The protection of your personal data is of particular concern to us. In the following, we would like to inform you in detail about which of your personal data we collect, for which purposes they are used, with whom they are shared and which control and information rights you may be entitled to.
Data controller and contact
Responsible for this website and the App is Enote GmbH, Gontardstrasse 11, 10178 Berlin, firstname.lastname@example.org (hereinafter "enote", "we", "us").
1. Processing of your data when using our website for informational purposes
If you visit our website for information purposes only, without providing personal data via our contact form or in any other way, only the Internet connection data that your browser transmits to our server will be processed. This information contains personal data only to a limited extent. The information processed includes your IP address and other usage data (e.g. date and time of access, name of the page accessed, information on the amount of data transferred and the requesting provider).
This information is processed to enable you to use our website (e.g. by adapting our website to the needs of your device).
The legal basis for this data processing is Art. 6 para. 1 sent. 1 lit. b General Data Protection Regulation (GDPR), as we need the automatically collected data for the effective provision of our website, and Art. 6 para. 1 sent. 1 lit. f GDPR, as the storage serves our legitimate interest in ensuring the stability and security of the website.
2. Data processing when using our services
We offer additional tools or services on our website (e.g. contact and newsletter), when using them we ask you for personal data such as name or e-mail address and, if necessary, other personal information. Accordingly required information is always marked as mandatory fields.
Without this information, we may not be able to provide you with the requested service or answer any queries you may have. In the following, we will give you an overview of the related processing procedures and legal basis.
If you contact us - e.g. via contact form or e-mail - your personal data will be stored and processed by us. This is normally your name and e-mail address as well as the information you have provided us with. These data are stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration and are not passed on to third parties without your consent.
The legal basis for this data processing is Art. 6 para. 1 sent. 1 lit. b GDPR, insofar as it is carried out for the fulfilment of a contract or pre-contractual measures, as well as Art. 6 para. 1 sent. 1 lit. f GDPR, since the processing of these requests is in the interest of both parties.
In order to answer support requests, we use the assistance of the service provider Zendesk, Inc. who will process your personal data only on our behalf and on the basis of a data processing agreement.
We also process the personal data and contact details provided by you as part of the newsletter registration process to inform you directly about our other products and services. The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 sent. 1 lit. a GDPR.
If you register for our newsletter, which informs you about our latest products and services, the personal data you provide in this context (such as name, address and e-mail address) will be processed by us for the purpose of sending the newsletter.
For the registration we use the so-called “double-opt-in” procedure. After your registration on our website, you will receive an e-mail with a link, which you can use to confirm that you are the owner of the e-mail address and that you want to create a user account on our website. If your confirmation is not received within 12 hours, your registration and the personal data provided by you will be automatically deleted.
You may at any time object to the processing of your personal data for the purposes of direct marketing. We will then refrain from further processing your personal data for such purposes. You can send us your objection as follows: email@example.com or by unsubscribing via the unsubscribe link at the end of each newsletter.
For the dispatch of newsletters and for conducting newsletter campaigns, we use the service providers Braze Inc., Mailgun Technologies, Inc. and UAB MailerLite which process your data only on our behalf and on the basis of a data processing agreement. The transfer of personal data to Mailgun Technologies, Inc. is based on the EU standard contractual clauses.
Furthermore, in some cases, when sending out surveys, we use the services of the service provider Surveymonkey Europe UC, which processes your data only on our behalf and on the basis of a data processing agreement.
You can apply for open positions at enote on our website. To do so, it is necessary to provide information without which we cannot sufficiently examine your application. We process your relevant data only for the purposes of establishing and subsequently, if necessary, carrying out an employment relationship in accordance with § 26 Federal Data Protection Act (BDSG).
For the execution we use the services of the provider Personio GmbH, who processes your data only on our behalf and on the basis of a data processing agreement.
3. Online advertising and analysis tools
We use our own session cookies, which enable the customer-friendly use of our website, for example by saving your settings. These cookies are automatically deleted at the end of a browser session. The legal basis for the use of such cookies is the fulfilment of the contract (Art. 6 para. 1 sent. 1 lit. b. GDPR).
We also work together with other service providers who help us to improve our website or offer additional functions. Such service providers may use their own cookies. You will find more information on this in the following sections.
You can set your browser to inform you about the setting of cookies, to allow cookies only in individual cases, to limit the acceptance of cookies to certain cases or to exclude them altogether and to activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.
3.2 Google Analytics
This website uses functions of the web analysis service Google Analytics. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses so-called cookies (see above). The information generated by the cookie about your use of this website is transferred to a Google server and stored there. We have activated the IP anonymisation function on this website. As a result, your IP address is shortened by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before transmission to the USA. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on the website activities and to provide further services to the website operator in connection with the use of the website and the Internet. The IP address transmitted by your browser within the framework of Google Analytics is not combined with other data from Google.
We have concluded a data processing agreement with Google. The data transfer is therefore privileged according to Art. 28 GDPR.
The storage of Google Analytics cookies is based on your consent, Art. 6 para. 1 sent. 1 lit. a DSVGO.
This website uses the "demographic features" feature of Google Analytics. This enables us to generate reports that contain statements about the age, gender and interests of website visitors. This data comes from interest-based advertising by Google as well as from visitor data from third parties. This data cannot be assigned to a specific person. You can disable this feature at any time by going to the Ads Settings section of your Google Account.
You can prevent the use of Google Analytics including the "demographic features" function at any time, either by installing the Google Browser Plugin, which sets an opt-out cookie, or by selecting the appropriate setting in your browser software. Either option will only prevent the use of web analytics if you are using the browser on which you installed the plugin and you do not delete the opt-out cookie. Please note that in this case you may not be able to use all the functions of this website to their full extent. You can find further information at https://tools.google.com/dlpage/gaoptout?hl=de and https://www.google.com/analytics/terms/de.html.
3.3 Facebook Pixel
We use the Facebook pixel on our website, an analysis tool of Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). The Facebook pixel enables us to determine that a user has come to our website by clicking on an advertisement on Facebook. Furthermore, the Facebook pixel allows us to further track the user's path on our website (e.g. clicks on the website, registration for the newsletter) ("conversion tracking"). The pixel thus provides us with the opportunity to evaluate the advertisements placed by us on Facebook and to measure their success outside the Facebook platform.
We also use the additional function of "extended data reconciliation". Here, the pixel records specific user data such as your e-mail address in addition to the above-mentioned usage data. This function enables us to define interest groups for future advertisements based on the analysis results from the usage data.
The data collected with the Facebook pixel on our website is transferred to Facebook in the US and possibly merged there with other usage data by Facebook.
We only integrate the Facebook pixel if you explicitly consent to the data processing. The legal basis for the use of the Facebook pixel is Art. 6 para. 1 sent. 1 lit. a GDPR. The consent is voluntary and can be revoked at any time without giving reasons with effect for the future.
4. Social media plugins
4.1 On our website we use so-called “social media plugins” from Facebook, Twitter, Xing and LinkedIn. The providers of these services can communicate with you via plugins and collect information about your visit to our website. This processing is based on Art. 6 para. 1 sent. 1 lit. a, f GDPR. We are thus pursuing our legitimate interest in increasing your user experience and optimizing our services.
Our website uses social plugins ("plugins") of the social network facebook.com, which is operated by Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). The plugins are marked with a white "f" on a tile. The list and appearance of the Facebook Social Plugin can be viewed here: https://developers.facebook.com/docs/plugins/".
If you activate the Facebook plugin, the content of the plugin is transmitted directly to your browser by Facebook and integrated into the website by it. We have no influence on the extent of the data that Facebook collects with the help of this plugin and therefore inform you according to our state of knowledge: https://www.facebook.com/help/186325668085084.
By integrating the plugins, Facebook receives the information that a user has called up the corresponding website of the offer. If the user is logged in to Facebook, Facebook can assign the visit to his or her Facebook account. If users interact with the plugins, for example, by pressing the Like button or making a comment, the corresponding information is transmitted directly from your browser to Facebook and stored there. If a user is not a member of Facebook, it is still possible for Facebook to find out his or her IP address and store it. According to Facebook, only an anonymized IP address is stored in Germany.
