I. Name and address of the party responsible
The party responsible as defined by the General Data Protection Regulation and other national data protection laws of member states as well as other data protection regulations is:
Phone: +49 (0) 94 21 / 92 75 – 0
II. Name and address of the data protection officer
The data protection officer of the responsible party is:
Innere Passauer Str. 2
Phone: +49 9421/869 9989
III. General information about data processing
- Scope of the processing of personal data
In general, we process the personal data of our users only to the extent to which it is required for the provision of a functional website as well as our contents and services. The personal data of our users are generally processed only with the consent of the user. An exception applies in such cases in which it is not possible to obtain consent beforehand for factual reasons and in which the legal provision permits the processing of data.
- Legal basis for the processing of personal data Section. 6 Para. 1 lit.a EU General Data Protection Regulation (GDPR) will form the legal basis for obtaining the consent of the person concerned for the processing of personal data. Section. 6 Para. 1 lit.b GDPR will form the legal basis for the processing of personal data required for performing a contract whose contractual party is the person concerned. This also applies to the processing required to perform precontractual measures. Section 6 Para. 1 lit.c GDPR will form the legal basis if the processing of personal data is required for fulfilling a legal obligation of our company. Section 6 Abs.1 lit.d GDPR will form the legal basis in case that the vital interests of the person concerned or of another individual will require the processing of personal data. If the processing is required to protect a legitimate interest of our company or a third party and if the interests, basic rights and fundamental freedoms of the affected person do not outweigh the first-mentioned interest, then Section 6 Para. 1 lit.f GDPR will form the legal basis for the processing.
- Deletion of data and storage period The personal data of the person concerned will be deleted or blocked as soon as the purpose of the storage becomes obsolete. In addition, Data will be stored if this has been intended by the European or national lawmakers in union regulations, laws or other provisions that the responsible party is subject to. The data will also be deleted or blocked if a required storage period expires according to the mentioned standards unless the continued storage of the data is required for the conclusion of a contract or the performance of a contract.
IV. Provision of the website creation of log files
- Description and scope of the data processing
Every time our website is visited, our system will automatically collect data and information from the computer system of the retrieving computer.
The following data are collected:
- Information about the type of browser and its version• The operating system of the user
• The IP address of the user
• Date, duration and time of day of access
• Website from which the system of the user arrives on our websiteThe data are also saved in the log files of our system. These data together with other personal data of the user are not saved.
- Legal basis for the data processing
The legal basis for the temporary storage of the data and the log files is Section .6 Para.1 lit.f GDPR.
- Purpose of the data processing
Data are saved in log files in order to ensure the functionality of the website. We also use the data to optimise the website and to ensure the security of our IT systems. The data are not evaluated for marketing purposes in this context.These purposes are in our legitimate interests in the processing of data according to Section 6 Para .1 lit.f GDPR.
- Duration of the storage
No more than seven days when data are saved in log files. Storage beyond that time frame is possible. In this case, the IP addresses of the users are anonymised so that an assignment of the visiting client is no longer possible.
- Option to object and delete
The collection of the data for the provision of the website and the storage of the data in log file is necessary for the operation of the website. The use has therefore no option to object.
a) Description and scope of the data processing
The following data are saved and transmitted in the cookies:
- Language cookie
The user data collected in this way are pseudonymised by taking technical measures. An assignment of the data to the visiting user is therefore no longer possible. The data will not be saved together with other personal data of the user.
b) Legal basis for the data processing
Section 6 Para. 1 lit.f GDPR forms the legal basis for the processing of personal data using technically required cookies.
Section 6 Para. 1 lit.a GDPR forms the legal basis for the processing of personal data using cookies for analytical purposes when a corresponding consent of the user is provided.
c) Purpose of the data processing
The following applications require cookies:
- Language cookie
The user data collected via technically necessary cookies are not used to create user profiles.
Analyses cookies are used to improve the quality of our website and its content. The analysis cookies tell us how the website is used allowing us to continuously optimise our offers.
