Privacy Policy

Below we would like to inform you about the processing of personal data when using our internet pages.

Information on the responsible body

The body responsible for the data processing on this website is:

Kirchenpauerstraße 26
20457 Hamburg

Contact: Stefan Müller, Member of the Board

Phone: +49 40 756644-90
Fax: +49 40 756644-965

For further information about our company and its representatives, please refer to our Imprint at

Data protection officer

We have appointed an external data protection officer. This person can be reached at the above address of the data controller with the address addition "personal – confidential for the data protection officer" as well as at

Legal basis for the data processing

As a general rule, we only process personal data in running this website if this is required to provide a functional website, our content and the services associated with it.

We base this policy on the following legal foundations:  

  • consent pursuant to Art. 6 (1)(a) GDPR
  • fulfilment of contracts pursuant to Art. 6 (1)(b) GDPR
  • fulfilment of a legal obligation pursuant to Art. 6 (1)(c) GDPR
  • legitimate interest pursuant to Art. 6 (1)(f) GDPR.

We will specify the relevant legal basis for any particular processing in these data protection notes.

If we process personal data on the basis of your consent, you have the right at any time to inform us that you are revoking your consent, effective for the future.

If we process data on the basis of weighing up competing interests, you as the data subject have the right to object to the processing of personal data taking account of the specifications contained in Art. 21 GDPR.

Erasure of data

As a matter of principle, we delete personal data if there is no requirement for their further storage. In particular, a requirement may apply if the data are still needed to enable us to fulfil contractual services and verify, grant or reject warranty or guarantee claims. In the case of statutory retention duties defined in EU directives, laws or other regulations under European or national legislation to which the controller is subject, data will only be considered for erasure after the relevant retention period expires.

Place of data processing

If personal data are processed outside the European Union, you can learn this from explanations of particular processing activities.

Access data

You can visit our website without giving any personal details. However, when you call up this website, the browser used on your device automatically sends information to the website’s server. This information is stored temporarily in a so-called log file.

The following information is registered without any involvement from you and stored until the record of your visit to the website is automatically deleted:

  • The access logs of the web servers record which page requests have taken place and when. They contain the following data: IP, directory protection user, date, time, accessed pages, logs, status code, amount of data, referer, user agent, accessed host name.
  • The IP addresses are stored anonymously. For this purpose, the last three digits are removed, i.e. becomes 127.0.0.* IPv6 addresses are also anonymized. The anonymized IP addresses are retained for 60 days. Information about the directory protection user used is anonymized after one day.  
  • Error logs, which record erroneous page requests, are deleted after seven days. In addition to the error messages, these contain the accessing IP address and, depending on the error, the accessed website. 
  • Accesses via FTP are logged with anonymized information on user name and IP address and stored for 60 days.
  • The mail logs for sending e-mails from the web environment are anonymized after one day and then retained for 60 days. During anonymization, all data on the sender / recipient etc. is removed. Only the data on the time of sending and the information on how the e-mail was processed are retained (queue ID or not sent). Mail logs for sending via our mail servers are deleted after four weeks. The longer retention period is necessary to ensure the functionality of the mail services and spam prevention.

The legal basis for processing personal data is our legitimate interest under Art. 6 (1) Sentence 1 (f) GDPR. The information specified is used

  • to ensure that the website runs without hitches 
  • for evaluation purposes to improve our offering
  • to guarantee a smooth connection
  • to enhance the ease of use of this website
  • to enable us to evaluate the system security and stability of this website
  • for further administrative purposes

As a matter of principle, we do not use the data we collect to draw conclusions about you personally.

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content such as in enquiries which you send to us as the operator of the site, this website uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address bar in the browser changes from “http://” to “https://” and by the padlock symbol in your browser bar.

If SSL or TLS encryption is activated, the data which you send to us cannot be read by third parties.

Hosting by a third-party provider

This website is hosted by an external provider. We have concluded a hosting contract with this provider as well as a corresponding processing contract. The host’s servers are located in Germany.

All the data collected in the course of using this website or in forms provided for this purpose are processed on this host’s servers. Such data can include IP addresses, website visits, meta data and communication data, enquiries and other data generated by a website.

The host is used to protect our legitimate interest under Art. 6 (1)(f) GDPR in the correct presentation of our offering and the fast, secure and efficient delivery of our website; this interest outweighs all other interests.

Enquiry by email, telephone or fax

If you contact us by email, telephone or fax, your enquiry including all personal data resulting from it (name, enquiry) is stored and processed on our premises for the purpose of responding to the matter you have raised. We will not forward these data without your consent.

