You have reached this page via a link because you want to learn more about our handling of (your) personal data. In order to comply with our information duties under Article 12 ff. of the General Data Protection Regulation (GDPR), we are happy to provide you with the following information on our data protection:
We offer you an assurance that we have technical and organisational measures in place to protect our data processing systems and ensure that your data is safe from any access, modification or disclosure by unauthorised persons, and against loss and destruction.
The information contained here on data protection applies for ENERPARC AG and enterprises associated with the ENERPARC Group, in particular project companies with their seat at Zirkusweg 2, 20359 Hamburg, Eimsbütteler Chaussee 45, 20259 Hamburg, and Mittelstraße 11-13, 40789 Monheim am Rhein.
Who is responsible for data processing?
The responsible party (controller) within the meaning of data protection law is
Zirkusweg 2, 20359 Hamburg
Contact: Stefan Müller, Executive Board
Tel: 040 756644-90
Fax: 040 756644-965
You can find further information on our company, details of authorised company representatives and also other methods of making contact in the Imprint section of our internet site: Imprint - ENERPARC AG
Which data relating to you do we process? And for what purposes?
When we receive data from you we always process this only for the purposes for which it was collected or received.
Data processing for other purposes is only considered if there are the necessary legal grounds for this in accordance with Article 6 (4) GDPR. In this case we will of course take account of any information duties in accordance with Article 13 (3) GDPR and Article 14 (4) GDPR.
When you commission us or we commission you, we collect the following information:
- Title, first name, surname
- Email address
- Telephone number (fixed line and/or mobile, if wished)
- Fax number (if applicable and wished)
- Account data
In addition, all information is collected which is necessary to fulfil the contract with you.
The collection of the personal information is done,
- to be able to identity you as customer/supplier/service provider;
- to be able to fulfil our contractual duties towards you;
- to be able to fulfil our legal obligations;
- to correspond with you;
- to enable invoicing or the sending of reminders;
- to assert any claims against you.
What is this legal basis for this?
In principle and providing there are no more specific legal provisions, the legal basis for the processing of personal data is Article 6 GDPR. The possibilities here are in particular the following:
- Consent (Article 6 (1)(a) GDPR)
- Data processing for the performance of contracts (Article 6 (1)(b) GDPR)
- Data processing on the basis of a weighing up of interests (Article 6 (1)(f) GDPR)
- Data processing to fulfil a legal obligation (Article 6 (1)(c) GDPR)
If personal data relating to you is processed based upon your consent, you have the right to revoke the consent with respect to us at any time with effect for the future.
If we process data on the basis of a balancing of interests, you have the right as the data subject to object to the processing of the personal data taking account of the provisions of Article 21 GDPR.
How long do we store the data?
We process the data as long as this is necessary for the respective purpose.
Insofar as statutory retention obligations exist, the personal data in question will be stored for the duration of the retention obligation. After expiry of the retention obligation, it is checked whether there is a further necessity for processing. If there is no longer a need, the data will be deleted.
As a matter of principle, we carry out an examination of data towards the end of a calendar year with regard to the need for further processing. Due to the volume of data, this check is carried out with regard to specific types of data or purposes of processing.
Of course, you can request information about the data we have stored about you at any time (see below) and, if there is no need for further processing, you can request that the data be deleted or the processing restricted.
To what recipients is the data disclosed?
Besides the ENERPARC AG as data controller other affiliated enterprises, postal service providers, accountants, providers of software and service solutions, cloud providers, etc. are also recipients of your data. If necessary, order processing contracts have been concluded with the recipients in line with Article 28 GDPR. We would be happy to inform you of the specific recipients of your data.
Your personal data will only be passed on if
- you have given us your express consent in accordance with Art. 6 (1) sentence 1a) DSGVO,
- this is necessary in accordance with Art. 6 para. 1 sentence 1b) DSGVO for the processing or fulfillment of our obligations under a contract with you,
- we are obliged to do so pursuant to the provision of Art. 6 sentence 1c) DSGVO,
- the transfer is necessary for the assertion, exercise or defense of legal claims (Art. 6 para. 1 sentence 1f) DSGVO). The prerequisite is that there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data.
Where is the data processed?
In principle the processing of your data is done in Germany and in other countries within the EU. If your personal data is processed in a country outside the EU or if recipients of your personal data are in a country outside the EU in which the level of data protection may not be equivalent to that of the EU, the following applies: we will ensure that these countries are only such countries as the EU Commission has decided have an appropriate level of data protection. In cases where the level of data protection in the recipient country is not comparable to that of the EU, we will fulfil the conditions developed by the EU and use what are known as standard contractual clauses. These are available upon request via any of the contact options stated above.
Automated decision-making, profiling
For the establishment and implementation of business relations we do not ever use any automated decision-making within the meaning of Article 22 GDPR.
Your rights as “data subject(s)”
You have the right of access to the personal data stored by us concerning you. In the case of a request for access which is not in writing we ask you to understand that we may request that you provide evidence to prove that you are the person you claim to be.
In addition, you have the right to rectification or erasure or to restriction of the processing, to the extent this is legally permissible.
Additionally, you have a right to object to the processing in the course of the statutory provisions. The same applies to a right to data portability.
Right of objection
Insofar as we process personal data in order to protect our legitimate interests, which prevail in the context of a balancing of interests, you may object to this processing with effect for the future:
- If the processing is carried out for direct marketing purposes, you can exercise this right at any time.
- If the processing is carried out for other purposes, you only have the right to object if there are grounds arising from your particular situation.
After you have exercised your right to object, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
This does not apply if the processing is for direct marketing purposes. Then we will not further process your personal data for this purpose.
Right of complaint
You have the right to complain about the processing of personal data by us to a data protection supervisory authority.
Our data protection officer
We have appointed an external data protection officer. This person can be reached at the above address of the data controller with the address addition "personal – confidential for the data protection officer" as well as at firstname.lastname@example.org.