(Last update: 23.10.25)
The text has been automatically translated for readability. Please refer to the German Translation for legally binding notices.
enabl Technologies GmbH (hereinafter: “we”, “us”) is pleased that you are visiting our website www.enabl-tech.de (hereinafter: “website”).
Our policy is to only collect what we need and process that information exclusively to provide you with the service you expect.
The person responsible for processing personal data on our website within the meaning of the General Data Protection Regulation (hereinafter: “GDPR”) is:
enabl Technologies GmbH
Schenkenburgstrasse 7
76135 Karlsruhe
For data protection-related inquiries or to assert your rights as a data subject, you can contact us at any time by e-mail to datenschutz@enabl-tech.de turn around.
Our appointed data protection officer is:
Kertos GmbH
Briennerstrasse 41
80333 Munich
germany
email: dsb@kertos.io
Personal data is any information relating to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, email address or IP address. Information that we are unable to identify you personally (or only with disproportionate effort), e.g. by anonymizing the information, is not personal data. The processing of personal data (e.g. collection, retrieval, use, storage or transmission) always requires a legal basis such as your consent.
We only use your personal information when necessary to provide our website and services.
When you visit our website, your browser automatically sends personal data to our server, where it is stored in a log file.
We collect this information without your intervention and store it until it is automatically deleted:
· the IP address of your computer,
· date and time of your access,
· The name and URL of the file that you are retrieving
· the website from which you came (referrer URL)
· Your browser, possibly your computer's operating system and the name of your Internet service provider.
We process this data to:
· ensure a smooth connection to the website,
· to enable convenient use of our website
· to ensure IT security.
We process this data on the basis of Article 6 (1) (fGDPR). The above data must be processed in order to provide the website and to enable its secure and convenient use. This is in the legitimate interest of our company.
The collected data is deleted as soon as it is no longer needed for the website. This happens after 30 days at the latest. Data collection and storage are necessary to operate the website. Therefore, the user cannot object. In certain cases, we store data longer if required by law.
We process your data primarily in the EU and the EEA. However, some service providers are located in so-called “third countries”. The GDPR places high demands on data transfer to these countries. All recipients must meet these requirements. Before data is sent to a service provider in a third country, we check its level of data protection. He will only be selected if he can demonstrate an appropriate level of data protection. Regardless of location, every service provider must conclude an order processing contract with us. There are additional requirements for service providers outside the EEA. In accordance with Art. 44 ff. GDPR, data may be transferred to service providers who meet at least one of the following conditions:
· The EU Commission has decided that the third country offers an adequate level of protection.
· Standard contractual clauses have been included in the contract with the data recipient.
· There are further guarantees in accordance with Art. 46 GDPR.
· In special exceptional cases in accordance with Art. 49 GDPR
Within our company, only those people have access to your personal data who need it for the purposes specified in each case. Your personal data will only be passed on to external recipients if we are legally entitled to do so or if you have given your consent. The following is an overview of the respective recipients:
Amazon Cloud Front
purpose: to speed up and optimize the delivery of content on our website.
Recipient: Amazon Web Services, Inc. (AWS) One Burlington Plaza, Burlington Road, Dublin 4, DO4 RH96, Ireland.
Possible processed data:
• Technical connection data (e.g. IP address, date and time of access)
• Usage data (e.g. page content viewed, referrer URL)
• Communication and status data (e.g. HTTP status code, amount of data transferred)
• Device and software information (e.g. browser type and version, operating system)
Data transfer: For data transfers to the USA, there is an adequacy decision by the EU Commission, the EU-US Data Privacy Framework. AWS is certified within this framework, which is why such transfers are based on the legal basis of Art. 45 GDPR.
legal basis: Art. 6 para. 1 lit. f DSGVO; the legitimate interest lies in improving website performance and ensuring the provision of the website.
More information: https://aws.amazon.com/de/privacy/
Webflow
purpose: Hosting and operation of the website
Recipient: Webflow, Inc., 39811th Street, 2nd Floor, San Francisco, CA 94103, USA
Possible processed data:
• Technical connection data (e.g. IP address, date and time of the server request)
• Device and system data (e.g. operating system, device type and settings)
• Browser data (e.g. browser type, browser version)
• Usage data (e.g. referrer URL)
legal basis: The data is processed on the basis of Article 6 (1) (f) GDPR (legitimate interest). Our legitimate interest lies in the efficient and secure provision of our website.
Storage period: The data is stored for the period necessary to fulfill the purpose of processing or as long as there are legal retention periods.
Third country transfer: Data may be transmitted to servers in the USA. Webflow is certified within EU-U.S.DPF, which is why such transfers are based on the legal basis under Article 45 GDPR.
