In accordance with the General Data Protection Regulation 679/2016/EU (hereinafter the “Data Protection Legislation”) by means of this Privacy Policy, the user is informed of the following:
1. Who is the Data Controller for the processing of the personal data?
- Data controller: Kronos Solar Projects GmbH (hereinafter, "Kronos" or "DataController" indistinctly).
- Registered office: District Court of Muenchen. Adress: Widenmayerstr. 16, 80538, Munich, Germany
- Tax Identification Number: HRB 194883
- Tel: +49 (0) 89 89057080
- Fax: +49 (0) 89 255513 1051
- Contact details of the Data Protection Officer (DPO): dataprotection@edpr.com.
Kronos is the Data Controller for the processing of user data (hereinafter "user" or "data subject") through the present website kronos-solar.com (hereinafter the "Website").
2. Purposes of processing, categories of personal data and lawful bases
The Data Controller will process the information, manually or automatically, that the user provides through the Website, in a lawful, fair and transparent manner. To this end, it is important that the user informs of any changes that occur in his/her personal data, in order to keep them up to date.
When you visit our Website, the browser used on your end device automatically sends information to the server of our Website. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until it is automatically deleted:
- IP address of the requesting computer;
- Date and time of access;
- Name and URL of the file accessed;
- Website from which the access was made (referrer URL),
- The browser used and, if applicable, the operating system of your computer as well as the name of your access provider.
- The aforementioned data is processed by us for the following purposes:
- Ensuring a smooth connection set-up of the website
- Ensuring a comfortable use of our website;
- Evaluating system security and stability, and for other administrative purposes.
Means of contact
The Data Controller will process the personal data of users in order to manage and answer queries, doubts or requests made by them, through the means of contact made available to them through the Website.
The Data Controller will process, for this purpose, the following categories of data:
- Identification data: name, surname;
- Contact details: e-mail, telephone;
- Other: any other information provided by the user via email or telephone.
In the event that the user provides personal data related to a third party, the user declares that the provision of personal data is lawful and undertakes to pass on the information contained in this Privacy Policy to said third party.
The lawfulness for the processing of personal data for this purpose is the consent of the user expressed through the sending of his/her query, doubt or request for information, through the means of contact described above, after having read this Privacy Policy. Users may withdraw their consent at any time, without prejudice to the lawfulness of the processing carried out to date, but it is possible that, as a result, their request for information may not be met.
Suppliers and business contacts as recipients of e-mail communications
The Data Controller will use the contact details of data subjects for the purposes of professional location, management of contractual and commercial relations with the recipient or with the entity in which the recipient provides services, as appropriate, as well as resolution of queries and, where appropriate, complaints addressed to Kronos by the recipient of such communications.
The Data Controller will process, for this purpose, the contact details of the data subjects.
This processing is necessary for the professional location of the data subject for the purpose of maintaining commercial relations.
The lawfulness for this processing is the legitimate interest of the Data Controller in maintaining commercial relations with third party suppliers through the processing of their contact data. This processing contributes to the achievement of the purposes of the Data Controller, promoting economic activity and productivity in the sector and the interest of the suppliers and business contact in which the data subject provides their services for the initiation or maintenance of the commercial relationship between the parties. In any case, the data subject may object at any time to the processing of his/her data for the aforementioned purpose, in accordance with the provisions of the section on the exercise of rights.
Relationship with third parties for Purchases, Non-Binding Offers and Confidentiality Agreements
The Data Controller shall use personal data relating to the legal representatives, shareholders, employees or collaborators of the counterparty (hereinafter collectively the "counterparty") for:
- The performance of the obligations set out in the relevant Contract (the non-binding offer, purchases or confidentiality agreement, as the case may be), the lawfulness of which lies in in the execution and performance of the corresponding contractual relationship.
- Compliance with applicable legislation and/or to respond to requests from the authorities, the lawfulness of this processing is, precisely, compliance with the obligations to which Kronos is subject.
- The exercise of legal actions or defence in judicial, administrative and/or extrajudicial proceedings, including in relation to debt recovery proceedings, also through third parties, in accordance with their legitimate interests in effective judicial protection.
- The management of a possible merger, sale of assets or transfer of all or part of the business, by disclosing and transmitting the data to a third party or parties involved in the transaction as part of it, in accordance with the legal empowerment established by law in this regard.
The processing of the counterparty's data for the purposes based on the performance of a contract is necessary to achieve these purposes, as Kronos will not be able to perform the contractual relationship with the counterparty if it does not provide its personal data.
3. How long do we store your personal data?
With regard to personal data arising from the means of contact, the data provided will be stored for as long as their processing is necessary for the purpose for which they were collected, unless you request us to erase them before that date and there is no legal or judicial mandate that obliges us to store the personal data.
