Data Protection

Data protection at Sinnack Backspezialitäten GmbH & Co. KG: 

Thank you for visiting our website. We hope you find the information about us and our products useful. The protection of your personal data is extremely important to us. This statement is therefore designed to inform you about the data and information we save and how we use these.

You can use our website without submitting any personal data. However, certain services provided by us via our website may require the processing of personal data. Where such processing is required but there is no statutory basis for it, we will always obtain your permission.

Personal data, such as name, address, email address and phone number, are always processed in accordance with the General Data Protection Regulation (GDPR) and any other data protection regulations that may apply.

The following data protection statement is designed to inform you of the type, scope and purpose of the personal data that we collect, use and process. It is also designed to inform the people affected (Data Subjects) of their rights.

As the body responsible for the processing of your personal data, we have implemented a range of technical and administrative measures to ensure that data processed via our website is as secure as possible. Nonetheless, the transfer of data over the Internet can never be completely secure and total protection cannot be guaranteed. You may therefore wish to provide your data via alternative means (e.g. by phone).

1. Definition of terms

This data protection statement is based on the terms used in the EU's GDPR  (see art. 4 GDPR) legislation. It is intended to be easy to read and understand. To read the GDPR, go to:
http://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32016R0679&from=DE

The aim of this statement is to inform you in clear and simple language about the processing of your personal data on our website. We therefore offer the following definitions of the terms used within this statement:

• "Personal data" is all information that relates to an identified or identifiable natural person (hereafter "Data Subject"). An identifiable person is any natural person who can be identified directly or indirectly, especially via an identifying sign such as a name or number or via location-based data or online identification or via any special characteristics expressing the physical, physiological, genetic, psychological, economic, cultural or social identity of the natural person concerned.
• "Data subject" is any identified or identifiable natural person whose personal data are processed by the party responsible for processing.
• "Processing" is any automated procedure or range of procedures carried out in relation to personal data, such as collection, organisation, allocation, saving, modification, amendment, output, retrieval, use or disclosure (this last via transfer, distribution or other form of provision) or comparison, linking, restriction, deletion or destruction.
• "Restriction of processing" is the marking of stored data with the intention of restricting its further processing.
• "Profiling" is any type of automated processing of personal data where the aim is to assess specific features of a natural person, especially with the aim of analysing or predicting attributes of the person such as performance at work, financial circumstances, health, personal preferences, interests, reliability, behaviour, place of residence or relocation.
• "Controller" is the natural or juridical person, authority, institution or other body that alone or jointly determines the purpose and means of the processing of personal data. Where the purpose and means of the processing are provided for by EU law or the law of a member state, the Controller (or the criteria for the appointment of the Controller) can be determined by such law.
• "Recipient" is any natural or juridical person, authority, institution or other body, regardless of whether or not a third party, to whom personal data are disclosed. Nonetheless, authorities in receipt of personal data as part of an investigation under EU law or the law of a member state are not Recipients. Such data are processed by such authorities in accordance with applicable data protection regulations and the purpose of the processing.
• "Third Party" is any natural or juridical person, authority, institution or other body, except Data Subjects, Controllers, contract processors and any persons authorised to process personal data either directly or indirectly on behalf of the Controller or contract processor.
• "Permission" of the Data Subject is any declaration of informed and clear consent freely given for a specific purpose in the form of a declaration or other unambiguous confirmation and via which the Data Subject allows it to be understood that they have consented to the processing of their personal data.

2. Name and contact details for Controller responsible for processing

This data protection statement applies to data processing carried out by:

Controller:
Sinnack Backspezialitäten GmbH & Co. KG, represented by its managing director Julius Peter Sinnack,
email info@sinnack.de, tel. +49 (0)2871 25050, fax +49 (0)2871 250 594

3. Contact details for data protection officer:
Bechtle Datenschutz Competence Center, Philipp Moehrle, Parkstrasse 2-8, 47829 Krefeld, Germany,
tel. 49 (0) 2151 455 836, email datenschutz(at)sinnack.de

4. Deletion and locking of personal data

We process and store personal data only for the period required for the purpose for which they were saved or where provided for by the applicable statutory regulations to which we as the Data Controller are subject. Where the purpose of storage no longer applies, or where a statutory deadline for storage should expire, the personal data will be locked or deleted as a matter of course and in accordance with statutory regulations.

