I Responsible party
The party responsible within the meaning of the General Data Protection Regulation Art. 4 No. 7 GDPR and other national data protection laws of the member states as well as other data protection regulations is:
Sunmaxx PVT GmbH
Schutterwälder Str. 13,
Phone: +49 35205 69401 0
Represented by CEO Dr. William Stein.
We are not obliged to appoint a data protection officer.
II Type and scope of data processing
1. External hosting
This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the host's servers. This can be IP addresses, website access, meta data and other data that is generated via a website.
The hoster is used in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 Para. 1 lit. f DSGVO).
In order to ensure data protection-compliant processing, we have concluded an order processing contract with the hoster. Our hoster will only process your data to the extent that is necessary to fulfil its performance obligations and will follow our instructions in relation to this data.
2. Provision of the website: processing of access data
In principle, we only process personal user data insofar as this is necessary to provide a functional website and the content and services. You can therefore visit the website without providing any information about yourself. Only the following access data is stored in so-called server log files:
- Referrer (previously visited website)
- Requested web page or file
- Browser type and browser version
- Operating system used
- Device type used
- Time of access
- IP address in anonymized form
These data are used exclusively for
- Ensuring trouble-free operation
- Ensuring a smooth connection to the website,
- Ensuring comfortable use of our website,
- Defense against attacks on our website and our IT system and
- Evaluation of system security and stability.
The legal basis for data processing is Art. 6 Para. 1 S. 1 lit. f GDPR. Our legitimate interest results from the data collection purposes listed above. In no case do we use the collected data for the purpose of drawing conclusions about you personally. The data stored in the server logs may be checked by technical service providers who act as processors for the operation and maintenance of the site. They will not be transmitted to third parties.
Opposition and removal option
The collection of the data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is consequently no possibility of objection on the part of the user.
3. When contacting us: data processing to process your inquiries via email
We collect the personal data that you voluntarily provide to us when you contact us by email.
These data are only processed for the correspondence with you and for the purpose for which you have given us the data in the context of this communication, e.g. to process your request or to contact you at your request. In this case, the processing of personal data takes place with your consent and on the basis of Art. 6 Para. 1 a GDPR. In this context, the data will not be passed on to third parties.
If the aim of the email contact is to conclude a contract, the additional legal basis for processing is Art. 6 Para. 1 lit. b GDPR.
Type and purpose of data processing
The processing of personal data serves us to process the establishment of contact.
We store customer and contact information in our Customer Relations Management (CRM) system. This is a database where we can track all customer details and contacts with customers. For this purpose, we collect the following data with your consent:
- First name
- Last name
- Business Addresses
- Business phone number
- Email address
- Company Name
- Your request / message
We use this data for the following purposes:
- To be able to contact you as requested
- Keep track of who has been in contact and what the contact request was about
- To retain customer data for necessary transactions
Data deletion and storage duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage can be prolonged if this is required by the European or national law regulations, laws or other provisions to which the person responsible is subject. The data will be blocked or deleted if a storage period expires, unless there is a need for further storage of the data in order to conclude or fulfil a contract.
Opposition and removal option
The user has the option to revoke their consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of their personal data for further usage. In such a case, the conversation cannot be continued. To do this, send an informal e-mail to email@example.com.
5. SSL encryption
This site uses SSL encryption for security reasons and to protect the transmission of confidential content, such as the inquiries you send to us. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http: //" to "https: //" and by the lock symbol in your browser line.
If SSL encryption is activated, the data you transmit to us cannot be read by third parties.
III Third-Party Plugins
Job Advertisements / Applications
We use the applicant management system (BMS) from Empfehlungsbund (website: https://bms.fehlenbund.de; provider: pludoni GmbH, Pillnitzer Landstraße 73b, 01326 Dresden, Germany). The legal basis for data processing is Article 6, paragraph 1f GDPR. A data processing contract has been concluded.
We integrate the job advertisements widget on our website. In order to display the content, data is transmitted to external servers. These include:
- IP address
- User agent, operating system
Applicants also have the opportunity to apply directly via the Empfehlungsbund portal using a form. The legal basis for data processing is Article 6, paragraph 1b GDPR.
For more detailed information on data transmission and storage of application data, please refer to the data protection declaration: https://bms.empfehlungsbund.de/datenschutz.
IV Information about data processing in Social Media
We maintain online presences within social networks in order to communicate with the users active there or to offer information about us there. There are links on our website that lead to our profiles. As long as users stay on our website, no connection to the respective network is established. The links enable users to communicate with us within these networks.
We therefore point out that user data can be processed outside of the European Union. This can result in different risks for users, because it could make it more difficult to enforce user rights, for example. With regard to US providers, we would like to point out that the data is processed in the USA.
Furthermore, the data of users within social networks are usually processed for market research and advertising purposes and used accordingly. For example, usage profiles can be created based on user behavior and the interests of the user. The usage profiles can in turn be used, for example, to place advertisements inside and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users' computers in which the usage behavior and interests of the users are saved. Furthermore, data can be saved in the usage profiles regardless of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).
For a detailed and comprehensive presentation of the respective forms of processing and the possibilities of objection (opt-out), we refer to the data protection declarations and information provided by the operators of the respective networks for these networks. In principle, you have the option to object to the use of your data on these platforms.
But also in the case of requests for information - you also have the right according to the GDPR - and the assertion of other so-called data subject rights (if your data has been collected or stored or processed or passed on), we point out that these are most effective with the providers can be asserted. Because only the providers have access to the data of the users and can take appropriate measures and provide information. You can also assert these rights against these companies based on the GDPR, for example in Germany as well as in other European countries.
