Fronius Logo
Solar & Energy Privacy Policy
Fronius Logo
Solar & Energy Privacy Policy

Privacy Notice for digital Solar Applicationsof Fronius International GmbH

1. Introduction

With this privacy notice, we would like inform in detail which personal data is collected and processed in connection with the use of the digital Applications offered by Fronius in the SOLAR & ENERGY business area, such as:

  • the Software as a Service platform “Solar.web”
  • “Solar.start” software 
  • “Solar.creator” software

(hereinafter referred to as “Application(s)”)  

The "Solar.web" Application is available at www.solarweb.com as well as via a smartphone version (app) for mobile devices (Android and iOS). The "Solar.start" Application is only available as a smartphone version (app) for mobile devices (Android and iOS). The "Solar.creator" Application is available at https://creator.fronius.com/.

Our general privacy policy can be found at https://www.fronius.com/de-at/austria/datenschutzerklaerung.  

2. Controller  

The controller responsible for processing the personal data is:  

FRONIUS INTERNATIONAL GmbH
Froniusstraße 1
4643 Pettenbach
Austria
Phone: +43 (0) 72 42 241-0
Fax
Email: contact@fronius.com  

(hereinafter referred to as "Fronius")  

3. Processed personal data within using the Applications  

The following personal data is processed when you use the Applications:  

3.1 IT data: IP address, browser type and version, operating system used, the previously visited website in the context of a redirect, access date and time of the server request and the client's file request (file name and URL), log data; Connection data (via camera scan, manual; reconnections, successful or failed connections and reasons); CRM / User ID.  

3.2 APP data: smartphone operating system, app version, date and time of access of the server request, log data in connection with local settings.  

3.3 Customer data: First and last name; gender; address; customer classification; email address; if applicable, company and company contact data such as address, telephone number, email, division, tax number, and occupational group; address (street, postal code, country), time zone.  

3.4 PV-System data: Name of the PV system, location, time zone, currency, optional photo of the system, device, measurement, production, and consumption data recorded by the PV system, such as PV generation output values, grid consumption, feed-in, and consumption, battery status, currents, and voltages (including power data), geolocation data (when using premium features), device IDs (serial number, device ID, data logger ID, data source ID, PV system ID, device type), device settings and device software version, fault diagnosis data, support metadata.  

3.5 Warranty data: country of installation, date of installation, installer of the system.  

3.6 Project data: Project name, project ID, details of the planned system (size, components, modules); project image and project location, as well as history of reports sent.  

4. Processing operations, purpose, legal basis, and storage period

4.1 General data processing in all Applications  

4.1.1 Data processing when accessing the Applications:

When you access our website, we process and store your IT data. When you access our mobile Application, we process and store your app data.

For information on the cookies we collect via the Application, please refer to our cookie policy.

Purpose: The temporary storage of this data is necessary in order to fulfill the rights and obligations of a hosting provider towards the users of our Applications and to provide support in the event of a malfunction and thus to restore the trouble-free service, to provide support services and other technical services necessary for the operation of the Applications, as well as for the management of user administration (registration of users and each access after authorization). We process log data for reasons of data security, to ensure the stability and operational security of the IT systems, and to ward off unauthorized attacks.

The legal basis for processing is our legitimate interest within the meaning of Art. 6 (1) (f) GDPR.

Duration of storage: This data is deleted after a maximum period of 90 days after the Application is accessed.  

4.1.2 Data processing for the registration of a user account

To use the Applications, you must set up a user account with Fronius. Customer data must be entered during registration. You can view and change the information you have provided in your user account at any time or delete the user account at any time (in accordance with the contractual terms).

Purpose: This data is necessary for the performance of the user relationship established by the registration—for access to password-protected areas and correspondence. It also serves our legitimate interest in designing our Application.

The legal basis for processing is the fulfillment of the established user relationship (contract) in accordance with Art. 6 (1) (b) GDPR and, in connection with the design of our Application, our legitimate interest in accordance with Art. 6 (1) (f) GDPR.

Duration of storage: The user account and all associated customer data (and all other associated data) will be deleted as soon as they are no longer required for the fulfillment or termination of the contract (Art. 6 (1) (b) GDPR), but no later than two years after the last user interaction. You will be informed in good time before expiry.

This does not apply to data that we are legally obliged to retain (e.g., for commercial or tax law reasons for at least ten years; Art. 6 (1) (c) GDPR) or for which there is a legitimate interest in retention, for example, to prevent the user from re-registering after a justified block. Storage beyond the statutory retention periods is possible if you have agreed to this in accordance with Art. 6 (1) (a) GDPR and the purpose of data processing has not yet ceased to apply.

