Legal

Privacy Policy

Thank you for your interest in 1KOMMA5° GmbH (hereinafter "we", "us") and for visiting our website. The information below provides an overview of the processing of your personal data on our website https://www.1komma5.com/ (hereinafter "Website") and of your data protection rights.

We process your personal data in accordance with the applicable statutory provisions, in particular the EU General Data Protection Regulation ("GDPR").

1. Controller

The controller within the meaning of Article 4(7) GDPR for the Website and the related processing of personal data is:

1KOMMA5° GmbH
Neuer Wall 35
20354 Hamburg

E-Mail:impressum@1komma5grad.com

2. Data Protection Officer

You can contact our Data Protection Officer at:

Martin TruttI
TADA Enterprise Solutions GmbH
Jahnallee 14
04109 Leipzig

E-Mail:dsb@itada.de

3. General Information

Below, we provide an overview of which categories of personal data we process, the scope and purposes of such processing, and the respective lawful basis under the GDPR. We also indicate which third-party service providers we use.

3.1 International Data Transfers

Where we transfer personal data to a third country, we ensure compliance with Articles 44 et seq. GDPR, i.e. before any transfer to a recipient outside the European Economic Area (EEA), we assess whether an adequate level of protection is ensured. This may be ensured, for example, by an EU Commission adequacy decision or by appropriate transfer safeguards within the meaning of Article 46 et seq. GDPR. If you need further information about international data transfers and transfer safeguards in place, or would like to obtain copies of such transfer safeguards, please contact our Data Protection Officer.

3.2 Erasure of Data

We delete your personal data in accordance with standardized processes as soon as it is no longer required for processing purposes, in the event of an objection, there are no compelling legitimate grounds for retention, or in the event of a revocation of your consent, there is no other legal basis for processing. In certain cases, e.g. if there is a legal obligation to retain data, your personal data will first be blocked and then deleted at the end of the retention period. This privacy policy may contain further specific information on the storage and deletion of personal data. 

3.3 Security of Processing

We implement appropriate technical and organisational measures, taking into account the state of the art, implementation costs, the nature, scope, context and purposes of processing, and the risks to the rights and freedoms of natural persons, in order to ensure a level of security appropriate to the risk. These measures include, in particular, safeguarding the confidentiality, integrity and availability of personal data by controlling physical and electronic access, access rights, data entry, disclosure, availability controls and segregation. We also implement procedures to enable data subject rights, the erasure of personal data, and responses to risks affecting personal data, and we take data protection into account in the development/selection of hardware, software and processes in line with data protection by design and by default.

3.4 Recipients of Personal Data

In the course of our processing, personal data may be transferred to, or disclosed to, other entities, (affiliated) companies, legally independent organisational units, or individuals. Recipients may include, for example, IT service providers or providers of services and content integrated into a website.

4. Categories of Personal Data Processed and Sources

4.1 Provision of the Website

4.1.1 Scope of Processing

To provide our Website, we use storage space, computing capacity and software that we rent from a server provider (web host). These services also include sending, receiving and storing emails. When you visit our Website, data that your browser transmits to our server is processed automatically and stored in server log files. This may include:

  • Information about browser type and version;

  • Operating system of the end device;

  • Internet service provider;

  • IP address;

  • Date and time of access; and

  • Referrer URL (the previous website from which you accessed our Website).

4.1.2 Purpose of Processing

The collection and further processing of your IP address is necessary to enable you to use and to optimise our Website and for fraud prevention.

4.1.3 Lawful Basis

The lawful basis is our legitimate interests pursuant to Article 6(1)(f) GDPR. We have an overriding legitimate interest in providing a website and in being able to offer our services in a technically flawless manner.

4.1.4 Storage Period

For security reasons (e.g. to investigate misuse or fraudulent activities), log files are stored for a maximum of 7 days and then erased. Data that must be retained for evidentiary purposes will be stored until the matter has been finally clarified.

4.1.5 Recipients of Personal Data

Your personal data is disclosed, to the extent necessary, to service providers for hosting and a content delivery network (CDN) within the framework of processing on behalf of the controller (processing pursuant to Article 28 GDPR).

