Privacy Policy

This Privacy Notice provides information regarding the collection, processing, storage, and sharing of personal data within Enncon Smart Engineering. As the primary data controller, Enncon Smart Engineering oversees data management practices in compliance with the General Data Protection Regulation (GDPR). Depending on your relationship with Enncon, various entities within the group may access and process your data.

Processing of Your Data

Generally, visiting our website does not require disclosure of personal information. However, personal data may be collected in specific circumstances, such as:

  • Responding to inquiries or requests
  • Granting access to restricted areas
  • Managing participation in online activities
  • Processing job applications
  • Enhancing website functionality and security
  • Conducting customer satisfaction surveys and managing forums
  • Compiling aggregate data on website usage

These activities are conducted based on Enncon’s legitimate interest in improving user experience and maintaining website security.

Data Retention Policy

Personal data is retained for as long as necessary to fulfill business or contractual obligations:

  • Business or Contractual Relationships: Data is retained for the duration of the relationship and up to five years afterward.
  • Prospects Without a Contractual Relationship: Data is retained for up to three years from the last interaction.
  • Unsuccessful Job Applicants: Data is retained for two years.
  • Log Information: Data collected for security and maintenance is retained for up to one year.
Data Sharing and Transfers

Within Enncon Group: Data may be shared within the Enncon group, including entities outside the EU, under strict internal data protection policies that are compliant with GDPR.

Third-party Suppliers: Data is shared with third parties for specific purposes, ensuring adherence to GDPR standards. EU Model Clauses are used to protect data transferred outside the EU.

Legal Requirements: Data may be disclosed when required by law or for public safety, national security, or law enforcement purposes.

Your Rights under GDPR

Under GDPR, you have the following rights regarding your data:

  • Access: Request access to your data.
  • Rectification: Request corrections to inaccurate or incomplete data.
  • Deletion: Request the deletion of your data.
  • Restriction of Processing: Request limitations on how your data is processed.
  • Data Portability: Request to transfer your data to another service provider.
  • Objection to Processing: Object to the processing of your data.

To exercise these rights or make a complaint, contact office@enncon.eu. You can also lodge a complaint with a data protection authority.

Data Security

We implement robust security measures to protect your data, including encryption, access controls, and regular security audits. However, transmitting information via the Internet is not entirely secure, and complete security cannot be guaranteed.

Third-party Websites

Our website may contain links to third-party sites for your convenience. Enncon is not responsible for the privacy practices of these sites. We recommend reviewing their privacy policies to understand how they handle your data.

Policy Modifications

This policy may be updated periodically to reflect changes in our practices or legal requirements. Significant updates will be communicated on our website. Regularly reviewing this policy ensures you stay informed about how Enncon protects your data.

1. Employees

1.1 Categories of Personal Data Concerned

Employee data collected includes:

  • Identification: Full name, national ID, gender, marital status, date of birth, and nationality.
  • Contact Information: Home address, email, phone number, and emergency contact details.
  • Employment Information: Organizational details, contract type, weekly hours, start and end dates, base cost, internal price, compensation details, and HR contact person.
  • Payroll/Taxation: Bank details, account holder name, deposit type, BIC, information about children, health information (as required by local law), union memberships, taxation information, salary deductions, employment number, worked hours, leave types, holidays, social security details, and mother’s maiden name (as required by local law).
  • Benefits: Company benefits like phone or car and driver’s logbook.
  • Training: Information on training courses attended.
  • Professional Information (CV): Name, photo, job title, work experience, education, language skills, country of residency, professional associations, learning history, publications, organizational information, profile picture, utilization, connections, courses, and competencies.
  • Travel: Credit card number, passport copy, and vaccination details.
  • Access and Facility Control: Please provide your full name, photo, employer, host, entry and departure times, and camera monitoring details.
1.2 Purposes and Legal Basis of Processing

Enncon processes employee data for:

  • Contractual Necessity: Managing employment relationships, pensions, insurance, payroll, tax reporting, and sick leave compensation.
  • Legal Obligations: Processing health and social security data as required by law, meeting employment law requirements, and fulfilling accounting obligations.
  • Legitimate Interests: Offering client services, allocating resources to projects, organizing business travel, ensuring safety, and maintaining business operations.
1.3 Storage and Erasure

Employee data is stored as long as required:

  • To fulfill the employment contract and related obligations
  • By applicable laws (e.g., for pensions, holiday pay, work certificates)
  • To respond to possible claims from clients or partners

2. Customers

2.1 Categories of Personal Data Concerned

Customer data collected includes:

