de | en

Datenschutz.

This data privacy statement explains the way, the scope, and the purpose for which we process personal data (subsequently referred to simply as "data") within our online services and the affiliated websites, functions, and content, as well as our external online presence, e.g. on our social media profiles, (subsequently referred to collectively as "online services"). With regards to the terminology used, such as "personal data" or the "processing" thereof, we refer you to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

 

Responsible Party:

 

SonoBeacon GmbH

Hagenower Straße 73

19061 Schwerin, Deutschland

info@sonobeacon.com

+49 (0) 40 35777 209

 

Commercial registration no.: Schwerin HRB 13028

CEO: Thoralf Nehls

 

Data Protection Officer:

Mr. Axel Elwert

Schierhorner Weg 216

21266 Jesteburg, Deutschland

+49 4183 500837

datenschutz@sonobeacon.com

 

The kind of data that is processed:

  • Inventory data (name, address if provided)

  • Contact information (email address, telephone number if provided)

  • Contractual data (e.g. object of the contract, period of validity, type of customer)

  • Usage data (e.g. websites visited, interest in certain content, access times)

  • Metadata/communication data (e.g. device information, IP addresses)

 

Processing special categories of personal data (Art. 9 par. 1 GPDR):

 

No special types of data are processed.

 

Categories of data subjects affected by the data-processing:

 

  • Customers, potential customers, suppliers

  • Visitors and users of our online services

 

We will subsequently refer to the data subjects affected by data-processing collectively as "users."

 

Purpose of processing data:

  • Making our online services, their content, and functions available to users

  • Providing our contractual services and customer care

  • Responding to contact requests and user communication

  • Marketing, advertising, and market research

 

Updated: 24 May 2018

 

Applicable Legal Basis

 

In accordance with the stipulations of Art. 14 of the GDPR, we inform you about the legal basis for processing data. Insofar as the legal basis is not stated in the data privacy statement, the following is valid: The legal basis for obtaining consent is Art. 6 par. 1 let. b of the GDPR; the legal basis for processing data in order to provide our services and carry out contractual measures as well as respond to inquiries is Art. 6 par. 1 let. b of the GDPR; the legal basis for processing data to fulfill our legal requirements is Art. 6 par. 1, let. c of the GDPR; the legal basis for processing data to protect our legitimate interests is Art. 6 par. 1 let. f of the GDPR. For the case that the vital interests of the data subject or another natural person make it necessary to process personal data, then Art. 6 par. 1 let. d of the GDPR shall serve as the legal basis.

 

Changes and Updates to the Data Privacy Statement

 

We request that you regularly inform yourself about the content of our data privacy statement. We will adapt the data privacy statement as soon as changes in the way we process data make it necessary to do so. We will inform you as soon as action on your part (e.g. providing consent) or any other individual message becomes necessary due to the changes.

 

Security Measures

 

As stipulated in the GDPR Article 32, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we implement the appropriate technical and organizational measures in order to ensure a level of security appropriate for the risk level. These measures include, in particular, ensuring confidentiality, integrity, and availability of data by controlling the physical access to the data, as well as the corresponding access, entry, forwarding, and by securing access and separation thereof. Furthermore, we have established a process to ensure that the rights of the data subjects are observed, data is removed, and threats to data protection are reacted to appropriately. Furthermore, we take the protection of personal data into consideration even during development and when selecting hardware, software, as well as processes, in accordance with the principle of data protection by technical design and by incorporating privacy-friendly default settings (Art. 25 GDPR).

 

Cooperation with Data Processing Companies and Third Parties

 

If we, in the context of processing data, reveal that data to other people and companies (data processing companies or third parties), transfer data to these parties, or otherwise grant them access to the data, this occurs only on the basis of legal permission (e.g. if the data transfer to third parties, such as payment service providers, is necessary in order to fulfill the contract, according to Art. 6 par. 1 let. b GDPR) that you have granted us, or if we are required by law to do so, or on the basis of our legitimate interests (e.g. when hiring contractors, web hosts, etc.).

 

If we charge third parties with the processing of data on the basis of an "order processing contract," this occurs on the basis of GDPR Article 28.

 

Transfer to Non-EU Countries

 

If we process data in a country outside the European Union (EU) or the European Economic Area (EEA) or if this happens in the context of hiring the services of third parties, or when revealing or transferring data to third parties, this only occurs if it is necessary to fulfill our contractual duties, on the basis of your consent, due to a legal requirement, or on the basis of our legitimate interests. Pending legal or contractual permissions, we process or have data processed in a non-EU country only if the special conditions stipulated in GDPR Art. 44 ff. are fulfilled. That means, the processing occurs only on the basis of special guarantees, such as the establishment of an officially recognized EU data protection level (e.g. the "Privacy Shield" for the USA) or by adhering to the officially recognized special contractual obligations (the "standard contract clauses").

 

Rights of the Data Subjects

 

  • You have the right to demand confirmation as to whether applicable data is processed and to access to this data as well as further information, and a copy of the data according to GDPR Art. 15.

