Privacy

Last revised: October 2023

ENERCON Global GmbH (‘ENERCON’) thanks you for visiting our website at www.enercon.de (‘Website’) and for your interest in our company and our products.  

The purpose of this Privacy Statement is to inform you about how we handle your personal data. It applies to the processing of personal data for the purposes of communication through this Website and outside the context of this Website.


Contents

I. Controller and Data Protection Officer

II. Definitions

III. Data processing when visiting our website

IV. Other Data processing operations

V. Data processing operations in the setting of services and other business operations

VI. Presences in social networks

VII. Rights as a data subject

VIII. Data security

IX. Obligations to provide data

X. Automated decision-making

XI. Information on the right to object

XII. Amendments to and updates of this Privacy Statement

I. Controller and Data Protection Officer

ENERCON processes your data as a controller.  

Contact details:  

Management ENERCON GmbH
Dreekamp 5, 26605 Aurich
Germany
E-mail: [email protected]  

The appointed Data Protection Officer can be reached by post at:  

Data Protection Officer
Dreekamp 5, 26605 Aurich
Germany

or by e-mail at:

[email protected]

II. Definitions

The following is an overview of the terminology used in this Privacy Statement. Many terms have been taken from the law and are defined primarily in Article 4 of the General Data Protection Regulation (GDPR). The statutory definitions are binding. The explanations below, however, are intended for a better understanding.  

- Cookies: 'Cookies' are small text files the web browser stores on the computer (either in the browser folder or the Program Data folder). These text files automatically store specific information about your computer or your internet connection such as the IP address, the browser used, the operating system or similar, which applications reuse for future connections.

- Recipients: Recipient’ means any legal or natural person to whom personal data processed by the Controller are disclosed and who gains access to these data in this way.

- Personal data: ‘Personal data’ means any information relating to an identified or identifiable natural person (in the following referred to as ‘data subject’); any natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie), or to one or more factors specific to said natural person’s physical, physiological, genetic, mental, economic, cultural or social identity is deemed to be identifiable.  

- Controller: ‘Controller’ means any natural or legal person, public authority, agency or any other body which – alone or jointly with others – decides about purposes and means of the processing of personal data.

- Processing: ‘Processing’ means any operation or set of operations which is performed on personal data, whether or not by automated means. This is a comprehensive term and includes virtually any handling of data such as collection, analysis, storage, transmission or erasure.

III. Data processing when visiting the website

1) Cookies

We use cookies in some areas for a need-based design of our Website. Most of the cookies we use expire after closing the browser session (known as ‘session cookies’). Others remain on your terminal device and enable us to recognise your browser the next time you visit the site (persistent cookies). We do not use this information to personally identify any visitor to this Website.

Most browsers are configured so that they accept cookies automatically. Still, you can disable cookies altogether or configure your browser so that it will ask you when a website wants to set a cookie. Please note that blocking cookies from our Website might result in functional restrictions when using our web pages or those of other service providers. Cookies we have set on your system will, as a rule, be deleted after leaving our Website.

2) Hosting - Webflow

The service provider is Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA (Webflow below). When you visit our website, Webflow collects various log files including your IP addresses.

Webflow is a tool for creating and hosting websites. Webflow stores cookies or other recognition technologies that are required for displaying pages, providing certain website functionality and ensuring security (essential cookies).

For details, please refer to Webflow's privacy policy .

The use of Webflow is based on GDPR Article 6(1)(f). We have a legitimate interest in displaying our Website in the most reliable manner. Provided that consent has been requested, the processing is performed solely on the basis of GDPR Article 6(1)(a) and the German TTDSG § 25(1), in as far as the consent only covers the storage of cookies or the access to information on the user's device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be withdrawn at any time.

Processing

We have concluded a processing agreement with the above-mentioned service provider, in which the data transmission to the USA is based on the standard contractual terms of the EU Commission. This contract is mandatory under data protection law; it ensures that the personal data of visitors to our Website will only be processed in accordance with our instructions and in compliance with the GDPR. For details, please visit: https://webflow.com/legal/eu-privacy-policy.

3) Making our Website technically available using a server log file.