These data are processed on the basis of Art. 6 (1)(b) GDPR if your enquiry is connected to the fulfilment of a contract or is required to implement pre-contractual measures. In all other cases, the processing is based on your consent (Art. 6 (1)(a) GDPR) and/or on our legitimate interests (Art. 6 (1)(f) GDPR) as we have a legitimate interest in the effective processing of enquiries directed at us.

The data which you send to us through enquiries remain with us until you request us to delete them, withdraw your consent to their storage or the purpose for storing the data no longer applies (e.g. after the processing of your enquiry has been completed). Statutory provisions – in particular, statutory retention periods – remain unaffected.

Contact form for the leasing of land parcels

On this website, we provide a contact form you can use to send us offers for leasing or purchasing land parcels.  

In this form we process the following (personal) data: 

  • First name
  • Surname (required)
  • State (required)
  • Postal code, city 
  • District 
  • Land parcel (required)
  • Plot (required)
  • Size in hectare (required)
  • Voluntary information about the property

During our selection process, your personal data are processed by the responsible department. As a matter of principle, only the department responsible for this processing has access to your offer data. We do not share your data with third parties without your consent. 

The data entered in the contact form are processed based on your voluntarily given consent according to Art. 6 (1) (a) GDPR.

You have the option of revoking your consent to data storage at any time. The data you have entered in the contact form are deleted as soon as they are no longer needed to fulfil the purpose for which they were collected. Personal data entered in the entry fields of the contact form, and any data that may have been sent later in a follow-up e-mail, are no longer needed when the respective conversation with the user is completed. The conversation is considered completed when circumstances indicate that the matter at hand has been conclusively resolved. Compulsory legal regulations – in particular retention periods – remain unaffected.

If we are interested in the land parcel you are offering, we will transfer your data to our system. From that point on, we process your data based on Art. 6 (1)(b) GDPR and refer you to our Privacy Policy

Transfer of data

We will never pass on data which we receive from you to third parties, in particular for their advertising purposes. As a general rule, your personal details are only passed on to third parties if this is necessary to fulfil the contract with you, transfer is permissible on the basis of weighing up interests as defined by Art. 6 (1)(f) GDPR, we are legally obliged to transfer them or you have given your consent in this regard. 

However, we deploy service providers, for example, to operate this website. On occasion, a service provider may become aware of personal data. We select our service providers with care – particularly with regard to data protection and data security – and implement all the measures required under data protection legislation for permissible data processing.


Adjust cookie seetings

We use cookies on our website. These serve to make our offer more user-friendly, effective and secure. Cookies are text files that are stored on your computer and saved by your browser. Cookies do not cause any damage to your end device, do not contain viruses, Trojans or other malware.

The legal basis for the storage of cookies, device identifiers and similar tracking technologies or for the storage of information in the end user's terminal equipment and access to this information is the European ePrivacy Directive in conjunction with the Telecommunications and Telemedia Data Protection Act (TTDSG).

For the processing of personal data collected in this context, the legal basis regularly results from Art. 6 para. 1 p.1 DSGVO. 

The primary legal basis for the storage of information in the end user's terminal equipment - thus in particular for the storage of cookies - is your consent pursuant to Section 25 (1) p.1 TTDSG. The consent is given when you visit our website - although of course it does not have to be given - and can be revoked at any time in the cookie settings.

Pursuant to Section 25 (2) No. 2 TTDSG, consent is not required if the storage of information in the end user's terminal equipment or access to information already stored in the end user's terminal equipment is absolutely necessary for the provider of a telemedia service to be able to provide a telemedia service expressly requested by the user. You can see from the cookie settings which cookies are to be classified as absolutely necessary and therefore fall under the exception of Section 25 (2) TTDSG and thus do not require consent.

Cookie management

We use the consent management service Cookiebot, of Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (Cybot). This enables us to obtain and manage consent from website users for data processing. The legal basis for the data processing is Art. 6 para.1 lit. f DSGVO. The legitimate interest of the provider is the user-friendliness of the website and the fulfillment of the legal requirements from the DSGVO. For this purpose, the following data is processed with the help of cookies:

  • Your IP address (the last three digits are set to '0'), 
  • Date and time of the consent,
  • URL from which the consent was sent, 
  • User agent of the end user's browser, 
  • an anonymous, random and encrypted key, and 
  • Consent status of the end user as proof of consent. 

The key and consent status are stored in the browser for 12 months using the "CookieConsent" cookie. This preserves your cookie preference for subsequent page requests. With the help of the key, their consent can be proven and traced.

The functionality of the website is not guaranteed without the processing.

Cybot is a recipient of your personal data and acts as a processor for us.

The processing takes place in the European Union. For more information on objection and removal options vis-à-vis Cybot, please visit:

Your personal data will be deleted consecutively after 12 months or immediately after the termination of the contract between us and Cybot.

