Privacy policy

Date: July 2022

Introduction
The following privacy policy applies to all services, products, websites, apps and other services (hereinafter “enespa services”) of enespa AG, CH-Appenzell, enespa GmbH Germany, Spreetal, and enespa AG, LI-Balzers, as well as their affiliated companies and their brands (hereinafter “enespa”).
enespa offers the enespa services to users (hereinafter the “Users”, individually the “User”). To provide the enespa services enespa needs various data and information from the Users about the Users themselves and/or about other facts and things concerning the Users (hereinafter “Data”).
enespa collects, records, organises, arranges, stores, adapts, modifies, reads out, queries, uses, transmits, disseminates, deletes and/or destroys, with or without the aid of automated procedures, the Data (hereinafter “Processing” or “to process”).
The Processing of Data is a basic requirement and therefore indispensable for enespa to be able to offer enespa services and exercise its business model.
enespa endeavours to protect the security and confidentiality of Data which enespa receives in the course of its business, obtains from publicly available sources and/or otherwise processes.

enespa is responsible for the Processing of Data. Questions and requests regarding the Processing of Data should be addressed in writing to the Data Protection Officer at the following address:
enespa AG
Attn.: Dominik Widmer
Schäfligasse 1
CH-9050 Appenzell
Tel.: +41 71 788 33 88
Email: info@enespa.eu
This privacy policy sets out how and to what extent enespa processes Data.

 

Legislative framework
The Processing of Data by enespa is subject to the Federal Data Protection Act (Bundesgesetz über den Datenschutz) (hereinafter “DPA”) and the General Data Protection Regulation of the European Union (hereinafter “GDPR”).
enespa undertakes to comply with all of the relevant legal requirements and, as far as legally possible, also obliges its employees and third parties who process data on its behalf to do so, without, however, assuming any liability for this as far as legally possible.

 

Data and Data Processing
The Processing of the Data usually starts with the beginning of the business relationship between enespa and the User.
enespa is also authorised, following an expression of interest by a person (hereinafter the “Interested Person”) in one or more enespa Services or in another service, product, website, app and/or other service of a business partner or advertiser of enespa (hereinafter “Other Services”), to inform the Interested Person of enespa Services and/or Other Services and, in doing so, to process the Data received from the Interested Person and/or third parties.
Data
In principle, all Data, including personal Data, is processed, which arises within the scope of enespa services or which become necessary for offering enespa services according to the exclusive assessment of enespa. This includes, but is not limited to:
Data that Users enter via online forms or apps or otherwise communicate in the context of their use of enespa’s offers (e.g. via telephone, email, online forms, surveys, etc.), including personal data (name, residential address, telephone number, email address, company, company size);
Automatically transmitted or accruing usage Data (e.g. the date and time of use, previous and accessed pages, IP address, Data on the browser used, device identifier, current location, insofar as this information is released, etc.);
Correspondence and other communication with the User (e.g. emails, telephone calls, which may also be recorded where necessary);
Data which enespa has received from business partners in connection with their marketing or customer acquisition measures.
This data can be linked, even across multiple visits and contacts, where a User or profile is recognised, for example, on the basis of a user name, an email address, a device identifier or “cookies” stored in the browser (see below).

 

Personal data
Personal Data means Data relating to an identified or identifiable individual and any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 

Purpose of processing
enespa processes Data for the development, provision, enhancement and design of enespa services, for internal training purposes and quality control, for the maintenance and development of User relationships, for the expansion of enespa into other business areas, for obtaining quotes from insurance companies and other service providers, for advertising and marketing purposes, to prevent, detect and combat abuse, to respond to justified official enquiries, for the purpose of contract Processing, generally for the purpose of other commercial interests of enespa and/or in connection with credit checks and collection activities, as well as with the enforcement of claims or other legal disputes which concern enespa or in which enespa has a justified interest or in which enespa is involved.
Further purposes of Data use may arise from the circumstances or from legal obligations or may be indicated at the time of collection of the Data concerned.