  • Contact Information: Full name, email address, phone number, postal address, customer company, and business sector.
  • Marketing Responses: Feedback to marketing efforts.
  • Form Submissions: Information is provided through web forms.
  • Payment/Invoice Information: Company details, payment and banking information, invoice approver’s name and job title, and remuneration ID.
  • Access and Facility Control: Identification details for visitors to Enncon premises, including camera monitoring.
2.2 Purposes and Legal Basis of Processing

Customer data is processed for:

  • Contractual Necessity: Entering and performing business contracts, managing payments, and delivering services.
  • Legitimate Interests: Marketing, planning, resource allocation, business development, maintaining security, preventing fraud, managing disputes, and ensuring compliance.
2.3 Storage and Erasure

Customer data is stored as long as required:

  • To fulfill contractual obligations and purposes
  • By applicable laws (e.g., for accounting)
  • To respond to possible claims

3. Partner Network and subconsultants

3.1 Categories of Personal Data Concerned

Partner and sub-consultant data collected include:

  • Primary Personal Data and Contact Information: Full name, date of birth, email, nationality, gender, address, and phone number.
  • Networker Company Data: Company name, VAT number, homepage, F-tax verification.
  • Work Information: Availability, quality assurance, CV data, photo, work experience.
  • Business Administration: ID number in Enncon system, sales responsibility, working time, travel expenses, next of kin contact.
  • Access and Security: Photo for keycards and other necessary security data.
  • Financial Information: Category rates, salary rate, supervisors, department, cost center, contract type, and bank account number for payments.
  • Travel Information: Credit card number, passport copy, vaccination details.
  • Access and Facility Control: Identification details for visitors to Enncon premises, including camera monitoring.
3.2 Purposes and Legal Basis of Processing

Data is processed for:

  • Contractual Necessity: Entering and performing business contracts, managing payments, delivering services, and resource allocation.
  • Legitimate Interests: Business planning, security, health and safety, fraud prevention, dispute management, and compliance.
3.3 Storage and Erasure

Data is stored as long as required:

  • To fulfill contractual obligations
  • By applicable laws
  • To respond to possible claims

4. Employee Candidates

4.1 Categories of Personal Data Concerned

Candidate data collected includes:

  • Contact Information: Full name, email address, phone number, address.
  • Professional Information (CV): Photo, job title, work experience, education, language skills, professional associations, publications.
  • Access and Facility Control: Identification details for visitors to Enncon premises, including camera monitoring.
4.2 Purposes and Legal Basis of Processing

Candidate data is processed for:

  • Legal Obligations and Legitimate Interests: Finding suitable employees, managing recruitment processes, and compliance with non-discrimination laws.
  • Consent: Storing data for future vacancies.
4.3 Storage and Erasure

Data is stored as long as required:

  • By consent for future vacancies
  • For the duration of the recruitment process
  • By applicable laws
  • To respond to possible claims

5. Service Providers and Business Partners

5.1 Categories of Personal Data Concerned

Data collected includes:

  • Contact Information: Full name, email address, phone number, postal address, company, business sector.
  • Payment/Invoice Information: Company details, payment and banking information, invoice approver’s name and job title, and remuneration ID.
  • Access and Facility Control: Identification details for visitors to Enncon premises, including camera monitoring.
5.2 Purposes and Legal Basis of Processing

Data is processed for:

  • Contractual Necessity: Entering and performing business contracts, managing payments, and receiving services.
  • Legitimate Interests: Business planning, security, health and safety, fraud prevention, dispute management, and compliance.
5.3 Storage and Erasure

Data is stored as long as required:

  • To fulfill contractual obligations
  • By applicable laws
  • To respond to possible claims

6. Shareholders

6.1 Categories of Personal Data Concerned

Shareholder data collected includes:

  • Name, number of shares and votes, changes in shares and votes, personal identification number, address, phone number, email address, and camera monitoring details for visitors.
6.2 Purposes and Legal Basis of Processing

Data is processed to meet legal requirements and provide necessary information to authorities and stock exchanges.

6.3 Storage and Erasure

Shareholder data is stored as long as required by law.

7. Website Visitors

7.1 Categories of Personal Data Concerned

Data collected includes IP address, website usage information, and cookie data.

7.2 Purposes and Legal Basis of Processing

Data is processed based on legitimate interests, such as gaining access to specific content, attending events, responding to surveys, and receiving communications.

7.3 Storage and Erasure

Data is stored as long as required:

  • To fulfill the purpose for which it was collected
  • Internal policies for data security

For further inquiries about privacy and data security, please contact us at office@enncon.eu or contact our Data Privacy Manager at Enncon Smart Engineering.