Privacy policy
Introduction and terms
1. Introduction
With the operation of our website https://www.enternature.de (hereinafter referred to as “website”) we process personal data. These will be treated confidentially by us and processed in accordance with the applicable laws – in particular the Basic Data Protection Regulation (DSGVO) and the Federal Data Protection Act (BDSG-neu). With our data protection regulations we would like to inform you which personal data we collect from you, for which purposes and on which legal basis we use it and if necessary to whom we disclose it. In addition, we will explain to you what rights you have to protect and enforce your privacy.
2. Terms
Our data protection regulations contain technical terms that are new in the DSGVO and the BDSG. For your better understanding we would like to explain these terms in simple words in advance:
2.1 Personal Data
“Personal data” means all information relating to an identified or identifiable person (Art. 4 No. 1 DPA). Details of an identified person can be for example the name or the e-mail address. Personal data is also data where the identity is not immediately apparent, but can be determined by combining one’s own or external information and thus finding out who it is. A person becomes identifiable, for example, by providing their address or bank details, date of birth or user name, IP addresses and/or location data. Relevant here is all information that in any way allows an inference to a person.
2.2 Processing
Art. 4 No. 2 FADP defines “processing” as any operation involving personal data. This concerns in particular the collection, recording, organisation, arrangement, storage, adaptation or modification, reading, retrieval, use, disclosure, transmission, dissemination or any other form of provision, comparison or combination, restriction, deletion or destruction of personal data.
Responsible company and data protection officer
3. Person responsible
Responsible for the data processing is:
Company: EnterNature GmbH
Legal representative: Ulrich Aouad (Managing Director)
Address: Gütersloher Straße 8, 33803 Steinhagen
Telefon: +49 – 1719840193
E-Mail: aouad@enternature.de
Processing framework
4. Processing frame: website
Within the framework of the website with the URL https://www.enternature.de, we process the personal data of you listed in detail in section 6-13 below. We only process data from you which you actively provide on our website (e.g. by filling out forms) or which you automatically provide when using our offer.
Your data will be processed exclusively by us and will not be sold, lent or passed on to third parties. If we use the help of external service providers to process your personal data, this is done within the framework of so-called order processing, in which we as the client are authorised to issue instructions to our contractor. For the operation of our website we use external service providers for hosting, as well as for maintenance, care and further development. Should further external service providers be used for individual processing operations listed in points 5-12, they will be named there.
A transfer of data to third countries does not take place and is not planned. We will provide information about exceptions to this principle in the processing operations described below.
The processing operations In detail
5. Providing the website and server log files
5.1 Description of processing
Whenever you call up the website, we automatically record information that your browser transmits to our server (so-called log files). These are the following data:
- Your IP address
- the browser software you use, its version and language
- the operating system you use
- the sub-pages you have called up on our website
- the date and time of your visit to our website
- Transferred data volume
These are also stored in the so-called log files of our system. Your IP address is only recorded in the log files shortened by the last three digits.
5.2 Purpose
Processing is carried out in order to enable the website to be accessed and to ensure its stability and security. Furthermore, the processing serves the statistical evaluation and improvement of our online offer.
5.3 Legal basis
The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose stated in clause 6.2.
5.4 Storage duration
The data is deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session is finished. The log files will be deleted after 7 days.
6. Registration and profile; FACEBOOK CONNECT
6.1 Description of processing
Individual functions and offers of our website are only available to you as a registered user. By registering, you sign a free user agreement with us. By registering, you will receive your own user account on our website. Registration takes place by filling in the registration form on https://www.enternature.de and sending it to us electronically. To register, you must send us your e-mail address, a freely chosen user name and a freely chosen passwordBy clicking on the “Register” button. You will then receive an automatic welcome email. This contains a link to confirm your e-mail address. Only after successful verification of your e-mail address by clicking on the confirmation link will your account be activated on our website.
As a registered user, you will have free access to your own profile, your own documents and your online application access. In addition to the information you provide when you register, we process the following personal data from you for the establishment and maintenance of your profile page, as far as you provide it yourself: first name and name, Address, date of birth, sex, place of birth/country, nationality, relationship status, social security number, health insurance (private / legal), bank details for salary payout, qualification (school graduation / vocational training), tax identification number, current employment status (for suitability for mini-job), further mini-jobs to determine the possible working time, required documents such as school certificate, proof of health insurance (in the case of privately insured persons) / proof of social benefits.
