+++ New: Flexibly BUY or RENT your Enpal solar solution. +++
At Enpal Heat GmbH ("Enpal" or "we"), data protection has the highest priority. We are pleased that you want to help shape the future of green energy with us and are firmly convinced that protecting your data plays an exceptionally important role in this. With the following information, we would therefore like to explain which types of your personal data we process for which purposes and to what extent within the scope of your contractual relationship with Enpal Heat GmbH. We generally process your personal data within the framework of the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). Personal data in this sense is all individual information about the personal or factual circumstances of an identified or identifiable natural person, such as name, address, date of birth, contact details, customer data, offer and contract data, etc. Unless otherwise stated in these data protection information of Enpal Heat GmbH, Enpal’s general data protection information also applies to the data processing of Enpal Heat GmbH (available here: Enpal Privacy). There we inform you in particular regarding the recipients of personal data (Section F), data transfer to third countries (Section G), the duration of storage and deletion of personal data (Section H), data subject rights (Section I), automated decision-making and profiling (Section K), as well as the obligation to provide personal data (Section L), which apply accordingly to this data protection information.
In addition, Enpal’s general data protection information contains information on data processing when using the Enpal website, in the context of contract initiation and execution with Enpal B.V., as well as when using the Enpal customer portal and the Enpal app.
The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data. The controller for data processing in the context of the use and provision of your data via the Enpal website as well as for contract initiation and execution pursuant to Art. 4 No. 7 GDPR is: Enpal Heat GmbH, Bödikerstr. 25, 10245 Berlin
Email: waermepumpe@enpal.de
Tel.: +49 (0) 30 30808052
For all questions on the topic of data protection in connection with our products and services or the use of our website, you may also contact our data protection officer at any time. They can be reached at the postal address provided and at the email address below. You can reach our data protection officer at:
Enpal B.V.
Data Protection Officer
Bödikerstr. 25, 10245 Berlin
Email: datenschutz@enpal.de
If you enter your data via the questionnaire on our website (e.g. the heat pump planner), we process your personal data in order to contact you and provide you with an individual offer, arrange appointments and send you information as part of the sales process. We will also contact you by telephone to explain your personal offer or clarify queries if you have provided your telephone number. In addition, we will send you, even before entering our sales process and beyond, advertising information about our products and services, if you have given your consent. Communication may take place by email, telephone call, SMS text message, push message or by sending our newsletter. For this purpose, we process, among other things, your name, title as well as your email address and telephone number. You can object to the promotional use of your contact details at any time or withdraw your consent.
· For SMS: Send a text message with the content "STOP" to +49 177 17 86 20 4.
· For emails: Use the unsubscribe link at the end of each email.
· Alternatively: Write to datenschutz@enpal.de and let us know via which channels you no longer wish to receive messages.
Further information on your data subject rights can be found in Enpal’s general data protection information in Section I.
As part of marketing communication, we process, on the basis of your consent within the meaning of Art. 6 (1) lit. a GDPR, the contact information you have provided, i.e. your name, email address, postal address and your telephone number. In our marketing communication you will receive information on
· products and services from the Enpal range, the Enpal group of companies and our partners (systems for generating renewable energies, accessories and related services such as, for example, electricity storage, energy tariffs or electromobility),
· news and developments in the field of renewable energies as well as customer referral programs of the Enpal group of companies (newsletter),
· review invitations and surveys on products and services of the Enpal group of companies, as well as
· the companies of the Enpal group of companies (e.g. corporate development, financial information).
As the individual products and services are offered by different companies of the Enpal group, we forward your contact addresses and – where available – in addition selected data related to your contractual relationship (name, address, subject matter of the ongoing contractual relationship, if applicable grid operator) to the respective responsible Enpal company. This forwarding is covered by your consent. We also use the contact information you provided for the sending of advertising to existing customers, insofar as you have not objected. Contents of such Enpal advertising are recommendations for our own and similar products of Enpal or of companies of the Enpal group. You can object to the use of your contact information at any time free of charge at datenschutz@enpal.de.
We offer you the option of contacting us via the WhatsApp messenger service. We use the services of WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. When using WhatsApp Business, the terms of use and privacy policy of WhatsApp apply. When using WhatsApp, personal data (e.g. metadata) is processed and may also be transferred to servers outside the European Union, in particular to the USA. With regard to data transfers to third countries, the information provided in Section G applies.
The use of WhatsApp Business serves exclusively the purpose of customer communication and responding to inquiries and is based on your consent pursuant to Art. 6 (1) lit. a GDPR. By contacting us via WhatsApp, you agree to communication via this messenger service. You can also grant your consent for us to contact you via WhatsApp either in our solar planner or in conversation with our staff. This consent is voluntary and you will not suffer any disadvantages if you do not give it. You can also withdraw your consent at any time. To do so, you can use the following link and click the ‘No’ button there: Enpal WhatsApp consent. Alternatively, an email to datenschutz@enpal.de is sufficient. The data we collect when you contact us will be deleted after your inquiry has been fully processed, unless we still need your inquiry to fulfil contractual or legal obligations. Further information on your data subject rights can be found in Enpal’s general data protection information in Section H.
