Privacy Policy

1. Introduction

With the following information, we would like to provide you, as the "data subject," with an overview of the processing of your personal data by us and your rights under data protection laws. The use of our websites is generally possible without entering personal data. However, if you wish to use special services of our company via our website, the processing of personal data may become necessary. If the processing of personal data is required and there is no legal basis for such processing, we generally obtain your consent.

The processing of personal data, such as your name, address, or email address, is always in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations applicable to "IAS Bonn GmbH." Through this privacy policy, we aim to inform you about the scope and purpose of the personal data we collect, use, and process.

We, as the controller responsible for processing, have implemented numerous technical and organizational measures to ensure the most complete protection of the personal data processed through this website. Nevertheless, internet-based data transmissions can have security gaps, so absolute protection cannot be guaranteed. For this reason, you are free to transmit personal data to us by alternative means, such as telephone or mail.

You can also take simple and easy-to-implement measures to protect yourself against unauthorized access to your data by third parties. Therefore, we would like to give you some advice on the safe handling of your data:

Protect your account (login, user, or customer account) and your IT system (computer, laptop, tablet, or mobile device) with secure passwords.
Only you should have access to the passwords.
Ensure that you always use your passwords only for one account (login, user, or customer account).
Do not use a password for different websites, applications, or online services.
Especially when using publicly accessible or shared IT systems, always log out after each session on a website, application, or online service.

Passwords should consist of at least 12 characters and be chosen so that they are not easily guessed. Therefore, they should not include common words from everyday life, your own name, or names of relatives, but should contain upper and lower case letters, numbers, and special characters.

2. Controller

The controller within the meaning of the GDPR is:

ENEMAC Gesellschaft für Energie- und Maschinentechnik mbH
Daimler Ring 42
63839 Kleinwallstadt

3. Data Protection Officer

We point out that no data protection officer needs to be appointed.

4. Definitions

This privacy policy is based on the terms used by the European directives and regulations when issuing the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and understand for the public as well as our customers and business partners. To ensure this, we would like to explain the terminology used in advance.

We use the following terms, among others, in this privacy policy:

Personal Data
Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
Data Subject
Data subject is any identified or identifiable natural person whose personal data is processed by the controller (our company).
Processing
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
Restriction of Processing
Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.
Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
Pseudonymization
Pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
Processor
Processor means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
Recipient
Recipient means a natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
Third Party
Third party means a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
Consent
Consent of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

5. Legal Basis of Processing

Article 6(1)(a) GDPR (in conjunction with Section 25(1) TDDG (formerly TTDSG)) serves as the legal basis for our company for processing operations for which we obtain consent for a specific processing purpose.

If the processing of personal data is necessary for the performance of a contract to which you are a party, as is the case, for example, with processing operations necessary for the supply of goods or to provide any other service or consideration, the processing is based on Article 6(1)(b) GDPR. The same applies to such processing operations that are necessary for carrying out pre-contractual measures, for example, in cases of inquiries about our products or services.

If our company is subject to a legal obligation by which processing of personal data is required, such as for the fulfillment of tax obligations, the processing is based on Article 6(1)(c) GDPR.

In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured in our establishment and his or her name, age, health insurance data, or other vital information would need to be passed on to a doctor, hospital, or other third party. Then the processing would be based on Article 6(1)(d) GDPR.

Ultimately, processing operations could be based on Article 6(1)(f) GDPR. This legal basis is used for processing operations not covered by any of the above legal grounds if the processing is necessary for the purposes of the legitimate interests pursued by our company or a third party, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. He considered that a legitimate interest could be assumed if you are a customer of our company (Recital 47 Sentence 2 GDPR).

Our offer is generally aimed at adults. Persons under the age of 16 may not transmit personal data to us without parental or guardian consent. We do not request personal data from children and adolescents, do not collect such data, and do not pass it on to third parties.

6. Technology

6.1 SSL/TLS Encryption

This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data, or contact requests that you send to us as the operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

We use this technology to protect your transmitted data.