If you just visit our Website without actively contacting us we will only process the personal data transmitted automatically by your browser. Our web servers record every access in a temporary log file for a period of seven days.  

The following information is collected: IP address of your client; website from which access takes place; date and time of access; name and URL of the file accessed; pages visited; data volume transmitted; message as to whether access was successful; playback of video/audio files; clicks on individual links; search terms or phrases; detection of browser and operating system used and name of your internet access provider.

Processing this information serves to render our Website optimal and secure from a technical point of view. There is no analysis of personal data.

The legal basis for processing is our legitimate interest under GDPR Article 6(1)(f) in the optimal and secure technical operation of our Website that is not overridden by any interests or fundamental rights and freedoms of the data subject that require the protection of personal data.

4) Usage analysis with Matomo Analytics

We use Matomo Analytics (formerly Piwik), an analytics service for statistical analysis of the usage of our Website. We use cookies to store information about how you use our Website and what browser/operating system you use. This includes your IP address. The IP address is instantly anonymised during the process so that you remain anonymous to us as a user.

We use Matomo only with your express prior consent under Article 6 [1] Item a of the GDPR, which you can give using the cookie banner when accessing our Website for the first time. Once given, you can withdraw your consent at any time with effect for the future by proceeding as follows:

https://www.enercon.de/index.php?module=CoreAdminHome&action=optOut&language=de

Please keep the following in mind: If you wipe all of your cookies the opt-out cookie will also be deleted. This means that you will have to give your consent once more and also opt out from the analysis of your user behaviour once again.

In the setting of the use of Matomo tools for collecting and processing your usage data we transmit your truncated IP address to New Zealand. Data transmission takes place on the basis of an available adequacy decision of the European Commission regarding the adequacy of the data protection level in New Zealand.

The cookies used in this setting will be stored for a period of 30 days. However, you have the option to delete cookies manually at any time.

4) Friendly Captcha (bot/spam protection)

Our Website uses the Friendly Captcha service by Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany. Friendly Captcha is a privacy-friendly protection solution that makes it harder for automated programs and scripts (known as 'bots') to use our Website.

For this purpose, we have integrated Friendly Captcha program code into our Website, allowing the visitor's device to establish a connection to the Friendly Captcha servers in order to receive a Friendly Captcha challenge. The visitor's device responds to the challenge, which uses certain system resources, and sends the computed result to our web server. Our web server contacts the Friendly Captcha server via an interface, and in return receives the information whether the device did send the correct response to the challenge.  Depending on the result, we can attach security rules to requests coming in from our Website and then accept or reject them accordingly.

These data are used exclusively for protection against spam and bots as described above. Friendly Captcha does not place or retrieve any cookies on the visitor's device. IP addresses are stored only in hashed format (one-way encryption) and do not permit us or Friendly Captcha to make any inferences about individuals. If personal data are stored, these will be deleted within 30 days.

For details, please refer to Friendly Captcha's privacy statement: Friendly Captcha's privacy policy.

The legal basis for processing this data is our legitimate interest in accordance with GDPR Article 6(1)(f) in protecting our Website from abusive access by bots, thus protecting it from spam and denial-of-service attacks.  

Processing

We have concluded a processing agreement with the above-mentioned service provider. This contract is mandatory under data protection law; it ensures that the personal data of visitors to our Website will only be processed in accordance with our instructions and in compliance with the GDPR.

IV. Other Data processing operations

1) Making contact

We will process your personal data if you input them into the contact form on our Website, send them to us by e-mail, or contact us by phone. If you contact us we will collect the following information about you: title; last name/first name; company; address details; contact details (phone/e-mail); contents (of request). We will only use your personal data to communicate with you, or for the purpose you intended when providing these data, and then delete them.  

We process your personal data for responding to contact requests on the following legal basis:  

- Protection of our legitimate interests under GDPR Article 6(1)(f); our legitimate interest consists in properly responding to contact requests and is not overridden by any interests or fundamental rights and freedoms of the data subject that require the protection of personal data, or

- Fulfilment of a contract or performance of precontractual measures under GDPR Article 6(1)(b), if that is the purpose of your contact request.