Google Analytics

Deactivate Google Analytics

Insofar as you have given your consent, this website uses Google Analytics, a web analytics service provided by Google LLC. The controller for users in the EU, EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

Scope of processing

Google Analytics enables the website operator to analyze the behavior of website visitors. In doing so, the website operator receives various usage data, such as page views, length of stay, operating systems used and origin of the user. This data may be summarized by Google in a profile that is assigned to the respective user or their end device.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.

Legal basis

The legal basis for this data processing is your consent pursuant to Art.6 para.1 p.1 lit.a DSGVO.


You can revoke your consent at any time with effect for the future by calling up the cookie settings and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected.

IP anonymization

We have activated the IP anonymization function on this website. As a result, your IP address will be shortened by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.

Third country transfer

Insofar as data is processed outside the EU or the EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU or the EEA. You may not be entitled to any legal remedies against access by authorities.


Recipients of the data are or may be:

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor according to Art. 28 DSGVO).
  • Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
  • Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

It cannot be ruled out that US authorities access the data stored by Google.

Storage period

Data stored by Google at user and event level that is linked to cookies, user identifiers (e.g. User ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) is anonymized or deleted after 14 months. For details, please see the following link:

Demographic characteristics with Google Analytics

This website uses the "demographic characteristics" function of Google Analytics to display suitable advertisements to website visitors within the Google advertising network. This allows reports to be generated that include statements about the age, gender, and interests of site visitors. This data comes from interest-based advertising from Google as well as from visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as shown in the item "Objection to data collection".

Google Ads

Type and scope of processing

Google Ads is integrated on our website. Google Ads is a service provided by Google Ireland Limited to display targeted advertising to users. Google Ads uses cookies and other browser technologies to evaluate user behavior and recognize users.

Google Ads collects information about visitor behavior on various websites. This information is used to optimize the relevance of the advertising. In addition, Google Ads delivers targeted advertising based on behavioral profiles and geographic location. Your IP address and other identifiers, such as your user agent, are transmitted to the provider.

If you are registered with a Google Ireland Limited service, Google Ads can associate the visit with your account. Even if you are not registered with Google Ireland Limited or have not logged in, it is still possible for the provider to find out and store your IP address and other identification features.

In this case, your data will be passed on to the operator of Google Ads, namely Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Purpose and legal basis

We process your data on the basis of your consent pursuant to Art. 6 para. 1 lit. a. DSGVO with the help of Google Ads for the purpose of optimizing our website and for marketing purposes.

Storage period

We cannot influence the specific storage period of the processed data, this is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Ads:

Google DoubleClick

Type and scope of processing

We have integrated components of DoubleClick on our website. DoubleClick is a brand of Google. Here, mainly special online marketing solutions are marketed to advertising agencies and publishers. DoubleClick transmits data to the DoubleClick server with each impression as well as with clicks or other activities.

Each of these data transfers triggers a cookie request to the browser of the data subject. If the browser accepts this request, DoubleClick sets a cookie in your browser.

To handle the technical procedure, DobuleClick requires a cookie ID. This is required, for example, to display an advertisement in a browser. It is also possible to record the advertisements that have already been displayed in a browser, so that duplicate placements can be avoided. In addition, this makes it possible to record conversions. Conversions are recorded, for example, if a DoubleClick ad was previously displayed to a user and the user subsequently makes a purchase on the advertiser's website using the same Internet browser.

A DoubleClick cookie does not contain any personal data. However, it may contain additional campaign identifiers that serve to identify the campaigns with which you have already been in contact on other websites. Here, Google obtains knowledge of data that Google also uses to create commission statements. For example, Google can track that a certain link on our website has been clicked. In this case, your data is passed on to the operator of DoubleClick, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Further information and the applicable privacy policy of DoubleClick by Google can be found at

Purpose and legal basis

The processing of your data with the help of the Double-Click cookie serves the purpose of optimizing and displaying advertising on the basis of your consent pursuant to Art. 6 (1) lit. a DSGVO. You give your consent by setting the use of cookies, with which you can also declare your revocation at any time with effect for the future. 

Storage period

We cannot influence the specific storage period of the processed data, this is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google DoubleClick:

Google Dynamic Remarketing

We use the dynamic remarketing function of Google AdWords on our website. The technology enables the automatic placement of targeted advertising after your visit to our website. The ads are based on the content you clicked on the last time you visited our website.

Google uses cookies to create these interest-based ads. Google usually stores information about your web request, your IP address, browser type, browser language, date and time. This information is only used to associate the browser with a specific computer and cannot be used to identify an individual.

You can disable user-based ads using Google's ads setting.

For further instructions, please visit   

Google Maps

Google Maps is used on this site. For this purpose, corresponding program libraries or map content are called up from Google servers. The responsible party for data processing by Google Maps is Google Cloud EMEA Ltd. based in Ireland.

