Given that our website and the technologies on which it is based, as well as our business processes are subject to continuous development, the Privacy Notice may need to be changed too. All future changes will be published on this website.
II. Use of the website and data protection
1. Name and contact data of the controller of the website
We, Aquila Sustainable Infrastructure GmbH, represented by the managing directors Rolf Zarnekow and Markus Holzer, Valentinskamp 70, 20355 Hamburg (Tel.: +49 40 875050-100 / receptionist, Fax: +49 40 87 5050-129) are the controller within the meaning of Art. 4 (7) GDPR.
2. Contact data of the Data Protection Officer
Aquila Sustainable Infrastructure GmbH is part of Aquila Group (meaning Aquila Capital Holding GmbH and its affiliated companies in the sense of §§ 15 et seq. of the German Stock Corporation Act (AktG)). The data protection officer of Aquila Group can be reached as follows:
Aquila Capital Holding GmbH
c/o the data protection officer
Valentinskamp 70, 20355 Hamburg
4. Processing of personal data in the context of informational use of our website
a. Description and scope of data processing
If you only use our website for informational purposes, we do not collect any personal data aside from the data transmitted by your browser to enable you to visit the website.
That data is:
- Date and time of your request
- Duration of your visit
- Time zone difference compared to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status / HTTP status code
- Website & provider from/by which the request is made
- Operating system
- Language and version of the browser software
- IP address (anonymised).
b. Purpose and legal basis of data processing
We store data related to the end device in order to create use statistics, for example, or to identify and trace unauthorised attempts to access our web servers. We only create profiles regarding the use of our website in anonymised form and only to improve user navigation and optimise our products and services. Our legitimate interest in data processing pursuant to Art. 6 (1) lit. f GDPR also lies in these purposes. We do not create or process behavior profiles relating to a specific person from the aforementioned information.
c. Duration of data storage
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
5. Processing of personal data during the use of our website features
We only store personal data, such as your e-mail address or your name, if you choose to provide this information to us, e.g. in the context of the contact form, or for the performance of a contract (principle of direct collection).
a. Contact form
The following data is collected:
- Surname, Name
- e-mail address
- any information you choose to include in the text-field
We process your personal data provided in the contact form in order to contact you and to process your request (Art. 6 (1) lit. b GDPR). This data will not be passed on without your consent. Data transmitted via the contact form will remain with us until you request us to delete it or there is no longer any need to store the data. Mandatory legal provisions – in particular retention periods – remain unaffected. Your rights in connection with data processing can be found under III. point 7.
If you have registered for our newsletter, you will receive information about AQ Compute GmbH and its data center business.
The registration takes place in a so-called double opt-in procedure. This means that after registration you will receive an email in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with other people’s e-mail addresses. When registering for the newsletter, the user’s IP address and the date and time of registration are stored. This serves to prevent misuse of the services or the e-mail address of the person concerned. The data is not passed on to third parties. An exception exists if there is a legal obligation to pass on the data. The data is used exclusively for sending the newsletter. The subscription to the newsletter can be cancelled by the data subject at any time. Likewise, consent to the storage of personal data can be revoked at any time. For this purpose, a corresponding link can be found in each newsletter. The legal basis for the processing of the data after the user has registered for the newsletter is Art. 6 para. 1 lit. a) GDPR if the user has given his consent. The legal basis for sending the newsletter as a result of the sale of goods or services is Article 7 (3) UWG.
6. Presences in social networks (fan pages)
We maintain publicly accessible profiles on social networks. The individual social networks used by us can be found below.
Social networks such as Facebook etc. can generally comprehensively analyse your user behaviour when you visit their website or a website with integrated social media content (e.g. Like buttons or advertising banners). By visiting our social media presences, numerous data protection-relevant processing operations are triggered. In detail:
If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected under certain circumstances if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your end device or by recording your IP address.
With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, you can be shown interest-based advertising inside and outside the respective social media presence. Provided you have an account with the respective social network, the interest-based advertising may be displayed on all devices on which you are or were logged in.
a. Legal basis
Our social media presences are intended to ensure the most comprehensive possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 Para. 1S.1 lit. f DSGVO. The analysis processes initiated by the social networks may be based on different legal bases, which are to be stated by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 sentence 1 lit. a DSGVO).
b. Responsible party and assertion of rights
If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. In principle, you can assert your rights (information, correction, deletion, restriction of processing, data portability and complaint) both vis-à-vis us and vis-à-vis the operator of the respective social media portal (e.g. vis-à-vis Facebook).
