1.1 PRIVACY STATEMENT
We are pleased that you are visiting our website and accordingly about your interest in our company and our products. The protection of your personal data is very important for us. Sunlight GmbH GmbH (hereinafter ”Sunlight GmbH”, ”we” or ”us”) attaches great importance to the security of the data of the users and the compliance with provisions under data protection law.
The Sunlight GmbH-websites can contain links to websites of other providers to which this privacy statement does not apply. We have no knowledge of which possible data are collected by the operators of these sites and we have no influence on this either. You can obtain information in the data protection notice of the respective site.
We will inform you in detail below about the handling of your data.
The privacy statement is based on the terms of the General Data Protection Regulation (GDPR).
- ”Personal data” is all information, which refers to an identified or identifiable natural person (hereinafter ”data subject”) (Art. 4 No. 1 GDPR). Your personal data include information such as your master data (first and last name, address and date of birth), your contact data (phone number, e-mail address), your invoice data (bank detail data) and a lot more.
- ”Processing” is each activity carried out with or without the help of automated processes or each such series of activities in connection with personal data such as the collection, entry, organisation, arrangement, storage, adjustment or change, the reading out, request, use, disclosure by transmission, distribution or any other form of provision, the comparison or the linking, the restriction, erasure or destruction.
- ”Data subject” is each identified or identifiable natural person, whose personal data are processed by the data controller responsible for the processing.
- ”Data controller” is the natural person or legal entity, authority, institution or other body, which makes the decision alone or jointly with others about the purposes and means of the processing of personal data. If the purposes and means of this processing are stipulated by Union law or the law of the member states then the data controller respectively the certain criteria of his appointment can be envisaged according to Union law or the law of the member states.
- ”Contract data processor” is a natural person or legal entity, authority, institution or other body that processes personal data by order of the data controller.
- ”Recipient” is a natural person or legal entity, authority, institution or other body to which personal data are disclosed, irrespective whether it concerns a third party or not. Authorities, which possibly receive personal data within the scope of a certain investigation order according to Union law or the law of the member states, shall however not be deemed as recipients.
- ”Third party” is a natural person or legal entity, authority, institution or other body, apart from the data subject, the data controller, the contract data processor and the persons, who are authorised to process the personal data under the direct responsibility of the data controller or the contract data processor.
- ”Consent” is each announcement of intention unmisunderstandably submitted voluntarily by the data subject for the certain case in an informed manner in the form of a declaration or any other clear, confirming act, with which the data subject gives to understand that he or she agrees with the processing of the personal data relating to them.
1.3 COLLECTION AND PROCESSING OF PERSONAL DATA
A use of our websites is principally possible without entering any personal data. If you would like to use special services of our company via our website it could however be necessary to process personal data. If it is necessary to process personal data and if there is no statutory basis for such a processing we will generally obtain the consent of the data subject.
2. PURPOSES OF THE COLLECTION – CATEGORY OF THE DATA – LEGAL BASIS FOR THE PROCESSING
2.1 ANONYMOUS DATA COLLECTION
You can visit our site without actively providing any details relating to your person. However, we will automatically store access data each time the website is called (server log files) such as e.g. the name of your internet service provider, the used operating system, the website, from which you visit us, the date and the duration of the visit or the name of the requested file, as well as for security reasons, e.g. for the recognition of attacks on our websites, the IP address of the used computer for the duration of 7 days. These data are exclusively evaluated for improving our offer and do not allow any conclusions to be drawn about your person. These data will be not aggregated with other data sources. The legal basis for the processing of the data is Art. 6 Para. 1 GDPR. We process and use the data for the following purposes: 1. Provision of the Sunlight GmbH-websites, 2. Improvement of our websites and 3. Prevention and recognition of errors/malfunctions as well as of misuse of the websites. The data processing of this kind is carried out either to fulfil the contract via the use of the Sunlight GmbH-websites or we pursue a legitimate interest in ensuring the functionality and the error-free operation of the Sunlight GmbH-websites as well as adjusting these websites to the requirements of the users.
