Privacy policy

Data protection at a glance

(consentSettings: statistics: true marketing: true)

In the following we inform you about the processing of personal data during use:

Website: enomyc.com
enomyc Career: careers.enomyc.com/de
Blog: blog.enomyc.com/de
as well as our profiles on social media.

Personal data is any data that can be related to a specific natural person, such as your name or IP address.

Contact details

The responsible party pursuant to Art. 4 (7) EU General Data Protection Regulation (DSGVO) is enomyc GmbH, Neuer Wall 57, 20354 Hamburg, Germany, email: kontakt@enomyc.com. Legally represented by Martin Hammer (Chairman) and Uwe Köstens.

Our data protection officer is Mr Martin Bastius. He can be reached at datenschutz@heydata.eu.

Data collection on our website

At enomyc GmbH, we are committed to protecting your privacy. This privacy policy applies to the use of our website, social media platforms and our registration service. They govern data collection, data processing and data use.

By using our website, you agree to this Privacy Policy.
If you have any questions about this privacy policy or the handling of personal data, please contact us.

Write an email to kontakt@enomyc.com or send a letter to: enomyc GmbH, Neuer Wall 57, 20354 Hamburg.

Scope of data processing, processing purposes and legal bases

The scope of data processing, processing purposes and legal bases are further detailed in the following text further down on this page. The legal basis for data processing is basically:

Art. 6 para. 1 p. 1 it. a DSGVO: Legal basis for processing operations for which consent is obtained.
Art. 6 para. 1 p. 1 lit. b DSGVO: Legal basis insofar as the processing of personal data is necessary for the performance of a contract. This legal basis also applies to processing that is necessary for pre-contractual measures, such as enquiries about our services.
Art. 6 para. 1 sentence 1 lit. c DSGVO: A legal obligation is fulfilled by processing personal data, e.g. under the German Commercial Code or the German Fiscal Code.
Art. 6 para. 1 sentence 1 lit. f DSGVO: Legal basis if we rely on legitimate interests to process personal data, e.g. cookies required for the technical operation of the website.

A detailed overview of the cookies used by our website, proof of your consent, as well as the possibility to revoke or change it can be found in our cookie statement.

Data processing outside the EEA

Insofar as we transfer data to service providers or other third parties outside the EEA, the security of the data during the transfer is guaranteed, insofar as (e.g. for the UK, Canada and Israel) adequacy decisions of the EU Commission exist (Art. 45 para. 3 DSGVO).

If no adequacy decision exists (e.g. USA), the legal basis for the data transfer is usually standard contractual clauses. These are a set of rules adopted by the EU Commission and are part of the contract with the respective third party. According to Article 46 (2) (b) of the GDPR, they guarantee the security of the data transfer. Many providers provide contractual guarantees that protect the data beyond the standard contractual clauses. These are, for example, guarantees regarding the encryption of the data or regarding an obligation of the third party to inform data subjects if law enforcement agencies want to access data.

Storage period

Unless expressly stated otherwise within the scope of this data protection declaration, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If data is not deleted because it is required for other and legally permissible purposes, processing is restricted, i.e. data is blocked and not processed for other purposes. This applies, for example, to data that we must retain for reasons of commercial or tax law.

Rights of the data subjects

Data subjects have the following rights vis-à-vis enomyc regarding personal data concerning them:

Right of access,
Right to rectification or erasure,
right to restriction of processing,
Right to object to processing,
right to data portability,
Right to revoke consent given at any time.
Data subjects also have the right to complain to a data protection supervisory authority about the processing of their personal data.

Obligation to provide data

In the context of a business relationship or other relationship, customers, interested parties or third parties only have to provide enomyc with the personal data that is necessary for the establishment, implementation and termination of the business relationship or for the other relationship or which we are legally obliged to collect. Without this data, we will usually have to refuse to conclude a contract or provide a service or will no longer be able to perform an existing contract or other relationship. Mandatory data are marked as such.

Contacting us

When contacting enomyc, e.g. by e-mail or telephone, the data provided to us, such as name, company and e-mail address, will be stored by us in order to answer questions. The legal basis for the processing is our legitimate interest (Art. 6 para. 1 p. 1 lit. f DSGVO) in answering enquiries directed to us. We delete the data accruing in this context after the storage is no longer necessary or restrict the processing if there are statutory retention obligations.