Facebook Connect: Instead of registering directly on our website, you can register with Facebook Connect. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
If you decide to register with Facebook Connect and click on the “Login with Facebook” / “Connect with Facebook” button, you will be automatically redirected to the Facebook platform. There you can register with your usage data. This will link your Facebook profile to our website or services. This link gives us access to your data stored on Facebook. These are mainly:
- Facebook name
- Facebook profile and cover image
- Facebook cover image
- email address stored on Facebook
- Facebook ID
- Facebook Friends Lists
- Facebook Likes (“Like me”)
- Birthday
- Sex
- Country
- Language
This information is used to set up, deploy and personalize your account.
For more information, see the Facebook Terms of Service and Privacy Policy. These can be found at: https://de-de.facebook.com/about/privacy/ and https://www.facebook.com/legal/terms/.
6.2 Purpose
The processing is carried out in order to provide you with the functions of our website for registered users.
6.3 Legal basis
The processing is necessary for the conclusion and fulfilment of the user contract (Art. 6 sec. 1 lit. b GDPR). We cannot provide our contractually owed services without providing your personal data during registration.
6.4 Storage time
The data will be automatically deleted by us at the end of your contract of use. You can terminate the user agreement independently by selecting the “Delete Profile” function in the settings of your user account. Your can also write a mail to aouad@enternature.de, EnterNature GmbH, Gütersloher Straße 8, 33803 Steinhagen and notify us, that your account is not neede anymore. We will then delete your user account immediately. In addition, as a logged-in user, you can edit and remove your own posts, information and information at any time.
6.5 Receiver
Your username or name and first name are available on your profile page for other registered users logged in. The other posts, photos, and information you have posted can also be viewed by other registered users logged in. You can use your profile’s privacy settings to define and regulate whether and what personal data other registered users can take from your profile.
7. Contact by e-mail
7.1 Description of processing
You can contact us using the e-mail addresses provided on the website. In this case, the personal data transmitted with the e-mail will be processed by us.
7.2 Purpose
The data submitted with and in your e-mail will be used exclusively for the purpose of processing and responding to your request.
7.3 Legal basis
If the e-mail contact is aimed at concluding or fulfilling a contract, the data processing takes place for the fulfilment of the contract (Art. 6 sec. 1 lit. b GDPR).
7.4 Storage time
The data will be deleted by us as soon as it is no longer necessary for the purpose of their collection. This is usually the case when the communication with you is finished. The communication is terminated if it can be inferred from the circumstances that your request has been finally clarified. If statutory retention periods prevent deletion, deletion shall take place immediately after expiry of the statutory retention period.
8. Cookies
8.1 Description of processing
Our website uses cookies. Cookies are small text files that are stored on the user’s device when you visit a website. Cookies contain information that enables the recognition of a terminal device and, if applicable, certain functions of a website. In most cases, we only use so-called “session cookies”. These are automatically deleted when you end your Internet session and close the browser. Other cookies remain stored on your device for an extended period of time. On our website we use the following cookies:
- Cookie name: session Purpose/function: Determination of the current user storage duration: This cookie expires 30 days after it has been dropped.
- Cookie name: locale purpose/function: Set the language of the website storage time: This cookie expires at the end of the browser session.
8.2 Purpose
We use cookies to make our website more user-friendly and to offer the functions described in section 9.1.
8.3 Legal basis
The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose specified in clause 9.2. If you are asked by us for your consent within the framework of a cookie banner or cookie consent tool, the legal basis is In Art. 1 lit. a GDPR. Such consent is voluntary.
8.4 Storage period, withdrawal of consent
Cookies are automatically deleted at the end of a session or at the end of the specified storage period. Since cookies are stored on your device, you as a user also have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, individual functions of our website cannot be used or can only be used to a limited extent. If we obtain consent to the use of cookies via a cookie banner or a cookie consent tool, these consents may be revoked by you at any time within the settings of the cookie banner or the cookie-consent tool with effect for the future.
9. Social networks
9.1 Description of processing
Certain subpages of our website contain so-called social plugins, which are offered by the external social networks Facebook. When you visit a page that contains such a plugin, your browser establishes a direct connection to the servers of the social network. The content of the respective social plugin is transmitted by the social network directly to your browser and displayed in our website. To prevent this, we use the so-called two-click solution. We have integrated the social plugins on our website in such a way that the connection of the social plugins to the servers of the social networks is interrupted by default. If you want to communicate directly with a social network via the social plugin on our website and enable a data exchange, you have to click on the desired social plugin and activate it.