Our company uses the customer engagement platform Braze, Inc., 63 Madison Building, 28 East 28th Street, Floor 12, New York, New York 10016 USA, to automatically send emails, SMS, push and in-app messages to customers and prospects. Braze allows the creation of journey workflows (Canvas), cross-channel delivery management and the evaluation of key metrics (deliveries, opens, clicks, unsubscribes, conversions).
The processing of personal data takes place for the purpose of sending personalized marketing, service and transaction messages, for lifecycle automation (onboarding, retention, re-engagement), for performance measurement and optimization using event tracking and A/B tests, and for managing consents and unsubscriptions. The legal basis for this processing is Art. 6 (1) lit. b GDPR, insofar as the respective service and transaction messages are necessary for the fulfilment of the contract, and otherwise Art. 6 (1) lit. f GDPR on the basis of our legitimate interest in you contacting us and us being able to respond to your inquiry and our legitimate interest in direct marketing to existing customers and in optimizing our communication. In this context, the following categories of personal data of customers and prospects are processed:
· Contact and identification data: email address, telephone number, user ID;
· Device-specific identifiers: push tokens, device ID, app ID, browser cookie ID;
· Communication history: campaigns sent, sending times, delivery and error codes;
· Event and interaction data: openings, clicks, unsubscriptions, conversions including timestamps (30-day detailed view);
· Profile data & attributes: language, country, opt-in status, customer status, segments;
· Content of the messages sent (subject, body, links).
With regard to data transfers to third countries, the information provided in Section G of Enpal’s general data protection information regarding Braze applies. Detailed event data (e.g. opens, clicks) is automatically deleted after 30 days. User profiles and attributes are stored for the duration of the business relationship or until revocation or deletion requests are made and are then deleted.
We use Demodesk GmbH as a service provider for video conferences, automated appointment scheduling and AI-supported telephone services to enable efficient and secure communication as part of our customer processes. Provider is Demodesk GmbH, Isartorplatz 8, 80331 Munich. The purpose of the processing is the provision, hosting and maintenance of the Demodesk video conferencing tool and a tool for automated appointment scheduling. We also use Demodesk in some customer calls to record video conferences or telephone calls. This serves the quality assurance of our consulting, the training of employees as well as the documentation of customer conversations in order to be able to clarify queries or conflict cases following customer conversations. In this context, the following categories of personal data of customers and prospects are processed by Demodesk:
· Personal master data,
· Contact and communication data (e.g. telephone, email),
· Technical data (e.g. session URL, screen resolution, names and email addresses of session participants) as well as
· Audio and video recordings and the associated metadata.
The legal basis for processing is Art. 6 (1) sentence 1 lit. f GDPR. Our legitimate interest lies in enabling us to provide our customers with efficient and secure customer service and smooth appointment scheduling. The legal basis for processing conversations with recording or transcription is solely your consent pursuant to Art. 6 (1) lit. a GDPR, which is obtained at the beginning of the conversation by a clear voice prompt and logged by the system. If no consent is given, the conversation is ended or handed over to a human employee. Where consent is required (e.g. for recordings), processing is carried out on the basis of Art. 6 (1) sentence 1 lit. a GDPR.
The recording is used exclusively for the purpose defined prior to the conversation and is not used for performance or behavior monitoring and for profiling. Audio files are automatically deleted after 6 months at the latest (in individual cases earlier), provided there are no statutory retention obligations. Further collected data is deleted as soon as the purpose of its collection no longer applies and there are no statutory retention obligations. Further information is available in the provider’s privacy policy at https://demodesk.com/de/rechtliches/datenschutzerklaerung.
We use telli technologies GmbH for AI-supported telephone services in order to efficiently support customer processes (e.g. appointment scheduling, operator change, fault resolution, receivables management). The provider is telli technologies GmbH, Knaackstraße 78, 10435 Berlin. In this context, the following categories of personal data of customers and prospects are processed by Telli within and outside the EU:
· Usage data (e.g. time, duration of calls, call histories),
· Content data (e.g. inquiries, customer data) as well as
· Meta/communication data (e.g. device information, IP addresses).
At the beginning of each interaction, Telli clearly points out that it is a digital assistant, and reference is made to this data protection information, which contains details on purpose, storage period and data subject rights. Further information is available in the provider’s privacy information at https://hi.telli.so/datenschutz. The recording is used exclusively for the purpose defined prior to the conversation and is not used for performance or behavior monitoring and for profiling. Audio files are automatically deleted after 6 months at the latest (in individual cases earlier), provided there are no statutory retention obligations. Further collected data is deleted as soon as the purpose of its collection no longer applies and there are no statutory retention obligations.