5. Collection and storage of personal data and type and purpose of their use

a) When you visit our website

You can use our website without having to reveal your identity. When you access our website, the browser used on your device will automatically send information to our website's server. This information will be temporarily stored in a log file.

During this process, the following information is saved and retained until automatically deleted:

• IP address of requesting computer
• Date and time of access
• Name and URL of file accessed
• Website from which you have come (referrer URL)
• Browser used and where applicable the operating system of your computer and the name of your ISP

The data referred to will be processed by us for the following purpose:

• Ensuring trouble-free access to our website
• Ensuring ease of use of our website
• Evaluation of system security and stability
• Other administrative purposes

The legal basis for data processing is art. 6 para. 1 f) GDPR. Our legitimate interest derives from the aforementioned purposes of data collection. In no circumstances will we use the data collected to establish your personal identity.
Our website also uses cookies and analysis services. For more information, see nos. 9 and 11 of this statement.

b) When you use our contact form

If you wish to contact us with regard to our products or career opportunities or for press enquiries or any other matter, you can use the contact form available on our website. This requires you to provide a valid email address and your first name and surname so that we can see who has sent the enquiry and respond to it. Other details can be submitted voluntarily. It is entirely up to you whether you wish to submit your details in this way.
Data processed for the purposes of recording our contact with you is processed under art. 6 para. 1 a) GDPR on the basis of your freely given consent.
Personal data collected by us for the purpose of using the contact form will be automatically deleted once your enquiry has been resolved.

6. Further information on the legal basis of processing

For processing where consent must be obtained for a specific processing purpose, our legal justification is based on art. 6 I a) GDPR. Where the processing of personal data is required for the purposes of a contract to which you as Data Subject are party, the processing is based on art. 6 I b) GDPR. The same applies for processing required for the implementation of pre-contractual measures (e.g. when you enquire about our products and services).
Where we are under a legal obligation that requires personal data to be processed, processing is based on art. 6 I c) GDPR. In rare instances, personal data may need to be processed to protect the essential interests of the Data Subject or of another natural person. In such cases, processing is based on art. 6 I d) GDPR.
Other processing may be based on art. 6 I f) GDPR. This is the basis for any processing not covered by any of the aforementioned legal grounds and where processing is required in our legitimate interests or the legitimate interests of a third party and provided such interests are not outweighed by the interests and basic rights and freedoms of the Data Subject. Such processing is especially permitted on the basis that it is explicitly referred to by the European legislature (see Recital 47 sentence 2 GDPR).

7. Due regard to legitimate interests
Where the processing of personal data is based on art. 6 I f) GDPR, our legitimate interest is the pursuit of our commercial aims for the benefit of our staff and shareholders.

8. Sharing of data

Any sharing by us of your data with third parties will be done solely with the service partners involved in the performance of our contract with you (e.g. logistics companies used for deliveries). Where such sharing takes place, the amount of data will be limited to the minimum required.

Your data will not be shared with third parties other than for the aforementioned purposes.

We will share your personal data with third parties only where:

• You have expressly consented under art. 6 para. 1 a) GDPR.
• Sharing under art. 6 para. 1 f) GDPR is necessary for the assertion of or defence against claims of for the exercise of rights and there are no grounds for assuming that you have an overwhelming legitimate interest on your data not being shared.
• We are under a statutory obligation to share them under art. 6 para. 1 c) GDPR.
• Permitted under statute and under art. 6 para. 1 b) GDPR required for the purposes of the performance of our contract with you.

9. Use of cookies

Our website uses cookies. These are small files automatically created by your browser and saved on your device (laptop, tablet, smartphone etc.) when you visit our site. Cookies do not damage your device or contain any viruses, trojans or other malware.