After activating a social plugin, we no longer have any influence on the amount of data that the respective social network collects. We will therefore inform you according to our level of knowledge.
By activating a social plugin, your IP address is transmitted to the respective social network in connection with the address of our website. If you are logged in to the social network when you visit our website, this information will be assigned to your user account there. If you interact with an activated social plugin, e.g. by means of the social plugin “share”, “liken” or “retweet”, this information is also transmitted directly to the respective social network and also stored there in your user account.
Our profiles within the social networks also represent data processing. If you are logged in to the respective social network when you visit such a profile, this information will be assigned to your user account there. When you interact with our profile, such as “share,” “like,” or “retweet,” this information is also stored in your user account. Through the so-called “insights” of our Facebook page we have the possibility to obtain statistical data. These statistics are provided by Facebook. The “Insights function” is not re-hireable. We cannot decide to turn this feature on or off. It is available to all Facebook fan page operators, whether they use Insights or not. We are provided with data for a selectable period of time and for the following groups of people: fans, subscribers, people reached and interacting. These are the following categories of personal data: total number of page views, “likes” including origin, page activities, post interactions, reach, contribution reach (divided into organic, viral and paid interactions), comments, shared content, responses, and demographic evaluations, i.e. country of origin, gender, and age. Due to the Facebook Terms of Use – which each user must have agreed to use in order to use Facebook – we are able to identify subscribers and fans of our Site and view their profiles.
The social networks with which you communicate store your data using pseudonyms as user profiles and use it for advertising purposes and for market research. For example, you may see advertisements within the social network and on other websites by third parties that correspond to your presumed interests. For this purpose, cookies are usually used, which the social network places on your terminal device. Further information on cookies can be found in clause 9. You have the right to object to the formation of these user profiles, which you must contact the social networks directly for the exercise of.
9.2 Purpose
We maintain profiles on the aforementioned social networks for the purpose of contemporary and supportive public relations and corporate communication with customers and interested parties.
We use the “Facebook Insights” function to make our posts on our Facebook fan page more attractive to our visitors. For example, we can use preferred visitor visits for time-optimized planning of our contributions.
9.3 Legal basis
The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose specified in clause 10.6. If you are asked by us for your consent within the framework of a cookie banner or cookie consent tool, the legal basis is In Art. 1 lit. a GDPR. Such consent is voluntary. If you are asked for consent by the respective operator of a social network, the legal basis is In art. 1 lit. a GDPR. The data processing is carried out with regard to our Facebook fan page on the basis of an agreement on joint responsibility under Article 26 GDPR between us and Facebook, which you can view here: https://www.facebook.com/legal/terms/page_controller_addendum.
9.4 Recipients and transfers to third countries
By activating a social plugin, your data is transmitted to one of the following social networks.
- Facebook: Facebook Inc., 1601 S California Ave, Palo Alto, California 94304. For more information about Facebook’s privacy, see http://www.facebook.com/policy.php; http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo.
The social networks also process your personal data in the USA and have submitted to the EU-US Privacy Shield. For more information about the EU-US Privacy Shield, see https://www.privacyshield.gov/EU-US-Framework.
10. Google Webfonts
10.1 Description of processing
Our website uses “Google Webfonts”, a font replacement service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “Google”). With Google Webfonts, when you display our website, the default fonts of your device are exchanged with fonts from Google’s catalog. If your browser prevents the integration of Google Webfonts, the text of our website will be displayed in the default fonts of your device. The Google fonts are loaded directly from a Google server. To do this, your browser sends a request to a Google server. In this way, we may also transmit your IP address to Google in connection with the address of our website. However, Google Webfonts does not store cookies on your device. According to Google, data processed as part of the Google Webfonts service is transferred to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com. You will not be associated with data that may be related to the use of other Google services such as the search engine of the same name or Gmail. Further information on data protection at Google Webfonts can be found under https://developers.google.com/fonts/faq?hl=de-DE&csw=1. General information on data protection at Google is stored under https://policies.google.com/privacy?hl=de-DE.
10.2 Purpose
The processing is carried out in order to be able to display the text of our website in a more readable and aesthetically pleasing manner.
10.3 Legal basis
The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose specified in clause 11.2.
10.4 Recipients and transfers to third countries
By using Google web fonts, personal data may be transmitted to Google. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield. For more information about the EU-US Privacy Shield, see https://www.privacyshield.gov/EU-US-Framework.
