Sonova Consumer Hearing GmbH - Privacy Notice For Websites
1. PRELIMINARY REMARK
This privacy notice applies to Sonova Consumer Hearing GmbH (hereinafter referred to as "Sonova"). Different privacy policies texts may apply on other third-party servers and websites. In this regard. Please note that there may also be marked third-party content on our websites for which Sonova is not responsible in terms of data protection and additional data protection information from the respective provider applies.
Sonova takes the protection of personal data very seriously. For this reason, we would like to inform the users of our website what data is stored and how this data is used. The data protection regulations oblige us to handle user data properly and appropriately. We will not use your data for purposes other than those stated.
Sonova is subject to the provisions of the European General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), the German Telemedia Act (TMG) and the German Telecommunications Telemedia Data Protection Act (TTDSG) and has taken appropriate technical and organizational measures to ensure that the regulations on data protection are observed.
2. DATA CONTROLLER
Sonova Consumer Hearing GmbH
Am Labor 1, DE-30900 Wedemark, Germany
Tel.: +49 (0) 5130 9490 000
Fax: +49 (0) 5130 600 1300
Further details can be found in the imprint.
3. DATA PROTECTION OFFICER
If you have any questions about data protection and this privacy policy, you can also contact Sonova's data protection officer:
Sonova AG
Laubisruetistrasse 2, CH-8712 Stäfa, Schweiz
E-mail: privacy@sonova.com
4. PRIVACY NOTICE - CONTACT, COMMENT FUNCTION, CHAT, E-MAILS
4.1 DESCRIPTION OF DATA PROCESSING
When using the contact form or contacting us via email, personal data is processed. The data entered is transmitted to Sonova. By using the comment function, the entries are displayed with the specified name on the website.
We also provide a chat function for the transmission of messages. We use the "ChatLingual" software for this, which is provided by the company ChatLingual, Inc., 1801 Wewatta Street, Floor 11, Denver, CO, USA 80202 (hereinafter referred to as "ChatLingual"). A corresponding data protection contract with ChatLingual is in place. Further information on data protection can be found in iAdvize's privacy policy at: https://www.chatlingual.com/privacy-statement/
The following categories of data may be processed:
- Product affiliation
- Master data (e.g. first name, surname)
- Address data (e.g. street, zip code)
- Contact details (e.g. telephone number, e-mail address)
- Message content
Personal data that you provide us with is transmitted to us in encrypted form via a secure connection. The security procedure used (SSL – Secure Sockets Layer) corresponds to the usual state of the art. We use encryption with a 256-bit key for this. SSL encryption (recognizable by https:// in the address line of the browser and a lock symbol in the status bar at the bottom of the browser) is a protocol for encrypting data during transmission from the web server to the browser. During transmission, personal data is encrypted between the user's computer and our SSL server using the SSL protocol.
4.2 LEGAL BASIS FOR DATA PROCESSING
The legal basis results from Art. 6 Para 1, lit. b): the processing of personal data describe above is necessary to perform your request as part of the performance of the contract to make a contact with us.
4.3 PURPOSE OF DATA PROCESSING
The personal data is processed exclusively for the purpose of processing and answering contacts.
4.4 DURATION OF DATA STORAGE
Your personal data will be deleted as soon as the purpose required for processing has been fulfilled. Different retention periods may arise due to legal requirements.
5. PRIVACY NOTICE - NEWSLETTER, MARKETING E-MAILS
5.1 DESCRIPTION OF DATA PROCESSING
We offer you the opportunity to register for our Newsletter to receive marketing material, information and reports on current topics and products from us. The following categories of data may be processed:
- Master data (e.g. first name, surname)
- Contact details (e.g. telephone number, e-mail address)
- Product interests
- Timestamp of the declaration in the double opt-in
Moreover, you have the option of giving your free consent to profiling, which will enable us to send you updates on services designed and tailored by us for you, based on your experience, interests or preferences.