General

The use of our website is generally possible without providing personal data.

Insofar as personal data (e.g. name, address or e-mail addresses) is collected on our pages, this is always done on a voluntary basis as far as possible. We also collect navigation information. This is data about your computer and your visit to our website, in particular your IP address, your location, the browser you use, referral source, length of your visit and the pages you have opened.

We use navigational information to operate and improve the websites and our registration service. We use navigational information alone or in combination with personal information to send you personalised information about our business.

Web hosting and provision of the website

Our website is hosted by service provider within the meaning of § 5 TMG Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. It is our legitimate interest to provide a website, so that the legal basis of the described data processing is Art. 6 para. 1 p. 1 lit. f DSGVO. Further information can be found in the provider's privacy policy at https://www.hetzner.com/de/legal/privacy-policy.

Informational use of the website

During the informative use of the website, enomyc only collects personal data that the browser transmits to the server in order to ensure the stability and security of our website. This is our legitimate interest, so that the legal basis is Art. 6 para. 1 p. 1 lit. f DSGVO.

These data are:

IP address
Date and time of the request
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (specific page)
Access status/HTTP status code
Amount of data transferred in each case
Website from which the request came
browser
Operating system and its interface
language and version of the browser software.

This data is also stored in log files. They are deleted when their storage is no longer necessary, at the latest after 14 days.

Contact and newsletter form

In addition to other uses listed in this privacy policy, we use personal data to improve your browser experience by personalising the web pages and to improve the registration service. By filling out a registration form on our website, you agree to receive e-mails from enomyc GmbH. The emails contain information about new products and offers.

The legal basis for this data processing is Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interest lies in direct advertising (recital 47 DSGVO). Customers can object to the use of their e-mail address for advertising purposes at any time, e.g. via the link at the end of the e-mail or by sending an e-mail to our above-mentioned e-mail address.

Interested parties have the option of subscribing to a free newsletter. The data provided during registration is processed by enomyc for sending the newsletter. Subscription takes place by selecting the corresponding field on our website and the enomyc blog or by another, clear action, whereby interested parties declare their consent to the processing of their data, so that the legal basis is Art. 6 para. 1 p. 1 lit. a DSGVO. Consent can be revoked at any time, e.g. by clicking on a link in the newsletter or by sending a note to our e-mail address given above. The processing of the data until revocation remains lawful even in the event of revocation.

Based on the consent of the recipients (Art. 6 para. 1 p. 1 lit. a DSGVO), we measure the opening and click-through rate of our newsletters to understand which content is relevant to our recipients.

We send newsletters using the HubSpot tool from the provider HubSpot, Inc., 25 1st Street Cambridge, MA 0214, USA (privacy policy: https://legal.hubspot.com/de/privacy-policy). According to its own information, the provider processes content, usage, meta/communication data and contact data in the EU.

This data will not be passed on to third parties without your express consent.
We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

**The use of contact data published within the framework of the imprint obligation by third parties for the purpose of sending unsolicited advertising and information material is hereby expressly prohibited. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, for example by spam mails.

We use a so-called Clear Gifs software, which helps us to improve our registration service by informing us which content is effective. Clear Gifs are small graphics with a unique identifier (similar to cookies) that help analyse the usage patterns of website visitors.

Unlike cookies, which are stored on visitors' computers, clear gifs included on websites and in emails are invisible and are usually the size of a dot. We use clear gifs in our HTML-based emails to identify which emails have been opened. This allows us to assess the effectiveness of communication activities and marketing. We link this information to personal data.

You can unsubscribe from these emails at any time by sending an email or letter (please mention the word "unsubscribe" in the subject line).

Cookies

When you visit our website for the first time, you will be informed that we use cookies on our website. These are small text files that are stored on your computer and enable an analysis of your use of the website.

We use cookies to automatically recognise you the next time you visit our website. This enables us to tailor our website to your needs in order to improve your user experience.

If you decline the use of cookies, we will not track your information when you visit our site. However, please note that if you do this you may not be able to use the full functionality of this website.

If you have accepted cookies in the past, but have changed your mind in the meantime, you have the option in your browser settings to delete your previous cookies and to object to future storage of cookies.

