Protecting your personal information is paramount to us.
We know how important the appropriate use of your personal information is to you. This is why we take the protection of our customers’ personal information very seriously. When you visit our website, we routinely collect your IP address, the URL of the page you used to access our site, the URL of any of our site’s internal pages you browse as a part of your visit, the session date, and the time you spent on our site. This type of information transfer is depersonalized and constitutes an internet protocol that ensures the safe operation of our servers.
We store the details you provide when completing one of our online customer forms on our servers. We only use the information to process your request. We shall keep your personal information strictly confidential, and we will not pass on personal information to any third party.
Responsible in accordance with Article 4 (7) of the EU General Data Protection Regulation (GDPR) is
c/o The Drivery
Mariendorfer Damm 1
12099 Berlin, Germany
We are legally represented by Julian Nordt, Bo Chen.
Our data protection officer is heyData GmbH
10627 Berlin, Germany
www.heydata.eu, email: firstname.lastname@example.org.
Personal information is any information that renders an individual identifiable. It includes among other things your name, your address, and your email address. You may browse our webpage without providing any personal or otherwise sensitive information. However, in some cases, we may ask you to provide your name, your address, and other related details to ensure the timely and smooth delivery of the services requested by you.
This also applies if we send you any information explicitly requested by you, or if we reply to any inquiries made by you. We will, however, notify you accordingly. Moreover, we only store data provided by you voluntarily or being automatically generated when using our platform.
Every time you visit our website, your browser automatically collects and forwards a certain type of information to our servers contained in so-called server logs. The collected information includes:
Information contained in server logs will be not correlated to other data in order to identify you as an individual. We use the collected information to optimize features and functionality thereby fully complying with § 6(1) GDPR.
To maximize data security and to protect our servers against cyberattacks, we store server log information for a limited time only, anonymizing the data by truncating the IP address after seven days, to prevent individual users from being rendered identifiable. We use the anonymized data for producing web analysis reports, including the total number of page requests in our statistical site review released on a biannual basis. However, we do not correlate the data to other user-related information or pass on the information to any third party.
If you do not agree with ENWAY using cookies you can usually modify your browser setting to decline cookies. If you wish to do so, go to the Extras menu of your browser and select “Settings” or “Internet Options” and follow the instructions. However, declining cookies means that certain functional aspects of our webpage may no longer be available to you.
We use Google Tag Manager (GTM) for tracking and analytics. GTM does not collect any personal information. It is a tool that automatically updates the code snippets of tags that, in turn, may collect sensitive information. GTM does not use these data. However, even if you decline cookies or deactivate URL-based session tracking, tags managed via GTM will still be enabled. More details here.
If you do not agree with Google using cookies you can modify your browser setting to decline cookies. However, declining cookies means that certain functional aspects of our webpage may no longer be available to you. Moreover, you can object to data being collected, transferred, and processed by Google by downloading a browser plug-in that disables DoubleClick here. Alternatively, use the opt-out you can find under "Right to Withdraw Consent" to deactivate DoubleClick.
If you would like to find out more about how conversion tracking works, and your options when it comes to preventing Google from using cookie-based information, read here.
If you have previously agreed to your browser history and your Google account being synchronized (https://www.google.com/settings/u/0/ads/authenticated), and to your Google account details being used to show you personalized ads, Google’s remarketing tool will be enabled across a range of devices. This means that Google uses your Google ID to recognize you on different mobile devices, but does not collect any personal information in the process.
If you are viewing our site on a mobile device such as a smartphone or a tablet, and if you want to prevent your browsing behavior from being tracked by Google Analytics you need to use this link. The link also constitutes a working alternative to the above-mentioned browser add-on. Clicking the link creates an opt-out cookie that specifically applies to the URL and the browser you use. Deleting the browser history also results in the cookie being deleted, which means you need to click the link again to opt-out of GA tracking.
If you have agreed to Google synchronizing your web and app browser history with your Google account and using personal data from your Google account to serve personalized ads, Google will link these data to information collected by Google Analytics in order to set up target groups for cross-device remarketing purposes. If you visit our website, Google will collect your Google ID and hence your personal information via our Google account, followed by Google Analytics temporarily correlating your Google ID to your Google Analytics data to help us refine our target groups.
If you object to your personal information being used for cross-device marketing, log in to your Google account and change your account settings accordingly.
You can find the data policy of Hotjar here.
