Sunnic Lighthouse GmbH Data Privacy

We would like to inform you below about the processing of personal data in the context of the use of our Internet pages. Further information on data protection can be found below.

Information about the data controller

The controller responsible for data processing on this website is:

Sunnic Lighthouse GmbH
Zirkusweg 2
D-20359 Hamburg

Contact: Arved von Harpe, Geschäftsführer

T +49 40 756 64 49 - 660
 F +49 40 756 64 49 - 699
info@sunnic.de

Further information about our company and the authorised representatives is available in our Legal Notice at www.sunnic.de/impressum

Data protection representative

We have appointed a data protection representative for our company:

Jessica Stehn-Bäcker
BEREDI Marketing GmbH
Überseeallee 1
20457 Hamburg

Phone: 040 22861374
E-mail: js@beredi-datenschutz.de

Legal basis of data processing

As a rule, we only process personal data in the course of operating this website because it is necessary for providing a functioning website, our content and the associated services.

We process data based on the following legal bases: 

  • Consent as defined in Art. 6 (1) a GDPR
  • Fulfilment of contracts as defined in Art. 6 (1) b GDPR
  • Fulfilment of a legal obligation as defined in Art. 6 (1) c GDPR
  • Legitimate interest as defined in Art. 6 (1) f GDPR

In this privacy statement, we will reference the respective legal basis for each type of data processing.

If we are processing personal data based on your consent, you have the right to revoke that consent any time with effect to the future.

If we are processing data based on a consideration of interests, you as the data subject have the right, taking into account the requirements of Art. 21 GDPR, to object to the processing of personal data,

Deletion of data

As a rule, we delete personal data when there is no further need for storing them. A need to store personal data may arise if the data are still needed to fulfil contractual services, or to review, grant or defend against guarantee and possibly warranty claims. In case of legal retention obligations imposed by European or national law in EU directives, laws or other regulations to which the controller is subject, data can only be deleted after the end of the respective retention period.

Place of data processing 

If personal data are processed outside of the European Union, you can find out in the explanation of the corresponding processing activity.

Access data

You can visit our website without providing information about your person. However, when you access this website, the browser on your device automatically sends information to the website server. This information is temporarily stored in a so-called log file.

The following information is recoded without any action on your part and stored until the automatic deletion of your website visit: 

  • The access logs of the web servers record which page requests have taken place and when. They contain the following data: IP, directory protection user, date, time, accessed pages, logs, status code, amount of data, referer, user agent, accessed host name.
  • The IP addresses are stored anonymously. For this purpose, the last three digits are removed, i.e. 127.0.0.1 becomes 127.0.0.* IPv6 addresses are also anonymized. The anonymized IP addresses are retained for 60 days. Information about the directory protection user used is anonymized after one day.


  • Error logs, which record erroneous page requests, are deleted after seven days. In addition to the error messages, these contain the accessing IP address and, depending on the error, the accessed website.


  • Accesses via FTP are logged with anonymized information on user name and IP address and stored for 60 days.


  • The mail logs for sending e-mails from the web environment are anonymized after one day and then retained for 60 days. During anonymization, all data on the sender / recipient etc. is removed. Only the data on the time of sending and the information on how the e-mail was processed are retained (queue ID or not sent). Mail logs for sending via our mail servers are deleted after four weeks. The longer retention period is necessary to ensure the functionality of the mail services and spam prevention.


The legal basis for processing personal data is our legitimate interest as defined in Art. 6 (1) 1 f GDPR. The information listed above is used

  • for the purpose of ensuring flawless operation of the site 
  • for analysis to improve our service 
  • to guarantee trouble-free connections
  • to guarantee the user-friendliness of this website 
  • to be able to assess the system security and stability of this website
  • for other administrative purposes

As a rule, we do not use the data we collect for the purpose of identifying you as a person.

SSL or TLS encryption

For security reasons and to protect the transfer of confidential content, such as inquiries you send to us as the operator, this website uses SSL or TLS encryption. You can recognise an encrypted connection because the address line in the browser changes from “http://” to “https://”, and a lock symbol appears in your browser line.

When the SSL or TLS encryption is activated, the data you send to us cannot be read by third parties.

Third party hosting 

This website is hosted by an external provider. We have established a hosting contract with this provider, as well as a contract data processing agreement. The host’s server is located in Germany.

All data collected in the course of using this website or in the corresponding forms are processed on the servers of this host. This may include IP addresses, website accesses, meta and communication data, contact inquiries and other data that are generated through a website.

