Privacy Policy

1. Controller

The controller responsible for data processing on this website is: Lifeasy Services GmbH, Friedrich Str. 15, 70174 Stuttgart, Germany, Email: info@energidea.com.

The contact person for privacy matters is currently: Mengyun Cheng. Privacy inquiries may be sent to info@energidea.com.

2. Overview of our services

Energidea operates a digital platform focused on the photovoltaic and energy storage sector. Depending on the user’s interaction with the website, we process personal data when visitors browse public pages, use cookies and analytics, create user accounts, log in, compare products, download materials, subscribe to newsletters or vendor updates, submit contact or project request forms, use paid features, and receive transactional or system notifications.

The platform is primarily designed for business users such as installers, vendors, distributors, manufacturers, and related market participants. However, natural persons acting in a professional context may still provide personal data such as names, business email addresses, telephone numbers, and project information.

3. Categories of personal data

• Identification and account data, such as first name, last name, business role, company name, email address, login credentials, and account preferences.
• Communication and lead data, such as contact form content, structured project request details, vendor contact requests, support messages, newsletter subscriptions, vendor-update subscriptions, and related message metadata.
• Technical and usage data, such as IP address, device and browser information, cookie identifiers, page views, session activity, referrer URL, timestamps, language preferences, and interaction events.
• Transaction and subscription data, such as billing address, VAT information, subscription plan, credits, order status, payment references, invoice data, and payment-provider confirmation events.
• Uploaded or stored content, such as approved assets, media files, account-related files, and platform content made available through the website.

4. Purposes and legal bases

Providing the website and maintaining security

We process technical and access data to deliver the website, ensure stability, prevent abuse, and maintain IT security. The legal basis is our legitimate interest in the secure and efficient operation of the website.

Account registration and authentication

We process account data to create user accounts, authenticate users, manage roles and permissions, and provide logged-in features. The legal basis is performance of a contract or pre-contractual measures, and where relevant our legitimate interests in operating the platform.

Product comparison, platform functionality, and user requests

We process data submitted through forms and platform workflows to deliver the requested platform features, including product comparison, vendor discovery, lead routing, project-request handling, and related account functionality. The legal basis is performance of a contract or pre-contractual measures.

Email communication, support, and system notifications

We use personal data to respond to inquiries, send service messages, provide support, confirm account activity, and deliver operational notifications. The legal basis is performance of a contract, pre-contractual measures, and legitimate interests in providing user support and platform administration.

Newsletters, marketing emails, and vendor updates

Where users subscribe to newsletters, marketing emails, or vendor updates, we process subscription and communication data to send the selected messages. The legal basis is consent where required, and in some limited B2B contexts legitimate interests where permitted by applicable law.

Analytics and website improvement

We process analytics data to understand website usage, measure performance, improve navigation and content, and support business decisions. The legal basis is consent where analytics cookies or similar technologies require it, and otherwise legitimate interests where lawful.

Payments, subscriptions, and invoicing

We process transaction-related data to manage paid subscriptions, credits, orders, invoices, fraud prevention, payment reconciliation, and financial records. The legal basis is performance of a contract, legal obligations, and legitimate interests in business administration.

Compliance and legal defense

We may process data where necessary to comply with legal obligations, enforce our terms, investigate misuse, assert or defend legal claims, and maintain records required under commercial, tax, or regulatory law. The legal basis is compliance with legal obligations and our legitimate interests.

5. Cookies, consent, and analytics

This website uses a cookie banner / consent tool to manage user choices regarding cookies and similar technologies. Non-essential cookies or similar technologies should only be activated where required after valid consent has been obtained.

We currently use Google Analytics to analyze website usage. Google Analytics may process technical usage data and identifiers to generate reports about website interactions. Google Analytics should only be loaded in a consent-compliant manner where required by applicable law and only after the user has made an explicit choice in the cookie banner. Users can later revisit and change their choice through the Cookie Settings entry in the website footer.

