since 1964

Data Protection

The aim of data protection and also our aim as SANHA UK Ltd is to handle personal data in such a way that the personal rights of the individual are protected.

In order to ensure the fulfilment of this objective, bodies responsible for the processing of personal data are obliged to comply with the Data Protection Act 2018, the UK General Data Protection Regulation (GDPR) as well as any other applicable data protection laws.

Personal data may only be collected and processed if the GDPR or another law permits this. Essential basic principles of the GDPR are:

  • Lawfulness of processing, processing in good faith, transparency
  • Purpose limitation
  • Data minimisation
  • Accuracy of data processing
  • Storage limitation and deletion concepts
  • Integrity and confidentiality

This notice is not contractual and we may update it at any time.

 

Who we are

We are SANHA UK Ltd (registered in England with company number 05036828, with registered office address at Mercury House, 19-21 Chapel Street, Marlow, Buckinghamshire SL7 3HN). We can be contacted at:

Address: 9 Eghams Court, Boston Drive, Bourne End, Buckinghamshire, SL8 5YS, England, UK

Telephone: +44 (0)1628 819245

E-Mail: webuk@sanha.com

 

Data protection manager

We do not need to have a Data Protection Officer as set out in the UK GDPR, but we have appointed a Data Protection Manager, who you can contact when it comes to your data.

Our Data Protection Manager is Lukas Jüsgen, based at SANHA GmbH & Co. KG, Im Teelbruch 92 – 45219 Essen in Germany. He can be contacted at +49 2054 9509-212 or datenschutz@sanha.com.

 

Basis of data processing

The processing of personal data is only lawful if it is permitted by law, i.e. if there is a legal basis or if the person has consented to it.

In accordance with Article 6, paragraph 1 of the UK GDPR, we only process personal data:

  • if the data subject has consented;
  • if we need to for the performance of a contract to which the data subject is party, or to take steps at the data subject’s request prior to entering into a contract;
  • if we need to in order to comply with a legal obligation to which we are subject; or
  • if we need to for the purposes of a legitimate interest pursued by us or a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

Groups of persons concerned and related data or data categories

The groups of people concerned are:

Customers

The relevant data includes all personal data that is required to fulfil the respective purpose. The specific data of the data subjects that is processed is explained in detail below.

We need the following data to register you as a customer with us:

  • Company name with legal form (e.g. GmbH)
  • Company headquarters (street / house number / postcode / town)
  • Name and first name of contact person
  • Telephone number
  • Surname and first name of the managing director/owner of the commercial enterprise

You can voluntarily provide us with the following data:

  • E-mail address - Please note, however, that we need this to access our online shop.
  • Fax
  • Billing address, if different
  • Mobile phone number
  • Date of birth of the managing director/owner of the commercial enterprise

Within the framework of the processing of customer personal data, the following personal data are processed.

  • Customer number
  • Company
  • Street number
  • House number
  • Postcode
  • City
  • Contact person
  • Function
  • Telephone number
  • E-Mail

Any personal data may be held and used for establishing, exercising or defending legal claims.

 

Suppliers and service providers

We collect, process and use personal data for the establishment, content or amendment of a supplier contract.

If you are a registered trader or freelancer, we process data to comply with our contract with you.

if you are an employee of a company, e.g. an employee in purchasing, we process your data for our legitimate interests in the preparation of the sale of products or services.

Any personal data may be held and used for establishing, exercising or defending legal claims.

 

Newsletters

If you would like to receive the newsletter offered on the website, we require an e-mail address from you and that you agree to receive the newsletter. Further data will not be collected or only on a voluntary basis. The data entered in the newsletter registration form is processed exclusively on the basis of your consent. You can revoke your consent to the storage of the data, the email address and their use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation. We have concluded a contract with rapidmail GmbH in accordance with Art. 28 of the UK GDPR in which we oblige them to protect our customers' data and not to pass it on to third parties.

 

Job Applicants

If you apply for a job with us, we will keep your name, contact details, current salary, covering letter and CV and may use these to contact you about applicable jobs.

 

Shareholders

We use the contact details of our shareholders to send them updates about the business and their investment in it as well as agreements, resolutions and documents relevant to their shareholding. We also provide their name and shareholding details, as well as the name, home address, service address, date of birth, occupation and nationality of directors, to Companies House.