2.1.1. Arrangement of Test Drives and Consulting Appointments
On our website you have the possibility to arrange a test drive and/or a consultation appointment. For this purpose, the necessary personal data will be collected and transmitted to the dealer selected by you: Your name, title, e-mail address, preferred vehicle type, and, provided you would like your selected dealer to contact you by phone or mail, phone number and/or address is also collected and transmitted as voluntary information. For general assurance that the appointment will take place as agreed, we will send you an appointment confirmation and a reminder. This collection, storage, and transmission of the data is based on your voluntarily given consent within the meaning of Article 6 paragraph 1 sentence 1 lit. a) in conjunction with Article 7 of the GDPR. You can revoke this consent at any time by sending your revocation to firstname.lastname@example.org or [Sunlight GmbH/ Bahnhof 11/ 88299 Leutkirch im Allgäu/ Germany] with effect for the future. In addition, you can also assert your rights against the dealer. Please contact the dealer of your choice.
2.2 USE OF COOKIE TRACKING
We use so-called cookies on our websites in order to make the visit to our website attractive and to enable the use of certain functions. This concerns a standard internet technology for the storage and to call login and other use-related information for all users of the Sunlight GmbH-websites. Cookies are small text files, which are placed on your terminal device, they enable us among others to store user settings so that our websites can be displayed in a format that is customised for your device. Several of the cookies used by us are deleted again after the end of the browser session, therefore after your browser is closed (so-called session cookies). Other cookies remain on your terminal device and enable us or our partner companies to recognise your browser the next time you visit the website (so-called permanent cookies).
You can set your browser so that you are informed about the setting of cookies and can make individual decisions about their acceptance or exclude the acceptance of cookies for certain cases or generally. The cookies can furthermore be deleted subsequently in order to remove data that websites have filed on your computer. You can find an instruction for this purpose quickly in the internet. The deactivation of the cookies can lead to several restrictions to the functionality of the Sunlight GmbH-websites.
Deactivate or remove cookies (Opt-Out)
Each web browser offers possibilities in order to restrict and delete cookies. You can find further information in this respect on the following websites:
- Internet Explorer:
- Google Chrome:
2.3 USE OF GOOGLE ANALYTICS
This website uses functions of the web analysis service Google Analytics. Anbieter ist die Google Inc.,1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Google Analytics uses so-called ”cookies”, text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookies regarding your use of this website (including your IP address) is transferred to a server of Google in the USA and stored there. Google will use this information to evaluate your use of the website in order to compile reports on the website activities for the website operators and to provide further services associated with the website use and the internet use. Google will also, if applicable, transfer this information to third parties if this is stipulated by law or insofar as third parties process these data by order of Google.
Prevent storage of the cookies
You can prevent the storage of the cookies by a corresponding setting of your browser software; however we would like to point out that in this case you will, if applicable, not be able to use all functions of this website in full. By the use of this website you declare that you agree with the processing of the data collected about you by Google in the manner as described above and for the previously mentioned purpose.
We have activated the function IP anonymisation on this website. This way your IP address is abbreviated by Google within member states of the European Union or in other contracting states of the Treaty on the European Economic Area before transmission to the USA.
Objection against the data entry
If you do not want Google to receive data from your browser when calling the sites you will find the link to the Opt-Out solution for Google Analytics here: http://tools.google.com/dlpage/gaoptout?hl=de, this plugin prevents the browser requesting the Analytics-Code so that Google does not receive any data whatsoever when the site is called. The plugin is only available for the Microsoft Internet Explorer 11, Google Chrome, Mozilla Firefox, Apple Safari and Opera. According to Google the browser blocks the Google Analytics Script after the installation. You can find more detailed information pertaining to the conditions of use and data protection under http://www.google.com/analytics/terms/de.html respectively under http://www.google.com/intl/de/analytics/privacyoverview.html.
We would like to point out to you that Google Analytics was extended by the “gat.anonymizeIp” code on this website in order to guarantee an anonymised entry of IP addresses (so-called IP masking).
Demographic features with Google Analytics
This website uses the function ”demographics” of Google Analytics. Reports can be created hereby that contain statements regarding the age, sex and interests of the site visitors. These data stem from interest-related advertising of Google as well as from visitor data from third party providers. These data cannot be allocated to any certain person. You can deactivate this function at all times via the display settings in your Google account or generally forbid the entry of your data by Google Analytics as presented in the Point ”Objection against data entry”.