Personal data collected in the setting of making contact will be deleted without delay once the communication initiated by the data subjects is completed by mutual agreement or at the request of the data subjects.

2) Distribution of information material

If applicable, we will use your postal address and e-mail address to send you information about our events, products or services. Nevertheless, we will refrain from this unless you wish us to do so and have given your express consent under Article 6 [1] Item a of the GDPR. You may withdraw your consent at any time with effect for the future by e-mailing [email protected] or by writing to: ENERCON GmbH, Vertrieb National, Dreekamp 5, 26605 Aurich, Germany.  

If we have acquired your address or e-mail address in conjunction with the sale of goods or services and you have not raised any objection, we reserve the right to send you offers for products from our range similar to the one(s) you purchased, by post or by e-mail under Article 6 [1] Item f of the GDPR or Section 7 [3] of the German Act Against Unfair Competition on a regular basis. This serves to safeguard our overriding legitimate interests in advertising appeals to our customers in the setting of a weighing of interests. In addition, you may opt out from continued storage and use of your personal data, particularly your contact details, at no cost other than transmission costs at basic rates. Again, please e-mail [email protected] or write to ENERCON GmbH, Vertrieb National, Dreekamp 5, 26605 Aurich, Germany.  

In the event of a withdrawal of consent or legitimate objection, we will erase your data without delay if no other legal basis or overriding legitimate reasons for processing exist. If that objection concerns your request, however, this request can no longer be processed.  

3) Subscription to the newsletter "Windblatt Online

If you would like to receive the newsletter offered on the Website, we will need your e‑mail address, title and name as well as certain information that will allow us to check that you are the owner of the specified e-mail address and that you agree to receiving the newsletter (double opt-in). If any other data are collected, they are purely voluntary.  

We use CleverReach for handling and mailing out our newsletter. The service provider is CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany (CleverReach below).  

CleverReach is a service for organising and analysing the mailing of newsletters. The data entered by you for the purpose of receiving the newsletter (e.g. your e‑mail address) will be stored on CleverReach's servers in Germany and/or Ireland.

Our newsletters mailed via CleverReach allow us to analyse the behaviour of the newsletter recipients. For example, we can analyse how many recipients opened the newsletter message and how often they clicked on each of the links in the newsletter. Through conversion tracking, we can also analyse whether the clicking of a newsletter link was followed by a pre-defined action (e.g. product purchase on website). For more information on the data analysis in CleverReach newsletters click here.  

This data processing is based on your consent (GDPR Article 6(1)(a)). You can withdraw you consent at any time by unsubscribing from our newsletter. The lawfulness of any data processing that has already taken place shall remain unaffected by your withdrawal of consent.

If you do not wish to allow the CleverReach analysis, you need to unsubscribe from the newsletter. Each newsletter message includes a relevant link for this purpose.

The data you provide for the purpose of receiving the newsletter will be stored by us and/or the newsletter service provider until you unsubscribe from the newsletter and will then be deleted from the newsletter mailing list. This does not affect any data stored by us for other purposes.

After you have been removed from the newsletter mailing list, your e-mail address may be blacklisted by us and/or by the newsletter service provider if this is necessary to prevent future mailings. Any blacklisted data will be used exclusively for this purpose and will not be merged with other data. This serves both your interest and our interest in compliance with legal requirements for the mailing of newsletters (legitimate interest within the meaning of GDPR Article 6(1)(f)). The data storage in the blacklist is permanent. You can object to the storage if your interests override our legitimate interest.

For more details, refer to CleverReach's data protection policy at: CleverReach privacy policy.

Processing

We have concluded a processing agreement with the above-mentioned service provider. This contract is mandatory under data protection law; it ensures that the personal data of visitors to our Website will only be processed in accordance with our instructions and in compliance with the GDPR.