 

Onsite visitors

We keep a record of the names and organisations of all our visitors, to ensure that we can account for everyone in the premises in the event of an emergency. Names are displayed on visitor badges and the accompanying visitor passes log entry and exit to different areas of the premises. If you choose to use our guest wifi network, your use of this will be recorded for security reasons. Photographs of your visit may be taken for our own security but will not be used in marketing materials without your consent.

CCTV operates at our premises for security reasons, both externally and internally. The data is automatically deleted after 30 days and is only accessible to SANHA personnel.

 

General Stakeholders

We also collect information about many other people, mainly in the form of contact details (name, job title, organisation, address, e-mail address and telephone number, as well as other information from e-mail signatures and footers) of people interested in our productions, contacts at clients and potential clients, contacts at suppliers and potential suppliers, people within the industry and other stakeholders. This information is usually provided directly from you and may be used for the legitimate interest of communicating with you in relation to specific issues or products that you are involved in, or productions that you might be able to assist with. We may also contact you to keep in touch or make introductions.

We keep the details of any complaints for our legitimate interest in trying to improve our business but this information will not be disclosed by us to any third parties.

 

Special category personal data such as health information

"Special categories" of particularly sensitive personal information, such as information about a person's health or sexual orientation, require higher levels of protection. We may collect, store and use this information if you provide it to us and consent to us using it for a specific purpose, where it is necessary to protect your interests (or someone else's interests) and you are not capable of giving your consent, or where you have already made the information public.  We may collect, store and use information about your health where it is useful to ensure your safety whilst you are in our offices.

We will not store or use information about any criminal convictions and offences, unless you have provided your consent to it.

 

Who may see your data

The most common recipients of transferred personal data are:

  • public bodies, insofar as a legal obligation exists; and
  • service providers and other business partners, insofar as it is necessary for the fulfilment of the respective purpose and a legal provision permits or requires this or the person concerned has consented to it.

Our banks, accountants, solicitors, auditors and insurers are also entitled to obtain specific data on request as part of our compliance checks and legal obligations or for making or defending claims, although they rarely need specific personal data.

Many of our services are provided in conjunction with our parent company, SANHA GmbH & Co. KG in Germany. For this reason, we share personal data with this company, and sometimes other companies within our Group (being any holding company of SANHA UK Ltd and any subsidiary companies of that holding company or SANHA UK Ltd (with “holding company” and “subsidiary” each as defined in section 1159 of the Companies Act 2006)) if there is a legitimate interest in doing do, such as shared resources. Our IT is also managed and supported by SANHA GmbH & Co. KG.

Our newsletters are sent from SANHA GmbH & Co. KG using rapidmail GmbH, Wentzingerstraße 2, 79106 Freiburg im Breisgau, Germany. Rapidmail is a service with which, among other things, the sending of newsletters can be organised and analysed. The data you enter for the purpose of receiving the newsletter is stored on Rapidmail's servers in Germany. If you do not wish to have your data analysed by Rapidmail, you must unsubscribe from our newsletter. You will find the link for this in every newsletter message.

In order to analyse the success of our newsletter, the e-mails sent with Rapidmail contain a so-called web beacon or a "tracking pixel", which reacts to interactions with the newsletter. In this way, it can be determined whether a newsletter message was opened, whether links were clicked or at what time the newsletter was read.

Within the framework of the success analysis, the following data are processed by Rapidmail:

  • Master data (e.g. name, address)
  • Contact data (e.g. e-mail address, telephone number)
  • Meta and communication data (e.g. device information, IP address)
  • Usage data (e.g. interests, access times)

We currently use a range of Microsoft platforms, for which the data centres are currently located within the European Union or UK. As a data processor, Microsoft may only process your data for specified purposes and in accordance with our instructions.

We may share your personal information in the context of our legitimate interests in a possible sale or restructuring of the business. In this situation we will, so far as possible, share anonymised data with the other parties before the transaction completes. Once the transaction is completed, we will share your personal data with the other parties if and to the extent required under the terms of the transaction.

 

Transfers outside of the UK and EU

As set out above, most personal data we hold is stored in Germany and only accessible to our group companies within the UK and European Union.

As set out above, we use Rapidmail for our newsletters, with data centres in the EU.

