Privacy Policy - ENVINET GmbH

With this privacy policy, we inform you about the nature, scope and purpose of the processing of personal data, hereinafter referred to as "data", within our website. This also applies to the associated webpages, functions and content as well as external online presence and our social media profiles, collectively referred to as "website".

This is an English translation of the lawful German version, Datenschutzerklärung.

Definitions, basics and fundamentals

For the terms used, we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

"Personal data" means any information that relates to a natural person that is identified or identifiable. In the following, this is referred to as the "affected person".
"Identifiable" means a natural person who can be identified, directly or indirectly, in particular by association with an identifier (name, identification number, location data, online identifier, cookie) or with one or more specific characteristics like physical, genetic, psychological, physiological, economic, cultural or social identity of the person concerned.
"Processing" means any process or series of operations associated with personal data whether or not performed by automated procedures. The term is far-reaching and includes almost every handling of data.
“Controller” means the natural or legal person, public authority, body or body which, alone or in concert with others, decides on the purposes and means of processing personal data.

Responsible

ENVINET GmbH
Hans-Pinsel-Straße 4
85540 Haar, Germany
+49 (89) 456657-0 (Fon)
This email address is being protected from spambots. You need JavaScript enabled to view it.

Represented by the managing director Dr. Wolfgang Rieck

Affected persons and extent:

In the following, we also refer to the persons concerned as "users", i.e. visitors and users of the website. Affected are the following data:

Inventory data, e.g. names, addresses, organizations.
Contact details, e.g. e-mail addresses, telephone and fax numbers.
Content data, e.g. texts, photos, videos.
Usage data, e.g. visited websites, content interests, access times and durations.
Meta / communication data, e.g. device information and IP addresses.

The processing of the data may be for a variety of purposes, including:

To provide the website, its features and content.
To answer contact inquiries and communicate with the users of our offers
For security measures
For range measurement and marketing purposes

Relevant legal bases

The legal basis of our data processing is stated in accordance with Art. 13 GDPR. Unless the legal basis is stated in this declaration, the following applies:

To obtain consent, Art. 6 para. 1 lit. a and Art. 7 GDPR
For the processing for the fulfilment of our services and the execution of contractual measures as well as the answering of requests: Art. 6 para. 1 lit. b GDPR
For the purposes of processing our legal obligations, Art. 6 para. 1 lit. c GDPR is applied
For processing for the protection of our legitimate interests: Art. 6 para. 1 lit. f GDPR

Transfer to third parties

Cooperation with third parties

Should we grant access to processors or third parties in the course of our processing, this will only be done with legal permission, your consent, due to a legal obligation or based on our legitimate interests. The latter is especially the case with the use of data processors and webhosters. The basis of such a "data processing contract" is Art. 28 GDPR.

Transfers to third countries

In some cases, we transmit or process data in third countries, i.e. outside the European Union (EU) or the European Economic Area (EEA). This occurs, for example, in the context of the use of services of third parties or the disclosure / transmission of data to third parties. Such disclosure / transfer will only occur if it is necessary to fulfil our precontractual and contractual obligations, with your consent, under a legal obligation or within our legitimate interests. Subject to legal or contractual permissions, processing in the third country or the transfer takes place only in the presence of the special conditions according to Art. 44 et seq. GDPR. The processing is based, for example, on specific guarantees (for example, the officially recognized statement of an EU level of data protection, such as the "Privacy Shield" in the US). Alternatively, compliance with officially recognized special contractual obligations, so-called "standard contract clauses", is sufficient.

Integration of services and contents of third parties

Within our online offer, we use contents and services offered by third-party providers for the purpose of analysis, optimization and operation (Article 6 (1) lit. GDPR, hereinafter referred to as "Content"). By utilizing third party content, your IP address will inadvertently be transmitted to the provider of the third-party content. We will endeavour to use only those content whose respective providers use the IP address solely to deliver the content.

Third parties may also use invisible graphics (also known as "web beacons" or "pixel tags") for statistical or marketing purposes. Through this, various information, including the user traffic on the pages with such content on this online service can be evaluated. The third-party provider then has the usual options for storing and processing data. This includes, among other things, the storage of the pseudonymous information in cookies on the user's device and technical information as mentioned in the section "Collection of Access Data". It is also possible that the third-party provider associates this information with such information from other sources.