Strictly necessary cookies and comparable technologies may be used without consent where they are required for the secure and proper operation of the website, including login persistence, fraud prevention, load balancing, consent storage, and core functionality.

6. Recipients and service providers

We use external service providers and processors where this is necessary for the operation of the website and the provision of our services. Depending on actual configuration, personal data may be processed by the following categories of recipients:

• Hosting and deployment provider: Vercel.
• Database and authentication provider: Supabase.
• Email delivery provider: Resend.
• File and asset storage provider: Vercel Blob.
• Analytics provider: Google Analytics.
• Payment providers: Stripe and PayPal.
• Professional advisors, auditors, tax advisors, legal advisors, or authorities where required by law or necessary for legal compliance.

Where service providers process personal data on our behalf, we seek to conclude data processing agreements where legally required.

7. International data transfers

Some service providers may process personal data in countries outside the European Economic Area or make data accessible from such countries. Where this occurs, we seek to ensure an appropriate level of protection in accordance with the GDPR, for example by relying on an adequacy decision, the EU Standard Contractual Clauses, or other legally recognized safeguards, where applicable.

8. Payment processing

For paid features, subscriptions, credits, and related commercial transactions, payments are processed through Stripe and/or PayPal. When users initiate or complete a purchase, personal data necessary for payment processing, fraud prevention, billing, and transaction confirmation may be transmitted to the relevant payment provider. The respective payment provider acts as an independent controller for its own payment-processing operations. Additional information about their data processing is available in their own privacy notices.

We do not necessarily store full payment card details on our own systems. We may store billing, order, invoice, and payment-reference information required to manage the contractual relationship and comply with accounting and tax obligations.

9. Contact forms, project requests, and lead routing

When users contact vendors, submit project requests, or otherwise use lead-routing features, we process the information provided in the relevant forms in order to route, display, transmit, and manage those requests. Depending on the platform workflow, the submitted data may be shared with selected vendors or other relevant recipients designated by the platform logic or user selection.

Users should only submit data that is necessary for the request. Sensitive personal data should not be included unless strictly necessary and lawfully justified. Vendors or other recipients that receive such data may process it as independent controllers for their own follow-up activities.

10. Newsletters, marketing communications, and vendor updates

If users subscribe to newsletters, product communications, platform updates, or vendor updates, we process the relevant subscription data in order to send those communications. Users may unsubscribe at any time through the unsubscribe link in the email or by contacting us.

We may retain records of consent, subscription status, and opt-out requests in order to demonstrate compliance and ensure that communication preferences are respected.

11. Data retention

We retain personal data only for as long as necessary for the purposes for which it was collected, including provision of the website and services, performance of contracts, handling of inquiries, maintenance of business records, compliance with legal obligations, and resolution of disputes. Retention periods may vary depending on the type of data and applicable statutory requirements.

Account data may be retained for the duration of the user relationship and for an appropriate period afterward where required for legal, accounting, security, fraud-prevention, or evidentiary purposes. Invoice and transaction data may be retained for the period required under tax and commercial law.

12. Data subject rights

• the right to request access to personal data concerning you;
• the right to request rectification of inaccurate data;
• the right to request erasure, where the legal requirements are met;
• the right to request restriction of processing, where applicable;
• the right to object to processing based on legitimate interests, where applicable;
• the right to data portability, where legally available;
• the right to withdraw consent at any time with future effect;
• the right to lodge a complaint with a competent supervisory authority.

To exercise your rights, you may contact us at info@energidea.com.

13. Obligation to provide data

The provision of personal data may be required to access certain features of the platform, create an account, process a request, complete a transaction, or receive communications. If required data is not provided, some services may not be available or may not function properly.

14. Automated decision-making

Unless explicitly stated otherwise in a specific service flow, we do not make decisions based solely on automated processing that produce legal effects or similarly significant effects on individuals within the meaning of Article 22 GDPR.

15. Changes to this privacy policy

We may update this privacy policy from time to time to reflect legal, technical, operational, or business changes. The current version should be published on the website with an updated effective date.