You can permit Hotjar from collecting data by clicking the following link and following the given instructions or use the opt-out you can find under "Right to Withdraw Consent": Hotjar Opt-out
Subscribing to our newsletter requires a double opt-in. This means you only will receive our newsletter after you have instructed us to activate the service followed by confirming your instruction again by clicking the relevant link contained in our subscription confirmation email. When you subscribe to our newsletter, we store your email address together with the subscription date. We use this information to make sure no third party has been subscribing using your email address without your knowledge or consent. If you no longer want to receive our newsletter, you may unsubscribe at any time.
Our newsletter code contains a web beacon, meaning a tiny file that is accessed by the MailChimp servers to create a server log containing information relating to the type and version of the browser you use, your IP address, and date and time of the request. MailChimp uses this information to improve their services with regard to service features, target audience, and recipient preferences based only on location (detected by the recipient’s IP address). MailChimp also collects data on whether the newsletters are read, when they’ve been read, and which of the embedded links were clicked in the process. These data may be correlated to individual newsletter subscribers for technical reasons. However, neither we nor MailChimp will track individual newsletter readers over time. We collect the information for the sole purpose of identifying the reading preferences of our subscribers in order to serve more personalized content.
Applying for a job at our company involves providing a wide range of information, including your personal details, your contacts, your professional background, work experience, and qualifications. You may also submit cover letters and letters of reference in electronic form.
Moreover, in and compliance with Germany’s Equality Act (Allgemeines Gleichbehandlungsgesetz), please do not provide any personal information relating to your ethnic background, race, gender, religion, ideology, disabilities, age, sexual identity or sexual orientation, union memberships, and physical or mental illnesses, as well as information that might infringe the copyrights, intellectual property right or any statutory right held by a third party.
We collect and use your personal information for purposes related to your application, seeking employment at our company. We do not pass on your data to third parties. If you submit your application online, we collect your name, home address, telephone number, email address, and other details solely for the purpose to contact you with regard to your application. If your application is successful, we may use your information for administrative purposes. Your online application will be processed by a designated HR team that will not share your personal information with anyone else. Your data will not be stored on servers based outside of Germany.
If your application does not result in employment at our company, we are required by law to hold on to your information for a period of up to six months, to be able to answer questions related to the process and success of your application. We may keep your information longer than the period stipulated by law after obtaining your prior written consent, to inform you of future job opportunities arising at our company that fit your profile. Otherwise, your personal data will be deleted.
You have the right to be notified if your personal data are collected, to request the personal data we hold about you to be disclosed to you, to request your personal data to be amended, deleted or their use by us to be limited, to data portability and the right to make a complaint to the respective data protection authority of your country. Your principal rights under data protection law are
You may request to be informed as to whether we collect your personal information, and if we do, how we use your data.
If we process personal data that are incomplete or incorrect, you may request the respective information to be supplemented/amended at any time.
You may request the personal information we hold on you to be deleted if our use of your data is against the law, or constitutes an infringement of your interest deemed unacceptable. We will delete your personal information immediately unless required otherwise by law.
You may request limited processing of your personal information if:
You have the right to receive your personal data from us in a structured, commonly used and machine-readable format that enables you to transfer the information to another party without the necessity of our involvement if:
You may request your personal data being transferred directly from us to a party of your choice subject to the technical requirements being in place.
To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. If you withdraw your consent we will stop collecting and using your personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims. However, you withdraw your consent to us processing your personal information for marketing purposes without giving a reason.
If you believe our processing of your personal information infringes on German or EU data protection laws, please get in touch immediately. It goes without saying that you may also contact the respective supervisory data protection authority in your country. If you would lodge a complaint please call or email our data protection officer. N.B. We are entitled to ask for proof of identity.
This Application collects some Personal Data from its Users.
This document can be printed for reference by using the print command in the settings of any browser.
c/o The Drivery
Mariendorfer Damm 1
Owner contact email: email@example.com
Among the types of Personal Data that this Application collects, by itself or through third parties, there are: Tracker; Usage Data.
Personal Data may be freely provided by the User, or, in case of Usage Data, collected automatically when using this Application.
Unless specified otherwise, all Data requested by this Application is mandatory and failure to provide this Data may make it impossible for this Application to provide its services. In cases where this Application specifically states that some Data is not mandatory, Users are free not to communicate this Data without consequences to the availability or the functioning of the Service.
Users who are uncertain about which Personal Data is mandatory are welcome to contact the Owner.
Users are responsible for any third-party Personal Data obtained, published or shared through this Application and confirm that they have the third party's consent to provide the Data to the Owner.
Methods of processing
The Owner takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data.
The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Owner, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of this Application (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Owner. The updated list of these parties may be requested from the Owner at any time.
The Owner may process Personal Data relating to Users if one of the following applies:
In any case, the Owner will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
The Data is processed at the Owner's operating offices and in any other places where the parties involved in the processing are located.
