Legal Notice / Data Protection
Data Protection Information
The following data protection policy explains to you which personal data we process in which way. Personal data protection in the processing and security of all business data is an important concern for us, which we take into account in our business processes. In communicating with you, you may be requested to provide personal data. The data entrusted to us are handled with the utmost care, in strict confidentiality and in compliance with legal provisions.
Manager and Data Protection Officer
So that you know who you can contact about your data, we first of all inform you who is legally responsible for processing it and who the specific contact person is for your queries.
SANHA GmbH & Co. KG
Im Teelbruch 80
Data Protection Officer
Below we describe processing related to the use of our website.
Objects and Legal Grounds
For technical reasons, every time you visit a website, your internet browser automatically transmits information to our web server (so-called log data). Some of this information is stored in log files, e.g.
- date of access
- time of access
- URL of the linked website
- retrieved data
- transferred amount of data
- browser type and version
- operating system
- IP address
Basically, we only look at log data in order to repair malfunctions in operating our website or to investigate security incidents.
For troubleshooting or to preserve evidence in the case of security incidents, it may be necessary for us to collect additional personal data using the log data. In these cases, we process the log data on the basis of a legal permit.
This processing is based on art. 6, par. 1, let. f of the GDPR, our interest is in the technical provision, security and optimization of the website.
You can contact us using the contact form. Data entered there is sometimes required to enable communication and to handle your request. In this case, these are marked as mandatory fields. Further data that you provide us allows for a personal approach or better or faster processing.
This processing is based on art. 6, par. 1, let. b of the GDPR.
On our website, you can sign up for a newsletter. In order to check whether the owner of an e-mail address has actually signed up for the newsletter, we use the "double opt-in procedure". The newsletter is only subscribed to if previously the owner of the e-mail address explicitly confirmed their subscription to the newsletter by clicking on the link in the confirmation email. As proof, we log execution of the individual phases of the double opt-in procedure.
If you sign up to receive our newsletter and agree to receive it, your data will only be used to send the newsletter. ). You can revoke this consent at any time. Each newsletter contains a corresponding link. If you cancel our newsletter, we will make a note of it in our database.
This processing is based on art. 6, par. 1, let. a of the GDPR.
Cookies cannot be used to launch programs or to transfer viruses to a computer. Cookies can only be read through the web server from which they came.
Cookies that we use for certain functions without personal reference:
- Cookies that store certain user preferences (such as search or language settings);
- Cookies that store data to ensure uninterrupted playback of video or audio content.
- Cookies that temporarily store certain user input (e.g. contents from a shopping cart or an online form);
Cookies that we use for certain functions with personal reference:
- Cookies used to identify or authenticate our users;
We store the data until the end of the running time of a particular cookie or until the cookies are deleted by you.
This processing is based on art. 6, par. 1, let. F of the GDPR. Our interest is the ongoing optimization of the website and improvement of usability.
Statistical analysis with Matomo (formerly Piwik)
The legal basis for the service is art. 6, par. 1, let. f of the GDPR; our interest is the optimisation of the website.
Links to social networks
On our website, you will find easy links to our websites on different social networks. If you follow the link from our website to a social network or sign up to share content from our website on your social network, your data will be processed by the respective social network provider. For the purpose and scope of the data collection, the further processing and use of data by the provider of the social network, and related rights and setting options to protect your privacy, please refer to the data protection information of the respective provider.
Company presence on social media platforms
We operate online presences on and within social networks such as XING, LinkedIn, YouTube and Facebook in order to communicate, interact and inform interested parties and users about us. In addition, certain user behaviour data is processed together with Facebook. The legal basis for this processing is Art. 6 Para. 1 lit. f GDPR, our legitimate interest is to conduct effective marketing via a platform used worldwide.
In particular with regard to the Facebook fan page, there is no legal relationship between Facebook and SANHA GmbH & Co. KG has a joint responsibility pursuant to Art. 26 GDPR. You will find the corresponding agreement on joint responsibility under :
Facebook also offers the opportunity to object to certain data processing; you can find relevant information and opt-out options at www.facebook.com/settings?tab=ads=ads.
B. Suppliers and Clients
Below, we describe the processes related to our suppliers and clients.
