Privacy statement.

INTRODUCTION

Thank you for visiting our website. Sunlight GmbH (hereinafter ”Sunlight”, ”we” or ”us”) attaches great importance to the security of users’ data and compliance with data protection regulations. We would like to inform you below about the processing of your personal data on our website.

 

Responsible body and data protection officer

Responsible body:

Sunlight GmbH, Ölmühlestr. 6, 88299 Leutkirch

Tel.: +49 7561 9097-200

E-Mail: info@sunlight.de

External Data Protection Officer:

DDSK GmbH, Dr.-Klein-Str. 29, 88069 Tettnang

Tel.: 07542 949 21 – 01

E-Mail: datenschutz@sunlight.de

Terms

The terms used in this privacy notice should be understood as having the meanings defined in Art. 4 GDPR.

 

Notes on data processing

Automated data processing (log files etc.)

Our website can be visited without the user having to actively enter personal data. However, we automatically store access data (server log files) each time the website is called up, such as the name of the Internet service provider, the operating system used, the particular website from which the user visited us, the date and duration of the visit or the name of the file requested, as well as the IP address of the terminal device used for a period of 7 days for security reasons, e.g. to detect attacks on our website. This data is evaluated only to improve our services and does not allow any conclusions to be drawn about the person of the user. This data will not be aggregated with other data sources.

We process and use the data for the following purposes: provision of the website, improvement of our website, prevention and detection of errors/malfunctions and misuse of the website.

 

Legal basis:                            Legitimate interest, Art. 6 para. 1 lit. f) GDPR

Legitimate interests:                Ensuring the functionality, error-free and secure operation of the website and adapting this website to the requirements of users.

 

Use of cookies (General, Functionality, Opt-Out Links, etc.)

We use so-called cookies on our websites in order to make your visit to our website attractive and to enable the use of certain functions. The use of cookies serves our legitimate interest in making the visit to our website as pleasant as possible and is based on Art. 6 para. 1 lit. f) GDPR. Cookies are a standard Internet technology for storing and retrieving login and other usage information for all users of the website. Cookies are small text files, which are placed on your terminal device. Among other things, they enable us to store user settings, so that our websites can be displayed in a format that is customized for your device. Several of the cookies used by us are deleted again after the end of the browser session, therefore after your browser is closed (so-called session cookies). Other cookies remain on your terminal device and enable us or our partner companies to recognize your browser the next time you visit the website (so-called permanent cookies).

You can set your browser so that you are informed about the setting of cookies and can make individual decisions about their acceptance or exclude the acceptance of cookies for certain cases or generally. The cookies can furthermore be deleted subsequently in order to remove data that websites have lodged on your computer. The deactivation of cookies (so-called opt-out) may lead to some restrictions in the functionality of our website.

 

Categories of data subjects:   Website visitors, users of online services

Opt-Out:                      

Internet Explorer:

https://support.microsoft.com/de-de/help/17442

Firefox:

https://support.mozilla.org/de/kb/wie-verhindere-ich-dass-websites-mich-verfolgen

Google Chrome:

https://support.google.com/chrome/answer/95647?hl=de

Safari

https://support.apple.com/de-de/HT201265

Legal basis:                            Consent (Art. 6 para. 1 lit. a) GDPR); legitimate interests (Art. 6 para. 1 lit. f) GDPR).

The relevant legal basis in each case is specifically named with the corresponding tool.

Legitimate interests:                Storage of opt-in preferences, presentation of the website, ensuring the functionality of the website, preservation of user status across the entire website, recognition for next website visitors, user-friendly online offering, ensuring chat function

 

Web analysis and optimisation

To enable us to evaluate visitor flows in relation to our online offering, we use tools for web analysis and reach measurement.  For this purpose, we collect information about the behaviour, interests and demographic information of our visitors, such as age, gender or similar. This helps us to identify when our online offer, its functions or content are most popular. This helps us to recognize at what time our online offer, its functions or contents are most frequented or invite repeated visits. In addition, we can use the information collected to determine whether our online offering needs to be optimized or adapted.