2.4. USE OF GOOGLE REMARKETING
This website uses the Google Remarketing technology of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; ”Google”). This concerns retargeting technology, which enables us to address visitors to our website once again by targeted advertising on the websites of the Google advertising network. The advertising is faded in by using so-called cookies.
Cookies are placed on your computer for this purpose, with the help of which third party providers, including Google, record which of our websites were visited with your browser. With the help of this information our advertisements can then be presented to you at a later time on other websites, e.g. within the scope of the Google search or on websites of the Google network. You can find further information pertaining to data protection at Google and the functionality of the remarketing under: https://www.google.de/intl/de/policies/privacy/. You can also deactivate the storage of cookies here by the settings of your browser and/or object to the entry within the scope of the Google remarketing by the https://www.google.com/policies/technologies/ads/.
2.5 USE OF GOOGLE ADWORDS
On our website we use Google Conversion Tracking, an analysis service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; ”Google”). A cookie is placed on your computer by Google AdWords in this case (”Conversion Cookie”) if you have reached our website via a Google advertisement. These cookies will cease to be valid after 30 days and do not serve the purpose of personal identification. If you visit certain sites of our company and the cookie has not expired yet we and Google can recognise that someone has clicked on the advertisement and was therefore forwarded to our site. Each AdWords customer will receive another cookie. Cookies can therefore not be tracked via the websites of AdWords customers.
The information obtained by means of the conversion cookie serves to create conversion statistics for AdWords customers, who have chosen conversion tracking. The AdWords customers will be notified about the total number of users, who have clicked on their advertisement and were forwarded to a site fitted with a conversion tracking tag. However, they will not receive any information, with which users can be personally identified.
Should you not want to take part in the tracking you can object to this use by preventing the installation of the cookies by a corresponding setting of your browser software (deactivation option). You will then not be included in the conversion tracking statistics. You can find more detailed information pertaining to conditions of use and data protection under: http://www.google.de/policies/privacy/.
2.6 USE OF GOOGLE MAPS
We use Google Maps to present maps and to create route maps. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
By using this website you declare that you agree with the entry, processing as well as the use of the automatically collected data as well as the data entered by you by Google, one of its representatives or third party providers.
You can find the conditions of use for Google Maps under: https://www.google.com/intl/de_de/help/terms_maps.html .
You can find further details in the data protection center of google.de: Transparency and options as well as data protection provisions under https://policies.google.com/privacy?hl=de&gl=de.
2.7 USE OF SOCIAL MEDIA
Functions relating to social media can be used on our website.
When calling one of these sites a connection can be established to the respective servers of the social media. These social media will be informed hereby that you have visited our website with your IP address. Should you now comment, like or twitter something, etc. and you are logged into your respective account at this time, it is if applicable possible for the social medium to allocate your visit to our website to you and to your user account. We would like to point out to you that we as the provider of the sites neither have any knowledge of the contents of the transmitted data, nor their use.
These services are provided by the following companies:
- Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA
- Google+ Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
- Linkedin Inc., 2029 Stierlin Court, Mountain View, CA 94043, USA
- Twitter Inc., 1355 Market St., Suite 900, San Francisco, CA 94103, USA
- Xing AG, Dammtorstraße 30, 20354 Hamburg, Germany
- YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA
- Kununu GmbH, Wollzeile 1-3 Top 5.1, 1010 Vienna, Austria
- Vimeo LCC, White Plains, Federal State of New York, USA
- Pinterest Europe Ltd., Palmerston House, 2nd Floor Fenian Street, Dublin 2, Ireland
- Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA
- SoundCloud Ltd., Rheinsberger Str. 76/77, 10115 Berlin, Germany
- Spotify AB, Birger Jarlsgatan 61, 113 56 Stockholm, Sweden
- Tumblr, Inc., 35 East 21st St, 10th Floor, New York, NY 10010, USA
- Myspace LLC, 8391 Beverly Blvd., #349, Los Angeles, California 90048, USA.
