Privacy Policy

This privacy policy (“Privacy Policy”) informs you about the personal data we collect when you use our websites www.enx.com, www.enxo.com, portal.enx.com, www.entourage-projekt.de (“Websites”) or make use of the services offered through them.

Below you will find information on how we use your personal data, for which purposes your personal data is used, with whom it is shared and what rights you may have.

1. Controller

ENX Association (20 rue Barthélémy Danjou 92100 Boulogne-Billancourt, France; hereafter “ENX”, “we”, “our”) acts according to the General Date Protection Regulation (GDPR) as well as further valid data protection regulations as a controller. You can reach us at:

ENX Association
Bockenheimer Landstraße 97-99
60325 Frankfurt am Main
Germany

Tel: +49 69 9866927-0
info@enx.com

 

 

2. Processing of personal data / purpose of processing

2.1 Visiting the Websites

(a) Automatic Website Processing

We automatically collect and store data that your browser sends us in the form of server log files. This data includes:

  • Browser type and version (as provided by your browser)
  • Referrer-URL
  • Time of server request
  • IP-address.

The above data is automatically collected and processed in order to enable the use of the Website, to improve user-friendliness and to guarantee system security and stability as well as well-functioning connection setup.

The legal basis for the processing is Art. 6 para. 1 sent. 1 lit. f GDPR (legitimate interest). Our legitimate interest is to ensure unhindered and undisturbed access to our Websites.

The hosting of the Websites and the services offered by us are carried out by an external service provider on our behalf.

(b) Cookies

The services use cookies in several cases. Cookies are small text files that are automatically generated by your browser and stored on your device (notebook, tablet, smartphone) when you use our services. Cookies do not harm your computer and do not contain any viruses, Trojans or other malware.

In a cookie, information is stored, which result from the device used.

The use of cookies enables us to make the use of our services more comfortable for you.

For example, we use session cookies to recognise that you have already visited certain pages on our Websites. This information are automatically deleted after leaving our Websites.

Moreover, we use cookies to recognise you as a user of our services, e.g. ENX Network, and to grant you the right of use in accordance with the service.

The data processed by the cookies are necessary for the purposes mentioned above in order to protect our legitimate interests (Art. 6 para. 1 sent. 1 lit. f GDPR). Our legitimate interest is to make the Websites user-friendly. If the cookies grant you user rights, these are necessary to ensure the secure operation of the services.

Most browsers automatically accept cookies. However, you have the option of adjusting your browser so that no cookies are stored on your computer or a notification always appears beforehand. However, if you deactivate cookies entirely, you may no longer be able to use all the functions on our Websites.

2.2 Email Requests

If you send us an email, we process your personal data to the extent necessary to answer your request.

Please note that your emails can be stored and archived for a longer period in order to comply with our legal obligations.

The legal basis for processing of your personal data in the context of the email support services is either Art. 6 para. 1 sent. 1 lit. b GDPR (performance of a contract) or the processing occurs alternatively on the basis of our legitimate interests in replying to your requests, providing you with support services and therefore increasing customer satisfaction (Art. 6 para. 1 sent. 1 lit. f GDPR).

In the case of data communication by email, the protection of the transmitted data cannot be comprehensively guaranteed according to the current state of the art and cannot be completely protected against access by third parties. We therefore recommend that you do not send any confidential data via email over the Internet.

2.3 ENX Network

When you register as a user company for the ENX Network, we process the data you provide during the registration process (e.g. title, name, department, role within the company, business telephone numbers, business email addresses, preferred language) as well as other data optionally provided in the form and company data (in particular company name and address).

We process your data in order to check your application, administer your account and provide you with our services.

The legal basis for the processing of this data is Art. 6 para. 1 sent. 1 lit. b GDPR (performance of contract / pre-contractual measures).

The use of the ENX Network is granted through the services of the ENX Certified Service Provider (&ldquot;ENX CSP&rdquot). These companies have provided proof of compliance with the necessary technical requirements and have entered into a corresponding contract with ENX.

If you enter, after successful registration for the ENX Network, into further contracts with third parties (e.g. ENX CSPs), these may collect further data from your company.

