Privacy Policy of EnerLease SARL, Echternach
Effective from December 4, 2023
We appreciate your keen interest in our company. Data protection holds a particularly high priority for the management of EnerLease SARL, Echternach (hereinafter referred to as “EnerLease”). This Privacy Policy applies exclusively to your use of our website and our fan pages. The use of our websites is generally possible without providing any personal data. However, if an individual wishes to avail themselves of specific services offered by our company through our website, the processing of personal data may become necessary. If the processing of personal data is necessary, and there is no legal basis for such processing, we generally seek the consent of the data subject.
The processing of personal data, such as the name, address, email address, or phone number of an individual, always takes place in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations applicable to us. Through this privacy statement, we aim to inform the public about the nature, scope, and purpose of the personal data we collect, use, and process. Additionally, this privacy statement enlightens data subjects about their rights.
EnerLease SARL, Echternach, as the data controller, has implemented numerous technical and organizational measures to ensure the most seamless protection of personal data processed through this website. However, internet-based data transmissions may, in principle, have security gaps, so absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us using alternative methods, such as by phone.
1. Definitions
This privacy policy is based on the terms used in the General Data Protection Regulation (GDPR). Our privacy policy aims to be easily readable and understandable for the public, as well as for our customers and business partners. To ensure this, we would like to explain some terms in advance.
In this privacy policy, we use, among other terms, the following:
a) Personal Data
Personal data refers to any information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”). An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more specific characteristics expressing the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
b) Data Subject
A data subject is any identified or identifiable natural person whose personal data is processed by the data controller.
c) Processing
Processing is any operation or set of operations performed on personal data, whether or not by automated means, such as collecting, recording, organizing, structuring, storing, adapting, or altering, retrieving, consulting, using, disclosing by transmission, disseminating, or otherwise making available, aligning, or combining, restricting, erasing, or destroying data.
d) Restriction of Processing
Restriction of processing is the marking of stored personal data with the aim of limiting its processing in the future.
e) Data Controller
Data controller or controller is the natural or legal person, authority, agency, or other body that alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union law or the law of the Member States, the controller or the specific criteria for their nomination may be provided for by Union law or the law of the Member States.
f) Processor
Processor is a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.
g) Recipient
Recipient is a natural or legal person, public authority, agency, or other body to whom personal data is disclosed, whether a third party or not. However, authorities that may receive personal data in the framework of a particular inquiry in accordance with Union law or the law of the Member States shall not be regarded as recipients.
h) Third Party
Third party is a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
i) Consent
Consent is any voluntary, informed, and unequivocal expression of will, in the form of a statement or other clear affirmative action, by which the data subject signifies agreement to the processing of personal data concerning them for a specific purpose.
2. Name and Address of the Data Controller
The data controller, as defined in Art. 4 No. 7 GDPR, is:
EnerLease SARL
6, Rue Martin Maas
6468 Echternach
Luxembourg
Tel.: +352 202040-0
Fax: +352 202040-10
Email: info@enerlease.lu
Website: enerlease.lu
Inquiries and requests for information, modification, blocking, or deletion can be sent by post to this address or by email to info@enerlease.lu.
3. Name and Address of the Data Protection Officer
The Data Protection Officer of the data controller is:
Günter Hilgers
EcoVisio GmbH
Rheinwerkallee 3
53227 Bonn
Email: guenter.hilgers@ecovisio.de
Any data subject can contact our Data Protection Officer directly at any time with questions and suggestions regarding data protection.
4. Contact Details of the Supervisory Authority (Luxembourg)
The competent supervisory authority for the data controller is:
Name: Commission nationale pour la protection des données (National Commission for Data Protection)
Address: 15, Boulevard du Jazz
Location: L-4370 Belvaux
Phone: +352 261060-1
Fax: +352 261060-29
Email: info@cnpd.lu
5. External Hosting
This website is hosted by an external service provider (host). The service has been commissioned to:
Broll IT & Media GmbH
Company headquarters:
Am Metternicher Bahnhof 10
56072 Koblenz
Personal data collected on this website is stored on the servers of the host. This may include, in particular, IP addresses, contact inquiries, meta and communication data, contract data, contact details, names, website access, and other data generated via a website.
The use of the host is for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast, and efficient provision of our online offering by a professional provider (Art. 6 para. 1 lit. f GDPR).
Our host will process your data only to the extent necessary to fulfill its contractual obligations and will follow our instructions regarding this data.