The information collected for this purpose is stored in cookies or similar processes and is used for reach measurement and optimization. The data stored in the cookies may include content viewed, online sites visited, settings and functions and systems used. As a rule, however, no clear user data is processed for the purposes described. In this case, data is changed in such a way that the actual identity of the user is known neither to us nor to the provider of the tool used. The data modified in this way is often stored in user profiles.

Categories of data subjects:   Website visitors, users of online services

Categories data:                      User data (e.g. websites visited, interest in content, access times), meta and communication data (e.g. device information, IP addresses), contact data (e.g. e-mail address, telephone number), content data (e.g. text information, photographs, videos)

Purposes of processing:         Website analysis, reach measurement, utilisation and evaluation of website interaction, lead evaluation.

Legal basis:                            Consent (Art. 6 para. 1 lit. a) GDPR); legitimate interests (Art. 6 para. 1 lit. f) GDPR).

Legitimate interests:                Optimisation and further development of the website, profit increase, customer loyalty and customer acquisition

Hotjar

Service used:               Hotjar Ltd., Level 2, St. Julians Business Centre, 3 Elia Zammit Street, St. Julians STJ 1000, Malta

Data protection:            https://www.hotjar.com/legal/policies/privacy

Opt-Out-Link                 https://www.hotjar.com/legal/compliance/opt-out

Legal basis:                  Consent (Art. 6 para. 1 lit. a) GDPR)

Onlinemarketing

In order to continuously increase our reach and the awareness of our online offering, we process personal data as part of online marketing, in particular with regard to potential interests and the measurement of the effectiveness of our marketing actions.

For the purpose of measuring the effectiveness of our marketing actions and recognizing potential interests, relevant information is stored in cookies or similar procedures are used. The data stored in the cookies may include content viewed, online sites visited, settings and functions and systems used. As a rule, however, no clear user data is processed for the purposes described. The data is then modified in such a way that the actual identity of the user is known neither to us nor to the provider of the tool used. The data modified in this way is often stored in user profiles.

In the case of storage of user profiles, the data can be read out, supplemented and added to on the server of the online marketing provider when visiting other online offers that use the same online marketing procedure.

We can determine the success of our advertisements on the basis of summarized data supplied  to us by the provider of the online marketing procedure (so-called conversion measurement). Within the scope of these conversion measurements, we can understand whether a marketing measure has led to a purchase decision by the visitor to our online offer. This assessment process is used to analyse the success of our online marketing.

Categories of data subjects:   Website visitors, users of online services, interested parties, communication partners, business and contractual partners.

Categories of data:                  User data (e.g. websites visited, interest in content, access times), meta and communication data (e.g. device information, IP addresses), location data, contact data, content data (e.g. text details, photographs, videos).

Purposes of the processing: Marketing (partly also interest-based and behavioural), conversion measurement, target group formation, click tracking, development of marketing strategies and increasing the efficiency of campaigns.

Legal basis:                            Consent (Art. 6 para. 1 lit. a) GDPR); legitimate interests (Art. 6 para. 1 lit. f) GDPR).

Legitimate interests:               Optimisation and further development of the website, profit increase, customer retention and acquisition

Google Tag Manager

Service used:                Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Data protection:            https://policies.google.com/privacy

Opt-Out-Link:                https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/

Legal basis:                  Legitimate interests (Art. 6 para. 1 lit. f) GDPR)

Legitimate interests:      Coordination of different tools, management, ease of use and presentation

 

Google Analytics 4 Property

Service used:              Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Data protection:            https://policies.google.com/privacy

Opt-Out-Link:                https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/

Legal basis:                  Consent (Art. 6 para. 1 lit. a) GDPR)

 

Google Signals

Service used:              Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Data protection:            https://policies.google.com/privacy

