General privacy informationPrinciples of data processing
You have followed a link to this page because you want to learn about how we handle (your) personal data. In order to comply with our disclosure obligations under Art. 12 ff of the General Data Protection Regulation (GDPR), we provide you in the following with our data privacy statement:
We assure you that our data processing systems are secured against access, manipulation or dissemination of your data by unauthorised persons and against loss and destruction by means of technical and organisational measures.
Who is responsible for data processing (controller)?
The data controller as defined by data protection law is
Sunnic Lighthouse GmbH
Zirkusweg 2
D-20359 Hamburg
T +49 40 756 64 49 - 444
F +49 40 756 64 49 - 699
info@sunnic.de
Further information about our company, authorised representatives and further contact details are available in our legal notice on our website: www.sunnic.de/impressum
What type of data do we process? And for what purpose?
If we have received data from you, we will as a rule process them only for the purposes for which we received or collected them.
Data processing for other purposes is only carried out if the necessary legal requirements under Art. 6 (4) GDPR are met. In this case, we will of course comply with any disclosure obligations under Art. 13 (3) GDPR and Art. 14 (4) GDPR.
When you contract us/we contract you, we collect the following information:
- Form of address, title, first name, surname, company name
- Mailing address
- E-mail address
- Phone number (land line and/or mobile, if requested)
- Possibly fax number (if available and requested)
We also collect all of the information that is necessary to fulfil our contract with you.
We collect personal data in order to
- identify you as a customer/supplier/service provider;
- fulfil our contractual obligations to you;
- fulfil our legal obligations:
- correspond with you;
- for billing or reminder purposes;
- to exercise possible claims against you.
What is the legal basis for this?
As a rule, the processing of personal data is based on Art. 6 GDPR, unless other specific legal regulations apply. This includes in particular the following possibilities:
- Consent (Art. 6 (1) a GDPR)
- Fulfilment of contracts (Art. 6 (1) b GDPR)
- Data processing based on weighing of interests (Art. 6 (1) f GDPR)
- Fulfilment of a legal obligation (Art. 6 (1) c GDPR)
If we are processing personal data based on your consent, you have the right to revoke that consent any time with effect to the future.
If we are processing data based on our overriding interests, you as the data subject have the right, taking into account the requirements of Art. 21 GDPR, to object to the processing of personal data,
If you would like to exercise your right to object, a message in text form is sufficient. You can send us a letter or fax or contact us by e-mail. You will find our contact data at the top of this privacy statement or in the legal notice on our website.
How long are data stored?
We process the data as long as this is necessary for the respective purpose.
Insofar as statutory retention obligations exist, the personal data in question will be stored for the duration of the retention obligation. After expiry of the retention obligation, it is checked whether there is a further necessity for processing. If there is no longer a need, the data will be deleted.
As a matter of principle, we carry out an examination of data towards the end of a calendar year with regard to the need for further processing. Due to the volume of data, this check is carried out with regard to specific types of data or purposes of processing.
Of course, you can request information about the data we have stored about you at any time (see below) and, if there is no need for further processing, you can request that the data be deleted or the processing restricted.
What recipients are the data shared with?
Apart from Sunnic Lighthouse GmbH as the controller, other recipients of your data may include, for example, affiliated companies, mail service providers, tax advisers, providers of software and service solutions, cloud providers, etc. Where required, we have established contract data processing agreements with these recipients in accordance with Art. 28 GDPR. We will be glad to inform you of who specifically receives your data.
Your personal data will only be passed on if
- you have given us your express consent in accordance with Art. 6 (1) sentence 1a) DSGVO,
- this is necessary in accordance with Art. 6 para. 1 sentence 1b) DSGVO for the processing or fulfillment of our obligations under a contract with you,
- we are obliged to do so pursuant to the provision of Art. 6 sentence 1c) DSGVO,
- the transfer is necessary for the assertion, exercise or defense of legal claims (Art. 6 para. 1 sentence 1f) DSGVO). The prerequisite is that there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data.
Where are the data processed?
As a rule, your data are processed in Germany and in other countries within the EU. If your personal data are processed in a country outside of the EU or recipients of your data are located in a country outside of the EU where the level of data protection does not match that of the EU, the following applies: We ensure that your data are only sent to such countries which the EU commission has deemed to have an adequate data protection level. In cases where the data protection level of the recipient country is not comparable to that of the EU, we satisfy the requirements developed by the EU and use so-called standard contract clauses. These are available upon request via one of the contact options listed above.
Automated decision-making, profiling
As a rule, we do not use any automated decision-making processes as defined in Art. 22 GDPR to establish and maintain business relationships.
Your rights as a “data subject”
You have the right to receive information about your personal data that we process. If you request the information in non-written form, please understand that we may require proof from you to document that you are the person you claim to be.
You also have the right to correction or deletion or the limitation of processing, provided you are entitled to this by law.
Furthermore, you have the right to object to the processing within the legal regulations. The same applies to your right to data portability.
Right of objection
Insofar as we process personal data in order to protect our legitimate interests, which prevail in the context of a balancing of interests, you may object to this processing with effect for the future:
- If the processing is carried out for direct marketing purposes, you can exercise this right at any time.
- If the processing is carried out for other purposes, you only have the right to object if there are grounds arising from your particular situation.
After you have exercised your right to object, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
This does not apply if the processing is for direct marketing purposes. Then we will not further process your personal data for this purpose.
Right of complaint
You have the right to complain about the processing of personal data by us to a data protection supervisory authority.
Our data protection representative
We have appointed an external data protection officer. This person can be reached at the above address of the data controller with the address addition "personal – confidential for the data protection officer" as well as at datenschutz@enerparc.com.
Hamburg, 01.11.2022