Privacy Policy

We Take Data Protection Seriously

Protecting your privacy when processing personal data is a matter of importance to us. When you visit our website, our web servers automatically save the IP of your internet service provider, the website you visit us from, the pages you visit on our site, as well as the date and duration of your visit. This information is essential for the technical transmission of the web pages and the secure server operation. No personalised analysis of this data takes place.

Responsible Party

Gut Sonnenhausen GmbH & Co. KG
Sonnenhausen 2
85625 Glonn
Phone: 08093 – 5777 0

Managing Director: Georg Schweisfurth

Registered in the Commercial Register; Register Court: District Court Ebersberg; Registration Number: HRA 78347
VAT Identification Number pursuant to § 27 a of the German Value Added Tax Act: DE 219200068

You can contact our Data Protection Officer by email at: datenschutz@sonnenhausen.de

Personal Data

Personal data refers to data specifically about your person. This includes your name, address, and email address. You do not need to disclose personal data in order to visit our website. In some instances, we require your name, address, and additional information to provide a service you have requested.

This is also applicable when we supply you with information material or respond to your enquiries. In such cases, we will always notify you. Additionally, we only store the data you have automatically or voluntarily provided us.

If you use one of our services, we generally collect only the data necessary to provide the service. We may ask for further information, which is voluntary. Whenever we process personal data, we do so to offer you our service or to pursue our commercial objectives.

Contacting Us

When contacting us (e.g., via contact form, email, telephone, or social media), the data provided by the requesting individuals is processed as necessary to respond to the contact requests and any requested measures.

Responding to contact requests within the context of contractual or pre-contractual relationships is done to fulfil our contractual obligations or to respond to (pre)contractual queries and otherwise on the basis of legitimate interest in responding to the requests.

  • Types of Data Processed: Inventory data (e.g., names, addresses), contact data (e.g., email, phone numbers), content data (e.g., entries in online forms).
  • Concerned Individuals: Communication partners.
  • Purposes of Processing: Contact requests and communication.
  • Legal Basis: Fulfilment of contracts and pre-contractual enquiries (Art. 6 Para. 1 lit. b GDPR), legitimate interests (Art. 6 Para. 1 lit. f GDPR).

Automatically Stored Data

Server Log Files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Date and time of the request
  • Name of the requested file
  • Page from which the file was requested
  • Access status (file transferred, file not found, etc.)
  • Web browser and operating system used
  • Full IP address of the requesting computer
  • Transferred data volume

No mergers of this data with other data sources are made. Processing is carried out according to Art. 6 Para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website.

For technical security reasons, specifically to prevent attempts to attack our web server, this data is temporarily stored by us. It is not possible for us to trace these data back to individuals. The data is anonymised after no more than seven days by shortening the IP address at the domain level, making it impossible to reference it to an individual user. The data is also processed statistically in anonymised form; there is no linking with other data or transfer to third parties, even in excerpts. Only within our server statistics, published every two years in our activity report, is a disclosure of the number of page views made.

Cookies

When you visit our web pages, we may store information on your computer in the form of cookies. Many cookies contain what is known as a cookie ID. A cookie ID is a unique identifier for the cookie. It consists of a string of characters through which web pages and servers can be assigned to a specific internet browser in which the cookie was saved. This allows the visited web pages and servers to distinguish the individual's browser from other internet browsers that contain different cookies. A specific internet browser can be recognised and identified via the unique cookie ID.

By using session cookies, the responsible party can provide users of this website with services that are easier to use and which would not be possible without the setting of cookies. Without consent, we only use technically necessary cookies on the legal basis of legitimate interest according to Art. 6 Para. 1 lit. f GDPR.

We only use personal cookies to improve our website or for marketing/advertising purposes with your consent. Upon your first visit, you can voluntarily consent to tracking or analysis via the displayed cookie banner. Your data may be shared with partners or third parties. These cookies are only stored if you explicitly consent; the legal basis is then your consent pursuant to Art. 6 Para. 1 lit. a GDPR.

Google Analytics

This website uses features of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyse the behaviour of website visitors. Here, the website operator receives various usage data, such as page views, time spent on the site, operating systems used, and the user's origin. This data is assigned to the respective end device of the user. There is no assignment to a device ID.