As set out in part B below, in relation to data collected from our website, we use:

  • Matomo for website analysis, which involves the collection of IP addresses of users. A list of its subprocessors and their data centres can be found at https://matomo.org/privacy-policy/;
  • YouTube from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, which may transfer data to Google LLC in the USA. The processing of personal data is governed by so-called standard contractual clauses approved by the Commission of the European Union. https://privacy.google.com/businesses/processorterms/;
  • Facebook from Facebook Ireland Limited in Ireland, which also may transfer data internationally including to the USA, using standard contractual clauses as safeguards;
  • PayPal (Europe) S.à.r.l. in Luxembourg which uses Binding Corporate Rules approved by competent Supervisory Authorities and standard contractual clauses approved by the European Commission (https://www.paypal.com/uk/webapps/mpp/ua/privacy-full#8); and
  • credit card payment service provider Computop Paygate GmbH, Schwarzenbergstr. 4, D-96050 Bamberg which stores data in Germany but may transfer it overseas on the basis of various safeguards as set out at https://computop.com/uk/data-protection.

Should it become necessary to transfer other data to countries outside the UK or EU, this will only be done in accordance with legal restrictions on transferring personal data. If, in individual cases, we transfer your data to a third country, we will provide you with the information required for this case.

 

Right to withdraw consent

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact our Data Protection Manager. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

 

Change of purpose

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal information without your knowledge or consent, where this is required or permitted by law.

 

If you fail to provide personal information

Every data subject has the right to know whether the provision of the personal data is required by law or by contract or is necessary for the conclusion of a contract, whether the data subject is obliged to provide the personal data and what the possible consequences of not providing the personal data would be.

If you fail to provide certain information when requested, we may not be able to continue our professional relationship, depending on the specific data, why we need it and what risks the provision of it poses to your rights and freedoms. For example, if an individual supplier fails to provide contact details of its finance department or the details needed for payments, we may not be able to pay them.

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.

 

Automated decision-making

Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention.  You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.

 

Data security

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

 

Standard periods for the deletion of data

Customers, suppliers and service providers

The deletion of personal data is carried out in accordance with the applicable legal or contractual regulations on data deletion, taking into account legal or contractual retention obligations. We will hold your personal data until we are satisfied that there is no longer any purpose for retaining it. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Furthermore, other statutory provisions may require a longer retention period, such as the preservation of evidence within the framework of statutory limitation provisions. The regular limitation period is six years but they can be longer depending on the subject matter. The deletion of personal data that is not subject to a legal or contractual obligation to retain or delete takes place after it has become dispensable for the fulfilment of the respective purpose.

 

Newsletters

The data you provide us with for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for registration in the online shop) remain unaffected by this.

 

Onsite visitors

We diarise the names and organisations of visitors to our premises and maintain this record indefinitely. Our CCTV is deleted after 30 days.

 

Shareholders

The collected data will be stored by us as long as you have a business relationship with us. After termination of the business relationship, your data will be deleted. Statutory retention periods remain unaffected by this.

 

Job applicants

If you apply for a job with us, we will usually keep your name, contact details, current salary and CV on file for up to 12 months, although we may delete it before then if we do not anticipate any need for recruitment applicable to you within this time.

 

Anonymisation

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

 

Your rights regarding data protection (Art. 12 UK GDPR)

The data subject has various rights with regard to data protection under Articles 15 to 21 of the UK GDPR. The above contact details can be used to exercise these rights.

Within the framework of the applicable legal provisions, you have the right at any time to obtain information free of charge about the personal data stored by the person responsible and relating to you, its origin and recipient and the purpose of the data processing and, if applicable, the right to have this data corrected, blocked or deleted.

You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract transferred to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another person responsible, this will only be done insofar as it is technically feasible.

Every data subject has the right to object to the processing of his or her data if the data processing is based on Art. 6 (1)(f) or for direct marketing purposes. In the event of an objection to the processing of your personal data, we will examine your objection on a case-by-case basis. If we are obliged to delete your personal data due to your objection under data protection law, we will delete your data taking into account statutory retention obligations. The objection does not affect the permissibility of the processing carried out up to the objection.

The above rights are not absolute rights and are subject to specific conditions and depend on our processing purposes. If you are interested in using any of these rights, please contact our Data Protection Manager for more information.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

Right of appeal to the competent supervisory authority

If you are unhappy with any aspect of our processing of your personal data, we ask that you talk to us about it first and discuss your concerns with our Data Protection Manager. If you are not satisfied with the outcome, you may lodge a complaint with the Information Commissioner’s Office.