The basis for this is a separate contract between your company and the third party (e.g. ENX CSPs).

ENX is not liable for the processing of personal data within the scope of this contractual relationship.

2.4 TISAX

When you register for the use of TISAX , we process the personal data you provide during the registration process (e.g. title, name, department, role within the company, business telephone numbers, business email addresses, preferred language) as well as other data optionally provided in the form and company data (in particular company name and address).

We will use this information to review your registration request, administer your account, and provide you with TISAX services.

The legal basis for the processing of this data is Art. 6 para. 1 sent. 1 lit. b GDPR (performance of contract / pre-contractual measures).

Assessments in the scope of TISAX are performed by audit providers. These companies have provided proof of compliance with the necessary technical requirements and have entered into a corresponding contract with ENX.

If you enter into further contracts with third parties (e.g. audit providers) after successful registration for the ENX Network, these may collect further data from your company.

The basis for this is a separate contract between your company and the third party (e.g. audit providers).

ENX is not liable for the processing of personal data within the scope of this performance relationship.

2.5 Email Newsletter / Information Mailing

If you have given your consent or if we are otherwise entitled to do so, we will send you a newsletter / information by email in regular or irregular intervals in order to inform you about news regarding our services as well as about products and services and surveys of our affiliated companies. Third parties appointed by us may also send the emails.

In order to do so, we will require your email address. You can withdraw given consent at any time with effect for the future by sending a reply with a corresponding reference to the newsletter email.

Legal basis for sending the newsletter is Art. 6 para. 1 sent. 1 lit. a GDPR, if you have given your prior consent; or alternatively Art. 6 para. 1 sent. 1 lit. f GDPR in connection with Sec. 7 para. 3 German Act against Unfair Competition, as far as we send you such information without consent. In the latter case, our legitimate interests are to inform you about our products and to carry out direct marketing.

2.6 Contact by Phone

If you have given your consent or if we are otherwise entitled to do so, we may contact you by telephone to inform you of news regarding our products and services as well as products and services and surveys of our affiliates. Third parties appointed by us may also contact you by telephone.

We process your telephone number for this purpose. If the processing is based on your consent, you can revoke your declaration of consent at any time with effect for the future or object to the processing.

The legal basis for contacting us by telephone for information regarding news about our products and services as well as about products and services and surveys is Art. 6 para. 1 sent. 1 lit. a GDPR. If the processing is based on your presumed consent, the legal basis for the processing is Art. 6 para. 1 sent. 1 lit. f GDPR (legitimate interest) in conjunction with Sec. 7 para. 2 no. 2 German Act against Unfair Competition. Our legitimate interests are to inform you about our products.

If we contact you within the scope of an existing agreement to discuss or resolve the matter above or the services provided by us, the legal basis for the processing is Art. 6 para. 1 sent. 1 lit. b GDPR (performance of contract / pre-contractual measures).

2.7 Participation in Events

(a) Registration for/Participation in Events

When you register for an event, we process your personal data (such as name, email address, telephone number, company) to register and hold the event.

This includes in particular the sending of event-related information material.

If necessary, your personal data will also be passed on to service providers commissioned for the event, insofar as this is necessary for the realization (hotels, caterers, event service providers). If due to security measures a comparison of your data or a passing on of your personal data is necessary, you will be informed separately.

The legal basis for the processing of your personal data in connection with the holding of an event is Art. 6 para. 1 sent.1 lit. b GDPR (performance of contract), insofar as you enter into a contract, or Art. 6 para. 1 sent. 1 lit. f GDPR (legitimate interest). Our legitimate interest lies in particular in being able to offer and hold.

(b) Event photos

If you have given your consent or if we are otherwise entitled to do so, we will take, edit and use photos of our events, which may also depict you, for documentation purposes as well as advertising in online and offline media.

If necessary, we obtain your consent when registering for an event or collecting data, i.e. taking your photo (Art. 6 para. 1 sent. 1 lit. a GDPR. The granting of consent is voluntary and can be withdrawn at any time with effect for the future.