Depending on the User's location, data transfers may involve transferring the User's Data to a country other than their own. To find out more about the place of processing of such transferred Data, Users can check the section containing details about the processing of Personal Data.
Users are also entitled to learn about the legal basis of Data transfers to a country outside the European Union or to any international organization governed by public international law or set up by two or more countries, such as the UN, and about the security measures taken by the Owner to safeguard their Data.
If any such transfer takes place, Users can find out more by checking the relevant sections of this document or inquire with the Owner using the information provided in the contact section.
Personal Data shall be processed and stored for as long as required by the purpose they have been collected for.
The Owner may be allowed to retain Personal Data for a longer period whenever the User has given consent to such processing, as long as such consent is not withdrawn. Furthermore, the Owner may be obliged to retain Personal Data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.
Once the retention period expires, Personal Data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.
The Data concerning the User is collected to allow the Owner to provide its Service, comply with its legal obligations, respond to enforcement requests, protect its rights and interests (or those of its Users or third parties), detect any malicious or fraudulent activity, as well as the following: Analytics, Tag Management, Interaction with external social networks and platforms and Displaying content from external platforms.
For specific information about the Personal Data used for each purpose, the User may refer to the section “Detailed information on the processing of Personal Data”.
Personal Data is collected for the following purposes and using the following services:
The services contained in this section enable the Owner to monitor and analyze web traffic and can be used to keep track of User behavior.
Google Analytics is a web analysis service provided by Google LLC or by Google Ireland Limited, depending on the location this Application is accessed from, (“Google”). Google utilizes the Data collected to track and examine the use of this Application, to prepare reports on its activities and share them with other Google services.
Google may use the Data collected to contextualize and personalize the ads of its own advertising network.
Personal Data processed: Tracker; Usage Data.
This type of service allows you to view content hosted on external platforms directly from the pages of this Application and interact with them.
This type of service might still collect web traffic data for the pages where the service is installed, even when Users do not use it.
Font Awesome is a typeface visualization service provided by Fonticons, Inc. that allows this Application to incorporate content of this kind on its pages.
Personal Data processed: Usage Data.
This type of service allows interaction with social networks or other external platforms directly from the pages of this Application.
The interaction and information obtained through this Application are always subject to the User’s privacy settings for each social network.
This type of service might still collect traffic data for the pages where the service is installed, even when Users do not use it.
It is recommended to log out from the respective services in order to make sure that the processed data on this Application isn’t being connected back to the User’s profile.
The Twitter Tweet button and social widgets are services allowing interaction with the Twitter social network provided by Twitter, Inc.
Personal Data processed: Tracker; Usage Data.
This type of service helps the Owner to manage the tags or scripts needed on this Application in a centralized fashion.
This results in the Users' Data flowing through these services, potentially resulting in the retention of this Data.
Google Tag Manager is a tag management service provided by Google LLC or by Google Ireland Limited, depending on the location this Application is accessed from.
Personal Data processed: Usage Data.
Users may exercise certain rights regarding their Data processed by the Owner.
In particular, Users have the right to do the following:
Where Personal Data is processed for a public interest, in the exercise of an official authority vested in the Owner or for the purposes of the legitimate interests pursued by the Owner, Users may object to such processing by providing a ground related to their particular situation to justify the objection.
Users must know that, however, should their Personal Data be processed for direct marketing purposes, they can object to that processing at any time without providing any justification. To learn, whether the Owner is processing Personal Data for direct marketing purposes, Users may refer to the relevant sections of this document.
Any requests to exercise User rights can be directed to the Owner through the contact details provided in this document. These requests can be exercised free of charge and will be addressed by the Owner as early as possible and always within one month.
The User's Personal Data may be used for legal purposes by the Owner in Court or in the stages leading to possible legal action arising from improper use of this Application or the related Services.
The User declares to be aware that the Owner may be required to reveal personal data upon request of public authorities.
For operation and maintenance purposes, this Application and any third-party services may collect files that record interaction with this Application (System logs) use other Personal Data (such as the IP Address) for this purpose.
More details concerning the collection or processing of Personal Data may be requested from the Owner at any time. Please see the contact information at the beginning of this document.
This Application does not support “Do Not Track” requests.
To determine whether any of the third-party services it uses honor the “Do Not Track” requests, please read their privacy policies.
Should the changes affect processing activities performed on the basis of the User’s consent, the Owner shall collect new consent from the User, where required.
Personal Data (or Data)
Any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.
Information collected automatically through this Application (or third-party services employed in this Application), which can include: the IP addresses or domain names of the computers utilized by the Users who use this Application, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User's IT environment.
