Definition of terms
Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. IP address or cookies) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means. This basically includes any handling of personal data such as collection, storage, modification, use, transmission, dissemination, erasure or destruction, etc.
The controller is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. The controller must ensure the permissibility of the data processing through the use of technical and organizational measures that must be reviewed regularly.
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separate and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
A processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
A recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigation mandate under Union or Member State law shall not be considered as recipients.
Third party means a natural or legal person, public authority, agency or other body, other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.
Consent is an expression of self-determination under data protection law. Consent is a voluntary, informed and unambiguous expression of intent in the form of a declaration or other unambiguous affirmative action by which the data subject indicates that he or she consents to the processing of personal data relating to him or her. Consent given may be revoked at any time.
General information on data processing
Scope of the processing of personal data
In principle, we process your personal data only to the extent necessary to provide our online offers, content and services. The collection and use of your personal data is regularly only carried out after consent or if the processing of the data is permitted by legal regulations.
Legal basis for the processing of personal data
In data protection, the so-called prohibition with reservation of permission applies. Accordingly, the processing of personal data is generally unlawful unless the data subject has given his or her consent or the processing is legitimized by a legally regulated reason for permission. We are obliged to inform you about the legal basis for data processing.
If we obtain your consent for the processing of personal data, Art. 6 (1) lit. a GDPR serves as the legal basis.
If processing operations are necessary for the performance of a contract concluded between you and us or for the implementation of pre-contractual measures, Art. 6 (1) lit. b GDPR serves as the legal basis.
If the processing of personal data is necessary for the fulfillment of a legal obligation to which we are subject, such as legal retention and storage obligations, Art. 6 (1) lit. c GDPR serves as the legal basis.
If the processing is necessary to protect our legitimate interests or the legitimate interests of a third party and your interests, fundamental rights and freedoms do not override the former interest, the processing of personal data is legitimized by Art. 6 (1) lit. f GDPR.
If cookies or cookie-like technologies are used in the context of data processing, the storage of information in the end user's terminal equipment or the access to information already stored in the end user's terminal equipment is carried out in accordance with Section 25 (1) TTDPA in conjunction with Art. 6 (1) a GDPR and further data processing in accordance with Art. 6 (1) GDPR.
Disclosure of personal data to third parties and processors
In principle, we do not disclose any personal data to third parties without your express consent. If, in the course of processing, we nevertheless disclose your data to third parties, transmit it to them or otherwise grant them access to the data, this is also done exclusively on the basis of one of the aforementioned legal grounds. We transmit data to payment service providers, for example, if this is necessary for the performance of the contract. If we are obliged to do so by law or by court order, we must transfer your data to bodies entitled to receive information.
In some cases, we use carefully selected external service providers to process your data. If data is passed on to service providers as part of a so-called order processing, this is done on the basis of Art. 28 GDPR. Our processors are carefully selected, are bound by our instructions and are regularly monitored by us. We only commission processors who offer sufficient guarantees that appropriate technical and organizational measures are taken in such a way that the processing is carried out in accordance with the requirements of GDPR and FDPA-new and ensures the protection of your rights.
Data transfer to third countries
The GDPR ensures an equally high level of data protection within the European Union. When selecting our service providers and cooperation partners, we therefore rely on European partners wherever possible when your personal data is to be processed. Only in exceptional cases will we have data processed outside the European Union or the European Economic Area in the context of using third-party services.
We will only permit processing of your data in a third country if the special requirements of Art. 44 et seq. GDPR are fulfilled. As a rule, we will request your consent in accordance with Art. 49 GDPR. Alternatively, the processing of your data may be based on special safeguards, such as the EU Commission's officially recognized determination of a level of data protection corresponding to the EU or the observance of officially recognized special contractual obligations, the so-called "standard contractual clauses".
Deletion of data and storage period
As soon as the purpose for storage ceases to apply, we will delete or block your personal data. Beyond this, however, storage may take place if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which we are subject. This applies, for example, to data that must be retained for reasons of commercial or tax law, such as billing data for subscriptions. Your data will be blocked or deleted when a storage period prescribed by these regulations expires, unless there is a need to continue storing the data for the conclusion or fulfillment of a contract.
