Data protection

  • Privacy policy - Website

    Sonne und Haben GmbH, Pappelallee 78/79, 10437 Berlin ("Sonne und Haben") operates the website sonne-und-haben.de ("Website") on which it provides information about its services and offers contact options.

    The protection of personal data is very important to Sonne und Haben. The extent to which data is collected when visiting the website and using the services offered there and the purpose for which it is processed is explained in the following privacy policy. Sonne und Haben complies with all applicable legislation on the protection of personal data and data security.

    The legal basis for data processing is Art. 6 para. 1 a), Art. 7 GDPR for consent, Art. 6 para. 1 b) GDPR for the performance of services and implementation of contractual obligations, Art. 6 para. 1 c) GDPR for the fulfillment of legal obligations and Art. 6 para. 1 f) GDPR for the protection of legitimate interests. In the case of the processing of special categories of personal data, Art. 9 para. 2 GDPR serves as the legal basis.

    I. Name and contact details of the controller

    The controller within the meaning of Art. 4 GDPR for the processing of personal data is

    Sonne und Haben GmbH
    Pappelallee 78/79, 10437 Berlin
    sonne-und-haben.de

    II Type of data processed / purpose of processing / legal basis

    Below we explain what type of personal data is processed when you visit the website and use the offer. Processing in this sense means any form of use of the data, e.g. collection, recording, storage, provision, organization, transmission, presentation, editing, deletion, reading or querying. Personal data is only processed to the extent necessary for the provision of the offer, communication with users, the provision of services, the implementation of the contractual/business relationship, the optimization of business processes and the needs-based design of our services.

    We observe the principle of data minimization and only process your personal data in strict compliance with data protection regulations. In particular, the relevant data will only be processed if there is a legal permission/legal basis.

    1. visit the website

    1.1 Server log files

    You can visit our website without providing any personal data. However, every time you access our website, usage data is transmitted by your internet browser and stored in log data (server log files). This stored data includes, for example, information about your browser, your network and your device as well as the referrer URL (websites that you accessed before visiting our website) and your IP address.

    This data is used to ensure the trouble-free operation of our website and to improve our offering. Processing is necessary to ensure the security and stability of the system and convenient use of the website.

    We also use the log data for statistical evaluations for the purpose of optimizing the processes and the security of the services. We reserve the right to check the log data retrospectively if, on the basis of concrete evidence, there is a suspicion of unlawful use of the service provided.

    The legal basis for data processing is Art. 6 (1) b) and f) GDPR.

    1.2 Cookies

    The website uses cookies, which can also be set by third-party providers (see also V. and VI.). These are short data packets that are exchanged between computer programs or text files that are stored on the visitor's end device. Session cookies are deleted again after you close your browser, whereas persistent cookies remain on your device and enable us to recognize your browser the next time you visit our website.

    You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of the website may be restricted.

    The legal basis for data processing is Art. 6 para. 1 b) and f) GDPR for cookies that are technically necessary for the operation of the website.

    The legal basis for data processing for all other cookies that are not technically necessary for the operation of the website is your consent in accordance with Art. 6 para. 1 a) GDPR.

    You can find a detailed overview of the cookies we use, their purpose, their duration and the possibility of giving or withdrawing your consent to optional cookies in the cookie declaration.

    2. contact

    If you contact us at our postal or e-mail address provided on the website, we will process the contact details you provide, i.e. name, postal or e-mail address, as well as any additional information you provide voluntarily.

    In this case, the processing of the contact data you use is essential in order to contact you and respond to your request. If additional data is provided, it is processed in order to individualize you and to be able to respond to your request in the best possible way.

    The legal basis for data processing is Art. 6 (1) a), b) and f) GDPR.

    3rd Newsletter

    We offer a newsletter by e-mail. If the contents of the newsletter are specifically described when you register for the newsletter, they are decisive for your consent. Otherwise, our newsletters contain information about our services and us.

    To receive the newsletter, you must provide your e-mail address. Before the newsletter is sent, you must expressly confirm that you wish to receive our newsletter as part of the so-called double opt-in procedure. You will then receive a confirmation and authorization e-mail with a link. If you click on this link, you confirm that you wish to receive the newsletter.

