Entenza Privacy Policy

1. Introduction

With the following information, we would like to provide you, as a “data subject,” with an overview of how we process your personal data and your rights under data protection laws. In principle, our websites can be used without providing personal data. However, if you wish to use special services offered by our company via our website, the processing of personal data may become necessary. If the processing of personal data is required and there is no legal basis for such processing, we generally obtain your consent.

The processing of personal data, such as your name, address, or email address, always takes place in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations applicable to “entenza GmbH”. Through this Privacy Policy, we aim to inform you about the scope and purpose of the personal data we collect, use, and process.

As the controller, we have implemented numerous technical and organizational measures to ensure the most complete protection possible of personal data processed via this website. Nevertheless, internet-based data transmissions can inherently have security vulnerabilities, meaning absolute protection cannot be guaranteed. For this reason, you are free to transmit personal data to us via alternative means, such as by telephone or post.

You can also take simple and easy-to-implement measures to protect yourself against unauthorized third-party access to your data. Therefore, we would like to provide you with some tips for securely handling your data:

• Protect your account (login, user, or customer account) and your IT system (computer, laptop, tablet, or mobile device) with strong passwords.
• Only you should have access to your passwords.
• Ensure that you only use your passwords for one account (login, user, or customer account).
• Do not use one password for different websites, applications, or online services.
• Especially when using publicly accessible IT systems or IT systems shared with other people, you should always log out after each login on a website, application, or online service.

Passwords should consist of at least 12 characters and be chosen so that they cannot be easily guessed. Therefore, they should not contain common everyday words, your own name, or names of relatives, but rather uppercase and lowercase letters, numbers, and special characters.

2. Controller

The controller in the sense of the GDPR is:

entenza GmbH
Gartenstraße 23, 09350 Lichtenstein, Germany

Phone: +49 37204 92940

Fax: +49 37204 929419

Email: info@entenza.de

Representative of the Controller: Ronny Kretschmer / Katharina Müller-Kratzsch

3. Data Protection Officer

You can reach the Data Protection Officer as follows:

Ronny Seffner

Phone: +49 35204 392050

Fax: +49 35204 392055

Email: ds@seffner-schlesier.de

You can contact our Data Protection Officer directly at any time with all questions and suggestions regarding data protection.

4. Definitions

This Privacy Policy is based on the terms used by the European legislator when enacting the General Data Protection Regulation (GDPR). Our Privacy Policy is intended to be easily readable and understandable for both the public and our customers and business partners. To ensure this, we would like to explain the terms used in advance.

Among others, we use the following terms in this Privacy Policy:

1. Personal Data
   Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2. Data Subject
   A data subject is any identified or identifiable natural person whose personal data is processed by the controller (our company).
3. Processing
   Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
4. Restriction of Processing
   Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.
5. Profiling
   Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
6. Pseudonymisation
   Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
7. Processor
   Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
8. Recipient
   Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
9. Third Party
   Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
10. Consent
    Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

5. Legal Basis for Processing

Art. 6 para. 1 lit. a) GDPR (in conjunction with § 25 para. 1 TDDDG (formerly TTDSG)) serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose.

If the processing of personal data is necessary for the performance of a contract to which you are a party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of another service or consideration, the processing is based on Art. 6 para. 1 lit. b) GDPR. The same applies to such processing operations that are necessary for carrying out pre-contractual measures, for example in cases of inquiries about our products or services.

If our company is subject to a legal obligation that requires the processing of personal data, such as to fulfill tax obligations, the processing is based on Art. 6 para. 1 lit. c) GDPR.

In rare cases, the processing of personal data may become necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, health insurance data, or other vital information had to be passed on to a doctor, hospital, or other third parties. Then the processing would be based on Art. 6 para. 1 lit. d) GDPR.

Finally, processing operations could be based on Art. 6 para. 1 lit. f) GDPR. Processing operations not covered by any of the aforementioned legal bases are based on this legal basis if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. Such processing operations are permitted to us in particular because they have been specifically mentioned by the European legislator. He was of the opinion that a legitimate interest could be assumed if you are a customer of our company (Recital 47 Sentence 2 GDPR).

6. Technology

6.1 SSL/TLS Encryption

This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data, or contact inquiries that you send to us as the operator. You can recognize an encrypted connection by the fact that the address bar of the browser shows “https://” instead of “http://” and by the padlock symbol in your browser bar.

We use this technology to protect your transmitted data.

6.2 Hosting by Hetzner

We host our website with Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen (hereinafter referred to as Hetzner).