Cookies

The websites of SANHA UK Ltd partly use so-called cookies. Cookies are small text files that we store on your terminal device when you visit our website. Each time you visit our website again, these cookies are sent back to us. This enables us to recognise you, for example, or to make navigation easier for you with the help of the information in the cookies.

Cookies cannot be used to start programmes or transfer viruses to a computer. Cookies can only be read by the web server from which they originate.

We do not pass on the information in the cookies to third parties without your express consent. You can also view our website without cookies. Internet browsers are regularly set to accept cookies. In order to prevent the use of cookies by your Internet browser, you can (1) reject the use of cookies when calling up our website via the cookie layer (if available) or (2) deactivate the use of cookies via the settings of your Internet browser. You can find out how to deactivate and/or delete cookies in your browser by using the help functions of your Internet browser. Please note that deactivating/deleting cookies may mean that individual functions of our website no longer work as expected. Cookies that may be required for certain functions of our website are shown below. In addition, the deactivation/deletion of cookies only affects the Internet browser used for this purpose. For other Internet browsers, the deactivation/deletion of cookies must therefore be repeated accordingly. Cookies that we use for certain functions, without personal reference:

  • Cookies that store certain user preferences (e.g. search or language settings).
  • Cookies that store data to ensure the trouble-free playback of video or audio content.
  • Cookies that temporarily store certain user inputs (e.g. contents of a shopping basket or an online form).
  • Cookies that we use for certain functions, with personal reference
  • Cookies that serve to identify or authenticate our users

We store the data until the end of the term of a respective cookie or until the cookies are deleted by you. This processing is based on our legitimate interests in the ongoing optimisation of the website and the improvement of user-friendliness.

If you have any concerns about our data processing, please let us know as we may be able to resolve this quickly and easily. You may also complain to the Information Commissioner’s office if you believe that your rights have been violated. More information and access to their portal can be found at https://ico.org.uk/make-a-complaint/data-protection-complaints/.

 
You can find an overview of the active cookies in our cookie table

In the following we describe the processing operations in connection with the use of our website.

 

Technical information

Every time you visit our website, your internet browser automatically transmits information to our web server for technical reasons (so-called log data). We store some of this information in log files, e.g.

  • Date of access
  • Time of access
  • URL of the referring website
  • File accessed
  • Amount of data transferred
  • Browser type and version
  • operating system
  • IP address

In principle, we only evaluate log data in order to rectify faults in the operation of our website or to clarify security incidents.

For troubleshooting purposes or to preserve evidence in the event of security incidents, it may be necessary for us to collect additional personal data with the log data. In these cases, we base the processing of the log data on a legal permit.

This processing is based on our legitimate interest in the technical provision, security and optimisation of the website.

The data that is processed in connection with the collection of server log files is stored for as long as is necessary for the stated purposes.

 

Contact form

You can contact us via the contact form. Your details from the enquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions.

When an enquiry is made via the contact form, the following personal data is processed.

  • Your request
  • Name
  • Address
  • Telephone number
  • E-mail address

The data entered in the contact form is processed on the basis of our legitimate interest in offering our customers an easy way to contact us, as well as to improve the quality of our advice, and for contractual purposes. You can provide us with information over and above the mandatory information on a voluntary basis. The legal basis for this information is your consent. The data processing of the voluntary information serves to improve our service to you and to enable us to provide you with more comprehensive support. You can revoke your consent to the processing of the voluntarily provided data at any time. To do so, please contact us using the above-mentioned contact option.

Some data processing operations are only possible with your consent. You can revoke consent you have already given at any time. To do so, simply send an informal e-mail to one of the above e-mail addresses. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

 

Forwarding of e-mails in the context of an establishment of contact

When contacting our service team via e-mail, the contact data transmitted by the customer via e-mail may be used for the current enquiry as well as other digitally transmitted processes in order to automatically forward the enquiry to the responsible internal department, if possible. This is to ensure the proper processing of these business transactions and to guarantee a faster handling of customer enquiries. The contact data provided will be transferred to our customer database and stored there.

The processing of the data you provide in this context is based on our legitimate interest in accelerating and further optimising our process flows for our customers.

The personal data processed in this context will be retained for the duration of your business relationship with us or until you request us to delete it. Statutory storage obligations remain unaffected.

 

Google Ads

 

This website uses Google Ads, including what is known as Conversion Tracking. Google Ads is an online advertising program. This service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as "Google Ireland"). When using Google Ads, personal data may also be transmitted to the servers of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as "Google LLC") in the USA. For the transfer of personal data to Google LLC, based in the USA, Google Ireland has entered into what are called standard contractual clauses with Google LLC, as required by the European Union Commission.