5.2 LEGAL BASIS FOR DATA PROCESSING
The legal basis to receive marketing material results from the consent according to Art. 6 para.1 lit. a GDPR.
The legal basis for profiling results from the consent according to Art. 6 para.1 lit. a GDPR.
5.3 PURPOSE OF DATA PROCESSING
If you freely decide to give your consent, the personal data is processed for the purpose of sending the newsletter and to receive updates on services designed and tailored for you based on your experience, interests or preferences.
5.4 DURATION OF DATA STORAGE
Your personal data will be deleted as soon as the purpose required for processing has been achieved. Different retention periods may arise due to legal requirements. The data will be deleted as soon as you object to receiving the newsletter. You have the right to revoke your consent with future effect at any time.
6. PRIVACY NOTICE - WEB STORE
6.1 DESCRIPTION OF DATA PROCESSING
The processing of personal data is required to initiate and carry out the purchase or the purchase process. The following categories of data may be processed when you use our web shop:
- Product selection
- Master data (e.g. first name, surname)
- Address data (e.g. street, zip code)
- Contact details (e.g. telephone number, e-mail address)
As part of your order, you have the option of giving your free consent to receive marketing materials or newsletters about products or services. For more information, please refer to the statements in the "Newsletter" section.
Moreover, you have the option of giving your free consent to profiling, which will enable us to send you updates on services designed and tailored by us for you, based on your experience, interests or preferences.
6.2 LEGAL BASIS FOR DATA PROCESSING
The legal basis to carry out the purchase or the purchase process results from the fulfilment of a contract in accordance with Article 6 (1) (b) GDPR.
The legal basis to receive marketing material results from the consent according to Art. 6 para.1 lit. a GDPR.
The legal basis for profiling results from the consent according to Art. 6 para.1 lit. a GDPR.
6.3 PURPOSE OF DATA PROCESSING
The personal data are processed exclusively for the purposes of processing the order and then shipping the product.
In addition, if you freely decide to give your consent, the personal data is processed for the purpose of sending the newsletter and/or to receive updates on services designed and tailored for you based on your experience, interests or preferences.
You can also decide to set up a user account.
6.4 DURATION OF DATA RETENTION
Your personal data will be deleted as soon as the purpose required for processing has been achieved. If you would like to delete your user account, please let us know using the contact form so that we can delete it. Different retention periods may arise due to legal requirements. Your personal data relating to the order will be deleted after 10 years.
6.5 DISCLOSURE OF DATA TO THIRD PARTIES
Various payment service providers are available to process your order. As part of the payment process, we transmit the payment data for your order to the payment service provider you have commissioned. In some cases, data is also collected by the respective payment service providers themselves. You can find more information in the privacy policy of the respective payment service provider. For the delivery of the products, we transmit your address data to the respective shipping service provider. You can find more information in the privacy policy of the respective shipping service provider.
8. USE OF SPROUT SOCIAL TO MANAGE PERSONAL DATA
8.1 DESCRIPTION OF DATA PROCESSING
We use Sprout Social's social media management tool to manage and process your concerns that reach us publicly and/or via private messages via our social media channels (in particular Facebook, Instagram and LinkedIn). Sprout Social presents posts and messages relevant to us from all social media channels we use clearly and effectively for analysis and processing. At least your IP address is transmitted to Sprout Social. In addition, we process the data that you share with us via your social media accounts, in some cases according to your individual privacy settings, among other things
- Master data (e.g. first name, surname)
- contact details (e.g. telephone number, e-mail address)
- dates of birth
- social media name
- number of followers
- profile picture and other publicly available pictures and/or
- interests and other personal information.
Data processing takes place on Sprout Social servers in the USA. In this respect, we have concluded an order processing contract in accordance with Art. 28 GDPR with Sprout Social, who process your personal data on our behalf, whereby the data transfer to the USA as a third country is based on the current standard contractual clauses. In addition, Sprout Social provides the essential information on the type and scope of data processing at https://sproutsocial.com/privacy-policy/. This is fully referenced.