4.1.3 Data processing: analysis and advertising

We conduct analyses to evaluate the Application's performance, functionality, security, and user experience to improve our Applications, products, and services, and to send you information and communications such as newsletters that may be of interest to you. We also conduct analyses to provide you with relevant content in the Application and advertising, and to track the effectiveness of the advertising we offer you. In doing so, we are able to process certain behavioral or demographic data and can analyze how you use the content and functions of the Application. In particular, we process the customer data you provided when registering your user account, as well as the system data and log data associated with your use of the Application.

Purpose: The data is processed to gain insights into the functionality of the products and services and to improve our offers and products accordingly, to compile statistics, evaluations, and forecasts, and to show you context-related and needs-based advertising and offers for products that are suitable for you, such as additional Fronius system components or products from manufacturers in the sustainability and renewable energy sector, via the Application or by email.

The legal basis for the analysis, compilation of statistics, evaluations, and forecasts to improve our products and services and to display and track relevant advertising for you is our legitimate interest pursuant to Art. 6 (1) (f) GDPR. The legal basis for sending relevant information and communications (newsletters) is your express consent in accordance with Art. 6 (1) (a) GDPR.

Duration of storage: Customer and investment data will be deleted as soon as it is no longer required for the fulfillment or termination of the contract, but no later than two years after the last user interaction. This does not apply to data that we are legally obliged to retain (e.g., for corporate or tax law reasons, at least ten years; Art. 6 (1) (c) GDPR) or for which there is a legitimate interest in storage. Any analysis data obtained/derived from this will be anonymized immediately from the time specified above so that no conclusions can be drawn about you. The data that we collect in the context of sending you relevant information and communications (newsletters) will be stored until you revoke your consent or after two years of inactivity in your Fronius customer account.

4.1.4 Data processing in support cases

In the event of a problem, Fronius Technical Support can be contacted.  In this case, Technical Support International (TSI) or Technical Support National (TSN) can view your customer and system data via a separate internal Fronius portal and, at your express request, also change it.

In this context, technical support may log into your user account and make changes if necessary, but only if the support issue cannot be resolved in any other way. This will only be done after informing you in advance and obtaining your express consent.

It is also possible to establish remote access to your inverter locally for error analysis and troubleshooting. To do this, you must agree to or activate remote access on your inverter. Only after your activation and consent Technical Support will be able to access the inverter via a secure connection. Your system data (in particular (error) diagnostic data from the inverter and support metadata: detailed information to identify the cause of an error) will be processed.

Purpose: This data is processed for the purpose of handling the respective support case. Data processing by our Technical Support is carried out to ensure the trouble-free provision of devices and services.

The legal basis for this processing is the fulfillment of the (support) contract and is therefore necessary in accordance with Art. 6 (1) (b) GDPR. In addition, such data processing only takes place with your express consent (in accordance with Art. 6 (1) (a) GDPR) and after you have been informed in advance.

Duration of storage: The data processed in connection with the entire customer interaction in the support case, in particular the system data, will be deleted as soon as it is no longer necessary for the fulfillment or termination of the existing contract with you (Art. 6 (1) (b) GDPR), but no later than two years after the last user interaction. In specific cases, the error diagnosis data will be deleted after six months. The support metadata will be deleted after three years of the support case at the latest, unless the account is deleted/deactivated beforehand.

This does not apply to data that we are legally obliged to retain (e.g., for commercial or tax law reasons for at least ten years; Art. 6 (1) (c) GDPR) or for which there is a legitimate interest in retaining it, for example, to prevent re-registration after a justified block. Storage beyond the statutory retention periods is possible if you have consented to this in accordance with Art. 6 (1) (a) GDPR or if the purpose of data processing has not yet ceased to apply.

4.2 Data processing in the "Solar.web" and "Solar.start" Applications  

4.2.1 Data processing for registered systems in the Applications 

If you have created a user account, you can add one or more PV systems or any number of Fronius devices to your user account. To do this, the Fronius devices must establish an internet connection, and the respective device/PV system must then be linked to the user account created in the Application.

Once the link has been successfully established, your system data and customer data will be processed as part of this processing activity.

Purpose: With the customer data you share in your user account and the system data collected, we can provide our services and analyze the systems you have registered, as well as provide you with information about your PV system, such as the ratio of your daily electricity production to your daily electricity consumption, and suggestions for adjusting your consumption behavior. In order to provide you with a weather display and a forecast of PV production, we also process the exact location (street, house number, city, geocoordinates) of your PV system. To do this, we use the Google Maps map service via an interface—for information on how Google processes your data in this context, please refer to Google's privacy policy, available at https://policies.google.com/privacy?hl=de (accessed on July 21, 2025).

The legal basis for processing is the fulfillment of the justified usage relationship (contract); in particular, your customer and system data is processed to provide the requested services and functions of the Application and is therefore carried out in accordance with Art. 6 (1) (b) GDPR.

Duration of storage: Customer and system data will be deleted as soon as it is no longer required for the fulfillment or termination of the existing contract with you (Art. 6 (1) (b) GDPR), but no later than two years after the last user interaction, together with the deletion of your user account.

This does not apply to data that we are legally obliged to retain (e.g., for commercial or tax law reasons for at least ten years; Art. 6 (1) (c) GDPR) or for which there is a legitimate interest in retention, for example, to prevent re-registration after a justified block. Storage beyond the statutory retention periods is possible if you have consented to this in accordance with Art. 6 (1) (a) GDPR or if the purpose of data processing has not yet ceased to apply.

4.2.2 Data processing for product registration within the Application

You or the installer commissioned by you has the option (with your consent) to register selected Fronius system components (e.g., inverters) via the Solar.web Application and thereby obtain warranty extensions if applicable. In this context, we process your customer data and your warranty data.

Purpose: Customer and warranty data is processed in order to provide you with the relevant warranty services. If you assert any (warranty) claims in this context, this customer and warranty data, as well as the system data, will be processed for the purpose of reviewing the claim and processing the warranty claim.  

The legal basis for the processing of customer, warranty, and system data is the fulfillment of the warranty agreement concluded as part of the product registration, therefore in accordance with Art. 6 (1) (b) GDPR.

Duration of storage: In principle, warranty data (and associated customer and system data) is stored until the warranty period expires. In the case of paid warranties, data is stored for at least ten years for commercial and tax law reasons. In the event of a warranty claim, we store this data for as long as is necessary for the proper processing of the warranty claim and to safeguard any legal proceedings.      

4.2.3 Data processing in connection with the energy cost assistant and remote control and maintenance functions of Fronius devices

When the corresponding Energy Cost Assistant and remote control functions for devices are activated, system data is transmitted to Fronius so that the respective control commands can be executed.

If consent is given for control by third parties (such as grid operators or operators of virtual power plants), the customer and system data will be transmitted to the respective authorized third party for the execution of the control commands.

If activated, settings on the device can be changed – in this case, customer and system data may be transmitted to third parties (system administrators).

Purpose: This data is processed in order to provide the corresponding functions of the Application. The data is transferred to third parties in order to provide the services rendered by the third parties (such as control or participation in a virtual power plant).

The legal basis for this processing is, in accordance with Art. 6 (1) (b) GDPR, the fulfillment of the usage relationship established with you, and the provision of the functions. Data is generally transferred to third parties on the basis of your express consent in accordance with Art. 6 (1) (a) GDPR and is also necessary for the performance of the contract between you and the third party. Consent can be revoked at any time. Information about data processing by the third party must be obtained from the third party and reference is made to their privacy policy accordingly.

Duration of storage: Customer and system data for this purpose will be deleted as soon as it is no longer necessary for the fulfillment or termination of the contract with you (Art. 6 (1) (b) GDPR), but no later than two years after the last user interaction.

This does not apply to data that we are legally obliged to retain (e.g., for commercial or tax law reasons for at least ten years; Art. 6 (1) (c) GDPR) or for which there is a legitimate interest in retention, for example, to prevent re-registration after a justified block. Storage beyond the statutory retention periods is possible if you have consented to this in accordance with Art. 6 (1) (a) GDPR or if the purpose of data processing has not yet ceased to apply.

4.3 Data processing in the "Solar.creator" Application

You can log in to the "Solar.creator" Application with your user account – your customer data will be processed for this purpose.

If you use the functionalities, you can create projects for your customers within the scope of photovoltaic configurations. In doing so, you can enter the project data , which will then be processed for the creation of projects/PV configurations and corresponding reports. You can send this report to the respective customer by email.

Purpose: The customer data and project data are processed for the purpose of providing the functionalities of the Application. As a user of within this Application, you are responsible for any processing of personal data of customers and must obtain consent in advance if necessary.

The legal basis for this processing is, in accordance with Art. 6 (1) (b) GDPR, the fulfillment of the usage relationship established with you, and the provision of the functions.  

Duration of storage: The customer data and project data for this purpose will be deleted as soon as it is no longer necessary for the fulfillment or termination of the existing contract with you (Art. 6 (1) (b) GDPR), but no later than two years after the last user interaction within this Application. You can also delete the project data for individual projects yourself at any time.  

This does not apply to data that we are legally obliged to retain (e.g., for commercial or tax law reasons for at least ten years; Art. 6 (1) (c) GDPR) or for which there is a legitimate interest in retention, for example, to prevent re-registration after a justified block. Storage beyond the statutory retention periods is possible if you have consented to this in accordance with Art. 6 (1) (a) GDPR or if the purpose of data processing has not yet ceased to apply.  

5. Information about the existence of automated decision-making

We do not carry out automated decision-making, including profiling, in accordance with Art. 22 (1) and (4) GDPR, and therefore does not exist.

6. Transfer of data to third parties

6.1 General information

In order to provide our services, we pass on your personal data to third parties, whether bound by instructions or not. Your personal data will only be disclosed to third parties to the extent permitted by data protection law, in particular if the disclosure is necessary for the purpose of contract processing (Art. 6 (1) (b) GDPR), to safeguard our legitimate interests (Art. 6 (1) (f) GDPR) or is absolutely necessary in order to provide you with an expressly requested service. Anonymized pv-system data may be passed on to grid operators and public utility service providers, whereby there is a legitimate interest in doing so, as this data is required for the maintenance and efficient expansion of the power grid – it is not possible to draw any conclusions about a natural person or you.

This also involves data transfers to the USA, which cannot be ruled out. We would like to point out that the European Commission's adequacy decision of July 10, 2023 (EU-US Data Privacy Framework) currently applies to data transfers to certified US companies, which ensures an adequate level of protection for personal data. Appropriate safeguards are taken for data transfers that are not covered by the EU-US Data Privacy Framework. Please note that access by US authorities cannot be ruled out.

Furthermore, your data will not be passed on to other third parties for their own purposes without your consent.

6.2 Categories of data recipients

  • Platform operators from whom you obtain our smartphone version of the Applications (such as Google or Apple).
  • Third parties to whom you have given permission to transfer customer and system data and to view and modify this data (within the scope of control measures).
  • Third-party providers and cooperation partners such as suppliers and installers for the processing of customer requests and in warranty and guarantee cases.
  • IT service providers (such as Microsoft Ireland Operations Limited, based in Dublin, with Microsoft Corporation as a subcontractor, Google, Dynatrace, or Hotjar).
  • Weather services (such as UBIMET GmbH).
  • Providers of virtual voice assistants (e.g., Amazon Alexa).  

7 Your rights as a data subject

7.1 Right to information

You have the right to obtain information from us about all data relating to you that we process. Specifically, you can request information about the following:

  • the purposes for which the personal data is processed;
  • the categories of personal data that are processed;
  • the recipients or categories of recipients to whom your personal data has been or will be disclosed;
  • the planned duration of storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
  • the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller, or a right to object to such processing;
  • the existence of a right to lodge a complaint with a supervisory authority;
  • any available information on the origin of the data if the personal data is not collected from the data subject;
  • the existence of automated decision-making, including profiling, pursuant to Art. 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.  

You have the right to request information about whether personal data concerning you is being transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 et seq. GDPR in connection with the transfer.

7.2  Right to rectification and right to restriction of processing

You may request the rectification or completion of inaccurate or incomplete data. Under certain circumstances, for example if the accuracy of data is disputed, you may request that the processing of data be restricted until its accuracy has been verified, so that it may only be processed with your consent or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest.

7.3 Right to data portability

You may request that we send you—or, where technically feasible, a third party designated by you—a copy of your data that you have provided to us in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that

  • the processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR, and
  • the processing is carried out using automated means.

In exercising this right, you also have the right to have the personal data concerning you transferred directly from us to another controller, where technically feasible. The freedoms and rights of other persons must not be affected by this.

7.4 Right to erasure

You are free to completely delete your provided data from your user account at any time.

Under the GDPR, you also have the right to have data deleted under certain circumstances, for example if it is not processed in accordance with data protection requirements.

The so-called "right to be forgotten" applies insofar as we have made your data public. This is the case, for example, if we have uploaded data (e.g., photos) to the Internet. After you have informed us of the third parties responsible within the meaning of Art. 17 (2) GDPR, we will contact them accordingly and communicate the request for deletion.

7.5 Right to object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.

In this case, we will no longer process the personal data concerning you, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.

7.6 Right to revoke your consent

You have the right to revoke your consent at any time without giving reasons by sending us an email at support@fronius.com. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

8 Supervisory authority

Notwithstanding the possibility of bringing an action before the regional court pursuant to Section 29 (2) of the Data Protection Act and any other legal remedies, you have the right to lodge a complaint with the national supervisory authority of your place of residence if you believe that your personal data has been processed unlawfully. In Austria, the Data Protection Authority in Vienna is responsible.