We use Conversion Tracking to promote our offer in a targeted manner. The legal basis is Article 6(1)(a) of the GDPR and Section 25(1) of the TTDSG, your consent.

If you click on an ad placed by Google, the Conversion Tracking tool we use will store a cookie on your device. These so-called Conversion Cookies expire after 90 days and are not used for personal identification of users.

As long as the cookie is still valid and you visit a specific page on our website, both we and Google Ireland can determine that you clicked on one of our ads placed with Google Ireland and were subsequently redirected to our website.

The information collected in this way allows Google Ireland to provide us with statistics on visits to our website. We also receive information about the number of clicks on our ad(s) and the pages subsequently accessed on our website. However, neither we nor third parties using Google Ads are able to identify you through this process.

You can prevent or restrict the installation of cookies by adjusting the appropriate settings in your internet browser. You can also delete cookies that have already been saved at any time. The necessary steps and measures depend on the specific internet browser you are using. For assistance, please refer to the help function or documentation of your internet browser or contact the browser’s manufacturer or support.

Further information on Google Ads as well as the privacy policy of Google Ireland and Google LLC can be found at:

https://www.google.com/intl/en/policies/privacy/ (General Google Privacy Policy)

https://services.google.com/sitestats/en.html (Information on the functioning of ads by Google)

https://www.google.com/policies/technologies/ads/ (Overview of data use for ads by Google)

 

Bing Ads

 

This website uses the Conversion Tracking technology "Bing Ads" by Microsoft (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). A cookie is stored on your device by Microsoft Bing Ads if you have reached our website via a Microsoft Bing ad. Cookies are small text files that are stored on your device. These cookies expire after 180 days and are not used for personal identification. If the user visits specific pages of this website and the cookie has not yet expired, Microsoft and we can recognize that the user clicked on the ad and was redirected to this page (Conversion Page).

We use Conversion Tracking to promote our offer in a targeted manner. The legal basis is Article 6(1)(a) of the GDPR and Section 25(1) of the TTDSG, your consent.

The information collected using the Conversion Cookie is used to generate conversion statistics, i.e., to track how many users reach a Conversion Page after clicking on an ad. Through this, we learn the total number of users who clicked on our ad and were redirected to a page marked with a Conversion Tracking tag. However, we do not receive any information that could personally identify users.

For more detailed information about Bing's analytics services, please visit the Bing Ads website (https://help.bingads.microsoft.com/#apex/3/en/53056/2).

You can find further information about the privacy policy of Microsoft Bing Ads at the following internet address: https://privacy.microsoft.com/en-us/privacystatement



Statistical evaluation with Matomo

We use the analysis service Matomo for statistical evaluation of the use of our website. The provider is InnoCraft Ltd, 7 Waterloo Quay, PO Box 625, 6140 Wellington, New Zealand. We have concluded an order processing contract with Matomo. In the course of using Matomo, personal data in the form of IP addresses may also be transmitted to the servers of ePrivacy GmbH in Germany.

You can view the Matomo privacy policy at the following link:

Privacy Policy - Analytics Platform - Matomo

The use of Matomo for statistical evaluation of our website is based on our legitimate interests.

You can prevent the use of cookies. However, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent. The legality of the data processing carried out until the revocation remains unaffected by the revocation.


Newsletter

 

If you would like to subscribe to the newsletter offered on the website, we need your email address and your consent to receive the newsletter. No further data is collected, or only on a voluntary basis.

The processing of the data entered in the newsletter subscription form is carried out solely on the basis of your consent (Art. 6(1)(a) GDPR). You can revoke your consent to the storage of data, your email address, and its use for sending the newsletter at any time, for example, via the "Unsubscribe" link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

 

Revocation of your consent to data processing

Some data processing operations are only possible with your consent. You can revoke your already given consent at any time. A simple informal message via email to one of the above email addresses is sufficient for this purpose. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

 

Newsletter distribution via Rapidmail

SANHA GmbH & Co. KG uses the service Rapidmail to distribute the newsletter. The provider of this service is rapidmail GmbH, Wentzingerstraße 2, 79106 Freiburg im Breisgau, Germany.

Rapidmail is a service used to organize and analyze the distribution of newsletters. The data you provide for the purpose of receiving the newsletter is stored on Rapidmail’s servers in Germany.