The individual using this Application who, unless otherwise specified, coincides with the Data Subject.
The natural person to whom the Personal Data refers.
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of this Application. The Data Controller, unless otherwise specified, is the Owner of this Application.
The means by which the Personal Data of the User is collected and processed.
The service provided by this Application as described in the relative terms (if available) and on this site/application.
Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area.
Cookies are Trackers consisting of small sets of data stored in the User's browser.
Tracker indicates any technology - e.g Cookies, unique identifiers, web beacons, embedded scripts, e-tags and fingerprinting - that enables the tracking of Users, for example by accessing or storing information on the User’s device.
This privacy statement has been prepared based on provisions of multiple legislations, including Art. 13/14 of Regulation (EU) 2016/679 (General Data Protection Regulation).
Latest update: February 17, 2021
In the following, we provide information about the collection of personal data when using
Personal data is any data that can be related to a specific natural person, such as their name or IP address.
The controller within the meaning of Art. 4 para. 7 EU General Data Protection Regulation (GDPR) is Enway GmbH, Mariendorfer Damm 1, 12099 Berlin, Germany, email: firstname.lastname@example.org. We are legally represented by Julian Nordt, Bo Chen.
Our data protection officer is heyData GmbH, Kantstr. 99, 10627 Berlin, www.heydata.eu, E-Mail: email@example.com.
We detail the scope of data processing, processing purposes and legal bases below. In principle, the following come into consideration as the legal basis for data processing:
Insofar as we transfer data to service providers or other third parties outside the EEA, the security of the data during the transfer is guaranteed by adequacy decisions of the EU Commission, insofar as they exist (e.g. for Great Britain, Canada and Israel) (Art. 45 para. 3 GDPR).
If no adequacy decision exists (e.g. for the USA), the legal basis for the data transfer are usually, i.e. unless we indicate otherwise, standard contractual clauses. These are a set of rules adopted by the EU Commission and are part of the contract with the respective third party. According to Art. 46 para. 2 lit. b GDPR, they ensure the security of the data transfer. Many of the providers have given contractual guarantees that go beyond the standard contractual clauses to protect the data. These include, for example, guarantees regarding the encryption of data or regarding an obligation on the part of the third party to notify data subjects if law enforcement agencies wish to access the respective data.
Data subjects have the following rights against us with regard to their personal data:
Data subjects also have the right to complain to a data protection supervisory authority about the processing of their personal data.
Within the scope of the business or other relationship, customers, prospective customers or third parties need to provide us with personal data that is necessary for the establishment, execution and termination of a business or other relationship or that we are legally obliged to collect. Without this data, we will generally have to refuse to conclude the contract or to provide a service or will no longer be able to perform an existing contract or other relationship.
Mandatory data are marked as such.
As a matter of principle, we do not use a fully automated decision-making process in accordance with article 22 GDPR to establish and implement the business or other relationship. Should we use these procedures in individual cases, we will inform of this separately if this is required by law.
When contacting us, e.g. by e-mail or telephone, the data provided to us (e.g. names and e-mail addresses) will be stored by us in order to answer questions. The legal basis for the processing is our legitimate interest (Art. 6 para. 1 s. 1 lit. f GDPR) to answer inquiries directed to us. We delete the data accruing in this context after the storage is no longer necessary or restrict the processing if there are legal retention obligations.
From time to time, we conduct customer surveys to get to know our customers and their wishes better. In doing so, we collect the data requested in each case. It is our legitimate interest to get to know our customers and their wishes better, so that the legal basis for the associated data processing is Art. 6 para. 1 s. 1 lit f GDPR. We delete the data when the results of the surveys have been evaluated.
We offer whitepapers to download via our website. In return for providing the paper free of charge, we process the email address of recipients, may email them regularly about our products and company and may measure the open and click-through rates of these emails. The legal basis of the processing is the contract closed with every recipient about the receipt of the whitepaper.
Recipients may unsubscribe from these emails at any time, free of charge, e.g. by emailing to the email address listed in our contact details.
During the informative use of the website, i.e. when site visitors do not separately transmit information to us, we collect the personal data that the browser transmits to our server in order to ensure the stability and security of our website. This is our legitimate interest, so that the legal basis is Art. 6 para. 1 s. 1 lit. f GDPR.
These data are:
This data is also stored in log files. They are deleted when their storage is no longer necessary, at the latest after 14 days.
When contacting us via the contact form on our website, we store the data requested there and the content of the message.
The legal basis for the processing is our legitimate interest in answering inquiries directed to us. The legal basis for the processing is therefore Art. 6 para. 1 s. 1 lit. f GDPR.
