Logo
AboutServicesProjectsArticlesContact
Schedule a Meeting

Privacy Policy

Preamble

With the following privacy policy we would like to inform you which types of your personal data (hereinafter also abbreviated to “data”) we process for which purposes and in which scope. The privacy statement applies to all processing of personal data carried out by us, both in the context of providing our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online services").

The terms used are not only gender-specific.

Last Update: 4. November 2020

Table of Contents

  • Preamble
  • Controller
  • Overview of Processing Operations
  • Legal Bases for the Processing
  • Security Precautions
  • Transmission and Disclosure of Personal Data
  • Data Processing in Third Countries
  • Use of Cookies
  • Commercial Services
  • Use of Online Marketplaces for E-Commerce
  • Payment Service Provider
  • Credit Assessment
  • Provision of Online Services and Web Hosting
  • Special Functions and Applications (Apps)
  • Purchase of Applications via Appstores
  • Registration, Login and User Account
  • Single Sign-on Authentication
  • Blogs and Publication Media
  • Contacting Us
  • Communication via Messenger
  • Audio Content
  • Web Analysis, Monitoring and Optimization
  • Online Conferences, Online Meetings, Webinars and Screen-Sharing
  • Job Application Process
  • Cloud Services
  • Newsletter and Electronic Communications
  • Promotional Communication by E-Mail, Postal Mail, Fax or Telephone
  • Sweepstakes and Contests
  • Surveys and Questionnaires
  • Web Fonts
  • Plugins and Embedded Functions and Content
  • Online Marketing
  • Rating Platforms
  • Profiles in Social Networks (Social Media)
  • Planning, Organization and Utilities
  • Finance and Office
  • Changes and Updates to the Privacy Policy
  • Rights of Data Subjects
  • Terminology and Definitions

Enigma
Sheikh Zayed - 8th district
Ritzy Mall Egypt

Authorized representatives
Dipl.-Ing. (TU) Mohamed Hassan
info@enigmai.com

Overview of Processing Operations

The following table summarizes the types of data processed, the purposes for which they are processed and the concerned data subjects.

Categories of Processed Data

  • Event Data (Facebook) (“Event Data” is data that can be transmitted from us to Facebook, e.g. via Facebook pixel (via apps or other means) and relates to persons or their actions on the site (such as indications, for example, information about visits to websites, interactions with content, functions, installations of apps, purchases of products, etc.); Event data is processed for the purpose of creating target groups for content and advertising information (“Custom Audiences”); Event Data does not include the actual content (such as written comments), login information or contact information (such as name, email addresses and phone numbers). Event Data is deleted by Facebook within a maximum of two years. The Custom Audiences created from them with the help of event data are deleted when they are no longer needed by us.)
  • Job application data (e.g. names, documents)
  • Inventory data (e.g. names, addresses)
  • Job applicant data (e.g. personal data, postal and contact addresses and the documents pertaining to the application and the information contained therein, such as cover letters, CVs, certificates as well as other information provided by applicants with regard to their person or qualifications)
  • Location data (information on the position of a mobile device or person)
  • Contact data (e.g. e-mail, telephone numbers)
  • Meta/communication data (e.g. device information, IP addresses)
  • Usage data (e.g. websites visited, interest in content, access times)
  • Meta/communication data (information on the geographical position of a device or person)
  • Payment data (e.g. bank account details, customer category)
  • Contract data (e.g. contract object, duration, customer category)
  • Payment data (e.g. bank details, invoices, payment history)

Special Categories of Data

  • Data revealing racial or ethnic origin.

Categories of Data Subjects

  • Employees (e.g. Employees, job applicants).

  • Job applicants.

  • Business and contractual partners.

  • Prospective customers.

  • Communication partner (Recipients of e-mails, letters, etc.).

  • Customers.

  • Users (e.g. website visitors, users of online services).

  • Participants in sweepstakes and competitions.

Purposes of Processing

  • Assessment of creditworthiness.

