Data protection

We are very pleased with your interest in our company. Data protection is of a particularly high value for E-Works Mobility GmbH (hereinafter referred to as ‘E-Works’ or ‘we’).

Through this privacy policy, we would like to inform you as a visitor to our website about the type, scope, and purpose of the personal data collected, used and processed by us, as well as enlighten you about the rights you are entitled to.  

1. Name and address of the responsible person for processing
The responsible person within the meaning of the General Data Protection Regulation is:

HEERO by E-Works Mobility GmbH
Mr. Dominik Ashkar, Managing Director
Bruckmairstr. 15
85737 Ismaning
Germany

+49 89 693 193 000
anfrage@eworks-mobility.de 

We have appointed a data protection officer in our company. You can reach our data protection officer as follows:
‍
Attorney
Alma Lena Fritz
Riedener Str. 8
81475 Munich
+49 173 327 55 75
alma@fritzlaw.de
‍
2. What personal data do we collect when you visit our website?
A visit to E-Works Mobility GmbH's websites is generally possible without providing personal data, as long as you do not submit it to us via a contact form on this website or otherwise electronically.

We point out that internet-based data transfers can generally have security gaps, so that absolute protection of transmitted data cannot be guaranteed. For this reason, it is generally up to you to transmit personal data to us by alternative means, such as by telephone or post.

When you visit our website, some data and information is stored in the server’s log files. Could record details include (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-websites, which are directed via an accessing system on our website, (5) the date and time of an access to the internet site, (6) an Internet Protocol address (IP address), (7) the internet service provider of the accessing system and (8) other similar data and information that can be used in the event of attacks on our information technology systems. 

While processing this general data and information, we cannot identify you as long as you do not voluntarily provide us with further information. The aforementioned information is rather needed to (1) deliver the contents of our website correctly, (2) ensure the long-term functionality of our information technology systems and the technology of our website, and (3) provide necessary information to law enforcement agencies in the event of a cyberattack.
‍
The data and information collected will also be statistically evaluated by E-Works Mobility GmbH with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimal protection level for the personal data we process.

If you identify yourself to us (e.g. by entering personal data in the contact form) these data will not be combined with the above purposes but stored separately from all personal data provided by an affected person. There is no storage of any data together with the IP address or other personal data related to your person.

3. Cookies
So-called cookies are used on our website. Cookies make our offer more user-friendly, effective and secure. Cookies are small text files that are deposited on your computer and stored by your browser.

Many of the cookies we use are so-called ‘session cookies’. They are automatically deleted after your visit ends. Other cookies remain stored on your end device until you delete them or the storage duration of the corresponding cookies expires. These cookies are only set based on your explicit consent in accordance with Art 6 Para. 1 lit a GDPR, which you can give us via the cookie banner. These cookies make it possible to recognise your browser on your next visit through our analysis tool, Google Analytics, but not to identify you. Further information on the use of Google Analytics can be found below.

You can configure your browser to be informed about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or generally, as well as activate the automatic deletion of cookies when closing the browser. With the deactivation of cookies, the functionality of this website can be restricted.

A general objection against the use of cookies used for online marketing purposes can be declared for many of the services, especially in the case of tracking, via the US-American page http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/. In addition, the storage of cookies can be achieved by disabling them in the browser settings. Please note that, if necessary, not all functions of this online offer can be used.

To manage your consent to cookies, our website uses the Cookie Consent Technology from CookieScript, a service provided by Objectis Ltd., Laisves st. 60, LT-05120 Vilnius, Lithuania, to document your consent or refusal of consent to store certain cookies on your end device in compliance with data protection. This processing is necessary to operate our website in compliance with data protection. This processing corresponds to our legitimate interests according to Art 6 Para. 1 lit f GDPR.

Specifically, the CookieScript tool stores a cookie in your browser to recognise whether you have given your consent to the setting of cookies or whether you have refused or withdrawn this consent. This cookie is technically necessary so that you can visit our website.

4. Use of Google Services

4.a) Use of Google Analytics
This website uses features of the web analytics service Google Analytics of Google LLC., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. For the European area, the company Google Ireland Limited, Gordon House, Barrow Street 4, Ireland is responsible.
Google Analytics uses so-called ‘cookies’ (see above). The information generated by the cookie about your use of this website by the page visitor (including the shortened IP address) is usually transferred to a Google server and stored there. Google Analytics creates a random, unique ID with a tracking code associated with the cookie in your browser. This way, Google Analytics identifies you as a new or returning user. When you visit our site again, you will be recognised as a ‘returning user’. All collected data is stored together with this user ID. On behalf of the website operator, Google will use the information obtained to evaluate the usage of the website, compile reports on website activities and provide other services related to website and internet usage to the website operator (Art. 6 Para. 1 lit. F GDPR).