Please note that despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing procedures of the social media portals. Our options are largely determined by the corporate policy of the respective provider.
c. Storage period
The data collected directly by us via the social media presence will be deleted from our systems as soon as the purpose for storing it no longer applies, you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies. Stored cookies remain on your end device until you delete them. Mandatory legal provisions – in particular retention periods – remain unaffected.
d. Social networks in detail
aa. Facebook (Meta)
We have a profile on Facebook. The provider is Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 in Ireland, a company of the Meta Group (Meta Platforms Inc., 1 Hacker Way, Menlo Park, California 94025, USA) (“Facebook” or “Meta”).
We have entered into a Joint Processing Agreement (Controller Addendum) with Facebook. This agreement specifies the data processing operations for which we or Facebook are responsible when you visit our Facebook page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.
You can adjust your advertising settings yourself in your user account. To do so, click on the following link and log in: https://www.facebook.com/settings?tab=ads.
We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.
If you would like to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
We operate a YouTube channel for which YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA, is the provider. When you visit one of our pages on which a YouTube video is embedded, YouTube at least sets a cookie that stores your IP address and our URL. If you are logged into your YouTube account, YouTube can assign your interactions on our website to your profile using cookies. If you are not logged into a Google Account or YouTube account, Google stores data with a unique identifier associated with your device, browser or app.
Most of the data received and processed by YouTube is stored on Google servers in the US. The retention period of the collected data varies. Some data can be manually deleted by you at any time, while others are automatically deleted after a certain period of time and still others are stored for a longer period of time
You generally have the option to manually delete data in your Google Account. Even if you are not signed in to a Google Account, you can delete some data associated with your device, browser or app. You can also set your browser to delete or disable cookies from Google.
If you have consented to the processing of data by embedded YouTube elements, this consent serves as the legal basis for data processing pursuant to Art. 6 (1) lit. a DSGVO. In principle, your data will also be stored and processed on the basis of our legitimate interest pursuant to Art. 6 (1) lit. f DSGVO to promote fast and effective communication with you or other business partners.
8. Disclosure to third parties
To facilitate the purposes described we may exchange your data with third parties we use to process orders and inquiries. In this context we may provide access to your information to third parties that support our provision of services to you. Examples are third parties used to manage our web servers and to analyse data who may be able to access your data in this context. A data processing agreement is concluded in this case.
If you make your personal data available to us for the purpose of potential future cooperation, potential investments and/or to enable us to contact you, we may disclose this data to affiliated companies (as defined in Sections 15 et seqq. of the German Stock Corporation Act), if there is a legitimate interest on our part and your interests, fundamental rights and freedoms do not outweigh.
Otherwise we only provide your personal data to third parties if we are obligated to do so by compulsory legal regulations, if you ask us to do so or have consented to the disclosure, or after the data has been anonymised or pseudonymised.
Our data processing operations may involve the transfer of certain personal data to third countries, i.e. countries where the GDPR is not applicable law. Such a transfer takes place in a permissible manner if the European Commission has determined that an adequate level of data protection is required in such a third country. If such an adequacy decision by the European Commission does not exist, a transfer of personal data to a third country will only take place if appropriate safeguards exist in accordance with Art. 46 GDPR or if one of the conditions of Art. 49 GDPR is met.
Unless there is an adequacy decision and nothing else is stated below, we use the EU standard data protection clauses as suitable safeguards for the transfer of personal data in third countries. You have the possibility to obtain a copy of these EU standard data protection clauses or to inspect them. To do so, please contact us at the address given under contact data of the controller of the website.
If you consent to the transfer of personal data to third countries, the transfer will take place on the legal basis of Article 49 (1) lit. a DSGVO.
9. Data security, TLS encryption with https:, Technologies used
We take diligent precautions to protect your data against manipulations, loss, destruction and against access by unauthorised persons. We continuously improve our security measures in accordance with the development of technology. All employees are obligated to maintain data confidentiality in accordance with the provisions of the GDPR.