With regard to personal data arising from the use of contact details of suppliers and business contacts, the data provided will be kept for as long as the relationship with the data subject subsists, unless you request us to erase them before that date and there is no legal or judicial mandate that obliges us to store the personal data or they serve to meet possible claims or exercise of rights, during the limitation period of the corresponding actions.
With regard to personal data arising from contractual relationships with third parties for purchases, non-binding offers and confidentiality agreements described above, these will be stored for as long as the relationship with the data subject subsists, unless you request us to erase them prior to that date and there is no legal or judicial mandate that obliges us to store the personal data or they serve to meet possible claims or exercise of rights, during the limitation period of the corresponding actions in accordance with applicable law.
4. What security measures do we apply?
In order to safeguard the security of your personal data, the Data Controller has adopted all the technical and organisational measures necessary to guarantee the security of the personal data supplied, in order to prevent their alteration, loss and/or unauthorised processing or access, as required by law, although absolute security does not exist.
Likewise, all our staff, whatever the stage of processing in which they are involved, have undertaken to process your personal data with the utmost care, secrecy, and confidentiality and that it will be processed in accordance with current Data Protection Legislation.
5. To which recipients will personal data be communicated?
The personal data of data subjects may be communicated to:
- entities belonging to the Kronos Group including EDP Renovaveis, S.A, in accordance with their legitimate interests, exclusively for internal administrative purposes;
- people and/or competent authorities who have a right of access to the data recognised by law or regulation or by provisions issued by authorities legally empowered to do so, for the fulfilment of the obligations to which Kronos is subject;
- potential acquirers of Kronos, and entities resulting from merger processes and any other type of transformation affecting Kronos, in accordance with their legitimate interests.
The Data Controller relies on the cooperation of third-party service providers who may have access to your personal data and who will process the data on behalf of and for the account of the Data Controller, as a consequence of their provision of services.
In this respect, the Data Controller follows strict criteria for the selection of service providers in order to comply with its data protection obligations and undertakes to enter into the corresponding data processing agreement with them, whereby it will impose on them, among others, the following obligations: to implement appropriate technical and organisational measures to ensure the security of personal data; to process personal data for the agreed purposes and only in accordance with the documented instructions of the Data Controller; and to erase and return the data to the Data Controller once the provision of the services has been completed.
6. International data transfers
Personal data of data subjects may be transferred to countries other than the data subject territory and other than Data Controller Territory. In such cases, the data processing could involve international data transfers under the terms of the Data Protection Legislation from time to time.
Kronos may transfer your personal data to countries with an adequate level of protection recognised by the competent authorities.
In the case of transfers to countries not considered to have an adequate level of protection according to the Data protection Legislation and/or considered by the competent supervisory authority, Kronos has implemented appropriate and adequate safeguards to protect the personal data of data subjects and to ensure an adequate level of security. Accordingly, the personal data of data subjects will be transferred in accordance with the requirements and obligations established by Data Protection Legislation. In these cases, Kronos guarantees to have subscribed with the recipients, collaborators and/or suppliers who access to personal data, the corresponding Contractual Clauses and determined the additional guarantees, when necessary, for the best protection of your personal data.
For more information on appropriate and adequate security measures, data subjects may contact Kronos through the contact means of their Data Protection Officer at dataprotection@edpr.com.
7. What rights does the user have?
In accordance with data protection regulations, the user has the right to:
- Access to your personal data. This also includes the right to obtain confirmation as to whether their data is being processed.
- Rectify inaccurate or incomplete data.
- Object to the processing of the data, where the processing is noncompliance with applicable personal data protection legislation.
- To withdraw his/her consent at any time, without prejudice to the lawfulness of the processing previously carried out.
- Request the erasure of your data when they are no longer necessary for the purposes for which they were collected, among other reasons. Where applicable, data shall be anonymised or blocked in accordance with applicable personal data protection legislation.
- Obtain from the Data Controller the restriction of the processing of the data when any of the conditions provided for in the regulations in force are met.
- Request the portability of your data, either for yourself or for transfer to another Data Controller.
In order to exercise the aforementioned rights, you must send your request to the address indicated in the heading of this document, through the channel provided on the website or through the DPO's e-mail address: dataprotection@edpr.com.
The Data Controller will respond to the right exercised within the legally stipulated period.
Finally, the user may, in addition, file a complaint with the competent Control Authority if he/she considers that the Data Controller has infringed the rights recognised by the applicable data protection regulations.
IP address of the requesting computer, Date and time of access, name and URL of the file accessed, website from which the access was made (referrer URL), the browser used and, if applicable, the operating system of your computer as well as the name of your access provider.
The aforementioned data is processed by us for the following purposes: ensuring a smooth connection set-up of the website, ensuring a comfortable use of our website, evaluating system security and stability, and for other administrative purposes.