Skip navigation

Legal Notice / Data Protection


Data Protection Information

The following data protection policy explains to you which personal data we process in which way. Personal data protection in the processing and security of all business data is an important concern for us, which we take into account in our business processes. In communicating with you, you may be requested to provide personal data. The data entrusted to us are handled with the utmost care, in strict confidentiality and in compliance with legal provisions. 

Manager and Data Protection Officer

So that you know who you can contact about your data, we first of all inform you who is legally responsible for processing it and who the specific contact person is for your queries.  

Legal Manager:

Im Teelbruch 80
45219 Essen

Data Protection Officer


A. Website

Below we describe processing related to the use of our website.

Objects and Legal Grounds

Log Data

For technical reasons, every time you visit a website, your internet browser automatically transmits information to our web server (so-called log data). Some of this information is stored in log files, e.g.

  • date of access
  • time of access
  • URL of the linked website
  • retrieved data
  • transferred amount of data
  • browser type and version
  • operating system
  • IP address

Basically, we only look at log data in order to repair malfunctions in operating our website or to investigate security incidents.

For troubleshooting or to preserve evidence in the case of security incidents, it may be necessary for us to collect additional personal data using the log data. In these cases, we process the log data on the basis of a legal permit.

This processing is based on art. 6, par. 1, let. f of the GDPR, our interest is in the technical provision, security and optimization of the website. 

Contact Form

You can contact us using the contact form. Data entered there is sometimes required to enable communication and to handle your request. In this case, these are marked as mandatory fields. Further data that you provide us allows for a personal approach or better or faster processing.

This processing is based on art. 6, par. 1, let. b of the GDPR. 


On our website, you can sign up for a newsletter. In order to check whether the owner of an e-mail address has actually signed up for the newsletter, we use the "double opt-in procedure". The newsletter is only subscribed to if previously the owner of the e-mail address explicitly confirmed their subscription to the newsletter by clicking on the link in the confirmation email. As proof, we log execution of the individual phases of the double opt-in procedure.

If you sign up to receive our newsletter and agree to receive it, your data will only be used to send the newsletter. ). You can revoke this consent at any time. Each newsletter contains a corresponding link. If you cancel our newsletter, we will make a note of it in our database.

This processing is based on art. 6, par. 1, let. a of the GDPR.


We use cookies. Cookies are small text files that we store on your device whenever you visit our website. Each time you visit our website, these cookies are sent back to us. This allows us to recognize you, for example, or to help you browse using the information in the cookies.

Cookies cannot be used to launch programs or to transfer viruses to a computer. Cookies can only be read through the web server from which they came.

Without your explicit consent, we do not share the information in the cookies with third parties. You can also view our website without cookies. Internet browsers are regularly set up to accept cookies. To prevent the use of cookies by your internet browser, you may (1) refuse the use of cookies when you visit our website via the cookie layer (if available) or (2) deactivate the use of cookies via the settings of your internet browser. The help functions of your internet browser tell you how to deactivate and/or delete cookies in your browser. Please note that disabling/deleting cookies may cause certain features on our website to stop working as expected. Cookies that may be required for certain features on our website are shown below. In addition, deactivation/deletion of cookies only affects the internet browser used here. For other internet browsers, therefore, deactivation/deletion of cookies must be repeated accordingly.

Cookies that we use for certain functions without personal reference:

  • Cookies that store certain user preferences (such as search or language settings);
  • Cookies that store data to ensure uninterrupted playback of video or audio content.
  • Cookies that temporarily store certain user input (e.g. contents from a shopping cart or an online form);

Cookies that we use for certain functions with personal reference:

  • Cookies used to identify or authenticate our users;

We store the data until the end of the running time of a particular cookie or until the cookies are deleted by you.

This processing is based on art. 6, par. 1, let. F of the GDPR. Our interest is the ongoing optimization of the website and improvement of usability. 