These purposes are in our legitimate interests in the processing of data according to Section 6 Para. 1 lit.f GDPR.
d) Duration of storage, option to object and delete
VI. Contact form and e-mail contact
1. Description and scope of the processing of data
A contact form is provided on our website which can be used for making electronic contact. If a user chooses this option, all data entered in the input mask will then be transmitted to us and saved. This involves the following data:
For the processing of the data, your consent is obtained and you will be referred to this privacy statement during the sending process.
Alternatively, you can contact us via the provided e-mail address. In this case, the personal data of the user transmitted with the e-mail will be saved.
The data will then not be forwarded to third parties. The data are used exclusively for processing the conversation.
2. Legal basis for the data processing
Section 6 Para. 1 lit. a GDPR form the legal basis for the processing of the data provided that the user has given his consent.
Section 6 Abs. 1 lit. f GDPR forms the legal basis for processing the data that are transmitted via e-mail. If the e-mail contact aims to conclude a contract, the Section 6 Abs. 1 lit. b GDPR will form an additional legal basis for the processing.
8. Purpose of the data processing
The processing of the personal data from the input mask is used solely for processing the contact. In case of a contact via e-mail, this is also the required legitimate interest in the processing of the data.
The other personal data processed during the sending process are used to prevent an improper use of the contact form and to ensure the security of our IT systems.
3. Duration of the storage
The data will be deleted as soon as they are no longer required to achieve the purpose of their collection. This will apply to the personal data from the input mask of the contact form and those sent via e-mail when the corresponding conversation with the user has ended. The conversation has ended if the circumstances indicate that the issue has been conclusively clarified.
The personal data additionally collected during the sending will be deleted after a period of seven days at the latest.
4. Option to object and delete
The user has the option to withdraw his consent for the processing of the personal data at any time. If the user contacts us via e-mail, he can then object to the storage of his personal data at any time. The conversation can not be continued in such a case.
In this case, all personal data that have been saved in the course of the contact will be deleted.
VII. Data protection information on the handling of personal data in the application relationship according to Art. 13 DSGVO
The provision of your personal data is necessary for the justification, execution and termination of the application process. If we do not receive the required data, it is not possible to carry out the application process.
The required data includes, in particular, first and last name, address, academic and professional knowledge, skills and experience.
Your personal data is either collected directly from you or can also be provided by the mediating office (e.g. job centre, job exchange…).
Within our company, your personal data will only be passed on to those persons who need it to fulfil our contractual and legal obligations, such as the personnel department, the accounting department, the specialist department.
We process your personal data in compliance with all relevant laws, such as: the DS-GVO, the Federal Data Protection Act (BDSG).
Data processing is carried out as part of the application process. The relevant legal basis for this is Art. 6 Para. 1 b) DS-GVO in connection with § Section 26 para. 1 BDSG. In addition, collective agreements (group, general and works agreements as well as collective bargaining agreements, if applicable) are welcome. Art. 6 para. 1 b) in connection with Art. 88 para. 1 DS-GVO in connection with § 26 para. 4 BDSG and, if necessary, your separate consents. Art. 6 para. 1 a), 7 DS-GVO in connection with § 26 para. 2 BDSG (e.g. for video recordings) can be used as a data protection permission regulation.
If necessary, we also process your data on the basis of Art. 6 Para. 1 f) DS-GVO in order to protect legitimate interests of you, us or third parties (e.g. authorities). This applies in particular to the investigation of criminal offences (legal basis § 26 Paragraph 1 S. 2 BDSG) or, if applicable, within the group for the purposes of group control of internal communication and other administrative purposes.
As far as special categories of personal data are concerned. If personal data are processed in accordance with Art. 9 Para. 1 DS-GVO, this serves to exercise rights or fulfil legal obligations arising from labour law, social security law and social protection as part of the application process. This takes place on the basis of Art. 9 para. 2 b) DS-GVO in connection with § 26 para. 3 BDSG.
Should we wish to process your personal data for a purpose not mentioned above, we will obtain your consent to do so.
When transferred to an employment relationship, the data processed so far is transferred and processed in accordance with the obligation to inform employees.
The storage period of the collected data is limited to the application relationship. We will delete your personal data as soon as it is no longer required for the above-mentioned purposes. After completion of the application process, the data will be stored and then deleted in accordance with the statutory or official retention periods, which result, among other things, from the German Commercial Code (Handelsgesetzbuch) and the German Tax Code (Abgabenordnung).