For a detailed overview of the cookies used by our website, proof of your consent, and the option to revoke or change it, please refer to our cookie statement at: (consentSettings: statistics: true marketing: true)

Third-party provider

HubSpot
We use HubSpot to manage customer relationships and for our online marketing activities HubSpot. This is an integrated software solution that we use to cover various aspects of our online marketing and customer relationship management. The provider, HubSpot, Inc., 25 1st Street Cambridge, MA 0214, USA, processes usage data such as websites visited, interest in content, access times, content data such as entries in online forms and meta/communication data such as device information, IP addresses according to its own information within the EU.

The legal basis of the processing is Art. 6 para. 1 p. 1 lit. f DSGVO. We have a legitimate interest in managing data in a simple and inexpensive way.

The data is deleted when the purpose of its collection has ceased to apply and there is no obligation to retain it. For more information, please see the provider's privacy policy at https://legal.hubspot.com/privacy-policy.

YouTube Videos
We use YouTube videos as videos on our website. The provider, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, processes usage data such as web pages visited, interest in content, access times and meta/communication data such as device information, IP addresses in the USA.

The legal basis of the processing is Art. 6 para. 1 p. 1 lit. a DSGVO. The processing is based on consent. Data subjects can revoke their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.

The legal basis for transfers to a country outside the EEA is consent.
Further information is available in the provider's privacy policy at https://policies.google.com/privacy.

Google Tag Manager
enomyc uses Google Tag Manager for analysis and advertising. The provider, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, processes usage data such as websites visited, interest in content, access times in the USA.

The legal basis of the processing is Art. 6 para. 1 p. 1 lit. a DSGVO. The processing is based on consent. Data subjects can revoke their consent at any time by contacting enomyc, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.

The legal basis of the transfer to a country outside the EEA is standard contractual clauses. The security of the data transferred to the third country (i.e. a country outside the EEA) is guaranteed by standard data protection clauses adopted in accordance with the review procedure under Article 93(2) of the GDPR (Article 46(2)(c) of the GDPR), which we have agreed with the provider.

We delete the data when the purpose for which it was collected no longer applies. Further information is available in the provider's privacy policy at https://policies.google.com/privacy?hl=de.

Google Analytics
We use Google Analytics for analysis. The provider, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Dublin, Ireland, processes usage data such as web pages visited, interest in content, access times and meta/communication data such as device information, IP addresses in the USA.

The data is deleted when the purpose for which it was collected no longer applies and there is no obligation to retain it. Further information can be found in the provider's privacy policy at https://policies.google.com/privacy?hl=de.

Cookies from Google Analytics
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available under the following link: tools.google.com/dlpage/gaoptout.

Facebook
We have a profile on Facebook. The operator is Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The privacy policy is available here: https://www.facebook.com/policy.php. One way to object to data processing is via settings for advertisements: https://www.facebook.com/settings?tab=ads.

We are jointly responsible for processing the data of visitors to our profile on the basis of an agreement within the meaning of Art. 26 DSGVO with Facebook. Facebook explains exactly what data is processed at https://www.facebook.com/legal/terms/information_about_page_insights_data. Data subjects can exercise their rights both against us and against Facebook. According to our agreement with Facebook, we are obliged to forward requests to Facebook. Data subjects will therefore receive a quicker response if they contact Facebook directly.

**Instagram
We have a profile on Instagram. The operator is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The privacy policy is available here: https://help.instagram.com/519522125107875.

YouTube
We have a profile on YouTube. The operator is Google Ireland Limited Gordon House, Barrow Street Dublin 4. Ireland. The privacy policy is available here: https://policies.google.com/privacy?hl=de.

LinkedIn
We have a profile on LinkedIn. The operator is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The privacy policy is available here: https://www.linkedin.com/legal/privacy-policy?_l=de_DE. One way to object to data processing is via the settings for advertisements: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Xing
We maintain a profile on Xing. The operator is New Work SE, Am Strandkai 1, 20457 Hamburg. The privacy policy is available here: https://privacy.xing.com/de/datenschutzerklaerung.

Disable tracking
If you do not want your usage data to be collected by HubSpot and Google Analytics, you can deactivate the tracking of both tools by clicking on the following link.
Dadurch wird in Ihrem Browser jeweils ein Opt-Out-Cookie gesetzt, welches die zukünftige Erfassung Ihrer Daten beim Besuch dieser Webseite verhindert.