Conclusion of a Contract for Data Processing
To ensure the privacy-compliant processing, we have concluded a contract for data processing according to Art. 28 GDPR with the service provider.
6. Cookies
A cookie is a small data set that is stored on your end device and contains data such as personal page settings and login information. This record is generated by the web server with which you have established a connection via your web browser and sent to you. Generally, we use cookies to analyze interest in our websites and to improve the user-friendliness of our websites. You can generally access our websites without cookies. However, if you want to use our websites in full or comfortably, you should accept those cookies that enable the use of certain functions or make the use more convenient. You can find the purposes of the cookies we use in the consent management on our website or later by accessing the control of cookie services under “Cookie Settings” on our website.
By using our websites, you will be prompted to consent to the use of cookies, to the extent that they are not necessary for the proper operation of the website. You make the decision whether to consent to the use of consent-required cookies in the consent manager on our website.
You also have the option to set your browser to display cookies before they are stored, to accept or reject only certain cookies, or to reject cookies in general. Please note that changes to settings in the browser only affect that particular browser. If you use different browsers or switch devices, the settings must be made again. In addition, you can delete cookies from your storage medium at any time. For information on cookie settings, their modification, and the deletion of cookies, please refer to the help function of your web browser.
The following are the most common types of cookies explained for your understanding:
6.1 Session Cookies
While you are active on a website, a session cookie is temporarily stored in your computer’s memory, containing a session identifier. This prevents you from having to log in again with each page change. Session cookies are deleted upon logout or lose their validity once your session automatically expires.
6.2 Persistent or Log Cookies
A persistent or log cookie stores a file on your computer for the period specified in the expiration date. These cookies allow websites to remember your information and settings for your next visit, providing faster and more convenient access without, for example, needing to reset your language preference for our portal. Once the expiration date is reached, the cookie is automatically deleted when you visit the website that generated it.
6.3 Third-Party Cookies
Third-party cookies come from providers other than the website operator. They may be used, for example, to collect information for advertising, personalized content, and web statistics.
6.4 Flash Cookies
Flash cookies are stored as data elements by websites on your computer when operated with Adobe Flash. Flash cookies have no time limit.
6.5 Borlabs Cookie
6.5.1 Description and Purpose of Data Processing
Our website uses the Borlabs Cookie consent technology to obtain your consent for storing certain cookies in your browser or using certain technologies and to document this in compliance with data protection. The provider of this technology is Borlabs – Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg (hereinafter Borlabs). When you enter our website, a Borlabs cookie is stored in your browser, containing the consents granted by you or the revocation of these consents. This data is not transferred to the Borlabs Cookie provider.
6.5.2 Legal Basis for Processing
The use of Borlabs Cookie Consent technology is carried out to obtain legally required consents for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.
6.5.3 Duration of Storage, Objection, and Deletion Options
The data collected is stored until you request deletion or delete the Borlabs cookie yourself, or the purpose for data storage no longer exists. Mandatory legal retention periods remain unaffected. Details on the data processing by Borlabs Cookie can be found at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/.
6.5.4 Data Processing
No personal data is transferred.
7. Collection of General Data and Information
Our website collects a series of general data and information with each access by an individual or an automated system. These data and information are stored in the server’s log files. This can include (1) types and versions of browsers used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-websites accessed by an accessing system on our website, (5) the date and time of access to the website, (6) an Internet Protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) other similar data and information that serve to avert threats in the event of attacks on our IT systems.
We do not draw conclusions about the individual when using this general data and information. Instead, this information is needed to (1) correctly deliver the contents of our website, (2) optimize the contents of our website and its advertising, (3) ensure the permanent functionality of our IT systems and the technology of our website, and (4) provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack. These anonymously collected data and information are evaluated statistically by us to increase data protection and data security in our company, ultimately ensuring an optimal level of protection for the personal data we process. The anonymously collected server log file data is stored separately from all personal data provided by an individual.
Additionally, we use the so-called Local Storage and Session Storage technique (also called “Local Data” and “Local Storage” or “Session Storage”). With Local Storage, data is stored locally in your browser’s cache, which can still be read after closing the browser window or ending the program if you do not actively delete the cache. Local Storage allows your preferences when using our websites to be stored on your computer and used by you. The function of Session Storage corresponds to Local Storage, except that the corresponding data is automatically removed from your browser’s cache immediately after closing the browser (“session”).