Existence of automated decision-making
We do not use automatic decision-making or profiling.
§ 1 Information about the collection of personal data
(1) In the following, we have provided information about the collection of personal data when users use our website. Personal data means any data relating to you personally, e.g. your name, address, e-mail addresses, user behavior.
(2) The controller within the meaning of Article 4 (7) of the EU General Data Protection Regulation (GDPR) is SONOTRONIC GmbH, Becker-Göring-Strasse 17-25, 76307 Karlsbad, email@example.com (see our Imprint). Our data protection officer can be contacted at firstname.lastname@example.org or at our postal address using the addition “The data protection officer”.
(3) When you contact us by e-mail or using a contact form, the data you provide us with (your e-mail address and, if applicable, your name and your telephone number) are stored by us so that we can respond to your questions. We erase the data obtained in this connection once there is no longer any need for it to be stored, or we restrict the processing of the data if there is a need to keep such data for compliance with statutory retention periods.
(4) If we use the services of service providers contracted by us for individual functions of our service or wish to use your data for promotional purposes, we shall provide you with detailed information about the individual processes involved as set out below. In this connection, we will also provide you with details about the criteria specified for the duration of storage.
§ 2 Your rights
(1) You have the following rights with respect to us regarding personal data concerning you:
- Right to information
- Right to rectification or erasure
- Right to restriction of processing
- Right to object to processing
- Right to data portability.
(2) You also have the right to lodge a complaint with a data protection supervisory authority about the processing of your personal data by us.
§ 3 Collection of personal data when you visit our website
(1) When you use our website for information purposes only, in other words if you do not register or submit information to us by any other means, we only collect the personal data that your browser transmits to our server. When you want to view our website, we collect the following data which we require for technical reasons to be able to display our website to you and to ensure its stability and security (the legal basis is provided by point (f) of Article 6 (1) 1 of the GDPR):
- IP address
- Date and time of the request
- Time zone difference from Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Amount of data transferred in each case
- Website from which the request comes
- Operating system and its interface
- Language and version of the browser software.
(2) In addition to the aforementioned data, cookies are saved on your computer when you use our website. Cookies are small text files that are saved on your hard drive by your browser and note specific information (set by us) that is then sent to us. Cookies cannot run programs or transfer viruses to your computer. They are used to make our website more effective and user-friendly as a whole.
a) This website uses the following types of cookies, the scope and function of which is described below:
- Transient cookies (see b)
- Persistent cookies (see c).
b) Transient cookies are automatically deleted when you close your browser. This includes session cookies in particular. They save a so-called session ID, which allows various requests your browser makes to be allocated to a common session. Your computer can be identified in this way when you return to our website. Session cookies are deleted as soon as you log out or close the browser.
c) Persistent cookies are automatically deleted after a set period of time, which can vary depending on the type of cookie. You can delete cookies at any time in your browser’s security settings.
d) You can set up your browser according to your individual wishes and block third party cookies or all cookies completely, for example. However, we would like to make you aware of the fact that you may not be able to use all the functions on this website if you do so.
f) The flash cookies used are not logged by your browser but by your flash plugin instead. We also use HTML5 storage objects that are placed on your terminal. These objects save the required data independently of the browser you use, and they have an automatic expiry date. If you do not want to allow flash cookie processing, you need to install a suitable add-on, e.g. “Better Privacy” for Mozilla Firefox (https://addons.mozilla.org/de/firefox/addon/betterprivacy/) or the Adobe Flash Killer Cookie for Google Chrome. You can refuse the use of HTML5 storage objects by setting your browser to private mode. In addition, we also recommend that you regularly delete or clear your cookies and your browsing history manually.
g) CMS System Data
These are technically necessary or essential cookies with which the desired language is stored for visitors.
The language is stored in the browser at runtime. When the browser window is closed, this data expires.