In addition, we may process your photo due to our legitimate interest (Art. 6 para 1 sent. 1 lit. f GDPR. This is particularly the case with event photos in which you as a person may only be shown by or in a larger group. Please note that such processing can also take place without your express consent.

Our photographers are also instructed to consider your personal preferences when taking photos. You are welcome to contact our photographers if you have any complaints. We will also consider your personal interests when selecting photos for publication.

Our legitimate interest in the processing of event photos lies in the documentation of our activities and in the advertising of our services.

2.8 Payment Processing

Where you wish to execute the payment for our services online, we use services of Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA („Stripe“) for our payment processing based on Art. 6 para. 1 sent. 1 lit. f GDPR (legitimate interest). Thereby and unless otherwise indicated below, Stripe acts as data processor and its affiliates (“Stripe Payments Europe Limited”, “Stripe Technology Europe Limited” and “Stripe Payments UK Limited”) act as its sub-processors.

During the payment process, if you choose to pay with your credit card, you will be asked to enter your card information, which will be securely transferred to and processed by Stripe. ENX will not have access to such data.

To process and authenticate the online payment transactions, Stripe may use your Personal Data (e.g. credit card number, the amount and the date of payment).

During the transaction, Stripe might obtain and process personal information about you received through the services or from third parties in order to determine your identity and prevent fraudulent activities. The legal basis for such a processing through Stripe (as a controller) will be Art. 6 para. 1 sent. 1 lit. c or f GDPR (legitimate interest).

In addition, if you wish to receive a receipt of your payment transaction from Stripe, you can opt to enter your name, email and billing address. This information will be securely transferred to and processed from Stripe based on Art. 6 para. 1 sent. 1 lit. a GDPR (consent).

Stripe might transfer your personal data to third countries, including the United States. For information on which measures Stripe takes to ensure that any such transfers comply with applicable data protection laws, please see https://stripe.com/privacy-center/legal#data-transfers.

Stripe may also place Cookies in order to enable the transaction (see Sec. 2.1 lit. b). For more information on how Stripe processes your personal data, please see Stripe’s Privacy Policy.

3. Data Transfer

Your personal data will be stored on servers operated by technical service providers on our behalf. The server log files are transferred to our hosting service provider for this purpose.

If you make use of our services, which require the passing on of data, we will pass on your data accordingly. The legal basis for this is either the performance of the contract entered into with you (Art. 6 para. 1 sent. 1 lit. b GDPR) or our legitimate interest in the offer of the corresponding service (Art. 6 para. 1 sent. 1 lit. f GDPR).

3.1 ENX Network

With regard to the ENX Network, we transfer your personal data as follows:

  • In the event of a new registration, the applicant sends us the responsible contact person of the &ldquot;First Communication Partner&rdquot; to enable authentication and authorization of the user company
    • Contact data of the First Communication Partner (company, department, contact person, function, address, telephone numbers, email addresses).
  • We will contact the responsible contact person of the First Communication Partner specified by a user company for the purpose of enabling authentication and authorization of the user company. The following personal data will be transferred to the First Communication Partner:
    • Contact details of the contact person at the user company (company, department, contact person, function, address, telephone numbers, email addresses).
  • The following personal data may be transferred in connection with incidents involving data connections between the CSP and other user companies for troubleshooting purposes:
    • Contact details of the contact person at the user company (company, department, contact person, function, address, telephone numbers, email addresses).
  • The following data can be made accessible to CSPs for communication purposes (also by email/telephone) via a restricted database frontend:
    • Contact details of the contact person at the user company (company, department, contact person, function, address, telephone numbers, email addresses).

3.2 TISAX

Upon request, we will transfer information about your company (scope) to an audit provider requested by your company. If you are a contact person in the scope of your company, your business contact data will also be transmitted.

This data includes the contact details of the person responsible for the scope (company, department, contact person, function, address, telephone numbers, email addresses).