4.2 Use of Cookies

4.2.1 General Information

We use cookies on our Website. Cookies are files created automatically by your browser and stored on your IT system when you visit our Website. A cookie stores information related to the specific end device used. Many cookies contain a cookie ID, i.e. a unique identifier consisting of a character string that enables websites and servers to recognise the specific browser in which the cookie is stored. This makes it possible to distinguish the individual browser of the data subject from other browsers that store different cookies. When you first visit our Website or a subpage that contains cookies, "privacy settings" are displayed. There you receive information about each cookie we use, including name, provider, purpose of processing and storage period. You can allow us to use non-essential cookies and you can withdraw that decision there as well. A distinction must be made between technically necessary cookies and non-essential cookies.

4.2.2 Technically Necessary Cookies

We use technically necessary cookies, i.e. cookies that are technically necessary to provide all functions of our Website. The lawful basis for processing is our legitimate interests pursuant to Article 6(1)(f) GDPR. We have an overriding legitimate interest in being able to offer our services in a technically flawless manner. For our contractual partners who use services owed by us under a contract via our Website, the lawful basis for the use of cookies is Article 6(1)(b) GDPR (performance of a contract). Information pursuant to Article 13 GDPR on services that set essential cookies on our Website can be found in our cookie banner, which can be accessed at any time via the "Cookie settings" button in the footer of our Website.

4.2.3 Non-Essential Cookies

We also use non-essential cookies (e.g. analytics and marketing cookies). These cookies are not technically necessary; we use them to understand your behaviour on our Website and to improve our services. The lawful basis is your consent pursuant to Article 6(1)(a) GDPR. Cookies are only set after you have given consent via our cookie banner. Information pursuant to Article 13 GDPR on services that set non-essential cookies can be found in our cookie banner, which can be accessed at any time via the "Cookie settings" button in the footer.

4.2.4 Storage Period

With regard to storage period, the following types of cookies are distinguished:

i. Temporary cookies (also: session cookies): Temporary cookies are erased at the latest after a user leaves an online service and closes their end device (e.g. browser or mobile application).

ii. Persistent cookies: Persistent cookies remain stored even after closing the end device, e.g. to store login status or show preferred content when a user revisits a website. Data collected via cookies can also be used for reach measurement; if no explicit information on type and storage period is provided (e.g. when obtaining consent), users should assume that cookies are persistent and that the storage period may be up to two years.

4.3 Cookie Banner

4.3.1 Scope of Processing

To provide information about cookies as part of "privacy settings", we use a cookie banner on our Website. Our cookie banner informs you about the cookies we use and allows you to decide whether you consent to the setting of non-essential cookies. The following personal data may be processed:

i. Usage data (e.g. visited webpages, time of access); andii. metadata and communications data (e.g. IP address).

4.3.2 Purpose of Processing

We process your personal data for the following purposes:

i. Informing the user about the cookies we use; andii. providing a solution to consent to technically non-essential cookies.

4.3.3 Lawful Basis

The lawful basis for the use of the cookie banner is our legitimate interests pursuant to Article 6(1)(f) GDPR. We have an overriding legitimate interest in using the cookie banner to obtain legally required consents for non-essential cookies and to comply with our information obligations regarding cookies.

4.3.4 Storage Period

The cookie banner stores your selected preferences until you reset or adjust them.

4.3.5 Recipients of Personal Data

Your personal data is disclosed, to the extent necessary, to a service provider for cookie banners within the framework of processing pursuant to Article 28 GDPR.

4.4 Contact Options

4.4.1 Scope of Processing

You can contact us via our Website by email contact form or via our partner portal. In the context of contacting us and responding to your request, we process the personal data indicated in the respective contact form. This may include:

  • First and last name;

  • email address;

  • address;

  • telephone number;

  • date and time of the request;

  • IP address; and

  • additional personal data you provide when contacting us.

4.4.2 Purpose of Processing

We process your personal data to respond to your enquiry and any related matters.

4.4.3 Lawful Basis

If your request is related to pre-contractual measures or to an existing contract with us, the lawful basis is performance of a contract / taking steps at the request of the data subject prior to entering into a contract pursuant to Article 6(1)(b) GDPR.