 

Processing of the Data by third parties
enespa can have the Data processed by third parties, including abroad. enespa shall take reasonable steps to ensure that such third parties process the Data only to the same extent as enespa is permitted. The User hereby expressly authorises enespa to pass on the Data to third parties, including abroad.
In exceptional individual cases (e.g. misuse), Data may also be disclosed to third parties for purposes other than those listed in this privacy policy or those provided for by law, provided that applicable law is not violated. enespa cannot control, guarantee and vouch for the compliance of these third parties with the data protection provisions applicable to enespa; they process the Data for their own purposes and possibly also abroad, where there may not be an equal level of legal data protection as in Switzerland.
The transfer of Data abroad may also occur when data is passed on to third parties, in particular if social networks or other third-party offers are used and/or linked to via enespa services.

 

Retention of Data
Data is stored by enespa in accordance with the provisions of the applicable data protection legislation (DPA, GDPR).
enespa generally processes all Data in Switzerland and stores it on systems in Switzerland. enespa reserves the right to process or store the Data outside Switzerland and Germany without informing the user in advance, provided that the relevant provisions of the data protection legislation are complied with.
enespa takes appropriate technical and organisational measures within the scope of the storage and Processing of Data to prevent unauthorised access and other unauthorised processing. These are reviewed regularly and, if necessary, adjusted, including for the third parties it commissions to operate its systems.

 

Data retention period
enespa retains the Data in accordance with legal requirements and complies with the relevant statutory retention periods and obligations.
After expiry of the relevant statutory retention periods and obligations or after expiry of those periods that are necessary for the prosecution or defence of claims (e.g. statutes of limitation), the corresponding Data is routinely deleted. Data that is not subject to retention periods and obligations will be deleted if its retention is no longer necessary for enespa services or for other interests of enespa.

 

Newsletter, commercial communication
enespa may send to all Users who register with it with an email address or another electronic address or mobile phone number, or who install an app from enespa, newsletters or other (also commercial) content related to enespa services (hereinafter “enespa News”) to their address, phone number or app from time to time. enespa may use the services of software providers to send the newsletter.
The User hereby agrees to the sending or display of enespa News, but may stop this at any time and free of charge.
Under certain circumstances, enespa News is received through registration in a so-called double opt-in procedure. The User will receive an email, SMS or other message requesting confirmation of registration. This confirmation is necessary so that no one can register with other people’s email addresses. Sign-ups to receive enespa News are logged in order to be able to prove the sign-up process in accordance with legal requirements. This includes storage of the login and confirmation time, as well as the IP address.
The User can cancel the receipt of enespa News at any time and revoke the consents to receive it. This simultaneously terminates the consent to their dispatch via mail software providers and to the statistical analyses. Separate revocation of the dispatch via a software provider and the statistical evaluation is not possible. A link to cancel the newsletter can be found at the end of each newsletter.

 

Cookies
enespa uses cookies on its websites or on websites operated on behalf of enespa (hereinafter “enespa Websites”).
Cookies are a common technology whereby the website assigns an identifier to the User’s browser, which the User stores and presents on request; enespa normally allows this identifier to expire after one session, but uses permanent cookies to control the display of advertising on enespa Websites, to analyse the use of enespa Websites and to personalise enespa Websites. Permanent cookies can be automatically deleted, restricted or completely blocked by activating the appropriate settings in the browser (more on this here for Microsoft Edge, Firefox, Safari, Chrome or/and other browsers). This does not restrict the use of the enespa Websites.
However, if the temporary cookies (session cookies) are also prevented, the use of enespa websites may be impaired. If a User allows cookies, enespa assumes that they consent to their use.