Processed data types: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. text entries, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta / communication data (e.g. Device information, IP addresses).
- Affected persons: all users (e.g. website visitors, users of online services) whose data has been collected, saved, processed or passed on
- Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR), consent (Art. 6 Par. 1 S. 1 lit. a. GDPR) if you have a profile and pages with the provider visit the provider
Services and service providers with whom we maintain profiles:
- LinkedIn: Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Website: https://www.linkedin.com; Data protection declaration: https://www.linkedin.com/legal/privacy-policy; Refuse option (opt-out): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
V Rights of the data subject
If your personal data is processed, you are affected within the meaning of the GDPR and you have the following rights vis-à-vis the person responsible:
1. Right to information
You can request confirmation from the person responsible as to whether personal data relating to you is being processed by us.
If this is the case, you can request the following information from the person responsible:
(1) the purposes for which the personal data are processed;
(2) the categories of personal data that are processed;
(3) the recipients or the categories of recipients to whom the personal data relating to you have been disclosed or are still being disclosed;
(4) the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the storage duration;
(5) the existence of a right to correction or deletion of personal data concerning you, a right to restriction of processing by the party responsible or a right to object to this processing;
(6) the right to lodge a complaint with a supervisory authority;
(7) all available information on the origin of the data if the personal data are not collected from the data subject;
(8) The existence of automated decision-making including profiling in accordance with Art. 22 Paragraphs 1 and 4 GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing for the person concerned.
2. Right to rectification
You have a right to correction and / or completion versus the person responsible if the processed personal data concerning you is incorrect or incomplete. The person responsible must make the correction immediately.
3. Right to restriction of processing
You can request the restriction of the processing of your personal data under the following conditions:
(1) if you dispute the correctness of the personal data concerning you for a period of time that enables the person responsible to check the correctness of the personal data;
(2) the processing is unlawful and you refuse to delete the personal data and instead request the restriction of the use of the personal data;
(3) the person responsible no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
(4) if you have objected to the processing in accordance with Art. 21 Paragraph 1 GDPR and it has not yet been determined whether the legitimate reasons of the person responsible outweigh your reasons.
If the processing of your personal data has been restricted, this data - apart from its storage - may only be used with your consent or for the establishment, exercise or defense of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest processed by the Union or a Member State.
4. Right to deletion
a) Deletion obligation
You can demand that the person responsible delete the personal data concerning you immediately, and the person responsible is obliged to delete this data immediately if one of the following reasons applies:
(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You revoke your consent on which the processing was based in accordance with Article 6 (1) (a) or Article 9 (2) (a) GDPR, and there is no other legal basis for processing.
(3) You object to the processing in accordance with Art. 21 Paragraph 1 GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing in accordance with Art. 21 Paragraph 2 GDPR.
(4) The personal data concerning you have been processed unlawfully.
(5) The deletion of your personal data is necessary to fulfil a legal obligation under Union law or the law of the member states to which the person responsible is subject.
The right to deletion does not exist if processing is necessary
(1) to exercise the right to freedom of expression and information;
(2) To fulfill a legal obligation that requires processing under the law of the Union or of the member states to which the person responsible is subject, or to perform a task that is in the public interest or in the exercise of official authority that is transferred to the person responsible has been;
(3) for reasons of public interest in the area of public health in accordance with Art. 9 Paragraph 2 lit. h and i and Art. 9 Paragraph 3 GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Art. 89 Para. 1 GDPR, insofar as the right mentioned under section a) is likely to make the realization of the objectives of this processing impossible or seriously impair it,
(5) for the establishment, exercise or defense of legal claims.
5. Right to information
If you have asserted the right to correction, deletion or restriction of processing against the person responsible, the person responsible is obliged to comply with and to notify the recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.
You have the right to be informed about these recipients by the person responsible.
6. Right to data portability
You have the right to receive the personal data concerning you, which you have provided to the person responsible, in a structured, common and machine-readable format. You also have the right to transfer this data to another person responsible without hindrance from the person responsible to whom the personal data was provided, provided
(1) the processing is based on consent in accordance with Art. 6 Paragraph 1 lit. a GDPR or Art. 9 Paragraph 2 lit. a GDPR or on a contract in accordance with Art. 6 Paragraph 1 lit. b GDPR and
(2) the processing is carried out using automated procedures.
In exercising this right, you also have the right to have your personal data transmitted directly from one person in charge to another person in charge, insofar as this is technically feasible. This must not impair the freedoms and rights of other people.
The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task that is in the public interest or takes place in the exercise of official authority that has been transferred to the person responsible.
7. Right of objection
You have the right, for reasons that arise from your particular situation, to object at any time to the processing of your personal data, which is based on Article 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions.
The person responsible will no longer process the personal data concerning you unless he can prove compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If the personal data concerning you are processed in order to operate direct mail, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is connected to such direct advertising.
If you object to processing for direct marketing purposes, the personal data relating to you will no longer be processed for these purposes.
8. Right to revoke the data protection declaration of consent
You have the right to withdraw your declaration of consent under data protection law at any time. Revoking your consent does not affect the legality of the processing carried out on the basis of your consent up to the point of revocation.
9. Automated decision in individual cases including profiling
We do not use automated decision-making, including profiling
10. Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority (https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html), in particular in the member state of your place of residence, your place of work or the place of the alleged violation, if you are of the opinion that the processing of your personal data is against violates the GDPR.
The supervisory authority to which the complaint was submitted informs the complainant of the status and the results of the complaint, including the possibility of a judicial remedy according to Art. 78 GDPR.