Additionally, Google Analytics allows us to record your mouse and scroll movements and clicks. Furthermore, Google Analytics uses various modelling approaches to supplement the data sets captured and employs machine-learning technologies for data analysis.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g., cookies or device fingerprinting). The information collected by Google on the use of this website is usually transferred to a Google server in the USA and stored there.

The use of this service is based on your consent according to Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TTDSG. Consent can be revoked at any time. Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details are available here: https://privacy.google.com/businesses/controllerterms/mccs/.

We use Google Signals. When you visit our website, Google Analytics collects, among other things, your location, search history, and YouTube history as well as demographic data (visitor data). Google Signals may be used to provide personalised advertising. If you have a Google account, your visitor data from Google Signals will be linked with your Google account and used for personalised advertising messages. The data is also used to create anonymised statistics on user behaviour on our part.

We have concluded a contract for commissioned data processing (DPA) with the aforementioned provider according to Art. 28 GDPR. It is a data protection-required contract which ensures that they process the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

This website uses the “E-Commerce Measurement” function of Google Analytics. With the help of E-Commerce Measurement, the website operator can analyse the purchasing behaviour of website visitors to improve their online marketing campaigns. Information such as the orders placed, average order values, shipping costs, and the time from viewing to purchasing a product is recorded. These data can be summarised by Google under a transaction ID associated with the particular user or their device.

Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that we can use to integrate tracking or statistical tools and other technologies on our website. Google Tag Manager itself does not create any user profiles, store cookies, or independently perform analyses. It is merely used for the management and triggering of the tools that have been integrated through it. However, Google Tag Manager collects your IP address, which may also be transferred to Google's parent company in the United States.

The use of Google Tag Manager is based on Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in quickly and easily integrating and managing various tools on their website. If corresponding consent was requested, processing is exclusively based on Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TTDSG, provided the consent includes the storage of cookies, or the access to information on the user's end device (e.g., device fingerprinting) as defined in the TTDSG. Consent can be revoked anytime.

YouTube

This website embeds videos from YouTube. The operator of the site is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in enhanced data protection mode. According to YouTube, this mode means that YouTube does not store information about visitors on this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by the enhanced data protection mode. Thus, YouTube connects to the Google DoubleClick network regardless of whether you are viewing a video.

As soon as you start a YouTube video on this website, a connection to the servers of YouTube is established. During this process, the YouTube server is informed of which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your browsing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, YouTube may store various cookies on your end device after starting a video or use comparable recognition technologies (e.g., device fingerprinting). This way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve user-friendliness, and prevent attempted fraud.

Further data processing operations may occur once you start a YouTube video, over which we have no influence. The use of YouTube is in the interest of an appealing presentation of our online offerings. This constitutes a legitimate interest under Art. 6 Para. 1 lit. f GDPR. If obtained, processing will be based solely on Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TTDSG, as far as the consent includes the storage of cookies or the access to information on the user's end device (e.g., device fingerprinting) as defined in the TTDSG. Consent can be revoked anytime.

More information about data protection on YouTube can be found in their privacy policy at: https://policies.google.com/privacy?hl=de.

Google Web Fonts (Local Hosting)

This page uses web fonts provided by Google for uniform font representation. Google Fonts are locally installed. No connection to Google servers is made.

Further information on Google Web Fonts can be found under https://developers.google.com/fonts/faq and in Google's Privacy Policy: https://policies.google.com/privacy?hl=de.

Google Maps

This page uses the Google Maps map service. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

To use the functions of Google Maps, your IP address needs to be stored. This information is usually transferred to a Google server in the USA and stored there. The provider of this page has no influence on this data transmission. If Google Maps is activated, Google may use Google Web Fonts for the uniform display of fonts. When you access Google Maps, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.

The use of Google Maps is in the interest of an appealing presentation of our online offerings and easy findability of the places indicated by us on the website. This constitutes a legitimate interest under Art. 6 Para. 1 lit. f GDPR. If corresponding consent is requested, processing is solely based on Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TTDSG, as far as the consent includes the storage of cookies or the access to information on the user's end device (e.g., device fingerprinting) as defined in the TTDSG. Consent can be revoked anytime.

Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details are available here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

More information on handling user data can be found in Google's Privacy Policy: https://policies.google.com/privacy?hl=de.

