Privacy policy

Version: November 2019

ENERCON GmbH (‘ENERCON’) thanks you for visiting our website at www.enercon.de (‘Website’) and for your interest in our company and our products.

The purpose of this privacy statement is to inform you about how we handle your personal data. It applies to the processing of personal data for the purposes of communication through this Website and outside the context of this Website. 

I. Controller; Data Protection Officer

ENERCON GmbH (‘ENERCON’) processes your data as a controller. 

Contact details: 

ENERCON GmbH, Dreekamp 5, 26605 Aurich, Germany
E-mail: geschaeftsfuehrung@enercon.de 

You can write to ENERCON’s appointed Data Protection Officer at Dreekamp 5, 26605 Aurich, Germany, or send an e-mail to datenschutz@enercon.de. 

II. Visiting the Website

If you just visit our Website without actively contacting us we will only process the personal data transmitted automatically by your browser. Our web servers record every access in a temporary log file for a period of seven days. The following information is collected: IP address of your client; website from which our Website is accessed; date and time of access; name and URL of the file accessed; pages visited; data volume transmitted; message as to whether access was successful; playback of video/audio files; clicks on individual links; search terms or phrases; detection of browser and operating system used and name of your internet access provider. 

Processing this information serves to render our Website optimal and secure from a technical point of view. There is no analysis of personal data. 

Cookies

We use cookies in some areas for a need-based design of our Website. Most of the cookies we use expire after closing the browser session (known as ‘session cookies’). Others remain on your terminal device and enable us to recognise your browser the next time you visit the site (persistent cookies). We do not use this information to personally identify any visitor to this Website. 

Most browsers are configured so that they accept cookies automatically. Still, you can disable cookies altogether or configure your browser so that it will ask you when a website wants to set a cookie. Please note that blocking cookies from our website might result in functional restrictions when using our web pages or those of other service providers.

We process your personal data, which we exclusively require for your visit and to make our Website technically available, on the following legal basis:

- Fulfilment of a contract or performance of precontractual measures under Article 6 [1] Item b of the GDPR, if you visit our Website to obtain information about our services
- Protection of our legitimate interests under Article 6 [1] Item f of the GDPR so as to be able to make the Website technically available to you Our legitimate interest consists in being able to provide you with an attractive, functional and user-friendly website; to take measures to protect our Website against cyber threats, and to prevent our Website from presenting cyber threats to third parties.

Matomo Analytics

We use Matomo Analytics (formerly Piwik), an analytics service for statistical analysis of the usage of our Website. Small text files (cookies) are used to store information about how you use our Website and what browser/operating system you use. This includes the IP address. The IP address is instantly anonymised during the process so that you remain anonymous to us as a user.

We use Matomo only with your express prior consent under Article 6 [1] Item a of the GDPR, which you can give using the cookie banner when accessing our Website for the first time. Once given, you can revoke your consent at any time with effect for the future by proceeding as follows:

At this point you can decide whether or not your browser may store a unique web analytics cookie to enable the website operator to collect and analyse various statistical information. If you wish to opt out, click on the following link to have your browser store the Matomo opt-out cookie.

Please keep the following in mind: If you wipe all of your cookies the opt-out cookie will also be deleted. This means that you will have to give your consent once more and also opt out from the analysis of your user behaviour once again.

III. Processing of personal data when you contact us or receive our ‘Windblatt’ customer magazine

1. Contact and sending of information material

We do not collect any personal data – that is, information that can be attributed to you as a person – unless you volunteer that information and contact us. This will be the case, for instance, if you enter your data into an input field on our Website or send them to us by e-mail. If you contact us through a form on this Website we will collect the following information about you: title, last name/first name, company, branch of industry, address details, contact details (phone/e-mail), contents (of request). 

We will only use your personal data to communicate with you, or for the purpose you intended when providing these data, and then delete them. Any information that is not mandatory for handling your request, such as your branch of industry, is marked as such in the form. 

We process your personal data for responding to contact requests on the following legal basis:

- Protection of our legitimate interests under Article 6 [1] Item f of the GDPR; our legitimate interest consists in responding appropriately to contact requests.
- Fulfilment of a contract or performance of precontractual measures under Article 6 [1] Item b of the GDPR, if that is the purpose of your contact request.

If applicable, we will use your postal address and e-mail address to send you information about our events, products or services. Nevertheless, we will refrain from this unless you wish us to do so and have given your express consent under Article 6 [1] Item a of the GDPR. You may revoke your consent at any time with effect for the future by e-mailing to vertrieb@enercon.de or writing to ENERCON GmbH, Vertrieb National, Dreekamp 5, 26605 Aurich, Germany. 

If we have acquired your address or e-mail address in conjunction with the sale of goods or services and you have not raised an objection, we reserve the right to send you offers for products from our range similar to the one(s) you purchased by post or by e-mail under Article 6 [1] Item f of the GDPR or Section 7 [3] of the German Act Against Unfair Competition on a regular basis. This serves to safeguard our overriding legitimate interests in advertising appeals to our customers in the setting of a weighing of interests.