    As part of the registration process, your e-mail address, your IP address and the time of registration and confirmation are logged. We also record how often the newsletter is opened by recipients and which links are clicked on.

    The purpose of the newsletter is to inform you about the content described in the registration process, which regularly includes our offers and current developments. The purpose of collecting your e-mail address is to send you the newsletter. The logging of the registration process (IP address and registration data) serves to be able to legally prove your registration in our e-mail distribution list and to be able to defend ourselves against any accusations of unsolicited e-mails. The evaluation of click behaviour is used to optimize the newsletter and for statistics and performance measurement.

    The legal basis for data processing is Art. 6 (1) a) and f) GDPR.

    You can unsubscribe from the newsletter at any time. You will find an unsubscribe link to this effect in every newsletter sent. Alternatively, you can revoke your consent by contacting us at kontakt@sonne-und-haben.de, by post or by telephone. We may store the unsubscribed email addresses for up to three years on the basis of our legitimate interests before deleting them in order to be able to prove that consent was previously given. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed at the same time.

    III Duration of storage

    Your data will be stored for as long as is necessary to fulfill the above-mentioned purposes.

    As soon as this is no longer the case, e.g. after complete termination of the contractual/business relationship, including expiry of any existing warranty period, they will be deleted or blocked if and as long as commercial or tax retention obligations do not require further storage (Art. 6 para. 1 c) GDPR). The data will be deleted from the point in time at which statutory retention obligations no longer apply, unless you have expressly consented to further use (Art. 6 para. 1 a) GDPR).

    Personal data can also be deleted manually from the database at any time if this is requested.

    IV Disclosure of data to third parties/transfer to third countries

    In principle, the data you provide will not be made available to third parties. In individual cases, however, it may be necessary to pass on your personal data to companies entrusted by us with the provision of individual services (e.g. web hosting) in order to perform the contract.

    If we disclose data to third parties as part of our processing, transfer it to them or otherwise grant them access to the data, this is only done on the basis of legal permission, your consent, a legal obligation or on the basis of our legitimate interests. If we commission third-party providers with the processing of data on the basis of a so-called "order processing contract", this is done on the basis of Art. 28 GDPR. For their part, the third parties are obliged to comply with the statutory provisions when handling and processing this data.

    The registered office of a third party may be located in a third country, i.e. in a country in which the GDPR has no direct legal effect. In this case, data will only be transferred if you have given your consent, if there is an adequate level of data protection, for example due to individual agreements, the use of EU standard contractual clauses, the existence of an EU adequacy decision, or if other legal permission exists.

    Transmission to authorities and state institutions entitled to receive information is also possible, but only takes place within the framework of the legal obligation to provide information and in the event of a court decision requiring this. In these cases, we may provide the information, e.g. for the assertion, exercise and defense of legal claims, enforcement of existing contracts, in the context of allegations of fraud, security measures or due to other legally applicable regulations.

    Personal data will not be passed on outside the scope described here without express consent.

    Under no circumstances will Sonne und Haben sell or rent personal data to third parties.

    V. Third-party services for the operation of the website

    We would like to draw your attention separately to the following third-party providers whose services we use in the context of operating the website and providing our services, and who may come into contact with the personal data described above:

    - Squarespace Ireland Limited, Squarespace House, Ship Street Great, Dublin 8, Ireland, D08 N12C ("Squarespace")

    We expressly point out that we ourselves have no influence on the scope of the data that this company collects. We must therefore rely on the information provided by the respective company with regard to data protection, to which we refer in the following information.

    If necessary, please contact the company yourself for further information about the purpose and scope of data collection as well as your rights in this regard and setting options to protect your privacy. We have provided the links to the privacy policy here.

    Below you will find information on the possible data protection implications of working with third-party providers as well as further links.

    Squarespace

    This website is hosted by Squarespace, a website builder and website hoster, including analysis function, provided you have consented to its use. Squarespace uses the data to evaluate the use of our website by visitors, to compile reports on the activities of visitors to the website for us and to provide other services related to the use of the website. The "Traffic" section in the analysis shows a summary of visitor traffic and engagement on our website. The data processed includes: the number of individual browsing sessions of each visitor to our website, the number of pageviews, an estimate of the total number of visitors to our website, geo-location of visitors, visitor sources (direct call, search engine search, links, social media), popular content, form submissions by submissions, RSS subscribers, device type by visits, button clicks by clicks. The evaluation of the data in this area helps us to track the growth of our audience over time and to constantly optimize our offer. If Squarespace is legally obliged to do so or if third parties process the data on our behalf, the data will be transferred to third parties. Squarespace will never associate your IP address with other Squarespace data.