When you visit our website, your personal data (e.g., IP addresses in log files) are processed on Hetzner’s servers.

The use of Hetzner is based on Art. 6 para. 1 lit. f) GDPR. We have a legitimate interest in the most reliable presentation and provision as well as security of our website possible.

We have concluded a data processing agreement (DPA) in accordance with Art. 28 GDPR with Hetzner. This is a contract required by data protection law, which ensures that Hetzner processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Further information on Hetzner’s data protection regulations can be found at: https://www.hetzner.com/de/rechtliches/datenschutz

7. Cookies

7.1 General Information on Cookies

Cookies are small files that your browser automatically creates and stores on your IT system (laptop, tablet, smartphone, etc.) when you visit our site.

Information is stored in the cookie that arises from the context of the specifically used device. However, this does not mean that we immediately gain knowledge of your identity.

The use of cookies serves to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after leaving our site.

In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your device for a specific, defined period. If you visit our site again to use our services, it is automatically recognized that you have already been with us and which entries and settings you have made, so you do not have to enter them again.

On the other hand, we use cookies to statistically record the use of our website and to evaluate our offer for you for optimization purposes. These cookies enable us to automatically recognize that you have already visited our website when you visit it again. The cookies set in this way are automatically deleted after a defined period. The respective storage duration of the cookies can be found in the settings of the consent tool used.

7.2 Borlabs Cookie (Consent Management Tool)

We use the WordPress cookie plugin “Borlabs Cookie” from Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany. This service allows us to obtain and manage the consent of website users for data processing.

Borlabs Cookie collects data generated by end-users who use our website with the help of cookies. If an end-user gives consent, the following data, among others, are automatically logged:

• Cookie lifetime,
• Cookie version,
• Domain and path of the WordPress page,
• Selection in the cookie banner,
• UID (a randomly generated ID),

The consent status is also stored in the end-user’s browser, so that the website can automatically read and follow the end-user’s consent for all subsequent page requests and future end-user sessions for up to 12 months. The consent data (consent and revocation of consent) are stored for three years. The retention period corresponds to the regular limitation period according to § 195 BGB. The data is then deleted immediately.

The functionality of the website is not guaranteed without the described processing. The user has no right to object as long as there is a legal obligation to obtain the user’s consent to certain data processing operations, Art. 7 para. 1, 6 para. 1 sentence 1 lit. c) GDPR.

The collected data is neither forwarded to Borlabs GmbH nor does it gain access to it.

Further information can be found at: https://de.borlabs.io/borlabs-cookie/.

8. Content of Our Website

8.1 Data Processing for Order Fulfillment

The personal data collected by us will be passed on to the transport company commissioned with the delivery within the scope of contract processing, insofar as this is necessary for the delivery of the goods. We pass on your payment data to the commissioned credit institution within the scope of payment processing, if this is necessary for payment processing. If payment service providers are used, we will explicitly inform you about this below. The legal basis for the transfer of data is Art. 6 para. 1 lit. b) GDPR.

8.2 Contact / Contact Form

When you contact us (e.g., via contact form or email), personal data is collected. Which data is collected when using a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration. The legal basis for processing the data is our legitimate interest in answering your request in accordance with Art. 6 para. 1 lit. f) GDPR. If your contact aims at concluding a contract, an additional legal basis for processing is Art. 6 para. 1 lit. b) GDPR. Your data will be deleted after your request has been finally processed; this is the case if it can be inferred from the circumstances that the matter concerned has been conclusively clarified and no statutory retention obligations prevent deletion.

8.3 Application Management / Job Board

We collect and process applicants’ personal data for the purpose of carrying out the application process. Processing can also take place electronically. This is particularly the case if an applicant submits corresponding application documents to us electronically, for example via email or a web form on the website. If we conclude an employment or service contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with legal regulations. If no contract is concluded with the applicant by us, the application documents will be automatically deleted six months after notification of the rejection decision, provided that no other legitimate interests on our part prevent deletion. Another legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).

The legal basis for processing your data is Art. 6 para. 1 lit. b), 88 GDPR in conjunction with § 26 para. 1 BDSG.

9. Newsletter Dispatch

9.1 Promotional Newsletter

On our website, you are given the opportunity to subscribe to our company’s newsletter. Which personal data is transmitted to us when ordering the newsletter can be seen from the input mask used for this purpose.