 

Google Analytics
enespa may use Google Analytics on the enespa Websites.
Google Analytics is a web analytics service provided by Google, Inc., based in Mountain View, California, USA (hereinafter “Google”). Google Analytics uses text files (hereinafter “Google cookies”) which are stored on the User’s computer and which enable analysis of the use of enespa Websites.
The information generated by Google cookies about the use of enespa Websites is usually transmitted to a Google server in the USA and stored there. However, in the event that IP anonymisation is activated on the enespa Websites, the User’s IP address will be truncated beforehand by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. Google may use this information on behalf of enespa for the purpose of evaluating the use of enespa Websites, compiling reports on website activity and providing other services relating to website activity and Internet usage. The IP address transmitted by the User’s browser as part of Google Analytics is not merged with other Google data. The storage of Google cookies can be prevented by a corresponding setting in the browser software. If the storage of Google cookies is prevented by the User, the User may not be able to use all functions of the enespa Websites to their full extent. In addition, the User can prevent the collection of data generated by Google cookies and related to the use of the enespa Websites (incl. your IP address) by Google as well as the Processing of this Data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout
An opt-out cookie is then set that prevents future collection of data when visiting enespa Websites.
Further information on terms of use and data protection can be found under the Google Analytics Terms and Conditions and under the Google Analytics Overview. enespa would like to point out that on enespa Websites, Google Analytics has been extended by the code “gat._anonymizeIp();” in order to ensure anonymised collection of IP addresses (so-called IP masking).

 

Google Web Fonts
The enespa homepage uses so called web fonts provided by Google for the uniform display of fonts. When you access a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. If your browser does not support web fonts, a standard font is used by your computer.
More information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy.

 

Google Ads
enespa’s homepage uses Google conversion tracking. If you have reached our website via an advertisement placed by Google, Google Ads places a cookie on your computer. When a user clicks on an ad placed by Google, a conversion tracking cookie is set. These cookies expire after 30 days and are not used for personal identification. If the user visits certain pages on our website before the cookie has expired, we and Google can detect that the user clicked on the ad and proceeded to this website. Each Google Ads customer receives a different cookie. Therefore, cookies cannot be tracked via the websites of Google Ads customers. The information obtained through the conversion cookies is used to create conversion statistics for Google Ads customers who have opted into conversion tracking. Customers find out the total number of users who clicked on their ad and were redirected to a page containing a conversion tracking tag. However, they do not receive any information with which users can be personally identified.
If you do not wish to participate in tracking, you can reject the setting of a cookie required for this – for example, by means of a browser setting that generally deactivates the automatic setting of cookies or by setting your browser in such a way that cookies from the domain “googleleadservices.com” are blocked. Please note that if you do not wish measurement data to be recorded, you must not delete any opt-out cookies. If you delete all of the cookies in your browser, you will have to reset the respective opt-out cookie.

 

Facebook
The enespa homepage uses functions provided by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. If you access our pages with Facebook plug-ins, a connection is established between your browser and the Facebook servers. In this process, the data is immediately transmitted to Facebook. If you have a Facebook account, this data can be linked to it. If you do not wish this data to be associated with your Facebook account, please log out of Facebook before visiting our site. Interactions, especially using a comment function or clicking on a “Like” or “Share” button will also be forwarded to Facebook. Learn more at https://de-de.facebook.com/about/privacy.

 

Twitter
The enespa homepage uses functions offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. When you use our pages with Twitter plug-ins, a connection between your browser and the Twitter servers is established. In this process, data is immediately transferred to Twitter. If you have a Twitter account, this data can be linked to it. If you do not wish this data to be associated with your Twitter account, please log out of Twitter before visiting our site. Interactions, in particular clicking a “re-tweet” button, are also passed on to Twitter. Learn more at https://twitter.com/privacy.

 

Instagram
Functions from the Instagram service are integrated into the enespa homepage. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, California 94025, USA. If you are logged into your Instagram account, you can click the Instagram button to link the content of our pages with your Instagram profile. This will allow Instagram to associate your visit to our website with your user account. Please note that we, as the provider of these pages, do not have any knowledge of the content of the data transmitted to Instagram or its use by Instagram. For more information, please see the privacy policy of Instagram: https://instagram.com/about/legal/privacy/.

