SANHA Premium Quality Seal since 1964

Защита данных

The aim of data protection and also our aim as SANHA GmbH & Co. KG is to handle personal data in such a way that the personal rights of the individual are protected. 

In order to ensure the fulfilment of this objective, bodies responsible for the processing of personal data are obliged to comply with the provisions of EU legislation (the General Data Protection Regulation (GDPR)) as well as national data protection laws. 

Personal data may only be collected and processed if the GDPR or another law permits this. Essential basic principles of the GDPR are: 

  • Lawfulness of processing, processing in good faith, transparency 
  • Purpose limitation 
  • Data minimisation 
  • Accuracy of data processing
  • Storage limitation and deletion concepts
  • Integrity and confidentiality 

Person responsible and data protection officer  

So that you know who to contact when it comes to your data, we will first tell you who is legally responsible for the processing and who is the specific contact person for your concerns. 

Legal responsible:  

SANHA GmbH & Co. KG
Im Teelbruch 80 
45219 Essen
Germany
Telefon: +49 2054 925-0
E-Mail: info@sanha.com 
 

Contact details of the data protection officer 

Our data protection officer can be reached at the following e-mail address:  

datenschutz@sanha.com 

Purpose of the data collection, processing or use 

The collection, processing or use of personal data is carried out in order to fulfil this corporate purpose or supporting secondary purposes, such as customer advice. 

Groups of persons concerned and related data or data categories 

The groups of people concerned are 

  • current employees 
  • former employees 
  • applicants
  • interested parties
  • customers
  • suppliers
  • service providers and
  • other business partners 

 

The relevant data includes all personal data that is required to fulfil the respective purpose. The specific data of the data subjects that is processed is explained in detail below. 

Legal basis 

The processing of personal data is only lawful if it is permitted by law, i.e. if there is a legal basis or if the person has consented to it. 

Personal data is only processed in our company in accordance with the statutory provisions. These are usually, 

  • if consent to the processing of personal data has been given (Art. 6 para. 1 lit. a DSGVO), 
  • if personal data must be processed for the performance of a contract or the initiation of a contract (Art. 6 para. 1 lit. b DSGVO), 
  • if the processing of personal data is necessary in order to comply with a legal obligation (Art. 6 para. 1 lit. c DSGVO), or 
  • if we process personal data on the basis of a legitimate interest or on the basis of a legitimate interest of a third party (Art. 6 para. 1 lit. f DSGVO). 

Recipient for data transmission 

The potential recipients of transferred personal data are 

  • public bodies, insofar as a legal obligation exists, 
  • service providers and other business partners, insofar as it is necessary for the fulfilment of the respective purpose and a legal provision permits or requires this or the person concerned has consented to it. 

 

Planned data transfer to third countries or international organisations 

Should it become necessary to transfer data to third countries (countries that are not member states of the European Union) or to international organisations, this will only be done for the conclusion or fulfilment of contracts - insofar as this does not conflict with the legitimate interest of the data subject taking into account all data protection requirements. If, in individual cases, we transfer your data to a third country or to an international organisation, we will provide you with the information required for this case. 

Standard periods for the deletion of data 

The deletion of personal data is carried out in accordance with the applicable legal or contractual regulations on data deletion, taking into account legal or contractual retention obligations. Such legal obligations result from the German Commercial Code (HGB) and the German Fiscal Code (AO), among others. The periods specified there for storage or documentation are up to ten years beyond the end of the business relationship or the pre-contractual legal relationship. 

Furthermore, other statutory provisions may require a longer retention period, such as the preservation of evidence within the framework of statutory limitation provisions. The regular limitation period is three years; in certain cases, however, limitation periods of up to 30 years or, in individual cases, even longer may be applicable. The deletion of personal data that is not subject to a legal or contractual obligation to retain or delete takes place after it has become dispensable for the fulfilment of the respective purpose. 

Your rights regarding data protection (Art. 12 ff DSGVO) 

The data subject has various rights with regard to data protection. These rights are explained below. The above contact details can be used to exercise these rights. 

Right of access (Art. 15), rectification (Art. 16), restriction of processing (Art. 18) and erasure (Art. 17) 

Within the framework of the applicable legal provisions, you have the right at any time to obtain information free of charge about the personal data stored by the person responsible and relating to you, its origin and recipient and the purpose of the data processing and, if applicable, the right to have this data corrected, blocked or deleted. 

