Privacy statement

1. Introduction

The information outlined below is intended to provide you, the Data Subject, with an overview of how we process your personal data and to inform you of your rights under current data protection legislation. It is possible to use our website without entering personal data. However, if you would like to make use of particular services of our company via the website, processing of personal data may be necessary. If processing of personal data is necessary and if there is no legal basis for such processing, we will always request your consent for this.

Processing of personal data, such as your name, address, or e-mail address, always takes place in compliance with the General Data Protection Regulation (GDPR) and in accordance with country-specific data protection regulations that apply to Sinwell AG. In this Privacy Policy, we would like to inform you about the scope and purpose of the personal data collected, used, and processed by us.
As the Controller, we have implemented numerous technical and organizational measures in order to ensure the most complete protection possible for the personal data processed through this website. Nevertheless, there may be security loopholes in Web-based data transmission, meaning that absolute protection cannot be guaranteed. For this reason, you may provide us with personal data by alternative methods, such as by telephone or post, if you wish.

2. Controller

The Controller, within the meaning of the GDPR, is:
Sinnwell AG, Dessauerstrasse 6, 80992 Munich, Germany
Phone: +49 89 411 472 869
Fax: +49 89 411 472 866
E-mail: info@sinnwell.ag

Director of the Controller: Konstantin Tsaligopoulos

3. Data Protection Officer

You can contact the Data Protection Officer as follows:

Holger Zürn
audius AG, Mercedesstr. 31, 71384 Weinstadt
Phone: 07151 369000
E-mail: holger.zuern@audius.de

4. Definitions

The Privacy Policy is based on the terminology used by the European legislative and regulatory authority in enacting the General Data Protection Regulation (GDPR). Our Privacy Policy is intended to be easy to read and understandable both for the public as well as for our customers and business associates. To ensure this, we would first like to explain the terms used.
Among other things, we use the following terms in this Privacy Policy:

Personal data
Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Data Subject
A Data Subject is every identified or identifiable natural person whose personal data are processed by the Controller (our company).

Processing
Processing means any operation or set of operations that is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.

Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

Pseudonymization
Pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific Data Subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

Processor
Processor means a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the Controller.

Recipient
Recipient means a natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities that may receive personal data in connection with a particular inquiry in accordance with Union or Member State law will not be regarded as recipients.

Third Party
Third Party means a natural or legal person, public authority, agency, or body other than the Data Subject, Controller, Processor, and persons who, under the direct authority of the Controller or Processor, are authorized to process personal data.

Consent
Consent of the Data Subject means any freely given, specific, informed, and unambiguous indication of the Data Subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

5. Legal basis of processing

Article 6 (1 a) GDPR serves as the legal basis for our company for data processing where we obtain consent for a specific processing purpose.

If processing of personal data is necessary for the performance of a contract to which you are party, such as is necessary for processing operations that are required for delivery of goods or in order to provide another performance or counter-performance, then processing is based on Article 6 (1 b) GDPR. The same applies to processing operations that are necessary to perform steps prior to entering into a contract, such as for requests relating to our products or services.

If our company is subject to a legal obligation that makes processing of personal data necessary, such as compliance with tax obligations, then processing is based on Article 6 (1 c) GDPR.
In rare cases, processing of personal data may be necessary to protect the vital interests of the Data Subject or another natural person. This would be the case, for example, if a visitor were injured in our company and their name, age, health insurance details, or other vital information had to be passed on to a doctor, hospital, or other third parties. Processing would then be based on 6 (1 d) GDPR.

Finally, processing could be based on 6 (1 f) GDPR. This provides the legal basis for processing that is not covered by any of the above legal principles, when processing is necessary for the purposes of the legitimate interests pursued by our company or by a Third Party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject. We are permitted to perform such processing in particular because this was specifically mentioned by the European legislator. The legislator stated the opinion that a legitimate interest could be assumed if you are a client of our company (recital 47, sentence 2 GDPR).

6. Cookies
6.1 General information about cookies

We use cookies on our website. These are small files that are automatically created by your browser and stored on your IT system (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do not cause any damage to your device and do not contain viruses, Trojans, or other malware.
Information is stored in the cookie that is related to the specific device used. However, this does not mean that we directly obtain knowledge about your identity.

The use of cookies serves on the one hand to make it more enjoyable for you to use our offering. For example, we use what are termed session cookies to recognize which pages on our website you have already visited. These are automatically deleted after you leave our website.

In addition, we also use temporary cookies to optimize user friendliness. These are stored on your device for a certain defined period. If you visit our website again to make use of our services, we automatically recognize that you have already visited us before and what inputs and settings you made so that you do not have to enter these again.