  • As per GDPR Art. 16, you have the right to request that the data concerning yourself be completed or incorrect data concerning yourself be rectified.

  • You have, according to the stipulations of GDPR Art. 17, the right to demand that data applicable to you be erased immediately, or as an alternative, according to the GDPR Art. 18, to demand that the processing of your data be restricted.

  • You have the right to receive the data that you provided us, according to GDPR Art. 20, and to demand that it be transferred to other responsible parties.

  • Furthermore, you have the right, according to GDPR Art. 77, to submit a complaint with the responsible oversight agency.

 

Right to Withdraw Consent

 

You have the right, according to GDPR Art. 7 par. 3, to revoke your consent effective for the future.

 

Right to Object

 

At any time, you can object to the future processing of data concerning you as stipulated in GDPR Art. 21. This objection can be made in particular against the processing of your data for the purpose of direct advertising.

 

Cookies and the Right of Objection for Direct Advertising

 

We utilize temporary and permanent cookies, i.e. small files that are saved on the user's devices (for an explanation of the term and their function, see the last section of this data privacy statement). These cookies are in part used for security purposes or are necessary in order to operate our online services (e.g. to display our website properly) or in order to save the user decision regarding the cookie banner. Additionally, we or our technical partners use cookies for measuring reach and for marketing purposes, which the users are informed about in the course of the data privacy statement.

 

A general objection against the use of cookies for the purpose of online marketing, mainly in the case of tracking,  can be explained by a variety of services, e.g. on the USA based website http://www.aboutads.info/choices/ or the EU based page http://www.youronlinechoices.com/. Furthermore, cookies can be blocked by selecting the appropriate settings in your browser. Please note, however, that as a consequence of this, not all functions of our online services may function properly.

 

Erasing Data

 

The data processed by us will be erased or the processing thereof restricted in accordance with GDPR Art. 17 and 18. Provided not expressly stated in the context of this data privacy statement, the data that is saved will be erased as soon as it is no longer required to serve its purpose and the deletion thereof is not barred by any legal storage requirements. If the data is not erased, because it is required for other and legally permitted purposes, the processing thereof will be restricted. That means, the data will be blocked and not processed for other purposes. This applies, for example, to data that has to be stored for reasons pertaining to commercial law or tax law.

 

According to legal regulations, certain data stored for 6 years according to German Commercial Code § 257 par. 1 (account books, inventory, opening balance sheets, annual accounts, trade letters, vouchers) or 10 years according to German Revenue Code  § 147 par. 1 (books, records, management reports, journal vouchers, trade and business letters, documents relevant for taxation, etc.).

 

Contact

 

When contacting us (by contact form or e-mail), the statements provided by the user will be processed for the purpose of handling the contact request as per GDPR Art. 6 par. 1 let. b.

 

The statements made by the user can be saved in our customer relationship management system (CRM system) or a similar system for organizing requests.

 

We utilize the CRM system "Teamleader" provided by Teamleader NV (Dok Noord

3A/101 9000 Gent, Belgien) on the basis of our legitimate interests (efficient and fast processing of requests and inquiries). Teamleader is obligated to process the user data in accordance with the EU data protection standard. Further information on the collection and use of data by Teamleader can be found in the data privacy statement of Teamleader:

 

https://www.teamleader.de/datensicherheit.

 

We delete requests when these are no longer required. We check their necessity every two years. If there is a legal requirement to archive them, they are deleted after this requirement expires (6 years if required by commercial law and 10 years if required by tax law).

 

Collecting Access Data and Log Files

 

Based on our legitimate interests in the sense of GDPR Art. 6 par. 1 let. f, we collect data about each access to the server on which this service is located. (These are called server log files.) Access data includes the name of the website accessed, files accessed, the date and time of the request, the data volume transferred, notifications about successful retrieval, browser type and version, the operating system of the user, referrer URL (the site visited directly beforehand), IP address, and the inquiring provider.

 

Log file information is saved for a maximum of seven days for security reasons (e.g. for investigating abuse or fraudulent actions) and subsequently erased. Data that is necessary to store further for the purpose of evidence is excepted from being erased until the individual case is conclusively clarified.

 

Online Presence in Social Media

 

We maintain online presence within social networks and platforms in order to communicate with the customers, potential customers, and users who are active there, and to inform them about our services. When accessing the individual networks and platforms, the terms and conditions and data processing guidelines of the applicable operator are valid.

 

Unless otherwise indicated in the context of our data privacy statement, we process the user data, to the extent that they communicate with us on these social networks and platforms, e.g. generate posts on our online presence or send us messages.

 

Cookies & Measuring Reach

 

Cookies are data that is transferred from our web server or third party web servers to the web browser of the users and saved there to be accessed later. Cookies can be small files or other types of saved data.

 

We use "session cookies," which are only stored for the duration of the current visit to our online presence (e.g. in order to save your log-in status or the shopping cart function, thus enabling the use of our online services in the first place). A session cookie stores a randomly generated identification number, called a session ID. Aside from that, a cookie stores information about its origin and length of time it will be saved. These cookies cannot save any other data. Session cookies are deleted when you have stopped using our online services, for example by logging out or closing your browser.