Statistical analysis with Matomo (formerly Piwik)

Our Internet presence uses Matomo. This is a so-called web analysis service. It uses so-called "cookies", which are text files that are stored on your computer and which enable us to analyse the use of the website. For this purpose the usage information generated by the cookie (including your shortened IP address) is transferred to our server and stored for usage analysis purposes. This serves to optimise the website on our part. Your IP address is immediately anonymised during this process, so that you as a user remain anonymous to us. The information generated by the cookie about your use of this website is not passed on to third parties. You can prevent the use of cookies by adjusting your browser software accordingly. However, it is possible that in this case you may not be able to use all functions of this website to their full extent. If you do not agree with the storage and evaluation of this data from your visit, you can object to the storage and use of this data at any time by clicking on the mouse. In this case a so-called opt-out cookie will be stored in your browser. This has the consequence that Matomo does not collect any session data. Attention: If you delete your cookies, the opt-out cookie will also be deleted and may have to be reactivated by you.

MyFonts Counter

On this website we use MyFonts Counter, a web analytics service from MyFonts Inc., 500 Unicorn Park Drive, Woburn, MA 01801, USA. Due to the licence terms, a page view tracking is carried out by counting the number of website visits for statistical purposes and sending them to MyFonts. MyFonts only collects anonymous data. If necessary, the data will be transferred by activating JavaScript code in your browser. To prevent the execution of JavaScript code from MyFonts altogether, you can install a JavaScript Blocker (for example, For more information about MyFonts Counter, please see the MyFonts data protection policy via

The legal basis for the service is art. 6, par. 1, let. f of the GDPR; our interest is the optimisation of the website.

Links to social networks

On our website, you will find easy links to our websites on different social networks. If you follow the link from our website to a social network or sign up to share content from our website on your social network, your data will be processed by the respective social network provider. For the purpose and scope of the data collection, the further processing and use of data by the provider of the social network, and related rights and setting options to protect your privacy, please refer to the data protection information of the respective provider.


Company presence on social media platforms

We operate online presences on and within social networks such as XING, LinkedIn, YouTube and Facebook in order to communicate, interact and inform interested parties and users about us. In addition, certain user behaviour data is processed together with Facebook. The legal basis for this processing is Art. 6 Para. 1 lit. f GDPR, our legitimate interest is to conduct effective marketing via a platform used worldwide.

In particular with regard to the Facebook fan page, there is no legal relationship between Facebook and SANHA GmbH & Co. KG has a joint responsibility pursuant to Art. 26 GDPR. You will find the corresponding agreement on joint responsibility under :

This is because your personal data is also processed by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 and by US-based Facebook, Inc., 1601 Willow Road, Menlo Park, California 94025 when you use and access our Facebook page. In addition to the processing described above, Facebook also processes your data for analysis and promotional purposes or to play out personalized advertising. Facebook also uses cookies to store your usage behaviour (even across different devices).

This enables Facebook to play targeted advertising on its own platform and on third-party pages. Further information can be found in Facebook's privacy policy at

Facebook also offers the opportunity to object to certain data processing; you can find relevant information and opt-out options at

Please note that in accordance with Facebook's Privacy Policy, user data is also transferred and processed in the United States or other third countries. Facebook will only transfer user data to countries for which the European Commission has issued an adequacy decision pursuant to Art. 45 DSGVO or on the basis of suitable guarantees pursuant to Art. 46 GDPR Facebook Inc. is certified under the EU-US Privacy Shield and thus offers an appropriate level of data protection in accordance with Art. 45 GDPR. Further information can be found at

With regard to data processing via our Facebook page, you can also assert the data subject rights described in this privacy statement against Facebook. For more information, please see Facebook's Privacy Policy.


B. Suppliers and Clients 

Below, we describe the processes related to our suppliers and clients.

Objects and Legal Grounds

We use contact and communication data and other relevant personal data from our suppliers and clients, insofar as they or their employees are natural persons. We process this data for the purpose of managing the business relationship, communication, marketing measures and maintaining contacts. 

The processes are based on art. 6, par. 1, let. f of the GDPR; our legitimate interest is the execution of business cooperation, marketing and maintaining contacts. 

