Privacy Policy

1. Data controller (who we are)

For the purposes of the EU General Data Protection Regulation (GDPR) and other applicable data protection laws, the data controller is:

• Legal name: Riwexvosin Ltd
• Registered address: Friedrichstraße 100, 10117 Berlin, Germany
• General contact email: [email protected]
• Privacy inquiries: [email protected]
• Phone: +49 30 2590 1234

This website provides information about solar energy consultation and coordination services. We do not provide installation work through this website and we do not request sensitive personal data such as government identifiers or payment card details via our inquiry forms.

2. Personal data we collect

We collect only the data that is reasonably necessary to respond to your inquiries, operate the website, and maintain security. Depending on how you interact with the site, we may collect:

• Identity data: full name (if you provide it).
• Contact data: email address and phone number (phone only if you include it in a message or request a call-back).
• Inquiry content: the text you type into forms (for example, your project context, property type, and questions).
• Technical data: IP address, browser type/version, device information, operating system, and language settings.
• Usage data: pages viewed, approximate time on page, referral source, and interactions with site elements (when analytics are enabled and accepted).
• Cookie data: consent status and cookie identifiers (where applicable).

Please do not submit sensitive categories of personal data through the site (such as health information) and do not include financial account numbers, payment card data, or government-issued identification numbers in your message.

3. How we collect personal data

We collect personal data through the following methods:

• Web forms: when you submit an inquiry on the Contact page, we receive the details you enter (such as name, email, and message).
• Direct communications: if you contact us by email or phone, we process the information you share to respond and maintain a record of correspondence.
• Cookies and similar technologies: the site stores cookie consent status and may store analytics identifiers depending on your cookie choices.
• Server logs: like most websites, our hosting infrastructure records logs that may include IP address, request timestamps, and requested pages for security and troubleshooting.
• Analytics tools: we may use Google Analytics 4 to understand aggregated site usage. We only enable analytics cookies when you accept analytics via the cookie banner.
• Advertising pixels: we do not use a marketing pixel by default. If enabled in the future (for example, Meta Pixel), we will update this policy and require appropriate consent for marketing cookies.

We do not use pop-up forms that block content, and we do not collect data through hidden fields intended to capture additional information beyond what the form requests.

4. Legal bases for processing (GDPR Article 6)

When the GDPR applies, we rely on one or more of the following legal bases to process personal data. The applicable basis depends on the context:

4.1 Consent (Art. 6(1)(a))

We use consent where required, including for non-essential cookies such as analytics cookies. You can withdraw consent at any time by changing your cookie preferences (see the cookie section) or by contacting us.

4.2 Performance of a contract or pre-contract steps (Art. 6(1)(b))

If you request consultation or coordination support, we process your inquiry details to respond and take steps at your request prior to entering into an agreement. This typically includes responding to messages and clarifying scope.

4.3 Legitimate interests (Art. 6(1)(f))

We may process certain technical and usage data to keep the website secure, prevent abuse, maintain service quality, and understand how visitors use the site in an aggregated way. When we rely on legitimate interests, we balance our interests against your rights and expectations and use proportionate safeguards.

4.4 Legal obligation (Art. 6(1)(c))

We may retain and disclose information where required to meet legal obligations, including responding to lawful requests from public authorities, handling complaints, and meeting record-keeping requirements where applicable.

5. Purposes of processing

We process personal data for the following purposes:

• Responding to inquiries: to answer messages you send, provide requested information about our consultation services, and coordinate next steps.
• Service delivery and support: to provide consultation and coordination support where requested, including clarifying project context and documenting what has been discussed.
• Website operation: to load pages, ensure compatibility across devices, and deliver content reliably.
• Security and fraud prevention: to detect and prevent suspicious activity such as spam submissions or malicious traffic and to keep the site stable.
• Analytics (consent-based where required): to understand aggregated usage trends, improve site navigation, and assess what information visitors find helpful.
• Legal compliance: to maintain records and respond to legal requests or enforce our terms where necessary.
• Marketing communications (consent-based): we do not subscribe you to marketing emails simply because you contact us. If we ever offer an opt-in newsletter, it will be clearly labeled and require explicit consent with an unsubscribe option.

We do not sell personal data, and we do not use your inquiry data to make automated decisions that produce legal or similarly significant effects.

6. Retention periods

We keep personal data only for as long as necessary for the purposes described in this policy. Retention depends on the type of data and the context:

• Form submissions and inquiry correspondence: up to 2 years from the last interaction, to provide continuity if you follow up, unless a longer period is required for legal reasons or you request deletion where applicable.
• Customer support communications related to an active engagement: for the duration of the engagement and then up to 2 years for record-keeping and dispute handling.
• Analytics data (Google Analytics 4): up to 14 months (or the shortest feasible retention setting we have configured), subject to your consent and GA4 settings.
• Server logs: typically up to 90 days, unless logs are needed longer for investigating security incidents.
• Cookie consent records: stored in your browser via local storage until you clear it, or up to 12 months as a practical interval for renewing consent prompts.
• Email list (if you opt in): until you unsubscribe, and then up to 30 days to process the request and maintain a suppression record so you are not re-added by mistake.