The data processing takes place on the basis of your consent (Art. 6 para. 1 sent. 1 lit. a GDPR).
If a user is a Facebook member and does not want Facebook to collect data about him or her through this offer and link it to his or her membership data stored on Facebook, he or she must log out of Facebook before visiting the website.
Functions of the Twitter service are integrated on our website. These functions are offered by Twitter Inc, Twitter, Inc. 1355 Market St, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the "Re-Tweet" function, the website you visit will be linked to your Twitter account and announced to other users. Data is also transferred to Twitter in the process.
The data processing takes place on the basis of your consent (Art. 6 para. 1 sent. 1 lit. a GDPR).
You can change your privacy settings on Twitter in the account settings at http://twitter.com/account/settings.
We use components of the XING.com network on our website. These components are a service of XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. They also include plug-ins of the kununu service offered by XING AG. Each time you access our website, which is equipped with such a component, this component causes the browser you are using to download a corresponding display of the component from XING.
The data processing takes place on the basis of your consent (Art. 6 para. 1 sent. 1 lit. a GDPR).
We use components of the LinkedIn network on our website. LinkedIn is a service provided by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time you access our website that is equipped with such a component, that component causes the browser you are using to download an appropriate representation of the LinkedIn component.
Through this process LinkedIn is informed about which specific web page of our website is currently being visited. If you click the LinkedIn "Recommend-Button" while you are logged in to your LinkedIn account, you can link the contents of our website on your LinkedIn profile. This enables LinkedIn to associate your visit to our website with your LinkedIn account.
The data processing takes place on the basis of your consent (Art. 6 para. 1 sent. 1 lit. a GDPR).
5. Third-party services
5.1 Google Web Fonts
This website uses so-called web fonts, which are provided by Google, for the uniform display of fonts. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When you call up a website, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.
For this purpose, the browser you use must connect to Google's servers. This enables Google to know that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a uniform and attractive presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 sentence 1 lit. f GDPR.
If your browser does not support web fonts, a default font is used by your computer.
5.2 Google Maps
This website uses the map service Google Maps via an API. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
To use the functions of Google Maps it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this website has no influence on this data transfer.
The use of Google Maps is in the interest of an attractive presentation of our online offers and easy findability of the locations we have indicated on the website. This represents a legitimate interest in the sense of Art. 6 para. 1 sentence 1 lit. f GDPR.
We have integrated a YouTube video into our online offer, which is stored at http://www.YouTube.com and can be played directly from our website. The video is embedded in the "extended privacy mode", which means that no data about you as a user is transferred to YouTube if you do not play the video. Only when you play the video will the data mentioned in the next paragraph be transmitted. We have no influence on this data transfer.
By visiting the website, YouTube receives the information that you have visited the corresponding subpage of our website. In addition, the data collected during the informative visit to our website is transmitted. This happens regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in at Google, your data will be assigned directly to your account. If you don't want the assignment with your profile on YouTube, you must log out before activating the button. YouTube stores your data as user profiles and uses them for the purpose of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide advertising that meets the needs of the users and to inform other users of the social network about your activities on our website. You have a right of objection to the creation of these user profiles, whereby you must contact YouTube to exercise this right.
By integrating the YouTube video into our online presence, a connection to the Google Double-Click network is also automatically established when our website is called up. Cookies are not set in the browser as a result. If, however, DoubleClick cookies are already stored in your browser, they will be transferred with the request. According to the information from YouTube, a data transfer only takes place when you play the video.
6. Company profiles in social networks
Our presence in social networks enables us to get in contact with you outside our website. In the following we inform you about the data that is processed when you visit our company profile.
6.1 Facebook fan page
We operate a fan page as part of the social network Facebook, a service of Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. We use the fan page to inform users about our company and current developments and to communicate with our users.