Right of objection (Art. 21 DSGVO) 

Every data subject has the right to object to the processing of his or her data if the data processing is based on Art. 6 (1) f DSGVO or for direct marketing purposes. In the event of an objection to the processing of your personal data, we will examine your objection on a case-by-case basis. If we are obliged to delete your personal data due to your objection under data protection law, we will delete your data taking into account statutory retention obligations. The objection does not affect the permissibility of the processing carried out up to the objection. 

Obligation to disclose data 

Every data subject has the right to know whether the provision of the personal data is required by law or by contract or is necessary for the conclusion of a contract, whether the data subject is obliged to provide the personal data and what the possible consequences of not providing the personal data would be. 

Right of appeal to the competent supervisory authority 

The person concerned has the right to complain to the competent supervisory authority if he or she believes that his or her rights have been violated. The competent supervisory authority for data protection issues is the state data protection commissioner of the federal state in which our company is based. In principle, however, the data subject may also contact the supervisory authority of his or her place of residence or the place of the alleged violation. A list of the data protection officers and their contact details can be found at the following link:  

https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html. 

Kontaktdaten:  

Right to data portability 

You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract transferred to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another person responsible, this will only be done insofar as it is technically feasible. 

These processing operations are based on Art. 20 para. 1 lit. f DSGVO. 

Revocation of your consent to data processing 

Some data processing operations are only possible with your consent. You can revoke consent you have already given at any time. To do so, simply send an informal e-mail to one of the above e-mail addresses. The legality of the data processing carried out until the revocation remains unaffected by the revocation. 

In the following we describe the processing operations in connection with the use of our website.  

Purposes and legal basis  

Log data 

Every time you visit a website, your internet browser automatically transmits information to our web server for technical reasons (so-called log data). We store some of this information in log files, e.g. 

  • Date of access 
  • Time of access 
  • URL of the referring website 
  • File accessed
  • Amount of data transferred
  • Browser type and version
  • operating system
  • IP address  

 

In principle, we only evaluate log data in order to rectify faults in the operation of our website or to clarify security incidents.  

For troubleshooting purposes or to preserve evidence in the event of security incidents, it may be necessary for us to collect additional personal data with the log data. In these cases, we base the processing of the log data on a legal permit. 

Legal basis 

This processing is based on Art. 6 para. 1 lit. f DSGVO, our interest is the technical provision, security and optimisation of the website. 

Storage period 

The data that is processed in connection with the collection of server log files is stored for as long as is necessary for the stated purposes. 

Contact form 

You can contact us via the contact form. Your details from the enquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. 

Categories of personal data 

When an enquiry is made via the contact form, the following personal data is processed. 

 

  • Your request  
  • Name  
  • Address  
  • Telephone number
  • E-mail address 

Legal basis 

The data entered in the contact form is processed on the basis of our legitimate interest in offering our customers an easy way to contact us, as well as to improve the quality of our advice, and for contractual purposes (Art. 6 para. 1 lit. f DSGVO). You can provide us with information over and above the mandatory information on a voluntary basis. The legal basis for this information is Art. 6 para. 1 lit. a) DSGVO, your consent. The data processing of the voluntary information serves to improve our service to you and to enable us to provide you with more comprehensive support. You can revoke your consent to the processing of the voluntarily provided data at any time. To do so, please contact us using the above-mentioned contact option. 

Revocation of your consent to data processing 

Some data processing operations are only possible with your consent. You can revoke consent you have already given at any time. To do so, simply send an informal e-mail to one of the above e-mail addresses. The legality of the data processing carried out until the revocation remains unaffected by the revocation. 

Forwarding of e-mails in the context of an establishment of contact  

When contacting our service team via e-mail, the contact data transmitted by the customer via e-mail may be used for the current enquiry as well as other digitally transmitted processes in order to automatically forward the enquiry to the responsible internal department, if possible. This is to ensure the proper processing of these business transactions and to guarantee a faster handling of customer enquiries. The contact data provided will be transferred to our customer database and stored there. 

Legal basis 

The processing of the data you provide in this context is based on our legitimate interest in accelerating and further optimising our process flows for our customers (Art. 6 para. 1 lit. f DSGVO). 

Storage period 

The personal data processed in this context will be retained for the duration of your business relationship with us or until you request us to delete it. Statutory storage obligations remain unaffected. 

Cookies 

The websites of SANHA GmbH & Co. KG partly use so-called cookies. Cookies are small text files that we store on your terminal device when you visit our website. Each time you visit our website again, these cookies are sent back to us. This enables us to recognise you, for example, or to make navigation easier for you with the help of the information in the cookies. 