8.2 LEGAL BASIS FOR DATA PROCESSING
The legal basis results from our legitimate interest according to Art. 6 Para. 1 lit. f GDPR.
8.3 DURATION OF DATA RETENTION
Your personal data will be deleted as soon as the purpose required for processing has been achieved. Different retention periods may arise due to legal requirements.
8.4 JOINT CONTROLLERSHIP
We determine the means and purposes of this data processing using Sprout Social together with Sennheiser electronics GmbH & Co. KG. In this respect, we process your personal data together with Sennheiser electronics GmbH & Co. KG as joint controllers within the meaning of Art. 4 No. 7 Var. 2, 26 GDPR, whereby the personal data is processed by both persons responsible for the same purposes. We have concluded an agreement on joint responsibility with Sennheiser electronics GmbH & Co. KG. In particular, the agreement specifies in a transparent form which controller fulfils which obligation under the GDPR, regarding exercising the rights of the data subject, and who meets which information obligations under Art. 13 and 14 GDPR.
In detail: If a data subject contacts one of the parties to assert their rights as a data subject within the meaning of Art. 15 to 22 GDPR, this party undertakes to fulfil these rights in accordance with the requirements of the GDPR.
If a data subject contacts one of the parties with a request for information about the data processing, this party undertakes to provide the data subject with the information required under Articles 13 and 14 GDPR free of charge in a precise, transparent, understandable, and easy manner accessible form in plain language free of charge. The parties agree on the content of the information on the joint processing activities that will be made available to the data subjects.
The parties shall provide each other with the necessary information about their activities in accordance with the above regulations, which is necessary for the fulfilment of their data protection obligations, in a reasonable manner and without unreasonable delay. The parties undertake to use their best efforts to assist each other in fulfilling the rights and wishes of the data subject, regardless of the responsibility for the respective affected person.
If personal data is to be deleted, the parties shall inform each other in advance. The other contracting party can object to the deletion for a legitimate reason, e.g., if they are legally obliged to store the data.
The essential content of this agreement, regarding the purpose and scope of data processing, data categories, data subjects and the legal basis for data processing, is also derived from this section of the privacy policy. We would be happy to provide you with the full content of the agreement on joint responsibility upon request.
9. DATA PROCESSING OF PERSONAL DATA USING SOCIAL MEDIA PLATFORMS
9.1 DESCRIPTION OF DATA PROCESSING
a) Use of corporate websites
We maintain publicly accessible profiles on various social networks. As the operator of a company presence on the social media platforms, in the form of a social media fan page or a comparable design (“corporate presence”), we can only view the information stored in your public profile, and only if you have such a profile and are logged into it while you access our company website. In addition, we can see the information that you actively share with us via private messages and other direct communication channels. This includes, depending on your individual privacy settings, among others
- Master data (e.g. first name, surname)
- contact details (e.g. telephone number, e-mail address)
- dates of birth
- social media name
- number of followers
- profile picture and other publicly available pictures and/or
- interests and other personal information.
When you visit our profiles, your personal data is not only collected, used, and stored by us, but also by the operators of the respective social media platform. This also happens if you do not have a profile on the respective social media platform yourself. The individual data processing operations and their scope differ depending on the operator of the respective social media platform and are not necessarily comprehensible for us. How the social media platforms use the data from the visit for their own purposes, to what extent activities on the respective pages are assigned to individual users, how long the social media platforms store personal data and whether data from a visit third parties are not named conclusively and clearly by the social media platforms and are not known to us.
