Outside a concluded Service Agreement for the use of the enmacc platform, enmacc only collects and processes personal data if you provide it to us of your own accord. For the processing of personal data connected to visiting our website see below Collection of personal data while visiting our website
. Any processing of your personal data beyond the scope of the statutory permissions will only take place on the basis of your expressed consent.
Legal basis and purposes
(1) Consent (Art. 6 para. 1 lit. a GDPR)
Consent to process personal data is always given for a specific purpose (e.g. contacting us, sending newsletters). Consent can be revoked at any time with effect for the future ( firstname.lastname@example.org
(2) Fulfilment of (pre-)contractual obligations (Art. 6 para. 1 lit. b GDPR)
Personal data is processed in order to be able to properly provide and fulfil the services within the framework of the enmacc platform, including the Service Agreement, the GTC (general terms and conditions) and associated appendices and other agreements.
(3) Fulfilment of legal obligations (Art. 6 para. 1 lit. c GDPR)
As a company and legal entity, enmacc is subject to various obligations under commercial and tax law. Personal data is therefore stored for the fulfilment of reporting and retention obligations, among other things.
(4) Legitimate interest (Art. 6 para. 1 lit. f GDPR)
Personal data may be processed beyond the above-mentioned purposes in order to protect our legitimate interests. This is basically in our economic interest in maintaining and optimising our business operations.
Categories of data
The categories of data listed below are collected and processed for the above-mentioned purposes (in particular for the performance of the contract). The collection is preceded by the transfer of the data from you to us.
- Application data for the purpose of carrying out the application procedure.
- Customer data/prospect data, employee data and supplier data customary in business transactions for the performance of contracts and precontractual interaction.
- Data provided for the use of the video conferencing software or the webinar software (esp. Zoom).
Categories of third receivers
Public authorities in the event of overriding legal provisions.
External service providers or other contractors.
Other external bodies if the person concerned has given his/her consent or a transmission is permissible for reasons of overriding interest.
Transfers to a third country
Contractors outside the European Union may also be involved in the performance of the contract. However, we make sure that in such cases the requirements of Art. 44 et seq. GDPR are met.
We take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk in accordance with Art. 32 GDPR.
Therefore our measures include ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input, transfer, assurance of availability and separation of the data. We also have procedures in place to ensure the exercise of data subjects' rights, deletion of data and response to data compromise. We already take the protection of personal data into account in the selection of hardware, as well as in the development and selection of software and procedures, in accordance with the principle of data protection through technology design and through data protection-friendly default settings (Art. 25 GDPR).
Duration of data storage
Personal data is deleted or irrevocably anonymized as soon as the purpose of the storage ceases to apply unless otherwise determined by the European or national legislator. Deletion or anonymisation takes place after the expiry of the statutory retention periods, unless further storage is necessary for the fulfilment of the contract. The data storage period is usually 10 years.