11. Font Awesome
Our website uses “Font Awesome”, a service for the display and integration of icons provided by fonticons, Inc. developed. We operate Font Awesome exclusively as an installation on our own server. Therefore, the use and display of icons does not involve the transmission of data by Fonticons, Inc. Along.
12. Google Maps
12.1 Description of processing
Our website uses “Google Maps”, a map display service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “Google”). We use Google Maps by including a map with our business address on our website. The map is loaded directly from a Google server. To do this, your browser sends a request to a Google server. In this way, we may also transmit your IP address to Google in connection with the address of our website. However, Google Maps does not store cookies on your device. If you are logged in to Google when you visit our site, Google Maps assigns this information to your Google user account. Google stores your data as user profiles and uses it for advertising purposes, for market research and/or for the needs-based design of Google websites. You have the right to object to the creation of these user profiles, which you must contact Google directly to exercise. For more information about Google’s privacy, please visit https://policies.google.com/privacy?hl=de-DE.
12.2 Purpose
The processing is done in order to be able to show you an interactive map on our website.
12.3 Legal basis
The processing is necessary to safeguard the overriding legitimate interests of the controller (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose specified in clause 13.2.
12.4 Recipients and transfers to third countries
Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield. For more information about the EU-US Privacy Shield, see https://www.privacyshield.gov/EU-US-Framework.
Security
13. Security measures
In order to protect your personal data from third-party access, we have provided our website with an SSL or TLS certificate. SSL stands for “Secure Sockets Layer” and TLS for “Transport Layer Security” and encrypts the communication of data between a website and the user’s device. You can recognize the active SSL or TLS encryption by a small lock logo that appears on the far left of the address bar of the browser.
Your rights
14. Rights of the persons concerned
With regard to the data processing described above by our company, you are entitled to the following data subjects:
14.1 Information (Art. 15 GDPR)
You have the right to request confirmation from us as to whether we process personal data concerning you. If this is the case, you shall have the right to information about these personal data and to the further information listed in Article 15 GDPR, subject to the conditions set out in Article 15 GDPR.
14.2 Correction (Art. 16 GDPR)
You have the right to request from us without delay the correction of any inaccurate personal data concerning you and, if applicable, the completion of incomplete personal data.
14.3 Deletion (Art. 17 GDPR)
You have the right to request that personal data concerning you be deleted immediately, provided that one of the reasons listed in Article 17 GDPR applies, e.g. if your data is no longer needed for the purposes we pursue.
14.4 Restriction of data processing (Art. 18 GDPR)
You have the right to request from us to restrict processing if one of the conditions set out in Article 18 GDPR is met, e.g. if you dispute the accuracy of your personal data, the data processing will be restricted for the duration that allows us to verify the accuracy of your data.
14.5 Data portability (Art. 20 GDPR)
You have the right, under the conditions set out in Article 20 GDPR, to require the release of the data concerning you in a structured, common and machine-readable format.
14.6 Withdrawal of consents (Art. 7 sec. 3 GDPR)
You have the right to withdraw your consent at any time in the case of processing based on consent. The revocation shall apply from the date of its assertion. In other words, it works for the future. The processing does not therefore become retroactively illegal by revoking the consent.
14.7 Complaint (Art. 77 GDPR)
If you believe that the processing of personal data concerning you violates the GDPR, you have the right to complain to a supervisory authority. They may exercise this right from a supervisory authority in the EU Member State of their place of residence, place of work or place of the alleged infringement.
14.8 Prohibition of automated decisions/profiling (Art. 22 GDPR)
Decisions that have a legal consequence for you or significantly affect you must not be based solely on automated processing of personal data, including profiling. We inform you that we do not use automated decision-making, including profiling, with respect to your personal data.
14.9 Opposition (Art. 21 GDPR)
If we have personal data about you based on Art. 1 lit. f GDPR (for the protection of overriding legitimate interests), you have the right to object to this under the conditions set out in Article 21 GDPR. However, this only applies if there are reasons arising from your particular situation. After an objection, we will no longer process your personal data unless we can prove compelling legitimate grounds for processing that outweigh your interests, rights and freedoms. We also do not have to stop processing if it serves to assert, exercise or defend legal claims. In any case, regardless of a particular situation, you have the right to object at any time to the processing of your personal data for direct marketing.
As of: April 2020