For us, the legal basis is Art. 6 para. 1 lit. f) DSGVO. Insofar as Google Cloud EMEA Ltd. transfers data to third countries, it will only do so, according to its own information, if an appropriate level of data protection can be guaranteed in the respective third country. This can be done, for example, through the so-called EU standard contractual clauses.

Google Tag Manager

This website uses the Google Tag Manager. The Google Tag Manager is an auxiliary service and only processes personal data itself for technically necessary purposes. The Google Tag Manager takes care of loading other components, which may in turn collect data. The Google Tag Manager does not access this data. 

The legal basis for the use of the technically necessary cookie is our legitimate interest according to Art. 6 para. 1 p. 1 lit. f DSGVO.

For more information, please refer to the provider's terms of use at:


Our website uses the video portal Vimeo for the integration of videos. The provider is Vimeo Inc., USA. 

You can find further information on the treatment of user data in Vimeo’s privacy notice at:

The legal basis for transferring technically required data to Vimeo is Art. 6 (1) (f) GDPR. In order to ensure an adequate level of data protection when transmitting data to the USA, we have concluded the EU standard contractual clauses with Vimeo in the so-called “controller to controller” variant. 

In addition, the videos from Vimeo are always integrated in the "Do Not Track" variant, so that personal data is only transmitted to Vimeo in a minimal way.

MyFonts Counter

On this website, we use MyFonts Counter, a web analytical service provided by MyFonts Inc., 500 Unicorn Park Drive, Woburn, MA 01801, USA. Page view tracking is carried out on the basis of the terms of the licence by counting the number of visits to the website for statistical purposes and transmitting it to MyFonts. MyFonts only collects anonymised data in the process. Data may be forwarded if JavaScript code is enabled in your browser. You can install a JavaScript blocker (e.g. to prevent MyFonts from running JavaScript code in general. You can find further information on MyFonts Counter in MyFonts’ privacy notice at

Social networks 

We take data protection in social networks very seriously. Unfortunately, there is still no conclusive legal clarification of whether and to what extent social networks are in compliance with European data protection laws in offering their services. As soon as any new, legally secure findings are available, we will immediately implement them. Until such time, please check carefully what personal data you make available to social networks by using one of our sites.

Please remember that social networks store the data of their users (e.g. personal information, IP address) in accordance with their data usage guidelines and use them for business purposes. We have no control over the collection of data and their further use by social networks. We cannot discern to what extent, in what location and for how long data are stored, to what extent the networks meet their existing duties of erasure, what evaluations and links are made with the data and to whom the data are forwarded.

We have an account with Twitter (Twitter Inc.). Twitter Inc. (USA) is solely responsible for the processing of personal data when you visit our Twitter profile. You can find the data protection declaration at, settings can be made at

We also have a company profile at Xing (New Work SE). You will find their data protection policy at

We also have a company page at LinkedIn (LinkedIn Ireland Unlimited Company). The legal basis for this processing is given by Art. 6 (1)(f) GDPR. You will find the data protection policy of LinkedIn at An opt-out can be exercised at 

No automated decision-making / profiling

We do not use any automated procedures for decision-making nor any profiling.

Rights of data subjects

You have the following rights with respect to us regarding personal data relating to yourself:

You have the right of access to personal data relating to yourself. You can turn to us for information at any time. If your request for information is not submitted in writing, we would ask you to appreciate that we may require evidence from you to show that you are the person who you claim to be. 

You also have a right of rectification or erasure or to restrict the processing provided you are legally entitled to do so.

Finally you have a right of objection (see below) to the processing within the bounds of statutory requirements.

You also have a right to data portability as part of the requirements contained in data protection legislation.

Right of objection

If we process personal data as part of our overriding legitimate interests as described above, you can object to this processing with future effect. If the data are processed for direct marketing purposes, you can exercise this right at any time. If the processing is for other purposes, you only have a right of objection for reasons resulting from your particular situation.

If you lodge an objection, we will no longer process your personal data for these purposes unless we can show compelling reasons for the processing which outweigh your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims.

This does not apply if the processing serves direct marketing purposes. In that case, we will no longer process your personal data for this purpose. 

Right of complaint to responsible regulatory authority

You have the right to complain about the processing of personal data by us to a regulatory body for data protection. 

Objection to advertising mail

The use of contact details published as part of the mandatory legal notice to send advertising and information material which have not been expressly requested, is hereby forbidden. The operators of the websites explicitly reserve the right to take legal action if unsolicited advertising information is sent, e.g. through spam mails.

Last amended: 01/11/2022

Further privacy policy regulations:

Principles for data processing at Enerparc

Information on handling of personal data