Purpose of data collection: To communicate the language used. In addition, it is stored via which partner (if this has occurred) a link was made.
h) Cookie Consent ManagerCCM19
Collection of key figures for web analysis, data is completely anonymized. No traceable data is stored, the IP addresses are shortened by 3 characters at the back and are thus sufficiently anonymized. In addition, data about erroneous URLS can be transmitted and stored, unfortunately the system has no influence on these details. The following data is collected: Visitor numbers, dwell times, bounce rates, page views, etc.
Purpose of data collection: This website uses the open source web analytics service Matomo. Matomo uses technologies that enable cross-page recognition of the user to analyze user behavior (e.g. cookies or device fingerprinting). The information collected by Matomo about the use of this website is stored on our server. The IP address is anonymized before storage.
§ 4 Web analytics
This website uses the open source web analytics service Matomo. Matomo uses technologies that enable cross-page recognition of the user to analyze user behavior (e.g. cookies or device fingerprinting). The information collected by Matomo about the use of this website is stored on our server. The IP address is anonymized before storage.
With the help of Matomo, we are able to collect and analyze data about the use of our website by website visitors. This allows us to find out, among other things, when which page views were made and from which region you come. We also collect various log files (e.g. IP address, referrer, browsers and operating systems used) and can measure whether our website visitors perform certain actions (e.g. clicks, etc.).
The use of this analysis tool is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the anonymized analysis of user behavior in order to optimize both its website and its advertising. If a corresponding consent has been requested (e.g. consent to store cookies), the processing is based exclusively on Art. 6 (1) lit. a GDPR; the consent can be revoked at any time.
We host Matomo exclusively on our own servers, so that all analysis data remains with us and is not passed on.
§ 5 Newsletter
If you would like to receive the newsletter, we need your email address and additional information that will allow us to verify that you are the owner of the email address provided and that you agree to receive the newsletter.
We use a double opt-in procedure, so your contacts receive only the emails they've agreed to get. In order for a potential subscriber to sign up for a newsletter, they have to complete all the steps of this process. This process is complete (and legally watertight!) once a user has clicked on the confirmation link in the double opt-in email. Their email address will be activated in your contact list only once they've confirmed their subscription.
We use this data exclusively for sending information and offers you have requested.
Newsletter2Go is the email marketing software used. This means your information is transmitted to Newsletter2Go GmbH. Newsletter2Go is prohibited from selling your data and from using it for purposes other than sending email. Newsletter2Go is a certified German email marketing software provider, working in accordance with the European directive 95/46, as well as the German Federal Data Protection Act (BDSG).
When you give a company permission to store your personal information and email address and to send you marketing emails, you can revoke this consent at any time via the unsubscribe link in every mailing.
Data protection measures are always subject to technical innovations. For this reason, we ask you to inform yourself about our data protection measures at regular intervals by consulting our data protection policy.
§ 6 Plugins and Tools
(1) Consent-Management-Tool CCM19
We use the consent management tool CCM19 on our website. The tool enables you to grant consent to data processing via the website, in particular the setting of cookies, and to exercise your right of revocation for consent already granted.
Data processing serves the purpose of obtaining and documenting required consents to data processing and thus complying with legal obligations.
Cookies may be used for this purpose. Among other things, the following information is collected and transmitted to CCM19: Date and time of the page view, a random ID, Consent Status. Papoo Software & Media does not process the data itself, the data is stored as a log file. Access to the log files of our customers is only by prior arrangement and consent of the customer. This data is not passed on to other third parties. The data processing is carried out for the fulfillment of a legal obligation on the basis of Art. 6 para. 1 lit. c GDPR.
On our website we also use videos from the company Vimeo. The video portal is operated by Vimeo LLC, 555 West 18th Street, New York, New York 10011, USA. With the help of a plugin, we can show you interesting video material directly on our website. In the process, certain data may be transferred from you to Vimeo.