If you do not wish for Rapidmail to conduct an analysis, you must unsubscribe from our newsletter. You can find the unsubscribe link in each newsletter message.

 

Data analysis by Rapidmail

For the success analysis of our newsletter, the emails sent via Rapidmail contain what is known as a web beacon or "tracking pixel," which reacts to interactions with the newsletter. In this way, it can be determined whether a newsletter message was opened, whether links were clicked, or at what time the newsletter was read.

As part of the success analysis, the following data is processed by Rapidmail:

Master data (e.g., name, address)

Contact data (e.g., email address, phone number)

Meta and communication data (e.g., device information, IP address)

Usage data (e.g., interests, access times)

Legal basis

Data processing is carried out on the basis of your consent (Art. 6(1)(a) GDPR). You can revoke this consent at any time. The legality of the data processing already carried out remains unaffected by the revocation.

 

Revocation of your consent to data processing

Some data processing operations are only possible with your consent. You can revoke your already given consent at any time. A simple informal message via email to one of the above email addresses is sufficient for this purpose. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

 

Storage duration

The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted after you cancel the subscription. Data stored by us for other purposes (e.g., email addresses for registering in the online shop) remain unaffected by this.

 

Conclusion of a data processing agreement

We have concluded a contract with rapidmail GmbH in accordance with Art. 28(3) GDPR, in which we obligate Rapidmail to protect our customers' data and not to share it with third parties.


SalesViewer®

This website uses SalesViewer® technology from SalesViewer® GmbH on the basis of the website operator’s legitimate interests (Section 6 paragraph 1 lit.f GDPR) in order to collect and save data on marketing, market research and optimisation purposes. 

In order to do this, a javascript based code, which serves to capture company-related data and according website usage. The data captured using this technology are encrypted in a non-retrievable one-way function (so-called hashing). The data is immediately pseudonymised and is not used to identify website visitors personally. 

The data stored by Salesviewer® will be deleted as soon as they are no longer required for their intended purpose and there are no legal obligations to retain them. 

The data recording and storage can be repealed at any time with immediate effect for the future, by clicking on https://www.salesviewer.com/opt-out in order to prevent SalesViewer® from recording your data. In this case, an opt-out cookie for this website is saved on your device. If you delete the cookies in the browser, you will need to click on this link again.

YouTube

We have integrated YouTube videos on our website, these videos are stored on www.youtube.com. If you use these videos, you will be redirected to the YouTube platform. The provider of this platform is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. While using YouTube, personal data may also be transmitted to Google LLC. These companies are based in the USA. The processing of personal data is governed by so-called standard contractual clauses concluded with us by the Commission of the European Union. https://privacy.google.com/businesses/processorterms/.

The YouTube videos on our website are all embedded in extended data protection mode, which means that no data about you as a user or personal data in general is transmitted to YouTube unless you play the videos. If you play the videos offered, data will be transmitted. We have no influence on the transmitted data. The transfer of data takes place regardless of whether YouTube provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, the following data will be assigned to your user account.

If you do not want the data transfer with the assignment to your profile to YouTube, you must log out of your Google account before playing the videos. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or designing its website to meet your needs. You have the right to object to the creation of these user profiles, and you must contact YouTube to exercise this right.

The processing is based on the legal basis Art. 6 para. 1 lit. a). You can revoke your consent at any time. The legality of the data processing operations already carried out remains unaffected by the revocation.

Some data processing operations are only possible with your consent. You can revoke consent you have already given at any time. To do so, simply send an informal e-mail to one of the above e-mail addresses. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

You can view further information on YouTube and Google here:

https://www.google.com/intl/de/policies/privacy/ (General Google Privacy Policy)
https://policies.google.com/terms?hl=de#toc-software (Terms of use Google services)
https://www.youtube.com/static?gl=DE&template=terms&hl=de (Terms of Use YouTube)

Activation of YouTube Videos

On our website, we use the 2-click solution for embedding YouTube videos, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The activation and playback of YouTube videos on our website require your explicit consent. By clicking on the preview banner, you agree to the data transmission to Google and also accept that technically necessary cookies will be set for playing the desired videos (§ 25 para. 2 TTDSG).

