ENESPA AG, Schäfligasse 1, CH-9050 Appenzell
ENESPA AG Balzers, Landstrasse 15, LI-9496 Balzers
Date: July 2022
enespa offers the enespa services to users (hereinafter the “Users”, individually the “User”). To provide the enespa services enespa needs various data and information from the Users about the Users themselves and/or about other facts and things concerning the Users (hereinafter “Data”).
enespa collects, records, organises, arranges, stores, adapts, modifies, reads out, queries, uses, transmits, disseminates, deletes and/or destroys, with or without the aid of automated procedures, the Data (hereinafter “Processing” or “to process”).
The Processing of Data is a basic requirement and therefore indispensable for enespa to be able to offer enespa services and exercise its business model.
enespa endeavours to protect the security and confidentiality of Data which enespa receives in the course of its business, obtains from publicly available sources and/or otherwise processes.
enespa is responsible for the Processing of Data. Questions and requests regarding the Processing of Data should be addressed in writing to the Data Protection Officer at the following address:
Attn.: Dominik Widmer
Tel.: +41 71 788 33 88
The Processing of Data by enespa is subject to the Federal Data Protection Act (Bundesgesetz über den Datenschutz) (hereinafter “DPA”) and the General Data Protection Regulation of the European Union (hereinafter “GDPR”).
enespa undertakes to comply with all of the relevant legal requirements and, as far as legally possible, also obliges its employees and third parties who process data on its behalf to do so, without, however, assuming any liability for this as far as legally possible.
Data and Data Processing
The Processing of the Data usually starts with the beginning of the business relationship between enespa and the User.
enespa is also authorised, following an expression of interest by a person (hereinafter the “Interested Person”) in one or more enespa Services or in another service, product, website, app and/or other service of a business partner or advertiser of enespa (hereinafter “Other Services”), to inform the Interested Person of enespa Services and/or Other Services and, in doing so, to process the Data received from the Interested Person and/or third parties.
In principle, all Data, including personal Data, is processed, which arises within the scope of enespa services or which become necessary for offering enespa services according to the exclusive assessment of enespa. This includes, but is not limited to:
Data that Users enter via online forms or apps or otherwise communicate in the context of their use of enespa’s offers (e.g. via telephone, email, online forms, surveys, etc.), including personal data (name, residential address, telephone number, email address, company, company size);
Automatically transmitted or accruing usage Data (e.g. the date and time of use, previous and accessed pages, IP address, Data on the browser used, device identifier, current location, insofar as this information is released, etc.);
Correspondence and other communication with the User (e.g. emails, telephone calls, which may also be recorded where necessary);
Data which enespa has received from business partners in connection with their marketing or customer acquisition measures.
This data can be linked, even across multiple visits and contacts, where a User or profile is recognised, for example, on the basis of a user name, an email address, a device identifier or “cookies” stored in the browser (see below).
Personal Data means Data relating to an identified or identifiable individual and any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Purpose of processing
enespa processes Data for the development, provision, enhancement and design of enespa services, for internal training purposes and quality control, for the maintenance and development of User relationships, for the expansion of enespa into other business areas, for obtaining quotes from insurance companies and other service providers, for advertising and marketing purposes, to prevent, detect and combat abuse, to respond to justified official enquiries, for the purpose of contract Processing, generally for the purpose of other commercial interests of enespa and/or in connection with credit checks and collection activities, as well as with the enforcement of claims or other legal disputes which concern enespa or in which enespa has a justified interest or in which enespa is involved.
Further purposes of Data use may arise from the circumstances or from legal obligations or may be indicated at the time of collection of the Data concerned.
Processing of the Data by third parties
enespa can have the Data processed by third parties, including abroad. enespa shall take reasonable steps to ensure that such third parties process the Data only to the same extent as enespa is permitted. The User hereby expressly authorises enespa to pass on the Data to third parties, including abroad.
The transfer of Data abroad may also occur when data is passed on to third parties, in particular if social networks or other third-party offers are used and/or linked to via enespa services.
Retention of Data
Data is stored by enespa in accordance with the provisions of the applicable data protection legislation (DPA, GDPR).
enespa generally processes all Data in Switzerland and stores it on systems in Switzerland. enespa reserves the right to process or store the Data outside Switzerland and Germany without informing the user in advance, provided that the relevant provisions of the data protection legislation are complied with.
enespa takes appropriate technical and organisational measures within the scope of the storage and Processing of Data to prevent unauthorised access and other unauthorised processing. These are reviewed regularly and, if necessary, adjusted, including for the third parties it commissions to operate its systems.
Data retention period
enespa retains the Data in accordance with legal requirements and complies with the relevant statutory retention periods and obligations.
After expiry of the relevant statutory retention periods and obligations or after expiry of those periods that are necessary for the prosecution or defence of claims (e.g. statutes of limitation), the corresponding Data is routinely deleted. Data that is not subject to retention periods and obligations will be deleted if its retention is no longer necessary for enespa services or for other interests of enespa.