4) Use of the Service Info Portal  

Our Service Info Portal (SIP) that can be accessed from these web pages gives customers the option to store operating reports, service reports and other documents about their wind turbines, or to share them with us within the framework of the performance of the contract. Safeguarding our legitimate interest under GDPR Article 6(1)(f) forms the legal basis of the associated processing of your personal data; our legitimate interest consists in responding appropriately to customer enquiries and in the proper rendering of our contractually agreed services or fulfilment of the contract within the meaning of GDPR Article 6(1)(1b). The amount of personal information collected in this setting is very limited; it is merely the contact details of points of contact. We keep this information strictly confidential and will store and use the data only to enable you to use the Service Info Portal; following termination of the contractual relationship the information will be erased at once if no other legal basis for processing exists.  

5) Job Applications  

You can apply to our company online via the career portal(career.enercon.de) or electronically using the speculative application form provided. We will of course use your data exclusively for processing your application and delete it after the application process has been completed in accordance with the statutory regulations. The data processing in this context is carried out on the legal basis of the implementation of pre-contractual measures in accordance with Art. 6 para. 1 lit. b GDPR. Please note that unencrypted e-mails are not transmitted with access protection. We therefore strongly recommend that you send us your application documents either by encrypted e-mail or via our contact or unsolicited application form on this homepage or our career portal. You can find more detailed information on the handling of your personal data in the application process in the data protection provisions of the career portal and the reference in the unsolicited application form.

6) E-mail advertising

a) E-mail marketing including subscription to the ENERCON eShop newsletter

If you subscribe to the ENERCON eShop newsletter we will use the information required or communicated to us separately by you in order to send you our e-mail newsletter on a regular basis as per your consent under Article 6 [1] Sentence 1 Item a of the GDPR. You can unsubscribe from the newsletter at any time by e-mailing [email protected] or by using the link provided in the newsletter. Following unsubscription we will erase your e-mail address unless you have given your express consent to further use of your data, or we have reserved the right of additional use of the data that is legally permitted and about which we are informing you in this Statement.

b) E-mail marketing without subscription to the newsletter, and your right to object

If we have acquired your e-mail address in conjunction with the sale of goods or services and you have not raised any objection, we reserve the right to send you offers for products from our range similar to the one(s) you purchased, by e-mail under Section 7 [3] of the German Act Against Unfair Competition on a regular basis. This serves to safeguard our overriding legitimate interests in advertising appeals to our customers in the setting of a weighing of interests. You may opt out from the use of your e-mail address at any time by e-mailing [email protected] or by using the link provided in the marketing e-mail, at no cost other than transmission costs at basic rates. In the setting of processing, the newsletter is distributed by a service provider on our instructions; we pass on your e-mail address to that service provider for this purpose. This service provider is located in a country inside the European Union or the European Economic Area.

7) Queries and surveys

We occasionally use Microsoft Forms for internal and external queries and surveys. For this purpose ENERCON has concluded a processing agreement with Microsoft that meets the requirements of GDPR Article 28. In addition, the EU standard contractual clauses (SCCs) have been contractually agreed for data transfers to third countries. Under EU GDPR Article 46(2)(c), the EU standard contractual clauses guarantee an adequate EU data protection level.

Please note that, based on the EU-US Data Privacy Framework adequacy decision, the USA are currently a safe third country within the meaning of the EU GDPR. Under US surveillance laws, however, US service providers may be bound to surrender personal data to security agencies without data subjects being able to appeal against this practice. Therefore, it cannot be ruled out that US authorities such as intelligence agencies will process, analyse and permanently store your data residing on servers of US service providers. We cannot influence these processing activities.

Individual queries or surveys may include the collection of personal data to a very limited extent. This includes, among other things, first name and last name, contact details, date of birth and other information from the list of questions.

If and to the extent that we request the data subject’s permission for the processing of personal data, EU GDPR Article 6(1)(a) serves as a legal basis. For the processing of personal data that are required for the fulfilment of a contract or the performance of precontractual measures, EU GDPR Article 6(1)(b) serves as a legal basis. If and to the extent that the processing of personal data is required for the fulfilment of a statutory obligation to which our company is subject, EU GDPR Article 6(1)(c) serves as a legal basis. If processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, EU GDPR Article 6(1)(f) serves as a legal basis.