  • Affiliate Tracking.

  • Authentication processes.

  • Provision of our online services and usability.

  • Conversion tracking (Measurement of the effectiveness of marketing activities).

  • Job Application Process (Establishment and possible later execution as well as possible later termination of the employment relationship).

  • Office and organisational procedures.

  • Content Delivery Network (CDN).

  • Cross-Device Tracking (Device-independent processing of user data for marketing purposes).

  • Direct marketing  (e.g. by e-mail or postal).

  • Conducting sweepstakes and contests.

  • Affiliate Tracking.

  • Interest-based and behavioral marketing.

  • Contact requests and communication.

  • Profiling (Creating user profiles).

  • Remarketing.

  • Web Analytics (e.g. access statistics, recognition of returning visitors).

  • Security measures.

  • Targeting (e.g. profiling based on interests and behaviour, use of cookies).

  • Polls and Questionnaires (e.g. surveys with input options, multiple choice questions).

  • Provision of contractual services and customer support.

  • Managing and responding to inquiries.

  • Custom Audiences (Selection of relevant target groups for marketing purposes or other output of content).

Automated Individual Decision-Making

  • Credit report (Decision based on a credit report).

Legal Bases for the Processing

In the following we inform you about the legal basis of the General Data Protection Regulation (GDPR), on the basis of which we process personal data. Please note that, in addition to the regulations of the GDPR, the national data protection regulations may apply in your country or in our country of residence or domicile. If, in addition, more specific legal bases are applicable in individual cases, we will inform you of these in the data protection declaration.

  • Consent (Article 6 (1) (a) GDPR)– The data subject has given consent to the processing of his or her personal data for one or more specific purposes.

  • Performance of a contract and prior requests (Article 6 (1) (b) GDPR)– Performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

  • Compliance with a legal obligation (Article 6 (1) (c) GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.

  • Performance of a tasks carried out in the public interest (Article 6 (1) (e) GDPR) – Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

  • Legitimate Interests (Article 6 (1) (f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

  • Job application process as a pre-contractual or contractual relationship (Article 9 (2)(b) GDPR) – If special categories of personal data within the meaning of Article 9 (1) GDPR (e.g. health data, such as severely handicapped status or ethnic origin) are requested from applicants within the framework of the application procedure, so that the responsible person or the person concerned can carry out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law, their processing shall be carried out in accordance with Article 9 (2)(b) GDPR , in the case of the protection of vital interests of applicants or other persons on the basis of Article 9 (2)(c) GDPR  or for the purposes of preventive health care or occupational medicine, for the assessment of the employee’s ability to work, for medical diagnostics, care or treatment in the health or social sector or for the administration of systems and services in the health or social sector in accordance with Article 9 (2)(d) GDPR. In the case of a communication of special categories of data based on voluntary consent, their processing is carried out on the basis of Article 9 (2)(a) GDPR.

  • Performance of a contract and prior requests (EKD) (§ 6 No. 5 DSG-EKD) – Performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

National data protection regulations in Germany: In addition to the data protection regulations of the General Data Protection Regulation, national regulations apply to data protection in Germany. This includes in particular the Law on Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act – BDSG). In particular, the BDSG contains special provisions on the right to access, the right to erase, the right to object, the processing of special categories of personal data, processing for other purposes and transmission as well as automated individual decision-making, including profiling. Furthermore, it regulates data processing for the purposes of the employment relationship (§ 26 BDSG), in particular with regard to the establishment, execution or termination of employment relationships as well as the consent of employees. Furthermore, data protection laws of the individual federal states may apply.

Security Precautions

We take appropriate technical and organisational measures in accordance with the legal requirements, taking into account the  state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, in order to ensure a level of security appropriate to the risk. The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access to, input, transmission, securing and separation of the data. In addition, we have established procedures to ensure that data subjects’ rights are respected, that data is erased, and that we are prepared to respond to data threats rapidly. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and service providers, in accordance with the principle of privacy by design and privacy by default.