 

LinkedIn
enespa uses the marketing services of the LinkedIn social network from LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn”) within its online offer. These services use cookies, i.e. text files, that are stored on your computer. This allows us to analyse your use of our website. For example, we can measure the success of our ads, and show users products that they were previously interested in. This collects, for example, information about the operating system, the browser, the website you previously accessed (referrer URL), which websites the user has visited, which offers the user has clicked on and the date and time of your visit to our website.
The information generated by the cookie about your use of this website is transmitted pseudonymously to a LinkedIn server in the USA and stored there. LinkedIn does not store the name or email address of the respective user. Rather, the above-mentioned data is only assigned to the computer for which the cookie was generated. This does not apply if the user has allowed LinkedIn to process without pseudonymisation or has a LinkedIn account.
You can refuse the storage of cookies by selecting the appropriate settings in your browser; however, please be advised that in this case you may not be able to use all the features of this website. You can also object to the use of your data directly at LinkedIn: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
We use LinkedIn Analytics to analyse and regularly improve the use of our website. The statistics we collect allow us to improve our offer and make it more interesting for you as a user. All LinkedIn companies have adopted the standard contractual clauses to ensure that the traffic to the USA and Singapore necessary for the development, execution and maintenance of the services takes place in a lawful manner.
Information about the third-party provider: LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2 Ireland; User Agreement and Privacy Policy.

 

YouTube
Functions of the “YouTube” service are integrated into enespa’s homepage. “YouTube” belongs to Google Ireland Limited, a company incorporated and operated under the laws of Ireland with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland, which operates the services in the European Economic Area and Switzerland. Your legal agreement with “YouTube” consists of the terms and conditions that can be found under the following link: https://www.youtube.com/static?gl=de&template=terms&hl=de. These provisions form a legally binding agreement between you and YouTube regarding the use of its services. Google’s privacy policy explains how YouTube treats your personal data and protects your data when you use the service.

 

reCAPTCHA
To protect users’ requests via Internet forms, enespa uses the reCAPTCHA service from Google. A prompt serves to distinguish whether an input is made by a human or abusively by automated machine processing. The prompt includes the sending of the IP address and possibly further data required by Google for the reCAPTCHA service to Google. For this purpose, the User’s input is transmitted to Google and used further there. However, Google will truncate the User’s IP address beforehand within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of enespa, Google uses this information to evaluate your use of the service. The IP address transmitted by the User’s browser as part of reCaptcha is not merged with other Google data. The deviating data protection provisions of Google apply to this data. Further information on Google’s privacy policy can be found at: https://www.google.com/intl/de/policies/privacy.

 

Salesforce
enespa may use the CRM-Software Salesforce on enespa Websites.
Salesforce uses cookies, which are stored on the User’s browser and enable analysis of the use of enespa Websites. The information generated by the cookies about the use as well as the IP address may be transmitted to a server of Salesforce.com, Inc. with headquarters in San Francisco, USA and stored there.
Further information can be found at the following websites:
https://www.salesforce.com/privacy/regions/

 

Rights of Users
The rights of Users in the Processing of Data by enespa derive from the relevant legal Swiss and, if applicable, foreign regulations.
The exercise of such rights requires that the identity of the data subject is clearly established. enespa reserves the right to enforce any restrictions provided by law on the rights set out herein.
To exercise the aforementioned rights, the User must contact enespa directly and in writing.
Users have the following non-exhaustive rights when Data is processed by enespa. Further rights of Users arise from the mandatory standards of Swiss and, if relevant, foreign law.

Right to information
Every User can request information from enespa free of charge as to whether Data about them is being processed. enespa shall inform them of the following:
all Data available about them in the Data collection, including available information on the origin of the Data;
the purpose and, where applicable, the legal bases of the Processing, as well as the categories of Data processed, the parties involved in the collection and the recipients of the Data.
enespa reserves the right to charge the User for the costs incurred in case of more extensive requests.

