Any collection, processing and use (hereinafter “use”) of data is solely for the purpose of providing our services. The services of Sunery have been designed to use as little personal information as possible. For that matter, “personal data” is understood as all individual details about a person or factual circumstances of an identifiable natural person (so-called “affected person”).

The following statements on data protection describe what types of data are collected when accessing our website, what happens with these data and how you may object to data usage.

Person Responsible (controller)

Responsible within the meaning of the EU General Data Protection Regulation (GDPR) is:

SPP GmbH – Service Projekt Potsdam

Orenstein-&-Koppel-Straße 13

14482 Potsdam

Tel.: 0331 58 18 89 10

Email: info@sunery.de

Data Security Officer

The data security officer is:

Christian Scholtz of Webersohn & Scholtz GmbH

If you have questions about data protection, you can contact Webersohn & Scholtz at the following e-mail address:

boehm-gruppe@ws-datenschutz.de

or by mail:

WS Datenschutz GmbH

Meinekestraße 13

D-10719 Berlin

www.ws-datenschutz.de

Which data will be used

When visiting our website, our web servers temporarily store every access in a log file. The following data is collected and stored until automated deletion:

  • IP address of the requesting computer

  • Date and time of access

  • Name and URL of the retrieved file

  • Transmitted amount of data

  • Message if the retrieval was successful

  • Detection data of the browser and operating system used

  • Website from which access is made

  • Name of your Internet access provider

  • Other data may be retrieved by our partners. You will find information about this below

The processing of this data serves: the purpose of enabling the use of the website (connection establishment), the system security, the technical administration of the network infrastructure, as well as to optimize the Internet site. The legal basis is Art. 6 para. 1 s. 1 lit. f) GDPR. The IP address is evaluated only in case of attacks on our network infrastructure or the network infrastructure of our Internet provider.

Furthermore, no input of your personal data is required to use our website.

Protection of your data

We have taken technical and organizational measures to ensure that the requirements of the EU General Data Protection Regulation (GDPR) are met by us, as well as, by external service providers working for us.

If we work with other companies to provide our services, such as email and server providers, this will only be done after an extensive selection process. In this selection process, each individual service provider is carefully selected for its suitability in terms of technical and organizational data protection skills. This selection procedure will be documented in writing and an agreement on the order processing of data (order processing contract) will only be concluded if the third party complies with the requirements of Art. 28 GDPR.

Your information will be stored on specially protected servers. Access to it is only possible for a few specially authorized persons. Our website is SSL/TLS encrypted, as can be seen by the https:// at the start of our URL.

Use of cookies

a) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive assigned to the browser you use. Through this the stored information flows to Sunery or the party that sets the cookie. Cookies cannot run programs or transmit viruses to your computer. Cookies are used to analyze the use of www.sunery.de in anonymized or pseudonymized form. Also, cookies enable personalized advertisements on this website.

This website uses the following types of cookies. The extend and function of which are explained below:

– Transient cookies (see b)

– Persistent cookies (c)

b) Transient cookies are automatically deleted when you close the browser. These include session cookies. Transient cookies store your session ID, with which various requests from your browser can be assigned to the common session. This will allow your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.

c) Persistent cookies are automatically deleted after a specified period of time, which may differ depending on the cookie.

You can delete the cookies in the security settings of your browser at any time. Please be aware that you may not be able to use all features of this site, when deleting the cookies from your browser history. The setting of cookies can be prevented by appropriate settings in the user’s Internet browser at any time.

This processing is legally based on Art. 6 para. 1 s. 1 lit. f) GDPR. Our legitimate interests are to provide a stable connection and an easy, uninterrupted user experience for the visitors of our website. Also, we evaluate all visits of our website. This happens for safety, improvement and stability reasons.

Deletion of personal data

We process personal data only if necessary. As soon as the purpose of the data processing is fulfilled, deletion of the data is carried out according to the standards of the deletion concept, unless legal regulations oppose this.

Contact

Via the website www.sunery.de it is possible to contact us via e-mail. This will require us to process your email address, which will be automatically saved. Your data will not be passed on to third parties.

The legal basis depends on what the reason for your request is: Therefor data processing will be based on Art. 6 para. 1 s. 1 lit. a) GDPR or Art. 6 para. 1 s. 1 lit. b) GDPR.