More information: https://webflow.com/legal/privacy
We use cloud-based customer relationship management systems (CRM) to efficiently process inquiries from (potential) customers, initiate contracts and maintain existing business relationships. In particular, we process contact, communication and contract data. The legal basis is Art. 6 para. 1 lit. b DSGVO, insofar as processing is necessary to fulfill or initiate a contract, and Art. 6 para. 1 lit. f DSGVO, as we have a legitimate interest in structured and comprehensible customer communication. The data is transmitted exclusively to the CRM provider as an order processor in accordance with Art. 28 GDPR. Insofar as the provider is based outside the EU/EEA, the transfer to third countries is based on EU standard contractual clauses; additional measures have been implemented. We delete or anonymize CRM data as soon as it is no longer required for the purposes mentioned above and there are no legal storage requirements.
We use cloud-based customer relationship management systems (CRM) to efficiently process inquiries from (potential) customers, initiate contracts and maintain existing business relationships. In particular, we process contact, communication and contract data. The legal basis is Art. 6 para. 1 lit. b DSGVO, insofar as processing is necessary to fulfill or initiate a contract, and Art. 6 para. 1 lit. f DSGVO, as we have a legitimate interest in structured and comprehensible customer communication. The data is transmitted exclusively to the CRM provider as an order processor in accordance with Art. 28 GDPR. Insofar as the provider is based outside the EU/EEA, the transfer to third countries is based on EU standard contractual clauses; additional measures have been implemented. We delete or anonymize CRM data as soon as it is no longer required for the purposes mentioned above and there are no legal storage requirements.
Calendly
Calendly
purpose: Provision of online appointment booking
Recipient: Calendly LLC, 115 E Main St., Ste A1B, Buford, GA 30518, USA (hereinafter: “Calandly”) is provided.
Possible processed data:
· Your name
· Your email address
· Your company name
legal basis: Consent in accordance with Art. 6 para. 1 lit. a DSGVO. You are entitled to withdraw your consent at any time. However, this does not affect the lawfulness of processing carried out before the withdrawal.
Storage period: We only store the data for as long as is absolutely necessary, but no longer than 30 days. Further storage may take place in individual cases if this is required by law or is necessary to fulfill the contract.
Third country transfer The information is usually forwarded to a Calendly server in the USA and stored there. For data transfers to the USA, there is an adequacy decision by the EU Commission, the EU-U.S. Data Privacy Framework. Calendly"is certified within this framework, which is why such transfers are based on the legal basis of Art. 45 GDPR.
More information: https://calendly.com/legal/privacy-notice
Brevo, Sendinblue GmbH
purpose: Sending newsletters, product information and marketing emails as well as evaluation of opening and click rates to optimize future campaigns
Recipient: Brevo B.V., Köpenicker Strasse 126, 10179 Berlin, Germany
Possible processed data:
• Email address
• Name
• Newsletter interactions (e.g. opening time, click on link)
• Technical data (e.g. IP address, device type)
legal basis: Consent in accordance with Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time. This does not affect the lawfulness of previous processing.
Storage period: Until consent is withdrawn
More information: Detailed information can be found in Brevo's official data protection information: https://www.brevo.com/de/datenschutz-uebersicht/
We use tracking and analysis tools to constantly improve our website and adapt it to your needs. Our website uses various tracking technologies. They collect information by setting cookies or combining device data (device fingerprinting). This allows us to statistically record the use of our website by visitors and optimize our online offering. The data is processed in accordance with your consent in accordance with Art. 6 para. 1 lit. a) GDPR. Below, we describe the tracking and analysis tools, as well as their purposes and the data collected.
Google ads
purpose: Display of personalized ads, placement and optimization of advertising campaigns and reach measurement via Google's advertising network
Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (operator for EU)
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States of America
Processed data:
• Online identifiers (e.g. cookie ID, advertising ID)
• IP address (abbreviated/anonymized)
• Browser information (e.g. language, version)
• Information about user behavior (e.g. ads clicked, pages visited)
• Usage data (e.g. time and duration of interaction)
• Device information (e.g. device type, operating system)
Storage period: Cookies are stored for up to 90 days.
Third country transfer: Data transfer to the USA based on the EU-U.S. Data Privacy Framework (Art. 45 GDPR) and additional standard contractual clauses (SCCs)
More information: https://policies.google.com/privacy
Google - Analytics 4
purpose: web analysis
Recipient: Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland and Google, LLC 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Possible processed data:
Third country transfer: For data transfers to the USA, there is an adequacy decision by the EU Commission, the EU-U.S. Data Privacy Framework. Google is certified within this framework, which is why such transfers are based on the legal basis under Article 45 GDPR. In addition, so-called standard contract clauses (SCC) were concluded with “Google”.