Consent and Data Transmission

By activating the video, you give your consent to data processing by Google Ireland Limited, including possible data transmission to the USA under the EU/US Data Privacy Framework based on Art. 45 GDPR. As website operators, we have no influence on this data transmission and do not process any personal data in connection with video activation. You can revoke your consent at any time by deleting the cookies in your browser and revisiting our website. This may result in certain functions of the website no longer being fully available.

For further details on data protection and your rights, please refer to Google's privacy policy at the following address:

https://policies.google.com/privacy?hl=en&gl=en.

There, you will also find information on how Google processes your data and what options you have to protect your privacy.

If you would like to receive the newsletter offered on the website, we require an e-mail address from you and that you agree to receive the newsletter. Further data will not be collected or only on a voluntary basis. The data entered in the newsletter registration form is processed exclusively on the basis of your consent. You can revoke your consent to the storage of the data, the email address and their use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation. We have concluded a contract with rapidmail GmbH in accordance with Art. 28 of the UK GDPR in which we oblige them to protect our customers' data and not to pass it on to third parties. 

Disclosure to other third parties

With regard to newsletter, press and investor distribution lists, we use the following external service providers in part to fulfil our contractual and legal obligations:

EQS Group AG, Karlstraße 47, 80333 Munich, Germany, website: https://www.eqs.com/de/

IR.on AG, Mittelstraße 12-14, Haus A, 50672 Cologne, Germany, website: https://www.ir-on.com/

The data you provide to us via the newsletter registration form will be transmitted to the aforementioned service providers. The legal basis for the data processing is Art. 6 para. 1 lit. b and f DSGVO. Our service providers will only process your data to the extent that this is necessary for the fulfilment of their service obligations and follow our instructions with regard to this data. To ensure data protection-compliant processing, we have concluded a contract on commissioned processing with our service providers.

For marketing purposes, to communicate with our customers or to arouse interest in our company, we present ourselves on social networks. In the following points we inform you about the associated processing activities.

Data processing for presentation and communication

Social networks enable us to present our company to persons who have an account with the social network (hereinafter "user") and to all visitors to our profiles without an account with the social network (hereinafter "guest"). Furthermore, customers and interested parties can contact us via this profile. Our profiles and posts are generally viewable by users and guests (hereinafter users and guests are collectively referred to as "visitors"). If you comment on our posts or send us a message, this data is stored by the social network and can be viewed by us. We can reply to your comment or message. For posts, your comment and our reply may still be visible to all users of the social network or to all visitors.

Data processing for statistical and promotional purposes

If you access our profile, the social network can store and evaluate your access and all further interactions of you on the website of the social network. As a rule, our profiles and posts can be viewed by users and guests (hereinafter referred to collectively as "visitors"). If you comment on our posts or send us a message, this data is stored by the social network and can be viewed by us. We can reply to your comment or message. For posts, your comment and our reply may still be visible to all users of the social network or to all visitors.

If you have an account with the social network and are logged in when you visit our profile, the provider of the social network may link your interactions with our profile to your account data and process it further. However, it is also possible that data about your interactions with our profile will be stored by the social network for the duration of your visit and processed for further purposes if you are not logged in there or do not have an account. In this case, an allocation can take place, for example, through the use of cookies, small files which are stored on your end device, or in connection with your IP address.

With this data processing, the platform pursues the purpose of creating an interest profile of the visitor in order to use this for advertising purposes. When the person calls up certain websites, information about this call is evaluated and the provider assigns certain interests to the visit. Based on the assigned interests, advertisements are displayed to the visitor. Interest-based advertisements can be displayed by the provider both within and outside the web pages of the social network.

Categories of persons concerned

People who access our profile on the relevant social network (both users with an account with the social network provider and visitors without an account).

Assertion of your rights as a data subject

For information requests or to exercise your other rights as a data subject, we recommend that you contact the provider directly, as only the provider has full access to the data processed in connection with a call to our profile or interaction with us on the social network. The contact information of the social networks for exercising your rights as a data subject can be found under the item "Information on the social networks used by us". In the case of data processing where there is joint responsibility between the social network provider and us, you also have the right to exercise your rights as a data subject against us. In such a case, we will forward your request to the social network, insofar as the request concerns data or processing activities that are processed by the social network.

Further information on the processing activities of the social networks and the existing objection options can be found under the item "Information on the social networks we use".