The legitimate interest in data processing lies in the optimisation of this website, the analysis of the website usage and the adjustment of the content. The interests of users are adequately safeguarded by pseudonymisation, especially since they consent to the use of Google Analytics by accepting the cookies. Insofar as you consent to the setting of the cookies, the legal basis for the corresponding processing of personal data is your explicit declaration of consent pursuant to Art. 6 Para. 1 a GDPR.

The following cookies are used by Google Analytics: 

Name: _ga_CKS5MND38S
Purpose: Storage of the user ID; serves to distinguish website visitors. Storage Duration: 1 year 1 month 

Name: _ga
Purpose: Contains a randomly generated user ID. Based on this ID, Google Analytics can recognise returning users on this website and merge the data from previous visits.
Storage Duration: 1 year 1 month 

The collection by Google Analytics can be prevented by the page visitor adjusting the cookie settings for this website. The collection and storage of the IP address and data generated by cookies can also be objected to at any time with effect for the future. The corresponding browser plug-in can be downloaded and installed from the following link: https://tools.google.com/dlpage/gaoptout.

The page visitor can prevent collection by Google Analytics on this website by clicking on the following link. An opt-out cookie will be set that prevents future data collection when visiting this website (https://tools.google.com/dlpage/gaoptout).

Further information on the use of data by Google, as well as options for settings and objections, can be found in Google's privacy policy (https://policies.google.com/privacy) and in the settings for displaying advertisements by Google (https://adssettings.google.com/authenticated). 

Google Analytics occasionally transfers personal data to the USA. The USA is not considered a secure third country in the sense of European data protection laws, so personal data transferred to the USA is not subject to the same protection standards as in Europe. However, Google participates in the so-called Data Privacy Framework to ensure compliance with European data protection standards. Google LLC’s participation in the EU-US Data Privacy Framework can be viewed here: https://www.dataprivacyframework.gov/list  

Further information on data protection at Google LLC can be found here: https://policies.google.com/privacy?hl=de. 

4.b) Use of Google Adwords
‍We use the marketing and remarketing services (short ‘Google Marketing Services’) of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The Google Marketing Services allow us to display advertisements more specifically on and within our website, so that users are only shown ads that potentially match their interests. If users are shown ads for products they are interested in on other websites, this is called ‘remarketing’. For these purposes, a code is executed by Google immediately when our and other websites that are active with Google Marketing Services are accessed and so-called (Re)marketing tags (invisible graphics or codes, also known as ‘web beacons’) are integrated into the website. With their help, an individual cookie, i.e., a small file is stored on the user's device (instead of cookies, similar technologies may be used). The cookies can be set from various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com, or googleadservices.com.
In this file details are recorded of which websites the user visited, what content he is interested in and what offers he clicked, along with technical information about the browser and operating system, the referring websites, the time of the visit, and other information about the use of the online offer.
Furthermore, the IP address is collected, whereby we inform within the context of Google Analytics that the IP address is truncated within the member states of the European Union or in other contracting states of the agreement on the European Economic Area and only in exceptional cases is fully transmitted to a Google server in the USA and truncated there. The IP address will not be merged with data from the user within other Google products. The information mentioned above can also be combined with information from other sources. If the user then visits other websites, they may be shown tailored ads to their interests.

The data of the users are processed within the framework of the Google Marketing Services pseudonymously. That means Google stores and processes relevant data cookie-based within pseudonymous user profiles without processing the name or email address of users. This does not apply if a user has explicitly allowed Google to process the data without this pseudonymisation.

Among the Google Marketing Services we use is the online advertising program ‘Google AdWords’. In the case of Google AdWords, each AdWords customer receives a different ‘conversion cookie’. This means cookies cannot be tracked across the websites of AdWords customers. The information and data obtained with the help of the cookie serve to compile conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers find out the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive information that can personally identify users.

To this end, we also have Enhanced Conversions enabled, a feature that can improve the accuracy of conversion tracking while protecting users' privacy by enhancing existing conversion tags with hashed first-party conversion data from the website. Hashing the first-party data before sending it to Google Ads ensures privacy, as personal information (such as here email addresses) is converted into a hashed/pseudonymised (SHA256) string.

The legal basis for processing your data is Art. 6 Para. 1 Sentence 1 lit. a GDPR, insofar as the processing of your personal data is based on a cookie. In addition, we have the right to effective marketing of our company on our page, so we base a data processing on Art. 6 Para. 1 lit f GDPR. We assume that your interests do not conflict.