6.2 Data Collection When Visiting the Website

When you use our website purely for informational purposes, i.e., if you do not register or otherwise transmit information to us or do not give consent for consent-required processing, we only collect the data that is technically necessary to provide the service. These are typically data transmitted by your browser to our server ("in so-called server log files"). Our website collects a series of general data and information with each access by you or an automated system. This general data and information are stored in the server log files. The data collected may include:

browser types and versions used,
the operating system used by the accessing system,
the website from which an accessing system reaches our website (so-called referrer),
the sub-websites accessed via an accessing system on our website,
the date and time of access to the website,
an Internet Protocol (IP) address, and
the Internet service provider of the accessing system.

When using this general data and information, we do not draw any conclusions about your person. This information is rather needed to:

deliver the content of our website correctly,
optimize the content of our website as well as advertising for it,
ensure the permanent functionality of our IT systems and the technology of our website, and
provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber attack.

This collected data and information are therefore evaluated statistically and with the aim of increasing data protection and data security in our company to ultimately ensure an optimal level of protection for the personal data we process. The data of the server log files are stored separately from all personal data provided by a data subject.

The legal basis for data processing is Article 6(1)(f) GDPR. Our legitimate interest follows from the purposes listed above for data collection.

7. Cookies

7.1 General Information About Cookies

Cookies are small files that your browser automatically creates and that are stored on your IT system (laptop, tablet, smartphone, etc.) when you visit our site.

Information is stored in the cookie that arises in connection with the specific device used. This does not mean, however, that we immediately become aware of your identity.

The use of cookies serves to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our site.

In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your device for a specified period. If you visit our site again to use our services, it is automatically recognized that you have already been with us and what entries and settings you have made so that you do not have to enter them again.

On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. These cookies allow us to recognize that you have already visited our website when you visit it again. These cookies are automatically deleted after a defined period. The respective storage duration of the cookies can be found in the settings of the consent tool used.

7.2 Legal Basis for the Use of Cookies

The data processed by cookies, which are required for the proper functioning of the website, are necessary to protect our legitimate interests and those of third parties in accordance with Article 6(1)(f) GDPR.

For all other cookies, you have given your consent via our opt-in cookie banner in accordance with Article 6(1)(a) GDPR.

7.3 Instructions for Avoiding Cookies in Common Browsers

You can delete cookies at any time via the settings of your browser, allow only selected cookies, or deactivate cookies entirely. Further information can be found on the support pages of the respective providers:

7.4 Complianz GDPR/CCPA (Consent Management Tool)

We use the consent management tool "Complianz GDPR/CCPA Cookie Consent" (Complianz) from Complianz B.V., Kalmarweg 14-5, 9723 JG Groningen, Netherlands. This service allows us to obtain and manage the consent of website users for data processing.

Complianz collects data generated by end users using our website with the help of cookies. If an end user gives consent, the following data is automatically logged by Complianz:

browser information,
date and time of access,
device information,
the URL of the visited page,
banner language,
consent ID,
the end user's consent status, which serves as proof of consent.

The consent status is also stored in the end user's browser so that the website can automatically read and follow the end user's consent on all subsequent page requests and future end user sessions for up to 12 months. Consent data (consent and revocation of consent) is stored for three years. The retention period corresponds to the regular limitation period according to Section 195 of the German Civil Code (BGB). The data will then be deleted immediately.

The functionality of the website cannot be guaranteed without the described processing. The user has no possibility of objection as long as the legal obligation exists to obtain user consent for certain data processing operations (Article 7(1), 6(1)(c) GDPR).

Complianz is the recipient of your personal data and acts as a processor for us. The data processing takes place exclusively in the European Union.

Detailed information on the use of Complianz can be found at: https://complianz.io/legal/.

8. Content of Our Website

8.1 Contacting Us / Contact Form

When contacting us (e.g., via contact form or email), personal data is collected. The data collected in the case of using a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of responding to your request or for contacting you and the associated technical administration. The legal basis for processing the data is our legitimate interest in responding to your request in accordance with Article 6(1)(f) GDPR. If your contact aims to conclude a contract, an additional legal basis for processing is Article 6(1)(b) GDPR. Your data will be deleted after the final processing of your inquiry, provided that there are no statutory retention obligations.