If you request deletion, we will evaluate the request and delete or anonymize data unless we have a lawful reason to keep it (for example, to comply with legal obligations or to establish, exercise, or defend legal claims).

7. Data sharing and processors

We share personal data only when necessary to operate the site and provide services. We do not sell your personal data. Depending on configuration and your interactions, data may be shared with:

• Hosting and infrastructure providers: to host the website and store data securely.
• Email service providers: to receive and respond to inquiries sent to our business email addresses.
• Analytics providers: Google Analytics 4 (where enabled and where you have provided consent for analytics cookies).
• Professional advisers: such as legal or accounting advisers, only as needed and subject to confidentiality obligations.
• Authorities and legal recipients: if required by law, court order, or to protect rights and safety.

Where third parties process personal data on our behalf, we use data processing agreements and require appropriate security measures. If we ever enable marketing pixels or retargeting tools, we will update this policy and request marketing-cookie consent before activation.

8. International data transfers

Our company is based in Germany, and we aim to process and store data within the European Economic Area (EEA) where possible. Some service providers, such as analytics or email infrastructure vendors, may process data in countries outside the EEA, including the United States.

When personal data is transferred outside the EEA, we use appropriate safeguards as required by GDPR Chapter V, which may include:

• Standard Contractual Clauses (SCCs): approved by the European Commission, where applicable.
• Adequacy decisions: where the European Commission has recognized a country as providing an adequate level of protection.
• Supplementary measures: such as encryption and access controls, depending on the transfer context.

You can request more information about applicable safeguards by contacting us at [email protected].

9. Your rights under the GDPR

If the GDPR applies to you, you have the following rights, subject to conditions and exceptions under applicable law:

• Right of access: request a copy of the personal data we hold about you and information about how we process it.
• Right to rectification: ask us to correct inaccurate or incomplete personal data.
• Right to erasure: ask us to delete your personal data where there is no lawful reason for continued processing.
• Right to restriction: request that we limit processing in certain situations (for example, while we verify accuracy).
• Right to data portability: receive certain data you provided to us in a structured, commonly used, machine-readable format and transmit it to another controller where technically feasible.
• Right to object: object to processing based on legitimate interests. If you object, we will stop processing unless we have compelling legitimate grounds or the processing is needed for legal claims.
• Right to withdraw consent: where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.

To exercise these rights, contact us at [email protected]. For your security, we may request information to verify your identity before fulfilling a request.

You also have the right to lodge a complaint with a supervisory authority. In Germany, the supervisory authority responsible for Berlin is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit (BlnBDI)
Alt-Moabit 59-61, 10555 Berlin, Germany
Website: https://www.datenschutz-berlin.de/

10. Cookie policy

Cookies are small text files stored on your device. We also use similar technologies such as local storage. Our website uses cookies for the following purposes:

10.1 Strictly necessary

These are required for core site functions, such as remembering your cookie choices. Without them, certain features may not work as intended.

• Consent storage: local storage entry that records whether you accepted or rejected cookies. Typical duration: up to 12 months or until you clear site storage.

10.2 Analytics cookies (optional)

Analytics cookies help us understand aggregated site usage. We only set analytics cookies when you accept analytics through the cookie banner.

• Google Analytics 4 identifiers: used to measure visits and interactions. Typical duration: up to 14 months, subject to GA4 settings and your controls.

10.3 Marketing cookies (optional)

Marketing cookies can be used to measure advertising performance and provide relevant ads. We do not enable marketing cookies by default. If we enable them in the future, we will request consent and update this policy.

10.4 Managing cookies

You can manage cookies in two ways:

• Cookie banner: you can accept or reject non-essential cookies when prompted.
• Browser controls: you can delete cookies or block them via your browser settings. If you block cookies, some site features may be limited.

If you previously accepted cookies and want to change your decision, you can clear this site’s storage in your browser settings and revisit the site to see the banner again.

11. Children’s privacy

This website and our consultation services are not directed to children under 16. We do not knowingly collect personal data from children under 16. If you believe that a child has provided personal data to us, please contact [email protected] and we will take steps to delete the information.

12. Changes to this policy

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or service providers. When we make material changes, we will post the updated policy on this page and revise the “Last Updated” date. If an update significantly affects how we use your data and we have your email due to an inquiry or an opt-in subscription, we may notify you by email where appropriate.

Continued use of the website after a policy update means you acknowledge the updated information. If you disagree with changes and your processing is based on consent, you can withdraw consent by adjusting your cookie choices or contacting us.

13. Contact and data protection inquiries

For privacy questions, requests, or complaints, contact our privacy inbox:

• Email: [email protected]
• Mailing address: Riwexvosin Ltd, Friedrichstraße 100, 10117 Berlin, Germany
• Phone: +49 30 2590 1234

If you submit a request, please include enough detail for us to understand what you are asking. We will respond within a reasonable time and in any event within the timeframes required by applicable law.