Tracking durch HubSpot deaktivieren
(ga_opt_out: Tracking durch Google Analytics deaktivieren message: Google Analytics has been deactivated)

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Use of social media buttons

To prevent data from being transmitted to the service providers Twitter, XING or LinkedIn without your knowledge, we use the social media "Share" buttons. This guarantees that personal data is not passed on to the providers of the individual social plugins when you enter the site, but only and exclusively when you click on one of the social media plugins. Only then will data possibly be transferred to the corresponding service provider and stored there.

Information obligations according to Art. 13 DSGVO

The protection of your personal data is of particular concern to us. We therefore process your personal data (in short "data") exclusively on the basis of the statutory provisions. With this data protection declaration, we want to inform you comprehensively about the processing of your data in our company and the data protection claims and rights to which you are entitled in accordance with Art. 13 of the European Data Protection Regulation (EU DSGVO).

FAQs

Who is responsible for data processing and whom can you contact?.
Responsible is:
enomyc GmbH, Neuer Wall 57, 20354 Hamburg, Germany.
We have appointed a data protection officer for our company. Our data protection officer is Mr Martin Bastius. He can be reached at datenschutz@heydata.eu.
Which data are processed and from which sources do these data originate?.
We process the data that we have received from you in the context of initiating or processing a contract, on the basis of consent or in the context of your application to us or in the context of your employment with us.
Personal data includes
Your master/contact data, for customers this includes e.g. first name and surname, address, contact data (e-mail address, telephone number, fax), bank data, photographs.
For applicants and employees, this includes e.g. first and last name, address, contact data (e-mail address, telephone number, fax), date of birth, data from CV and references, bank data, religious affiliation, photographs.
In the case of business partners**, this includes, for example, the name of their legal representative, company, commercial register number, VAT number, company number, address, contact person contact data (e-mail address, telephone number, fax), bank data.
In addition, we also process the following other personal data:

Information on the type and content of contract data, order data, turnover and receipt data, customer and supplier history and consultation documents,
advertising and sales data,
information from your electronic dealings with us (e.g. IP address, log-in data),
other data that we have received from you in the course of our business relationship (e.g. in customer meetings),
data that we generate ourselves from master / contact data and other data, e.g. by means of customer demand and customer potential analyses,
documentation of your declaration of consent to receive e.g. newsletters.
Photo shoots in the context of events.

Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

IP address
Date and time of the request
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (specific page)
Access status/HTTP status code
Amount of data transferred in each case
Website from which the request came
browser
Operating system and its interface
language and version of the browser software.

This data is not merged with other data sources.
The basis for the data processing is Art. 6 para. 1 lit. f DSGVO, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.

For what purposes and on what legal basis are the data processed?
The scope of the processing of the data, processing purposes and legal bases are further explained in detail in the following text further down on this page. The legal basis for data processing is basically:

Art. 6 para. 1 p. 1 it. a DSGVO: Legal basis for processing operations for which consent is obtained.
Art. 6 para. 1 p. 1 lit. b DSGVO: Legal basis insofar as the processing of personal data is necessary for the performance of a contract. This legal basis also applies to processing that is necessary for pre-contractual measures, such as enquiries about our services.
Art. 6 para. 1 sentence 1 lit. c DSGVO: The processing of personal data is necessary to fulfil a legal obligation, e.g. from the German Commercial Code or the German Fiscal Code.
Art. 6 para. 1 p. 1 lit. f DSGVO: Legal basis if we rely on legitimate interests to process personal data, e.g. cookies required for the technical operation of the website.

