Below you will find information on how we use your personal data, for which purposes your personal data is used, with whom it is shared and what rights you may have.
ENX Association (20 rue Barthélémy Danjou 92100 Boulogne-Billancourt, France; hereafter “ENX”, “we”, “our”) acts according to the General Date Protection Regulation (GDPR) as well as further valid data protection regulations as a controller. You can reach us at:
We automatically collect and store data that your browser sends us in the form of server log files. This data includes:
The above data is automatically collected and processed in order to enable the use of the Website, to improve user-friendliness and to guarantee system security and stability as well as well-functioning connection setup.
The legal basis for the processing is Art. 6 para. 1 sent. 1 lit. f GDPR (legitimate interest). Our legitimate interest is to ensure unhindered and undisturbed access to our Websites.
The hosting of the Websites and the services offered by us are carried out by an external service provider on our behalf.
In a cookie, information is stored, which result from the device used.
For example, we use session cookies to recognise that you have already visited certain pages on our Websites. This information are automatically deleted after leaving our Websites.
The data processed by the cookies are necessary for the purposes mentioned above in order to protect our legitimate interests (Art. 6 para. 1 sent. 1 lit. f GDPR). Our legitimate interest is to make the Websites user-friendly. If the cookies grant you user rights, these are necessary to ensure the secure operation of the services.
Most browsers automatically accept cookies. However, you have the option of adjusting your browser so that no cookies are stored on your computer or a notification always appears beforehand. However, if you deactivate cookies entirely, you may no longer be able to use all the functions on our Websites.
If you send us an email, we process your personal data to the extent necessary to answer your request.
Please note that your emails can be stored and archived for a longer period in order to comply with our legal obligations.
The legal basis for processing of your personal data in the context of the email support services is either Art. 6 para. 1 sent. 1 lit. b GDPR (performance of a contract) or the processing occurs alternatively on the basis of our legitimate interests in replying to your requests, providing you with support services and therefore increasing customer satisfaction (Art. 6 para. 1 sent. 1 lit. f GDPR).
In the case of data communication by email, the protection of the transmitted data cannot be comprehensively guaranteed according to the current state of the art and cannot be completely protected against access by third parties. We therefore recommend that you do not send any confidential data via email over the Internet.
When you register as a user company for the ENX Network, we process the data you provide during the registration process (e.g. title, name, department, role within the company, business telephone numbers, business email addresses, preferred language) as well as other data optionally provided in the form and company data (in particular company name and address).
We process your data in order to check your application, administer your account and provide you with our services.
The legal basis for the processing of this data is Art. 6 para. 1 sent. 1 lit. b GDPR (performance of contract / pre-contractual measures).
The use of the ENX Network is granted through the services of the ENX Certified Service Provider (&ldquot;ENX CSP&rdquot). These companies have provided proof of compliance with the necessary technical requirements and have entered into a corresponding contract with ENX.
If you enter, after successful registration for the ENX Network, into further contracts with third parties (e.g. ENX CSPs), these may collect further data from your company.
The basis for this is a separate contract between your company and the third party (e.g. ENX CSPs).
ENX is not liable for the processing of personal data within the scope of this contractual relationship.
When you register for the use of TISAX , we process the personal data you provide during the registration process (e.g. title, name, department, role within the company, business telephone numbers, business email addresses, preferred language) as well as other data optionally provided in the form and company data (in particular company name and address).
We will use this information to review your registration request, administer your account, and provide you with TISAX services.
The legal basis for the processing of this data is Art. 6 para. 1 sent. 1 lit. b GDPR (performance of contract / pre-contractual measures).
Assessments in the scope of TISAX are performed by audit providers. These companies have provided proof of compliance with the necessary technical requirements and have entered into a corresponding contract with ENX.
If you enter into further contracts with third parties (e.g. audit providers) after successful registration for the ENX Network, these may collect further data from your company.
The basis for this is a separate contract between your company and the third party (e.g. audit providers).
ENX is not liable for the processing of personal data within the scope of this performance relationship.
If you have given your consent or if we are otherwise entitled to do so, we will send you a newsletter / information by email in regular or irregular intervals in order to inform you about news regarding our services as well as about products and services and surveys of our affiliated companies. Third parties appointed by us may also send the emails.
In order to do so, we will require your email address. You can withdraw given consent at any time with effect for the future by sending a reply with a corresponding reference to the newsletter email.
Legal basis for sending the newsletter is Art. 6 para. 1 sent. 1 lit. a GDPR, if you have given your prior consent; or alternatively Art. 6 para. 1 sent. 1 lit. f GDPR in connection with Sec. 7 para. 3 German Act against Unfair Competition, as far as we send you such information without consent. In the latter case, our legitimate interests are to inform you about our products and to carry out direct marketing.
If you have given your consent or if we are otherwise entitled to do so, we may contact you by telephone to inform you of news regarding our products and services as well as products and services and surveys of our affiliates. Third parties appointed by us may also contact you by telephone.
We process your telephone number for this purpose. If the processing is based on your consent, you can revoke your declaration of consent at any time with effect for the future or object to the processing.
The legal basis for contacting us by telephone for information regarding news about our products and services as well as about products and services and surveys is Art. 6 para. 1 sent. 1 lit. a GDPR. If the processing is based on your presumed consent, the legal basis for the processing is Art. 6 para. 1 sent. 1 lit. f GDPR (legitimate interest) in conjunction with Sec. 7 para. 2 no. 2 German Act against Unfair Competition. Our legitimate interests are to inform you about our products.