Third parties cannot access the data stored in Local Storage and Session Storage. They are not passed on to third parties and are not used for advertising purposes. In particular, this technique is used to present our content to you in an appealing graphical format (e.g., pop-up windows, etc.) and to personalize our offer and navigation on our pages for you. You manage Local Storage content in the browser through the settings for “History” or “Local Data,” depending on the browser you use. If you restrict the described functions accordingly, there may be functional limitations.
Legal basis for the processing of personal data: Art. 6 para. 1 lit. f GDPR (legitimate interest). Our legitimate interest is to maintain the compatibility and stability of this web application for as many users as possible, including combating abuse and troubleshooting.
Duration of Storage
The deletion of the aforementioned technical data occurs as soon as they are no longer needed to ensure the compatibility of this web application for all visitors. We have no control over the storage duration of data in your Local Storage. You can manage Local Storage content in your browser through the settings for “History” or “Local Data,” depending on the browser you use. If you restrict the described functions accordingly, there may be functional limitations.
SSL/TLS Encryption
For security reasons and to protect the transmission of confidential content, such as inquiries you send to us as the site operator, this page uses SSL/TLS encryption. You can recognize an encrypted connection by the address line of the browser changing from “http://” to “https://” and by the lock symbol in your browser line. When SSL/TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Scope and Purpose of the Collected Data
8.1 Websites – General
With each request for a website or a file accessible via a browser program, the following data is stored:
The requested website or file
Date and time of the request
The transmitted data volume
Description of the web browser type and operating system used
IP address of the requesting computer
This information is used to optimize the websites of EnerLease SARL, Echternach, and to log any attacks via the Internet on our services. The listed data is automatically deleted after one year or by employees of our company.
8.2 Websites – Contact Form
When you submit inquiries to us via the contact form, your details from the inquiry form, including the contact details you provided there, are stored with us for the purpose of processing the inquiry and for follow-up questions. We do not pass on this data without your consent. The processing of this data is based on Art. 6 para. 1 lit. b GDPR, insofar as your inquiry is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures.
The data you enter in the contact form will remain with us until the purpose for data storage no longer applies (e.g., after completing the processing of your inquiry) or you request us to delete the data according to Art. 17 GDPR. Mandatory legal provisions – in particular retention periods – remain unaffected.
8.3 Inquiry by Email, Phone, or Fax
If you contact us by email, phone, or fax, your inquiry, including all personal data resulting from it (name, inquiry), will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent. The processing of this data is based on Art. 6 para. 1 sentence 1 lit. b GDPR, insofar as your inquiry is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures (e.g., questions about our products, our company, or others).
The data transmitted by you remains with us until the purpose for data storage no longer applies (e.g., after completing the processing of your inquiry) or you request us to delete the data according to Art. 17 GDPR. Mandatory legal provisions – in particular retention periods – remain unaffected.
9. Script Libraries
9.1 Google Fonts
To display our content correctly and graphically appealing across browsers, we use “Google Fonts” from Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter referred to as “Google”) for font display. We have locally integrated this script library on our web server so that there is no connection to Google and no “Google cookie” is set when you visit our website.
Legal Basis for Processing
The legal basis for the integration of Google Fonts is our legitimate interest according to Art. 6 para. 1 sentence 1 lit. f GDPR in a correct and graphically appealing presentation of the website. Since we have locally integrated the script library on our own web server, there is no data transfer to Google. Therefore, there is no need for your explicit consent to the use of Google Fonts.
Data Transfer
By locally integrating the script library on our web server, there is no data transfer to third parties.
Storage Duration
Through the local integration of the script library on our server, we do not collect personal data.
9.2 Adobe Fonts
Type and Purpose of Processing
We use Adobe Fonts for the visual design of our website. Adobe Fonts is a service of Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland, a subsidiary of Adobe Inc., 345 Park Avenue, San Jose, CA 95110-2704, USA (hereinafter “Adobe”), which provides us access to a font library. We have locally integrated the relevant scripts on our web server so that there is no connection to Adobe and no “cookie” is set when you visit our website.
Additional Information about Adobe Fonts
You can find more information about Adobe Fonts in Adobe’s privacy policy, which you can access here: Adobe Privacy Policy. If your browser does not support fonts, your computer will use a default font.
Legal Basis
The legal basis for the integration of Adobe Fonts is our legitimate interest under Art. 6 para. 1 sentence 1 lit. f GDPR in a correct and graphically appealing presentation of the website. Since we have locally integrated the relevant scripts on our own web server, there is no data transfer to Adobe. Therefore, there is no need for your explicit consent to the use of Adobe Fonts.
Storage Duration
Through the local integration of the relevant scripts on our server, we do not collect personal data.
