§ 1. General Provisions

This Privacy Policy (hereinafter: "Privacy Policy") outlines the principles for the processing and protection of personal data of Users accessing the website available at https://www.blitznaturalpower.com/ (hereinafter: "Website"). The Privacy Policy also defines the principles regarding the use of cookies.

The Privacy Policy is provided for informational purposes.The data controller is Blitz Natural Power GmbH, based at Landsberger Str. 155, 80687 Munich, registered in the Amtsgericht Munich under the number HRB 297034, VAT ID: 0000842171, Tax Number: 143/121/10904, represented by Geschäftsführer Thomas Hansla (hereinafter: "Controller").

The Controller can be contacted regarding personal data processing and the exercise of rights related to such data:
•    by post: Landsberger Str. 155 Haus 1, 80687 Munich,
•    by email: marketing@blitznaturalpower.com.

The following definitions are used in this Privacy Policy:    User - an individual accessing the Website or using the services or functionalities described in this Privacy Policy and Cookies.The Controller processes the collected personal data in accordance with the security principles established by:

•    General Data Protection Regulation (GDPR) (Verordnung (EU) 2016/679);
•    Federal Data Protection Act (BDSG) (Bundesdatenschutzgesetz);
•    Telemedia Act (TMG) (Telemediengesetz);
•    Telecommunications Act (TKG) (Telekommunikationsgesetz).

The Controller takes all measures necessary for the protection of personal data, as required under Article 32 GDPR, considering the state of technical knowledge, the cost of implementation, the nature, scope, and purposes of the processing, as well as the risk to the rights and freedoms of individuals. These measures include appropriate technical and organizational safeguards to ensure a level of security appropriate to the risk.

§ 2. Principles of Personal Data Processing

To ensure the proper functioning of the Website, the Controller processes data related to the User's device, such as IP address, information contained in cookies or other similar technologies, session data, browser data, device data, and data regarding activities on the Website.

The Controller processes the User's personal data for the following purposes:

•    Statistical analysis and improvement of the website (e.g., Google Analytics): The Controller processes data such as IP address, cookies, browser data, device type, and activity on the Website. The legal basis for processing this data is the legitimate interest of the Controller (Article 6(1)(f) GDPR). The data is processed until anonymized or deleted in accordance with the data retention policy of Google Analytics.
•   Handling inquiries via contact form: The Controller processes data such as email address and content of the inquiry (if applicable). The legal basis for processing this data is the legitimate interest of the Controller (Article 6(1)(f) GDPR). The data is retained until the correspondence is completed or until the User exercises a valid objection.
•    Ensuring the security of the website: The Controller processes data such as IP address and technical data (e.g., server logs). The legal basis for processing this data is the legitimate interest of the Controller (Article 6(1)(f) GDPR). The data is retained for the period necessary to ensure the security of the Website and detect any abuses.

Personal data may be disclosed by the Controller to external entities, such as IT service providers, legal, courier, or accounting firms. All entities to which personal data is disclosed ensure that appropriate data protection and security measures, as required by law, are applied. The Controller provides personal data only in connection with specific actions taken by the Users, limiting the scope of the data provided.

The provision of personal data is voluntary; however, failure to provide necessary data (e.g., for contact purposes) may result in the inability to perform the requested action.

§ 3. Rights of Data Subjects

Each data subject has the right to:

a. Access (Article 15 GDPR) - obtain confirmation from the Controller as to whether personal data is being processed. If personal data is processed, the data subject is entitled to access the data and obtain the following information: the purposes of processing, the categories of personal data, the recipients or categories of recipients to whom the data has been or will be disclosed, the retention period or the criteria used to determine the retention period, the right to request rectification, erasure, or restriction of processing, as well as the right to object to such processing.
‍
b. Obtain a copy of the data (Article 15(3) GDPR) - receive a copy of the personal data being processed. The first copy is provided free of charge, while further copies may be subject to a reasonable administrative fee based on the costs of processing.
‍
c. Rectification (Article 16 GDPR) - request the correction of any inaccurate personal data or the completion of incomplete personal data.
‍
d. Erasure (Article 17 GDPR) - request the erasure of personal data if the Controller no longer has a legal basis for processing or if the data is no longer necessary for the purposes of processing.
‍
e. Restriction of processing (Article 18 GDPR) - request the restriction of processing if:
•    the data subject contests the accuracy of personal data, for a period enabling the Controller to verify its accuracy;
•   the processing is unlawful and the data subject opposes the erasure of personal data, requesting its restriction instead;
•    the Controller no longer needs the data, but the data is required by the data subject for the establishment, exercise, or defense of legal claims;
•    the data subject has objected to processing, pending the verification of whether the legitimate grounds of the Controller override the data subject’s interests, rights, and freedoms.
‍
f. Data portability (Article 20 GDPR) - receive personal data provided to the Controller in a structured, commonly used, machine-readable format and request that it be transmitted to another data controller, provided the data is processed based on consent or contract and is processed in an automated manner.
‍
g. Objection (Article 21 GDPR) - object to the processing of personal data based on the legitimate interests of the Controller, for reasons related to the data subject’s particular situation, including objection to profiling. In such cases, the Controller will assess whether the legitimate grounds for processing override the data subject’s interests, rights, and freedoms, or whether the data is necessary for the establishment, exercise, or defense of legal claims. If the Controller’s interests are deemed less important, the Controller will stop processing the data.
‍
h. Withdraw consent at any time and without giving a reason (Article 7(3) GDPR), where the processing is based on consent. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. Withdrawal of consent will result in the cessation of processing of personal data for the purposes for which consent was given.The data subject has the right to lodge a complaint with a supervisory authority (Article 77 GDPR), which in Germany is the Federal Commissioner for Data Protection and Freedom of Information (BfDI), located at Husarenstraße 30, 53117 Bonn. The data subject can contact the BfDI as follows:

•    by post: Husarenstraße 30, 53117 Bonn;
•    via the electronic inbox available at: https://www.bfdi.bund.de;
•    Helpline: +49 (0)228 997799-0

.To exercise the above-mentioned rights, the data subject should contact the
Controller using the contact details provided and specify which right they wish to exercise and to what extent.

§ 4 Profiling

The Administrator processes data automatically within IT systems. On the website, the Data Administrator may display marketing information about its products or services. The display of such content is done by the Data Administrator in accordance with Article 6(1)(f) of the GDPR, i.e., based on the legitimate interest of the Data Administrator, which consists of publishing content related to the services provided and promotional content about campaigns in which the Data Administrator is involved. At the same time, this action does not violate the rights and freedoms of the Users.

The Administrator may use profiling for direct marketing purposes, but decisions made based on such profiling by the Administrator do not concern the conclusion or refusal to conclude a contract or the possibility of using electronic services. The effect of using profiling may be, for example, granting a discount or preparing an offer tailored to the interests of a given person.

Profiling is especially used to display advertisements redirecting to third-party websites (banner advertising) based on the User’s activity on the website. Banner advertising uses cookies or pixels. The Administrator’s intention is to provide an attractive advertising offer for the User, which is why, within the banner advertising, the User may primarily see products or services that they have already viewed on the Administrator’s website or similar ones.

Within banner advertising, only anonymized data is used; personal information about the User (such as name or email address) is not stored in cookies. In the context of retargeting and banner advertising, the Administrator uses services from META (formerly Facebook Inc.) and Google AdWords.

§ 5 Cookies

The Administrator obtains information about Users and their behavior in the following ways:
a. through voluntarily provided information in forms for purposes arising from the specific function of a given form;
b. by storing cookies (so-called "cookies") on end-user devices;
c. by collecting server logs through the website hosting provider (necessary for the proper operation of the service).

Cookies are IT data, in particular text files, stored on the end-user's device, designed to be used for browsing the website. Cookies typically contain the name of the website from which they originate, the time of storage on the end-user's device, and a unique number.

The Administrator uses cookies only after obtaining the User's consent in this regard. Consent to the use of all cookies by the Administrator is given by clicking the "Accept" button when the cookie usage notification appears on the website.

If the User does not consent to the use of cookies by the website, they can use the "Reject" option available in the cookie notification or change their browser settings.
The User of the website can also customize specific cookies to which they consent by clicking the "Manage Preferences" button.

§ 6 Google Analytics

The website uses Google Analytics, a tool provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), to analyze the website’s visit statistics. Google Analytics uses cookies that enable the collection of information about how users interact with the website. The collected data is typically transmitted to Google LLC servers in the United States, where it is stored.

If the IP anonymization feature is activated on this website, the user’s IP address is truncated by Google LLC before being transmitted to EU member countries or other countries party to the agreement on the European Economic Area. In exceptional cases, the full IP address may be transmitted to a Google LLC server in the United States and then truncated. The anonymized IP address sent by the user's browser in relation to Google Analytics is not merged with other data by Google LLC.

The User can prevent Google LLC from registering data via cookies related to the use of the website and from processing this data by Google LLC by installing an appropriate browser plugin available for download at this link: https://tools.google.com/dlpage/gaoptout.

The Administrator ensures appropriate protection of personal data transmitted to Google LLC by using standard data protection clauses included in the agreement with Google LLC, on the basis of which the data is transferred to Google LLC servers in the United States.

§ 7 System Logs

The Administrator collects information about users of the website by collecting server logs through the website hosting provider.
Data stored in server logs is not linked to specific individuals using the website and is not used for user identification purposes.
Server logs are only auxiliary material used for managing the website and are not made available to anyone other than authorized persons managing the server.

§ 8 Data Transfer Outside the EEA

In the case of transferring personal data outside the European Economic Area (EEA), the Administrator ensures an adequate level of protection for personal data in accordance with the provisions of the GDPR, particularly by applying appropriate data protection clauses, such as standard contractual clauses.

§ 9 Changes to the Privacy Policy

The Administrator reserves the right to change the Privacy Policy. Information about the changes will be published on the website.
The change to the Privacy Policy will be announced no later than 14 days before its implementation.
Changes to the Privacy Policy become effective after the period specified in point 2 above.
This Privacy Policy applies exclusively to the website. The website may contain links to other websites whose privacy policies may differ. The Administrator recommends that users familiarize themselves with the privacy policy of other websites after visiting them.