Adobe Fonts

This website uses web fonts from Adobe for the uniform representation of certain fonts. The provider is Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe).

When you visit this website, your browser loads the required fonts directly from Adobe to ensure their correct display on your device. This prompts your browser to connect to Adobe's servers in the USA. This also discloses your IP address to Adobe, stating that you've visited this website. According to Adobe, no cookies are stored while providing the fonts.

The storage and analysis of data is based on Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in the uniform representation of the font on their website. If corresponding consent was requested, processing is exclusively based on Art. 6 Para. 1 lit. a GDPR and § 25 Para. 1 TTDSG, as far as the consent includes the storage of cookies or the access to information on the user's end device (e.g., device fingerprinting) as defined in the TTDSG. Consent can be revoked anytime.

Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details are available here: https://www.adobe.com/de/privacy/eudatatransfers.html.

For more information about Adobe Fonts, visit: https://www.adobe.com/de/privacy/policies/adobe-fonts.html.

The Adobe Privacy Policy can be found at: https://www.adobe.com/de/privacy/policy.html.

MailPoet

This website uses MailPoet to send newsletters. The provider is Aut O'Mattic A8C Ireland Ltd., Business Centre, No.1 Lower Mayor Street, International Financial Services Centre, Dublin 1, Ireland, whose parent company is based in the USA (MailPoet).

MailPoet is a service that organises and analyses newsletter dispatches. The data you enter to receive newsletters is stored on our servers but sent via MailPoet servers, with MailPoet processing your newsletter-related data (MailPoet Sending Service). Details can be found here: https://account.mailpoet.com/.

MailPoet enables us to analyse our newsletter campaigns. For instance, we can see if a newsletter message was opened and which links were clicked. This helps us identify which links were clicked particularly often. Moreover, we can determine if certain predefined actions are taken after opening/clicking (conversion rate). In this manner, we can see, for example, if a purchase was made after clicking on the newsletter.

MailPoet allows us to segment newsletter recipients into different categories (“clustering”). This could involve grouping newsletter recipients by age, gender, or residence. In this way, we can better tailor newsletters to the respective target groups. If you don’t want an analysis by MailPoet, you need to unsubscribe from the newsletter. We include a corresponding link in every newsletter message for this purpose.

Detailed information on the features of MailPoet can be found in the following links: https://account.mailpoet.com/ and https://www.mailpoet.com/mailpoet-features/.

The MailPoet Privacy Policy can be found at: https://www.mailpoet.com/privacy-notice/.

Data processing is based on your consent (Art. 6 Para. 1 lit. a GDPR). You can revoke this consent at any time with future effect.

Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://automattic.com/de/privacy/.

The data you have stored with us for newsletter reception will be retained by us until you unsubscribe from the newsletter and deleted after you cancel the subscription. We reserve the right to delete or block email addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest according to Art. 6 Para. 1 lit. f GDPR. Data stored for other purposes remain unaffected.

Upon your deregistration from the newsletter distribution list, your email address may be stored in a blacklist, provided this is necessary to prevent future mailings. Blacklist data is only used for this purpose and not merged with other data. This serves both your and our interest in complying with legal requirements when sending newsletters (legitimate interest in the sense of Art. 6 Para. 1 lit. f GDPR). Storage in the blacklist is not time-limited. You can object to the storage if your interests outweigh our legitimate interest.

We have concluded a contract for commissioned data processing (DPA) with the aforementioned provider according to Art. 28 GDPR. This is a legally required contract to ensure they process the personal data of our website visitors based only on our instructions and in compliance with the GDPR.

Vimeo without Tracking (Do-Not-Track)

This website uses plugins from the Vimeo video portal. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.

When you visit one of our pages with Vimeo videos, a connection to Vimeo's servers is established. Vimeo is informed of which of our pages you have visited. Moreover, Vimeo obtains your IP address. However, we set up Vimeo to prevent user activity tracking and cookie setting.

The use of Vimeo is in the interest of an appealing presentation of our online offerings. This constitutes a legitimate interest under Art. 6 Para. 1 lit. f GDPR. If corresponding consent is requested, processing is solely based on Art. 6 Para. 1 lit. a GDPR; the consent can be revoked at any time.

Data transfer to the USA is based on the EU Commission’s standard contractual clauses and, according to Vimeo, on “legitimate business interests.” Details are available here: https://vimeo.com/privacy.

