Data protection policy

Data protection policy of the SUN-WA TECHNOS (EUROPE) GmbH for the website https://www.sunwa.eu/en

1.    Name and address of the controller

The controller in the sense of the General Data Protection Regulation (GDPR), of the data protection regulations holding good in the member states of European Union and of other regulations with a legal data-protecting character is the:

SUN-WA TECHNOS (EUROPE) GmbH
Bleichstraße 1
D-60313 Frankfurt am Main Tel.: (+49) 69 / 133 89 50
Fax: (+49) 69 / 133 89 511
Website: https://www.sunwa.eu/en

2.    Name and address of the data protection officer

The data protection officer of the controller for the processing is:

Mr. Erdem Durmus
NOTOS Xperts GmbH
Heidelberger Straße 6
64283 Darmstadt
Germany
phone: (+49) 6151 / 520 10 60
email: [email protected]

Each data subject can turn at any time directly to our data protection officer with all questions and suggestions on data protection.

3.    Definitions

The data protection policy of the SUN-WA TECHNOS (EUROPE) GmbH is based on the definitions which have been used by the European directive and order issuing office in formulating the General Data Protection Regulation (GDPR). The data protection information of the SUN-WA TECHNOS (EUROPE) GmbH should be easily read and understood not only by the general public but also by our customers and business partners. In order to ensure this, we would like to clarify in advance the definitions used.

In this data protection information and on our website, we use - amongst others - the following terms:

3.1    Personal data

Personal data is any information relating to an identified or identifiable natural person (hereafter "data subject"). Defined as identifiable is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

3.2    Data subject

Data subject is each identified or identifiable natural person, whose personal data is processed by the controller for the processing.

3.3    Processing

Processing means any operation or set of operations which is carried out in connection with personal data - whether or not by automated means - such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

3.4    Restricting of the processing

Restricting of the processing is the marking of personal data as stored with the objective of restricting its processing in the future.

3.5    Profiling

Profiling is each type of the automated processing of personal data, which consists of this personal data being used to permit particular personal aspects relating to a particular natural person, and here in particular aspects in respect of work performance, economic situation, health, personal likes, interests, reliability, behaviour, place of residence or change of place of residence of this natural person to be evaluated, analysed or forecast.

3.6    Pseudonymization

Pseudonymization is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, in so far as this additional information is kept in a special way and subjected to technical and organizational measures which ensure that the personal data cannot be assigned to an identified or identifiable natural person.

3.7    Controller or party responsible for the processing

Controller or party responsible for the processing (hereafter controller) is the natural person or legal entity, authority, institution or other post, which alone or together with others decides on the purposes and means of the processing of personal data. If the purposes and means of the processing are laid down in European Union legislation or the legislation of the member states, then the controller or the particular criteria of the appointment of this controller in accordance with European Union legislation or the legislation of the member states can be provided.

3.8    Processor

Processor is a natural person or legal entity, authority, institution or other post, which processes the personal data on the instructions of the controller.

3.9    Recipient

Recipient is a natural person or legal entity, authority, institution or other post to which personal data are disclosed regardless of whether this is a third party or not. However, authorities, which receive within the framework of a particular investigation order in accordance with European Union legislation or the legislation of the member states data which possibly may be/contain personal data, do not hold good as recipients.

3.10    Third party

Third party is a natural person or legal entity, authority, institution or other post with the exception of the data subject, the controller, the order processor and those persons which are authorized under the direct responsibility of the controller or of the order processor to process the personal data.

3.11    Consent

Consent is each declaration of will given voluntarily by the data subject for the definite case in an informed and unambiguous manner in the form of a declaration or other unambiguous confirmatory action, with which the data subject makes clear that he/she agrees to the processing of personal data relating to himself/herself.

4.    General information on data processing; legal basis, purposes of processing, duration of storage, objection and possibility of erasure

4.1    General information on the legal basis

Where we obtain the consent of the data subject for the processing of personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.
Art. 6 para. 1 lit. b GDPR serves as the legal basis for the processing of personal data required for the performance of a contract to which the data subject is a party. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
Art. 6 para. 1 lit. d GDPR serves as a legal basis in the event that vital interests of the data subject or another natural person necessitate the processing of personal data.
If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.

4.2    General information on data erasure and storage duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. In addition, the data may be stored if the European or national legislator has provided for this in EU regulations, laws or other provisions to which the person responsible is subject. The data shall also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless it is necessary for further storage of the data for the conclusion or performance of a contract.

4.3    General information on processing on our website

Data protection, data security and secrecy protection have high priority for SUN-WA. The permanent protection of your personal data, your company data and your trade secrets is particularly important to us.
In principle, you can visit our website without providing any personal information. However, if you make use of the services of our company via our website, this requires the disclosure of your personal data. In general, we use the data communicated by you and collected by the website and the data stored during use exclusively for our own purposes, namely for the implementation and provision of our website and for the initiation, implementation and processing of the services offered via the website (contract performance) and do not pass these on to outside third parties, unless there is an officially ordered obligation to do so. In all other cases, we will obtain your separate consent.
Your personal data will be processed in accordance with the requirements of the General Data Protection Regulation and in accordance with the country-specific data protection regulations applicable to SUN-WA. By means of this data protection note, we would like to inform you about the type, scope and purpose of the personal data processed by us. In addition, we will inform you of your rights by means of this data protection notice.
SUN-WA has implemented technical and organizational measures to ensure adequate protection of personal data processed via this website. Nevertheless, Internet-based data transmissions can in principle have security gaps, so that absolute protection cannot be guaranteed.

5.    Collection of general data and information

The website of SUN-WA collects a series of general data and information each time a data subject or an automated system accesses the website. This general data and information is stored in the log files of the server. The (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub-sites which are accessed via an accessing system on our website can be recorded, (5) the date and time of an access to the website, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system and (8) other similar data and information which serve to avert danger in the event of attacks on our information technology systems.

When using this general data and information, SUN-WA does not draw any conclusions about the data subject. Rather, this information is required to (1) correctly deliver the content of our website, (2) optimize the content and advertising of our website, (3) ensure the long-term functionality of our information technology systems and the technology of our website, and (4) provide law enforcement authorities with the information they need to prosecute a cyber-attack. This anonymous data and information is therefore evaluated by SUN-WA both statistically and with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimum level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by the data subject.
 

Legal basis    Storage purpose Storage duration Objection / opportunity for elimination
Art. 6 para. 1 lit. f GDPR
(legitimate interest)
 
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the IP address of the user must remain stored for the duration of the session.    
 
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data to provide the website, this is the case when the session in question has ended.

If the data is stored in log files, this is the case after seven days at the latest. A storage going beyond this is possible. In this case the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.
No, as necessary for operation of the website.

6.    Contact form; e-mail contact, fax and phone contact; Newsletter

6.1     Contact form; e-mail contact, fax and phone contact

On our website there is a contact form which can be used for electronic contact. If a user makes use of this possibility, the data entered in the input mask will be transmitted to us and stored. These data are:

  • Company
  • Contact person
  • Email*
  • Phone (selection of country codes)
  • Message

* mandatory information

At the time the message is sent, the following data will also be stored:

  • The IP address of the user
  • Date and time of dispatch

Contact information is also available on our website. It is possible to contact us via the e-mail address or telephone number provided. If you contact us via one of these options, your personal data transmitted to us will be automatically stored (e-mail, fax) or collected by us and stored manually.  

The data will not be passed on to third parties in this context. The data will be used exclusively for the processing of the conversation or the processing of your request.
 

Legal basis    Storage purpose Storage duration Objection / opportunity for elimination
The legal basis for the processing of the data in the case of enquiries via the contact form and/or e-mail and telephone is generally Art. 6 Para. 1 lit. b. GDPR

(Performance of contract; Pre-contractual measures);

Art. 6 para. 1 lit. c. GDPR (fulfilment of a legal obligation, e.g. answering questions on data protection) and 
otherwise Art. 6 para. 1 lit. f GDPR  

(legitimate interest).
 
The processing of personal data from the input mask or e-mail and telephone serves us solely to process the establishment of contact. This is also the necessary legitimate interest in the processing of the data.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.    
 
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by e-mail or  communicated by telephone, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the relevant facts have been conclusively clarified.

The above does not apply if the correspondence is subject to a retention obligation under commercial law.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
The user has the possibility to object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.

6.2    Newsletter

The newsletter is sent on the basis of your application at the website in the modus of the double-opt-in process whereby at the time of the application for the newsletter your email address from the input mask is processed for the purpose of sending you informative emails with news and updates from our website.
Consent to the processing of the e-mail address for the purpose of sending newsletter e-mails is given by clicking on the second, voluntary checkbox "Newsletter" under the contact form or under the application form.
When signing up for the newsletter the following technical (personal) data will be collected:

  • IP address of the calling computer
  • Date and time of the registration

For the processing of the data your consent will be obtained within the framework of the registration process by way of the Double-Opt-In procedure whereby reference is made to this data protection policy.

Legal basis    Storage purpose Storage duration Objection / opportunity for elimination
Legal foundation for the processing of the data following the user requesting sending of the newsletter is - when the consent of the user is held - Article 6 Para. 1 lit. a GDPR.

(consent)
 
The collection of the e-mail serves to permit the newsletter to be sent.

The collection of other personal data within the framework of the application process serves to prevent misuse of the services or of the e-mail used. The collection of other personal data within the framework of the application process serves to prevent abuse of the services or of the e-mail address used. 
The date is deleted as soon as it is no longer necessary for achieving the purpose of their collection. Accordingly, the e-mail address of the user is kept stored for as long as the subscription for the newsletter is active.

The other personal data collected within the framework of the application process is deleted as a rule after a period of seven days. 
The subscription for the newsletter can be terminated at any time by the relevant user. For this purpose, there is an appropriate deactivation link in each issue of the newsletter.

Terminating the subscription represents at the same time a revocation of the consent to the storing of personal data collected during the application process.

 

7.    Data protection for applications and in the application process; application form

We collect and process personal data of applicants for the purpose of processing the application process. The processing can also be carried out electronically. This is particularly the case if an applicant submits corresponding application documents to us electronically, for example by e-mail. If we conclude an employment contract with you as an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the data controller does not conclude an employment contract with the applicant, the application documents will be deleted six months after the rejection decision has been announced, provided that there are no other legitimate interests of the data controller that oppose deletion. Other legitimate interests in this sense include, for example, the duty to provide evidence in proceedings under the German General Act on Equal Treatment (Allgemeines Gleichbehandlungsgesetz – AGG).

We also have an application form on our site. With the use of this form personal data of you will be processed. The respective input masks and buttons are as follows:

  • Name
  • Surname
  • Email address
  • Phone
  • CV upload (button to upload files) *
  • Description

* You may upload one file only. The file size is limited to 50 MB. The allowed file formats are txt, rtf, pdf, doc, docx, odt, ppt, pptx, odp, xls, xlsx, ods.
 

Legal basis    Storage purpose Storage duration Objection / opportunity for elimination
The legal basis for the processing of the data in the case of enquiries via the application form and/or e-mail is usually Art. 6 Para. 1 lit. b. GDPR 
(Fulfilment of employment contract; Pre-employment contract measures);
Art. 6 para. 1 lit. c. GDPR (fulfilment of a legal obligation, e.g. answering questions on the application procedure) and 
otherwise Art. 6 para. 1 lit. f GDPR 
(legitimate interest) and
Special statutory authorisation norms, such as collective agreements, works agreements, income tax laws, etc. It will also refer to the Processing Directory Personnel/HR.
 
If we conclude an employment contract with you as an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions.  If the controller does not conclude a contract of employment with the candidate, the application file shall be automatically deleted six months after notification of the refusal decision, unless erasure conflicts with any other legitimate interests of the controller.  

Other legitimate interests in this sense include, for example, the duty to provide evidence in proceedings under the German General Act on Equal Treatment (Allgemeines Gleichbehandlungsgesetz – AGG).
Only general possibilities of objection and removal.

8. Cookies

Description and scope of the data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. If a user calls up a website, a cookie can be stored on the user's operating system. This cookie contains a typical string of characters that enables the browser to be uniquely identified when the website is called up again.

We use cookies to make our website more user-friendly. Some elements of our website require the calling browser to be able to be identified even after a page change.

The following data is stored and transmitted in the cookies:

  • Language settings
  • Log-in information

Following in this connection is a reference to how that storing of cookies can be prevented in the browser settings.

  • Mozilla Firefox: https://support.mozilla.org/en-US/kb/disable-third-party-cookies
  • Chrome Browser: https://support.google.com/accounts/answer/61416?hl=en
  • Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies

Please note that if you deactivate cookies, you may not be able to use our website properly.

Legal basis    Storage purpose Storage duration Objection / opportunity for elimination
Article 6 Para. 1 lit. f GDPR (legitimate interests) for strictly technically essential cookies The purpose behind the use of strictly technically essential cookies is that of making use of the website easier for the user. Certain functions of our website cannot be offered without the use of cookies. For these functions it is necessary that the browser is recognized even after a page change.
This purpose also includes our legitimate interest in the processing of the personal data in accordance with Article 6 Para. 1 lit. f GDPR.
Cookies are stored on the user's computer and are transmitted from this to our website. Accordingly, you as a user have full control over the use of cookies. By carrying out a change to the settings of your browser you can deactivate cookies or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be carried out automatically. However, if cookies for our website are deactivated, it may no longer be possible to use all the functions of the website in full.
The transmission of flash cookies cannot be prevented via the browser settings but requires changes to the setting of the flash player.

 

9.    Use of analysis programs and other tools

  • Data protection regulations for the application of Google Analytics (with anonymization function)

We have integrated on this website the Google Analytics component (with anonymization function). Google Analytics is a web-analysis service. Web-analysis is the collecting, compilation and evaluating of data concerning the behaviour of the visitors to websites. A web-analysis service collects - amongst other things - data on from which website (the so-called referrer) a data subject has come to a website, which subsites of the website were accessed or how often and for what period a subsite was watched. Web-analysis is used primarily for optimization of a website and for cost-benefit analysis of Internet advertising.

The operating company of the Google-Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The party responsible for the processing uses the suffix  „_gat._anonymizeIp“ for the web analysis via Google Analytics. With the aid of this suffix the IP-address of the Internet connection of the data subject is abbreviated and anonymized if the access to our website comes from a member state of the European Union or from another signatory of the agreement on the European Economic Area.

The purpose of the Google Analytics component is the analysis of the visitor flows to our website. Google uses the data and information obtained in order to - amongst other things - evaluate the use of our website, to prepare for us online reports which show the activities on our website and to provide further services linked with the use of our website.

Google Analytics sets a cookie on the IT system of the data subject. What cookies are has been explained above. The setting of cookies enables Google to analyse the use of our website. With each call of an individual page of this website, which is operated by the party responsible for the processing and on which a Google Analytics component has been integrated, the Internet browser on the IT-system of the data subject is automatically caused by the particular Google Analytics component to transmit data to Google for the purpose of online analysis. Within the framework of this technical process, Google obtains knowledge of personal data such as the IP-address of the data subject, which data enables Google to - amongst other things - trace the origin of the visitor and clicks and as a consequence to make possible the issuing of commission invoices.

With the aid of cookies items of information related to personal data, e.g. the access time, the place from which an access started and the frequency of the visits to our website by the data subject, are stored. With each visit to our website this personal data including the IP-address of the Internet connection used by the data subject is transmitted to the United States of America. This personal data is stored by Google in the U.S.A. In certain circumstances Google passes on this personal data as collected via the technical process to third parties.

As has already been described above, the data subject can prevent the setting of cookies by our website at any time by making an appropriate setting on his/her Internet browser as used and thereby object to the setting of cookies in a durable manner. Such a setting of the Internet browser used would also prevent Google from setting a cookie on the IT system of the data subject. In addition, a cookie that has already been set by Google Analytics, can be deleted at any time via the Internet browser or another software program.

Furthermore, the data subject can object to collection of the data relating to use of this website generated by Google Analytics and to the processing of this data by Google and to prevent such collection. For this the data subject must download and install a browser add-on under the link https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics via JavaScript that no data and no information on the visiting of websites may be transmitted to Google Analytics. The installation of the browser add-on is evaluated by Google as an objection. If the IT system of the data subject is deleted, formatted or installed anew at a later point in time, then the data subject must carry out the installation of the browser add-on again in order to deactivate Google Analytics. In so far as the browser add-on is deinstalled or deactivated by the data subject or by another person, who can be considered to belong to the area of control of the data subject, then the browser add-on can be installed or activated again.

Further information and the valid and applicable data protection regulations of Google can be called under https://www.google.de/intl/de/policies/privacy/ as well as under http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail under this link: https://www.google.com/intl/de_de/analytics/.

  • Data protection regulations for the application of Google Tag Manager

Google Tag Manager is a tool that allows us to administrate website tags from a single interface. The Tool Tag Manager itself (which implements the tags) is a cookie-free domain and does not collect any personal data. The tool causes other tags to be triggered, which in turn may collect data. Google Tag Manager does not access this data. If deactivation has been made at the domain or cookie level, it will remain in effect for all tracking tags implemented with Google Tag Manager. http://www.google.de/tagmanager/use-policy.html

However, if you do not wish to do so, you can also prevent cookies from being saved here using your browser settings. Furthermore, you have the possibility to select the types of Google ads or to deactivate interest-based ads on Google via the settings for advertising (https://adssettings.google.com/authenticated?hl=en). Finally, you can disable the use of cookies by third parties by using the Network Advertising Initiative's disabling tool (http://optout.networkadvertising.org/?c=1#!/).

  • Data protection regulations for the application of OpenStreetMap & Leaflet

On this website maps of the OpenSource Initiative OpenStreetMap are integrated. The integration of the maps is done via a server of the OpenStreetMap Foundation in Germany. Additionally, we use an external service of the OpenSource JavaScript library Leaflet. The integration of the information is done via a server of Leaflet in the USA. The following information is transmitted to Leaflet and OpenStreetMap: current page view and IP address. You can find more information about this on the following page:

https://wiki.osmfoundation.org/wiki/Privacy_Policy

10.    Your rights

If personal data is processed by you, you are the data subject within the meaning of the GDPR and you are entitled to the following rights towards the data controller:

10.1    Right of access

You can obtain confirmation from the data controller as to whether or not personal data concerning you will be processed by us.  
In the event of such processing, you may request the following information from the data controller:

  1. the purposes of the processing;
  2. the categories of personal data concerned;
  3. the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
  4. where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  5. the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
  6. the right to lodge a complaint with a supervisory authority;
  7. where the personal data are not collected from the data subject, any available information as to their source;
  8. the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to request information as to whether the personal data concerning you will be transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transfer.

10.2    Right to rectification

You have the right to have your personal data rectified and/or completed by the data controller if the personal data processed concerning you is inaccurate or incomplete. The data controller must carry out the rectification immediately.

10.3    Right to restriction of processing

Under the following conditions, you may request that the processing of your personal data be restricted:

  1. if you dispute the accuracy of the personal data concerning you for a period which enables the person responsible to verify the accuracy of the personal data;
  2. the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
  3. the controller no longer needs the personal data for the purposes of the processing, but you need them for the assertion, exercise or defence of legal claims, or
  4. if you have objected to the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been established whether the legitimate reasons of the data controller outweigh your reasons.

Where the processing of personal data concerning you has been restricted, such data may not be processed, with the exception of their storage, without your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or for reasons of an important public interest of the Union or of a Member State.

If the processing restriction has been limited in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

10.4    Right to erasure

10.4.1    Obligation to erase personal data

You may request the data controller to delete the personal data concerning you immediately and the data controller is obliged to delete this data immediately if one of the following reasons applies:

  1. The personal data relating to you are no longer necessary for the purposes for which they were collected or otherwise processed.
  2. You withdraw your consent on which the processing pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR was based and there is no other legal basis for the processing.
  3. You object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate reasons for the processing or you object to the processing pursuant to Art. 21 para. 2 GDPR.
  4. The personal data have been processed unlawfully.
  5. The erasure of your personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.
  6. The personal data relating to you have been collected in relation to information society services offered pursuant to Article 8(1) GDPR.


10.4.2    Information to third parties

If the data controller has made the personal data concerning you public and is obliged to delete them in accordance with Art. 17 para. 1 GDPR, he shall take appropriate measures, also of a technical nature, taking into account the available technology and the implementation costs, to inform the data controllers who process the personal data that you as the data subject have requested them to delete all links to this personal data or copies or replications of this personal data.

10.4.3    Exceptions

The right to erasure does not apply if the processing is necessary

  1. for exercising the right of freedom of expression and information;
  2. for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  3. for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) GDPR;
  4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  5. for the establishment, exercise or defence of legal claims.

Furthermore, the right to erasure does not apply if the personal data must be stored by the controller due to legal storage obligations and periods. In such a case, the personal data will be blocked instead of deleted.

10.5    Notification obligation

If you have exercised your right to rectify, erase or limit the processing of your personal data against the controller, the latter is obliged to notify all recipients to whom the personal data concerning you have been disclosed of such rectification, erasure or limitation, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed of such recipients by the data controller.

10.6    Right to data portability

You have the right to receive the personal data concerning you that you have provided to the data controller in a structured, common and machine-readable and interoperable format. In addition, you have the right to communicate this data to another controller without being hindered by the controller to whom the personal data was provided, provided that

  1. the processing is based on a consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and
  2. the processing is carried out by automated means.

In exercising this right, you also have the right to request that the personal data be transferred directly from one controller to another controller, insofar as this is technically feasible. Freedoms and rights of other persons must not be affected by this.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

10.7    Right to object

You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data on the basis of Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions.

The data controller will no longer process the personal data concerning you unless he can prove compelling grounds for processing worthy of protection which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the personal data concerning you are processed for the purpose of direct marketing, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is connected with such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.

You have the possibility to exercise your right of objection through automated procedures using technical specifications in connection with the use of Information Society services, notwithstanding Directive 2002/58/EC.

10.8    Right to revoke the data protection declaration of consent

You have the right to revoke your declaration of consent under data protection law at any time and without stating reasons. In the event of revocation, we will immediately delete your personal data and no longer process it.  The revocation of your consent does not affect the legality of the processing carried out on the basis of your consent until you revoke your consent.

10.9    Automated individual decision-making, including profiling

You have the right not to be subject to any decision based solely on automated processing, including profiling, that has any legal effect on you or similarly significantly affects you. This does not apply if the decision

  1. is necessary for the conclusion or performance of a contract between you and the controller,
  2. is authorised by legislation of the Union or of the Member States to which the controller is subject and contains appropriate measures to safeguard your rights and freedoms and your legitimate interests; or
  3. with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.

In the cases referred to in (1) and (3), the controller shall take reasonable steps to safeguard the rights and freedoms and your legitimate interests, including at least the right of the controller to obtain the intervention of a person, to present his or her point of view and to contest the decision.

10.10    Right of appeal to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of your residence, place of work or place of presumed infringement, if you consider that the processing of your personal data is in breach of the GDPR.  

The supervisory authority with which the complaint was lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

11.    Links to external websites

On our site there are several links to third party websites. We assume no responsibility for data protection on these websites. For more information, please refer to the data protection information of the respective websites.

Status: 29.04.2020
Controller: SUN-WA TECHNOS (EUROPE) GmbH