We use Zeeg as a service provider for automated appointment scheduling to enable efficient and secure communication and scheduling as part of our customer processes. Provider is Zeeg GmbH, Friedrichstr. 144A, 10117 Berlin. The purpose of the processing is to provide a tool for automated appointment scheduling. In this context, the following categories of personal data of customers and prospects are processed by Zeeg:
· Personal master data,
· Contact and communication data (e.g. telephone, email),
· Technical data (e.g. session URL, screen resolution, names and email addresses of session participants),
· Appointment and calendar information.
The legal basis for processing is Art. 6 (1) sentence 1 lit. f GDPR. Our legitimate interest lies in enabling us to provide our customers with efficient and secure customer service and smooth appointment scheduling. The recording is used exclusively for the purpose defined prior to the conversation and is not used for performance or behavior monitoring and for profiling. Audio files are automatically deleted after 6 months at the latest (in individual cases earlier), provided there are no statutory retention obligations. Further collected data is deleted as soon as the purpose of its collection no longer applies and there are no statutory retention obligations. Further information is available in the provider’s privacy policy at https://zeeg.me/de/legal/privacy.
We use Signicat as a service provider in order to enable an efficient and secure communication and contract process in our customer processes. Providers are Signicat GmbH, TaunusTurm, Taunustor 1, 60310 Frankfurt. The purpose of the processing is the creation, execution and proof of digital or electronic signatures of important documents, such as the electronic signing of the MVT application or the contract for a heat pump. Information is also collected and recorded that helps the parties prove the validity of the transactions, such as the names of the persons involved and the devices used. In this context, the following categories of personal data of customers and prospects are processed:
· Personal master data,
· Contact and communication data (e.g. telephone, email), as well as
· Technical data (e.g. session URL, screen resolution, names and email addresses of session participants).
The legal basis for processing is Art. 6 (1) sentence 1 lit. b GDPR, insofar as the signing of the document is necessary for the performance of the contract, e.g. the contract itself. In addition, there is a legitimate interest in data processing pursuant to Art. 6 (1) sentence 1 lit. f GDPR in enabling our customers to have an efficient and secure process for contract initiation and execution in which documents can be signed digitally and this is secure and verifiable.
The data is deleted as soon as the purpose of its collection no longer applies and there are no statutory retention obligations. Further information is available in Signicat’s privacy policy at https://www.signicat.com/de/uber-uns/datenschutzhinweise.
As part of the initiation of a contract, we also check the creditworthiness and payment behavior of the interested party in order to decide whether to conclude a contract. This serves to protect against payment defaults and is necessary for the implementation of pre-contractual measures, as Enpal enters into a long-term contractual relationship with you as a customer and fully installs our products at the beginning of the contractual relationship. For this purpose, we obtain information from SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden, and receive details of the verified identity as well as creditworthiness. In doing so, we transmit your name, address and date of birth to SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden. After conclusion of the contract, we also transmit data on non-contractual behavior or fraudulent behavior to SCHUFA. Conversely, we receive data from SCHUFA as part of the credit check and additionally process your place of birth, your SCHUFA score, your score range, your risk ratio and your rating level. Your creditworthiness is only checked after you have had an initial meeting with an Enpal customer advisor and the further procedure has been outlined to you. We carry out the credit check in connection with agreeing an installation preparation appointment. The personal data and information we receive from SCHUFA is one of several decision criteria as to whether we enter into a business relationship with you. No automated decision-making takes place.
We also process the personal data and information received from SCHUFA to verify your ownership of the property in question. The SCHUFA score is transmitted to the respective company of the Enpal group of companies that concludes a contract with you. The scoring is based on a mathematically and statistically recognized and proven procedure. Further information on scoring can be found under ‘Scoring at SCHUFA: Information on the procedure’.
Transfers based on Art. 6 (1) lit. f GDPR may only be made if this is necessary to safeguard the legitimate interests of Enpal or third parties and the interests or fundamental rights and freedoms of the data subject which require the protection of personal data do not override those interests. Enpal’s interest in conducting credit checks is to minimize the financial default risk associated with the long-term sales financing offered. At the same time, credit checks are also carried out to protect potential customers from excessive debt. Data processing is therefore also in the interest of the data subjects, so that there is no overriding interest or fundamental rights and freedoms of the data subjects. The exchange of data with SCHUFA also serves to fulfill legal obligations to carry out credit checks on customers (§§ 505a and 506 of the German Civil Code). The legal basis for data processing is then Art. 6 (1) lit. c GDPR. We store the personal data and information received from SCHUFA for as long as this is necessary for the conclusion of a contract with you and there are no statutory retention or storage periods that prevent deletion.