V. Data processing operations in the setting of services and other business operations

Within the framework of the services provided by us and that of other business operations, we process personal data for different purposes (see items 1 to 3 of this section), transmit these data to third parties from time to time and store them until the purpose has been achieved (see items 4 to 6 of this section).

1) Contractual relationships

Within the framework of the contracts concluded or initiated with us (e.g. for installation or maintenance of a wind energy converter, with suppliers or service providers, etc.) we collect and process personal data on the legal basis of Article 6 [1] Item b of the GDPR for the purpose of performance, initiation or termination of a contractual relationship.

2) Statutory obligation

We process personal data insofar as there is a statutory obligation to that effect (e.g. in the setting of the execution of administrative procedures) under Article 6 [1] Item c of the GDPR in conjunction with the relevant specific legal basis.  

3) Legitimate corporate interest

In addition, we process personal data in different cases in order to assert legitimate corporate interests (e.g. to enforce legal claims or for video surveillance of our facilities for protection against unauthorised access, where required) on the legal basis of GDPR Article 6(1)(f), after the careful consideration of legally protected interests has confirmed that there are no overriding interests or fundamental rights and freedoms of the data subject that require the protection of personal data.

4) Recipient

ENERCON GmbH and other companies of the organisation host central functions that are active on behalf of the corporate network and, in this context, also process personal data, e.g. Marketing and Communication, Sales, Purchasing, Central Administration (e.g. Legal Department), and Recruiting. If central functions are involved by other companies of the organisation (e.g. for procurement transactions or administrative procedures), personal data will be exchanged to the extent required between the involved companies of the organisation. The legal basis in this case are the overriding legitimate corporate interests under GDPR Article 6(1)(f). The legitimate interest consists in internal administrative purposes. These may be commercial, administrative or other internal business purposes; this applies only to the extent that the interests or fundamental rights and freedoms requiring the protection of personal data of data subjects do not override the above.  

We will transfer personal data to other third parties (e.g. authorities or banks or service providers employed to fulfil a contract) only if required by the particular business relationship or a statutory requirement. We bind any service provider we employ (e.g. acting as processors on our behalf for IT or printing services) by contract to process personal data only within the scope of their job.  

n the following we are going to specify the categories of recipients to which we transfer data in order to fulfil our contractual and statutory obligations, or on the basis of our legitimate interests:  

• IT service providers, for administration and hosting of our Website  

• Printers, for the production and distribution of information material

• Shippers, for shipment of information material or communications

• Authorities (e.g. for approval procedures)

• Banks, for execution of payment transactions

5) Transmission to third countries outside the EU

ENERCON also cooperates with companies of the ENERCON Group and external service providers that are located in countries outside the EU or the EEA. We may transmit your personal data to countries outside the EU or the EEA in the context of our international business activities. If we transmit personal data from an EU/EEA country to a country outside the EU or the EEA for which the EU Commission has not issued any adequacy decision, ENERCON will use the EU standard contractual clauses to contractually oblige the data importer to ensure a level of data protection equivalent to the GDPR for protecting your personal data.

6) Storage period

Personal data processed by us will always be stored for the period required for the particular purpose (e.g. performance of contract until withdrawal of your consent) and then erased, taking into account the statutory retention periods, or locked for the required retention period after the purpose has been achieved (e.g. fulfilment of contract by both parties), or restricted from processing and then erased. In addition, we will store personal data until the limitations period for any legal claim has expired. As a rule, the limitation period is between 12 and 36 months; it may, however, be up to 30 years.  

Upon the start of limitation we will erase personal data unless there is a statutory retention period, e.g. under the German Commercial Code (Sections 238, 257 [4] HGB) or the German Tax Code (Section 147 [3], [4] AO). These retention periods may be two to ten years.  

VI. Presences in social networks

We maintain presences in the social networks named below and, within this framework, process user data in order to communicate with active users in these networks or to provide information.

Please note that user data might be processed outside the European Union in the course of the process. This may entail risks to the users, e.g. because enforcement of user rights might be hampered.  