Users can send us messages via our fan page using Facebook Messenger, as well as share, comment on or "Like" our posts. In doing so, we process profile data (in particular the user's name) and the respective interaction (e.g. the content of the message or comment). The data processing is based on Art. 6 para. 1 sentence 1 lit. f GDPR. We have a legitimate interest in getting in contact with our users via our fan page and to answer inquiries. If the communication (via the Messenger or the comment function) serves the purpose of fulfilling the contract or carrying out pre-contractual measures, the legal basis for this data processing is Art. 6 para. 1 sent. 1 lit. b GDPR.
We use the function "Facebook Insights" within our fan page. These are page statistics that are provided by Facebook and through which we obtain information on how users interact with our fan page. Page “Insights” may be based on personal information collected in connection with a visit or interaction by users on or with our fan page and its content. Facebook and we are jointly responsible for the processing of the Insights data and have concluded an agreement in accordance with Art. 26 GDPR. The agreement can be viewed under the following link: https://www.facebook.com/legal/terms/page_controller_addendum. In addition, personal data is processed by Facebook when you visit our fan page. We have no influence on this data processing. The purpose and scope of data processing by Facebook, as well as the relevant rights and setting options for protecting the privacy of users, can be found in the Facebook data policy (https://www.facebook.com/about/privacy/).
We operate a company profile on the Xing portal, an offering of XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. We use the Xing profile to present our company and to get in contact with potential employees.
You have the possibility to contact us via our Xing profile. The available profile data (e.g. job title, company name, industry, education, contact information, photo) as well as the content of the message will be processed by us to process your request. The legal basis for this data processing is Art. 6 para. 1 sent. 1 lit. b GDPR, provided that the communication serves the purpose of fulfilling the contract or implementing pre-contractual measures. In other cases, the data processing is based on Art. 6 para. 1 sent. 1 lit. f GDPR. We have a legitimate interest in contacting our users via our Xing profile and answering enquiries. If you send us an application via Xing, your name, contact details, qualifications and other data contained in the application will be processed for the purpose of evaluation and possible implementation of an application procedure. For this purpose, the application documents may be passed on internally to the competent employees responsible for making decisions. The data processing is based on § 26 para. 1 BDSG. Additional voluntary information is processed on the basis of Art. 6 para. 1 sent. 1 lit. a GDPR. After completion of the application procedure, the data will be deleted after six months at the latest, unless the data is necessary for the performance of a possible employment relationship. We also contact Xing users directly if the information in their profile has aroused our interest. We process the available profile data in the process. The legal basis is Art. 6 para. 1 sent. 1 lit. f GDPR. We have a legitimate interest in contacting other users via Xing.
If you register for an event organized by us through Xing, we will process your profile data to enable you to attend the event. The legal basis is Art. 6 para. 1 sent. 1 lit. b GDPR. Beyond this, personal data may be processed by Xing when you visit our Xing profile. We have no influence on this data processing. The purpose and scope of data processing by Xing, as well as the relevant rights and setting options to protect the privacy of users, can be found in the Xing data protection declaration (https://privacy.xing.com/de/datenschutzerklaerung).
We operate a company profile on the LinkedIn portal, a service of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. We use the LinkedIn profile to introduce our company and get in touch with potential employees.
You have the possibility to contact us via our LinkedIn profile. In doing so, the available profile data (e.g. job title, company name, industry, education, professional experience, knowledge, contact options, photo) as well as the content of the message will be processed by us to process your request. The legal basis for this data processing is Art. 6 para. 1 sent. 1 lit. b GDPR, provided that the communication serves the purpose of fulfilling the contract or implementing pre-contractual measures. In other cases, the data processing is based on Art. 6 para. 1 sent. 1 lit. f GDPR. We have a legitimate interest in contacting our users via our LinkedIn profile and answering enquiries. If you send us an application via LinkedIn, your name, contact details, qualifications and other data contained in the application will be processed for the purpose of evaluation and possible implementation of an application procedure. For this purpose, the application documents may be passed on internally to the responsible decision-makers. The data processing is based on § 26 para. 1 BDSG. Additional voluntary information is processed on the basis of Art. 6 para. 1 sent. 1 lit. a GDPR. After completion of the application procedure, the data will be deleted after six months at the latest, unless the data is necessary for the performance of the employment relationship.