 

Within this data privacy statement, the users are informed about the use of cookies in the context of measuring reach with pseudonyms.

 

If the user does not want cookies to be saved on his or her computer, he or she will be asked to select the corresponding option in the browser settings in order to disable them. Saved cookies can be deleted by selecting the corresponding browser option. Deactivating cookies can lead to limitations in the functionality of our online services.

 

You can object to the use of cookies that serve the purpose of advertising and measuring reach by visiting the deactivation site of the network advertising initiative (http://optout.networkadvertising.org/) or the USA-based website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

 

Google Analytics

 

Based on our legitimate interests (i.e. interest in analyzing, optimizing, and operating our online services economically, in the sense of GDPR Art. 6 par. 1 let. f), we utilize Google Analytics, a web analysis service provided by Google LLC ("Google"). Google utilizes cookies. The information generated from the cookie about the use of our online services by the user is generally transferred to a Google server in the USA and saved there.

 

Google is certified by the Privacy Shield agreement and therefore provides a guarantee to uphold the European data privacy laws (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

 

Google will use the information in our order to evaluate the usage of our online services, to compile reports about the activity within our online services, and to provide us with further services in connection with the use of our online services and internet usage. In the process, pseudonymous usage profiles of the users can be generated from the processed data.

 

We only utilize Google Analytics with IP anonymization activated. That means that the IP addresses of the users within the Member States of the European Union or other States that are party to the agreement are shorted by Google. Only in certain exceptions are the full IP addresses transferred to a Google server in the USA and shortened there.

 

The IP address that is communicated by the user's browser is not merged with other data from Google. The user can block cookies from being saved by selecting the corresponding settings in his or her browser; furthermore the user can prevent Google from collecting the data that is generated by the cookie and related to the use of the online services as well as prevent Google from processing this data by downloading and installing the browser plug-in that is available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

 

Further information about data usage by Google, as well as opportunities to adjust settings or issue objections, can be found on the websites of Google: https://www.google.com/intl/en/policies/privacy/partners ("How Google uses information from sites or apps that use our services"), https://policies.google.com/technologies/ads ("Data usage for advertising purposes"), https://adssettings.google.com/authenticated ("Manage information that Google uses in order to display advertising to you").

Use of SalesViewer® technology

On this website, the SalesViewer® technology of SalesViewer® GmbH collects and stores data for marketing, market research and optimization purposes on the basis of legitimate interests of the website operator (Art. 6 (1) lit.f DSGVO). It uses javascript-based code to collect and use business-related information. The data collected using this technology is encrypted using a non-retrievable one-way function (hashing). The data is immediately pseudonymised and not used to personally identify the visitor to this website. Data collection and storage can be objected to at any time with effect for the future by clicking on this link https://www.salesviewer.com/opt-out to prevent the collection by SalesViewer® within this website in the future. An opt-out cookie for this website is stored on your device. If you delete your cookies in this browser, you must click this link again.

 

Incorporation of Services and Third-Party Content

 

Based on our legitimate interests (i.e. interest in analyzing, optimizing, and operating our online services economically, in the sense of GDPR Art. 6 par. 1 let. f), we utilize content or services from third-party suppliers in our online services in order to incorporate their content and services, e.g. videos or fonts (subsequently referred to uniformly as "content"). This requires that the third-party suppliers of this content become aware of the user IP addresses, since they otherwise would not be able to send the content to their browsers. The IP address is therefore necessary in order to siplay this content. We take care to only use content provided by suppliers who exclusively use the IP address to supply their content. Furthermore, third parties can also use pixel tags (invisible graphic files, also known as "web beacons") for statistical and marketing purposes. By using pixel tags, information about the visitor traffic to the pages of this website can be evaluated. The pseudonymous information can also be saved in cookies on the user's device and can also contain technical information about the browser and operating system, referral sites, visiting time, as well as other information about the usage of our online services, and can also be connected with this kind of information from other sources.

 

The following provides an overview of the third-party suppliers as well as their content, as well as links to their data privacy statements, which contain further indications concerning data processing and, as already mentioned in some cases, the possibilities to opt-out:

 

– Web analysis and optimization with the help of the service Google Analytics from the third-party supplier Google LLC., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Google Analytics enables the tracking of movement on websites on which Google Analytics is used (generating what is called "heatmaps"). For example, that makes it possible to recognize how far users scroll and which buttons the users click and how often. Furthermore, technical data such as the language selected, the system, the display resolution, and the kind of browser is also recorded. This way, we gain valuable information in order to design our websites to be even faster and more user-friendly. Data privacy: https://policies.google.com/privacy?hl=en. Opt-Out:

https://chrome.google.com/webstore/detail/google-analytics-optout/

fllaojicojecljbmefodhfapmkghcbnh?hl=en.

 

– External code from the JavaScript Framework "jQuery" supplied by the third-party supplier jQuery Foundation, https://jquery.org.