VIII. Data protection information for customers and suppliers in accordance with Art. 13 DSGVO
The required data includes in particular your master data such as title, first name, surname, if applicable also of other contact persons in the company, as well as your contact data such as a valid e-mail address, full address, if applicable differing postal details, telephone number (landline and/or mobile) and further information such as tax numbers and account connections as well as information necessary for the execution of the respective contractual relationship.
This data is stored in order to identify you as our contractual partner, to communicate with you and to be able to fulfil orders placed with you.
According to Art. 6 Para. 1 S. 1 lit. b DSGVO, data processing is necessary for the aforementioned purposes for the appropriate processing and mutual fulfilment of obligations arising from the contract. We process the data which we have received from you within the scope of our business relationship as well as data which we have collected from publicly accessible directories (e.g. commercial register).
The personal data collected by us for the business relationship will be stored until the end of the statutory retention period and deleted thereafter unless you have consented to further storage in accordance with Art. 6 Para. 1 S. 1 lit. a DSGVO.
Disclosure of data to third parties:
Your personal data will not be transferred to third parties for purposes other than those listed below.
Your personal data will only be passed on to third parties insofar as this is necessary for the fulfilment of contractual relationships with you pursuant to Art. 6 para. 1 sentence 1 lit. b and lit. f DSGVO.
This includes in particular the following disclosures:
If business trips are necessary, Sonplas must also pass on your personal data to required bodies in third countries (e.g: The data protection authorities (e.g.: authorities issuing visas and residence permits, airlines, customers, hotels, travel agencies) which are not bound by the European data protection regulations of the DS-GVO and cannot guarantee the adequacy of the data protection level.
In the context of external accounting the data gets passed to our tax advisors, auditors and the tax authorities, on a case-by-case basis, to our legal advisors and credit agencies. To forwarding agents, logistics service providers and insurers to fulfil existing delivery obligations. The data gets passed to providers of payment services (e.g. credit institutions, insurers) for the preparation and settlement of payments. In justified cases the data gets passed to public institutions and to IT service providers in order to maintain the IT infrastructure and data security.
The passed on data may be used by the third parties exclusively for the named purposes.
In some cases, we use external service providers to process your data (e.g. software manufacturer).
These have been carefully selected and commissioned by us, and are forwarded to our instructions and are regularly monitored.
IX. Links to other providers
Our website contains – clearly visible – also links to websites of other companies.
If links to websites of other providers exist, we have no influence on their contents. We can therefore not be made liable for these contents. The corresponding provider or operator of the sites is always responsible for the contents of these sites. The linked sites were checked for any possible and identifiable legal violations at the time the link was established. Unlawful contents could not be identified at the time the link was established. However, a constant content check of the linked sites is not reasonable without any specific indications of a legal violation. Should legal violations become known, such links will be immediately removed.
X. Google Maps
Our website uses Google Maps API which is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (»Google«) in order to visually display geographical information. By using this website you agree with the collection, processing as well as the use of the automatically collected data by Google, their representatives and third parties.
If you do not agree with this processing of your data, you will have the option to deactivate the service of “Google Maps” , thus preventing the transmission of data to Google. For this purpose, you must deactivate the Java script function in your browser. However, we would like to pint out that in this case you can not use “Google Maps” or only to a limited extent.
This website uses functions of the web analysis service Google Analytics. Provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States.
Google Analytics cookies are stored on the basis of Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising.
We have activated the IP anonymization function on this website. This will cause Google to shorten your IP address within member states of the European Union or other signatory states to the Agreement on the European Economic Area before it is transmitted to the United States. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google.
Objection to data collection:
You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent the collection of your information on future visits to this website: Disable Google Analytics
Order data processing
We have concluded a contract with Google for order data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Demographic characteristics of Google Analytics
This website uses the function “demographic features” of Google Analytics. This allows reports to be generated that contain information about the age, gender and interests of site visitors. This data comes from interest-related advertising by Google and visitor data from third parties. This information cannot be associated with any specific individual. You can deactivate this function at any time via the ad settings in your Google Account or generally prohibit Google Analytics from collecting your data as described under “Objection to data collection”.