Cookies cannot be used to start programmes or transfer viruses to a computer. Cookies can only be read by the web server from which they originate. 

We do not pass on the information in the cookies to third parties without your express consent. You can also view our website without cookies. Internet browsers are regularly set to accept cookies. In order to prevent the use of cookies by your Internet browser, you can (1) reject the use of cookies when calling up our website via the cookie layer (if available) or (2) deactivate the use of cookies via the settings of your Internet browser. You can find out how to deactivate and/or delete cookies in your browser by using the help functions of your Internet browser. Please note that deactivating/deleting cookies may mean that individual functions of our website no longer work as expected. Cookies that may be required for certain functions of our website are shown below. In addition, the deactivation/deletion of cookies only affects the Internet browser used for this purpose. For other Internet browsers, the deactivation/deletion of cookies must therefore be repeated accordingly. Cookies that we use for certain functions, without personal reference: 

  • Cookies that store certain user preferences (e.g. search or language settings). 
  • Cookies that store data to ensure the trouble-free playback of video or audio content. 
  • Cookies that temporarily store certain user inputs (e.g. contents of a shopping basket or an online form).  
  • Cookies that we use for certain functions, with personal reference  
  • Cookies that serve to identify or authenticate our users 

We store the data until the end of the term of a respective cookie or until the cookies are deleted by you. This processing is based on Art. 6 para. 1 lit. f DSGVO. Our interest is the ongoing optimisation of the website and the improvement of user-friendliness. 

 
You can find an overview of the active cookies in our cookie table

Statistical evaluation with Matomo 

We use the analysis service Matomo for statistical evaluation of the use of our website. The provider is InnoCraft Ltd, 7 Waterloo Quay, PO Box 625, 6140 Wellington, New Zealand. We have concluded an order processing contract with Matomo. In the course of using Matomo, personal data may also be transmitted to the servers of ePrivacy GmbH in Germany.  

You can view the Matomo privacy policy at the following link:  

Privacy Policy - Analytics Platform - Matomo 

Legal basis  

The use of Matomo for statistical evaluation of our website is based on Art. 6 para. 1 lit. a DSGVO, your consent. 

You can prevent the use of cookies by not giving us your consent. However, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent. 

Revocation of your consent to data processing 

Some data processing operations are only possible with your consent. You can revoke consent you have already given at any time. To do so, simply send an informal e-mail to one of the above e-mail addresses. The legality of the data processing carried out until the revocation remains unaffected by the revocation. 

For marketing purposes, to communicate with our customers or to arouse interest in our company, we present ourselves on social networks. In the following points we inform you about the associated processing activities.  

Data processing for presentation and communication 

Social networks enable us to present our company to persons who have an account with the social network (hereinafter "user") and to all visitors to our profiles without an account with the social network (hereinafter "guest"). Furthermore, customers and interested parties can contact us via this profile. Our profiles and posts are generally viewable by users and guests (hereinafter users and guests are collectively referred to as "visitors"). If you comment on our posts or send us a message, this data is stored by the social network and can be viewed by us. We can reply to your comment or message. For posts, your comment and our reply may still be visible to all users of the social network or to all visitors. 

Data processing for statistical and promotional purposes 

If you access our profile, the social network can store and evaluate your access and all further interactions of you on the website of the social network. As a rule, our profiles and posts can be viewed by users and guests (hereinafter referred to collectively as "visitors"). If you comment on our posts or send us a message, this data is stored by the social network and can be viewed by us. We can reply to your comment or message. For posts, your comment and our reply may still be visible to all users of the social network or to all visitors. 

If you have an account with the social network and are logged in when you visit our profile, the provider of the social network may link your interactions with our profile to your account data and process it further. However, it is also possible that data about your interactions with our profile will be stored by the social network for the duration of your visit and processed for further purposes if you are not logged in there or do not have an account. In this case, an allocation can take place, for example, through the use of cookies, small files which are stored on your end device, or in connection with your IP address. 

With this data processing, the platform pursues the purpose of creating an interest profile of the visitor in order to use this for advertising purposes. When the person calls up certain websites, information about this call is evaluated and the provider assigns certain interests to the visit. Based on the assigned interests, advertisements are displayed to the visitor. Interest-based advertisements can be displayed by the provider both within and outside the web pages of the social network. 

Categories of persons concerned 

People who access our profile on the relevant social network (both users with an account with the social network provider and visitors without an account). 