Newsletter, commercial communication
enespa may send to all Users who register with it with an email address or another electronic address or mobile phone number, or who install an app from enespa, newsletters or other (also commercial) content related to enespa services (hereinafter “enespa News”) to their address, phone number or app from time to time. enespa may use the services of software providers to send the newsletter.
The User hereby agrees to the sending or display of enespa News, but may stop this at any time and free of charge.
Under certain circumstances, enespa News is received through registration in a so-called double opt-in procedure. The User will receive an email, SMS or other message requesting confirmation of registration. This confirmation is necessary so that no one can register with other people’s email addresses. Sign-ups to receive enespa News are logged in order to be able to prove the sign-up process in accordance with legal requirements. This includes storage of the login and confirmation time, as well as the IP address.
The User can cancel the receipt of enespa News at any time and revoke the consents to receive it. This simultaneously terminates the consent to their dispatch via mail software providers and to the statistical analyses. Separate revocation of the dispatch via a software provider and the statistical evaluation is not possible. A link to cancel the newsletter can be found at the end of each newsletter.
Cookies are a common technology whereby the website assigns an identifier to the User’s browser, which the User stores and presents on request; enespa normally allows this identifier to expire after one session, but uses permanent cookies to control the display of advertising on enespa Websites, to analyse the use of enespa Websites and to personalise enespa Websites. Permanent cookies can be automatically deleted, restricted or completely blocked by activating the appropriate settings in the browser (more on this here for Microsoft Edge, Firefox, Safari, Chrome or/and other browsers). This does not restrict the use of the enespa Websites.
However, if the temporary cookies (session cookies) are also prevented, the use of enespa websites may be impaired. If a User allows cookies, enespa assumes that they consent to their use.
enespa may use Google Analytics on the enespa Websites.
Google Analytics is a web analytics service provided by Google, Inc., based in Mountain View, California, USA (hereinafter “Google”). Google Analytics uses text files (hereinafter “Google cookies”) which are stored on the User’s computer and which enable analysis of the use of enespa Websites.
The information generated by Google cookies about the use of enespa Websites is usually transmitted to a Google server in the USA and stored there. However, in the event that IP anonymisation is activated on the enespa Websites, the User’s IP address will be truncated beforehand by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. Google may use this information on behalf of enespa for the purpose of evaluating the use of enespa Websites, compiling reports on website activity and providing other services relating to website activity and Internet usage. The IP address transmitted by the User’s browser as part of Google Analytics is not merged with other Google data. The storage of Google cookies can be prevented by a corresponding setting in the browser software. If the storage of Google cookies is prevented by the User, the User may not be able to use all functions of the enespa Websites to their full extent. In addition, the User can prevent the collection of data generated by Google cookies and related to the use of the enespa Websites (incl. your IP address) by Google as well as the Processing of this Data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout
An opt-out cookie is then set that prevents future collection of data when visiting enespa Websites.
Google Web Fonts
The enespa homepage uses so called web fonts provided by Google for the uniform display of fonts. When you access a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. If your browser does not support web fonts, a standard font is used by your computer.
enespa’s homepage uses Google conversion tracking. If you have reached our website via an advertisement placed by Google, Google Ads places a cookie on your computer. When a user clicks on an ad placed by Google, a conversion tracking cookie is set. These cookies expire after 30 days and are not used for personal identification. If the user visits certain pages on our website before the cookie has expired, we and Google can detect that the user clicked on the ad and proceeded to this website. Each Google Ads customer receives a different cookie. Therefore, cookies cannot be tracked via the websites of Google Ads customers. The information obtained through the conversion cookies is used to create conversion statistics for Google Ads customers who have opted into conversion tracking. Customers find out the total number of users who clicked on their ad and were redirected to a page containing a conversion tracking tag. However, they do not receive any information with which users can be personally identified.
If you do not wish to participate in tracking, you can reject the setting of a cookie required for this – for example, by means of a browser setting that generally deactivates the automatic setting of cookies or by setting your browser in such a way that cookies from the domain “googleleadservices.com” are blocked. Please note that if you do not wish measurement data to be recorded, you must not delete any opt-out cookies. If you delete all of the cookies in your browser, you will have to reset the respective opt-out cookie.
The enespa homepage uses functions provided by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. If you access our pages with Facebook plug-ins, a connection is established between your browser and the Facebook servers. In this process, the data is immediately transmitted to Facebook. If you have a Facebook account, this data can be linked to it. If you do not wish this data to be associated with your Facebook account, please log out of Facebook before visiting our site. Interactions, especially using a comment function or clicking on a “Like” or “Share” button will also be forwarded to Facebook. Learn more at https://de-de.facebook.com/about/privacy.
The enespa homepage uses functions offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. When you use our pages with Twitter plug-ins, a connection between your browser and the Twitter servers is established. In this process, data is immediately transferred to Twitter. If you have a Twitter account, this data can be linked to it. If you do not wish this data to be associated with your Twitter account, please log out of Twitter before visiting our site. Interactions, in particular clicking a “re-tweet” button, are also passed on to Twitter. Learn more at https://twitter.com/privacy.