If your request is made independently of pre-contractual measures or existing contracts, the lawful basis is our legitimate interests pursuant to Article 6(1)(f) GDPR. We have an overriding legitimate interest in offering visitors to our Website a means to contact us.

4.4.4 Storage Period

We erase your personal data as soon as it is no longer necessary to achieve the purpose of collection. For contact enquiries, this is generally the case when the relevant matter has been conclusively resolved based on the circumstances.

4.4.5 Recipients of Personal Data

Your personal data is disclosed, to the extent necessary, to a service provider for customer contact management within the framework of processing pursuant to Article 28 GDPR.

4.4.6 Contact via WhatsApp

If you are interested in advice from our employees, have provided us with your mobile phone number and are registered with WhatsApp, we may contact you via WhatsApp Messenger. WhatsApp is a messenger app provided by WhatsApp LLC (1 Meta Way, Menlo Park, California 94025, USA) for end-to-end encrypted message transmission. Using WhatsApp enables us to exchange offer information and details regarding your specific claims via a secure transmission channel; if you do not wish to be contacted in this way, you can inform us at any time.

4.5 Ordering and Activation of Our Heartbeat Product

4.5.1 Scope of Processing

Via our Website, you can order or activate our product "Heartbeat". To carry out these processes, we process your personal data, in particular:

  • First and last name;

  • postal address; 

  • email address

  • telephone number; and

  • where applicable, communication content.

4.5.2 Purpose of Processing

We process your personal data to handle your request.

4.5.3 Lawful Basis

If your request is related to pre-contractual measures or to an existing contract with us, the lawful basis is Article 6(1)(b) GDPR.

4.5.4 Recipients of Personal Data

Your personal data is disclosed, to the extent necessary, to service providers involved in placing or activating the order within the framework of processing pursuant to Article 28 GDPR.

4.6 Newsletter

4.6.1 Scope of Processing

If you have provided us with your email address when purchasing one of our services, we use it to inform you about our own similar goods and/or services via newsletter.

You can object to receiving our newsletters at any time by clicking the unsubscribe link at the end of each newsletter; your email address will then be removed from the newsletter distribution list.

Our newsletters contain tracking links which enable us to analyse the behaviour of newsletter recipients (e.g. how many recipients opened the newsletter and which links were clicked). This enables us to statistically evaluate the success of online marketing campaigns and to optimise newsletter distribution and tailor future newsletter content more closely to your interests.

In the course of newsletter distribution, we process, inter alia:

  • Email address;

  • first and last name;

  • organisation;

  • preferred language;

  • metadata (e.g. device information, IP address, date and time of registration); and

  • interaction with the newsletter.

4.6.2 Purpose of Processing

We process your personal data for the following purposes:

i. Newsletter distribution: carrying out marketing measures; andii. Newsletter tracking: measuring success

4.6.3 Lawful Basis

The lawful basis for sending our newsletter is your consent pursuant to Article 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future by making the relevant changes in your cookie settings.

The lawful basis for newsletter tracking is our legitimate interests pursuant to Article 6(1)(f) GDPR, namely to understand whether our newsletter meets your interests and expectations.

4.6.4 Storage Period

We erase your personal data as soon as it is no longer necessary for the purpose of collection; in the context of newsletter distribution, this is generally the case when you object to processing.

4.6.5 Recipients of Personal Data

Your personal data is disclosed, to the extent necessary, to a service provider for newsletter distribution within the framework of processing pursuant to Article 28 GDPR.

4.7 Job Applications via Our Website

4.7.1 Scope of Processing

If you apply via our Website (e.g. via our contact forms or our recruiting website), we process personal data voluntarily provided by you, such as name, contact details (email address, telephone number), details of qualifications, professional background, free text fields, and where applicable uploaded documents (e.g. CV, certificates, cover letter).

4.7.2 Purpose of Processing

Processing serves to assess your suitability for the advertised position, to conduct the application process and to decide on a possible hire. Where necessary, we may contact you to clarify open questions.

4.7.3 Lawful Basis

The lawful basis is Article 6(1)(b) GDPR (taking steps prior to entering into an employment relationship / initiation of an employment relationship). Longer storage for future job openings only takes place on the basis of your explicit consent pursuant to Article 6(1)(a) GDPR.