9. Web Analytics

9.1 Google Analytics 4 (GA4)

We use Google Analytics 4 (GA4) on our websites, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

In this context, pseudonymized user profiles are created and cookies (see the "Cookies" section) are used. The information generated by the cookie about your use of this website can include:

temporary capture of the IP address without permanent storage
location data
browser type/version
operating system used
referrer URL (previously visited page)
time of the server request

The pseudonymized data can be transferred to and stored on a server in the USA by Google.

This information is used to evaluate the use of the website, compile reports on website activity, and provide other services related to website and internet usage for the purposes of market research and demand-oriented design of these internet pages. This information may also be transferred to third parties if required by law or if third parties process this data on behalf of Google.

These processing operations are carried out exclusively upon the explicit consent according to Article 6(1)(a) GDPR.

The preset storage duration of the data by Google is 14 months. Furthermore, personal data will be stored as long as it is necessary to fulfill the processing purpose. The data will be deleted as soon as it is no longer necessary for the purpose.

The parent company Google LLC is certified as a US company under the EU-US Data Privacy Framework. There is an adequacy decision pursuant to Article 45 GDPR, so the transfer of personal data can be carried out without further guarantees or additional measures.

For more information on data protection when using GA4, please visit: https://support.google.com/analytics/answer/12017362?hl=de.

10. Plugins and Other Services

10.1 Google Maps

We use Google Maps (API) on our website. The operator of Google Maps is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google group of companies with its headquarters at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Maps is a web service for displaying interactive (land) maps to visually present geographical information. Using this service can show you our location and facilitate any route planning.

When you call up those sub-pages in which the map of Google Maps is integrated, information about your use of our website (such as your IP address) is transmitted to Google's servers in the USA and stored there, provided that you have given consent in accordance with Article 6(1)(a) GDPR. Additionally, Google Maps loads Google Web Fonts and Google Photos as well as Google stats. The provider of the services is also Google Ireland Limited. When you access a page that includes Google Maps, your browser loads the required web fonts and photos into your browser cache. For this purpose, the browser you use establishes a connection to Google's servers. This gives Google knowledge that our website has been accessed via your IP address. This occurs regardless of whether Google provides a user account that you are logged into or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want your profile to be associated with Google, you must log out of your Google user account. Google stores your data (even for non-logged-in users) as usage profiles and evaluates them. You have a right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.

If you do not agree to the future transmission of your data to Google in the context of using Google Maps, there is also the option of completely deactivating the Google Maps web service by turning off the JavaScript application in your browser. Google Maps and thus the map display on this website cannot be used.

These processing operations are carried out exclusively upon the explicit consent according to Article 6(1)(a) GDPR.

You can view the Google terms of use at https://www.google.de/intl/de/policies/terms/regional.html, the additional terms of use for Google Maps can be found at https://www.google.com/intl/de_US/help/terms_maps.html.

You can view the privacy policy of Google Maps under: ("Google Privacy Policy"): https://www.google.de/intl/de/policies/privacy/.

10.2 Google WebFonts

Our website uses so-called web fonts provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland for the uniform representation of fonts. Google Ireland Limited is part of the Google group of companies with headquarters at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

When you call up a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly. For this purpose, the browser you use establishes a connection to Google's servers. This gives Google knowledge that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a uniform and attractive presentation of our website.

These processing operations are carried out exclusively upon the explicit consent according to Article 6(1)(a) GDPR.

For further information on Google Web Fonts and the privacy policy of Google, please visit: https://developers.google.com/fonts/faq; https://www.google.com/policies/privacy/.

11. Currency and Changes to the Privacy Policy

This privacy policy is currently valid and has the status: June 2024.

Due to the further development of our websites and offers or due to changed legal or regulatory requirements, it may be necessary to change this privacy policy. The current privacy policy can be accessed and printed out at any time on the website at "https://enemac.de/datenschutzerklaerung/".

This privacy policy was created with the support of the data protection software: THALES Rechtsanwälte.Datenschutz.