For the purpose and scope of the data collection and the further processing and use of the data by the providers as well as their rights in this respect and setting options for the protection of your personal data please refer to the data protection notices of the respective providers:
- Facebook https://de-de.facebook.com/privacy/explanation
- Google https://www.google.de/intl/de/policies/privacy/
- Linkedin https://www.linkedin.com/legal/privacy-policy?_l=de_DE
- Twitter https://twitter.com/privacy?lang=de
- Xing https://www.xing.com/privacy
- YouTube https://www.google.de/intl/de/policies/privacy/
- Kununu https://www.kununu.com/de/info/datenschutz
- Vimeo https://vimeo.com/privacy
- Pinterest https://policy.pinterest.com/de/privacy-policy
- Instagram https://help.instagram.com/155833707900388
- SoundCloud https://soundcloud.com/pages/privacy
- Spotify https://www.spotify.com/de/legal/privacy-policy/
- Tumblr https://www.tumblr.com/policy/de/privacy
- Myspace https://myspace.com/pages/privacy
If you do not want the respective social medium to be able to allocate the visit to our site to your respective account then you must log-out of the respective service before you visit our website.
2.8 CONTACT FORM/ENQUIRIES
On our site you have the possibility to send us enquiries by using the contact form. Your details from the contact form (contacts of your enquiry, subject of your enquiry and date) including the contact data entered by you there (first name, last name, company, phone number and e-mail) will be stored in our company for the purpose of processing the enquiry and for the event of follow-up questions. The legal basis for the collection and processing of the data is Art. 6 Para. 1 GDPR.
The data entered by you in the contact form will remain in our company until you request us to erase these, revoke your consent for the storage or the purpose for the data storage ceases to apply (e.g. after completed processing of your enquiry). Mandatory statutory provisions– in particular storage deadlines– shall remain unaffected.
2.9 E-MAIL CONTACT
If you send us enquiries by e-mail or information your details (e-mail address, contents of your e-mail, subject of your e-mail and date) including the contact data entered by you there (first name, last name, if applicable phone number, address) will be stored by us for the purpose of processing the enquiry and for the event of follow-up questions. We will not forward these data without your consent. The legal basis for the collection and processing of the data is Art. 6 Para. 1 GDPR.
The user is pointed out that e-mails on the transmission channel may be read or changed without authorisation and unnoticed. Sunlight GmbH uses software to filter unsolicited e-mails (spam filter). E-mails can be rejected by the spam filter if these have been falsely identified as spam by certain features.
The data entered by you will remain in our company until you request us to erase these, revoke your consent for the storage or the purpose for the data storage ceases to apply (e.g. after the completed processing of your enquiry). Mandatory statutory provisions – in particular storage deadlines – shall remain unaffected.
2.10 SUBSCRIPTION TO OUR NEWSLETTERS
On our website you have the possibility to subscribe to the newsletter of our company. We hereby inform our customers and business partners at regular intervals about offers of the company. For this purpose we need a valid e-mail address from you as well as information which permits us to check that you are the holder of the entered e-mail address sand agree with the receipt of the newsletter. Further data are not or only collected on a voluntary basis. A confirmation mail will be sent to the e-mail address entered by a data subject for the first time for the sending of the newsletter for legal reasons in the Double-Opt-In procedure. We exclusively use these data for the sending of the newsletter and do not forward these data to third parties. The legal basis for the collection and processing of the data is Art. 6 Para. 1 GDPR.
With the registration to the newsletter we further store the IP address allocated by the Internet-Service-Provider (ISP) of the computer system used by the data subject at the time of the registration as well as the date and the time of the registration. The collection of these data is necessary in order to be able to comprehend the (possible) misuse of the e-mail address of a data subject at a later time and serves therefore for our protection.
You can revoke the granted consent for the storage of the data, the e-mail address as well as their use for sending the newsletters at all times, for example via the ”unsubscribe”/”de-registration” link in each newsletter. Alternatively you are also welcome to send your unsubscription wish at all times to email@example.com by e-mail. The lawfulness of the already carried out data processing will remain unaffected by the revocation. After a revocation these personal data will be erased by the data controller responsible for the processing. An unsubscription from the receipt of the newsletter will be interpreted as an automatic revocation.
