Data protection

We are very pleased about your interest in our company. Data protection is of particularly high importance for E-Works Mobility GmbH (hereinafter referred to as "E-Works" or "we").

With this privacy policy, we would like to inform you as a visitor of our website about the type, scope, and purpose of the personal data we collect, use, and process, as well as educate you about your respective rights.  

1. Name and address of the person responsible for processing
Responsible within the meaning of the General Data Protection Regulation is:

HEERO by E-Works Mobility GmbH
v.d.d. the managing director Dominik Ashkar
Bruckmairstr. 15
85737 Ismaning
Germany

+49 89 693 193 000
anfrage@eworks-mobility.de 

We have appointed a data protection officer in our company. You can reach our data protection officer as follows:
‍
Attorney
Alma Lena Fritz
Riedener Str. 8
81475 Munich
+49 173 327 55 75
alma@fritzlaw.de
‍
2. What personal data do we collect when you visit our website?
A visit to the internet pages of E-Works Mobility GmbH is generally possible without providing personal data, as long as you do not transmit them to us via a contact form on this website or electronically in another way.

We point out that internet-based data transmissions can generally have security gaps, so absolute protection of the transmitted data cannot be guaranteed. For this reason, you are generally free to transmit personal data to us by alternative means, such as telephone or post.

When you call up our website, some data and information are stored in the server log files. The following can be recorded: (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referer), (4) the sub-websites that are accessed via an accessing system on our website, (5) the date and time of an access to the website, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system, and (8) any other similar data and information that serve the purpose of ensuring security in the event of attacks on our information technology systems. 

In processing this general data and information, we cannot identify you as long as you do not provide us with further information on a voluntary basis. The aforementioned information is needed for (1) the correct delivery of the contents of our website, (2) ensuring the continuous functionality of our information technology systems and the technology of our website, and (3) providing law enforcement agencies with the necessary information for prosecution in the event of a cyber attack.
‍
The collected data and information are statistically evaluated by E-Works Mobility GmbH with the aim of increasing data protection and data security in our company, ultimately to ensure an optimal level of protection for the personal data we process.

As long as you identify yourself to us (e.g., by entering personal data in the contact form), these data will not be combined with the anonymous data from the server log files but stored separately from any personal data provided by an affected person. Storage of any data together with the IP address or other personal data about you does not take place.

3. Cookies
Our website uses so-called cookies. Cookies are designed to make our offer more user-friendly, effective, and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Many of the cookies we use are so-called "session cookies." They are automatically deleted at the end of your visit. Other cookies remain stored on your device until you delete them or the storage period of the respective cookies expires. These cookies are only set based on your express consent in accordance with Art 6 para. 1 lit a GDPR, which you can give us through the cookie banner. These cookies allow us to recognize your browser via our analysis tool Google Analytics during your next visit but do not allow us to identify you. For more information about the use of Google Analytics, please see below.

You can set your browser to inform you about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or generally, and enable automatic deletion of cookies when closing the browser. When cookies are disabled, the functionality of this website may be limited.

A general objection to the use of cookies for online marketing purposes can be declared via a multitude of services, especially in the case of tracking, through the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. In addition, storage of cookies can be achieved by disabling them in the browser settings. Please note that in this case, not all functions of this online offer may be used.

To manage your consent to cookies, our website uses the CookieConsent technology from CookieScript, a service of Objectis Ltd., Laisves st. 60, LT-05120 Vilnius, Lithuania, to document your consent or refusal to store certain cookies on your device in compliance with data protection regulations. This processing is necessary to operate our website in compliance with the data protection regulations. This corresponds to our legitimate interests as per Art 6 para. 1 lit f GDPR.

In particular, the CookieScript tool stores a cookie in your browser to recognize whether you have consented to the use of cookies or refused or revoked this consent. This cookie is technically necessary for you to visit our website.