4.c) Use of ‘DoubleClick’
‍We include ads from third parties based on the Google Marketing Services ‘DoubleClick’. DoubleClick uses cookies to enable Google and its partner websites to serve ads based on users’ visits to this website or others.

We also integrate third-party advertisements based on the Google Marketing Services ‘AdSense’. AdSense uses cookies to enable Google and its partner websites to serve ads based on users’ visits to this website or others. The user data collected by ‘DoubleClick’ is transmitted to Google and stored on Google’s servers in the USA. Further information on data protection at Google can be found above under 4.a).

More information on data usage for marketing purposes by Google can be found on the overview page: https://www.google.com/policies/technologies/ads/, the privacy policy of Google can be accessed under https://www.google.com/policies/privacy/

The legal basis for processing your data is Art 6 Para. 1 Sentence 1 lit. a GDPR, namely your express consent to set the corresponding cookie.

Storage duration or deletion of the data: If you wish to object to the collection by Google Marketing Services, you can use the settings and opt-out options provided by Google: http://www.google.com/ads/preferences/ 

‍The following cookies are used by DoubleClick:
Name: Gcl_au
Purpose: This cookie is set by DoubleClick and contains information about how the user uses the website, as well as about ads that the user may have seen before visiting this website. 
Storage Duration: 3 months 

Name: IDE
Purpose: This cookie is set by DoubleClick and contains information about how the user uses the website, as well as about ads that the user may have seen before visiting this website.
Storage Duration: 1 year 

4.d) Use of YouTube Services
‍Our website also includes services from YouTube, a service of Google Ireland Limited (address already above). To the extent that cookies are set, the legal basis for processing your data is Art. 6 Para. 1 sentence 1 lit. a GDPR, namely your express consent to set the corresponding cookie.
‍
The following cookies are set by YouTube:
Name: YSC
Purpose: This cookie registers a unique ID to be able to create statistics of YouTube video usage by users.
Storage Duration: Session  

Name: VISITOR_PRIVACY_METADATA
Purpose: YouTube visitor privacy metadata cookie
Storage Duration: 6 months

5. Use of Hotjar
We use Hotjar, a technology tool from Hotjar Ltd, Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141, Malta to better understand our users’ needs and to optimise our website and your visit on our website (e.g. how much time they spend on which pages, which links they click, what users like and dislike, etc.) and this enables us to build and maintain our service with user feedback.
Hotjar uses cookies and other technologies to collect data on our users’ behaviour and their devices. This includes, in particular, the device’s IP address (processed during your session and stored in anonymised form), device screen size, device type (unique device identifiers), browser information, geographical location (country only) and the preferred language for displaying our website. Hotjar stores this information in a pseudonymised user profile on our behalf. Hotjar is contractually prohibited from selling any data collected on our behalf. We have an order processing contract with Hotjar, protecting compliance with applicable data protection regulations.

Further information on data protection at Hotjar can be found at: https://www.hotjar.com/de/datenschutz/

According to Hotjar, and our contractual agreement, there is no transmission of personal data outside the EU.

The following cookies are used by Hotjar: 
Name: hjSession_3666709
Purpose: Contains the current session data. Ensures that subsequent requests within the session window are attributed to the same session. 
Storage Duration: 30 Minutes 

Name: _hjSessionUser_3666709
Purpose: Set when a user lands for the first time on a page. Ensures that data from subsequent visits on the same website are attributed to the same user ID. User is not followed across other websites.
Storage Duration: 1 Year

6. Use of the SalesViewer® Technology
On this website, data is collected and stored using the SalesViewer® technology from SalesViewer® GmbH based on the legitimate interests of the website operator (Art. 6 Para.1 lit.f GDPR) for marketing, market research and optimisation purposes.

For this, a javascript-based code is used to collect and use company-related data. Data collected with this technology is encrypted via a non-reversible one-way function (so-called hashing). The data is immediately pseudonymised and is not used to identify visitors to this website personally.

The data stored within Salesviewer® is deleted as soon as it is no longer required for its intended purpose and there are no legal retention obligations to prevent deletion.

The collection and storage of data can be objected to at any time with effect for the future, by clicking this link: https://www.salesviewer.com/opt-out to prevent the collection by SalesViewer® within this website in the future. An opt-out cookie for this website will be placed on your device. If you delete your cookies in this browser, then you must click this link again.
‍

7. Use of Framer
Framer is a tool by Framer B.V., Rozengracht 207B, 1016 LZ Amsterdam, Netherlands (hereinafter Framer).

When you visit our website, Framer collects various log files including your IP addresses.