The data deposited by you in our company for the purpose of the newsletter subscription will be stored by us until your removal from the newsletter and erased after the unsubscription of the newsletter.
The newsletters contain so-called tracking pixels. A tracking pixel is a miniature graphic that is embedded in such e-mails, which are sent in HTML format, in order to enable a log file recording and a log file analysis This way a statistical evaluation of the success or failure of online marketing campaigns can be carried out. On the basis of the embedded tracking pixel we can recognise whether and when an e-mail was opened by a data subject and which links in the e-mail were called by the data subject.
Such personal data collected via the tracking pixel contained in the newsletters will be stored by us owing to the legitimate interest and evaluated in order to optimise the sending of the newsletter and to adjust the contents of future newsletters even better to the interests of the data subject. The legal basis is Art. 6 Para. 1 GDPR.
3. TRANSMISSION OF THE DATA
3.1 TRANSMISSION INTERNALLY WITHIN SUNLIGHT GMBH
We transmit your data internally to the administration, Human Resoures department, works council and wage department in order to satisfy our contractual or statutory obligations. A data transmission or disclosure of your data shall only be carried out in the extent that is necessary for this purpose by complying with the relevant data protection regulations.
3.2 TRANSMISSION GROUP-WIDE/GROUP-WIDE
Sunlight GmbH is a company that operates worldwide and is based in Germany. The data, which you transmit to us, will be stored in our centralised customer database in Germany and forwarded within the group for the purpose of administration. Should an exchange of the data be carried out within the Group, this takes place to fulfil a contract or as a condition of use for the websites. Moreover, there may an interest in forwarding these data for internal, administrative purposes. Should the processing of your data take place outside of Europe, for example in India, Brazil, Russia, China, Switzerland, Singapore or the USA this transmission will take place by complying will all applicable data protection laws and particularly pursuant to Art. 44 et seq. GDPR.
3.3 TRANSMISSION TO THIRD PARTIES
We transmit your data to certain third parties in order to be able to make corresponding applications and services available (so-called ”contract data processors”), which provide external services for us. For example newsletter services, IT-providers, tax office, etc. These process the data only pursuant to our instructions, moreover they are forbidden from using these data for own commercial purposes, which do not correspond with the agreed purposes.
A transmission to further third parties may, if applicable, take place in order to fulfil our obligations (authorities, banks, social insurance funds, etc.).
We must disclose personal data if we are obligated to do so within the scope of ongoing court proceedings, owing to disposition, statutory or owing to applicable law (Art. 6 Para. 1 lit. f GDPR).
We only forward your personal data, if:
- you have explicitly granted your consent hereto according to Art. 6 Para. 1 S.1 lit. a GDPR,
- the forwarding according to Art. 6 Para. 1 S. 1 lit. f GDPR is necessary for the assertion, exercising or defence of legal claims and there is no reason to assume that you have a prevailing interest that is worthy of protection in the non-forwarding of your data,
- for the event that a statutory obligation exists for the forwarding according to Art. 6 Para. 1 S. 1 lit. c GDPR, as well as
- this is permitted by law and according to Art. 6 Para. 1 S. 1 lit. b GDPR is necessary for the processing of contractual relationships with you.
Should the processing of your data take place outside of Europe, for example in India, Brazil, Russia, China, Switzerland, Singapore or the USA this transmission will take place by complying will all applicable data protection laws and particularly pursuant to Art. 44 et seq. GDPR.
3.4 TRANSMISSION TO A THIRD COUNTRY OR INTERNATIONAL ORGANISATION
We transmit your data to countries outside of the EU or the EEA (so-called third countries) owing to the aforementioned purposes (trransmission group-wide (No. 4.2) and transmission to third parties (No. 4.3)). The transmission will only take place for carrying out our contractual and statutory obligations or owing to your consent. This transmission will take place by complying with all applicable data protection laws and particularly pursuant to Art. 44 et seq. GDPR. In particular either owing to issued adequacy resolutions of the European Commission or owing to certain guarantees (for example standard data protection clauses, etc.).