If we contact you within the scope of an existing agreement to discuss or resolve the matter above or the services provided by us, the legal basis for the processing is Art. 6 para. 1 sent. 1 lit. b GDPR (performance of contract / pre-contractual measures).
When you register for an event, we process your personal data (such as name, email address, telephone number, company) to register and hold the event.
This includes in particular the sending of event-related information material.
If necessary, your personal data will also be passed on to service providers commissioned for the event, insofar as this is necessary for the realization (hotels, caterers, event service providers). If due to security measures a comparison of your data or a passing on of your personal data is necessary, you will be informed separately.
The legal basis for the processing of your personal data in connection with the holding of an event is Art. 6 para. 1 sent.1 lit. b GDPR (performance of contract), insofar as you enter into a contract, or Art. 6 para. 1 sent. 1 lit. f GDPR (legitimate interest). Our legitimate interest lies in particular in being able to offer and hold.
If you have given your consent or if we are otherwise entitled to do so, we will take, edit and use photos of our events, which may also depict you, for documentation purposes as well as advertising in online and offline media.
If necessary, we obtain your consent when registering for an event or collecting data, i.e. taking your photo (Art. 6 para. 1 sent. 1 lit. a GDPR. The granting of consent is voluntary and can be withdrawn at any time with effect for the future.
In addition, we may process your photo due to our legitimate interest (Art. 6 para 1 sent. 1 lit. f GDPR. This is particularly the case with event photos in which you as a person may only be shown by or in a larger group. Please note that such processing can also take place without your express consent.
Our photographers are also instructed to consider your personal preferences when taking photos. You are welcome to contact our photographers if you have any complaints. We will also consider your personal interests when selecting photos for publication.
Our legitimate interest in the processing of event photos lies in the documentation of our activities and in the advertising of our services.
Where you wish to execute the payment for our services online, we use services of Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA („Stripe“) for our payment processing based on Art. 6 para. 1 sent. 1 lit. f GDPR (legitimate interest). Thereby and unless otherwise indicated below, Stripe acts as data processor and its affiliates (“Stripe Payments Europe Limited”, “Stripe Technology Europe Limited” and “Stripe Payments UK Limited”) act as its sub-processors.
During the payment process, if you choose to pay with your credit card, you will be asked to enter your card information, which will be securely transferred to and processed by Stripe. ENX will not have access to such data.
To process and authenticate the online payment transactions, Stripe may use your Personal Data (e.g. credit card number, the amount and the date of payment).
During the transaction, Stripe might obtain and process personal information about you received through the services or from third parties in order to determine your identity and prevent fraudulent activities. The legal basis for such a processing through Stripe (as a controller) will be Art. 6 para. 1 sent. 1 lit. c or f GDPR (legitimate interest).
In addition, if you wish to receive a receipt of your payment transaction from Stripe, you can opt to enter your name, email and billing address. This information will be securely transferred to and processed from Stripe based on Art. 6 para. 1 sent. 1 lit. a GDPR (consent).
Stripe might transfer your personal data to third countries, including the United States. For information on which measures Stripe takes to ensure that any such transfers comply with applicable data protection laws, please see https://stripe.com/privacy-center/legal#data-transfers.
Your personal data will be stored on servers operated by technical service providers on our behalf. The server log files are transferred to our hosting service provider for this purpose.
If you make use of our services, which require the passing on of data, we will pass on your data accordingly. The legal basis for this is either the performance of the contract entered into with you (Art. 6 para. 1 sent. 1 lit. b GDPR) or our legitimate interest in the offer of the corresponding service (Art. 6 para. 1 sent. 1 lit. f GDPR).
With regard to the ENX Network, we transfer your personal data as follows:
Upon request, we will transfer information about your company (scope) to an audit provider requested by your company. If you are a contact person in the scope of your company, your business contact data will also be transmitted.
This data includes the contact details of the person responsible for the scope (company, department, contact person, function, address, telephone numbers, email addresses).
With regard to mailings, we transmit your personal data as follows:
With regard to telephone contacts, we may commission service providers and in such a case pass on the necessary data to the service provider.
This data includes the company, department, contact person and telephone number.
Concerning events, we transmit your personal data as follows:
Your personal data may be transferred to other countries (including countries outside the EEA). These countries may apply different privacy standards that differ from those of your place of residence. Please be aware that data processed in another country may be subject to different laws and may be accessible to the governmental, judicial, law enforcement and supervisory authorities of those countries. However, we will take reasonable measures to ensure an adequate level of data protection even if your personal data is transferred to these countries.
The disclosure of your personal data is usually voluntary and there is no legal or contractual obligation to disclose your personal data. A registration without the provision of personal data is not possible. We further point out that you may not be able to use our services or parts of our services if you do not provide us with your personal data.
We have taken appropriate measures to protect your personal information from accidental loss, unauthorized access, unauthorized use/change and disclosure.
If you make data available to us via the forms provided online, these forms are transmitted in an encrypted way (TLS encryption).
You have the right at any time
If you have any questions, or if you request further information on a particular point, please do not hesitate to contact us at any time. You can reach us under the contact details given above .