Framer is a tool for creating and hosting websites. Framer stores cookies or other recognition technologies necessary for displaying the page, providing specific website features, and ensuring security (necessary cookies).

The use of Framer is based on Art. 6 Para. 1 lit. f GDPR. We have a legitimate interest in reliable display of our website, and we assume that you as a visitor also have an interest in this representation and your privacy interests do not outweigh it.

Framer occasionally transfers personal data to the USA. The USA is not considered a secure third country under European data protection laws, and so personal data that is transferred to the USA is not subject to the same protection standards as in Europe. As a legal basis for data transfers to third countries, Framer uses standard contractual clauses approved by the EU Commission under Art. 46 Para. 2 and 3 GDPR to comply with European data protection levels also outside of the EU.

Further information on data protection at Framer can be found here: https://www.framer.com/privacy/

‍8. Application through our Integrated Personio Application Page
Applicants can submit their applications to us using an online form on our website. The data is only transmitted to us in encrypted form according to the state of the art. 

In terms of processing applicant data within our company, we cooperate with Personio GmbH (Rundfunkplatz 4, 80335 Munich, Germany), acting as a processor (hereafter: AV) in the sense of Art 28 GDPR. We have concluded the necessary AV contract with Personio GmbH. Personio GmbH is contractually obligated to store personal data exclusively on ISO-certified servers in Germany.  

Alternatively, applicants can send their applications to us via email. In addition, applicants still have the option to send us their application by post. Within the application process, your data is used by the HR department, as well as other authorised persons, especially by the managers involved in the recruitment process within the E-Works Mobility GmbH to verify your suitability for the advertised position.  

We legitimate the processing of personal data for your application according to Art. 6 Para. 1 b GDPR, namely conducting pre-contractual measures that follow your request (Art. 6 Para. 1 lit. b) GDPR).  

The data made available by applicants is further processed for the purposes of the employment relationship in the case of a successful application, and then deleted according to applicable retention periods relevant to employment relationships.

In case an application is unsuccessful, deletion will take place after a period of six months so that we can respond to any follow-up questions from the application and fulfil our evidence requirements from the General Equal Treatment Act (AGG). If an applicant withdraws their application, we will immediately delete the applicant's data. Regarding the processing of personal data in the application process, the separate data protection notice for applicants, which we provide in the application process, applies.
‍
9. Contact options via the website
We are pleased if you contact us via email or telephone using the contact details provided in the imprint. In addition, you have the opportunity to contact us through our contact form on the website. The data transmitted to us will automatically be saved and forwarded to the staff responsible for answering at our company, who will then contact you directly.

The processing of personal data is processed for the preparation of a contractual relationship and, if applicable, fulfilment of our obligations under already concluded contracts, Art 6. (1) (b) GDPR.

Through the website contact, we process your first and last name, email address, telephone number, the company you are writing to us for and, if applicable, further personal data you provide to us via the free text fields in the contact form.

9.a Use of Netlify
We use the services of Netlify to host our HEERO Assistant (Chatbot). The provider is the US-based company Netlify Inc. with headquarters at 101 2nd Street, Suite 575, San Francisco, CA 94105, USA.

In the context of use, personal data is partially processed in the United States. Netlify participates in the EU-US Data Privacy Framework, which enables a lawful and safe transfer of personal data of European users to the US. Further details can be found at https://commission.europa.eu/document/download/e5a39b3c-6e7c-4c89-9dc7-016d719e3d12_en?filename=Draft%20adequacy%20decision%20on%20EU-US%20Data%20Privacy%20Framework_0.pdf available.

In addition, so-called standard contractual clauses apply (in accordance with Art. 46 Par. 2 and 3 GDPR). These standard contractual clauses are contract templates developed by the European Commission, meant to ensure that your data comply with European levels of data protection - even when transferred and stored in third countries like the US. Both through participation in the EU-US Data Privacy Framework and through the standard contractual clauses Netlify commits to adhere to European data protection standards during the processing of your data, even if stored, processed and managed in the USA. The clauses are based on a European Commission decision. The decision and the standard contractual clauses can be viewed, among others, here: https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX%3A32021D0914&qid=1761055082952.

With Netlify, an order processing contract exists according to Art. 28 GDPR, which forms the data protection legal basis of our business relationship. This contract refers to the EU standard contractual clauses and is stored with us and can be accessed here: https://www.netlify.com/pdf/netlify-dpa.pdf. Further information on data processing by Netlify can be obtained from the privacy policy under https://www.netlify.com/gdpr-ccpa.