4. Use of Google services

4.a) Use of Google Analytics
This website uses functions of the web analysis service Google Analytics of Google LLC., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Responsible for the European sector is the company Google Ireland Limited, Gordon House, Barrow Street 4, Ireland.
Google Analytics uses so-called "cookies" (see above for more information). The information generated by the cookie about the use of this website by the page visitor (including the truncated IP address) is usually transmitted to a Google server and stored there. Google Analytics creates a random, unique ID using a tracking code, which is associated with the cookie in your browser. Google Analytics can recognize you as a new or returning user. When you visit our site the next time, you are recognized as a "returning user." All collected data are stored together with this user ID. On behalf of the site operator, Google will use the gathered information to evaluate the use of the website, compile reports on website activities, and provide other services related to website use and internet use to the site operator (Art. 6 para. 1 lit. F GDPR).

The legitimate interest in data processing lies in the optimization of this website, analysis of the website usage, and adjustment of the contents. Users' interests are sufficiently protected through pseudonymization, especially because they consent to the use of Google Analytics by accepting the cookies. If you agree to the setting of cookies, the legal basis for the corresponding processing of personal data is your express consent in accordance with Art. 6 para. 1 a GDPR.

GoogleAnalytics uses the following cookies: 

Name: _ga_CKS5MND38S
Purpose: Storage of the user ID to; to distinguish between website visitors. Duration of storage: 1 year 1 month 

Name: _ga
Purpose: Contains a randomly generated user ID. With this ID, Google Analytics can recognize returning users on this website and combine data from previous visits.
Duration of storage: 1 year 1 month 

Collection via Google Analytics can be prevented by adjusting the cookie settings for this website. Collection and storage of the IP address and data generated by cookies can also be objected to at any time with future effect. The corresponding browser plugin can be downloaded and installed from the following link: https://tools.google.com/dlpage/gaoptout.

The site visitor can prevent collection via Google Analytics on this website by clicking on the following link. An opt-out cookie is set, which prevents future data collection when visiting this website (https://tools.google.com/dlpage/gaoptout).

Further information about Google's data usage, setting and objection options, can be found in Google's privacy policy (https://policies.google.com/privacy) and in the settings for displaying ads by Google (https://adssettings.google.com/authenticated). 

Partial transfer of personal data to the USA takes place through Google Analytics. The USA is not a secure third country in terms of European data protection laws, so personal data transferred to the USA do not fall under the same protection standards as in Europe. However, Google participates in the so-called Data Privacy Framework to ensure compliance with European data protection standards. Google's participation in the EU-US Data Privacy Framework can be viewed here: https://www.dataprivacyframework.gov/list 

Further information on data protection at Google LLC can be found here: https://policies.google.com/privacy?hl=de. 

4.b) Use of Google AdWords
‍We use the marketing and remarketing services ("Google Marketing Services") of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The Google Marketing Services allow us to display ads for and on our website more precisely, only presenting ads to users that potentially correspond to their interests. If users are shown ads for products in which they were interested on other websites, this is referred to as "remarketing." For this purpose, by calling up our and other websites where Google Marketing Services are active, a code from Google is directly executed, and so-called (re)marketing tags (invisible graphics or code, also referred to as "WebBeacons") are integrated into the website. With their help, an individual cookie, meaning a small file, is stored on the users' device (instead of cookies, similar technologies can be used). The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com, or googleadservices.com.
In this file, it is recorded which websites users visit, which contents they are interested in, and which offers they have clicked on, as well as technical information about the browser and operating system, referring websites, time of visit, and further information about the use of the online offer.
The IP address is also captured, wherein we report within Google Analytics that the IP address is shortened within member states of the European Union or other countries of the agreement on the European Economic Area and only in exceptional cases is completely transferred to a server of Google in the USA and shortened there. The IP address is not combined with user data within other offers from Google. These previously mentioned information can also be linked with such information from other sources. When users subsequently visit other websites, corresponding ads tailored to their interests can be shown to them.

User data are processed pseudonymously in the context of Google's Marketing Services. That is, Google does not store and process user names or email addresses but processes the relevant data cookie-based within pseudonymous user profiles. From Google's perspective, the ads are not managed and displayed for a concretely identified person but for the cookie holder, regardless of who the cookie holder is. This is the case unless a user expressly enables Google to process the data without this pseudonymization.

Google Marketing Services we use include the online advertising program "Google AdWords." In the case of Google AdWords, every AdWords customer receives a different "Conversion-Cookie." These cookies can thus not be tracked across websites of AdWords customers. The information obtained through the cookie is used to compile conversion statistics for AdWords customers who have opted into conversion tracking. AdWords customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information with which users can be personally identified.