We delete the data accruing in this context after the storage is no longer necessary or restrict the processing if there are legal retention obligations.
We publish positions that are vacant in our company on our website, on pages linked to the website or on third-party websites.
The processing of the data provided as part of the application is carried out for the purpose of implementing the application process. Insofar as this is necessary for our decision to establish an employment relationship, the legal basis is Art. 88 para. GDPR in conjunction with Sec. 26 para. 1 of the German Data Protection Act (Bundesdatenschutzgesetz). We have marked the data required to carry out the application process accordingly or refer to them. If applicants do not provide this data, we cannot process the application.
Further data is voluntary and not required for an application. If applicants provide further information, the basis is their consent (Art. 6 para. 1 s. 1 lit. a GDPR).
We ask applicants to refrain from providing information on political opinions, religious beliefs and similarly sensitive data in their CV and cover letter. They are not required for an application. If applicants nevertheless provide such information, we cannot prevent their processing as part of the processing of the resume or cover letter. Their processing is then also based on the consent of the applicants (Art. 9 para. 2 lit. a GDPR).
Finally, we process the applicants' data for further application procedures if they have given us their consent to do so. In this case, the legal basis is Art. 6 para. 1 s. 1 lit. a GDPR.
We pass on the applicants' data to the responsible employees in the HR department, to our data processors in the area of recruiting and to the employees otherwise involved in the application process.
If we enter into an employment relationship with the applicant following the application process, we delete the data only after the employment relationship has ended. Otherwise, we delete the data no later than six months after rejecting an applicant.
If applicants have given us their consent to use their data for further application procedures as well, we will not delete their data until one year after receiving the application.
Our website sets cookies. Cookies are small text files that are stored in the web browser on the end device of a site visitor. Cookies help to make the offer more user-friendly, effective and secure. Insofar as these cookies are necessary for the operation of our website or its functions (hereinafter "Technically Necessary Cookies"), the legal basis for the associated data processing is Art. 6 para. 1 s. 1 lit. f GDPR. We have a legitimate interest in providing customers and other site visitors with a functional website.
Specifically, we set technically necessary cookies for the following purpose or purposes:
We use Iubenda to manage consents. The provider is iubenda s.r.l, Via San Raffaele, 1 - 20121 Milan, Italy. The provider processes meta/communication data (e.g. device information, IP addresses) in the EU.
The legal basis for the processing is Art. 6 para. 1 s. 1 lit. c DSGVO. The processing is necessary for the fulfillment of a legal obligation to which we are subject.
We use Weglot for translations. The provider is Weglot, 138, rue Pierre Joigneaux in BOIS-COLOMBES (92270), France. The provider processes meta/communication data (e.g. device information, IP addresses) in the EU.
The legal basis for the processing is Art. 6 para. 1 s. 1 lit. f GDPR. We have a legitimate interest in automatically translating information on our website.
We use Splitbee for analytics. The provider is Tobias Lins e.U., Alserbachstraße 10, 1090 Wien, Austria. The provider processes meta/communication data (e.g. device information, IP addresses) in the EU.
We use Google Webfonts for fonts on the website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes meta/communication data (e.g. device information, IP addresses) in the USA.
The legal basis for the transfer to a country outside the EEA are consents.
We are represented in social media networks in order to present our company and our services there. The operators of these networks regularly process their users' data for advertising purposes. Among other things, they create user profiles from their online behavior, which are used, for example, to show advertising on the pages of the networks and elsewhere on the Internet that corresponds to the interests of the users. To this end, the operators of the networks store information on user behavior in cookies on the users' computers. Furthermore, it cannot be ruled out that the operators merge this information with other data. Users can obtain further information and instructions on how to object to processing by the site operators in the data protection declarations of the respective operators listed below. It is also possible that the operators or their servers are located in non-EU countries, so that they process data there. This may result in risks for users, e.g. because it is more difficult to enforce their rights or because government agencies access the data.
If users of the networks contact us via our profiles, we process the data provided to us in order to respond to the inquiries. This is our legitimate interest, so that the legal basis is Art. 6 para. 1 s. 1 lit. f GDPR.
We are joint controllers for processing the data of visitors to our profile on the basis of an agreement within the meaning of Art. 26 GDPR with Facebook. Facebook explains exactly what data is processed at https://www.facebook.com/legal/terms/information_about_page_insights_data. Data subjects can exercise their rights both against us and against Facebook. However, according to our agreement with Facebook, we are obliged to forward requests to Facebook. Data subjects will therefore receive a faster response if they contact Facebook directly.