We use https to transmit data in a tap-proof manner on the internet (data protection through technology design Article 25 (1) GDPR). Through the use of TLS (Transport Layer Security), an encryption protocol for secure data transmission on the internet, we can ensure the protection of confidential data. You can recognize the use of this data transmission security by the small lock symbol in the upper left corner of the browser and the use of the https scheme (instead of http) as part of our Internet address.
10. Technologies used
a. Description and scope of data processing
If you want to, you can suppress the storage of cookies in general through your web browser or you can decide if you want to be asked if a cookie should be stored or not. However, if you do not accept cookies, some pages may not be displayed correctly any more.
- Language and country
- Browser settings and installed plug-ins
- Data on the use of our website.
This website uses the following cookies:
- Transient cookies (temporary use)
- Persistent cookies (use for a limited time)
Transient cookies are deleted automatically when you close your browser. They specifically include session cookies. Session cookies store a “session ID” which allows to allocate various requests from your browser to a joint session. This allows the website to recognize your computer when you return to the website. Session cookies are deleted when you log out or close your browser.
Persistent cookies are deleted automatically after a specified period which may vary depending on the type of the cookie. You can delete the cookies at any time in the security settings of your browser.
The user data collected in this way is pseudonymised by technical precautions. Therefore, it is no longer possible to assign the data to the calling user. The data will not be stored together with other personal data of the users.
More information on how cookies work can be found on the following website: http://www.allaboutcookies.org.
b. Purpose and legal basis of data processing
c. Duration of storage objection and elimination options
d. Customize cookie settings
When calling up our website, we offer you the possibility to individually adjust the cookies via the “Settings” item in the cookie banner. This consent is voluntary, not necessary for the use of this website and can be revoked at any time. You can adjust the cookie settings here at any time.
Consent with Borlabs Cookie
Our website uses the Borlabs consent technology to obtain your consent to the storage of certain cookies in your browser or for the use of certain technologies and for their data privacy protection compliant documentation. The provider of this technology is Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany (hereinafter referred to as Borlabs).
Whenever you visit our website, a Borlabs cookie will be stored in your browser, which archives any declarations or revocations of consent you have entered. These data are not shared with the provider of the Borlabs technology.
The recorded data shall remain archived until you ask us to eradicate them, delete the Borlabs cookie on your own or the purpose of storing the data no longer exists. This shall be without prejudice to any retention obligations mandated by law. To review the details of Borlabs’ data processing policies, please visit https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/
12. Google Analytics
We use the Google Analytics service of the provider Google Ireland Limited (Google Ireland/EU) on our website.
Some of this data is information stored in the terminal device you are using. In addition, further information is also stored on your end device via the cookies used. Such storage of information by Google Analytics or access to information already stored in your terminal device will only take place with your consent.
Google Ireland will process the data thus collected on our behalf in order to evaluate the use of our website by users, to compile reports on the activities within our website and to provide us with further services related to the use of our website and the use of the Internet. In doing so, pseudonymous user profiles can be created from the processed data.
The setting of cookies and the further processing of personal data described here takes place with your consent. The legal basis for the data processing in connection with the Google Analytics service is therefore Art. 6 (1) lit. a GDPR. You can revoke this consent via our Consent Management Tool at any time with effect for the future.
The personal data processed on our behalf to provide Google Analytics may be transferred to any country in which Google Ireland or Google Ireland’s sub-processors maintain facilities. Google Ireland uses the EU standard data protection clauses as appropriate safeguards for these transfers of personal data in third countries, which can be found at the following link: https://business.safety.google/adsprocessorterms/sccs/eu-p2p-intra-group/.
The data on user actions are stored for a period of 2 months and then automatically deleted. Thereby, the deletion of the data whose storage period has expired takes place automatically once a month.
We also use the Google Analytics advertising features (remarketing). This function allows us, in conjunction with the cross-device functions of Google, to display advertisements in a more targeted manner and to present interest-based ads. Through remarketing, we display ads and products that have been identified as being of interest on other websites in the Google network. The function allows us to link advertising target groups created via Google Analytics Remarketing with the cross-device functions of Google Ads. In this way, interest-based, personalized advertising messages that have been adapted to a user depending on previous usage and surfing behavior on one end device (e.g. cell phone) can also be displayed on another end device of the user (e.g. tablet or PC).