For this, we have also set up Enhanced Conversions (Enhanced Conversions), a feature designed to enhance the accuracy of conversion tracking while protecting the privacy of users by supplementing existing conversion tags with hashed first-party conversion data from the website. Hashing the first-party data before sending it to Google Ads ensures data protection as personal information (such as email address) is transformed into a hashed/pseudonymized (SHA256) string.

The legal basis for processing your data is Art. 6 para. 1 sentence 1 lit. a GDPR, as far as the processing of your personal data is based on a cookie. Additionally, we have the right to effectively promote our company, so we base data processing on Art 6 para. 1 lit f GDPR. We assume that your interests do not object.

4.c) Use of "DoubleClick"
‍We integrate third-party advertisements based on the Google Marketing Service "DoubleClick." DoubleClick uses cookies, enabling Google and its partner websites to serve ads based on users' visits to this website or other websites on the internet.

We also integrate third-party advertisements based on the Google Marketing Service "AdSense." AdSense uses cookies, enabling Google and its partner websites to serve ads based on users' visits to this website or other websites on the internet. The information about the users collected by "DoubleClick" is transmitted to Google and is stored on Google's servers in the USA. For more information about data protection at Google, see above in 4.a) .

For more information about Google's data usage for marketing purposes, you can find it on the overview page: https://www.google.com/policies/technologies/ads/, the privacy policy of Google is available at https://www.google.com/policies/privacy/.

The legal basis for processing your data is Art 6 para. 1 sentence 1 lit. a GDPR, namely your express consent to set the corresponding cookie.

Storage duration and deletion of data: If you wish to object to collection via Google Marketing Services, you can use the settings and opt-out options provided by Google: http://www.google.com/ads/preferences/ 

‍The following cookies are used by DoubleClick:
Name: Gcl_au
Purpose: This cookie is set by DoubleClick and contains information about how the end user uses the website and about advertising the end user may have seen before visiting this website. 
Duration of storage: 3 months 

Name: IDE
Purpose: This cookie is set by Doubleclick and contains information about how the end user uses the website and about advertising the end user may have seen before visiting this website.
Duration of storage: 1 year 

4.d) Use of YouTube services
‍On our website, we have integrated services from YouTube, a service of Google Ireland Limited (address already mentioned above). If cookies are set in this context, the legal basis for processing your data is Art. 6 para. 1 sentence 1 lit. a GDPR, namely your express consent to set the corresponding cookie.
‍
The following cookies are set by YouTube:
Name: YSC
Purpose: This cookie registers a unique ID to create statistics of the YouTube videos the user has watched.
Duration of storage: session  

Name: VISITOR_PRIVACY_METADATA
Purpose: YouTube visitorprivacy metadata cookie
Duration of storage: 6 months

5. Use of Hotjar
We use Hotjar, a technology tool from Hotjar Ltd, Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141, Malta to better understand the needs of our users and optimize our website as well as your visit to our website (e.g., how much time they spend on which pages, which links they click, what users like and dislike, etc.) and this enables us to build and maintain our service with user feedback.
Hotjar uses cookies and other technologies to collect data about our users' behavior and their devices. This includes the IP address of a device (processed during your session and stored in anonymized form), the screen size of the device, the device type (unique device identifiers), browser information, geographical location (only country), and preferred language to display our website. Hotjar stores this information in a pseudonymized user profile on our behalf. Hotjar is contractually bound not to sell any of the data collected on our behalf. We have entered into a data processing agreement with Hotjar, which protects compliance with applicable data protection laws.

Further information about data protection at Hotjar can be found at: https://www.hotjar.com/de/datenschutz/

No transmission of personal data to countries outside the EU takes place according to Hotjar and our contractual agreement.

The following cookies are used by Hotjar: 
Name: hjSession_3666709
Purpose: Contains current session data. Ensures that subsequent requests within the session window are assigned to the same session. 
Duration of storage: 30 minutes 

Name: _hjSessionUser_3666709
Purpose: Is set when a user accesses a page for the first time. Ensures that data from subsequent visits to the same website are assigned to the same user ID. User is not tracked across further websites
Duration of storage: 1 year

6. Use of SalesViewer® technology
On this website, data for marketing, market research, and optimization purposes are collected and stored using SalesViewer® technology from SalesViewer® GmbH based on the legitimate interests of the website operator (Art. 6 para.1 lit.f GDPR).