If you do not agree, you can opt-out by selecting the appropriate settings in the “My Account” section of your Google Account.
XII. SSL- or TLS-encryption
This site uses a SSL or TLS encryption for security reasons and for the protected transmission of confidential contents such as orders or requests that you send to us as the operator of the site. You can recognise an encrypted connection when the lock symbol appears in your browser line and when the address line of your browser switches from “http://” to “https://”.
Should the SSL or TLS encryption be activated, the data that you transmit to us can not be read by a third party
XIII. Rights of the persons concerned
If your personal data are processed, you are a person concerned according to the GDPR and you have the following rights towards the responsible party:
1. Right to confirmation
If you have asserted towards the responsible party the right to the correct, delete or restrict the processing, the responsible party is obligated to inform all recipients to which your personal data have been disclosed about the correction or deletion of the data or the restriction of the processing unless it turns out to be impossible or requires unreasonable effort.
You have the right towards the responsible party to be informed about these recipients.
2. Right to information
You can ask the responsible party to confirm whether we will process personal data concerning you.
If there is such a processing, you can ask the responsible party to provide the following information:
(1) the purposes for which personal data are processed;
(2) the categories of personal data that are processed;
(3) the recipients or the categories of recipients to which the personal data related to you have been disclosed or will still be disclosed;
(4) the planned duration of the storage of your personal data or, if specific information can not be provided on this, the criteria for determining the storage period;
(5) the existence of a right to correct or delete personal data related to you or to restrict the processing by the responsible party or of a right to object to this processing;
(6) the existence of a right to appeal at a supervisory authority;
(7) If the personal data are not collected from the person concerned, all available information about the origin of the data;
(8) the existence of an automated decision-making including profiling according to Sections 22 Paragraphs 1 and 4 GDPR and – at least in these cases – meaningful information about the involved logic as well as the scope and the pursued effects that such a processing has on the affected person.
You have the right to request information whether the personal data affecting you are transmitted to a third country or an international organisation. In this context, you can request information about the suitable guarantees in accordance with Section 46 GDPR in connection with the transmission.
3. Right to correction
You have the right towards the responsible party to a correction and/or completion if the processed personal data concerning you are incorrect or incomplete. The responsible party has to carry out the correction immediately.
4. Right to a restricted processing
Under the following conditions, you can request the restricted processing of the personal data concerning you:
(1) if you dispute the correctness of the personal data affecting you for a period of time that will allow the responsible data to check the correctness of the personal data;
(2) if the processing is unlawful and you rejected to the deletion of the personal data and instead have requested to restrict the use of the personal data;
(3) if the responsible party no longer requires the personal data for processing but requires the data for the assertion, execution or defence of legal claims or
(4) If you have filed an objection against the processing according to Section 21 Para. 1 GDPR and it has not yet been determined whether the legitimate reasons provided by the responsible party outweigh your reasons.
If the processing of the personal data concerning you has been restricted, these data – apart from their storage – may be processed only with your consent if you assert, exercise or defend legal claims or for the protection of the rights of another individual or legal body for reasons of an important public interest of the Union or a member state.
If the restriction of the processing is restricted according to the above mentioned conditions, you will be informed by the responsible party before the restriction is lifted.
6. Right to delete (“right to be forgotten”)
a) Obligation to delete
You have the right to ask the responsible party to immediately delete the personal data concerning you and the responsible party is obligated to immediately delete the personal data if the following reasons apply:
(1) The personal data concerning you are no longer necessary for the purposes for which they have been collected or processed in other ways.
(2) You rescind your agreement on which the processing according to Section 6 Para. 1 lit. a or Section 9 Para. 2 lit. a DSGVO is based and there is no other legal basis for the processing.
(3) You object against the processing according to Section 21 Para. 1 GDPR and there are no primary legitimate reasons for the processing or you appeal against the processing in accordance with Section 21 Para. 2 GDPR.
(4) The personal data concerning you were unlawfully processed.
(5) The deletion of the personal data concerning you is required in order to comply with a legal obligation according to EU law or the law of the member states that the responsible party subject to.