Right to correction
Every User has the right to request the immediate rectification of incorrect personal Data concerning the User, or, where applicable, the completion of incomplete personal Data, including by means of a supplementary declaration.
Right to deletion
Every User has the right to the immediate deletion of personal Data concerning the User, provided that the personal Data is no longer necessary for the purposes for which it was collected or otherwise processed, the User’s consent has been withdrawn by the User, the Processing is not based on any legal basis, the User has objected and there are no overriding legitimate grounds for the Processing and/or the Processing is unlawful.
The deletion of certain Data may result in enespa no longer being able to provide its services. In this case, enespa is authorised to immediately terminate the business relationship with the User or to discontinue the provision of certain services, irrespective of other contractual agreements. The User acknowledges that the discontinuation of certain services by enespa does not constitute a breach of contract by enespa and/or does not release the User from their financial obligations.

Right to restrict Processing
Any User affected by the Processing of personal Data has the right to obtain from the data protection officer the restriction of processing if one of the following conditions is met:
the accuracy of the personal data is contested by the data subject for a period enabling the data controller to verify its accuracy
The Processing is unlawful but the data subject opposes the deletion of the personal data and instead requests the restriction of its use
The data controller no longer needs the personal data for the purposes of Processing, but the data subject still needs it to remain on file in order to establish, exercise or defend legal claims
The data subject has objected to the Processing on grounds relating to their particular situation and it is not yet clear whether the legitimate interests of the controller override those of the data subject
If one of the above conditions is met and the User wishes to request the restriction of personal Data stored by the operator of this website, they may do so at any time by contacting our controller. The data controller for this website will then arrange the restriction of the Processing.

Right to object
Every User has the right to object at any time, on grounds relating to their particular situation, to the Processing of personal Data concerning them carried out on the basis of Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.
The controller shall no longer process the personal Data unless they are able to demonstrate compelling legitimate grounds for the Processing which override the interests, rights and freedoms of the data subject, or the Processing is used for the establishment, exercise or defence of legal claims.

Right to data portability
Every User has the right to receive the personal Data concerning them that they have provided to a controller in a structured, commonly used and machine-readable format, and they have the right to transmit such Data to another controller without hindrance from the controller to whom the personal Data has been disclosed, provided that
the Processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) or on a contract pursuant to Article 6(1)(b); and
the Processing is carried out with the aid of automated procedures.
When exercising the right to data portability, the data subject has the right to require that the personal Data is transferred directly from one controller to another controller, where technically feasible.
Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, every User has the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement, if the data subject considers that the Processing of personal Data relating to them infringes this Regulation.

 

Consent
Every User explicitly and expressly consents to enespa Processing the Data as specified in this privacy policy.
Every user has the right to revoke their consent at any time. Revocation of consent shall not affect the lawfulness of the Processing of Data carried out on the basis of consent until revocation.
The revocation of consent authorises enespa to immediately terminate the business relationship with the User or to discontinue the provision of certain services, irrespective of other contractual agreements. The User acknowledges that the discontinuation of certain services by enespa does not constitute a breach of contract by enespa and/or does not release the User from their financial obligations.

 

Updating of the privacy policy
This privacy policy as of July 2022 may be amended at any time and without prior notice. The current version published on the website https://www.enespa.eu/datenschutz/ shall apply.
enespa reserves the right to supplement this privacy policy with additional privacy policies in specific cases.

 

Severability clause
If a provision of this privacy policy or the contents of an enclosure integrated in this privacy policy is or becomes invalid, the validity of the rest of this privacy policy shall not be affected.
The invalid provision shall be replaced by a valid provision which comes as close as possible to the intended economic purpose of the invalid provision.

 

Applicable law and place of jurisdiction
For disputes arising from this privacy policy or for disputes concerning the Data, Swiss law shall apply to the extent legally possible, excluding conflict of law rules.
Jurisdiction for disputes arising from this privacy policy or for disputes concerning the Data shall, as far as legally possible, lie with the courts at the respective registered office of the enespa company concerned.