We use the following third-party services:

Maps of the "Google Maps" service and "Google Fonts" fonts from Google LLC, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Privacy Policy: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.
We embed the fonts ("Google Fonts") of the provider Google LLC, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Privacy Policy: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.
This website uses "Google Analytics," a web analytics service provided by Google LLC ("Google"), Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. The use includes the operating mode "Universal Analytics". This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus to analyse the activities of a user across devices. For more information about Terms of Use and Privacy, please visit https://www.google.com/analytics/terms/en.html or https://policies.google.com/?hl=en. The data is stored in Google Analytics for a period of 14 months. After the deadline the data will be deleted automatically. Opt-out, for example, by means of an additional browser plug-in: https://tools.google.com/dlpage/gaoptout?hl=en-GB
This site uses YouTube LLC for the inclusion of videos. Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. The YouTube videos will be integrated with the enhanced privacy mode. As a result, YouTube does not store any information about the visitors unless they watch the video. If you click on the video, your IP address will be sent to YouTube and YouTube will know that you have watched the video. If you are logged in to YouTube, this information will also be associated with your user account (you can prevent this by logging out of YouTube before starting the video).

Microsoft Teams

Consent to the provider's data protection and terms of use
The use of Microsoft Teams is subject to Microsoft's terms of use and data protection.
Privacy policy: https://privacy.microsoft.com/de-de/privacystatement
Terms of use: https://www.microsoft.com/de-DE/servicesagreement/
By using Microsoft Teams, you accept Microsoft's terms of use and data protection.
Privacy Policy
When using Microsoft Teams for communication with ENVINET GmbH, the following data protection provisions must be observed.
The legal basis for data processing by ENVINET GmbH is the legitimate interests in accordance with Article 6, Paragraph 1, Sentence 1, lit. If there is an order or contractual relationship, ENVINET GmbH is entitled and obliged to process and save the data.
The client and user can issue instructions at any time to waive the further use of Microsoft Teams and request the deletion of the data in the Microsoft cloud.
2.1 Processors
Microsoft is a commissioned third party within the meaning of the Data Protection Act and, within the meaning of its privacy policy, ensures that the personal data passed through Microsoft Teams will not be used for any other purpose than for electronic exchange with the participants and that data security will be provided.
2.2 Data transfer abroad
Microsoft Teams transmits, stores and processes data outside the scope of the GDPR. The transmission, storage and processing of the data can also take place in countries without equivalent data protection, especially in the USA. Microsoft ensures data protection in these countries with standard contractual clauses. Microsoft will respect the requirements of the European Economic Area with regard to the collection, use, transfer, storage and other processing of personal data from the European Economic Area. All transfers of personal data to a third country or an international organization are subject to appropriate safeguards, as described in Art. 46 GDPR, and such transfers and safeguards are documented in accordance with Art. 30 Paragraph 2 GDPR. In addition, Microsoft is certified in the EU-USA Privacy Shield Framework (www.privacyshield.gov/welcome).
2.3 Data security
Communication by e-mail, fax, mobile phones or internet applications involves risks such as the possibility of looking into the content of the message, changing it or losing it. To protect the data, Microsoft has implemented numerous technical and organizational measures to ensure the most complete protection possible for the data processed via this service. The data is encrypted as far as possible.
Disclaimer of Liability
ENVINET GmbH rejects any guarantee and liability for the use of Microsoft Teams and any resulting breach of confidentiality within the scope of the legally permissible exclusion of liability.

Rights of affected persons

You have the right,

to ask for a confirmation as to whether the relevant data are being processed and for information about these data, as well as for further information and a copy of the data (Art. 15 GDPR),
the completion of the data concerning you or the correction of the incorrect data concerning you (Art. 16 GDPR),
to demand that the relevant data be deleted immediately (Art. 17 GDPR) or alternatively a restriction of the processing of the data (Art. 18 GDPR),
to demand that the data relating to you that you provide us with be obtained and to request their transmission to other controllers (Art. 20 GDPR),
to file a complaint with the competent supervisory authority (Art. 77 GDPR),
to revoke given consent with effect for the future (Article 7 Par. 3 GDPR) and
to contradict the future processing of data concerning you, in particular against processing for direct marketing purposes (Article 21 GDPR).

Cookies and right to object to direct marketing

This website stores small files on the users' computers, so-called "cookies". Within these files different information can be stored. They serve primarily to store the information about a user or the device on which the cookie is stored during or after his visit to this website.

Temporary cookies or "session cookies" are files that are deleted after a user leaves an online service and closes their browser.
"Permanent" or "persistent" refers to cookies that remain stored even after the browser has been closed. For example, in such a cookie the interests of the users are used, which are used for range measurement or marketing purposes.
A "third-party cookie" refers to files offered by third parties.

We use temporary and permanent cookies on our website and inform you about them in the context of this privacy policy. If you do not want to have cookies stored on your computer, you are asked to select the appropriate option in your browser's settings. Already saved cookies can also be deleted in the settings of the browser. The exclusion of cookies can lead to functional restrictions of this website.

