was called up via the IP address of a user. 

The Tag Manager ensures the resolution of other tags, which in turn may collect data. However, the Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, this remains in place for all tracking tags that are implemented with the Tag Manager.

Hosting

In the process of hosting our website, we store all data related to the operation of our website. This is necessary for enabling operation of our website. Therefore, we process this data on the legal grounds of our legitimate interest in optimising our website. To provide access to our website, we use the services of web hosting providers, to whom we supply the aforementioned data within the context of contractual processing.

Contact

Whenever you contact us, your information is used to process and handle your contact request in the course of fulfilling pre-contractual rights and obligations. To handle and answer your request it is necessary for us to process your data; otherwise we are unable to answer your request or only able to partially answer it. Your information can be stored in a database of customers and leads on the grounds of our legitimate interest in direct marketing.

We delete your request and contact information when your request has been definitively answered and there is no legally required time limit for storing this data prior to deletion (e.g. pursuant to a subsequent contractual relationship). This is usually the case when there is no further contact with you for three years in a row.

LinkedIn Insight Tag

Provider: LinkedIn Ireland Unlimited Company, Ireland, Parent: LinkedIn Corporation (USA).
Purpose: Conversion tracking, Web analytics
Category: Marketing
Recipient: EU, USA
Data processed: IP address, website visit details, online-related data
Data subjects: website visitors, LinkedIn users
Technology: JavaScript call, cookies
Legal basis: Consent, Data Privacy Framework,
https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000L0UZAA0&status=Active
Website: https://www.linkedin.com/
Further information:
https://www.linkedin.com/legal/privacy-policy
https://www.linkedin.com/help/lms/answer/85787 https://www.linkedin.com/help/linkedin/answer/87150/

Our website uses LinkedIn Insight Tag, a web analytics service. Through this service, LinkedIn users on our website are recorded and analyzed. This gives us insights into our target groups. Furthermore, we can use it to measure the attractiveness of our offers and services as well as the success of LinkedIn campaigns.

LinkedIn members also have the option to opt-out of LinkedIn conversion tracking and to block and delete cookies or disable demographic features at https://www.linkedin.com/psettings/advertising/. In LinkedIn's settings, there is no separate opt-out option for third-party impressions or click tracking for campaigns running on LinkedIn, as all underlying campaigns respect LinkedIn members' settings.

Information about the use of our website collected by the LinkedIn Insight tag is encrypted. LinkedIn anonymizes the data within 7 days. Within 90 days, the data is deleted again. We as site operator do not receive any personal data, only reports on demographic information, information around the respective jobs to our target groups and the success of LinkedIn campaigns.

Meta-Pixel

Provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, Parent Company: Meta Platforms, Inc (USA).
Purpose: Web Analysis, Tracking (Conversion)
Category: Marketing
Recipients: EU, USA
Data processed: IP Address, User Data, Website Visit Details
Data subjects: Users
Technology: JavaScript Call, Cookies
Legal basis: Consent, Data Privacy Framework, https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000GnywAAC&status=Active
Website: www.facebook.com
Further information: https://en-gb.facebook.com/privacy/policy https://en-gb.facebook.com/business/help/742478679120153

On our website, the service Meta-Pixel of the social network Facebook is used for the analysis, optimization and economic operation of our online offer.

With the help of Meta-Pixel, it is possible for Meta, on the one hand, to determine the visitors to our website as a target group for the display of personalized ads. Accordingly, we use Meta-Pixel to display the ads placed by us only to users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Meta (so-called "Custom Audiences"). With the help of Meta-Pixel, we also want to ensure that our Meta Ads correspond to the potential interest of users and do not have a harassing effect. With the help of Meta-Pixel, we can, on the other hand, track the effectiveness of Meta Ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Meta Ad (so-called "conversion").

Your actions are stored in one or more cookies in the process. These cookies allow Meta to match your user data (such as IP address, user ID) with your Facebook account data. The collected data is anonymous and not visible to us and can only be used in the context of advertisements. You can prevent the linking with your Facebook account by logging out before you take any action. 

To set which types of ads are displayed to you within Facebook, you can visit the page set up by Meta and follow the instructions there for the settings of usage-based advertising: https://www.facebook.com/settings?tab=ads

The settings are done in a platform-independent manner, which means that they are applied to all devices, such as desktop computers or mobile devices.

Server Log Files

For technical reasons, particularly to ensure a functioning and secure website, we process the technically necessary data about accesses to our website in so-called server log files which your browser automatically sends to us. 

The access data we process includes:

• The name of the website you are accessing  
• The browser type (including version) you use
• The operating system you use
• The site you visited before  accessing our site (referrer URL)
• The time of your server request
• The amount of data transferred
• The host name of computer (IP address) you are using to access the site

This data cannot be traced back to any natural person and is used solely to perform statistical analyses and to operate and improve our website while also optimising our site and keeping it secure. This data is sent exclusively to our website operator. The data is neither connected nor aggregated with other data sources. In case of suspicion of unlawful use of our website, we reserve the right to examine the data retroactively. This data processing takes place on the legal grounds of our legitimate interest in maintaining a technically fault-free and optimal website.

The access data is deleted within a short period of time after serving its purpose (usually within a few days) unless further storage is required for evidence purposes. In such cases, the data is stored until the incident is definitively resolved.

SSL Encryption

Within your visit to our website, we use the widespread SSL procedure (Secure Socket Layer) in conjunction with the highest level of encryption supported by your browser. You can tell whether an individual page of our website is transmitted in encrypted form by the closed representation of the key or lock symbol in the lower status bar of your browser. We use this encryption procedure on the basis of our justified interest in the use of suitable encryption techniques.

We also make use of suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments and kept state-of-the-art.

TikTok Pixel

On our website, we use the so-called TikTok pixel of the social network TikTok, which is operated by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland ("TikTok"). The parent company of TikTok is based in China.

ATTENTION: Within the scope of this service, data transfer to China takes place or cannot be ruled out.

With the help of the TikTok pixel, it is possible for TikTok, on the one hand, to determine you as a visitor to our online offer as a target group for the display of advertisements (so-called "TikTok ads"). Accordingly, we use the TikTok pixel to display the TikTok ads placed by us only to those TikTok users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to TikTok (so-called "Custom Audiences"). 

With the help of the TikTok pixel, we also want to ensure that our TikTok ads correspond to the potential interest of users and are not harassing. The TikTok pixel also allows us to track the effectiveness of the TikTok ads for statistical and market research purposes by seeing whether users have been redirected to our website after clicking on a TikTok ad (so-called "conversion").

The processing of the data by TikTok takes place within the framework of the data use policy at https://www.tiktok.com/legal/privacy-policy?lang=en of TikTok. 

Specific information and details about the TikTok Pixel and how it works can be found in the TikTok help section at https://support.tiktok.com/en

The use of the TikTok pixel as well as the storage of "conversion cookies" is based on your consent according to Art. 6 paragraph 1 lit. a GDPR. You can revoke this consent at any time.

For the processing of data for which TikTok acts as a data processor, we have concluded a data processing agreement with TikTok in which we oblige TikTok to protect our customers' data and not to pass it on to third parties.

Contact details

Fronius International GmbH
Fronius Strasse 5
4642Sattledt
Austria

dataprotection@fronius.com

Data Protection Authority

Österreichische Datenschutzbehörde
Barichgasse 40-42, 1030 Wien, Österreich
Phone: +43 1 52 152-0, dsb@dsb.gv.at

Sattledt,  20. March 2024