4.7.4 Storage Period

Your application data is stored for the duration of the application process and erased at the latest 6 months after completion (acceptance, rejection or withdrawal), unless longer statutory retention obligations (e.g. under commercial or tax law) apply. Where you have given consent, the storage period is one year or until you withdraw consent.

4.7.5 Recipients of Personal Data

Your personal data is made available internally only to the departments responsible for the application process (HR, accounting, controlling/audit, specialist department). Within our corporate group, only those entities and departments that require the personal data to fulfil the purposes stated above will receive access. No disclosure to third parties takes place except to processors (e.g. HR software, hosting services, recruitment agencies, IT service providers). Our recruiting website (https://1komma5grad.jobs.personio.de/) is operated by Personio SE & Co. KG, a company based in Germany providing HR administration and applicant management software. Personio processes these data as a processor pursuant to Article 28 GDPR on the basis of a data processing agreement. We remain the controller for the processing of your personal data in connection with your application. The data is stored in data centres of Amazon Web Services (AWS) in Frankfurt and/or within the European Union and does not leave the EU. Further information on processing by Personio can be found in Personio's privacy policy (https://www.personio.com/privacy-policy/) and Personio Trust Center (https://www.personio.com/security/).

4.8 Social Media Profiles

We use third-party platforms to provide information about our company, products and services. Interactions such as messages, likes and content on our social media channels are processed. Where processing of personal data takes place in the context of communication, it serves to handle feedback regarding our services.

We store personal data in identifiable form only as long as necessary for the purposes for which it is processed (e.g. until expiry of warranty, limitation periods and statutory retention periods), unless otherwise specified in this Privacy Policy. We receive non-personal data from third-party platforms, such as the total number of measures displayed by the platform operator or preferred visiting and posting times. We have no influence on the creation and provision of these data. The lawful basis is our legitimate interests pursuant to Article 6(1)(f) GDPR, namely improving our marketing measures.

The associated processing operations take place exclusively within the responsibility of the platform operators; further information is available in the respective privacy policies:

4.9 Integration of Third-Party Services

On the basis of your consent pursuant to Article 6(1)(a) GDPR, we integrate content or service offerings of third-party providers (uniformly referred to as "content") to embed their content and services (e.g. videos or fonts). This requires that the third-party providers of such content perceive users' IP addresses because they could otherwise not send the content to the user's browser; the IP address is therefore necessary to display such content.

We strive to use only content whose providers use the IP address solely for delivery. Third-party providers may also use pixel tags (invisible graphics, also referred to as "web beacons") for statistical or marketing purposes. These pixel tags can be used to evaluate information such as visitor traffic on pages of this Website; pseudonymous information may also be stored in cookies and may include technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offering, and may be combined with information from other sources.

4.9.1 fraud0

We use fraud0 by fraud0 GmbH, Sendlinger Straße 7, 80331 Munich, Germany (https://www.fraud0.com/) to detect invalid traffic, bots and low-quality traffic and to prevent fraud on our Website. This serves to improve our online marketing measures, clean marketing-relevant statistics and increase user friendliness.

Personal data such as IP address, browser and device information (e.g. device type, operating system, user agent), location data, page views, click paths, session data, and usage and behavioural data are processed. Data are used exclusively for real-time classification and analysis of traffic; in the admin interface we only receive aggregated classifications without personal data.

The lawful basis is our legitimate interests pursuant to Article 6(1)(f) GDPR (fraud prevention and marketing optimisation). fraud0 processes data as a processor (Article 28 GDPR) on the basis of a data processing agreement. Further information on data protection at fraud0 is available at https://fraud0.com/privacy-policy/.

4.9.2 Trustpilot

We use Trustpilot by Trustpilot Group plc, Pilestræde 34, 1112 Copenhagen, Denmark (https://www.trustpilot.com/) to collect and display customer reviews. This serves transparency and improvement of our services.

Personal data such as name, email address, IP address, browser data, review content, star ratings and, where applicable, profile information are processed. Processing serves invitations to submit reviews, publication and analysis of feedback.