Opt-Out-Link:                https://tools.google.com/dlpage/gaoptout?hl=de  or https://myaccount.google.com/

Legal basis:                  Consent (Art. 6 para. 1 lit. a) GDPR)

 

Google Optimize

Service used:              Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Data protection:            https://policies.google.com/privacy

Opt-Out-Link:                https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/

Legal basis:                  Consent (Art. 6 para. 1 lit. a) GDPR)

 

Google AdWords and conversion measurement

Service used:              Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Data protection:            https://policies.google.com/privacy

Opt-Out-Link:                https://tools.google.com/dlpage/gaoptout?hl=de  or https://myaccount.google.com/

Legal basis:                  Consent (Art. 6 para. 1 lit. a) GDPR)

 

Google Doubleclick

Service used:              Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Data protection:            https://policies.google.com/privacy

Opt-Out-Link:                https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/

Legal basis:                  Consent (Art. 6 para. 1 lit. a) GDPR)

 

Google Adsense with personalized ads

Service used:              Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Data protection:            https://policies.google.com/privacy

Opt-Out-Link:                https://tools.google.com/dlpage/gaoptout?hl=de  or https://myaccount.google.com/

Legal basis:                  Consent (Art. 6 para. 1 lit. a) GDPR)

 

Facebook-Pixel

Service used:                Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland

Data protection:            https://www.facebook.com/privacy/explanation

Opt-Out-Link:                https://www.facebook.com/policies/cookies/

Legal basis:                  Consent (Art. 6 para. 1 lit. a) GDPR)

 

LinkedIn

Service used:               LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA

Data protection:            https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy

Opt-Out-Link:                https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Legal basis:                  Consent (Art. 6 para. 1 lit. a) GDPR)

 

Social Media presences

We maintain online presences on social networks and career platforms in order to exchange information with the users registered there and to be able to contact them in an uncomplicated manner.

In some cases, the data of users on social networks is used to conduct market research and thus pursue advertising purposes. User profiles can be created and used to adapt advertisements to the interests of target groups by means of the user behaviour, e.g. the indication of interests. Cookies are regularly stored on the end devices of users for this purpose, in part regardless of whether they are registered users of the social network.

In connection with the use of social media, we also use the associated messaging systems in order to be able to communicate with users in an uncomplicated way. We would like to point out that the security of individual services may depend on the account settings of the user. Even in the case of end-to-end encryption, the service provider can draw conclusions about the fact that and when users communicate with us as well as possibly collect location data.

Depending on where the social network is operated, user data may be processed outside the European Union or the European Economic Area. This may result in risks for users, for example because it makes it more difficult to enforce their rights.

 

Categories of data subjects:   Registered users and non-registered users of the social network.

Categories of data:                 Master data (e.g. name, address), contact data (e.g. email address, telephone number), content data (e.g. text details, photographs, videos), usage data (e.g. websites visited, interests, access times), meta and communication data (e.g. device information, IP address).

Purposes of processing:        extension of reach, networking

Legal basis:                            Legitimate interests (Art. 6 para. 1 lit. f) DSGVO), consent (Art. 6 para. 1 lit. a) GDPR).

Legitimate interests:               Interaction and communication on social media presence, profit increase, insights into target groups

 

GIPHY

Service used:                  GIPHY Inc., 416 West 13th Street, Suite 207, New York, NY 10014, USA

Data protection:              https://support.giphy.com/hc/en-us/articles/360032872931-GIPHY-Privacy-Policy

 

Instagram

Service used:                  Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland

Data protection:              https://help.instagram.com/519522125107875

and https://www.facebook.com/about/privacy

Opt-Out-Link:                  https://www.instagram.com/accounts/login/?next=/accounts/privacy_and_security/

 

Facebook

Service used:                  Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland

Data protection:              https://www.facebook.com/privacy/explanation

and https://www.facebook.com/legal/terms/page_controller_addendum

Opt-Out-Link:                  https://www.facebook.com/policies/cookies/

 

LinkedIn

Service used:               LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA

Data protection:            https://www.linkedin.com/legal/privacy-policy

Opt-Out-Link:                https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

 

TikTok

Service used:               TikTok Inc., 10100 Venice Blvd., Culver City, CA 90232, USA

Data protection:            https://www.tiktok.com/legal/privacy-policy?lang=de

 

Vimeo

Service used:               Vimeo Inc., 555 West 18th Street New York, New York 10011, USA

Data protection:            https://vimeo.com/privacy

Opt-Out-Link:                https://vimeo.com/cookie_policy

Legal basis:                  Consent (Art. 6 para. 1 lit. a) GDPR

 

YouTube

Service used:               Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Data protection:            https://policies.google.com/privacy?hl=de&gl=de

Opt-Out-Link:                https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/

 

Plug-ins and integrated contents of third parties

We have integrated functions and content into our online offer that are obtained from third-party providers. For example, videos, presentations, buttons or articles (hereinafter referred to as content) can be integrated.

In order to be able to display content to visitors to our online offer, the respective third-party provider processes, among other things, the IP address of the user so that the content can be transmitted to the browser and displayed. Without this processing, the display of third-party content is not possible.

In some cases, additional information is collected via so-called pixel tags or web beacons, through which the third-party provider receives information about the use of the content or visitor traffic on our online offer, technical information about the browser or the user’s operating system, the time of the visit or about referring websites. The data obtained in this way is stored in cookies on the user’s terminal device.

In order to protect the personal data of visitors to our website, we have taken certain security precautions to prevent the automatic transmission of this data. This data is only transmitted when users use the buttons or click on the third-party content.

 

Categories of data subjects:   Users of the plug-in or embedded third-party content.

Categories of data:                  Usage data (e.g. websites visited, interests, access time), meta and communication data (e.g. device information, IP address), contact data (e.g. e-mail address, telephone number), master data (e.g. name, address).

Purposes of processing:        designing our online offer, increasing the reach of advertisements in social media, sharing posts and content, interest- and behaviour-based marketing, cross-device tracking

Legal basis:                            Consent (Art. 6 para. 1 lit. a) GDPR)

 

Facebook Social Plugins

Service used:              Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland

Data protection:            https://www.facebook.com/privacy/explanation

Opt-Out-Link:                https://www.facebook.com/policies/cookies/

Legal basis       :           Consent (Art. 6 para. 1 lit. a) GDPR)

 

GIPHY

Service used:                  GIPHY Inc., 416 West 13th Street, Suite 207, New York, NY 10014, USA

Data protection:              https://support.giphy.com/hc/en-us/articles/360032872931-GIPHY-Privacy-Policy

 

Google Maps

Service used:               Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Data protection:            https://policies.google.com/privacy?hl=de&gl=de

Opt-Out-Link:                https://tools.google.com/dlpage/gaoptout?hl=de  or https://myaccount.google.com/

Legal basis:                  Consent (Art. 6 para. 1 lit. a) GDPR)

 

ReCaptcha

Service used:               Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Data protection:            https://policies.google.com/privacy?hl=de&gl=de

Opt-Out-Link:                https://tools.google.com/dlpage/gaoptout?hl=de  or https://myaccount.google.com/

Legal basis:                  legitimate interests (Art. 6 para. 1 lit. f) GDPR)

 

Spotify Music Player Widget

Service used:               Spotify AB, Regeringsgatan 19, Stockholm 111 53, Sweden

Data protection:            https://www.spotify.com/de/legal/privacy-policy/

Opt-Out-Link:                https://www.spotify.com/de/legal/cookies-policy/

Legal basis:                  Consent (Art. 6 para. 1 lit. a) GDPR)

 

YouTube

Service used:               Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Data protection:            https://policies.google.com/privacy?hl=de&gl=de

Opt-Out-Link:                https://tools.google.com/dlpage/gaoptout?hl=de   or https://myaccount.google.com/