For more information on how Vimeo handles user data, refer to Vimeo’s Privacy Policy: https://vimeo.com/privacy.

Requests with MEETOVO

We use the software solution from MEETOVO, Lukas & Christof Bludau GbR, Kasernenstraße 12, 21073 Hamburg, Germany, for processing applicant inquiries. The provider operates according to the legal requirements of Art. 28 GDPR. Your data is kept strictly confidential at all times.

When you submit an inquiry to us, a direct connection is established between your browser and the provider's server upon accessing the inquiry page. This reveals that you visited our site with your IP address. The IP address is anonymised and deleted after 7 days. When you submit an inquiry through the embedded form, the personal data required for the inquiry (email address, first and last name, mobile or phone number) is transmitted to the provider, stored on their servers, and emailed to us. All other form entries are transmitted during entry for analysis purposes only if you agree. Collecting this data is necessary to process the inquiry. Without this processing, you cannot submit inquiries.

This processing occurs according to Art. 6 Para. 1 lit. b GDPR to fulfil our contractual obligations and services and based on our legitimate interest in conducting a quick and effective inquiry process per Art. 6 Para. 1 lit. f GDPR.

The provider deletes your data if it is no longer necessary. The necessity is reviewed every two years. Otherwise, deletion occurs no later than five years after the last inquiry. Further information can be found in the provider's Privacy Policy at: https://meetovo.de/datenschutz.

Security

We have implemented technical and administrative security measures to protect your personal data from loss, destruction, manipulation, and unauthorised access. All our employees and service providers are obliged to comply with valid data protection laws.

Whenever we collect and process personal data, it is encrypted before transmission. This means your data cannot be misused by third parties. Our security measures are constantly being improved, and our data protection declarations are continuously revised. Please ensure you hold the latest version.

Rights of Affected Parties

You are entitled at any time to information, correction, deletion, or restriction of processing of your stored data, as well as the right to object to processing and the right to data portability and complaint according to the conditions of privacy legislation.

Right to Information:
You can request confirmation from us on whether and to what extent we process your data.

Right to Rectification:
If we process your data inaccurately or incompletely, you can request correction or completion at any time.

Right to Deletion:
You can request deletion of your data if we process it unlawfully or the processing disproportionately impairs your legitimate interests. Be aware that reasons may prevent immediate deletion, such as legally regulated retention obligations.
Independent of exercising your right to deletion, we'll immediately and completely delete your data unless there's a contractual or legal retention requirement.

Right to Restriction of Processing:
You can request restriction of processing if

  • you contest the data's accuracy, allowing us to verify accuracy,
  • data processing is unlawful, but you oppose deletion, preferring restriction of data use,
  • we no longer need the data for its intended purpose, but you require it for legal claims, or
  • you have objected to data processing.

Right to Data Portability:
Upon request, we can provide data you supplied to us in a structured, commonly used, machine-readable format, enabling you to transmit this data to another controller without hindrance, provided

  • processing is based on consent you granted, which may be withdrawn, or is necessary for contractual fulfilment, and
  • processing is automated.

Technically feasible, you can request direct transmission to another controller.

Right to Object:
If we process your data based on legitimate interests, you may object, including related profiling. We will then cease processing unless we demonstrate compelling legitimate grounds outweighing your interests, rights, and freedoms, or processing serves legal claims. You may object to direct marketing processing without reason.

Right to Complain:
If you believe we breached German or EU data protection law, please contact us for clarification. Alternatively, you may contact your supervisory authority, the State Office for Data Protection Supervision.
If you wish to exercise any abovementioned rights, please contact our Data Protection Officer. We may require additional information to verify your identity in case of doubt.

Amendments to this Privacy Policy

We reserve the right to adjust our Privacy Policies if technical developments necessitate alterations. Please ensure you hold the most current version. Fundamental changes to the Privacy Policy will be announced on our website.

All interested parties and visitors to our online presence can reach us for data protection queries at:

Mr Matthias Baumgartner
Projekt 29 GmbH & Co. KG
Ostengasse 14
93047 Regensburg

Tel.: 0941 2986930
Fax: 0941 29869316
Email: anfragen@projekt29.de
Website: www.projekt29.de