Processing of personal data for advertising purposes.
You can object to the use of your personal data for advertising purposes at any time, either in whole or for individual measures, without incurring any costs other than the transmission costs according to the basic rates.
We are entitled, under the legal conditions of Section 7 (3) of the German Unfair Competition Act (UWG), to use the e-mail address you provided when concluding the contract for direct advertising for our own similar goods or services. You will receive these product recommendations from us regardless of whether you have subscribed to a newsletter.
If you do not wish to receive such recommendations from us by e-mail, you can object to the use of your address for this purpose at any time without incurring any costs other than the transmission costs according to the basic rates. A message in text form is sufficient for this purpose. Of course, an unsubscribe link is always included in every e-mail.
Who receives my data?
If we use a service provider in the sense of order processing, we still remain responsible for the protection of your data. All commissioned processors are contractually obliged to treat your data confidentially and to process it only in the context of providing the service. The processors we commission receive your data insofar as they require the data to fulfil their respective service. These are, for example, IT service providers that we require for the operation and security of our IT system as well as advertising and address publishers for our own advertising campaigns.
Your data is processed in our customer database. The customer database supports the enhancement of the data quality of the existing customer data (duplicate cleansing, moved/deceased indicators, address correction), and enables the enrichment with data from public sources.
This data is made available to the Group companies if necessary for the processing of contracts. Customer data is stored separately for each company, with our parent company acting as a service provider for the individual participating companies.
In the event of a legal obligation and in the context of legal prosecution, authorities and courts as well as external auditors may be recipients of your data.
In addition, insurance companies, banks, credit agencies and service providers may be recipients of your data for the purpose of initiating and fulfilling contracts.
How long will my data be stored?
We process your data until the end of the business relationship or until the expiry of the applicable statutory retention periods (e.g. from the Commercial Code, the Fiscal Code, the Home Act or the Working Hours Act); in addition, until the end of any legal disputes in which the data are required as evidence.
Will personal data be transferred to a third country?
In principle, we do not transfer any data to a third country. A transfer will only take place in individual cases on the basis of an adequacy decision of the European Commission, standard contractual clauses, appropriate safeguards or your explicit consent.
Which data protection rights do I have?
You have a right to information, correction, deletion or restriction of the processing of your stored data at any time, a right to object to the processing as well as a right to data portability and to lodge a complaint in accordance with the requirements of data protection law.

Right of access:
Within the framework of the applicable legal provisions, you have the right to free information about your stored personal data, its origin and recipient and the purpose of the data processing at any time.

Right of rectification
If we process your data that is incomplete or incorrect, you can request that we correct or complete it at any time.

Right to erasure
You can ask us to delete your data if we process it unlawfully or if the processing disproportionately interferes with your legitimate interests in protection. Please note that there may be reasons that prevent immediate deletion, e.g. in the case of legally regulated retention obligations.
Irrespective of the exercise of your right to deletion, we will delete your data immediately and completely, insofar as there is no legal or statutory obligation to retain data in this respect.

Right to restriction of processing:
You may request us to restrict the processing of your data if

you dispute the accuracy of the data for a period of time that allows us to verify the accuracy of the data.
the processing of the data is unlawful, but you refuse to erase it and instead request that we restrict the use of the data,
we no longer need the data for the intended purpose, but you still need this data to assert or defend legal claims, or
you have objected to the processing of the data.

Right to data portability:
You may request that we provide you with the data you have provided to us in a structured, commonly used and machine-readable format and that you may transfer this data to another controller without hindrance from us, provided that

we process this data on the basis of a revocable consent given by you or for the performance of a contract between us, and
this processing is carried out with the aid of automated procedures.
If technically feasible, you may request us to transfer your data directly to another controller.

Right to object:
If we process your data for legitimate interest, you may object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the assertion, exercise or defence of legal claims. You may object to the processing of your data for the purpose of direct marketing at any time without giving reasons.

Right of complaint
If you are of the opinion that we are violating German or European data protection law in processing your data, please contact us so that we can clarify any questions. Of course, you also have the right to contact the supervisory authority responsible for you, the respective state office for data protection supervision.
If you wish to assert any of the aforementioned rights against us, please contact our data protection officer. Our data protection officer is Mr Martin Bastius. He can be reached at datenschutz@heydata.eu. In case of doubt, we may request additional information to confirm your identity.

Am I obliged to provide data?
The processing of your data is necessary for the conclusion or fulfilment of the contract you have entered into with us. If you do not provide us with this data, we will usually have to refuse to enter into the contract or will no longer be able to perform an existing contract and consequently have to terminate it. However, you are not obliged to give your consent to data processing with regard to data that is not relevant to the performance of the contract or that is not required by law.

We reserve the right to change this data protection declaration with effect for the future. A current version is always available here at https://enomyc.com/en/privacy-policy.

If you have any questions or comments regarding this privacy policy, please do not hesitate to contact us using the contact details above.

3 AI myths from the SME sector

Could have, would have, supply chain