(6) The personal data concerning you were collected in regard to offered services of the information society according to Section 8 Para. 1 GDPR.
a) Information disclosed to third parties
If the responsible party has made public the personal data and we are obligated to delete them according to Section 12 Para. 1 GDPR, the responsible party will then take appropriate measures considering the available technology and the costs for the implementation, also of a technical kind, in order to inform the persons responsible for the data processing of your personal data that you have requested the deletion of all links to these personal data or copies or replications of these personal data.
The right to delete does not exist if the processing is required
(1) for exercising the right to freedom of expression and information;
(2) for complying with a legal obligation that requires the processing according to the law of the Union or the member states that the responsible party is subject to or for performing a task that is in the public interest or is done to exercise public authority that was assigned to the responsible party;
(3) for reasons of public interest in the area of public health according to Section 9 Para. 2 lit.h and i as well as Section 9 Para. 3 GDPR;
(4) for archiving purposes in the public interest, research or historical research purposes or for statistical purposes according to Section 89 Para. 1 GDPR, if the right named under section a) will likely make the realisation of the goals of this processing impossible or seriously affect them
(5) for asserting, exercising or defending legal claims.
17. Right to data portability
You have the right to receive your personal data that you provided to the responsible party in a structured, common and machine-readable format. You also have the right to transmit these data to another responsible person without any interference by the responsible party to which you have provided the personal data if
(1) the processing is based on consent according to Section 6 Para. 1 lit. a GDPR or Section 9 Para. 2 lit. a GDPR or a contract according to Section 6 Para. 1 lit. b GDPR and
(2) the processing is carried out using automated processes.
When exercising this right, you have also the right to effect that your personal data are transmitted directly from a responsible party to another responsible person if this is technically feasible. The freedoms and rights of other persons may not be affected by this.
The right to data portability does not apply to the processing of personal data that is required for performing a task in the public interest or is done to exercise public authority that was assigned to the responsible party.
18. Right to object
You have the right – for reasons arising from your special situation – to object to the processing of personal data affecting you based on Section 6 Para. 1 Letters e or f GDPR; this also applies to profiling based on these provisions.
The responsible party will no longer process the personal data unless it can prove compelling processing reasons worthy of protection, which outweigh your interests, rights and freedoms or the processing is used to assert, exercise or defend legal claims.
If the personal data is processed for direct advertising, you will have the right to object at any time against the processing of your personal data for the purpose of such advertisement; this also applies to the profiling if it is connected with such direct advertising.
If you object to the processing for direct advertising purposes, the personal data concerning you will then no longer be processed for these purposes.
Irrespective of the Directive 2002/58/EC, you have in connection with the use of services of the information society the option to exercise your right to object using automated processes for which technical specifications are used.
19. Right to withdraw the declaration of consent under privacy law
You have the right to withdraw your declaration of consent under privacy law at any time. The withdrawal of consent does not affect the legality of the processing that took place until the withdrawal.
20. Automated decisions in individual cases including profiling
You have the right to be subjected to a decision based not exclusively on an automated processing – including profiling – which will have a legal effect against you or significantly affect you in a similar way. This does not apply if the decision
(1) is required for the conclusion or performance of a contract between you and the responsible party,
(2) is admissible based on legal provisions of the Union or its member states that the responsible party is subject to and if these legal provisions include reasonable measures to protect your rights and freedoms as well as your legitimate interests.
(3) is made with your express consent.
However, these decisions may not be based on special categories of personal data according to Section 9 Para. 1 GDPR unless Section 9 Para. 2 lit. a or g GDPR applies and reasonable measures have been taken to protect the rights and freedoms as well as your legitimate interests.
In regard to the cases named in (1) and (3), the responsible party will take appropriate measures to protect the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person by the person responsible, to state his or her own position and to challenge the decision..
21. Right to appeal at a supervisory authority
Irrespective of another administrative or legal remedy, you have the right to appeal at a supervisory authority, especially in the member state of your residence, your place of employment or the location of the alleged violation if you believe that the processing of the personal data related to violates the GDPR.
The regulatory authorities to whom the appeal was submitted informs the complainant about the status and the results of the appeal including the possibility of a legal remedy according to Section 78 GDPR.