Legal basis:                  Consent (Art. 6 para. 1 lit. a) GDPR)

 

Vimeo

Service used:               Vimeo Inc., 555 West 18th Street New York, New York 10011, USA

Data protection:            https://vimeo.com/privacy

Opt-Out-Link:                https://vimeo.com/cookie_policy

Legal bais:                   Consent (Art. 6 para. 1 lit. a) GDPR)

 

WordPress.com

Service used:               Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA

Data protection:            https://automattic.com/privacy/

Opt-Out-Link                 https://automattic.com/cookies/

 

Issuu

Service used:               Issuu, GmbH, Schwedter Str. 36A, 10435 Berlin; Germany

Data protection:            https://issuu.com/legal/privacy

Legal basis:                  Consent (Art. 6 para. 1 lit. a) GDPR)

 

Linktree

Service used:               Linktree Pty Ltd, 1-9 Sackville Street, Collingwood VIC 3066, Australia

Data protection:            https://linktr.ee/s/privacy/

Legal basis:                  Consent (Art. 6 para. 1 lit. a) GDPR)

 

Newsletter and broad communication (possibly with tracking)

On our online offer, users have the option of subscribing to our newsletter or any notifications via various channels (hereinafter referred to as newsletter). Within the framework of the legal provisions, we only send newsletters to recipients who have consented to receive the newsletter. We use a selected service provider to send our newsletter.

In order to subscribe to one of our newsletters, it is necessary to provide an e-mail address. If necessary, we collect additional data, such as the name, in order to provide our newsletter with a personal address.

Our newsletter is only sent after the so-called double opt-in procedure has been completed. If visitors to our website decide to subscribe to our newsletter, they will receive a confirmation e-mail, which is intended to prevent the misuse of false e-mail addresses and to prevent the newsletter from being sent simply by clicking on it, possibly by mistake. You can unsubscribe from our newsletter at any time in the future. An unsubscribe link (opt-out link) is included at the end of each newsletter.

In addition, we are obliged to provide proof that our subscribers actually wanted to receive the newsletter. For this purpose, we collect and store the IP address and the time of subscription and their log-in and log-out times.

Our newsletters are designed in such a way that it is possible for us to gain insights into improvements, target groups or the reading behaviour of our subscribers. This enables us to use a so-called web beacon or a tracking pixel, which reacts to interactions with the newsletter, for example whether links are clicked on, whether the newsletter is opened at all or at what time the newsletter is read. For technical reasons, we can assign this information to individual subscribers.

 

Categories of data subjects:   Newsletter subscribers

Categories of data:                 Master data (e.g. name, address), contact data (e.g. e-mail address, telephone number), meta and communication data (e.g. device information, IP address), usage data (e.g. interests, access times).

Purposes of processing:        Marketing, customer retention and acquisition of new customers, analysis and evaluation of the success of the campaign.

Legal basis:                            Consent (Art. 6 para. 1 lit. a) GDPR)

 

Salesforce

Service used:                           Salesforce.com, inc. Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA

Data protection:                        https://www.salesforce.com/uk/company/privacy/

 

Raffles and competitions

We use our online presences to run prize draws and/or competitions. In doing so, we process the data of the participants, as required for the implementation of the respective campaign. This also includes data which we require to inform the winner and to distribute the prize.

Depending on the nature of the campaign, contributions from or about the participants in the promotion may be published, for example when reporting on the respective promotion or if a vote on a contribution submitted by the participant is part of the promotion. The name of the participant will also be published. The data we process in individual cases depends on the specific action carried out and on the data we receive from the participant.

The implementation of the respective action on our presence in a social network is also subject to the usage and data protection provisions of the respective network.

 

Categories of data subjects:   Campaign participants

Categories of data:                 Master data (e.g. name, address), contact data (e.g. e-mail address, telephone number), content data (e.g. text entries, photos, videos).

Purposes of processing:        Competition implementation incl. prize distribution and announcement of the winner in various media.