Moreover, user data are typically processed inside social networks for market research and advertising purposes. For instance, usage profiles can be generated based on user behaviour and the interests of users derived from it. These usage profiles can be utilised e.g. to show advertisements inside and outside the networks that are presumed to match the users’ interests. As a rule, cookies that store user behaviour and users’ interests are placed on users’ computers for that purpose. In addition, usage profiles can also contain data that are unrelated to the individual devices a user uses (particularly if that user is a member of the respective platform and has logged in to it).  

For a more precise description of the individual types of processing and the options for objection, please refer to the privacy statements and information provided by operators of the respective platforms.

Also with regard to requests for information and enforcement of data subjects’ rights we would like to point out that these are most effectively asserted vis-à-vis the providers. Only the respective providers have access to user data and can take suitable measures directly and provide information. Still, if you have any questions about this you can contact us directly at the addresses given above.  

Data types processed: Contact details (e.g. e-mail, phone numbers); content (e.g. input into online forms); usage (e.g. websites visited, interest in contents, access times); metadata/communication data (e.g. device information, IP addresses).

Data subjects: Users (e.g. website visitors, online service users)

Purposes of processing: Contact requests and communication; feedback (e.g. collecting feedback through online forms); marketing

Legal basis: Our legitimate interest under GDPR Article 6(1)(1)(f) is to publish information about our company and to establish contact with interested parties. There are no overriding interests of data subjects conflicting with this interest.  

‍1) YouTube

Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Website: www.YouTube.com

Privacy statement: https://policies.google.com/privacy

When you visit our YouTube page, YouTube will collect, among other things, your IP address as well as other information stored on your PC in the form of cookies. This information will be used to provide us as operator of the YouTube pages with statistical information about the use of the pages.

YouTube provides more information about this here.

Your data collected in this context will be processed by Google Ireland Ltd. and may be transmitted to countries outside of the European Union. A general description of which data Google receives and how it uses these data is provided by Google in its privacy statement. Here, you can also find information about how to contact YouTube and how to modify the settings for the display of advertisements.  

YouTube does not provide conclusive or clear information about the manner in which it uses data from your visit to YouTube pages for its own purposes; to what extent it associates activities on the YouTube page with individual users; for how long YouTube stores these data; and whether data from visiting a YouTube page are transmitted to third parties, and consequently we have no knowledge in this regard.

When accessing a YouTube page, your device's assigned IP address will be transmitted to YouTube. Moreover, YouTube stores information about users' devices; this may enable YouTube to associate specific IP addresses with individual users.

If you are currently logged into YouTube as a user, this login will have placed a YouTube ID cookie on your device. This enables YouTube to track the fact that you have visited this page and how you have used the page. The same is true for all other YouTube pages. The YouTube buttons integrated into websites enable YouTube to track your visits to these websites and to connect them to your YouTube profile. These data can be used to tailor contents or advertisement to you personally.

If you would like to avoid this, you should log out of YouTube, delete the cookies on your device, and close and restart your browser. This will delete YouTube data that can identify you directly. This allows you to use YouTube pages without revealing your YouTube ID. If you access any interactive features of the page (like, comment, share, etc.), the YouTube login prompt will appear. If you log in at this point, you will again be identifiable by YouTube as a specific user. For information on how to manage or delete existing information, go to the YouTube Support page.

2) Instagram

Service provider: Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA;  

Website: www.instagram.com

Privacy policy Instagram

3) LinkedIn

Service Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland;

Website: www.linkedin.com‍

Privacy policy LinkedIn

4) Xing

Service provider: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany;  

Website: www.xing.de

Privacy policy Xing

VII. Rights as a data subject

Subject to the statutory provisions, you have the following rights as a data subject, which you may assert against us:  

Right of access: You are entitled at any time, within the framework of GDPR Article 15, to obtain confirmation from us as to whether or not we process personal data concerning you; if this is the case, you are also entitled, within the framework of GDPR Article 15, to access to these personal data, as well as specific further information (among others, purpose of processing; personal data categories; recipient categories; envisaged storage period; origin of the data; use of automated decision-making, and – in the event of transmission to third countries – suitable guarantees) and a copy of your data.  

Right to rectification: You are entitled under Article 16 of the GDPR to request us to correct the personal data we have stored about you if they are inapplicable or incorrect.    