A transmission to a third country or an international organisation does not take place.
4. FURTHER NOTIFICATION OBLIGATIONS
4.1 EXISTENCE OF AN AUTOMATED DECISION-MAKING INCLUDING PROFILING
We partly process your data automatically with the aim to assess certain personal aspects (Profiling). We use profiling in the following cases:
- We are obliged by legal stipulations to combat money laundering and fraud. Data evaluations (among others in payment transactions) are also carried out hereby. These measures also serve at the same time to protect you.
- We use evaluation tools in order to be able to provide you with targeted information and advice about products. These enable demand-oriented communication and advertising including market and opinion research.
- We use scoring as part of the assessment of your creditworthiness. The probability with which a customer will meet his payment obligations in accordance with the contract is calculated hereby. The calculation may, for example, include income circumstances, spending, existing liabilities, profession, duration of employment, experiences from the previous business relationship, repayment according to the contract previous loans as well as information from credit agencies. The scoring is based on a mathematically and statistically recognised and proven method. The calculated scores support us in our decision-making and are included in our regular risk management.
Each person affected by the processing of personal data has the right granted by the European legislator of directives and regulations not to be subjected to a decision that is exclusively made based on an automated processing— including profiling —, which has a legal effect towards him or substantially impairs him in a similar manner if the decision (1) is not necessary for the conclusion or the fulfilment of a contract between the data subject and the data controller, or (2)owing to legal regulations of the Union or the member states, which the data controller is subject to, is permitted and these legal regulations contain appropriate measures for safeguarding the rights and freedoms as well as the legitimate interests of the data subject or (3)is carried out with the explicit consent of the data subject.
5. FINAL PART OF THE PRIVACY STATEMENT
5.1 DURATION OF THE STORAGE
We principally store your data as long as this is necessary to provide our services or if this was envisaged by the European legislator of directives and regulations or another legislator in laws or regulations, which the data controller responsible for the processing is subject to. In all other cases we erase your personal data after settlement of the purpose, with the exception of those data, which we must continue to store in order to fulfil legal obligations (e.g. we are obligated owing to tax and commercial law storage obligations to keep documents in reserve such as e.g. contracts and invoices for a certain period of time).
5.2 TECHNICAL SECURITY
Sunlight GmbH uses technical and organisational security measures in order to protect your data managed by us against accidental or wilful manipulations, loss, destruction or against the access of unauthorised persons. Our security measures are continuously improved in line with the technological development.
For security reasons and to protect the transfer of confidential contents, such as for example the enquiries, which you send to us as the operator of the sites, this site uses an SSL encryption (Secure Socket Layer) in conjunction with the respective maximum level of encryption that is supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support any 256-bit encryption we use instead 128-bit v3 technology. You can recognise whether an individual page of our internet presence is transferred encrypted by the fact that the address line of the browser shifts from ”http://” to ”https://” and by the lock symbol in your browser line.
When the SSL encryption is activated the data, which you transmit to us, cannot be read by third parties.
We would like to point out that the data transmission in the internet (e.g. with the communication per e-mail) may feature security gaps. A consistent protection of the data against the access by third parties is not possible.
5.3 THE LEGAL BASIS OF THE PROCESSING
Art. 6 I lit. a GDPR serves our company as the legal basis for processing activities, with which we obtain a consent for a certain processing purpose.
If the processing of personal data is necessary to fulfil a contract, of which the data subject is a contractual party, as this for example is the case with processing activities, which are necessary for a delivery of goods or the provision of any other service or consideration, then the processing is based on Art. 6 I lit. b GDPR. The same shall apply to those processing activities which are necessary to carry out pre-contractual measures, for example in cases of enquiries for our products or services.
If our company is subject to a legal obligation, through which a processing of personal data becomes necessary, such as for example to fulfil tax obligations then the processing is based on Art. 6 I lit. c GDPR.
In rare cases the processing of personal data could be necessary in order to protect vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured in our company and subsequently his name, his age, his health insurance details or other vital information had to be forwarded to a doctor, a hospital or other third party. Then the processing would be based on Art. 6 I lit. d GDPR.
