Privacy Policy
This Privacy Policy outlines the nature, scope and purpose of processing personal data (hereinafter referred to as “data”) in connection with the services we provide, within our online offering and associated webpages, features and content, and our external online presence such as our social media profile (subsequently and collectively known as “online offering”). The concepts used in this Privacy Policy, such as “Processing” or “Controller” are used within the meaning of Article 4 of the General Data Protection Regulation (GDPR).
Controller
Evergy Engineering GmbH
Malsenstrasse 84
80638 Munich
Germany
T +49 89 189 289 30
F +49 89 189 289 89
Management
Dipl. Ing. Jens Langenbrinck
Dipl. Ing. Thorsten Nogge
Dipl. Ing. Marc Böhnke
Court of Registration: Munich
Certificate of Registration: 151 104
Types of Data Processed
- Data inventory (e.g. personal data, names or addresses)
- Contact details (e.g. email, telephone numbers)
- Content data (e.g. text inputs, photographs, videos)
- Usage data (e.g. websites visited, interest in content, times of access)
- (Meta) communication data (e.g. device information, IP addresses)
Categories of Data Subjects
Visitors to our website and users of our online offering (collectively described in this Privacy Policy as “users”).
Why we Process Data
We process your personal data for the following purposes:
- To provide our online offering, and its features and content
- To answer client requests and communicate with users
- Security procedures
- To assess the reach of our website/Marketing
Terms Used
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data whether or not by automated means. The term is far-reaching and encompasses virtually all data handling.
“Pseudonymisation” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
“Controller” describes the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Applicable Legal Basis
In accordance with Article 13 of the GDPR, we must disclose the legal basis for data processing at Evergy. If the legal basis is not stated specifically within our Privacy Policy then the following applies for users that fall within the scope of the GDPR (that is, in the European Union (EU) and the European Economic Area (EEA)):
- The legal basis for obtaining consents is Article 6 (1) a and Article 7 GDPR.
- The legal basis for processing for the performance of our services and contractual measures as well as answering requests is Article 6 (1) b GDPR.
- The legal basis for processing that is necessary for compliance with our legal obligations is Article 6 (1) c GDPR.
- In the event that processing is necessary in order to protect the vital interests of the data subject or of another natural person, Article 6 (1) d GDPR serves as the legal basis.
- The legal basis for processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller is Article 6 (1) e GDPR.
- The legal basis for processing that is necessary for the purposes of protecting our legitimate interests is Article 6 (1) f GDPR.
- Processing data for a purpose other than that for which the personal data have been collected is determined by the requirements of Article 6 (4) GDPR.
- The processing of special categories of personal data (pursuant to Article 9 (1) GDPR) is determined by the requirements of Article 9 (2) GDPR.
Security Procedures
In accordance with legal requirements, we take suitable technical and organisational measures to ensure a level of protection that is appropriate to the corresponding risk and that takes into account the state of the art, implementation costs and the nature, scope, circumstances and purposes of processing, as well as the various probabilities of occurrence and severity of the risk to the rights and freedoms of natural persons.
These procedures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data, as well as online access, entry, transfer, availability and data separation. We have also established procedures that ensure the administration of the rights of data subjects, deletion of data and response to threats to data. We also take the security of personal data into account when we develop or select hardware, software or processes by the use of technology design and default privacy settings that are in keeping with the principal of data protection.
Working with Processors, Joint Controllers and Third Parties
If, as part of our processing, we disclose data to other persons and companies (processors, joint controllers or third parties), transmit data to them or otherwise grant them access to data, this will only be done on the basis of a legal authorisation (e.g. if a transfer of data to third parties, such as payment service providers, is necessary for the performance of a contract) that users have consented to, a legal obligation that provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosting services, etc.).
If we disclose, transmit or otherwise grant access to other companies in our group of companies, this is done as a legitimate interest, particularly for administration purposes, and beyond that on the basis of one of the legal requirements.
Transfers to Third Countries
If we process data in a third country (that is, a country outside the EU, the EEA or the Swiss Confederation), or in the context of the use of third-party services, or the disclosure or transmission of data to other persons or companies, this would only take place to fulfil our precontractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to having legal or contractual authorisations, we only process data in a third country if legal requirements have been fulfilled. For example, this could be processing that is done on the basis of special guarantees, such as the official adoption of a data protection level that complies with the EU (e.g. adoption of the “Privacy Shield” for the USA) or compliance with officially recognised special contractual obligations.
Rights of Data Subjects
You have the right to request confirmation as to whether or not personal data concerning you are being processed, and where that is the case, you have the right to request further information about the data and a copy of the data in accordance with the legal requirements.
Under applicable data protection law, you have the right to request the completion of the data related to you or the rectification of inaccurate personal data concerning you.
Under applicable data protection law, you have the right to demand that data concerning you be deleted immediately, or alternatively to demand the restriction of processing regarding your personal data.
Under applicable data protection law, you have the right to request that you receive the personal data which you actively provided us, and further the right to request that it be transmitted to other controllers.
You also have the right, in accordance with legal requirements, to lodge a complaint with the competent supervisory authority.
Withdrawal of Consent
You have the right to withdraw your consents at any time with future effect.
Right to Object
You may object to the future processing of data concerning you at any time in accordance with the legal requirements. The objection may be made specifically against the processing of data for direct advertising purposes.