 

Assertion of your rights as a data subject 

For information requests or to exercise your other rights as a data subject, we recommend that you contact the provider directly, as only the provider has full access to the data processed in connection with a call to our profile or interaction with us on the social network. The contact information of the social networks for exercising your rights as a data subject can be found under the item "Information on the social networks used by us". In the case of data processing where there is joint responsibility between the social network provider and us, you also have the right to exercise your rights as a data subject against us. In such a case, we will forward your request to the social network, insofar as the request concerns data or processing activities that are processed by the social network. 

Further information on the processing activities of the social networks and the existing objection options can be found under the item "Information on the social networks we use". 

Facebook: 

 

Provider 

Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland (nachfol-gend Facebook) 

 

Website 
https://de-de.facebook.com/ 

Form for contacting the Facebook data protection officer 
https://www.facebook.com/help/contact/540977946302970 

Facebook Data Policy 
https://de-de.facebook.com/policy.php 

Our profile 

https://www.facebook.com/sanhagmbh 

 

Joint officer  

We have entered into a shared responsibility agreement with Facebook which applies to the processing of data in connection with our profile on Facebook (the "Page") for the purpose of providing the profile and statistical analysis of the interactions of visitors to our profile. This agreement sets out the obligations to be fulfilled by either Facebook or us in relation to the processing of data and which party is responsible for each processing activity. 

Agreement on joint responsibility for data processing for Page Insights between Facebook and us as the owner of a profile on Facebook pursuant to Art. 26 DSGVO: https://www.facebook.com/legal/terms/page_controller_addendum 

 

 

Purposes and legal basis 

  • Presentation of our company, legitimate interest ((Art. 6 para. 1 p. 1 lit. f) DSG-VO) 
  • Communication with customers and interested parties, legitimate interest ((Art. 6 para. 1 p. 1 lit. f) DSGVO) 
  • Statistical purposes, legitimate interest ((Art. 6 para. 1 p. 1 lit. f) DSGVO) 

Insofar as Facebook carries out further processing activities or processes data for statistical or advertising purposes, Facebook is the controller of the processing and the processing may be based on other legal bases. For more information, please refer to the "Facebook Data Policy" section. 

Possibility of objection 

If you wish to object to processing by Facebook, you can find this under the following link for the different processing activities:  

https://www.facebook.com/help/contact/367438723733209?no_redirect  

If you would like to receive the newsletter offered on the website, we require an e-mail address from you and that you agree to receive the newsletter. Further data will not be collected or only on a voluntary basis.  

The data entered in the newsletter registration form is processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke your consent to the storage of the data, the email address and their use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation. 

Revocation of your consent to data processing 

Some data processing operations are only possible with your consent. You can revoke consent you have already given at any time. To do so, simply send an informal e-mail to one of the above e-mail addresses. The legality of the data processing carried out until the revocation remains unaffected by the revocation. 

Newsletter dispatch by Rapidmail 

To send the newsletter, SANHA GmbH & Co. KG. uses the Rapidmail service. The provider of this service is rapidmail GmbH, Wentzingerstraße 2, 79106 Freiburg im Breisgau, Germany. 

Rapidmail is a service with which, among other things, the sending of newsletters can be organised and analysed. The data you enter for the purpose of receiving the newsletter is stored on Rapidmail's servers in Germany. 

If you do not wish to have your data analysed by Rapidmail, you must unsubscribe from our newsletter. You will find the link for this in every newsletter message. 

Data analysis by Rapidmail 

In order to analyse the success of our newsletter, the e-mails sent with Rapidmail contain a so-called web beacon or a "tracking pixel", which reacts to interactions with the newsletter. In this way, it can be determined whether a newsletter message was opened, whether links were clicked or at what time the newsletter was read. 

Within the framework of the success analysis, the following data are processed by Rapidmail: 

  • Master data (e.g. name, address) 
  • Contact data (e.g. e-mail address, telephone number) 
  • Meta and communication data (e.g. device information, IP address) 
  • Usage data (e.g. interests, access times) 

Legal basis 

The data processing is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time. The legality of the data processing already carried out remains unaffected by the revocation. 

Revocation of your consent to data processing 

Some data processing operations are only possible with your consent. You can revoke consent you have already given at any time. To do so, simply send an informal e-mail to one of the above e-mail addresses. The legality of the data processing carried out until the revocation remains unaffected by the revocation. 

Storage period 

The data you provide us with for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for registration in the online shop) remain unaffected by this. 

