You have reached this page via a link because you want to learn more about our handling of (your) personal data. In order to comply with our information duties under Article 12 ff. of the General Data Protection Regulation (GDPR), we are happy to provide you with the following information on our data protection:
We offer you an assurance that we have technical and organisational measures in place to protect our data processing systems and ensure that your data is safe from any access, modification or disclosure by unauthorised persons, and against loss and destruction.
The information contained here on data protection applies for ENERPARC AG and enterprises associated with the ENERPARC Group, in particular project companies with their seat at Zirkusweg 2, 20359 Hamburg, Eimsbütteler Chaussee 45, 20259 Hamburg, and Mittelstraße 11-13, 40789 Monheim am Rhein.
Who is responsible for data processing?
The responsible party (controller) within the meaning of data protection law is
Zirkusweg 2 20359 Hamburg
Contact: Stefan Müller, Executive Board
Tel: 040 756644-90
Fax: 040 756644-965
You can find further information on our company, details of authorised company representatives and also other methods of making contact in the Imprint section of our internet site: Imprint - ENERPARC AG
Which data relating to you do we process? And for what purposes?
When we receive data from you we always process this only for the purposes for which it was collected or received.
Data processing for other purposes is only considered if there are the necessary legal grounds for this in accordance with Article 6 (4) GDPR. In this case we will of course take account of any information duties in accordance with Article 13 (3) GDPR and Article 14 (4) GDPR.
When you commission us or we commission you, we collect the following information:
- Title, first name, surname, company name
- Email address
- Telephone number (fixed line and/or mobile, if wished)
- Fax number (if applicable and wished)
In addition, all information is collected which is necessary to fulfil the contract with you.
The collection of the personal information is done,
- to be able to identity you as customer/supplier/service provider;
- to be able to fulfil our contractual duties towards you;
- to be able to fulfil our legal obligations;
- to correspond with you;
- to enable invoicing or the sending of reminders;
- to assert any claims against you.
What is this legal basis for this?
In principle and providing there are no more specific legal provisions, the legal basis for the processing of personal data is Article 6 GDPR. The possibilities here are in particular the following:
- Consent (Article 6 (1)(a) GDPR)
- Data processing for the performance of contracts (Article 6 (1)(b) GDPR)
- Data processing on the basis of a weighing up of interests (Article 6 (1)(f) GDPR)
- Data processing to fulfil a legal obligation (Article 6 (1)(c) GDPR)
If personal data relating to you is processed based upon your consent, you have the right to revoke the consent with respect to us at any time with effect for the future.
If we process data on the basis of a balancing of interests, you have the right as the data subject to object to the processing of the personal data taking account of the provisions of Article 21 GDPR.
How long do we store the data?
We will store your data for as long as it is needed for the relevant purpose.
Typically, this results in following time limits:
- General enquiries: we delete data after processing of your enquiry is complete.
- Offer data: after 6 months (of response to the customer),
- Contractual documentation not relating to long-term obligations: 10 years from contractual conclusion
- Contractual documentation relating to long-term obligations: 10 years from termination of the long-term obligation
Of course you can request information about the data we are storing which relates to you at any time (see below) and in the case that there are no necessary grounds to request deletion or restriction of the processing.
To what recipients is the data disclosed?
Besides the ENERPARC AG as data controller other affiliated enterprises, postal service providers, accountants, providers of software and service solutions, cloud providers, etc. are also recipients of your data. If necessary, order processing contracts have been concluded with the recipients in line with Article 28 GDPR. We would be happy to inform you of the specific recipients of your data.
Disclosure of your personal data to third persons always only occurs if this is necessary for performance of the contract with you, the disclosure is permissible on the basis of a balancing of interests within the meaning of Article 6 (1)(f) GDPR, we are legally obliged to disclose the data or you have given your consent for this.
Where is the data processed?
In principle the processing of your data is done in Germany and in other countries within the EU. If your personal data is processed in a country outside the EU or if recipients of your personal data are in a country outside the EU in which the level of data protection may not be equivalent to that of the EU, the following applies: we will ensure that these countries are only such countries as the EU Commission has decided have an appropriate level of data protection. In cases where the level of data protection in the recipient country is not comparable to that of the EU, we will fulfil the conditions developed by the EU and use what are known as standard contractual clauses. These are available upon request via any of the contact options stated above.
Automated decision-making, profiling
For the establishment and implementation of business relations we do not ever use any automated decision-making within the meaning of Article 22 GDPR.
Your rights as “data subject(s)”
You have the right of access to the personal data stored by us concerning you. In the case of a request for access which is not in writing we ask you to understand that we may request that you provide evidence to prove that you are the person you claim to be.
In addition, you have the right to rectification or erasure or to restriction of the processing, to the extent this is legally permissible.
Additionally, you have a right to object to the processing in the course of the statutory provisions. The same applies to a right to data portability.
Right to lodge a complaint
You have the right to lodge a complaint about our processing of your personal data with a supervisory authority for data protection. A list of the data protection officers and their contact details can be found under the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Our data protection officer
We have appointed a data protection officer for our company:
BEREDI Marketing GmbH
Tel: 040 22861374
Fax: 040 22861379
Hamburg, 08 January 2020