In addition, you may opt out from continued storage and use of your personal data, particularly your contact details, at no cost other than transmission costs at basic rates. Please contact vertrieb@enercon.de or ENERCON GmbH, Vertrieb National, Dreekamp 5, 26605 Aurich, Germany also in this matter. 

In the event of a revocation or legitimate objection we will erase your data without delay if no other legal basis or overriding legitimate reasons for processing exist. If that objection concerns your request, however, this can no longer be processed. 

2. ‘Windblatt’ customer magazine subscription

If you order our free ‘Windblatt’ customer magazine, the personal data you provided during registration (title, last name/first name, company, branch of industry, address details, contact details [phone/e-mail]) will be used to process your order. For this purpose they will be transferred to service providers that have been authorised accordingly and contracted as processors (e.g. the customer magazine printers). For this we will seek your express prior consent under Article 6 [1] Item a of the GDPR in advance. Your personal data will not be passed on to third parties in other respects. You may revoke your consent to processing of your personal data for shipment of the customer magazine with effect for the future at any time by sending an informal notice to vertrieb@enercon.de or by writing to ENERCON GmbH, Vertrieb National, Dreekamp 5, 26605 Aurich, Germany. Following receipt of your revocation, shipment of the customer magazine to you will be discontinued and we will erase the data collected from you at the time of ordering the magazine at once if no other legal basis for processing exists. 

3. Use of the Service Info Portal

Our Service Info Portal (SIP) that can be accessed from these web pages gives customers the option to store operating reports, service reports and other documents about their wind energy converters, or to share them with us within the framework of the performance of the contract. Safeguarding of our legitimate interests under Article 6 [1] Item f of the GDPR forms the legal basis; our legitimate interest consists in responding appropriately to customer enquiries and proper rendering of our contractually agreed services or fulfilment of the contract for the purposes of Article 6 [1] Sentence 1 b of the GDPR. The amount of personal information collected in this setting is very limited; it is merely the contact details of points of contact. We keep this information strictly confidential and will store and use the data only to enable you to use the Service Info Portal; following termination of the contractual relationship the information will be erased at once if no other legal basis for processing exists. 

4. Job applications

You can apply for jobs at our company either online or through electronic media. As a matter of fact we will use the information you provide only to process your application and erase it in line with statutory regulations once the application procedure has been completed. Please keep in mind that unencrypted e-mails are not protected against access during transmission. Therefore, we strongly recommend sending your application documents either by encrypted e-mail or through the contact form on our Career Portal. For detailed information on how your personal data are handled, please see our Career Portal privacy statement. 

IV. Data processing outside the context of this Website

We process personal data from you also outside the context of this Website if you approach us in writing, by phone or by e-mail and, in doing so, disclose personal data (particularly contact details), or if you have entered into a contractual relationship with us, or if data processing is required for any reason whatsoever. This is the case primarily if you are one of our business partners or customers, an interested party or a subscriber to our ‘Windblatt’ magazine, attend at one of our events, work for us as a service provider, or are involved in an administrative procedure, e.g. approval procedure for a wind energy converter. 

Depending on the context, processing takes place on different legal bases for the purposes of Article 6 of the GDPR; depending on the context, these include in particular: 

1. Your consent (e.g. to receiving the ‘Windblatt’ magazine)
2. A contractual relationship (e.g. for installation or maintenance of a wind energy converter, or a related service agreement)
3. A statutory obligation to process data (e.g. for the performance of administrative procedures) or
4. An overriding legitimate corporate interest (e.g. to enforce legal claims or for video surveillance of our facilities for protection against unauthorised access, where required) 

V. Recipients or recipient categories

ENERCON GmbH and other companies of the organisation host central functions that are active on behalf of the corporate network and, in this context, process also personal data, e.g. Marketing and Communication, Sales, Purchasing, Central Administration (e.g. Legal Department), and Recruiting. If central functions are involved by other companies of the organisation (e.g. for procurement transactions or administrative procedures), personal data will be exchanged to the extent required between the involved companies of the organisation. In this case, overriding legitimate corporate interests under Article 6 [1] Item f of the GDPR constitute the legal basis; the legitimate interest consists in internal administrative purposes. These may be commercial, administrative or other internal business purposes; this applies only to the extent that your interests or fundamental rights and freedoms requiring the protection of personal data do not outweigh the above.

We will transfer personal data to other third parties (e.g. authorities or banks or service providers employed to fulfil a contract) only if required by the particular business relationship or a statutory requirement. We bind any service provider we employ (e.g. acting as processors on our behalf for IT or printing services) by contract to process personal data only within the scope of their job. 

In the following we are going to specify the categories of recipients of your personal data: 

- IT service providers involved in the administration and hosting of our Website
- Other recipient categories, if applicable

… that require these data in order to fulfil our contractual and statutory obligations, or on the basis of our legitimate interests.