Data Transfer
By locally integrating the script library on our web server, there is no data transfer to third parties.
10. OpenStreetMap
We integrate OpenStreetMap maps on our website. OpenStreetMap is a project of the OpenStreetMap Foundation, 132 Maney Hill Road, Sutton Coldfield, West Midlands B72 1JU, United Kingdom, which collects freely usable geodata and maintains it in a database for free use.
When you visit the website, no connection to the servers of OpenStreetMap is initially established. Instead of the embedded map, you will initially see only a preview image that we retrieve from our web server.
Without this form of integration, when you visit our website, a direct connection to the servers of the OpenStreetMap Foundation is established, and data is transferred to the OpenStreetMap Foundation to display embedded maps. Further information on data protection in connection with OpenStreetMap can be found in the privacy information of the OpenStreetMap Foundation.
Once you agree to establish a connection to display the maps on our website, you will be redirected to the OpenStreetMaps site, and the following data from your computer will be transmitted to OpenStreetMap servers:
IP address
Used browser and device
Operating system
Website from which you were redirected to the OpenStreetMap Foundation page (referring web page)
Date and time of the website visit
If you have a user account with OpenStreetMap and are logged in when visiting OpenStreetMaps, the following additional data will be transmitted to OpenStreetMap servers:
User ID
Email address associated with your account
Content blocked by the user and associated messages
The integration of a static map without a connection to OpenStreetMaps is based on Art. 6 para. 1 sentence 1 lit. f GDPR. It is done to make our website more user-friendly and appealing. There is a legitimate interest within the meaning of the aforementioned provision.
The transmission of data to OpenStreetMap is based on your explicit activation of the connection to OpenStreetMap (basis: consent under Art. 6 para. 1 sentence 1 lit. a GDPR). For data transfer to the UK, there is an adequacy decision of the EU under Art. 45 GDPR.
You can prevent any data transfer to OpenStreetMap servers by disabling JavaScript in your browser. However, in this case, you cannot use the map display.
For more information on handling user data, please refer to the OpenStreetMap privacy page and here.
11. Data Protection for Job Applications and in the Application Process
We offer you the opportunity to apply to us via email or by post. Hereinafter, we inform you about the scope, purpose, and use of your personal data collected in the application process. We assure you that the collection, processing, and use of your data will be in accordance with applicable data protection law and all other legal provisions, and your data will be treated strictly confidentially.
Scope and Purpose of Data Collection
If you send us an application, we process the associated personal data (e.g., contact and communication data, application documents, notes from job interviews, etc.) to the extent necessary for deciding on the establishment of an employment relationship. You can obtain precise information about the type and scope of the data collected under the information pursuant to Art. 13 GDPR for applicants.
The legal basis for this is Art. 6 para. 1 lit. b GDPR (general initiation of contracts) and – if you have given your consent – Art. 6 para. 1 lit. a GDPR. The consent is revocable at any time.
Your personal data will only be disclosed within our company to individuals involved in the processing of your application.
If the application is successful, the data you submitted will be stored on the basis of Art. 6 para. 1 lit. b GDPR for the purpose of implementing the employment relationship in our data processing systems.
Retention Period of Data
If we cannot offer you a position, if you reject a job offer, or if you withdraw your application, we reserve the right to retain the data
12. Deletion and Blocking of Personal Data
Subsequently, the data will be deleted, and physical application documents will be destroyed. The storage serves primarily for evidentiary purposes in the event of legal disputes. If it is apparent that the data will be required beyond the 6-month period (e.g., due to an impending or pending legal dispute), deletion will only occur when the purpose for further storage no longer applies. Extended storage may also take place if you have given corresponding consent (Art. 6 para. 1 lit. a GDPR) or if legal retention obligations prevent deletion.
13. Rights of the Data Subject
a) Right to Information: You can exercise your right to information according to Art. 15 GDPR at any time, inquiring whether personal data concerning you is being processed by us.
b) Right to Correction: You can exercise your right to correction according to Art. 16 GDPR at any time, requesting the correction of personal data concerning you that is incorrect.
c) Right to Restriction of Processing: You can exercise your right to restriction of processing according to Art. 18 GDPR at any time, requesting the restriction of processing if the legal prerequisites are met.
d) Right to Deletion: You can exercise your right to deletion according to Art. 17 GDPR at any time, demanding the immediate deletion of personal data concerning you if this data is no longer necessary for the purposes for which it was collected or processed in any other way. This right to deletion may be opposed by other legal obligations (e.g., retention obligations).