We regularly inform our customers and business partners about our offers via a newsletter. Our company’s newsletter can generally only be received by you if:

1. You have a valid email address and
2. You have registered for the newsletter dispatch.

For legal reasons, a confirmation email will be sent to the email address you first entered for newsletter dispatch using the double opt-in procedure. This confirmation email serves to verify whether you, as the owner of the email address, have authorized the receipt of the newsletter.

When registering for the newsletter, we also store the IP address assigned by your Internet service provider (ISP) of the IT system you used at the time of registration, as well as the date and time of registration. The collection of this data is necessary to be able to trace the (possible) misuse of your email address at a later date and therefore serves our legal protection.

The personal data collected during registration for the newsletter will be used exclusively for sending our newsletter. Furthermore, newsletter subscribers could be informed by email if this is necessary for the operation of the newsletter service or a related registration, as might be the case with changes to the newsletter offer or changes in technical circumstances. No personal data collected within the scope of the newsletter service will be passed on to third parties. You can cancel your subscription to our newsletter at any time. The consent to the storage of personal data that you have given us for newsletter dispatch can be revoked at any time. For the purpose of revoking consent, a corresponding link can be found in every newsletter. Furthermore, it is possible to unsubscribe from newsletter dispatch directly on our website at any time or to inform us of this in another way.

The legal basis for data processing for the purpose of newsletter dispatch is Art. 6 para. 1 lit. a) GDPR.

9.2 Newsletter Tracking

Our newsletters contain so-called tracking pixels. A tracking pixel is a miniature graphic embedded in such emails that are sent in HTML format to enable log file recording and log file analysis. This allows for a statistical evaluation of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, the company can see whether and when an email from you was opened and which links contained in the email were clicked by you.

Such personal data collected via the tracking pixels contained in the newsletters are stored and evaluated by us to optimize newsletter dispatch and to better adapt the content of future newsletters to your interests. This personal data will not be passed on to third parties. Data subjects are entitled to revoke the separate declaration of consent given via the double opt-in procedure at any time. After revocation, this personal data will be deleted by us. We automatically interpret an unsubscribe from receiving the newsletter as a revocation.

Such an evaluation is carried out in particular in accordance with Art. 6 para. 1 lit. f) GDPR on the basis of our legitimate interests in displaying personalized advertising, market research, and/or needs-based design of our website.

10. Our Activities on Social Networks

To communicate with you on social networks and inform you about our services, we maintain our own pages there. If you visit one of our social media pages, we are jointly responsible with the provider of the respective social media platform for the processing operations triggered thereby, in the sense of Art. 26 GDPR.

We are not the original provider of these pages, but merely use them within the scope of the possibilities offered to us by the respective providers.
Therefore, we would like to point out that your data may also be processed outside the European Union or the European Economic Area. Use may therefore be associated with data protection risks for you, as the safeguarding of your rights, e.g., to information, deletion, objection, etc., could be made more difficult, and processing in social networks often takes place directly for advertising purposes or for analyzing user behavior by the providers, without us being able to influence this. If user profiles are created by the provider, cookies are often used or user behavior is assigned to your own member profile created on the social networks.

The described processing operations of personal data are carried out in accordance with Art. 6 para. 1 lit. f) GDPR on the basis of our legitimate interest and the legitimate interest of the respective provider to communicate with you in a contemporary manner and/or to inform you about our services. If you have to give consent for data processing as a user to the respective providers, the legal basis refers to Art. 6 para. 1 lit. a) GDPR in conjunction with Art. 7 GDPR.

Since we do not have access to the providers’ data, we point out that you should best assert your rights (e.g., to information, rectification, deletion, etc.) directly with the respective provider. Further information on the processing of your data in social networks is listed below for each social network provider we use:

10.1 Facebook

(Co-)Controller for data processing in Europe:
Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Meta (Facebook) may, unless an objection is raised, process content from adult users in the EU, e.g., photos, posts, or comments, to train its own AI models. The basis for this is a legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. As a company, we have no influence on this specific data processing by Meta. Users can object to this via an online form on the Meta platforms.

Privacy Policy (Data Policy):
https://www.facebook.com/about/privacy

10.2 Instagram

(Co-)Controller for data processing in Germany:
Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Meta (Instagram) may, unless an objection is raised, process content from adult users in the EU, e.g., photos, posts, or comments, to train its own AI models. As a company, we have no influence on this specific data processing by Meta. The basis for this is a legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. Users can object to this via an online form on the Meta platforms.