Cookies contain information derived from the device you are using. This information cannot however be used to identify you directly.

The use of cookies enables us to optimise our online service. For this purpose we use what are known as session cookies, which enable us to recognise you when you visit our website again. These are automatically deleted when you leave our site.

For the same purpose of optimising our site and making it more user-friendly, we also use temporary cookies, which are saved for a set period on your device. If you re-visit our site to use our services, we will automatically recognise that you have visited the site previously, what information you provided and which settings you selected. This means you won't have to input the information and settings again.

We also use cookies to capture statistical information on the use of our site and to valorise the optimisation of our services for you (see no. 7). These cookies enable us to recognise you automatically when you revisit our site. These cookies are automatically deleted after a set period.
The data processed by cookies are required for the aforementioned purpose of promoting our legitimate interests and those of third parties as per art. 6 para. 1 f) GDPR.

Most browsers accept cookies automatically. However, you can adjust your browser's settings so that cookies are automatically rejected or you are notified before a new cookie is accepted. If you completely deactivate cookies, however, you may not be able to use all the functions of our website.

10. Links to third-party websites


Links published on our website are researched and compiled with all due care. Nonetheless, we have no influence on the current or future design or content of the sites to which we link. We are not responsible for the content of such sites and in no way claim the content of such sites as our own. Liability for illegal, inaccurate or incomplete content and for any loss arising from the use or non-use of the information is solely that of the provider of the website linked to. Any liability of the party that solely refers to the website concerned by means of a link is hereby excluded. Where third-party information is concerned, we accept liability only where we are aware of the information (and thus also aware of possibly illegal content) and it is technically possible and feasible for us to restrict its use.

11. Analysis and tracking tools


The tracking measures as described below are used by us on the basis of art. 6 para. 1 f) GDPR. They are designed to ensure the optimal delivery and ongoing improvement of our website. We also use the measures to statistically evaluate the use of our website and to valorise the optimisation of our services for you. These interests are legitimate in the sense intended by the aforementioned regulation.
The purpose of the data processing and the data categories can be inferred from the tracking tools used.

a) Google Analytics
To ensure the optimal delivery and ongoing improvement of our website, our website uses Google Analytics, a web analysis service provided by Google Inc. (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, US [hereafter "Google"]). Google Analytics involves the creation of anonymous usage profiles and the use of cookies (see 5 above). The information created by the cookies in relation to your use of this website – e.g.
• Browser type and version
• Operating system
• Referrer URL (the site from which you accessed our site)
• Host name of accessing computer (IP address)
• Time of server request
– is transferred to a Google server in the US and saved there. This information is used to evaluate usage of the website, to compile reports on website activity and to provide additional services connected with website and Internet use for the purposes of market research and the optimal display of our website.
This information may also be shared with third parties where provided for by statute or where the third party in question processes data on our behalf. Your IP address will never be combined with other data held by Google. The IP addresses are anonymised so that they cannot be used to identify you (IP masking).

You can prevent cookies being placed on your computer by adjusting your browser settings, although if you do so you may not be able to make full use all the functions of our website.
You can also prevent the capture, and the processing by Google, of the data produced by cookies and based on your use of this website (including your IP address) by downloading and installing the plug-in available at (https://tools.google.com/dlpage/gaoptout?hl=de)

As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent capture of data by Google Analytics by clicking on the aforementioned link. This will cause an opt-out cookie to be set that prevents the future capture of your data when you visit our website. The opt-out cookie will apply only for this browser and only for our website and will be saved on your device. If you delete the cookies in this browser, you will have to re-set the opt-out cookie.

Further information on data protection in connection with Google Analytics can be found on the Google Analytics support pages at
https://support.google.com/analytics/answer/6004245?hl=de

12. Use of plug-ins


a) Use of Google Fonts


For the consistent display of typefaces, this website uses web fonts provided by Google. When you access our site, your browser loads the fonts required in your browser cache in order to ensure that text and typefaces are displayed correctly.