We use the host to serve our overriding legitimate interest as defined in Art. 6 (1) f GDPR, i.e. our interest in the correct presentation of our services and the secure, quick and efficient provision of our online offer.

Inquiry via e-mail, phone or fax

When you contact us by e-mail, phone or fax, we store and process your inquiry and all personal data it contains (name, inquiry) for the purpose of processing your inquiry. We do not share these data without your consent.

These data are processed based on Art. 6 (1) b GDPR, if your inquiry is connected to the fulfilment of a contract or is necessary for conducting pre-contractual measures. In all other cases, data processing is based on your consent (Art. 6 (1) a GDPR) and/or on our legitimate interests (Art. 6 (1) f GDPR), since we have a legitimate interest in the effective processing of inquiries addressed to us.

We retain the data you send us through the contact form until you ask us to delete them, revoke your consent to our storing them, or the purpose for storing them no longer applies (e.g. after processing of your inquiry is completed). Mandatory legal regulations - in particular retention periods - remain unaffected.

Sharing of data

As a rule, we will never share data we receive from you with third parties, in particular for their marketing purposes. We only share your personal data with third parties if it is necessary to fulfil a contract with you, if sharing the data is permissible based on weighing our interests against others as defined by Art. 6 (1) f GDPR, if we are legally required to share them or to the extent that you have given us your consent. 

We do, however, use service providers to operate this website, for instance. In this context it is possible that a service provider has access to personal data. We chose our service providers carefully, especially with regard to data protection and data security, and take all measures required by data protection regulations to ensure lawful data processing.

Google Analytics

Insofar as you have given your consent, this website uses Google Analytics, a web analytics service provided by Google LLC. The controller for users in the EU, EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

Scope of processing

Google Analytics enables the website operator to analyze the behavior of website visitors. In doing so, the website operator receives various usage data, such as page views, dwell time, operating systems used and origin of the user. This data may be summarized by Google in a profile that is assigned to the respective user or their end device.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.

Legal basis

The legal basis for this data processing is your consent pursuant to Art.6 para.1 p.1 lit.a DSGVO.

Revocation

You can revoke your consent at any time with effect for the future by calling up the cookie settings and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected.

IP anonymization

We have activated the IP anonymization function on this website. As a result, your IP address will be shortened by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.

Third country transfer

Insofar as data is processed outside the EU or the EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU or the EEA. You may not be entitled to any legal remedies against access by authorities.

Recipients

Recipients of the data are or may be:

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor according to Art. 28 DSGVO).
  • Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
  • Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

It cannot be ruled out that US authorities may access the data stored by Google.

Storage period

Data stored by Google at user and event level that is linked to cookies, user identifiers (e.g. User ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) is anonymized or deleted after 14 months. For details, please see the following link: https://support.google.com/analytics/answer/7667196?hl=de

Demographic characteristics with Google Analytics

This website uses the "demographic characteristics" function of Google Analytics to display suitable advertisements to website visitors within the Google advertising network. This allows reports to be generated that include statements about the age, gender, and interests of site visitors. This data comes from interest-based advertising from Google as well as from visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as shown in the item "Objection to data collection".

Google Tag Manager

This website uses the Google Tag Manager. The Google Tag Manager is an auxiliary service and processes personal data itself only for technically necessary purposes. The Google Tag Manager takes care of loading other components, which may in turn collect data. The Google Tag Manager does not access this data. 

The legal basis for the use of the technically necessary cookie is our legitimate interest according to Art. 6 para. 1 p. 1 lit. f DSGVO.

For more information, please refer to the provider's terms of use at: https://www.google.com/intl/de/tagmanager/use-policy.html. 

Deactivate Google Analytics.

Cookies

Change cookie settings

We use cookies on our website. These serve to make our offer more user-friendly, effective and secure. Cookies are text files that are stored on your computer and saved by your browser. Cookies do not cause any damage to your end device, do not contain viruses, Trojans or other malware.

The legal basis for the storage of cookies, device identifiers and similar tracking technologies or for the storage of information in the end user's terminal equipment and access to this information is the European ePrivacy Directive in conjunction with the Telecommunications and Telemedia Data Protection Act (TTDSG).

For the processing of personal data collected in this context, the legal basis regularly results from Art. 6 para. 1 p.1 DSGVO. 

The primary legal basis for the storage of information in the end user's terminal equipment - thus in particular for the storage of cookies - is your consent pursuant to Section 25 (1) p.1 TTDSG. The consent is given when you visit our website - although of course it does not have to be given - and can be revoked at any time in the cookie settings.