On the other hand, we also use cookies to statistically record use of our website and for optimization of our offering for you. These cookies allow us to automatically recognize that you have already visited our website when you visit again. These cookies are deleted automatically after a defined time.
The data processed by cookies are necessary for the purposes of our legitimate interests and of third parties in accordance with Article 6 (1) sentence 1 (f) GDPR.

Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or so that a message is always displayed before a new cookie is created. Note that complete deactivation of cookies may mean that you cannot use all the functions of our website.

7. Content of our website
7.1 Contracts for online shop, retailers, and goods shipment

We only transmit personal data to third parties if this is necessary for the purpose of contract processing; for example, to companies entrusted with goods delivery or to financial institutions entrusted with payment processing. Further transmission of the data will not take place or will only take place with your express consent. Your data will not be passed on to third parties, for the purposes of advertising for example, without your express consent.

The legal basis for processing is Article 6 (1 b) GDPR, which allows processing for the performance of a contract or in order to take steps prior to entering into a contract

7.2 Application management/job board

We collect and process the personal data of applicants for the purpose of carrying out the application process. Processing can take place electronically. This is the case in particular if an applicant sends us relevant application documents electronically, e.g. by means of e-mail or via an online form on the website. If we conclude an employment contract with an applicant, the transferred data will be stored for the purpose of conducting the employment relationship in compliance with the applicable legal regulations. If we do not conclude an employment contract with the applicant, the application documents will be deleted automatically two months after the decision to reject the applicant, unless we have other legitimate interests for not erasing them. Another legitimate interest here is, for example, the requirement to furnish proof in the event of legal action under the German General Act on Equal Treatment (AGG).

Data processing thus takes place solely on the basis of our legitimate interest in accordance with Article 6 (1 f) GDPR.

8. Newsletter transmission
8.1 Newsletter transmission for existing customers

If you have provided us with your e-mail address when purchasing goods or services, we reserve the right to send you by e-mail regular offers for goods or services from our range similar to those already purchased. As defined by Section 7 (3) of the Act against Unfair Competition (UWG), we are not required to obtain separate consent from you for this. Data processing in this context is carried out solely on the basis of our legitimate interest in conducting personalized direct marketing in accordance with Article 6 (1 f) GDPR. If you initially objected to the use of your e-mail address for this purpose, we will not send such e-mails. You are entitled to object to the use of your e-mail address for the aforementioned advertising purpose at any time with future effect by notifying the Controller mentioned above. You will not incur any costs other than the transmission costs in accordance with the basic tariffs for this. Upon receipt of your objection, the use of your e-mail address for advertising purposes will cease immediately.

8.2 Newsletter subscription

On our website, you are offered the opportunity to subscribe to our company newsletter. The personal data transmitted to us when ordering the newsletter is determined by the input mask used for this purpose.

We send out a regular newsletter to inform our customers and business partners of our products and services. You can only receive our company newsletter if you have a valid e-mail address and you have subscribed to the newsletter.

When you subscribe to the newsletter, we also store the IP address assigned by your Internet service provider (ISP) for the IT system you are using at the time of subscription, as well as the date and time of subscription. The collection of these data is necessary in order to be able to understand a (possible) future misuse of your e-mail address and therefore serves as a legal safeguard for us.

These data are collected exclusively for the purpose of sending our newsletter. Subscribers to the newsletter may also receive e-mail notifications if required for operation of the newsletter service or subscription thereto, as might be the case in the event of changes to the newsletter offering or changes in technical circumstances. Any personal data that we collect about you in connection with the newsletter service will not be passed on to third parties. You may unsubscribe from our newsletter at any time. You may at any time withdraw the consent to the storage of your personal data that you provided when subscribing to the newsletter. Each newsletter contains a link for the purpose of withdrawing consent. It is also possible to unsubscribe from the newsletter at any time directly on our website or to otherwise inform us of this.

The legal basis for data processing for the purpose of sending newsletters is Article 6 (1 a) GDPR.

8.3 Contact form

On our website, you are offered the opportunity to contact our company by means of a contact form. The personal data transmitted to us is determined by the input mask used for this purpose.

These data are collected and stored exclusively for the purpose of processing your inquiry. Any personal data that we collect about you when contacting us will not be passed on to third parties. You may at any time withdraw the consent to the storage of your personal data that you provided when contacting us. The legal basis for processing for the purpose of contact is Article 6 (1 a) and (1 b) GDPR.

