Privacy Policy

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data refers to any data that can be used to personally identify you. Detailed information on the subject of data protection can be found in our privacy policy listed below this text.

Who is responsible for collecting data on this website?

Data processing on this website is carried out by the website operator. You can find the operator’s contact information in the “Information about the operator” section of this privacy policy.

How do we collect your data?

Your data is collected, on the one hand, when you provide it to us. This includes, for example, the information you enter into a contact form. Other data is collected automatically or with your consent by our IT systems when you visit the website. This is primarily technical data (e.g., your web browser, operating system, or the time you spent on the page). This data is collected automatically as soon as you access this website.

What do we use your data for?

Some of the data is collected to ensure that the website functions properly. Other data may be used to analyze your user behavior. If contracts can be concluded or initiated via the website, the transmitted data will also be processed for contractual offers, orders, or other order requests.

What rights do you have regarding your data?

You have the right to receive, at any time and free of charge, information regarding the origin, recipient, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given your consent to the processing of your data, you may revoke this consent at any time with future effect. You also have the right to request the restriction of the processing of your personal data under certain circumstances. You also have the right to file a complaint with the competent supervisory authority. You can contact us at any time if you have further questions regarding data protection.

This website is hosted externally. Personal data collected on this website is stored on the host’s (or hosts’) servers. This may include IP addresses, contact requests, metadata and communication data, contractual data, contact details, names, website visits, and other data generated through the website.

External hosting is carried out for the purpose of fulfilling our contractual obligations toward our potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of ensuring the secure, fast, and efficient provision of our online services by a professional provider (Art. 6(1)(f) GDPR). If appropriate consent has been requested, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, to the extent that the consent includes the storage of cookies or access to information on the user’s terminal device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent may be revoked at any time, and our host(s) will process your data only to the extent necessary to fulfill their performance obligations and to follow our instructions regarding such data.

We use the following hosting provider(s):

Variomedia AG, August-Bebel-Straße 68, 14482 Potsdam, Germany.

Order Processing

We have entered into a Data Processing Agreement (DPA) for the use of the service mentioned above. This is a contract required by data protection laws, which ensures that the service provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with applicable data protection laws and this privacy policy.

When you use this website, various types of personal data are collected. Personal data is information that can be used to identify you personally. This privacy policy explains what data we collect and why we use it. It also explains how and for what purpose this is done.

We would like to point out that transmitting data over the internet (for example, when communicating via email) may be subject to security vulnerabilities. It is not possible to completely protect data from access by third parties.

The data controller responsible for data processing on this website is:

KLM Development Romania SRL
32 Calea Dorobanți
D’OR Offices Building, Office 414, 4th Floor
010573 Bucharest, District 1, Romania
Phone: +40 760 028 425
Email: office@klm-development.ro

The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g., names, email addresses, etc.).

Unless a more specific retention period is specified in this privacy policy, your personal data will remain with us until the purpose of the data processing no longer applies. If you submit a justified request for erasure or revoke your consent to data processing, your data will be erased, unless we have other legally permissible grounds for storing your personal data (e.g., retention periods under tax or commercial law); in the latter case, the deletion will take place once these grounds no longer apply.

If you have consented to the processing of your data, we process your personal data pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR, to the extent that special categories of data are processed in accordance with Article 9(1) of the GDPR. In the case of express consent to the transfer of personal data to third countries, data processing is also carried out pursuant to Article 49(1)(a) of the GDPR. If you have consented to the storage of cookies or to access to information on your end device (e.g., through device fingerprinting), data processing is also carried out pursuant to Section 25(1) of the TDDDG. Consent may be revoked at any time. If your data is necessary for the performance of a contract or for the implementation of pre-contractual measures, we process your data based on Article 6(1)(b) of the GDPR. In addition, we process your data if this is necessary to fulfill a legal obligation pursuant to Article 6(1)(c) of the GDPR. Data processing may also be carried out on the basis of our legitimate interest in accordance with Article 6(1)(f) of the GDPR. Information regarding the relevant legal bases in each individual case is provided in the following sections of this privacy policy.

As part of our business operations, we collaborate with various external organizations. In some cases, it is also necessary to transfer personal data to these external organizations. We transfer personal data to external entities only if this is necessary to fulfill a contract, if we are legally obligated to do so (e.g., transferring data to tax authorities), if we have a legitimate interest in the transfer in accordance with Art. 6(1)(f) GDPR, or if another legal basis permits the transfer.
or if another legal basis permits the transfer of data. When we use processors, we transfer our customers’ personal data only on the basis of a valid contract for order processing. In the case of joint processing, a joint processing agreement is concluded.

