Privacy policy, additional information

Information pursuant to Article 13/Article 14 of the GDPR about the processing of your data and your rights under the EU General Data Protection Regulation.

With these instructions, we are informing you about the processing of your personal data and the rights to which you are entitled under the data protection policy. Which data are specifically processed and how they are used depends largely on the services provided and agreed upon.

Data processing controller and contact information for the data protection officer:

Data processing controller:

Ensinger GmbH
Rudolf-Diesel-Straße 8
71154 Nufringen / Germany
Tel. +49 7032 819 0
Fax +49 7032 819 100

You can reach our data protection officer at: [obfemailstart]b2ZmaWNlQGRhdGVuc2NodXR6LXN1ZWQuZGU=[obfemailend] and at [obfemailstart]ZGF0ZW5zY2h1dHpAZW5zaW5nZXJwbGFzdGljcy5jb20=[obfemailend].

Which data do we use and where do we get these data from?

In general we process personal data that we receive from you as part of the initiation of business or ongoing business relationship.  In addition, we process personal data, where necessary, that we received from third parties (e.g. credit bureaus) or based on your consent. We also process personal data which it is permissible for us to process from publicly available sources (e.g. commercial register, press and media).

Relevant personal data are master data such as first name, last name, address and communications data (e.g. phone number, cell phone number, e-mail address). In addition, these could also be pre-contractual initiation data, contract and order data, delivery and supply data as well as creditworthiness data.

What are we processing your data for (processing purposes) and on what legal basis is this done?

We process personal data in compliance with the EU General Data Protection Regulation (GDPR) and all other relevant laws:

1)    For the fulfillment of contractual obligations (Article 6, para. 1b) GDPR

The processing of personal data (Article 4, no. 2 GDPR) is carried out, for instance, for processing of orders, quotes and pre-contractual measures; performance of services; invoicing and delivery of goods. The purposes of processing primarily depend on the service to be provided by us.

2)    As part of the balancing of interests (Article 6, para. 1f) GDPR)

If necessary, we also process your data in order to safeguard our legitimate interests or those of third parties. This could be the case for, e.g.,:

  • ensuring IT security and IT operations including testing
  • prevention and investigation of criminal offenses
  • statistical purposes
  • creditworthiness with credit bureaus
  • advertising purposes

If we process your data in order to safeguard legitimate interests, you may object to this processing if your particular situation provides reasons that speak against the processing of data.

Right of objection direct marketing: You have the right to object to the processing of your personal data for direct marketing purposes.

3)    On the basis of your consent (Art. 6, para. 1a) GDPR, Art. 9 para. 2a) in conjunction with Art. 7 GDPR

If we have your consent for the processing of personal data for specific purposes (e.g., receipt of a newsletter), the legality of such processing is given based on your consent.  Consent given can be revoked at any time. It should be noted that the revocation will be effective in the future. Processing done before this revocation remain unaffected.

4)    Processing due to legal requirements (Article 6, para. 1c) GDPR

It may happen that we process your personal data in order to fulfill legal obligations. This includes, e.g., commercial and fiscal retention periods as well as information to authorities, if necessary.

To whom is data passed on (categories of recipients)?

Data processing within the enterprise:

Certain data processing operations have been bundled in our enterprise. These are handled centrally by specialized company divisions. In this case, your data can be processed, for example, for telephone support or invoicing.

External contractors and service providers (processors):

In part, we use external contractors and service providers for task fulfillment and contractual fulfillment. These can include, e.g., shredders, print service providers, logistics or IT service providers.

Additional recipients:

In addition, data may go to recipients to whom we are required to disclose due to legal obligations (such as law enforcement agencies and courts). 

Duration of data storage:

If necessary, we process and store your personal data for the duration of our business relationship. This includes the initiation and implementation of a contract or order. In addition, we are subject to various retention obligations stemming, among other things, from the Commercial Code. Finally, the storage period also follows the statutory limitation periods, which generally amount to 3 years but also up to 30 years.

Data transmission to third countries:

Data transfer to third countries (countries outside the EU and the European Economic Area EEA) only takes place insofar as this is necessary for the execution of a contract/order/the business relationship, including its initiation, and only in compliance with the relevant prescribed data protection requirements.

Rights of data subjects:

You can request information about your stored personal data using the contact details provided above. (Art. 15 GDPR). In addition, under certain circumstances you may request the rectification or erasure of your data (Articles 16 and 17 GDPR). You shall have the right to request the restriction of processing of your personal data (Art. 18 GDPR). You shall also have the right of surrender of the data provided by you in a structured, commonly used and machine-readable format (Art 20 GDPR).

Is there an obligation to provide data?

You generally only need to provide the data necessary for us to justify, execute or terminate this relationship in the context of business initiation or ongoing business relationship. We may have to decline the initiation of a business relationship and/or be unable to execute it or even be compelled to terminate it if the required data are not provided.

Right of appeal:

You have the option of appealing to the above-mentioned data protection officer or the responsible data protection supervisory authority.