This involves using a JavaScript-based code that is used to collect company-specific data and corresponding usage. The data collected using this technology are encrypted using a non-reversible one-way function (so-called hashing). The data are immediately pseudonymized and not used to personally identify the visitor of this website.

The data stored within Salesviewer® are deleted as soon as they are no longer needed for their intended purpose, and no legal retention requirements contradict the deletion.

You can object to data collection and storage at any time with future effect by clicking this link https://www.salesviewer.com/opt-out, to prevent collection by SalesViewer® within this website in the future. An opt-out cookie for this website will be set on your device. If you delete your cookies in this browser, you need to click this link again.
‍

7. Use of Framer
Framer is a tool from Framer B.V., Rozengracht 207B, 1016 LZ Amsterdam, Netherlands (hereinafter Framer).

When you visit our website, Framer captures various log files including your IP addresses.

Framer is a tool for creating and hosting websites. Framer stores cookies or other recognition technologies, which are required for the page to display, to provide certain website functions, and to ensure security (necessary cookies).

The use of Framer is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the most reliable presentation of our website as possible and assume that you as a visitor of our website have an interest in this presentation and your privacy interests do not outweigh this.

Framer partially transfers personal data to the USA. The USA is not a secure third country in terms of European data protection laws, so personal data transferred to the USA do not fall under the same protection standards as in Europe. Framer uses standard contractual clauses approved by the EU Commission in accordance with Art. 46 paras. 2 and 3 GDPR as the legal basis for data transfers to third countries to comply with the European data protection level outside the EU.

Further information about data protection at Framer can be found here: https://www.framer.com/privacy/

‍8. Application via our integrated Personio application page
Applicants can submit their applications to us using an online form on our website. The data will only be transmitted to us encrypted, following the state of the art. 

We work with Personio GmbH (Rundfunkplatz 4, 80335 Munich, Germany) in our company regarding the processing of applicant data, which acts as a data processor (hereinafter: AV) for us under Art 28 GDPR. We have concluded the necessary AV contract with Personio GmbH. Personio GmbH is contractually bound to store personal data exclusively on ISO-certified servers in Germany. 

Alternatively, applicants can submit their applications to us via email. In addition, applicants are still able to send their applications to us via post. In the course of the application process, your data are used by the HR department and other authorized persons, mainly by the executives involved in the application process, within E-Works Mobility GmbH to assess your suitability for the advertised position. 

The processing of personal data for your application is legitimized in accordance with Art. 6 para. 1 b GDPR, namely the execution of pre-contractual measures that are carried out at your request (Art. 6 para. 1 lit. b GDPR). 

The data provided by applicants will be further processed for the purpose of employment in the case of a successful application and subsequently deleted according to the applicable retention periods for employment relationships.

If an application is unsuccessful, deletion occurs after a period of six months to answer any follow-up inquiries about the application and to comply with our proof requirements under the General Equal Treatment Act (AGG). If an applicant withdraws their application, we will delete the applicant's data without delay. The separate privacy notice for applicants applies to processing personal data in the application process, which we will provide during the application process.
‍
9. Contact possibility through the website
We are pleased if you contact us via email or telephone using the contact details provided in the imprint. In addition, you have the option to contact us via our contact form on the website. The data transmitted to us in this regard are automatically stored and forwarded to the responsible employees at our company, who then directly contact you.

The processing of personal data occurs insofar as it serves to prepare a contractual relationship as well as to fulfill our obligations from already concluded contracts, Art 6. (1) (b) GDPR.

Within the framework of contact through the website, we process your first and last name, email address, phone number, the company with which you contact us as well as any other personal data you provide us through the free text fields in the contact form.