3.3 Mailings

With regard to mailings, we transmit your personal data as follows:

  • For the production, packaging and dispatch of printed matter (information letters, personal invitations, Christmas cards), we may transfer your business contact details to service providers commissioned by us.
    • Contact details of the addressee (company, department, contact person, function, address)
  • For sending emails, we may transfer your business contact data to service providers who have been commissioned to do so.
    • Contact details of the addressee (company, department, contact person, function, email address)

3.4 Contact by Phone

With regard to telephone contacts, we may commission service providers and in such a case pass on the necessary data to the service provider.

This data includes the company, department, contact person and telephone number.

3.5 Events

Concerning events, we transmit your personal data as follows:

  • If you are a participant in an event and we use external service providers for these events (e.g. event agencies, security), we will pass on your personal data to commissioned service providers insofar as this is necessary for the holding (e.g. in the context of participant registration and/or access control).
    • Contact details of the participant (your company, your department, your surname and first name, your function).
  • If you are a speaker in one of our events and we use external service providers for these events (e.g. event agency, moderators), we will pass on your contact data to contracted service providers as far as this is necessary for the holding of the event (e.g. in the context of even logistics, for the coordination of speeches by the moderator)
    • Contact details of the speaker (your company, your department, your function, your name, part of your presentation, abstract of your presentation, a photo of you, if provided by you).
  • If you are a speaker at one of our events, we may name you in any published event program:
    • Information about you as a speaker (your company, your department, your function, your name, the title of your presentation, a photo of you, if provided by you).

3.6 Further Information on the Transmission of Data

Subject to any other information contained in this Privacy Policy, your personal data will not otherwise be transferred to third parties, unless you have consented thereto or law permits this.

4. Cross-Border Data Transmission

Your personal data may be transferred to other countries (including countries outside the EEA). These countries may apply different privacy standards that differ from those of your place of residence. Please be aware that data processed in another country may be subject to different laws and may be accessible to the governmental, judicial, law enforcement and supervisory authorities of those countries. However, we will take reasonable measures to ensure an adequate level of data protection even if your personal data is transferred to these countries.

5. No Obligation to Provide Personal Data

The disclosure of your personal data is usually voluntary and there is no legal or contractual obligation to disclose your personal data. A registration without the provision of personal data is not possible. We further point out that you may not be able to use our services or parts of our services if you do not provide us with your personal data.

6. Retention Period

We endeavour to keep the processing of your personal data as low as possible. Unless specific retention periods are stipulated in this Privacy Policy, we will only retain your personal data as long as we need it to fulfil the purpose for which it was collected or, if applicable, for as long as required by statutory retention obligations. Storage periods can also result from the contracts entered into with you (e.g. the ENX GTC or the TISAX Conditions of Participation). In case of a given consent, your personal data will be deleted immediately after withdrawal of consent at the latest.

7. Data Security

We have taken appropriate measures to protect your personal information from accidental loss, unauthorized access, unauthorized use/change and disclosure.

If you make data available to us via the forms provided online, these forms are transmitted in an encrypted way (TLS encryption).

8. Your Rights

You have the right at any time

  • to obtain form the controller access to the personal without giving reasons in accordance with Art. 15 GDPR;
  • to obtain from the controller the rectification of inaccurate personal data in accordance with Art. 16 GDPR;
  • to obtain from the controller the erasure of personal data in accordance with Art. 17 GDPR;
  • to obtain from the controller restriction of processing in accordance with Art. 18 GDPR;
  • to object to processing of personal data for the purpose of direct marketing without giving reasons in accordance with Art. 21 GDPR;
  • otherwise to object to processing of personal data in the cases mentioned in Art. 21 para. 1 GDPR;
  • to withdraw your consent at any time without giving reasons in accordance with Art. 7 GDPR without affecting the legality of the processing carried out on the basis of the consent up to the revocation;
  • to receive the personal data, which you have provided to us, in a machine-readable format in accordance with Art. 20 GDPR and to transmit those data to another controller;
  • to lodge a complaint with a supervisor authority without prejudice to any other administrative or judicial remedy in accordance with Art. 77 GDPR.

9. Contact

If you have any questions, or if you request further information on a particular point, please do not hesitate to contact us at any time. You can reach us under the contact details given above .