Registration on the website

The data subject can register on our website. This requires the data subject to enter their email address in the registration form. The information provided by the data subject in the registration mask will be used exclusively for processing and will not be disclosed to third parties.

During and after the registration, the data subject is free to change, to correct or to delete their personal data.

If the data subject enters mandatory personal data in the registration form, the legal basis of the data processing is based on Art. 6 para. 1 s. 1 lit. b GDPR. However, if the user also enters personal data in the optional input field, the data processing is based on Art. 6 para. 1 s. 1 lit. a GDPR.

Data processing for applications

We offer the opportunity to apply for jobs via email. For this purpose, personal data is processed and stored for further processing during the respective application process. We have set up an email address for job applications.

In case of successful application and employment, the personal data is stored in accordance with the legal requirements. In case of unsuccessful application, the data will be deleted in accordance with the rules of the local deletion concept. In doing so the provisions of the AGG (German Employment Law), in particular the existing evidence pursuant to § 22 AGG, are taken into account.

Data processing will be based on Art. 6 para. 1 s. 1 lit. a) GDPR and Art. 6 para. 1 s. 1 lit. b) GDPR.

Newsletter

On our website www.sunery.de we offer the opportunity to subscribe to our newsletter. When subscribing to the newsletter, personal data is requested for the purpose of processing the newsletter entry form. Input fields marked with a “*” are mandatory fields. These mandatory fields are necessary in order to send the affected person the newsletter. All other fields are to be filled voluntarily by the affected person, whereby it is expressly pointed out that these fields are not mandatory.

The newsletter has the function of informing the affected parties about offers and news from Sunery at regular intervals. The newsletter will be sent via e-mail. On request, a newsletter may also be sent by post. The newsletter is only received after registration for the newsletter. In order to meet the requirements of the GDPR, we use DOI (Double Opt-In). If the person concerned signs up for our newsletter, he will receive a confirmation e-mail on the electronic mailbox which he has named in the entry field. This e-mail contains a confirmation link that the affected person must click on. Following this procedure, the affected person has successfully registered for the newsletter. To perform the procedure, the IP address, date and time of login are stored. This is done in order to prevent abuses. Our Newsletter Mailing Service is MailChimp. A transfer of the data to third parties does not take place.

The consent to processing personal data in order to receive the newsletter can be terminated at any time. For this purpose, the affected person can click on the integrated link in each newsletter to unsubscribe. It is also possible to inform Sunery about the revocation of the consent in any other way, e.g. via post or e-mail.

This processing is legally based on Art. 6 para. 1 lit. a) GDPR.

Shopping online

When you shop at www.sunery.de and a delivery is arranged, we will process your first name and surname, address, telephone number and e-mail address to complete the purchase agreement and the delivery agreement with you. This happens to process the payment, which you can receive via post or email. Also, we use this data to process any billing, to ensure on-time delivery and to inform you about delivery dates and / or changes.

In the case of parcel deliveries, we also pass on your name, address, telephone number and e-mail address to our contracted processors and service providers so that they can process the delivery and, if necessary, communicate with you to announce and coordinate the delivery of your ordered goods.

The legal basis for this data processing is Art. 6 para. 1 s.1 lit. b GDPR. We are processing your data for the fulfilment of purchase contracts and supply agreements.

PayPal

Sunery offers PayPal as a possible payment service. PayPal is a virtual means of payment. In order to use the payment service via PayPal, you must register with PayPal.

Responsible Person is:

PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.

If the user uses PayPal as a means of payment, personal data of the user will be transmitted to PayPal, to which he ultimately agrees. The personal data includes name, surname, address, e-mail address, IP address, telephone number, if necessary mobile number and other data, which are necessary for the final payment transaction.

The transmission of the data is necessary to prevent any possible misuse. We inform you that PayPal may transfer your personal information to credit bureaus. This is because PayPal reserves its right to verify the identity and creditworthiness of the user.

In addition to the transfer of data to credit bureaus, it is also possible that PayPal may transfer the personal data to affiliated companies, including subcontractors, as far as this is necessary to fulfill the contractual obligations. The same applies to order processing (see above for more detail)

The affected person may object to processing personal data by PayPal at any time.