Objects and Legal Grounds
We use contact and communication data and other relevant personal data from our suppliers and clients, insofar as they or their employees are natural persons. We process this data for the purpose of managing the business relationship, communication, marketing measures and maintaining contacts.
The processes are based on art. 6, par. 1, let. f of the GDPR; our legitimate interest is the execution of business cooperation, marketing and maintaining contacts.
C. General Information
Unless otherwise described in this data protection information, we work with various service providers and partners who may receive personally identifiable data when rendering and operating our website and services:
- Service provider for hosting services
- IT service provider
- Service provider for programming services
- Service provider for sales and marketing services
- Authorities and institutions, when legally required
We will only transmit your data to these recipients insofar as this is necessary to comply with a contract we have with you or if there is a legitimate interest in the disclosure of your data or we have your consent for the transfer.
Transfer to recipients outside of the EEA
Unless otherwise stated, we do not disclose your personal data to recipients who are located outside the EEA.
In the event of a transfer, we shall ensure, through contractual or organisational measures, that the recipient either has an adequate level of data protection (e.g. due to a decision by the EU Commission on the appropriate country or the so-called EU standard contractual clauses of the European Union with the beneficiary) or your consent is present in the transfer.
For further information, in particular regarding the measures taken, please contact our data protection officer.
Insofar as personal information is required to establish and conduct the business relationship and the associated contractual or legal obligations, said information must be provided by you so that we can meet our contractual or legal obligations. Without provision of the data, we may not be able to perform the service any more, properly or fully. The provision of further data is neither contractually nor legally necessary.
If we store your personal data, it will only be for a limited period of time and no longer than necessary. Basically, we will delete your data if it is no longer necessary for the purpose for which it was collected or if there are other legal reasons that require deletion.
Insofar as we are subject to statutory storage requirements, which require a longer storage period, we store the data for this period, in particular for the fulfilment of commercial and tax withholding periods, which are between two and 10 years.
Other legal grounds for withholding may include the provision of evidence for the duration of the applicable statute of limitations. These periods are usually between two and 30 years.
Your rights in relation your personal data
You have the following legal rights regarding your personal data. You can contact our Data Protection Officer, also if you want further details about what these rights mean. As the legal details are quite complicated, below we provide you with the most important information about these rights. Please tell us in what form you want the information. If you do not specify otherwise, we usually answer your request in the same form as it was received. You will receive a response within one month. In the case of manifestly unfounded or excessive requests, we are entitled to demand a reasonable fee or refuse your request.
Access to your data, Art.15 GDPR
You have the right to request information about whether we process personal data about you or not. When we process your personal data, you will receive information about the specific data and additional information.
Correction of your data, Art. 16 GDPR
You have the right to ask us to correct your data if it is incorrect, inaccurate and/or incomplete; the right to rectification includes the right of completion using supplementary statements or communications.
Deletion of your data, Art. 17 GDPR
You have the right to ask us to delete your personal data, as long as there is no reason to keep it.
Restriction of the processing of your data by us. Art. 18 GDPR
You have the right to restrict processing of your personal data in certain cases within a specific scope.
Data portability, Art. 20 GDPR
Under certain circumstances, you may be entitled to demand that your data be provided in a common electronic, machine-readable data format.
The right to transfer data includes the right to transfer the data to another manager; upon request, we will (as far as technically possible) transfer data directly to a person named or to be named by you. The right to transfer data exists only for data provided by you, and requires processing to be carried out based on consent or to carry out a contract, using automated procedures.
Objection to our processing of your data, Art. 21 GDPR
In the case of the processing of personal data for the undertaking of public interest tasks (Art. 6, Par. 1, Let. e of the GDPR) or for the undertaking of legitimate interests (Art. 6, Par. 1, Let. f of the GDPR), you may object to the processing of personal data concerning you at any time with future effect, if there is no reason for further processing.
(Please note that you are not entitled to the right to object if the processing is based on consent. However, because you have a right to revoke your consent with future effect whenever data is processed with your consent, you can achieve a comparable outcome to objection via revocation.)
Revocation of consent
If you have given us consent to process your personal data, you can revoke it at any time and without stating any reasons with future effect. Please contact the contact centre where you gave your consent or directly through the Data Protection Officer.
You have the right to file a complaint with the competent monitoring authority regarding the processing of your personal data, Art. 77 GDPR.