Data protection declaration of SONIMA GmbH
Welcome to our website. We are delighted that you are interested in our company. We take the protection of your personal data very seriously. We process your data in accordance with the applicable legal provisions on the protection of personal data, in particular the EU General Data Protection Regulation (GDPR) and the country-specific implementing laws applying to us. With the help of this data protection declaration, we provide you with comprehensive information on the processing of your personal data by SONIMA GmbH and your legal rights.
Personal data in this connection is the information which makes it possible to identify an individual. This includes the name, date of birth, address, telephone number, e-mail address and also your IP address.
We talk of anonymous data when no personal connection at all can be made to the user.
Responsible office and data protection officer
Address: Ruhweg 17, 67307 Göllheim
Contact information: firstname.lastname@example.org, +49 6351/9999 7 0
Contact of data protection officer email@example.com
Your rights as an affected person
We would firstly like to inform you of your rights as an affected person. These rights are codified in Articles 15 - 22 EU-GDPR. They include:
- The right to information (Art. 15 EU-GDPR),
- The right to erasure (Art. 17 EU-GDPR),
- The right to rectification (Art. 16 EU-GDPR),
- The right to data portability (Art. 20 EU-GDPR),
- The right to restriction of processing (Art. 18 EU-GDPR),
- The right to object to the data processing (Art. 21 EU-GDPR).
To assert these rights, please send an e-mail to: firstname.lastname@example.org. The same applies if you have any questions on data processing in our company. You also have the right to make a complaint to a data protection supervisory authority.
Right to object
Please note the following in connection with rights of objection.
When we process your personal data for the purposes of direct marketing, you have the right to object to this data processing at any time without having to give a reason. This also applies to profiling if it is connected with direct marketing.
If you object to the processing for purposes of direct marketing, we will refrain from processing your personal data for this purpose. The objection is free of charge and can be made without any formal requirements and is to be sent, if possible, to email@example.com.
In cases where we process your data to protect justified interests, you can object to this processing at any time for reasons that arise from your particular situation; this also applies to a profiling based on these provisions.
We will then no longer process your data unless we can provide compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms or the processing serves the assertion, exercise or defence of legal claims.
Purposes and legal basis of data processing
In processing your personal data, we comply with the provisions of the EU-GDPR, the BDSG (German Federal Data Protection Act) and all other applicable data protection provisions. The legal basis for the data processing is particularly found in Article 6 EU-GDPR.
We use your data for the initial business contact, to meet contractual and legal obligations, to execute the contractual relationship, to offer products and services and to strengthen the customer relationship which can also include analyses for marketing purposes and direct marketing.
Your consent also represents a data protection permission instruction. Here, we explain to you the purposes of data processing and your right to object. If the consent also refers to the processing of special categories of personal data, we will expressly point this out in the consent, Art. 88 (1) EU-GDPR in connection with § 26 (3) BDSG (German Federal Data Protection Act).
A processing of special categories of personal data within the meaning of Art. 9 (1) EU-GDPR will only occur if this is required due to legal regulations and there is no reason to suppose that your legitimate interest outweighs the exclusion of processing, Art. 88 (1) EU-GDPR in connection with § 26 (3) BDSG (German Federal Data Protection Act).
Transfer to third parties
We will only pass on your data to third parties within the context of legal provisions or with the relevant consent. Otherwise, there will be no transfer to third parties unless we are obliged to do so due to compelling legal requirements (transfer to external offices such as supervisory authorities or law enforcement authorities).
Recipient of the data / Categories of recipients
Within our company, we make sure that your data is only given to those people that require it to carry out contractual and legal obligations.
In many cases, service providers support our specialist departments in carrying out their tasks. The necessary data protection contract has been concluded with all service providers.
Transmission to third countries /Purpose of transmitting to third countries
A data transmission to third countries (outside the European Union or European Economic Area) will only take place if this is necessary to meet contractual obligations, is legally prescribed or you have granted us your consent to do so.
We do not transmit your personal data to a service provider or group company outside the European Economic Area.
Storage period of data
We will store your data as long as it is required for the respective purpose of processing. Please note that numerous storage periods require that your data (must) continue to be stored. This particularly affects commercial and tax law storage obligations (e.g. German Commercial Code, General Tax Code etc.) Unless there are other storage obligations, the data will be routinely erased when the purpose has been attained.