You can also share our contributions, add a "Like" or comment on them. The information about the interaction as well as the profile data will be processed by us. The legal basis for data processing is Art. 6 para. 1 sent. 1 lit. f GDPR. We have a legitimate interest in understanding the response to our contributions and communicating with users.
In addition, we contact LinkedIn users directly if the information in their profile has aroused our interest. We process the available profile data. The legal basis is Art. 6 para. 1 sent. 1 lit. f GDPR. We have a legitimate interest in contacting other users via LinkedIn.
We maintain an account on Twitter, an offer from Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. We use the Twitter account to inform users about our company and current developments and to communicate with our users.
Twitter users have the opportunity to share our posts, add a "Like" or comment on them. The information about the interaction as well as the user's data is processed by us. The legal basis for data processing is Art. 6 para. 1 sent. 1 lit. f GDPR. We have a legitimate interest in understanding the response to our contributions and communicating with the users. Insofar as a comment serves the purpose of fulfilling the contract or carrying out pre-contractual measures, the data processing is based on Art. 6 para. 1 sent. 1 lit. b GDPR.
7. Transfer of personal data to third parties
In the event of a restructuring or sale of our business to a third party, your personal data may be transferred to the restructured company or third party in accordance with applicable law.
We may disclose your personal information if we are entitled or required to do so by law (for example, under applicable law or a court order).
8. Transfer of personal data to third countries
To the extent described above, we may transfer your personal data to other countries (including countries outside the EEA, so-called “third countries”), where different data protection standards may apply than those in your country of residence.
Please note that data processed in other countries may be subject to foreign laws and may be accessible to the governments, courts, law enforcement and regulatory authorities of those countries. However, if your personal data is transferred to third countries, we will take appropriate measures to adequately secure your data.
When transferring data to third countries, the transfer is usually protected by the application of the so-called “EU standard contractual clauses”.
Corresponding evidence or further details can be obtained by sending an e-mail to the above address.
9. Storage periods
It is our aim to process your personal data only to the smallest possible extent. We will therefore only store your personal data for as long as it is necessary to fulfil the purpose for which it was originally collected or - if applicable - as long as longer storage is required or justified by law.
10. Your rights
You have the following data protection rights, depending on the circumstances of the specific case:
- Information: You have the right to request information about and access to your personal data and/or copies of such data. This includes information on the purpose of use, the category of data used, the recipients and persons authorised to access such data and, if possible, the planned duration of data storage or, if this is not possible, the criteria for determining this duration.
- Correction, blocking, deletion: You have the right to demand the correction, deletion or restriction of the processing of your personal data, as far as their use is not permitted under data protection law. This is particularly the case if (i) the data is incomplete or incorrect, (ii) it is no longer necessary for the purposes for which it was collected, (iii) the consent on which the processing was based has been revoked, or (iv) you have successfully exercised your right to object to the processing of the data; in cases where the data is processed by third parties, we will forward your requests for correction, deletion or restriction of processing to these third parties, unless this proves impossible or involves disproportionate effort.
- Refusal/revocation of your consent: Many data processing operations are only possible with your express consent. You have the right to refuse to give your consent or to revoke at any time any consent already given, without affecting the lawfulness of the data processing operations carried out before the revocation.
- Automated decision making including profiling: You have the right not to be subject to a decision based solely on automated processing which produces legal effects concerning you or significantly affects you in a similar way.
- Data transferability: You have the right to have data that you have provided us with transferred to yourself or a third party in a common structured, machine-readable format. However, you have the right to request direct transfer to another responsible party only insofar as this is technically feasible.
- Right of appeal to the competent supervisory authority: If you are of the opinion that your rights have been violated as a result of processing your personal data not in compliance with data protection regulations, you have a right of appeal to the competent supervisory authority.
- Right of objection: You have the right to object to the processing of your personal data at any time if we process your personal data for direct marketing purposes or if we process your personal data for the pursuit of our legitimate interests and there are reasons arising from your particular situation.
You can (i) exercise the above rights or (ii) ask questions or (iii) lodge a complaint against the processing of your personal data by us by contacting us as indicated above.