Privacy Policy (Data Policy):
https://instagram.com/legal/privacy/

10.3 LinkedIn

(Co-)Controller for data processing in Europe:
LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland

Privacy Policy:
https://www.linkedin.com/legal/privacy-policy

11. Web Analytics

11.1 Google Analytics 4 (GA4)

On our websites, we use Google Analytics 4 (GA4), a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

In this context, pseudonymized usage profiles are created and cookies (see section “Cookies”) are used. The information generated by the cookie about your use of this website may include:

• a short-term collection of the IP address without permanent storage
• location data
• browser type/version
• operating system used
• referrer URL (previously visited page)
• time of server request

The pseudonymized data may be transferred by Google to a server in the USA and stored there.

The information is used to evaluate the use of the website, to compile reports on website activities, and to provide other services related to website use and internet use for market research purposes and the needs-based design of these websites. This information may also be transferred to third parties if required by law or if third parties process this data on our behalf.

These processing operations are carried out exclusively upon explicit consent in accordance with Art. 6 para. 1 lit. a) GDPR.

The data retention period preset by Google is 14 months. In addition, personal data is stored for as long as it is necessary to fulfil the purpose of processing. The data is deleted as soon as it is no longer required to achieve the purpose.

The parent company Google LLC is certified as a US company under the EU-US Data Privacy Framework. An adequacy decision pursuant to Art. 45 GDPR is therefore in place, meaning that personal data may be transferred even without further safeguards or additional measures.

Further information on data protection when using GA4 can be found at: https://support.google.com/analytics/answer/12017362?hl=de.

12. Payment Providers

12.1 Data Processing for Credit Assessment and Scoring

If we provide services in advance, e.g., for purchases on account, we reserve the right to obtain a credit assessment from specialized service companies (credit agencies) to protect our legitimate interests. For this purpose, we transmit your personal data required for a credit assessment to the following company(ies): XXX .

The credit assessment may include probability values (score values) calculated on the basis of scientifically recognized mathematical-statistical methods, which include address data, among other things. We use the information obtained about the statistical probability of a payment default for a balanced decision on the establishment, execution, or termination of the contractual relationship. Your legitimate interests are taken into account in accordance with legal provisions.

The legal bases for these transmissions are Article 6 para. 1 lit. b) and Art. 6 para. 1 lit. f) GDPR. Our legitimate interest is to protect our company from payment defaults.

13. Your Rights as a Data Subject

13.1 Right to Confirmation

You have the right to obtain confirmation from us as to whether personal data concerning you is being processed.

13.2 Right to Information Art. 15 GDPR

You have the right to obtain free information from us at any time about the personal data stored about you and a copy of this data in accordance with legal provisions.

13.3 Right to Rectification Art. 16 GDPR

You have the right to request the rectification of inaccurate personal data concerning you. Furthermore, taking into account the purposes of the processing, you have the right to have incomplete personal data completed.

13.4 Erasure Art. 17 GDPR

You have the right to request from us the immediate erasure of personal data concerning you, provided that one of the legally stipulated reasons applies and insofar as processing or storage is not necessary.

13.5 Restriction of Processing Art. 18 GDPR

You have the right to request from us the restriction of processing if one of the legal requirements is met.

13.6 Data Portability Art. 20 GDPR

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us, to whom the personal data has been provided, where the processing is based on consent pursuant to Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR or on a contract pursuant to Art. 6 para. 1 lit. b) GDPR and the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

Furthermore, when exercising your right to data portability pursuant to Art. 20 para. 1 GDPR, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided that this does not adversely affect the rights and freedoms of others.

13.8 Withdrawal of Data Protection Consent

You have the right to withdraw consent to the processing of personal data at any time with effect for the future.

13.9 Complaint to a Supervisory Authority

You have the right to lodge a complaint with a supervisory authority responsible for data protection regarding our processing of personal data.

14. Routine Storage, Erasure, and Blocking of Personal Data

We process and store your personal data only for the period necessary to achieve the storage purpose or as provided for by the legal regulations to which our company is subject.

If the storage purpose ceases to apply or a prescribed storage period expires, the personal data will be routinely blocked or deleted in accordance with legal provisions.

15. Duration of Storage of Personal Data

The criterion for the duration of storage of personal data is the respective statutory retention period. After the expiry of the period, the corresponding data will be routinely deleted, provided they are no longer necessary for contract fulfillment or contract initiation.

16. Topicality and Amendment of the Privacy Policy

This Privacy Policy is currently valid and was last updated: March 2026.

Due to the further development of our websites and offers or due to changed legal or official requirements, it may become necessary to amend this Privacy Policy. The current Privacy Policy can be accessed and printed at any time on the website under “https://entenza.de/datenschutz”.