C. General Information


Unless otherwise described in this data protection information, we work with various service providers and partners who may receive personally identifiable data when rendering and operating our website and services:

  • Service provider for hosting services
  • IT service provider
  • Service provider for programming services
  • Service provider for sales and marketing services
  • Authorities and institutions, when legally required 

We will only transmit your data to these recipients insofar as this is necessary to comply with a contract we have with you or if there is a legitimate interest in the disclosure of your data or we have your consent for the transfer.

Transfer to recipients outside of the EEA

Unless otherwise stated, we do not disclose your personal data to recipients who are located outside the EEA. 

In the event of a transfer, we shall ensure, through contractual or organisational measures, that the recipient either has an adequate level of data protection (e.g. due to a decision by the EU Commission on the appropriate country or the so-called EU standard contractual clauses of the European Union with the beneficiary) or your consent is present in the transfer.

For further information, in particular regarding the measures taken, please contact our data protection officer.

Provision obligation

Insofar as personal information is required to establish and conduct the business relationship and the associated contractual or legal obligations, said information must be provided by you so that we can meet our contractual or legal obligations. Without provision of the data, we may not be able to perform the service any more, properly or fully. The provision of further data is neither contractually nor legally necessary.

Storage period

If we store your personal data, it will only be for a limited period of time and no longer than necessary. Basically, we will delete your data if it is no longer necessary for the purpose for which it was collected or if there are other legal reasons that require deletion.

Insofar as we are subject to statutory storage requirements, which require a longer storage period, we store the data for this period, in particular for the fulfilment of commercial and tax withholding periods, which are between two and 10 years.

Other legal grounds for withholding may include the provision of evidence for the duration of the applicable statute of limitations. These periods are usually between two and 30 years.

Your rights in relation your personal data

You have the following legal rights regarding your personal data. You can contact our Data Protection Officer, also if you want further details about what these rights mean. As the legal details are quite complicated, below we provide you with the most important information about these rights. Please tell us in what form you want the information. If you do not specify otherwise, we usually answer your request in the same form as it was received. You will receive a response within one month. In the case of manifestly unfounded or excessive requests, we are entitled to demand a reasonable fee or refuse your request. 

Access to your data, Art.15 GDPR

You have the right to request information about whether we process personal data about you or not. When we process your personal data, you will receive information about the specific data and additional information.

Correction of your data, Art. 16 GDPR

You have the right to ask us to correct your data if it is incorrect, inaccurate and/or incomplete; the right to rectification includes the right of completion using supplementary statements or communications.

Deletion of your data, Art. 17 GDPR

You have the right to ask us to delete your personal data, as long as there is no reason to keep it.

Restriction of the processing of your data by us. Art. 18 GDPR

You have the right to restrict processing of your personal data in certain cases within a specific scope.

Data portability, Art. 20 GDPR

Under certain circumstances, you may be entitled to demand that your data be provided in a common electronic, machine-readable data format.

The right to transfer data includes the right to transfer the data to another manager; upon request, we will (as far as technically possible) transfer data directly to a person named or to be named by you. The right to transfer data exists only for data provided by you, and requires processing to be carried out based on consent or to carry out a contract, using automated procedures.

Objection to our processing of your data, Art. 21 GDPR

In the case of the processing of personal data for the undertaking of public interest tasks (Art. 6, Par. 1, Let. e of the GDPR) or for the undertaking of legitimate interests (Art. 6, Par. 1, Let. f of the GDPR), you may object to the processing of personal data concerning you at any time with future effect, if there is no reason for further processing.

(Please note that you are not entitled to the right to object if the processing is based on consent. However, because you have a right to revoke your consent with future effect whenever data is processed with your consent, you can achieve a comparable outcome to objection via revocation.)

Revocation of consent 

If you have given us consent to process your personal data, you can revoke it at any time and without stating any reasons with future effect. Please contact the contact centre where you gave your consent or directly through the Data Protection Officer.


You have the right to file a complaint with the competent monitoring authority regarding the processing of your personal data, Art. 77 GDPR.