If consent has been given, Google will link your web and app browsing history to your Google Account for this purpose. In this way, the same personalized advertising messages can be served on every end device on which you log in with your Google account. The aggregation of the collected data in your Google account is based solely on your consent, which you can give or revoke at Google. For these linked services, data is then collected via Google Analytics for advertising purposes. To support the remarketing function, Google Analytics collects users’ google-authenticated IDs, which are temporarily linked to our Google Analytics data. This is used to define and create target groups for cross-device ad advertising.
For more information on how data from websites or apps is used by Google for advertising purposes, please see Google’s notices at: www.google.com/policies/technologies/ads/.
13. Google Maps
We use Google Maps from Google Ireland Limited (Ireland, EU) on our website to display maps and for virtual tours. For such an integration, a processing of your IP address is technically necessary so that the content can be sent to your browser. Your IP address is therefore transmitted to Google and Google may set its own cookies.
The processing of your data is based on your consent according to Art. 6 (1) lit. a GDPR.
We use the Cloudflare service of Cloudflare Inc (USA) on our website to display content. For such an integration, a processing of your IP address is technically necessary so that the content can be sent to your browser. Your IP address is therefore transmitted to Cloudflare. You can object to this data processing at any time via the settings of the browser used or certain browser extensions. Please note that this may result in functional restrictions on the website.
The processing of your data is based on Art. 6 (1) lit. f GDPR and is based on our legitimate interest in the optimization and economic operation of our website.
15. Your rights
III. General Information and specific data processing at Aquila Group (data protection information according to Art. 13 GDPR)
The privacy, protection and processing of your personal data is very important to Aquila Group (meaning Aquila Capital Holding GmbH and its affiliated companies within the meaning of sections 15 et. seq of the German Stock Corporation Act (AktG)). In the following we would like to inform you about the processing of your personal data within Aquila Group and your rights regarding personal data protection. Which specific personal data will be collected and/or used significantly depends on the specific business relationship we have with you or the occasion and the purpose of the processing or other factors.
1. Name and contact data of the controller
Controller within the meaning of GDPR and/or other European data protection laws or regulations, is the legal entity within Aquila Capital, with which you maintain a business relationship, that collects personal data from you or to which you provide personal data.
The responsible companies of Aquila Group with legal seat in Hamburg, Germany, can be reached as follows:
Valentinskamp 70, 20355 Hamburg, Germany
Tel.: +49 40 875050-100
The responsible companies of Aquila Group with legal seat in the UK can be reached as follows:
20th Floor, Leaf B, Tower 42, 25 Old Broad Street, London EC2N 1HQ
Tel. +44 2082085400
The responsible companies of Aquila Group with legal seat in Spain can be reached as follows:
Paseo de la Castellana, 259D, Torre Emperador, 28046 Madrid, Spain
Tel.: +34 91 511 90-50
The responsible companies of Aquila Group with legal seat in Switzerland can be reached as follows:
8001 Zurich, Switzerland
phone: +49 40 87 5050-100
The responsible company of Aquila Group with legal seat in Norway can be reached as follows:
Haakon VIIs gate 6
0161 Olso, Norway
phone: +49 40 87 5050-100
The responsible companies of Aquila Group with legal seat in the Netherlands can be reached as follows:
Schiphol Boulevard 215, WTC Schiphol
1118BH Schiphol, Netherlands
phone: +49 40 87 5050-100
The responsible companies of Aquila Group with legal seat in Japan can be reached as follows:
12FYurakucho Itocia, 2-7-1 Yurakucho, Chiyoda-ku
100-0006 Tokio, Japan
phone: +49 40 87 5050-100
The responsible companies of Aquila Group with legal seat in Singapore can be reached as follows:
138 Market Street #15-03 Capitagreen
phone: +49 40 87 5050-100
The responsible companies of Aquila Group with legal seat in Portugal can be reached as follows:
Avenida Fontes Pereira de Melo, N14, 11
phone: +351 211 328 420
2. Contact data of the Group Data Protection Officer
The group data protection officer of Aquila Group can be reached as follows:
Aquila Capital Holding GmbH
c/o data protection officer
Valentinskamp 70, 20355 Hamburg
3. Purpose of personal data processing and legal basis
We process personal data in accordance with the relevant rules and regulations, in particular with GDPR.