More information: https://policies.google.com/privacy.
Google — Tag Manager
purpose: Manage and trigger website tags via a uniform interface
Recipient: Google Ireland Limited, Google Building GordonHouse, 4 Barrow St, Dublin, D04 E5W5, Ireland and Google, LLC 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Possible processed data:
· Access data (e.g. time of page call, referrer URL)
· Device data (e.g. IP address, device type)
· Browser data (e.g. browser used, language settings)
· Event data (e.g. tag triggering, interactions with integrated scripts)
· Location data (e.g. country, city — based on IP address)
Storage period: Cookies are stored for up to 90 days.
Third country transfer: Data transfer to the USA based on the EU-U.S. Data Privacy Framework (Art. 45 GDPR) and additional standard contractual clauses (SCCs)
More information: https://policies.google.com/privacy
LinkedIn Conversion
purpose: Conversion tracking to measure the success of advertisements and optimize marketing measures
Recipient: LinkedIn Ireland Unlimited Company, WiltonPlace, Dublin 2, Ireland LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA94085, USA
Possible processed data:
· Access data (e.g. IP address, time of access)
· Usage data (e.g. pages visited, interactions on the website)
· Source and traffic data (e.g. referrer URL, origin of visitors)
· Device data (e.g. device type, screen resolution)
· Browser data (e.g. browser used, language settings)
· Event data (e.g. clicks on ads, conversions)
· Location data (e.g. country, city — based on IP)
· Tracking data through cookies and DeviceFingerprinting
Storage period: Typically stored for up to 180 days
Third country transfer: Data transfer to the USA based on the EU-U.S. Data Privacy Framework (Art. 45 GDPR) and additional standard contractual clauses (SCCs)
More information: https://www.linkedin.com/legal/privacy-policy
If you contact us by email, we process the personal data you provide (e.g. name, email address, content of your message) exclusively for the purpose of processing and responding to your request. The legal basis for this is usually our legitimate interest in communicating with you in accordance with Art. 6 para. 1 lit. f DSGVO or — if your request relates to the conclusion or performance of a contract — the implementation of pre-contractual measures or contract performance in accordance with Art. 6 para. 1 lit. b GDPR. Your data will only be stored for as long as is necessary to process your request. It will not be passed on to third parties unless we are legally obliged to do so or it is absolutely necessary to process your request.
You can send us your application via email. In doing so, we collect your email address and the data that you provide in the email, such as:
· First name, last name
· Email address
· Date of birth
· Address
· Stay
· Telephone number
· Photo
The legal basis for processing your data is contract initiation in accordance with Art. 6 para. 1 lit. b DSGVO and § 26 para. 1 BDSG. We store your personal data until the application process is completed. If we do not consider your application, we will keep your data for six months after we have notified you. In the event of a legal dispute, we will keep your data until it is resolved. If we hire you, we store your application data in your personnel file until the end of the employment relationship.
You can object to the processing of your personal data at any time. In this case, we will no longer consider your application and delete all stored data.
We ensure that your personal information remains secure and confidential. We use technical and organizational security measures to prevent data manipulation, loss or misuse. We regularly review and update these to keep pace with technology.
Remember that on the Internet, other people or institutions may disregard data protection rules. In particular, unencrypted data, such as emails, is accessible to third parties. We have no influence on this. Protect your data with encryption or other measures to prevent misuse.
Personal data is deleted or blocked when the reason for its storage no longer applies. Storage can continue if required by European or national laws. Data is also blocked or deleted when the legal storage period ends, unless the data is required for a contract.
You have the following rights regarding your personal data:
a. Right to information: You can find out whether we are using your personal information. If so, you have the right to know what that data is, why we use it, who receives it and how long we keep it.
b. Right to rectification: You can request that incorrect data be corrected quickly. You can also have incomplete data added.
c. Right to delete: You can request that we delete your data. This applies when they are no longer necessary, you withdraw your permission or the data has been used incorrectly.
d. Right to restrict processing: You can request that we restrict the use of your data, for example if it is incorrect.
e. Right to data portability: You can receive your data in a standard, machine-readable format.
f. Right to object: You can object to the use of your data at any time, particularly in the case of advertising. This also applies to profiling in advertising.
g. Right of withdrawal: You can withdraw your consent to the use of data at any time in the future. However, previous use remains permitted.
h. complaint: You can complain to a supervisory authority if you feel that your rights have been violated.
date 23.10.25
version 1.0
Reason for change First version of the revised privacy policy in a new format