10. Integration of social media platforms such as LinkedIn and Instagram
Social media platforms are integrated into our website under a simple link. Data transfer to the following social media platforms only occurs when you click on the respective link. We have integrated links to the offers of the following companies on our website:
‍
A click on the icon Instagram establishes a direct connection to the services of Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Which data are collected and how they are used, please refer to the privacy notices of the provider: https://help.instagram.com/

A click on the icon LinkedIn establishes a direct connection to the services of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Pl, Grand Canal Dock, Dublin 2, Ireland. Which data are collected and how they are used, please refer to the privacy notices of the provider: www.linkedin.com/legal/privacy-policy
‍
A click on the icon YouTube or on a video on our website establishes a direct connection to the services of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. Further information about privacy at YouTube can be found in their privacy policy under: https://policies.google.com/privacy?hl=de.  
‍
11. Routine deletion and blocking of personal data
We store personal data according to the respective purpose of storage only for the period necessary to achieve the storage purpose. This results in particular from the commercial storage and archiving periods applicable to us.
‍
12. Your rights as a data subject
As a data subject, you have certain rights regarding your personal data, which we would like to explain below:
‍
‍Right of access (Art. 15 GDPR) –Under the conditions specified in Art. 15 GDPR, you have the right to obtain confirmation from us as to whether personal data that concern you are being processed, and, if this is the case, access to the personal data and specific information about its processing. Please note that this right is subject to certain legal restrictions (especially under § 34 BDSG).

‍Right to rectification (Art. 16 GDPR) –Under the conditions specified in Art. 16 GDPR, you have the right to obtain from us the rectification of inaccurate personal data and the completion of incomplete personal data concerning you.

‍Right to erasure (right to be forgotten) (Art. 17 GDPR) – Under the conditions specified in Art. 17 GDPR, you have the right to have certain personal data concerning you deleted by us, e.g., data no longer needed for legitimate purposes (e.g., establishment, exercise, or defense of legal claims).

‍Right to restriction of processing (Art. 18 GDPR) – Under the conditions specified in Art. 18 GDPR, you have the right to obtain the restriction of the processing of certain personal data from us, for example data you claim are incorrect.

‍Right to data portability (Art. 20 GDPR) – Under the conditions specified in Art. 20 GDPR, you have the right to have personal data concerning you which are only processed automatically based on your consent forwarded by us in a machine-readable format to third parties.

‍Right to object (Art. 21 para. 1 GDPR) –Under the conditions specified in Art. 21 GDPR, you have the right to object to specific processing operations of your personal data for reasons relating to your particular situation. In such a case, we cannot comply with your objection if there are compelling legitimate grounds for the processing that override your interests or if the processing is necessary for the establishment, exercise, or defense of legal claims.

‍Right to object to direct marketing (Art. 21 para. 2 GDPR) – You can object at any time to the further processing of personal data concerning you for direct marketing purposes, with the consequence that we will no longer process such data for this purpose; this also applies to profiling, insofar as it is related to such direct marketing.
‍
‍Automated decisions (Art. 22 GDPR) – Without your consent, we will not make decisions that have legal effects on you or similarly significantly affect you, which are based solely on automated processing (including profiling).
‍
‍Right to complain
‍You have the right to complain to a supervisory authority. This may include the supervisory authority responsible for your place of residence or the general supervisory authority responsible for us (point 1.3.).

The supervisory authority responsible for us is:

Bavarian State Office for Data Protection Supervision
House address: Promenade 27 (Castle)
PO Box: 606
91522 Ansbach
Germany
‍
Data protection authority contact details:
T +49 981 53 1300
F +49 981 53 98 1300
poststelle@lda.bayern.de

If you want to file a complaint, you may also use the complaint form offered at https://www.lda.bayern.de/de/complaint.html.

You can contact us in any form, including via the contact details provided in the imprint, to exercise your rights, particularly to revoke any consent you may have given. To exercise your rights, it may be necessary for you to identify yourself to us as the affected person.

‍13. Confidentiality and security of your personal data
‍We are obliged to keep the personal data provided to us securely, and we have implemented appropriate policies, provisions, and technical measures for information security to protect the personal data for which we are responsible from unauthorized access, improper use or disclosure, unauthorized alteration, unlawful destruction or accidental loss. All our partners, employees, consultants, labor forces, and data processors (i.e., those who process your personal data on our behalf for the aforementioned purposes) with access to personal data and responsibility for their processing are obliged to maintain the confidentiality of this personal data.

‍14. Questions about data protection
‍If you have any questions regarding data protection at E-Works Mobility, you can address these questions to datenschutz@eworks-mobility.de.