10. Integration of Social Media Platforms such as LinkedIn and Instagram
Social media platforms are embedded on our website via a simple link. A data transfer to the following social media platforms only takes place when you click on the corresponding link. We have embedded links to the following companies on our website:
‍
A click on the icon Instagram establishes a direct connection to the services of Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland. The provider's data protection information can be found at: https://help.instagram.com/

A click on the icon LinkedIn establishes a direct connection to the services of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Pl, Grand Canal Dock, Dublin 2, Ireland. The provider's data protection information can be found at: www.linkedin.com/legal/privacy-policy
‍
A click on the icon YouTube or on a video on our website establishes a direct connection to the services of Google Ireland Limited ('Google'), Gordon House, Barrow Street, Dublin 4, Ireland. Further information on data protection at YouTube can be found in their privacy policy: https://policies.google.com/privacy?hl=de.  
‍
11. Routine Deletion and Blocking of Personal Data
We store personal data in accordance with the respective storage purpose only for the duration necessary to achieve the storage purpose. This results especially from the commercial storage and archiving periods that apply to us.
‍
12. Your Rights as a Data Subject
As a data subject, you have certain rights regarding your personal data, which we would be happy to explain as follows:
‍
‍Right of Information (Art. 15 GDPR) – Under the conditions specified in Art. 15 GDPR, you have the right to request confirmation from us if personal data relating to you is processed, and, if so, access the personal data and certain information about its processing. Please note that this right is subject to certain legal restrictions (especially under § 34 BDSG).

‍Right to Rectification (Art. 16 GDPR) – Under the conditions specified in Art. 16 GDPR, you have the right to request the rectification of inaccurate personal data and the completion of incomplete personal data relating to you.

‍Right to Erasure (right to be forgotten) (Art. 17 GDPR) – Under the conditions specified in Art. 17 GDPR, you have the right to request the deletion of certain personal data concerning you, e.g. data that is no longer required for legitimate purposes (e.g. establishing, exercising, or defending legal claims).

‍Right to Restriction of Processing (Art. 18 GDPR) – Under the conditions specified in Art. 18 GDPR, you have the right to request the restriction of the processing of certain personal data, for instance, data that you claim is inaccurate.

‍Right to Data Portability (Art. 20 GDPR) – Under the conditions specified in Art. 20 GDPR, you have the right, related personal data that is processed automatically based on your consent to be forwarded to third parties in a machine-readable format.

‍Right to Object (Art. 21 Para. 1 GDPR) – Under the conditions specified in Art. 21 GDPR, you have the right to object to certain processing of your personal data for reasons relating to your particular situation. In such cases, we may not comply with your objection if there are compelling legitimate reasons for processing that override your interests, or if processing is necessary for the establishment, exercise or defence of legal claims.

‍Right to Object to Direct Advertising (Art. 21 Para. 2 GDPR) – You can object to the further processing of personal data relating to you for advertising purposes at any time, with the result that we will no longer process it for this purpose; this also applies to profiling, where it is connected with such direct advertising.
‍
‍Automated Decisions (Art. 22 GDPR) – We will not make any decisions without your consent that have legal effects on you or similarly significantly affect you and that are based solely on an automated processing (including profiling).
‍
‍Right to Lodge a Complaint
‍You have the right to lodge a complaint with a supervisory authority. This can include the supervisory authority responsible for your place of residence or the supervisory authority generally competent for us (See section 1.3).

The supervisory authority responsible for us is:

Bavarian State Office for Data Protection Supervision
House address: Promenade 27 (Schloss)
Mailbox: 606
91522 Ansbach
Germany
‍
Reachability of the data protection supervisory authority:
T +49 981 53 1300
F +49 981 53 98 1300
poststelle@lda.bayern.de

If you would like to submit a complaint, you can also use the online complaint form provided at https://www.lda.bayern.de/de/beschwerde.html.

To assert your rights, e.g. to withdraw a possibly granted consent, you can contact us in any form, including via the contact details mentioned in the imprint. For exercising your rights, it may be necessary for you to identify yourself to us as the data subject.

‍13. Confidentiality and Security of Your Personal Data
‍We are committed to keeping the personal data made available to us secure and have implemented appropriate policies, provisions, and technical measures for information security to protect the personal data that we are responsible for from unauthorized access, improper use or disclosure, unauthorized modification, and unlawful destruction or accidental loss. All our partners, staff, consultants, labourers, and data processors (i.e., those processing your personal data on our behalf for the purposes mentioned above) with access to personal data and responsibility for processing them are required to respect the confidentiality of these personal data.

‍14. Questions about Data Protection
‍If you have any questions regarding data protection with E-Works Mobility, you are welcome to address these questions to: datenschutz@eworks-mobility.de