The information generated by the cookie about your use of this website is transmitted pseudonymously to a LinkedIn server in the USA and stored there. LinkedIn does not store the name or email address of the respective user. Rather, the above-mentioned data is only assigned to the computer for which the cookie was generated. This does not apply if the user has allowed LinkedIn to process without pseudonymisation or has a LinkedIn account.
You can refuse the storage of cookies by selecting the appropriate settings in your browser; however, please be advised that in this case you may not be able to use all the features of this website. You can also object to the use of your data directly at LinkedIn: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
We use LinkedIn Analytics to analyse and regularly improve the use of our website. The statistics we collect allow us to improve our offer and make it more interesting for you as a user. All LinkedIn companies have adopted the standard contractual clauses to ensure that the traffic to the USA and Singapore necessary for the development, execution and maintenance of the services takes place in a lawful manner.
enespa may use the CRM-Software Salesforce on enespa Websites.
Further information can be found at the following websites:
Rights of Users
The rights of Users in the Processing of Data by enespa derive from the relevant legal Swiss and, if applicable, foreign regulations.
The exercise of such rights requires that the identity of the data subject is clearly established. enespa reserves the right to enforce any restrictions provided by law on the rights set out herein.
To exercise the aforementioned rights, the User must contact enespa directly and in writing.
Users have the following non-exhaustive rights when Data is processed by enespa. Further rights of Users arise from the mandatory standards of Swiss and, if relevant, foreign law.
Right to information
Every User can request information from enespa free of charge as to whether Data about them is being processed. enespa shall inform them of the following:
all Data available about them in the Data collection, including available information on the origin of the Data;
the purpose and, where applicable, the legal bases of the Processing, as well as the categories of Data processed, the parties involved in the collection and the recipients of the Data.
enespa reserves the right to charge the User for the costs incurred in case of more extensive requests.
Right to correction
Every User has the right to request the immediate rectification of incorrect personal Data concerning the User, or, where applicable, the completion of incomplete personal Data, including by means of a supplementary declaration.
Right to deletion
Every User has the right to the immediate deletion of personal Data concerning the User, provided that the personal Data is no longer necessary for the purposes for which it was collected or otherwise processed, the User’s consent has been withdrawn by the User, the Processing is not based on any legal basis, the User has objected and there are no overriding legitimate grounds for the Processing and/or the Processing is unlawful.
The deletion of certain Data may result in enespa no longer being able to provide its services. In this case, enespa is authorised to immediately terminate the business relationship with the User or to discontinue the provision of certain services, irrespective of other contractual agreements. The User acknowledges that the discontinuation of certain services by enespa does not constitute a breach of contract by enespa and/or does not release the User from their financial obligations.
Right to restrict Processing
Any User affected by the Processing of personal Data has the right to obtain from the data protection officer the restriction of processing if one of the following conditions is met:
the accuracy of the personal data is contested by the data subject for a period enabling the data controller to verify its accuracy
The Processing is unlawful but the data subject opposes the deletion of the personal data and instead requests the restriction of its use
The data controller no longer needs the personal data for the purposes of Processing, but the data subject still needs it to remain on file in order to establish, exercise or defend legal claims
The data subject has objected to the Processing on grounds relating to their particular situation and it is not yet clear whether the legitimate interests of the controller override those of the data subject
If one of the above conditions is met and the User wishes to request the restriction of personal Data stored by the operator of this website, they may do so at any time by contacting our controller. The data controller for this website will then arrange the restriction of the Processing.
Right to object
Every User has the right to object at any time, on grounds relating to their particular situation, to the Processing of personal Data concerning them carried out on the basis of Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.
The controller shall no longer process the personal Data unless they are able to demonstrate compelling legitimate grounds for the Processing which override the interests, rights and freedoms of the data subject, or the Processing is used for the establishment, exercise or defence of legal claims.
Right to data portability
Every User has the right to receive the personal Data concerning them that they have provided to a controller in a structured, commonly used and machine-readable format, and they have the right to transmit such Data to another controller without hindrance from the controller to whom the personal Data has been disclosed, provided that
the Processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) or on a contract pursuant to Article 6(1)(b); and
the Processing is carried out with the aid of automated procedures.
When exercising the right to data portability, the data subject has the right to require that the personal Data is transferred directly from one controller to another controller, where technically feasible.
Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, every User has the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement, if the data subject considers that the Processing of personal Data relating to them infringes this Regulation.
Every user has the right to revoke their consent at any time. Revocation of consent shall not affect the lawfulness of the Processing of Data carried out on the basis of consent until revocation.
The revocation of consent authorises enespa to immediately terminate the business relationship with the User or to discontinue the provision of certain services, irrespective of other contractual agreements. The User acknowledges that the discontinuation of certain services by enespa does not constitute a breach of contract by enespa and/or does not release the User from their financial obligations.
The invalid provision shall be replaced by a valid provision which comes as close as possible to the intended economic purpose of the invalid provision.
Applicable law and place of jurisdiction