Third-party cookies are set in the context of this website by the integration of services and content of third parties (see the corresponding section of this privacy policy).

A general objection to the use of cookies used for online marketing purposes, in particular against tracking cookies, can be explained using a variety of services, for example http://www.aboutads.info/choices/ (US) or http://www.youronlinechoices.com/ (EU). For the solution "Google Analytics" we use, please refer to the corresponding section.

Deletion of data

Basis for the deletion of the data processed by us or the limitation of the processing are the articles 17 and 18 GDPR. Unless otherwise specified, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any lawful storage requirements. If other and legally permissible purposes are opposed to the deletion, processing will be restricted accordingly (blocking, no processing for other purposes).

Due to legal requirements in Germany, the storage takes place especially for 6 years (§ 257 Abs. 1 HGB, trading books, inventories, opening balance sheets, annual accounts, trade letters, accounting documents, etc.) or for 10 years (§ 147 Abs. 1 AO, books, records, management reports, accounting records, trade and business letters, documents relevant to taxation, etc.).

Processing

Business-related processing

In addition to the data named above, we process

Contract data (e.g. subject of the contract, duration, category) and
Payment data (e.g. bank details, payment history)

of our customers, prospective buyers and business partners in order to provide contractual works and services, as well as for customer care, marketing and advertising purposes and for market research.

Further information can be found in the “Verzeichnis von Verarbeitungstätigkeiten (Kunde)” (List of Processing Activities: Customer" and “Verzeichnis von Verarbeitungstätigkeiten (Mitarbeiter)“ (List of Processing Activities: Employees", which can be provided if requested and justified.

Hosting, access data, log files

To provide this website, we use third party hosting services. This includes infrastructure and platform services, computing capacity, storage and database services, security and technical maintenance services. Within this framework, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta data and communication data from users of this website. This is based on our legitimate interests in providing this website in an efficient and secure manner (Article 6 par. 1 lit. f GDPR in conjunction with Art. 28 GDPR, conclusion of the data processing contract).

Furthermore, through our webhoster, we collect data about every access to the server on which this website is located. Access data includes:

Name of the retrieved website,
File,
Date and time of the call,
Transferred amount of data,
Message about successful call,
Browser and operating system of the user
Referrer URL, i.e. the previously visited page,
IP address and the requesting provider.

This information is levied in accordance with our legitimate interests under Art. 6 para. 1 lit. f. GDPR. The IP addresses are stored in anonymous form. The anonymized IP addresses are kept for 60 days and then deleted. Users of protected directories become anonymous after one day. In error logs, the IP addresses are kept for 7 days. Access via FTP is logged with anonymized username and IP address and kept for 60 days. Mail logs for the mail server will be deleted after four weeks. The longer retention period is necessary for ensuring the functionality of the mail services and spam fighting. Should further retention be required for evidential purposes, the data concerned will be exempted from the deletion until the incident is finally resolved.

Administrative tasks

Within the scope of administrative and organizational tasks in the context of the perpetuation of our business, the performance of our duties and fulfilment of legal obligations, data is processed in accordance with Art. 6 para. 1 lit. c. and f. GDPR. The data are transmitted here to the financial administration and consultants, such as tax consultants or auditors, as well as other billing offices and payment service providers. This concerns the same data that we process in the course of rendering our contractual services. The processing affects both customers, prospects and business partners as well as users of the website. The deletion of the data in terms of contractual services and contractual communication correspond to the information provided in these processing activities.

Based on our business interests, we also store information about suppliers, promoters and other business partners. Unless otherwise stated, we store this majority of company-related data permanently.

Business analysis and market research

In order to be able to operate our business economically, we analyse the available data on business transactions, contracts, inquiries, etc. (Art. 6 (1) lit. GDPR) in order to detect market trends, customer and user wishes. The analyses serve to increase the user-friendliness as well as the optimization of our offer and the business economics. Therefore, they are not disclosed externally unless they are anonymous analyses with summarized values. In this context, we process both inventory data and communication data, contract data, payment data and usage data as well as metadata. In addition to business partners and customers, those affected also include interested parties as well as users of our website.

Personal analyses are deleted or anonymized upon termination of the business relationship, otherwise after two years from the conclusion of the contract. If possible and meaningful, the analyses are created anonymously.

Contact

When contacting us, the details of the user are processed to process the request. The information provided may be stored in a Customer Relationship Management System or a comparable organizational scheme (Article 6 (1) (b) GDPR). If these are no longer required, the information will be deleted. A review of the need takes place annually. In addition, the statutory archiving obligations apply.