Pursuant to Section 25 (2) No. 2 TTDSG, consent is not required if the storage of information in the end user's terminal equipment or access to information already stored in the end user's terminal equipment is absolutely necessary for the provider of a telemedia service to be able to provide a telemedia service expressly requested by the user. You can see from the cookie settings which cookies are to be classified as absolutely necessary and therefore fall under the exception of Section 25 (2) TTDSG and thus do not require consent.

Cookie management

We use the consent management service Cookiebot, of Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (Cybot). This enables us to obtain and manage consent from website users for data processing. The legal basis for the data processing is Art. 6 para.1 lit. f DSGVO. The legitimate interest of the provider is the user-friendliness of the website and the fulfillment of the legal requirements from the DSGVO. For this purpose, the following data is processed with the help of cookies:

  • Your IP address (the last three digits are set to '0'), 
  • Date and time of the consent,
  • URL from which the consent was sent, 
  • User agent of the end user's browser, 
  • an anonymous, random and encrypted key, and 
  • Consent status of the end user as proof of consent. 

The key and consent status are stored in the browser for 12 months using the "CookieConsent" cookie. This preserves your cookie preference for subsequent page requests. With the help of the key, their consent can be proven and traced.

The functionality of the website is not guaranteed without the processing.

Cybot is a recipient of your personal data and acts as a processor for us.

The processing takes place in the European Union. You can find more information about objection and removal options vis-à-vis Cybot at: https://www.cookiebot.com/de/privacy-policy/. 

Your personal data will be deleted consecutively after 12 months or immediately after the termination of the contract between us and Cybot.

MyFonts Counter

On this website, we use MyFonts Counter, a web analysis service provided by MyFonts Inc., 500 Unicorn Park Drive, Woburn, MA 01801, USA. Based on licensing regulations, a page view tracking is carried out by counting the number of visits to the website and sending that number to MyFonts. MyFonts only collects anonymised data. Data may be shared if you activate Java Script code in your browser. In order to generally block the execution of Java Script code by MyFonts, you can install a Java Script blocker (e.g. www.noscript.net). For more information about MyFonts Counter please visit the privacy statement of MyFonts at http://www.myfonts.com/info/terms-and-conditions/#Privacy

Social networks 

We take data protection in social networks very seriously. Unfortunately, it has not been legally determined whether and to what extent social networks are offering their services in compliance with European data protection regulations. As soon as new and legally sound information becomes available in this regard, we will address it immediately. Until then, please check carefully what personal data you provide to the social networks by using our website through the social networks.

Please bear in mind that social networks store the data of their users (e.g. personal information, IP address, etc.) according to their data usage guidelines and use them for commercial purposes. We have no control over what data are collected and how they are processed by the social networks. We have no way of knowing the extent, location and duration of data storage, to what extent the networks are complying with deletion obligations, what analyses and links they perform on the data, and who they share the data with.

We have a company site on LinkedIn (LinkedIn Ireland Unlimited Company). This processing is based on Art. 6 (1) f GDPR. You can view the privacy policy of LinkedIn at https://www.linkedin.com/legal/privacy-policy. You can object (opt out) at https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

No automated decision-making/profiling

We do not use automated decision-making processes and do not engage in profiling.

Rights of data subjects

The following are your rights regarding your personal data:

You have the right to information about your personal data. You can contact us at any time to request this information. If you make a request for information in non-written form, please understand that we may require proof from you to document that you are the person you claim to be. 

You also have the right to correction or deletion or the limitation of processing, provided you are entitled to this by law.

Furthermore, you have the right to object (see below) to the processing within the legal regulations.

You also have the right to data portability as defined by data protection regulations.

Right to object

If we process personal data as described above in order to safeguard our overriding legitimate interests, you can object to this processing with effect to the future. If we process data for the purpose of direct marketing, you can exercise this right at any time. If processing is for other purposes, you only have the right to object for reasons justified by your particular situation.

After you object, we will cease to process your personal data, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or unless the processing serves the establishment, exercise or defence of legal claims.

This does not apply to processing for the purpose of direct marketing. In this case, we will cease to process your personal data for this purpose. 

Right to complain to the competent supervisory authority

You have the right to file a complaint about our processing of your personal data with a supervisory authority for data protection. 

Objection to marketing e-mails

We hereby explicitly object to the use of contact data published in our mandatory legal notice for the purpose of sending us unsolicited marketing and information materials. The operators of these pages reserve the right to take legal steps in case of unsolicited sending of marketing information such as spam e-mails.

Last updated: 16/05/2022

 


Further data protection information: 

Principles of data processing