The lawful basis is your consent pursuant to Article 6(1)(a) GDPR (e.g. via consent banner or opt-in for invitations) and our legitimate interests pursuant to Article 6(1)(f) GDPR (qualified feedback). Trustpilot acts as a processor (Article 28 GDPR) and a data processing agreement is in place. Further information is available at https://de.legal.trustpilot.com/.

4.9.3 Optimeleon

We use Optimeleon by Optimeleon GmbH, Bodelschwinghstraße 15, 01445 Radebeul, Germany (https://www.optimeleon.com/). This AI-based conversion rate optimisation tool serves analysis and optimisation of user behaviour to improve website functions and user experience.

Personal data such as IP address, usage and device data, browser information and behavioural data (e.g. page views, clicks) are processed. Processing serves provision, optimisation and analysis of the Website and identification of optimisation potential.

The lawful basis is our legitimate interests pursuant to Article 6(1)(f) GDPR (technical optimisation and security) or your consent pursuant to Article 6(1)(a) GDPR (e.g. via cookie banner). Optimeleon acts as a processor (Article 28 GDPR). Further information is available at https://www.optimeleon.com/imprint.

4.9.4 Hello Charles

We use Hello Charles by Hello Charles GmbH, Kurfürstendamm 71, 10709 Berlin, Germany (https://www.hello-charles.com/). Data you enter during interactions with the chatbot are collected and forwarded to our customer service, as well as your account ID if you are logged in as a customer. Information you share is not disclosed to third parties and is not used for AI training.

The lawful basis is your consent pursuant to Article 6(1)(a) GDPR (e.g. via chat opt-in or cookie banner) and our legitimate interests pursuant to Article 6(1)(f) GDPR (efficient customer communication). Hello Charles acts as a processor (Article 28 GDPR) and a data processing agreement is in place. Further information is available at https://www.hello-charles.com/en-gb/privacy-policy/.

4.9.5 telli

In our telephone service, we use voice AI by telli technologies GmbH, Knaackstraße 78, 10435 Berlin, Germany (https://www.telli.com/de) to recognise natural speech and improve service quality. With your consent, this AI agent is used to arrange appointments and to record basic data, and the content of calls with the AI assistant is logged and forwarded to our customer service and linked to your customer account. Information you share is not disclosed to third parties and is not used for AI training.

Processing serves efficient handling of customer enquiries, natural conversations and optimisation of the customer journey. The lawful basis is your consent pursuant to Article 6(1)(a) GDPR (e.g. opt-in for calls) or our legitimate interests pursuant to Article 6(1)(f) GDPR (automated customer communication). telli acts as a processor (Article 28 GDPR) and a data processing agreement is in place. Further information is available at https://www.telli.com/de/data-privacy.

4.9.6 Calendly

We use Calendly by Calendly, LLC, 130 King Street, Suite 322, San Francisco, CA 94107, USA (https://calendly.com/) to enable efficient online appointment scheduling and calendar integration. When scheduling an appointment, data entered by you (name, contact details and any further information you provide) are processed.

Personal data such as name, email address, telephone number, appointment preferences, IP address and calendar data (e.g. from Google/Outlook) may be processed. Processing serves handling booking requests and avoiding double bookings.

The lawful basis is your consent pursuant to Article 6(1)(a) GDPR (e.g. booking opt-in) or our legitimate interests pursuant to Article 6(1)(f) GDPR (optimised appointment management). Calendly acts as a processor (Article 28 GDPR). Where data are transferred to third countries (in particular the USA), this is based on appropriate safeguards pursuant to Articles 44 et seq. GDPR, in particular Standard Contractual Clauses and the EU–US Data Privacy Framework. Further information is available at https://calendly.com/legal/privacy-notice.

4.9.7 autarc

For project planning, we use the tool autarc by autarc GmbH, Invalidenstr. 5, 10115 Berlin, Germany (https://www.autarc.energy/) to calculate heating loads. This serves to offer you an optimised solution; data about the planning object (postcode, location, consumption, room data), together with your customer data, are stored and processed by autarc GmbH for the purpose of initiating and performing a contract.