e) Right to Notification: You can assert your right to notification according to Art. 19 GDPR at any time. If you have asserted your right to deletion, correction, or restriction of processing of personal data concerning you, we are obliged to notify all recipients to whom the personal data concerning you has been disclosed of the correction or deletion of the data or the restriction of processing unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.
f) Right to Data Portability: You can exercise your right to data portability according to Art. 20 GDPR at any time. You have the right to receive the personal data you provided to us in a structured, common, and machine-readable format or to request the transmission to another responsible party, provided that this is technically feasible.
g) Right to Object to Data Collection in Special Cases and to Direct Marketing (Art. 21 GDPR): You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6 para. 1 letters e or f DS-GVO, including profiling based on those provisions. The respective legal basis on which processing is based can be found in this data protection policy. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims (objection according to Art. 21 para. 1 GDPR). If we process personal data to operate direct advertising, you, as the data subject, have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising, including profiling insofar as it is related to such direct advertising. If you object, we will no longer process your personal data for these purposes (objection according to Art. 21 para. 2 GDPR).
h) Right to Revoke Consent under Data Protection Law: You have the right to revoke your data protection consent to the processing of personal data at any time. The revocation of consent does not affect the legality of processing carried out based on the consent until revocation.
i) Right to Lodge a Complaint with a Supervisory Authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you believe that the processing of personal data concerning you violates the GDPR.
14. Legal Basis for Processing
Unless otherwise stated:
Art. 6 para. 1 sentence 1 lit. a GDPR serves as the legal basis for processing operations where we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, such as in the case of processing operations required for the delivery of goods or the provision of any other service or consideration, the processing is based on Art. 6 para. 1 sentence 1 lit. b GDPR. The same applies to processing operations that are necessary for the implementation of pre-contractual measures, for example, in cases of inquiries about our products or services. If our company is subject to a legal obligation by which the processing of personal data is required, such as for the fulfillment of tax obligations, the processing is based on Art. 6 para. 1 sentence 1 lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our company were injured and his name, age, health insurance data, or other vital information would have to be passed on to a doctor, hospital, or other third party. Then the processing would be based on Art. 6 para. 1 sentence 1 lit. d GDPR.
Ultimately, processing operations could be based on Art. 6 para. 1 sentence 1 lit. f GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights, and freedoms of the data subject do not prevail. Such processing operations are particularly allowed to us because they have been specifically mentioned by the European legislator. He took the view that a legitimate interest could be assumed if the data subject is a customer of the data controller (Recital 47 sentence 2 GDPR).
15. Legitimate Interests Pursued by the Controller or a Third Party
If the processing of personal data is based on Art. 6 para. 1 sentence 1 lit. f GDPR, our legitimate interest is the performance of our business activities for the benefit of the well-being of all our employees and shareholders.
16. Duration for Which the Personal Data is Stored
The criterion for the duration of the storage of personal data is the respective statutory retention period. After the expiration of the period, the corresponding data is routinely deleted, provided it is no longer necessary for the fulfillment of the contract or the initiation of a contract.
17. Legal or Contractual Regulations for the Provision of Personal Data; Necessity for the Conclusion of the Contract; Obligation of the Data Subject to Provide the Personal Data; Possible Consequences of Non-Provision
We inform you that the provision of personal data is partly required by law (e.g., tax regulations) or can also result from contractual provisions (e.g., information on the contractual partner).
It may occasionally be necessary for the conclusion of a contract that a data subject provides us with personal data that must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with them. Non-provision of personal data would result in the contract with the data subject not being concluded.
Before providing personal data, the data subject must contact the data controller under 2 or our data protection officer under 3. We inform the data subject on a case-by-case basis whether the provision of personal data is legally or contractually required or necessary for the conclusion of the contract, whether there is an obligation to provide the personal data, and what consequences the non-provision of the personal data would have.
1) This privacy statement was created in the marked sections by the Privacy Statement Generator, operated and provided in cooperation between DGD Deutsche Gesellschaft für Datenschutz GmbH, Dachau (available at: https://dsgvo-muster-datenschutzerklaerung.dg-datenschutz.de), and the law firm Wilde/Beuger/Solmecke Rechtsanwälte GbR, Cologne (available at: https://www.wbs-law.de/it-recht/datenschutzrecht/datenschutzerklaerung-generator/). These texts are subject to the copyright of DGD Deutsche Gesellschaft für Datenschutz GmbH, Dachau, and the law firm Wilde/Beuger/Solmecke Rechtsanwälte GbR, Cologne.