The processing of personal data is necessary for the performance of a contract with you (Art. 6 (1) lit. b. GDPR).
The processing of personal data is necessary for the purposes of the legitimate interests pursued by you or by a third party (Art. 6 (1) lit. f. GDPR).
If you have declared your consent in the processing of personal data for certain purposes, we process such data on the basis of your consent (Art. 6 (1) lit. a. GDPR.
In addition, we are subject to a large number of legal obligations (money- laundering act, tax law etc.) as well as regulatory regulations. For this purpose we can use and process your personal data (Art. 6(1) lit. c. GDPR).
4. Recipients or categories of recipients of the personal data
Your personal data will be transmitted within Aquila Group to all entities which need these data for contractual and/or regulatory purposes. For these purposes we also may transmit your personal data to processors (Art. 28 GDPR) if applicable. To comply with certain contractual obligations we may transmit personal data to other recipients, e.g. public authorities or organizations in case of legal obligations. A transfer of personal data to third parties with a registered office in a third country will only take place with your consent or in order to fulfil our contractual obligations pursuant to Art. 44 et seq GDPR.
5. Duration of storage
After collection, your data will be stored for as long as necessary to fulfil the purpose for which it was collected, taking into account the statutory retention periods.
we are subject to miscellaneous safekeeping and documentation obligations that may arise from e.g. German Commercial Code or General Fiscal Code. Pursuant to the provisions of these laws, personal data must generally be retained for a period of ten years. In addition, the statutory period of limitations within the meaning of §§ 195 et seq. German Civil Code (BGB) shall apply in relation to the duration of storage period. Thus, the maximum period of limitation term is up to 30 years. However, retention periods according to legal regulations of other countries may also apply.
6. Automated decision-making including profiling
Your personal data will be partially processed automatically, to analyse certain personal aspects (profiling). Profiling is used in the following areas: We are subject to certain legal and regulatory requirements, e.g. anti-money laundering, terrorist financing and asset risk offenses. Concurrently, these measures are for your protection.
7. Your Rights
IV. Data Subject Rights
As a data subject within the meaning of the GDPR, you have various rights vis-à-vis the responsible entity of Aquila Capital with regard to your personal data, which we inform you about below. You can also find details about your rights in Art.15-21 of the GDPR:
- Right to information according to Art. 15 GDPR:
You have the right to request information about your personal data processed by the controller. In particular, about the processing purposes, the categories of personal data and about recipients or categories of recipients to whom the personal data have been disclosed. Furthermore, you have the right to obtain information about the planned duration of storage.
- Right to rectification pursuant to Art. 16 GDPR:
You have the right to request without delay the correction of inaccurate or the completion of your personal data stored by the controller.
- Right to deletion according to Art. 17 GDPR
You have the right to request the deletion of your data under the conditions specified in Art. 17 GDPR.
- Right to restriction according to Art. 18 GDPR
In specific cases specified in the GDPR, you have the right to request the restriction of the processing of your personal data.
- Right to data portability according to Art. 20 GDPR
In specific cases set out in the GDPR, you have the right to receive and transfer all personal data concerning you to another controller (right to data portability).
In particular, you have a
- Right of objection according to Art. 21 GDPR
In accordance with Art. 21 (1) GDPR, you have the right to object to processing based on the legal basis of Article 6 (1) lit. e or f GDPR on grounds relating to your particular situation. If we process personal data about you for the purpose of direct marketing, you may object to this processing of direct marketing, you may object to this processing pursuant to Art. 21 (2) and (3) GDPR.
as well as a
- Right of revocation according to Art. 7 para. 3 GDPR
Insofar as we process your data on the basis of your consent (Art. 6 (1) lit. a or Art. 9 (2) GDPR), you have the right to revoke this consent at any time with effect for the future, without this affecting the lawfulness of the consent valid until then. The revocation is – like the granting of consent itself – possible orally or in text form.
You also have a
- Right of appeal pursuant to Art. 77 GDPR
You have the right to complain to a data protection supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or the registered office of the responsible controller.