9. Web analysis
9.1 Google Analytics

Our websites use Google Analytics, a web analytics service of Google Inc. (https://about.google/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). In this context, pseudonymized user profiles are created and cookies are used (see 4). The information generated by the cookie about your use of this website, such as

  • Browser type/version,
  • Operating system,
  • Referrer URL (previously visited page),
  • Host name of the accessing computer (IP address),
  • Time of the server request,

is forwarded to and stored on a server located in the United States. The information is used to analyze use of the website, to compile reports on website activities, and to perform further services connected with website and Internet use for the purposes of market research and tailoring our website to requirements. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Under no circumstances will Google connect your IP address with other data from Google. Please note that Google Analytics is configured on this website in a way to ensure anonymous collection of IP addresses (IP masking).

Your IP address is recorded but will be pseudonymized immediately. This allows for broad localization only.
You can prevent the storage of cookies through a corresponding setting of your browser software; please note, however, that then you might not be able to use all functions of this website in full.
We use the functions of Google Analytics for the purpose of tailoring our website to requirements and its continual optimization. This constitutes a legitimate interest within the meaning of Article 6 (1 f) GDPR.

You can also prevent the collection of information generated by the cookie about your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout).

As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent data collection by Google Analytics by clicking on the following link: Deactivate Google Analytics. This implements an opt-out cookie preventing the collection of your data during your future visits to this website.

The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you will need to set the opt-out cookie again.

For more information about data protection in connection with Google Analytics, see the Google Analytics Help (https://support.google.com/analytics/answer/6004245).

You can also opt out of interest-based advertising by Google. To do this, visit www.google.de/settings/ads from any Internet browser and choose your preferred settings.

Such evaluation is carried out in particular in accordance with Art. 6 (1 f) GDPR on the basis of our legitimate interest in displaying personalized advertising, market research, and/or tailoring our website to requirements.

More information and the Google Privacy Policy can be found at https://policies.google.com/privacy.

10. Your rights as Data Subject
10.1 Right of access Article 15 GDPR

You have the right to obtain information from us about the stored personal data relating to your person as well as a copy of these data at any time free of charge.

10.2 Right to rectification Article 16 GDPR

You have the right to request rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, the Data Subject also has the right to have incomplete personal data completed.

10.3 Right to erasure Article 17 GDPR

You have the right to obtain from us erasure of personal data concerning you without undue delay if one of the legally defined reasons applies and if processing is not necessary.

10.4 Right to restriction of processing Article 18 GDPR

You have the right to obtain restriction of processing from us if one of the legal prerequisites applies.

10.5 Right to data portability Article 20 GDPR

You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format. You also have the right to transmit those data to another controller without hindrance from us if the processing is based on consent pursuant to Article 6 (1 a) GDPR or Article 9 (2 a) GDPR, or on a contract pursuant to Article 6 (1 b) GDPR and processing is carried out by automated means, insofar as processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

In addition, when exercising your right to data portability in accordance with Article 20 (1) GDPR, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible, if this does not adversely affect the rights and freedoms of others.

10.6 Right to object Article 21 GDPR

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6 (1 e) (data processing in the public interest) or (1 f) (data processing for the purpose of legitimate interests) GDPR.

This also applies to profiling based on these provisions within the meaning of Article 4 (4) GDPR.

If you submit an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing the data which override your interests, rights, and freedoms, or unless processing your data serves the establishment, exercise, or defense of legal claims.

In individual cases, we process your personal data to carry out direct marketing. You can object at any time to processing of your personal data for the purpose of such marketing. The same applies to profiling to the extent that it is related to such direct marketing. If you object to us about processing for the purposes of direct marketing, we will no longer use the personal data for these purposes.

In addition, you have the right to object, on grounds relating to your particular situation, to the processing of your personal data for scientific or historical research purposes or statistical purposes pursuant to Article 89 (1) GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

10.7 Right to withdraw data protection-related declaration of consent

You have the right to withdraw your consent for processing of personal data at any time with future effect.

10.8 Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority about our processing of personal data.

11. Routine storage, erasure, and blocking of personal data

We will only process and store your personal data for the period necessary for the storage purpose or if provided for by the legislation to which our company is subject.
If the storage purpose no longer applies or a prescribed storage period expires, the personal data will be blocked or erased routinely and in accordance with the applicable legal regulations.

12. Duration of storage of personal data

Personal data will be stored for the applicable legal retention period. Upon expiry of this period, the data will be routinely erased, provided that they are no longer required for performance or initiation of the contract.

13. Effectiveness and amendments to the Privacy Policy

This Privacy Policy is currently valid and was last updated in May 2018.
Amendments this Privacy Policy may become necessary due to the further development of our websites and offerings, or due to amendments to legal or regulatory requirements. The current Privacy Policy can be accessed and printed out at any time on the www.sinwell.ag website.