We take the protection of personal data very seriously. Therefore, we strictly adhere to the rules of the data protection laws of the Federal Republic of Germany (BDSG) and the European Data Protection Regulation (GDPR).
Responsible Data Controller for the collection, processing and use of your personal data in the context of the GDPR is:
EngFlow GmbH, Fischerweg 51, 82194 Gröbenzell, Email: email@example.com
Data processing for contract related communication
You can contact us via our website and our contact data to request contractual services. You can use the contact form on our website for your request. If you provide us with personal data this way or in another way with this purpose, we process your data for the answer of your requests and for the entering and performance of a contract. Personal data that you provide to us by email, by post or telephone will only be processed for correspondence with you or only for the purpose for which you have made the data available to us. We need your name and your email address as necessary data to answer your request. In addition, we collect further data you provide for the beforementioned purpose, which are not absolutely necessary for entering / performance of the contract, but which support the purpose and are useful for it.
The basis for data processing is Art. 6 para. 1 s.1 lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.
Every time our website is accessed, usage data is transmitted through the respective internet browser and stored in log files, the so-called server log files. The data records stored in this way contain the following data: Date and time of access, name of the page accessed, IP address, referrer URL (originating URL from which you accessed the website), the amount of data transferred, as well as product and version information of the browser used and the operating system of your PC. The IP addresses of the users are deleted or made anonymous after the end of use. No evaluation or analysis of the data, except for statistical purposes and then only in anonymous form, take place. No persona “surf profiles” or similar are created or processed.
The basis for data processing is Art. 6 para. 1 s.1 lit. f GDPR, which permits the processing of data for purposes of the legitimate interests pursued by the controller, provided that the interests or fundamental rights and freedoms of the data subject do not override. We are interested in ensuring data security on our website and in optimizing our website.
We use so-called cookies. Cookies are small text files that are stored on a visitor’s computer and contain data about the respective user in order to give him access to various functions. Both session cookies and permanent cookies are used on our website. A session cookie is temporarily stored on the computer you are using while navigating through the website. A session cookie is deleted as soon as you close your Internet browser or as soon as your session expires after a certain time. A permanent cookie remains on your computer until it is deleted. The storage of a cookie ensures that you do not have to repeatedly enter your personal settings and preferences each time you visit our website. This saves you time and makes the use of our website more comfortable for you. The cookie serves only the purpose of improving usability.
The basis for data processing is Art. 6 para. 1 s.1 lit. f GDPR, which permits the processing of data for purposes of the legitimate interests pursued by the controller, provided that the interests or fundamental rights and freedoms of the data subject do not override. We are interested in the functionality and usability of our website.
Data processing for the purposes of legitimate interests
We also process your data if it is necessary for purposes of legitimate interests of us or third parties. This may be the case in particular to guarantee IT security and IT operation, especially for support requests as well as to be able to understand and prove facts in case of legal disputes. The basis for data processing is Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the data processing listed afore.
Data processing for the fulfilment of legal obligations
In addition, we process your data to fulfil legal obligations (e.g. regulatory requirements, commercial and tax storage and proof obligations). The basis for data processing is Art. 6 para. 1 s.1 lit. c GDPR, which permits processing for the fulfilment of a legal obligation.
Categories of recipients of the personal data
Your contract and communication data will be forwarded to the responsible office and the responsible employees within our company for answering your requests, for communication, for the execution or the fulfilment of contractual obligations.
If necessary for the purpose of contract processing or for the dispatch and delivery of products or for the provision of our services, data is passed on to partner companies that have been commissioned to support the contract processing. Our partners commit themselves to comply with and observe the data protection regulations. Our partners are not permitted to use the data for any other purpose than the execution of the contract.
The basis for data processing is Art. 6 para. 1 s.1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.
In other cases your personal data will only be passed on or otherwise transferred to third parties outside our company if this is necessary for the purpose of contract processing or invoicing or if you have given your prior consent or if there is a legal basis or obligation for the transfer.
We forward personal data to third parties who process personal data on their own responsibility (so-called responsible parties, Art. 4 No. 7 GDPR) within the scope of legal admissibility and necessity, for example postal service, banks, tax advisors, attorneys and authorities.
Insofar as we make use of the services of third parties to carry out our services, we process personal data according to the provisions of the GDPR. Service providers who support us in providing our services to you are hosting providers, email service providers, IT service providers, software-as-a-service providers, accounting service providers.
Duration of data storage
In principle, we delete your data as soon as it is no longer required for the above-mentioned purposes, unless temporary storage is still necessary. We store your data on the basis of legal proof and storage obligations, which result among other things from the German Commercial Code and the German Tax Code, according to which the storage periods are up to ten full years. In addition, we keep data for the period during which claims can be asserted against our company (statutory limitation period of three years until the end of the year).
Your personal data is transmitted securely by encryption. We use the SSL (Secure Socket Layer) coding system. Furthermore, we protect our website and other systems using technical and organizational measures against unauthorized access, modification, distribution, destruction or loss of your data.
Our security measures are constantly revised an improved in accordance with technical developments. However, we expressly point out that data transmission on the Internet has security gaps and cannot be completely protected against access by third parties, which applies in particular and above all to communication by email.
Links to third-party sites
You will find links to third-party sites on our site. The respective site operators are responsible for the data processing there. Data processing begins as soon as you click on the respective link or follow the URL it contains.
Rights of the data subject
You have the right to request information about your stored personal data, their origin and recipients and the purpose of data processing and, if necessary, a right to correction, blocking or deletion of this data at any time within the scope of the applicable legal provisions.
You may also have the right to restrict the processing of your data and to have the data you provided received back and also transmitted in a structured, common and machine-readable format.
If you have given us your consent to process personal data for specific purposes, you can revoke your consent at any time with effect for the future.
If we process your data to protect legitimate interests, you may object to such processing for reasons arising from your particular situation. You also have the right to contact a data protection supervisory authority and lodge a complaint.