    We also use Squarespace for the organization and processing of ournewsletter dispatch.

    You can find out more about Squarespace's privacy policy here.

    Squarespace operates via a necessary cookie. You can find out about the cookies set by Squarespace in the cookie declaration. Please also refer to section 1.2.

    We have concluded an order processing contract with Squarespace and fully implement the strict requirements of the German data protection authorities when using Squarespace.

    VI Rights of data subjects

    As a person affected by the processing of personal data, you are entitled to the rights listed below. These rights arise from the provisions of the General Data Protection Regulation and are reproduced here in a partially simplified form.

    1. right to revoke the declaration of consent

    In accordance with Art. 7 (3) GDPR, you have the right to withdraw your consent to processing at any time. The lawfulness of the processing carried out on the basis of the consent until revocation is not affected. The right of withdrawal can be exercised by means of an informal declaration. A written declaration or, alternatively, an email to the above contact address is sufficient.

    2. right to information

    In accordance with Art. 15 GDPR, you have the right to request confirmation from us as to whether personal data concerning you is being processed. If this is the case, you have a right to information about this personal data and the information specified in Art. 15 Para. 1 Hs. 2 GDPR. This includes, in particular, the purpose of the processing, the categories of data processed, the recipients to whom the data has been or will be disclosed and, where possible, the envisaged period for which the data will be stored or the criteria used to determine that period.

    3. right to rectification

    Pursuant to Art. 16 GDPR, you have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

    4. right to erasure

    In accordance with Art. 17 GDPR, you have the right to demand that we erase personal data concerning you without undue delay. We are obliged to delete personal data immediately if one of the reasons in Art. 17 para. 1 GDPR applies. These reasons include, for example, that the data is no longer necessary for the purposes for which it was collected or otherwise processed.

    5. right to restriction of processing

    In accordance with Art. 18 GDPR, you have the right to demand that we restrict processing if one of the conditions specified in Art. 18 GDPR applies. This includes, for example, if you dispute the accuracy of the personal data. We may then only process the data to a limited extent for as long as it takes to verify the accuracy of the personal data.

    6. right to data portability

    In accordance with Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You have the right to transmit this data to another controller, i.e. another entity that processes data, without hindrance, provided that the original processing was based on consent or was necessary for the performance of a contract.

    7. right of objection

    In accordance with Art. 21 GDPR, you have the right to object at any time to the processing of personal data concerning you if this data is processed on the basis of Art. 6 (1) (e) or (f) GDPR and there are grounds relating to your personal situation. You can object to the processing of data for the purpose of direct marketing at any time. Personal data will then no longer be processed for this purpose. The right to object can be exercised by means of an informal declaration. A written declaration or, alternatively, an e-mail to the above-mentioned contact address is sufficient.

    8. automated decision-making in individual cases including profiling

    In accordance with Art. 22 GDPR, you have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you. Art. 22 para. 1 GDPR provides for exceptions to this, whereby Art. 22 para. 4 GDPR in turn provides for partial exceptions.

    9. right to lodge a complaint with a supervisory authority

    Without prejudice to any other administrative or judicial remedy, you have the right under Art. 77 GDPR to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes this Regulation.

    In this case, the competent supervisory authority is Berlin Commissioner for Data Protection and Freedom of Information Friedrichstraße 219 10969 Berlin Phone: 030/13 889-0 Fax: 030/215-5050 E-mail: mailbox@datenschutz-berlin.de www.datenschutz-berlin.de

    VII Technical and organizational measures

    We take technical and organizational measures to ensure that the security and protection requirements of the GDPR are met and that personal data is protected against loss, destruction, manipulation or access by unauthorized persons. The measures are always adapted to the current state of the art.

    VIII Changes to the privacy policy

    We reserve the right to amend this privacy policy at any time. You are requested to inform yourself regularly about the content of the privacy policy

    January 2024