In addition, we can store data when you have given us your permission to do so or if there are legal disputes and we use evidence in the context of statutory limitation periods that can amount to up to thirty years; the normal limitation period is three years.
Safe transfer of your data
To protect the data stored with us as effectively as possible from accidental or deliberate manipulation, loss, destruction or access by unauthorised persons, we employ corresponding technical and organisational security measures. The security level is continually checked in cooperation with security experts and adjusted to meet new security standards.
Data exchange from and to our website takes place in an encrypted form. As a transmission protocol for our web presence, we use HTTPS, using the current encryption protocols in each case. (SSL) We also offer our users a contact encryption in the context of contact forms and job applications. Only we can carry out the decryption of this data. There is also the possibility to use alternative communication methods (e.g. post).
Obligation to make data available
Diverse personal data is necessary for the justification, execution and termination of the contractual obligation and the fulfilment of the associated contractual and legal duties. The same applies to the use of our website and the various functions that the website provides.
We have summarised the details in the above mentioned item for you. In certain cases, data also needs to be collected or provided due to legal requirements. Please note that processing of your request or the execution of the underlying contractual obligation is not possible without provision of this data.
Categories, sources and origin of data
The relevant context determines what data we process: This depends on whether you send an order online or enter a request in our contact form, whether you send us a job application or lodge a complaint.
Please note that, if applicable, we also provide information for specific processing situations separately at an appropriate location e.g. when uploading job application data or in the case of a contact request.
When you visit our website, we collect and process the following data:
- Name of Internet service provider
- Information from the website you are visiting us from
- Type of web browser and operating system used
- The IP address allocated by your Internet service provider
- Requested files, volume of data transmitted, downloads/file export
- Information on the websites that you call up from our site incl. date and time
- For reasons of technical security (in particular to repel hacking attempts on our web server), this data is stored in accordance with Art. 6 (1) (f) EU-GDPR. After 7 days at the most, an anonymization takes place by shortening the IP address so that no connection is made to the user.
In the context of a contact request, we collect and process the following data:
- Last name, first name
- Contact data
- Details of interests and wishes
For newsletters, we collect and process the following data:
- Last name, first name
- E-mail address
Automated case-by-case decisions
We do not use any purely automated processes to make a decision.
Links to other providers
Our website also contains links - clearly visible - to the websites of other companies. If links to the websites of other providers are available, we have no influence on the content of such websites. Consequently, we cannot assume any liability or accept any guarantees for this content. The relevant provider or operator of these sites is always responsible for the content.
The linked pages were checked for possible legal violations and identifiable infringements at the time the link was made. Illegal contents were not recognisable at the time the link was made. A permanent monitoring of the contents of linked websites is, however, not reasonable without specific indications that there has been a violation of the law. As soon as we become aware of legal violations on a linked website, such links will be removed immediately.
Cookies (Art. 6 (1) (f) EU-GDPR / Art. 6 (1) (a) EU-GDPR on consent)
Our website uses so-called cookies in various places. The purpose of cookies is to make our services more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and that your browser stores (locally on your hard drive).
These cookies enable us to make an analysis of how users use our websites. In this way, we can adapt the website content to visitor needs. Cookies also enable us to measure the effectiveness of a certain advertisement and to position it, for example, in a place dependent on the particular interests of users.
Most of the cookies we use are so-called “session cookies”. These are automatically deleted after your visit. Permanent cookies are automatically deleted by your computer when their period of validity (normally six months) has expired or you delete them yourself before this period of validity ends.
Most web browsers automatically accept cookies. You can, however, normally change the settings of your browser if you would rather not send the information. You will still be able to use the functions on our website without restrictions (exception: configurators).
Please note: If you deactivate the setting of cookies, you may not be able to use all the functions of our website.
User profiles / web tracking methods
Analysis programs and other techniques to evaluate your usage behaviour are not used on our website.
Social plugins of social networks
Facebook plugins (Like & Share buttons)
Our website includes plugins for the social network Facebook, Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. The Facebook plugins can be recognized by the Facebook logo or the Like button on our site. For an overview of Facebook plugins, see https://developers.facebook.com/docs/plugins/
If you do not want Facebook to associate your visit to our site with your Facebook account, please log out of your Facebook account.