For this purpose your browser has to connect to Google servers. This informs Google that our website has been accessed via your IP address. Google Fonts are used in the interests of ensuring the consistent and appealing display of our site. This constitutes a legitimate interest in the sense intended by art. 6 para. 1 f) GDPR.
 
If your browser does not support the use of web fonts, your computer will use a standard typeface.
 
Further information on Google Fonts can be found at https://developers.google.com/fonts/faq and in Google's data protection statement at https://www.google.com/policies/privacy/

b) Use of Adobe Typekit


For the consistent display of typefaces, our websites uses web fonts provided by Adobe Systems Inc., 345 Park Avenue, San Jose, California 95110-2704, US ("Adobe"). When you access our site, your browser loads the fonts required into your browser cache to ensure that text and typefaces are displayed correctly.
For this purpose your browser has to connect to Adobe servers. This informs Adobe that our website has been accessed via your IP address. Adobe Typekit is used in the interests of ensuring the consistent and appealing display of our site. This constitutes a legitimate interest in the sense intended by art. 6 para. 1 f) GDPR. If your browser does not support the use of web fonts, your computer will use a standard typeface. Further information on Adobe Typekit can be found in Adobe's data protection declaration at https://www.adobe.com/privacy/policies/typekit.html

13. Rights of Data Subjects


You have the right:

• under art. 15 GDPR to be informed which of your personal data are processed by us. You especially have the right to be informed of the purpose of processing, the categories of personal data processed, the categories of Recipients to whom your data are or have been revealed, the intended duration of storage, the existence of your rights to correction or deletion of your data as well as the existence of your rights to the objection or restricting of their processing and the existence of your right to complain, the origin of your data where they have not been collected by us and the existence of any automated decision-making processes, including profiling, and meaningful details of such processes;

• under art. 16 GDPR to the immediate correction (where inaccurate) or completion of the personal data we hold about you;

• under art. 17 GDPR to the deletion of the personal data we hold about you, unless the processing is required for freedom of expression and opinion, for compliance with a legal obligation, on grounds of public interest or for the assertion of or defence against claims or the exercise of rights;

• under art. 18 GDPR to the restriction of the processing of your personal data where its accuracy is contested by you or the processing is unlawful but you decline to have the data deleted and we no longer require them but you do require them for the assertion of or defence against claims or the exercise of rights or you have objected to the processing under art. 21 GDPR;

• under art. 18 GDPR to receive the personal data you have provided in a structured, current and machine-readable format or to have them transferred to another Controller;

• under art. 7 para. 3 GDPR to revoke any consent you have provided to us. This will mean that any data processing carried out on the basis of your consent will cease; and

• under art. 77 GDPR to complain to a supervisory authority, usually the one responsible for your habitual place of residence or work or for our head office.

14. Right to object

Where your personal data are processed on the basis of legitimate interests under art. 6 para. 1 f) GDPR, you have the right under art. 21 GDPR to object to such processing insofar as your objection is based on grounds relating to your specific circumstances or your objection is based on direct advertising, in which latter case you have a general right to object that will be enforced by us without your having to state specific circumstances.
Should you wish to make use of your right to revoke your consent or to object, please email info@sinnack.de

15. Data security

Our website uses the widespread SSL process (secure socket layer) in conjunction with the highest level of encryption supported by your browser. This is usually 256-bit encryption, but if your browser does not support such encryption we will use 128-bit v3 technology instead. The encrypted status of our website pages is indicated by the closed padlock symbol in the bottom status bar of your browser.
We also use appropriate technical and administrative security measures to protect your data from accidental or intentional manipulations, partial or total loss, destruction and unauthorised third-party access. Our security measures are being continually updated in line with technological developments.

16. Updating and amendment of this data protection statement

This data protection statement is currently valid and was last amended in May 2018.
In light of the development of our website and the services we offer or amended legislative or authoritative regulations, it may be necessary to amend this data protection statement. The latest statement can be read and printed out at any time on our website at
https://www.sinnack.de/en/data-protection.htm