For the privacy policy of PayPal, please refer to the following link:

https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Sofortüberweisung – sofort.com

Sunery uses the payment service “Sofortüberweisung – sofort.com”. For this purpose, Sunery has integrated components of Sofortüberweisung – sofort.com on this website. Sunery uses Sofortüberweisung – sofort.com to make the payment process uncomplicated and fast for the user. For this purpose Sofortüberweisung – sofort.com uses a technical procedure by which Sunery immediately receives a payment confirmation. Thus, Sunery can immediately determine whether there is a receipt of payment, whereupon the order can be delivered.

Responsible Person is:

SOFORT GmbH, Fußbergstraße 1, 82131 Gauting, Germany.

If the user wishes to use the payment option “Sofortüberweisung” for payment processing, the personal data will be transmitted to “Sofortüberweisung”. If the user decides to process the payment “Sofortüberweisung”, he agrees to process his personal data. The following personal data is processed:

– PIN and TAN

– technical verification of the account balance or account coverage

– Transmission of the confirmation of the transaction to Sunery

– First name, last name, address, e-mail address, IP address, telephone number, mobile number

– other data necessary for payment processing

The transmission of data is not only necessary for the processing of payments, but also to prevent misuse. It is possible that “Sofortüberweisung” transfers the personal data also to credit bureaus in order to carry out an examination of the identity and creditworthiness of the user. It is also possible that “Sofortüberweisung” transfers the personal data to affiliated companies and / or subcontractors if this is necessary to fulfill contractual obligations. The user can revoke the consent to processing his personal data at any time.

Regarding the privacy policy, please refer to the following link:

https://www.sofort.com/ger-DE/datenschutzerklaerung-sofort-gmbh/

Tracking and analytics

For the continuous improvement of our website www.sunery.de we use the following tracking and analysis tools. Which personal data is processed in each case and how you can reach the respective service providers, you will find below:

Google Analytics

The website www.sunery.de uses Google Analytics. This is a service for analyzing access to websites of Google LLC. (“Google”) and allows us to improve our website. Legal basis is the Art. 6 para 1 s. 1 lit. f) GDPR. Our interest is to provide a compatible website and to optimize our online services.

Responsible Person is:

Google LLC., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.

Cookies enable us to analyze your use of our website. The information collected by a cookie (IP address, access time, access duration) is transmitted to a Google server in the USA and stored there. The evaluation of your activities on our website is transmitted to us in the form of reports. Google may pass on the collected information to third parties, if required by law or if third parties process this data on behalf of Google.

You can also prevent the installation of cookies from Google Analytics by setting your browser software accordingly. In this case, however, it may happen that you cannot fully use all the features of our website. Also through browser extensions e.g. http://tools.google.com/dlpage/gaoptout?hl=en Google Analytics can be disabled and controlled.

At https://www.google.com/intl/en/policies/

As well as under

https://www.google.com/analytics/terms/de.html

You can find out more about the terms of use and privacy of Google Analytics.

Google Tag Manager

Google Tag Manager is a solution that allows us to manage web site tags through one interface (including Google Analytics and other Google marketing services in our website). The tag manager itself (which implements the tags) does not process users’ personal data. Regarding the processing of users’ personal data, reference is made to the details of the Google services. Google Tag Manager usage policies can be viewed here:

https://www.google.com/intl/de/tagmanager/use-policy.html

Tools for advertisement and marketing

Tools are also included on our website to ensure that our website is displayed to you during an internet search, as a relevant search result or as an advertisement. Below, the programs used in connection with our website have been broken down for you:

Google Ads (formerly Google AdWords)

Sunery has integrated the services of Google Ads on its website. Google Ads is an internet advertising service. The legal basis is Art. 6 para. 1 s.1 lit. f) GDPR. In particular, Sunery uses Google Ads to gain relevance in the results of Google’s search engine.

Responsible Person is:

Google LLC., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.

If the user accesses the Sunery website through a Google ad, Google will set a so-called conversion cookie on the user’s system. For the explanation of the cookies, please refer to the pass to the cookies. The conversion cookie is used to create and analyze web-use statistics. 30 days after setting the conversion cookie the cookie loses its validity. This means that the user can no longer be identified. Within these 30 days both Sunery and Google can track which subpages have been accessed. The conversion cookie stores the IP address when visiting the website. This data is stored in the USA. It is possible that Google will share this information with third parties.

The setting of cookies can be prevented by appropriate settings in the user’s Internet browser at any time. The already set cookies can also be deleted in the settings of the Internet browser. We express our concern that preventing cookies from being set may mean that not all features are fully available.