Facebook:Provider

Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland (nachfol-gend Facebook)

Website
https://de-de.facebook.com/

Form for contacting the Facebook data protection officer
https://www.facebook.com/help/contact/540977946302970

Facebook Data Policy
https://de-de.facebook.com/policy.php

Our profile

https://www.facebook.com/sanhagmbh

 

Joint officer

We have entered into a shared responsibility agreement with Facebook which applies to the processing of data in connection with our profile on Facebook (the "Page") for the purpose of providing the profile and statistical analysis of the interactions of visitors to our profile. This agreement sets out the obligations to be fulfilled by either Facebook or us in relation to the processing of data and which party is responsible for each processing activity.

Agreement on joint responsibility for data processing for Page Insights between Facebook and us as the owner of a profile on Facebook pursuant to Art. 26 UK GDPR: https://www.facebook.com/legal/terms/page_controller_addendum

Purposes and legal basis

  • Presentation of our company, legitimate interest
  • Communication with customers and interested parties, legitimate interest
  • Statistical purposes, legitimate interest

Insofar as Facebook carries out further processing activities or processes data for statistical or advertising purposes, Facebook is the controller of the processing and the processing may be based on other legal bases. For more information, please refer to the "Facebook Data Policy" section.

Possibility of objection

If you wish to object to processing by Facebook, you can find this under the following link for the different processing activities:

https://www.facebook.com/help/contact/367438723733209?no_redirect

PayPal

On our website we offer, among other things, payment via PayPal. The provider of this payment service is currently PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as "PayPal") although this may change to the UK PayPal company in the future.

If you select payment via PayPal, the payment data you enter will be transmitted to PayPal.

Credit card

On our website we offer, among other things, payment by credit card via our payment service provider Computop Paygate GmbH, Schwarzenbergstr. 4, D-96050 Bamberg.

If you select payment by credit card, personal and payment-relevant data that are requested and required for processing the transaction are transmitted directly to your banking institution or credit card company or Computop. Credit card data is collected exclusively by Computop and stored in encrypted form.

The transfer of your data to Computop takes place for contractual purposes.

Data protection information for competitions and promotions in accordance with Article 13 of the European General Data Protection Regulation (GDPR)

From time to time, SANHA GmbH & Co. KG organises competitions and promotions in which customers and interested parties can participate. We would like to inform you below about the processing of your personal data in connection with these competitions and promotions in accordance with Article 13 GDPR. This following "Data protection information for competitions and promotions" applies in addition to our data protection information, available at Data Protection (sanha.com).

 

1 Controller and data protection officer

1.1 Name and address of the controller

 

The controller within the meaning of the GDPR and other national data protection laws of the member states as well as other data protection regulations is

SANHA GmbH & Co. KG

Im Teelbruch 80

45219 Essen, Germany

Telephone number: +49 2054 9509-212

E-mail: gdpr@sanha.com

 

2 General information on data processing

2.1 Scope of the processing of personal data

When you participate in a competition or promotion, we process the data and information you provide in the registration form. This includes the data required for participation, such as

  • Name and surname
  • your address
  • Social media name (Facebook, Instagram, TikTok)

as well as any data and information voluntarily provided by you as part of your participation.

2.2 Purpose of the processing of personal data

Your personal data will be processed for the purpose of organising the competition or promotion, in particular to determine and notify the winners.

We may subsequently collect and process additional data, e.g. your postal address, for the purpose of sending and delivering prizes.

 

2.3 Legal basis for processing

The legal basis for the processing is the fulfilment of the contractual obligation arising from participation in the competition (Art. 6 para. 1 sentence 1 lit. b GDPR)

2.4 Possibility to object

You can object to the processing of your data at any time. To do so, please send a message to gdpr@sanha.com or one of the contact addresses given above.

We would like to point out that in the event of an objection, further participation in the competition or promotion is excluded.

2.5 Data erasure and storage period

The processed data will be deleted after the end or expiry of the competition or promotion and dispatch of the prizes.

If a participant has consented to receiving information about SANHA GmbH & Co KG products and services when registering, the data and information covered by this consent will be processed in accordance with the statutory provisions. For information on the processing of your data for advertising purposes, please also refer to our data protection information, available at Data Protection (sanha.com).

3 Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis us as the controller

  • Right of access
  • Right to rectification
  • Right to restriction of processing
  • Right to erasure
  • Right to information
  • Right to data portability
  • Right to object
  • Right to revoke the declaration of consent under data protection law
  • Right to lodge a complaint

For further information on your rights as a data subject, please refer to our data protection information, available at Data Protection (sanha.com).