Legal basis:                            Consent (Art. 6 para. 1 lit. a) GDPR)

 

Contact

On our online offer, we provide the possibility to contact us directly or to obtain information via various contact options. In order to always have an overview of the contacts made with us, we use a management tool for processing the corresponding enquiries.

In the event of contact being made, we process the data of the person making the enquiry to the extent necessary to answer or process the enquiry. The data processed may vary depending on the method used to contact us.

 

Categories of data subjects:   Enquirers

Categories of data:                  Master data (e.g. name, address), contact data (e.g. e-mail address, telephone number), content data (e.g. text entries, photographs, videos), usage data (e.g. interests, access times), meta and communication data (e.g. device information, IP address).

Purposes of processing:         processing of enquiries

Legal basis:                            Consent (Art. 6 para. 1 lit. a) GDPR), fulfilment or initiation of a contract (Art. 6 para. 1 lit. b) GDPR).

Zendesk

Service used:                           Zendesk, Inc., 989 Market Street #300, San Francisco, CA 94102, USA

Data protection:                        https://www.zendesk.de/company/customers-partners/privacy-policy/

 

3CX

Service used:                          Die 3CX GmbH; 4, Markou Drakou; 2409 Engomi; Nicosia; Cyprus

Data protection:                    https://www.3cx.com/company/privacy/ 

 

INFORMATION ON THE PROCESSING OF CUSTOMER/SUPPLIER DATA (TRADING PARTNERS)

You can find more information about the processing of customer/supplier data here: Information on the processing of customer-supplier data SUNLIGHT.pdf (dropbox.com)

 

Appointments for for a test drive/inspection/consultation with a trading partner

Via our website you have the possibility to arrange a test drive and/or a consultation appointment. For this purpose, the necessary personal data is collected and transmitted to the dealer you have selected: Name, title, e-mail address, preferred vehicle type. If you wish to be contacted by telephone by your selected dealer, the telephone number will also be collected and transmitted as voluntary information. For general assurance that the appointment will be carried out as agreed, we will send you a confirmation and an appointment reminder.

This collection, storage and transmission of data is based on your voluntarily given consent within the meaning of Art. 6 Para. 1 S. 1 lit. a) in conjunction with Art. 7 GDPR. You can revoke this consent at any time at info@sunlight.de or by post to Sunlight GmbH, Ölmühlestraße 6, 88299 Leutkirch with effect for the future. In addition, you can also assert your rights against the retailer. To do this, contact the dealer you have selected.

Salesforce

Service used:                           Salesforce.com, inc. Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA

Data protection:                        https://www.salesforce.com/uk/company/privacy/

 

Vehicle configuration

On our website, you have the option of putting together your vehicle individually using our configurator. You can have this configuration sent to your e-mail address as a download link.

This collection, storage and transmission of data is based on your voluntarily given consent within the meaning of Art. 6 Para. 1 S. 1 lit. a) in conjunction with Art. 7 DSGVO. Art. 7 DSGVO. You can revoke this consent at any time at info@sunlight.de or by post to Sunlight GmbH, Ölmühlestraße 6, 88299 Leutkirch with effect for the future.

 

Salesforce

Service used:                           Salesforce.com, inc. Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA

Data protection:                        https://www.salesforce.com/uk/company/privacy/

 

Data transmission

We transmit the personal data of visitors to our online offer for internal purposes (e.g. for internal administration or to the personnel department in order to comply with legal or contractual obligations). The internal transfer or disclosure of data only takes place to the extent necessary and in compliance with the relevant data protection regulations.

We are a globally active company with headquarters in Germany. The data of visitors to our online offer is stored in our centralised customer database in Germany in compliance with the relevant data protection regulations and is processed within this framework throughout the group for internal administrative purposes. No processing beyond administrative purposes takes place.

 

Legal basis:                             Legitimate interests (Art. 6 para. 1 lit. f) GDPR)

Legitimate interests:                So-called small group privilege, centralised management and administration within the company to exploit synergy effects, save costs, increase effectiveness.

Recipients:                              https://www.erwinhymergroup.com/de/unternehmen/ueber-die-erwin-hymer-group

In the event that we transfer data to a country outside the EEA for internal processing within the Group, we ensure that the processing is legally permissible in the manner we intend. In this case, we have concluded Binding Corporate Rules/standard data protection clauses including a separate regulation of suitable technical and organisational measures in order to protect the data of data subjects in the best possible way. A copy of the guarantee used is available at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de

 

Storage period

As a matter of principle, we store the data of visitors to our online offer for as long as is necessary for the provision of our service or if this has been provided for by the European Directive and Regulation Maker or another legislator in laws or regulations to which we are subject. In all other cases, we delete the personal data after the purpose has been fulfilled, with the exception of data that we must continue to store in order to fulfil legal obligations (e.g. we are obliged to retain documents such as contracts and invoices for a certain period of time due to tax and commercial law retention periods).

Automated decision making

We do not use automated decision-making or profiling pursuant to Art. 22 GDPR.

Legal basis

The relevant legal bases are primarily derived from the GDPR. These are supplemented by national laws of the member states and are applicable together with or in addition to the GDPR where applicable.

 

Consent:                                             Article 6(1)(a) of the GDPR serves as the legal basis for processing operations for which we have obtained consent for a specific processing purpose.

Performance of a contract:                 Article 6(1)(b) of the GDPR serves as the legal basis for processing operations necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures carried out at the request of the data subject.

Legal obligation:                                 Art. 6 para. 1 lit. c) GDPR serves as the legal basis for processing which is necessary for the fulfilment of a legal obligation.

Vital interests:                                     Article 6(1)(d) of the GDPR serves as the legal basis if the processing is necessary to protect the vital interests of the data subject or another natural person.

Public interest:                                    Article 6(1)(e) of the GDPR serves as the legal basis for processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Legitimate interest:                             Article 6(1)(f) of the GDPR serves as the legal basis for processing necessary for the purposes of the legitimate interests of the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.

 

Rights of the data subjects

 

Right of access:                                 Pursuant to Art. 15 of the GDPR, data subjects have the right to request confirmation as to whether we are processing data relating to them. They can request information about this data as well as the further information listed in Art. 15 (1) GDPR and a copy of their data.

Right to rectification:                          Pursuant to Art. 16 GDPR, data subjects have the right to request the correction or completion of data concerning them and processed by us.

Right to erasure:                                 Pursuant to Article 17 of the GDPR, data subjects have the right to request the immediate erasure of data concerning them. Alternatively, they can demand that we restrict the processing of their data in accordance with Article 18 of the GDPR.

Right to data portability:                     Pursuant to Art. 20 of the GDPR, data subjects have the right to request that the data they have provided to us be made available and transferred to another data controller.

Right to complain:                                Data subjects also have the right to complain to the supervisory authority responsible for them in accordance with Article 77 of the GDPR.

Right to object:                                   If personal data are processed on the basis of legitimate interests pursuant to Article 6 (1) sentence 1 f) of the GDPR, data subjects have the right to object to the processing of their personal data pursuant to Article 21 of the GDPR, provided that there are grounds for doing so that arise from their particular situation or the objection is directed against direct advertising. In the latter case, data subjects have a general right of objection, which is implemented by us without specifying a particular situation.

Revocation

Some data processing activities are only possible with the express consent of the data subjects. You have the possibility to revoke an already given consent at any time. For this purpose, an informal message or e-mail to datenschutz@sunlight.de to us is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

External links

Our website contains links to the online offers of other providers. We hereby point out that we have no influence on the content of the linked online offers and the compliance with data protection regulations by their providers.

Changes

We reserve the right to adapt this data protection notice at any time in the event of changes to our online offer and in compliance with the applicable data protection regulations so that it meets the legal requirements.

 

This privacy policy was created by

the DDSK GmbH