Conclusion of a contract for commissioned data processing 

We have concluded a contract with rapidmail GmbH in accordance with Art. 28 Para. 3 DSGVO, in which we oblige Inxmail to protect our customers' data and not to pass it on to third parties.

We have integrated YouTube videos on our website, these videos are stored on www.youtube.com. If you use these videos, you will be redirected to the YouTube platform. The provider of this platform is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. While using YouTube, personal data may also be transmitted to Google LLC. These companies are based in the USA. The processing of personal data is governed by so-called standard contractual clauses concluded with us by the Commission of the European Union. https://privacy.google.com/businesses/processorterms/. 

The YouTube videos on our website are all embedded in extended data protection mode, which means that no data about you as a user or personal data in general is transmitted to YouTube unless you play the videos. If you play the videos offered, data will be transmitted. We have no influence on the transmitted data. The transfer of data takes place regardless of whether YouTube provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, the following data will be assigned to your user account.  

If you do not want the data transfer with the assignment to your profile to YouTube, you must log out of your Google account before playing the videos. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or designing its website to meet your needs. You have the right to object to the creation of these user profiles, and you must contact YouTube to exercise this right. 

The processing is based on the legal basis Art. 6 para. 1 lit. a). You can revoke your consent at any time. The legality of the data processing operations already carried out remains unaffected by the revocation. 

Revocation of your consent to data processing 

Some data processing operations are only possible with your consent. You can revoke consent you have already given at any time. To do so, simply send an informal e-mail to one of the above e-mail addresses. The legality of the data processing carried out until the revocation remains unaffected by the revocation.  

You can view further information on YouTube and Google here:  

https://www.google.com/intl/de/policies/privacy/ (General Google Privacy Policy) 
https://policies.google.com/terms?hl=de#toc-software (Terms of use Google services) 
https://www.youtube.com/static?gl=DE&template=terms&hl=de (Terms of Use YouTube) 

PayPal 

On our website we offer, among other things, payment via PayPal. The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as "PayPal"). 

Legal basis 

If you select payment via PayPal, the payment data you enter will be transmitted to PayPal. 

Credit card 

On our website we offer, among other things, payment by credit card via our payment service provider Computop Paygate GmbH, Schwarzenbergstr. 4, D-96050 Bamberg. 

If you select payment by credit card, personal and payment-relevant data that are requested and required for processing the transaction are transmitted directly to your banking institution or credit card company or Computop. Credit card data is collected exclusively by Computop and stored in encrypted form. 

Legal basis 

The transfer of your data to Computop takes place for contractual purposes. 

We also collect, process and use personal data outside the environment of the online shop, insofar as they are necessary for the establishment, content or amendment of the contract. 

Data categories  

We need the following data to register you as a customer with us: 

  • Company name with legal form (e.g. GmbH) 
  • Company headquarters (street / house number / postcode / town)
  • Name and first name of contact person
  • Telephone number
  • Surname and first name of the managing director/owner of the commercial enterprise 

 

You can voluntarily provide us with the following data: 

  • E-mail address - Please note, however, that we need this to access our online shop. 
  • Fax 
  • Billing address, if different 
  • Mobile phone number 
  • Date of birth of the managing director/owner of the commercial enterprise 

Storage period 

The collected data will be stored by us as long as you have a business relationship with us. After termination of the business relationship, your data will be deleted. Statutory retention periods remain unaffected by this. 

Data categories 

Within the framework of the processing of customer personal data, the following personal data are processed.  

  • Customer number
  • Company
  • Street number
  • House number
  • Postcode
  • City
  • Contact person
  • Function
  • Telephone number
  • E-Mail 

Legal basis 

The processing of personal data is carried out for contractual purposes, the legal basis for the processing for these purposes is, 

  • if you are a registered trader or freelancer, Art. 6 para. 1 lit. b DSGVO, the data processing is for the purpose of implementing the contract or pre-contractual measures with the data subject; or 

if you are an employee of a company, e.g. an employee in purchasing, Art. 6 para. 1 lit. f DSGVO, the legitimate interest of SANHA GmbH & Co. KG. is. The legitimate interest of SANHA GmbH & Co. KG. is the preparation of the sale of products or services of companies of the SANHA GmbH & Co. KG., which is based in particular on entrepreneurial freedom and professional freedom. 

Storage period 

The transmitted data is already available to us and is only transmitted to the respective company; the duration of storage by SANHA GmbH & Co. KG depends on the storage period for the original processing purpose. The duration of storage at the receiving company depends on the data protection information of the respective company.