Further information on the duration of storage and deletion of personal data can be found in Enpal’s general data protection information in Section H. If you decide to conclude a consumer loan agreement with Enpal in order to finance the product you desire, we will transmit your name and date of birth to SCHUFA in order to comply with our legal obligations under the Money Laundering Act (GwG) and for the purpose of preventing money laundering. SCHUFA compares this data with various databases and checks whether entries relating to you are on terrorist and embargo lists or whether the entries relate to a so-called politically exposed person. The legal basis for such processing operations is Art. 6 (1) lit. c GDPR. SCHUFA processes the data it receives and also uses it for the purpose of profiling (scoring) in order to provide its contractual partners in the European Economic Area and in Switzerland as well as, where applicable, other third countries (provided that an adequacy decision exists by the European Commission or standard contractual clauses have been agreed, which can be viewed at www.schufa.de) with information, among other things, for the assessment of the creditworthiness of natural persons. Further information on the activities of SCHUFA and on data protection (in particular storage period and your data subject rights vis-à-vis SCHUFA) can be found under ‘Data protection | SCHUFA’.
In addition, personal data is collected at notaries who provide Enpal with the land register extract required for the conclusion of the contract. Processing for the purpose of verifying ownership is carried out on the basis of Art. 6 (1) lit. b GDPR, as this is necessary for further contract initiation and for the conclusion of the contract.
If you conclude a contract with us, we process your personal data for the performance of the contract. The scope of data processing depends on which contract(s) you enter into with us. A more detailed description of the individual processing operations can be found below in the respective subsection. We generally only process your data for the purpose of contract performance, unless otherwise described below. The legal basis is therefore generally Art. 6 (1) lit. b GDPR. In addition, we continue to store your data for commercial and tax law reasons. Further information on the duration of storage and deletion of personal data can be found in Enpal’s general data protection information in Section H.
In the context of planning, installation, operation and maintenance or repair of your heat pump, Enpal processes the following personal data:
· Personal data (e.g. name, first name, birth name, date of birth, place of birth),
· Contact details (address, possibly previous addresses, phone no., email address),
· Data collected as part of customer communication,
· Order data,
· Processing data,
· Data on employment relationship, income and debt,
· Payment data and creditworthiness data of the customer,
· Accounting and tax-relevant data,
· Contract data,
· Usage data,
· Consent data,
· Data for identifying the customer,
· Energy industry master data (e.g. identification number market and metering locations, previous supplier, annual electricity consumption)
,· Meter data such as consumption data, performance values, device-specific consumption data, feed-in data,
· Photos (house view, outer roof side, meter cabinet, inverter, fuse box, AC box, heating cellar, radiators in all rooms of the house, old system),
· Personal inventory data,
· Data on energy consumption,
· Property-related data,
· as well as, in the context of a repair, further data necessary for a repair operation, technical data of the heat pump combined with data that indicate the geographical location of the property.
In addition, this data is also combined and jointly processed with data from the operation of the photovoltaic system as well as the wallbox, should you also have a photovoltaic system and wallbox from Enpal B.V. This includes the electricity production by your photovoltaic system, the charge level of the battery storage, data on grid feed-in, the current, daily, weekly, monthly and yearly exact electricity consumption of the household, the heat pump and, where applicable, the wallbox. This processing serves to control the heat pump. As soon as the contract has been concluded, we transmit personal data to the refinancing credit institutions and investors for the refinancing of the heat pump. This is necessary in order to assert the assignment of your contractual rights regulated in the General Terms and Conditions for renting a heat pump and to transfer the corresponding claims to the respective credit institution. As part of contract execution, Enpal takes out insurance for your heat pump. For this purpose, Enpal transmits personal data to insurance companies. This is necessary in order to be able to offer you the heat pump on a rental basis.
If you, as a customer, sell your property or the parts of the property on which the heat pump is installed, you are entitled and obliged pursuant to our General Terms and Conditions to transfer the contractual relationship with all rights and obligations to the purchaser. For the purpose of carrying out the operator change, we process personal data of the previous and new owner.
In the context of grid registration, we process contact data, address data, contract data, payment data, accounting and tax-relevant data, property-related data and personal inventory data.
Enpal offers Bosch Smart Thermostats, which give customers the opportunity to reduce their heating costs and control the thermostats digitally. For the provision and use of these thermostats, it is necessary to transmit certain personal data (e.g. contact details, technical device and installation information) to Robert Bosch Smart Home GmbH. Bosch processes this data under its own responsibility for the setup, control and ensuring the functionality of the thermostats as well as for the provision of support and service (e.g. second-level support). The processing and transmission of this data takes place for the performance of the respective contract for the use of the thermostats; the legal basis is Art. 6 (1) lit. b GDPR.
We occasionally update this privacy information, for example when we adapt our website or when legal or regulatory requirements change.