Many data processing operations are only possible with your express consent. You may withdraw your consent at any time. The lawfulness of the data processing carried out prior to withdrawal remains unaffected by the withdrawal.

IF THE PROCESSING OF DATA IS BASED ON ART. 6(1)(e) E OF THE GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS RELATED TO YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH THE PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR IN QUESTION, UNLESS WE CAN DEMONSTRATE THAT THERE ARE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS OR THAT THE PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21(1) OF THE GDPR).

IF YOUR PERSONAL DATA ARE PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING PURPOSES; THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION PURSUANT TO ART. 21(2) OF THE GDPR).

In the event of a breach of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or the place where the alleged breach occurred. The right to lodge a complaint is without prejudice to any other administrative or judicial remedy.

In accordance with applicable legal provisions, you have the right at any time to receive, free of charge, information regarding your stored personal data, its origin and recipients, and the purpose of the data processing, and, if necessary, the right to have this data corrected or deleted. You may contact us at any time if you have any further questions regarding personal data.

You have the right to have the data we process based on your consent or in performance of a contract transmitted to you automatically or to a third party in a commonly used, machine-readable format. If you request the direct transfer of data to another controller, this will take place only if it is technically feasible.

You have the right to request that we restrict the processing of your personal data. You can contact us at any time to do so. The right to restrict processing applies in the following cases:
• If you dispute the accuracy of your personal data stored by us, we generally need time to verify this. During the review, you have the right to request that the processing of your personal data be restricted.
• If the processing of your personal data was/is unlawful, you may request that the processing be restricted instead of deleted.
• If we no longer need your personal data, but you need it to exercise, defend, or assert legal claims, you have the right to request the restriction of the processing of your personal data instead of its erasure.
• If you have lodged an objection pursuant to Article 21(1) of the GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, such data—other than for storage purposes—may be processed only with your consent, or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of substantial public interest of the European Union or a Member State.

This website uses SSL or TLS encryption for security reasons and to protect the transmission of sensitive content, such as orders or requests for information that you send to us as the website operator. You can recognize an encrypted connection by the fact that the address line of your browser changes from “http://” to “https://” and by the lock symbol in the browser bar.

If SSL or TLS encryption is enabled, the data you send to us cannot be read by third parties.

Our website uses Matomo, a web analytics service, to analyze and improve the use of our website anonymously. Matomo helps us understand how visitors use our website, which pages are accessed, and how we can optimize our content.

Important information:

• We use Matomo without cookies, so no personal data is stored via cookies.

• The analysis is conducted anonymously; your IP address is stored in a truncated form and cannot be linked to specific individuals.

• All data is stored exclusively on our own server (self-hosted).

Complete opt-out; your visits to this website will not be tracked by the Web Analytics tool. Please note that if you clear your cookies, delete the opt-out cookie, or switch to a different computer or web browser, you will need to repeat the opt-out process.

You may choose to prevent this website from tracking and analyzing your activity here. Doing so will protect your privacy, but it will also prevent the website owner from learning from your activity and creating a better experience for you and other users.

The tracking opt-out feature requires cookies to be enabled.

For more information about how Matomo processes data, please see Matomo’s official privacy policy .

If you send us inquiries via the contact form, the data you provide in the inquiry form—including the contact information you provide there—will be stored by us for the purpose of processing your inquiry and in case of follow-up questions. We will not share this data without your consent.

This data is processed pursuant to Article 6(1)(b) of the GDPR if your request relates to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the efficient processing of inquiries addressed to us (Article 6(1)(f) of the GDPR) or on your consent (Article 6(1)(a) of the GDPR) if this has been requested; consent may be revoked at any time.

We will retain the data you provide in the contact form until you request its deletion, withdraw your consent to its storage, or the purpose for which it is stored no longer applies (for example, after your request has been fulfilled). Mandatory legal provisions—in particular retention periods—remain unaffected.

Multi-level form and project/property information

If you submit information about your property and planned photovoltaic projects using our multi-step form, project-specific information (e.g., location, size, key technical data) and files you upload (e.g., site plans, photos) may be processed in addition to your contact information. This data will be used solely for project verification and planning, as well as for preparing a quote.

The processing is carried out pursuant to Article 6(1)(b) of the GDPR, to the extent that your request relates to the conclusion or performance of a contract, or pursuant to our legitimate interest in the efficient processing of project requests (Article 6(1)(f) of the GDPR).