Cookies and the Right to Object to Direct Advertising
“Cookies” are small files that are stored on users’ end devices. Various types of information can be stored within the cookies. A cookie is primarily used to store information about a user (that is, the device on which the cookie is stored) during or after the user’s visit to an online offering. Temporary cookies, also known as “session cookies” or “transient cookies”, describe cookies that are deleted after a user leaves an online offering and ends his browser session. Temporary cookies can store, for example, the contents of a virtual shopping basket or a login status. Cookies are referred to as “permanent” or “persistent”, if they are still stored even after the browser session has ended. For example, a login status can be saved until the user’s next visit a few days later. These cookies can store the specific interests of users and are used for collecting information on website usage or marketing purposes. Cookies are referred to as a “third-party cookies” when they are used by providers other than the controller that operates the online offering (in the case that only the Controller’s cookies are used, these cookies are referred to as “first-party cookies”).
We use both temporary and permanent cookies and make the user aware of this as part of our Privacy Policy.
If users do not want cookies to be stored on their end device, they are asked to block the use of cookies in their browser’s system settings. Stored cookies can be also deleted from the browser’s system settings. The functionality of our website may be limited if you do not accept cookies.
You can make a general objection to the use of cookies for online marketing purposes on a large number of services, especially in the case of tracking, via the US website, or the EU website. In addition, you can block the use of cookies by opting out in your browser’s settings. Please note that this may mean some of the functions of this online offering might not be available for you to use.
Deletion of Data
The data we collect will be deleted or restricted in their use in accordance with legal requirements. Unless expressly stated within the scope of this Privacy Policy, the data we have stored will be deleted as soon as they are no longer required for the purposes for which they were collected and no legal retention periods stand in the way of deletion.
How the data are processed will be restricted, unless the data are not deleted because they are necessary for other and legally permissible purposes. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons.
Changes and Updates to the Privacy Policy
We ask that you check the content of our Privacy Policy from time to time. Amendments are made to the Privacy Policy as and when the changes we make to data processing make it necessary to do so. You will be informed when these changes require your cooperation (e.g. consent) or by means of another type of personal notification.
Contacting Us
When contacting us (e.g. using our contact form, by e-mail, telephone or via social media), the users’ details are used to process and handle the contact request in accordance with Article 6 (1) b (within the scope contractual/ precontractual relations) and Article 6 (1) f (other requests) of the GDPR. Users’ information may be stored in a Customer Relationship Management System (“CRM System”) or similar contact platform.
We will delete the requests if they are no longer required. The necessity to keep requests is reviewed every two years and statutory archiving periods shall also apply.
Hosting and E-mails
The hosting services we use provide us with the following services: infrastructure and platform services, computing capacity, storage and database services, e-mail distribution, security services and technical maintenance services that we use for the purpose of operating this online offering.
In doing so, we or our hosting services process the inventory data, contact details, content data, contract data, usage data, meta and communication data of clients, interested parties and visitors based on our legitimate interests for efficient and secure provision of this online offering in accordance with Article 6 (1) f GDPR in conjunction with Article 28 GDPR (completion of a processing contract).
Collection of Access Data and Log Files
On the basis of our legitimate interests within the meaning of Article 6 (1) f GDPR, we collect data about every access to the server on which this service is located (known as server log files) through our hosting services. Access data includes the name of the website retrieved, file, date and time of retrieval, amount of data transferred, notification of successful retrieval, browser type plus version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting providers.
For security reasons (e.g. to investigate acts of abuse or fraud) log file information is stored for a maximum period of 7 days and then deleted. Data that are required for further retention for evidentiary purposes are exempt from deletion pending a final resolution of the respective incident.
Google Analytics
Based on our legitimate interests (i.e. interests in the analysis, optimization and economic operation of our online offering within the meaning of Article 6 (1) f GDPR), we use Google Analytics, a web analytics service provided by Google LLC (“Google”). Google uses cookies. The information generated by the cookie about users’ use of the online offering is usually transmitted to a Google server in the USA and stored there.
Google is certified under the Privacy Shield Agreement which guarantees compliance with data protection laws applicable in the European Union.
Google will use this information on our behalf to evaluate the users’ use of our online offering, to compile reports on the activities within this online offering, and to provide us with additional services connected to the use of this online offering and the internet. Pseudonymous user profiles can be created from the data that are processed.
We only use Google Analytics with IP anonymization enabled. This ensures that for users within Member States of the EU or in other contracting parties to the EEA, Google will truncate their IP addresses before transmitting them. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.
The IP address transmitted by the users’ browser will not be merged with other Google data. Users can prevent the storage of cookies by adjusting a corresponding setting in their browser software; users can also prevent Google from collecting and processing the data created by the cookie and data related to their use of the online offering, by downloading and installing the browser plugin available under the following link.
For more information on Google’s data usage, options for settings and objections, see Google’s privacy policy and Google’s settings for display of ads.
The personal data of the users will be deleted or anonymised after 14 months.
Use of Third-party Services and Technology
Within our online offering, we engage third-party service providers to provide their technology and services, such as videos or fonts (hereinafter referred to as “content”). This is done on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offering within the meaning of Art 6 (1) f GDPR).
This can only be achieved if third-party providers of this content have access to the user’s IP address as they cannot send the content to the user’s browser without the IP address. The IP address is therefore required for the display of this content. We make every effort to use content from service providers that use the IP address exclusively for the purposes of delivering the content. Third-party service providers can also use what is known as pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The pixel tags allow information to be analysed such as visitor traffic to the pages of this website. The pseudonymised information can also be stored in cookies on the user’s end device and include, among other things, technical information about the browser and operating system, referring websites, visiting time, additional information about the use of our online offering and that can also be linked with similar information from other sources.
Google Fonts
We use the fonts (“Google Fonts”) by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy, Opt-Out.