Google Maps: We use a plugin of the internet service Google Maps on our website. The operator of Google Maps is Google Ireland Limited, located in Gordon House, Barrow Street, Dublin 4, Ireland.
Contact form / Contact by e-mail (Art. 6 (1) (a,b) EU-GDPR)
A contact form is available on our website that can be used to contact us electronically. If you contact us using the contact form, we process the data given on the contact form for the purpose of contacting you and answering your questions.
In this connection, we observe the principle of data economy and data avoidance in which you only have to give the data that we absolutely need from you to establish contact. This information is your e-mail address and the message field. For reasons of technical necessity and legal protection, your IP address is also processed. All other data are voluntary fields and the information for these fields (e.g. for a more personalised response to your questions) is optional.
If you contact us by e-mail, we will only process the data shared in the e-mail for the purpose of processing your enquiry. If you do not use the form we offer to contact us, there is no further data collection beyond this.
Newsletter (Art. 6 (1) (a) EU-GDPR)
You can subscribe to a free newsletter on our website. The e-mail address given when registering for the newsletter and your name will be used for the despatch of the personalised newsletter.
In this connection, we observe the principle of data economy and data avoidance because only the e-mail address (if applicable name for personalised newsletters) is marked as a mandatory field. For reasons of technical necessity and legal protection, your IP address is also processed when ordering the newsletter.
You can, of course, unsubscribe from the newsletter using the unsubscribe function in the newsletter at any time and so revoke your consent. You are also able to unsubscribe from the newsletter at any time directly from our website.
Registration / Customer account (Art. 6 (1) (a, b) EU-GDPR)
On our website, we offer users the chance to register using personal data. The advantage is that you can view the development of customer products.
The registration occurs at the request of the customer. An independent registration is not possible.
In this connection, we observe the principle of data economy and data avoidance because only data necessary for the registration (e-mail address and password) is stored.
Please note: The password you give is stored by us in an encrypted form. The employees in our company are unable to read this password. They are therefore unable to give you any information if you forget your password.
In such cases, use the function “Forgotten your password?” and you will receive an automatically generated new password by e-mail. No employee is entitled to ask you over the phone or in writing for your password. So please never give your password if you receive such enquiries.
When the registration process is complete, your data is lodged with us to use the protected customer area. As soon as you register on our website with your e-mail address as user name and your password, this data will be made available for the actions carried out by you on our website.
Registered persons are able to carry out changes / corrections to profile data independently. Our customer services would also be happy to carry out changes / corrections if you contact them. You can, of course, also close or delete your registration or your customer account. To do so, please send an e-mail to: firstname.lastname@example.org.
Advertising purposes existing clients (Art. 6 (1) (f) EU-GDPR)
SONIMA GmbH is interested in fostering the customer relationship with you and in sending you information and offers about our products / services. Consequently, we process your data to send you corresponding information and offers by e-mail.
If you do not wish us to do this, you can object to the use of your personal data for the purpose of direct marketing at any time; this also applies to a profiling if it is connected with direct marketing. If you object to this, we will no longer process your data for this purpose.
The objection can be given free of charge and without observing any formal requirement and without having to give any reasons to +49 9 6351/9999 7 0, by e-mail to email@example.com or by post to SONIMA GmbH, Ruhweg 17, 67307 Göllheim.
Job applicant portal (Art. 6 (1) (a, b) EU-GDPR)
We are delighted that you are interested in working for SONIMA GmbH. We are aware of the importance of your data and process the personal data given by you on the job application form only for the purposes of effective and correct processing of the application procedure and for contacting you during the application process. There will be no transfer of data to third parties without your consent.
On the application form, you will be asked to give us personal data. In this connection, we observe the principle of data economy and data avoidance in which you only have to provide us with the data that we need to fully examine your application such as your Curriculum Vitae or the data which we are legally required to collect. These mandatory fields are marked with a *(star). For reasons of technical necessity and legal protection, your IP address is also processed.
We store your data for the above mentioned purpose until the application procedure is complete and the relevant storage periods have expired - at the latest six months after receiving a decision. However, you also have the option of asking us to store your application longer and to review it for other job vacancies that correspond to your profile.
You can, of course, revoke your permission at any time with effect for the future without having to give any reasons by telephoning +49 9 6351/9999 7 0, by e-mail to firstname.lastname@example.org or by post to SONIMA GmbH, Ruhweg 17, 67307 Göllheim.