Uploaded files and project data will be stored only for as long as necessary to process your request and any follow-up inquiries, or in accordance with applicable legal retention periods. Data will be shared with third parties only if this is necessary for the completion of the project or if you have expressly consented to it.

We take appropriate technical and organizational measures to protect your data and files from unauthorized access, loss, or misuse.

If you contact us by email or phone, your inquiry—including all personal data provided (name, inquiry)—will be stored and processed by us for the purpose of handling your request. We will not disclose this information without your consent.

This data is processed pursuant to Article 6(1)(b) of the GDPR if your request relates to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the efficient processing of inquiries addressed to us (Article 6(1)(f) of the GDPR) or on your consent (Article 6(1)(a) of the GDPR) if this has been requested; consent may be revoked at any time.

The data you send us via contact requests will remain with us until you ask us to delete it, revoke your consent to its storage, or the purpose for storing the data no longer applies (for example, after your request has been processed). Mandatory legal provisions—in particular statutory retention periods—remain unaffected.

If you mark the area using the built-in map feature, the geographic data you enter will be processed as GeoJSON data. This data is used exclusively for locating and assessing the reported area. In addition, you can voluntarily upload files (e.g., site plans, photos, or KMZ files). The uploaded files are used exclusively to verify your area report. Data processing takes place for the purpose of verifying, evaluating, and contacting you regarding the reported area. The legal basis for this is Art. 6(1)(b) GDPR (pre-contractual measures) and Art. 6(1)(f) GDPR (legitimate interest in evaluating land offers). The data submitted via the form is forwarded by email to the responsible contact person and is not shared with unrelated third parties. Storage occurs only for as long as necessary to process the land registration.

We use the OpenStreetMap (OSM) mapping service. We integrate OpenStreetMap data from the OpenStreetMap Foundation’s server, located at St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom. The United Kingdom is considered a safe third country under data protection law. This means that the United Kingdom has a level of data protection that corresponds to the level of data protection in the European Union. When you use OpenStreetMap maps, a connection is established to the OpenStreetMap Foundation’s servers. Among other things, your IP address and other information regarding your behavior on this website may be transmitted to the OSMF. For this purpose, OpenStreetMap may store cookies in your browser or use comparable recognition technologies.

The use of OpenStreetMap serves to present our online offerings in an appealing manner and to make it easy to locate the places we indicate on the website. This constitutes a legitimate interest within the meaning of Article 6(1)(f) of the GDPR. If appropriate consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG, to the extent that the consent includes the storage of cookies or access to information on the user’s terminal device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent may be revoked at any time.

We have integrated Ninja Firewall into this website. The provider is NinTechNet Limited, Unit 1603, 16th Floor, The L. Plaza, 367–375 Queen’s Road Central, Sheung Wan, Hong Kong (hereinafter referred to as “Ninja Firewall”).

Ninja Firewall is used to protect our website against unauthorized access or malicious cyberattacks. To this end, Ninja Firewall records the IP address, the request, the referrer, and the time the page was accessed. Ninja Firewall is integrated into our own servers and does not transmit personal data to the tool provider or other third parties.

I have enabled IP anonymization in Ninja Firewall so that the tool only records the IP address in abbreviated form.

The use of Ninja Firewall is based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in protecting its website as effectively as possible against cyberattacks.

This site uses the WP Armour – Honeypot Anti Spam plugin to combat spam. The provider is Automattic Inc, 60 29th Street #343, San Francisco, CA 94110, USA (“Automattic”). Additional information can be found in the privacy policy: https://automattic.com/privacy. The plugin uses honeypot technology to ensure that forms are filled out by real human visitors and not by bots. The following data is collected to enable this verification:

• Time spent viewing the page
• Visitor's IP address
• Browser information (user agent)
• User interactions on the page

There are no external calls to the server, no cookies are stored, and no tracking takes place. Purpose of processing: The purpose of processing this data is to protect our website from spam and misuse by automated programs (bots). Legal basis for processing: Data processing is carried out on the basis of our legitimate interest pursuant to Art. 6(1)(f) GDPR. Recipients of the data: Information collected as part of the use of WP Armour – Honeypot Anti Spam will not be disclosed to third parties, unless there is a legal obligation to do so. Retention period: The collected data is stored only as long as necessary for the verification and protection of our website. It is regularly deleted as soon as it is no longer needed.

Source