VI. Transmission to third countries

In the setting of the use of Matomo tools we transmit your truncated IP address to New Zealand. Data transmission takes place on the basis of an available adequacy decision of the European Commission regarding the adequacy of the data protection level in New Zealand.

In other respects, we do not transmit your personal data to countries outside the EU or the EEA, or to international organisations.

VII. Storage period

Your personal data will always be stored for the period required for the particular purpose (e.g. performance of contract until revocation of your consent) and then erased, taking into account the statutory retention periods, or locked for the required retention period after the purpose has been achieved (e.g. fulfilment of contract by both parties) or restricted from processing and then erased. In addition, we will then store your personal data until the start of limitation of any legal claim arising from the relationship with you so as to be able to use them as evidence, if applicable. As a rule, the limitation period is between 12 and 36 months; it may, however, be up to 30 years. 

Upon the start of limitation we will erase your personal data unless there is a statutory retention period, e.g. under the German Commercial Code (Sections 238, 257 [4] HGB) or the German Tax Code (Section 147 [3], [4] AO). These retention periods may be two to ten years.

Cookies we have set on your system will, as a rule, also be deleted after leaving our Website. This does not apply to Matomo Analytics, however. These will be stored for a period of 30 days. You also have the option to delete cookies manually at any time.

VIII. Your rights 

Subject to the statutory provisions, you have the following rights as a data subject, which you may assert against us: 

Right to information: You are entitled at any time, within the framework of Article 15 of the GDPR, to request us to confirm whether or not we process personal data concerning you; if this is the case, you are also entitled, within the framework of Article 15 of the GDPR, to receive information about these personal data, as well as specific further information (among others, purpose of processing; personal data categories; recipient categories; envisaged storage period; origin of the data; use of automated decision-making, and – in the event of transmission to third countries – suitable guarantees) and a copy of your data.

Right to correction: You are entitled under Article 16 of the GDPR to request us to correct the personal data we have stored about you if they are inapplicable or incorrect.  

Right to erasure: You are entitled, subject to the provisions of Article 17 of the GDPR, to request us to erase personal data concerning you without delay. No right to erasure will exist if, among other things, processing of personal data is required for (i) exercising the right to freedom of expression and information, (ii) fulfilling a legal obligation to which we are subject (e.g. statutory retention periods), or (iii) asserting, exercising or defending legal claims. 

Right to restriction of processing: You are entitled, subject to the provisions of Article 18 of the GDPR, to request us to restrict processing of your personal data. 

Right to data portability: You are entitled, subject to the provisions of Article 20 of the GDPR, to request us to hand over, in a structured, common, machine-readable format, the personal data that concern you and you have provided to us.

Right to revocation: You are entitled to revoke your consent to processing of personal data with effect for the future at any time. Revocation of consent will not affect the lawfulness of the processing performed on the basis of that consent until revoked.

Right to objection: You are entitled, subject to the provisions of Article 21 of the GDPR, to object against processing of your personal data so that we will have to discontinue processing of your personal data. The right to objection exists within the limits set by Article 21 of the GDPR. Furthermore, our interests may exclude discontinuation of processing so that we are entitled to process your personal data, your objection notwithstanding. 

Right to complain to a supervisory authority: You are entitled, subject to the provisions of Article 77 of the GDPR, to lodge a complaint with a supervisory authority, particularly in the member state of your whereabouts, your place of work, or the location of the suspected violation, if you are of the opinion that processing of the personal data concerning you is in breach of the GDPR. The right to complain exists without prejudice to any other administrative or judicial remedy.

Competent supervisory authority: 

Die Landesbeauftragte für den Datenschutz Niedersachsen [State Commissioner for Data Protection; Lower Saxony]

Prinzenstraße 5

30159 Hannover, Germany
Phone: +49 (511) 1204-500
Fax: +49 (511) 1204-599
E-mail: poststelle@lfd.niedersachsen.de

Nevertheless, we recommend directing a complaint to our Data Protection Officer first.

If possible, please address your requests for exercising your rights to the above address or directly to our Data Protection Officer in writing.

 

IX. Data security

We have taken extensive technological and operational precautions to protect your data against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. We review and adapt our security procedures on a regular basis to keep up with technological progress. 

When you use our contact form or log on to the Service Info Portal (SIP) platform you also provide personal information about yourself. To prevent this information from falling into wrong hands we use TLS (Transport Layer Security) to encrypt your personal data end-to-end. This is a tried-and-tested data transfer method on the internet that is highly secure if used according to the state of the art the way we do.

X. Scope of your obligations to provide data

Basically, you are not obliged to share your personal data with us. However, if you do not do so, we will not make our Website available to you nor respond to your enquiries, send advertisements, etc. We will also be unable to conclude any contract with you. Personal data that are absolutely needed for the above processing purposes are identified as mandatory information with an ‘*.’ or another character.

XI. Automated decision-making/Profiling

We do not use any automated decision-making process or profiling (i.e. an automated analysis of your personal circumstances).

Energy for the world

ENERCON GmbH - Dreekamp 5 - D-26605 Aurich