When you call up a page on our website that has a Vimeo video embedded, your browser connects to the Vimeo servers. This results in a data transmission. Regardless of whether you have a Vimeo account, this data is collected, stored and processed on the Vimeo servers. This includes your IP address, technical info about your browser type, operating system or very basic device information. Furthermore, Vimeo stores information about which website you use the Vimeo service and which actions (web activities) you perform on our website. These web activities include, for example, session duration, bounce rate or which button you clicked on our website with integrated Vimeo function.
If you are logged in to Vimeo as a registered member, more data can usually be collected, as more cookies may have already been set in your browser. In addition, your activities on our website are directly linked to your Vimeo account. To prevent this, you must log out of Vimeo while "surfing" our website.
You can find more information here: https://vimeo.com/privacy?tid=331626946787
We use the YouTube.com platform to post our own videos and make them publicly available. YouTube is the service of a third party not affiliated with us, namely YouTube LLC.
Some Internet pages of our offer contain links or connections to the YouTube offer. In general, we are not responsible for the content of linked websites. In the event that you follow a link to YouTube, however, we would like to point out that YouTube stores the data of its users (e.g. personal information, IP address) in accordance with its own data usage guidelines and uses it for business purposes.
We also directly embed videos stored on YouTube on some of our web pages. With this integration, content from the YouTube website is displayed in parts of a browser window. However, the YouTube videos are only called up by clicking on them separately. This technique is also called "framing". If you call up a (sub-)page of our website on which YouTube videos are embedded in this form, a connection is established to the YouTube servers and the content is displayed on the website by informing your browser.
The integration of YouTube content only takes place in "extended data protection mode". YouTube itself provides this mode and thus ensures that YouTube does not initially save any cookies on your device. However, when you call up the relevant pages, the IP address and the other data mentioned in section 4 are transmitted and thus, in particular, you are informed which of our Internet pages you have visited. However, this information cannot be assigned to you unless you have logged in to YouTube or another Google service before accessing the page or are permanently logged in.
As soon as you start the playback of an embedded video by clicking on it, YouTube only saves cookies on your device through the extended data protection mode, which do not contain any personally identifiable data, unless you are currently logged in to a Google service. These cookies can be prevented by appropriate browser settings and extensions.
(4) Google Maps
On our website, we use Google Maps (API) from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). Google Maps is a web service for displaying interactive (land) maps to visually display geographical information. By using this service, our location is shown to you and a possible approach is facilitated.
Already when calling up those sub-pages in which the map of Google Maps is integrated, information about your use of our website (such as your IP address) is transmitted to Google servers and stored there, this may also result in a transmission to the servers of Google LLC. in the USA. This occurs regardless of whether Google provides a user account through which you are logged in or whether a user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at Google, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them. The collection, storage and evaluation are carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of Google's legitimate interest in the display of personalized advertising, market research and / or the design of Google websites to meet the needs. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.
(5) Use of social media plugins
We currently use the following social media plugins:
The plugins and the associated social media are offers from third parties not affiliated with us.
When you use our website, no personal data is therefore initially passed on to the providers of the plugins. You can recognize the provider of the plugin by the design of the respective button and by the text on a mouse-over. Only if you click on one of the buttons, personal data will be transmitted: By activating a button, data is automatically transmitted to the respective plugin provider and stored there (in the case of US providers, in the USA). We have no influence on the collected data and data processing operations, nor are we aware of the full extent of the data collection, the purposes and the storage periods. The plugin providers collect data in particular via cookies.
When you activate a button, the plugin provider receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned under §3 of this declaration is transmitted. This occurs regardless of whether you have an account with this plugin provider and are logged in there. If you are logged in to the plugin provider, this data is directly assigned to your account. If you click the activated button and, for example, link to the page, the plugin provider also saves this information in your user account and shares this publicly with your contacts. If you do not want the assignment with your profile at the plugin provider, you must log out before activating the button.
For more information on the purpose and scope of data collection and processing by the plugin provider, please refer to the data protection declarations of these providers provided below. There you will also receive information about your rights in this regard and setting options for protecting your privacy.
Link to the privacy notices of the respective third-party providers: