Privacy Policy

Privacy Policy and at the same time information of the persons concerned
in accordance with Articles 13 and 14 of the General Data Protection Regulation.

Last change: 16.08.2021

Introduction

Enmacc GmbH (hereinafter "enmacc") attaches a lot of importance to protecting your privacy. This privacy policy applies to all interactions between you and enmacc. We strictly adhere to the provisions laid down in the General Data Protection Regulation (GDPR) and German Data Protection Act (GDPA). By making use of any opportunity of interaction with us (services, applications, and platforms) you agree to this privacy policy.

General information on the responsible body

Company: Enmacc GmbH
Legal representative: Jens Hartmann, Marc Trieschmann, Volker Puck
Address: Ridlerstr. 57 80339 Munich Germany
Data Protection privacy@enmacc.de

Data processing (storage, retention, and deletion)

Outside a concluded Service Agreement for the use of the enmacc platform, enmacc only collects and processes personal data if you provide it to us of your own accord. For the processing of personal data connected to visiting our website see below Collection of personal data while visiting our website. Any processing of your personal data beyond the scope of the statutory permissions will only take place on the basis of your expressed consent.

Legal basis and purposes

(1) Consent (Art. 6 para. 1 lit. a GDPR)
Consent to process personal data is always given for a specific purpose (e.g. contacting us, sending newsletters). Consent can be revoked at any time with effect for the future ( privacy@enmacc.de).

(2) Fulfilment of (pre-)contractual obligations (Art. 6 para. 1 lit. b GDPR)
Personal data is processed in order to be able to properly provide and fulfil the services within the framework of the enmacc platform, including the Service Agreement, the GTC (general terms and conditions) and associated appendices and other agreements.

(3) Fulfilment of legal obligations (Art. 6 para. 1 lit. c GDPR)
As a company and legal entity, enmacc is subject to various obligations under commercial and tax law. Personal data is therefore stored for the fulfilment of reporting and retention obligations, among other things.
(4) Legitimate interest (Art. 6 para. 1 lit. f GDPR)
Personal data may be processed beyond the above-mentioned purposes in order to protect our legitimate interests. This is basically in our economic interest in maintaining and optimising our business operations.


Categories of data

The categories of data listed below are collected and processed for the above-mentioned purposes (in particular for the performance of the contract). The collection is preceded by the transfer of the data from you to us.
  • Application data for the purpose of carrying out the application procedure.
  • Customer data/prospect data, employee data and supplier data customary in business transactions for the performance of contracts and precontractual interaction.
  • Data provided for the use of the video conferencing software or the webinar software (esp. Zoom).

Categories of third receivers

Public authorities in the event of overriding legal provisions.
External service providers or other contractors.
Other external bodies if the person concerned has given his/her consent or a transmission is permissible for reasons of overriding interest.

Transfers to a third country

Contractors outside the European Union may also be involved in the performance of the contract. However, we make sure that in such cases the requirements of Art. 44 et seq. GDPR are met.

Data security

We take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk in accordance with Art. 32 GDPR.

Therefore our measures include ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input, transfer, assurance of availability and separation of the data. We also have procedures in place to ensure the exercise of data subjects' rights, deletion of data and response to data compromise. We already take the protection of personal data into account in the selection of hardware, as well as in the development and selection of software and procedures, in accordance with the principle of data protection through technology design and through data protection-friendly default settings (Art. 25 GDPR).

Duration of data storage

Personal data is deleted or irrevocably anonymized as soon as the purpose of the storage ceases to apply unless otherwise determined by the European or national legislator. Deletion or anonymisation takes place after the expiry of the statutory retention periods, unless further storage is necessary for the fulfilment of the contract. The data storage period is usually 10 years.

Collection of personal data when visiting our website

When you merely use our website for informational purposes, i.e., if you do not register for one of our offers or otherwise transmit information to us, we only collect personal data that your browser transmits to our server. For this, we use the tool “Countly” (for more information see below Cookies) The data collected is necessary for us from a technical point of view so that our website can be displayed and stability and security can be guaranteed. The legal basis for this is Art. 6 para. 1 lit. f DS-GVO.

The following data is collected:

IP address, date, time and duration of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (concrete page and click paths), access status/HTTP status code, amount of data transferred in each case, website from which the request comes, browser, operating system as well as its interface, display resolution, language and version of the browser software. It is not possible for us to draw conclusions about individual persons. The data is later anonymised so that it is no longer possible to establish a reference to the individual user. The data is also processed anonymously for statistical purposes.

Use of a newsletter

When registering for our newsletter you provide us with your e-mail address and optionally further data. We use this information exclusively to send you the newsletter. Your data entered during the newsletter registration will remain stored until you unsubscribe from our newsletter. You can unsubscribe at any time via the link provided in the newsletter or by sending us a corresponding message (info@enmacc.com). By unsubscribing you object to the future use of your e-mail address.

Your email address, which we receive in connection with the sale of a service, will be used exclusively for direct advertising in the form of our newsletter for our own similar services to those ordered by you, provided that you have not objected to this use. This promotional purpose constitutes a legitimate interest of enmacc. You can object to the use of your e-mail address at any time without incurring any costs other than the transmission costs according to the basic rates. Your objection (and thus the cancellation of our newsletter) can be exercised by sending a corresponding message to our email address (info@enmacc.com).

Use of own "cookies" and tools for support and analysis

This website uses its own ''cookies'' to increase user-friendliness. Cookies are data records that are sent from the web server to the user's browser and stored there for later retrieval. If you have not authenticated yourself accordingly, no personal data is stored in our own cookies. You can generally prevent the use of cookies if you prohibit the storage of cookies in your browser; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.

Enmacc uses Countly and Inline Manual (hereinafter: "Tools") as support and analysis tools. Countly is used on our website (see above), Inline Manual when using our platform. So-called cookies are used (for cookies see above) to enable an analysis of your use of the website. The information generated by the cookie about the use of this website (including the IP address) is transmitted to a server in the European Union and stored there on behalf of enmacc. No personal data is transmitted to the tools themselves. The aforementioned data processing serves to provide our technical infrastructure and is therefore based on our legitimate interest. You can prevent the storage of cookies by setting your browser software accordingly. However, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent.

Use of Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited ("Google"), based on the consent of website visitors. Google Analytics uses cookies that enable an analysis of your use of the website. The aforementioned data processing serves to provide our technical infrastructure and is therefore based on our legitimate interest. On behalf of enmacc, Google will use information to evaluate your use of the website, to compile reports on website activities and to provide further services to enmacc in connection with website and internet use. We would like to point out that this website uses Google Analytics only after prior consent has been given and with shortened IP addresses in order to exclude direct personal reference. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plugin available under the following link: Browser Add On to deactivate Google Analytics. The information generated by the cookie about your use of this website will be transmitted to and stored primarily on a server within the European Union. However, the transfer and storage on a server in the USA cannot be completely ruled out. In this regard, we have concluded EU standard contractual clauses with Google to ensure an appropriate level of data protection.

Use of BigQuery

Enmacc uses Google BigQuery ("BigQuery"), a service of Google Ireland (see above), for data management and data analysis, e.g. in the context of invoicing. The use of the functions of BigQuery serves the provision of our services and the fulfilment of contracts and is therefore based on our legitimate interest and the fulfilment of contractual obligations. In this context, the data used is primarily transferred to a server within the European Union and stored there. However, the transfer and storage on a server in the USA cannot be completely ruled out. In this regard, we have concluded EU standard contractual clauses with Google to ensure an appropriate level of data protection.

Use of Zoho CRM

Enmacc uses a CRM system "Customer Relationship Management" from Zoho Corporation B.V. (NL) ("Zoho"). This is used, for example, to manage contact data or contract data. Furthermore, we use Zoho for communication within the scope of webinars and video conferences as well as for sending the newsletter. Data managed and processed via Zoho is stored exclusively on European servers. In individual cases, it may be necessary for support purposes that support staff from third-countries access data. In this regard, we have concluded EU standard contractual clauses with Zoho to ensure an appropriate level of data protection. The aforementioned data processing serves the provision of our services and the fulfilment of (pre-)contractual obligations. Accordingly, the use of Zoho is based on our legitimate interest and the fulfilment of (pre-)contractual obligations.

Use of AWS

We host our systems on Amazon Web Services Inc. ("AWS"). The aforementioned data processing serves to provide the technical infrastructure and is therefore based on our legitimate interest. While doing so we use servers in the European Union. For technical reasons, it may be necessary for support staff from third-countries to access data. In this regard, we have concluded EU standard contractual clauses with AWS to ensure an adequate level of data protection.

Social Media

Plug-ins

We use plug-ins from LinkedIn (LinkedIn Ireland Unlimited Company) and XING (New Work SE) (collectively "operators") on our website to promote our presence on the corresponding networks. This advertising purpose constitutes a legitimate interest of enmacc. A direct connection between your browser and the LinkedIn/Xing server is established via a plug-in. This provides the operator with the information that you have visited our website with your IP address. In addition, it is then possible for the operator to assign your visit to our website to you and your user account. We would like to point out that we have no knowledge of the content of the transmitted (personal) data or its use by the operators. The responsibility for the data protection-compliant operation of the networks is to be ensured by the respective provider. Further information on this can be found in the privacy policy of LinkedIn and Xing.

Social Media Presence

LinkedIn and Xing ("operators") are solely responsible for the processing of personal data when visiting enmaccs LinkedIn or Xing page. Enmacc only receives information from the processing activities of the respective operator in the form of so-called anonymised page insights. These insights show, for example, what kind of actions are carried out on our site. For this purpose, the operator uses in particular information stored in your profile. The processing of personal data serves to evaluate the actions performed on our network company page. We use the knowledge gained from this to improve the company page within the networks. The processing therefore serves our legitimate interest. Under certain circumstances, personal data may also be processed in the USA or other third countries. However, the data transfer only takes place if an appropriate level of protection is guaranteed in terms of the GDPR. Further information on the processing of personal data can be found in the respective privacy policy of the operators (see above).

Links to and from other websites

Our websites may contain links to websites of other providers to which this data privacy statement does not apply. enmacc is not responsible for the data privacy provisions or content of linked websites. We accept no liability or warranty for the content of websites that our website references either directly or indirectly. Visitors follow links to other websites at their own risk and use them in accordance with the applicable Terms and Conditions of the respective operators. Our website may have been linked by third parties without our knowledge. enmacc does not accept any responsibility for images, content or any links in third party websites.

Note on security

The confidential handling of all data and information is strict corporate philosophy. Our security measures are being continually improved in line with technological developments. Please remember that the internet is an open system. Data may be transmitted to other websites which do not have any or very lax security regulations in place. Hence third parties, as unintended recipients, may be able to access your data. We cannot guarantee complete data security when communicating via email, which is why we recommend that you exchange confidential information by letter.

Data subject rights and contacts

In addition, you may at any time assert your rights out of Art. 15-21 GDPR like claim for information, a copy, correction or deletion or for limitation of the processing or the exercise of your right of objection against the processing as well as the right to data transferability. You can address all questions and concerns about data protection at enmacc by e-mail to privacy@enmacc.com or by letter to our company address. In addition, you have the right to contact the data protection supervisory authority in the event of complaints. You can find our general contact details here.