The lawful basis is your consent pursuant to Article 6(1)(a) GDPR (e.g. booking opt-in) or our legitimate interests pursuant to Article 6(1)(f) GDPR (effective project planning). autarc acts as a processor (Article 28 GDPR). Further information is available at https://www.autarc.energy/datenschutz.

4.9.8 Aircall

We use Aircall by Aircall SAS, 5 rue Lafayette, 75009 Paris, France (https://aircall.io/) for telephone-based customer communication. Metadata of the call (number, time and duration) are processed; if you consent to recording during the call, the recording is processed and linked to your customer account.

The lawful basis is your consent pursuant to Article 6(1)(a) GDPR (e.g. recordings) or our legitimate interests pursuant to Article 6(1)(f) GDPR (professional telephone communication). Aircall acts as a processor (Article 28 GDPR). Further information is available at https://aircall.io/privacy/.

4.9.9 Heyflow

We use Heyflow by Heyflow GmbH, Jungfernstieg 49, 20354 Hamburg, Germany (https://heyflow.com/) to create interactive funnels and forms to process your requests efficiently and improve usability. Personal data such as name, email address and additional information entered in forms, as well as technical data (e.g. IP address and browser information) may be processed.

Processing serves handling your requests and optimising our online offering. The lawful basis is your consent pursuant to Article 6(1)(a) GDPR. Data are stored and processed on the basis of a data processing agreement with Heyflow (Article 28 GDPR). Further information is available at https://heyflow.com/de/datenschutz/.

4.9.10 Zendesk

We use Zendesk by Zendesk Inc., 989 Market Street, San Francisco, CA 94103, USA (https://www.zendesk.de/) for customer service and handling enquiries. Zendesk consolidates enquiries from different channels (e.g. email, contact form, possibly chat) in a ticketing system to handle them in a structured manner and improve service quality.

Personal data such as name, contact data (e.g. email address), content data from enquiries/tickets, attachments where applicable, technical metadata (e.g. IP address, time, browser information) as well as usage and communication histories are processed. Zendesk processes these data as a processor; a data processing agreement pursuant to Article 28 GDPR is in place.

The lawful basis is Article 6(1)(b) GDPR where communication is necessary for performance of a contract or pre-contractual measures, and Article 6(1)(f) GDPR for our legitimate interests in efficient and traceable customer communication. Where data are transferred to third countries (in particular the USA), this is based on appropriate safeguards pursuant to Articles 44 et seq. GDPR, in particular Standard Contractual Clauses and the EU–US Data Privacy Framework. Further information is available in Zendesk's privacy notice: https://www.zendesk.de/company/agreements-and-terms/privacy-notice/.

5. Data Subject Rights

This section informs you about your rights as a data subject in relation to the processing of your personal data. To exercise your rights, please contact our Data Protection Officer. As a data subject, you have the right to obtain confirmation as to whether personal data concerning you are being processed and, where that is the case, access to the personal data and a copy thereof (Article 15 GDPR). If inaccurate personal data are processed, you have the right to rectification (Article 16 GDPR).

Where the statutory requirements are met, you may request erasure or restriction of processing (Articles 17 and 18 GDPR). Where processing is based on your consent within the meaning of Article 6(1)(a) GDPR, you may withdraw your consent at any time with effect for the future (Article 7(3) GDPR), without affecting the lawfulness of processing based on consent before its withdrawal. Where you have consented to processing or where processing is necessary for performance of a contract with you and is carried out by automated means, you have the right to data portability regarding the data you have provided to us (Article 20 GDPR).

You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data where the processing is based solely on Article 6(1)(e) or (f) GDPR (Article 21(1) GDPR).

You have the right to lodge a complaint with a competent supervisory authority regarding our processing of personal data.

6. Requirement to Provide Personal Data

Provision of your personal data is neither legally nor contractually required, and you are not obliged to provide personal data to us. However, without the provision of personal data, we may be unable to conclude contracts with you or make the Website available to you.

7. No Automated Individual Decision-Making

We do not use your personal data for automated individual decision-making within the meaning of Article 22(1) GDPR.

8. Changes to This Privacy Policy

If we further develop our Website and services or if statutory or regulatory requirements change, it may be necessary to amend this Privacy Policy.

Version: January 2025