Right to erasure: You are entitled, subject to the provisions of Article 17 of the GDPR, to request us to erase personal data concerning you without delay. No right to erasure will exist if, among other things, processing of personal data is required for exercising the right to freedom of expression and information, fulfilling a legal obligation to which we are subject (e.g. statutory retention periods), or asserting, exercising or defending legal claims.  

Right to restrict processing: You are entitled, subject to the provisions of Article 18 of the GDPR, to request us to restrict processing of your personal data.  

Right to data portability: You are entitled, subject to the provisions of Article 20 of the GDPR, to request us to hand over, in a structured, common, machine-readable format, the personal data that concern you and you have provided to us.  

Right to withdrawal of consent: You are entitled to withdraw your consent to the processing of personal data with effect for the future at any time. Withdrawal of consent will not affect the lawfulness of the processing performed on the basis of that consent until withdrawn.  

Right of objection: You are entitled, subject to the provisions of Article 21 of the GDPR, to object against processing of your personal data so that we will have to discontinue processing of your personal data. The right to objection only exists within the limits set by Article 21 of the GDPR. Furthermore, our interests may exclude discontinuation of processing so that we are entitled to process your personal data, your objection notwithstanding.  

Right to complain to a supervisory authority lodge: You are entitled, subject to the provisions of Article 77 of the GDPR, to lodge a complaint with a supervisory authority, particularly in the member state of your whereabouts, your workplace or the location of the suspected violation, if you are of the opinion that processing of the personal data concerning you is in breach of the GDPR. The right to complain exists without prejudice to any other administrative or judicial remedy.  

Competent supervisory authority:  

Die Landesbeauftragte für den Datenschutz Niedersachsen [State Commissioner for Data Protection; Lower Saxony]
Prinzenstraße 5
30159 Hanover

Phone: +49 (0511) 120 45 00
Fax: +49 (0511) 120 45 99
E-mail: [email protected]  

Nevertheless, we recommend directing any complaint to our Data Protection Officer first.  

If possible, please address your requests for exercising your rights to the above address or directly to our Data Protection Officer in writing.  

VIII. Data security

We have taken extensive technological and operational precautions to protect your data against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. We review and adapt our security procedures on a regular basis to keep up with technological progress.  

When you use our contact form or log on to the Service Info Portal (SIP) platform you also provide personal information about yourself. To prevent this information from falling into the wrong hands we use TLS (Transport Layer Security) to encrypt your personal data end-to-end. This is a tried-and-tested data transfer method on the internet that is highly secure if used according to the state of the art the way we do.  

IX. Obligations to provide data

Basically, you are not obliged to share your personal data with us. However, if you do not do so, we will not make our Website available to you nor respond to your enquiries, send advertisements, etc. We will also be unable to conclude any contract with you. Personal data that are absolutely needed for the above processing purposes are identified as mandatory information with an ‘*.’ or another character.  

X. Automated decision-making

We do not use any automated decision-making process or profiling (i.e. an automated analysis of your personal circumstances).  

XI. Information on the right to object

You are entitled to object against processing of your data performed on the basis of Article 6 [1] Item f of the GDPR (data processing on the basis of a weighing of interests) or Article 6 [1] Item e of the GDPR (data processing in the public interest), if there are any reasons resulting from your particular situation. This applies likewise to any profiling based on this provision for the purposes of Article 4 Item 4 of the GDPR.
If you raise an objection we will no longer process your personal data unless we are able to give compelling reasons for processing worthy of protection that override your interests, rights and freedoms, or processing serves to assert, exercise or defend legal claims.  

If, in individual cases, we process your personal data for direct advertising purposes, you are entitled to object to this at any time. We will respect this objection in the future.  

We will no longer process your data for direct advertising purposes if you object to processing for this purpose.  

This objection may be informal and should be addressed to the point of contact given in Section I hereof.

XII. Amendments to and updates of this Privacy Statement

The contents of this Privacy Statement may be updated if necessitated by modifications to the data processing operations performed by us. We will inform you in case any modification requires assistance on your part (e.g. consent) or any other individual notification.