The user may separately object to interest-based personalized advertising by Google. Please refer to the following link:

www.google.de/settings/ads

For further privacy notices of Google refer to:

https://policies.google.com/privacy?hl=en&gl=de

Other tools of third-party providers

We also use third-party providers to help us with the site’s appearance and functionality. These are listed below:

Google Maps

This site uses the Google Maps map service via an API.

Responsible person is:

Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

To use Google Maps, it is necessary to save your IP address. This information is generally transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. The legal basis is Art. 6 para. 1 s.1 lit. f) GDPR. The use of Google Maps is in the interest of making our website appealing and to facilitate the location of places specified by us on the website.

Further information about handling user data, can be found in the data protection declaration of Google at:

https://www.google.de/intl/de/policies/privacy/.

Google Web Fonts

Sunery uses web fonts provided by Google for uniform representation of fonts on the website.

Responsible Person is:

Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.

When you call up a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly. To do this, the browser you use must connect to Google’s servers. As a result, Google learns that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a consistent and attractive presentation of our online services. The legal basis is Art. 6 para. 1 s.1 lit. f) GDPR. The reason for us using Google web fonts is our interest to make our website vivid and user-friendly.

If your browser does not support web fonts, a default font will be used by your computer.

For more information about Google Web Fonts, see

https://developers.google.com/fonts/faq

and in Google’s privacy policy:

https://www.google.com/policies/privacy/ .

Service providers from third countries

In order to be able to provide our services, we use the support of service providers from third party countries (non-EU countries). In order to ensure the protection of your personal data in this case, we conclude processing contracts with each – carefully selected – service provider. All of our processors provide sufficient guarantees to implement appropriate technical and organizational measures. Our third country data processors are either located in a country with an adequate level of data protection (Art. 45 GDPR) or provide appropriate safeguards (Art 46 GDPR). Below you may find our categories of processors, the country they are located at and the safeguards or guarantees they provide.

We use the support of the following providers:

  • Tracking service and analysis service, USA, member of the EU-US Privacy Shield

EU-US Privacy Shield: The Privacy Shield is an agreement between the United States of America and the European Union to ensure compliance with European privacy standards. For more information, see: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

  • Payment Service, USA and Europe, binding corporate rules

Binding Corporate Rules: Article 47 of the GDPR provides the possibility of ensuring data protection when transferring data to a third country via Binding Corporate Rules. These are examined and approved by the data security authorities within the framework of the consistency mechanism pursuant to Art. 63 GDPR. Further information can be found here:

https://www.paypal.com/de/webapps/mpp/ua/bcr

Your rights

You have the following rights with respect to the personal data concerning you:

– Right to information,

– Right to rectification or deletion,

– Right to restriction of processing,

– Right to object to the processing,

– Right to data transfer,

– Right on confirmation.

In the case of a request for information, you must provide sufficient information about your identity and provide proof that it is your personal data. The information relates to data that has been stored regarding your person, the origin of the data, the recipient or the categories of recipients to which data has been transmitted and the purpose of the storage. To exercise these rights, please contact our Privacy Officer, which is mentioned at the beginning of the Privacy Policy.

If you have given your consent to the processing of your data, you can revoke at any time. Such revocation will affect the admissibility of processing your personal data by us.

Insofar as we base the processing of your personal data on the weighting of interests, you may object to the processing. This is the case if processing your data is not required to fulfill a contract with you, which is explained in the following description of the functions. In the event of such a revocation, we ask you to explain the reasons why we should not process your personal data. In the case of your justified objection, we will examine the situation and will either stop processing your data, adapt the data processing or point out to you our compelling legitimate reasons on which we continue the processing.

Of course, you may object to the processing of your personal data for advertising and data analysis purposes at any time. You may contact us or our responsible data securirty officer via the contact details stated at the beginning of the Privacy Policy.

How you perceive these rights

To exercise these rights, please contact our data security officer:

Christian Scholtz from Webersohn & Scholtz GmbH

boehm-gruppe@ws-datenschutz.de

or by mail:

WS Datenschutz GmbH

Meinekestraße 13

D-10719 Berlin

supervisory authority

Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority in the Member State of its residence, place of work or place of alleged infringement, if you believe that the processing of your personal data infringes on the GDPR.

The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy according to Article 78 GDPR.

Subject to change

We reserve the right to change this privacy policy in compliance with legal requirements.

September 2018

0