In the end processing activities could be based on Art. 6 I lit. f GDPR. Processing activities are based on this legal basis, which are not covered by any of the aforementioned legal bases if the processing is necessary to safeguard a legitimate interest of our company or a third party, if the interests, basic rights and basic freedoms of the data subject do not prevail. If the processing of personal data is based on Article 6 I lit. f GDPR our legitimate interest is to carry out our business activity for the benefit of the wellbeing of all of our employees and our customer.
5.4 STATUTORY OR CONTRACTUAL REGULATIONS FOR THE PROVISION OF THE PERSONAL DATA; NECESSITY FOR THE CONCLUSION OF THE CONTRACT; OBLIGATION OF THE DATA SUBJECT TO MAKE THE PERSONAL DATA AVAILABLE; POSSIBLE CONSEQUENCES OF THE NON-PROVISION
We will inform you that the provision of personal data may partly be stipulated by law (e.g. tax regulations) or also for contractual regulations (e.g. details relating to the contractual partner). Among others it may be necessary for the conclusion of a contract that a data subject makes personal data available to us, which must be subsequently processed by us. The data subject is for example obligated to make personal data available to us if our company concludes a contract with him. A non-provision of the personal data would result in the fact that the contract could not be concluded with the data subject. Before a provision of personal data by the data subject the data subject must contact one of our employees. Our employees will explain to the data subject relating to the individual case whether the provision of the personal data is stipulated by law or by contract or is necessary for the conclusion of the contract, whether an obligation exists to make the personal data available, and which consequences the failure to provide the personal data would have.
5.5 ADVICE FOR MINIORS
This online offer is not aimed at children below the age of 16. Persons, who have not yet reached the age of 16, may, without the consent of the legal guardians, not transmit any personal data to Sunlight GmbH.
5.6 RIGHTS OF THE DATA SUBJECTS
You have the right:
- Pursuant to Art. 15 GDPR to request information about your personal data stored by us. In particular you can request information about the processing purposes, the category of personal data, the categories of recipients, towards whom your data were or are disclosed, the planned storage duration, the existence of a right to rectification, erasure, restriction of the processing or objection the existence of a right to lodge a complaint, the origin or your data, if these were not collected in our company as well as about the existence of an automated decision-making including profiling and if applicable feasible information regarding their details;
- pursuant to Art. 16 GDPR without delay to request the rectification of incorrect or completion of your personal data stored in our company;
- pursuant to Art. 17 GDPR to request the erase of your personal data stored in our company, insofar as the processing is not necessary to exercise the right to expression of a free opinion and information, to fulfil a legal obligation, for reasons of the public interest or to assert, exercise or defend legal claims;
- pursuant to Art. 18 GDPR to request the restriction to the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, you however refuse their erasure and we no longer request the data, you however require this to assert, exercise or defend legal claims or pursuant to Art. 21 GDPR you have filed an objection against the processing;
- pursuant to Art. 20 GDPR to request to receive your personal data, which you have provided us, in a structured, common and machine-readable format or the transmission to another data controller (data portability);
- If your personal data based on legitimate interests pursuant to Art. 6 Para.1 S. 1 lit. f GDPR are processed, you have the right, pursuant to Art. 21 GDPR to file an objection against the processing of your personal data, insofar as reasons exist for this, which arise from your particular situation or the object in is directed against direct marketing. In the latter case you have a general right to object that will be implemented by us without stating a special situation;
- pursuant to Art. 77 GDPR to lodge a complaint at a supervisory authority . As a rule you can for this purpose contact the supervisory authority of your customary place of abode or workplace.
5.7 REVOCATION OF YOUR CONSENT TO THE DATA PROCESSING
Several data processing activities are only possible with your explicit consent. You have the possibility to revoke an already granted consent at all times. For this purpose an informal notification to firstname.lastname@example.org per e-mail to us is sufficient. The lawfulness of the data processing carried out until the revocation will remain unaffected by the revocation.
5.8 THE RESPONSIBLE BODY AND CONTACT DATA OF THE EXTERNAL DATA PROTECTION OFFICER
Tel.: +49 7561 9097-200
Contact data of the external data protection officer
Tel.: +49 7542 94921 01