In addition, anonymous usage statistics are made available to us by the social media platforms, which we use to improve the user experience when visiting our company website. For details on the collection and storage of your personal data and the type, scope, and purpose of their use by the operator of the respective social media platform, please refer to the privacy policies of the respective operator. This is extensively referenced:
- YouTube
- TikTok
We would like to point out that you use the social media platforms and their functions at your own risk. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating).
b) Contact via social media
You can use our profiles on social media platforms to contact us (e.g. by creating your own posts, responding to one of our posts or by privately messaging us). The personal data you provide to us (see above) will be processed by us exclusively for the purpose of being able to contact you.
9.2 LEGAL BASIS FOR DATA PROCESSING
The legal basis in relation to our data processing results from our necessity to our legitimate interest according to Art. 6 Para. 1 lit. f GDPR (Use of corporate websites) or to perform your request as part of the performance of the contract to make a contact with us in accordance with Art. 6 (1) b) GDPR (contact via social media platforms)
9.3 DURATION OF DATA RETENTION
Your personal data will be deleted as soon as the purpose required for processing has been achieved. Different retention periods may arise due to legal requirements.
9.4 JOINT CONTROLLERSHIP
We determine the means and purposes of this data processing through our social media channels together with Sennheiser electronic GmbH & Co. KG. In this respect, we process your personal data together with Sennheiser electronic GmbH & Co. KG as joint controllers within the meaning of Art. 4 No. 7 Var. 2, 26 GDPR, whereby the personal data is processed by both persons responsible for the same purposes. No anonymous usage statistics are provided to Sennheiser electronic GmbH & Co. KG. We have concluded an agreement on joint responsibility with Sennheiser electronic GmbH & Co. KG. In particular, the agreement specifies in a transparent form which controller fulfils which obligation under the GDPR, in particular regarding exercising the rights of the data subject, and who meets which information obligations under Art. 13 and 14 GDPR.
In detail: If a data subject contacts one of the parties to assert their rights as a data subject within the meaning of Art. 15 to 22 GDPR, this party undertakes to fulfil these rights in accordance with the requirements of the GDPR.
If a data subject contacts one of the parties with a request for information about the data processing, this party undertakes to provide the data subject with the information required under Articles 13 and 14 GDPR free of charge in a precise, transparent, understandable, and easy manner accessible form in plain language free of charge. The parties agree on the content of the information on the joint processing activities that will be made available to the data subjects.
The parties will provide each other with the necessary information about their activities according to the above regulations, which are necessary for the fulfilment of their data protection obligations, in a reasonable manner and without unreasonable delay. The parties undertake to use their best efforts to assist each other in fulfilling the rights and wishes of the data subject, regardless of the responsibility for the respective data subject.
If personal data is to be deleted, the parties shall inform each other in advance. The other contracting party can object to the deletion for a legitimate reason, e.g., if they are legally obliged to store the data.
The essential content of this agreement, in particular regarding the purpose and scope of data processing, data categories, data subjects and the legal basis for data processing, is also derived from this section of the privacy policy. We would be happy to provide you with the full content of the agreement on joint responsibility upon request.
In addition, if we provide a company website, we process your personal data with the operator of the respective social media platform as joint controllers within the meaning of Art. 4 No. 7 Var. 2, 26 GDPR. We process your personal data within the scope set out above. We do not have access to the usage data that the respective social media platform collects to create these statistics. For this purpose, we have concluded an agreement on joint responsibility with the operators of the respective social media platform, the contents of which we will be happy to make comprehensively available to you on request.
10. SWEEPSTAKES
10.1 DESCRIPTION OF DATA PROCESSING
Your personal data will be processed for participation in competitions on our website. The following categories of data may be processed:
- Master data (e.g. first name, surname)
- Address data (e.g. street, zip code)
- Contact details (e.g. telephone number, e-mail address)
- Individual details of the respective competition
10.2 LEGAL BASIS FOR DATA PROCESSING
The legal basis results from your consent in accordance with Article 6 (1) (a) GDPR.
10.3 PURPOSE OF DATA PROCESSING
The personal data will be processed exclusively for the purposes of selecting the winners, establishing contact and communication and, if necessary, for sending prizes.
10.4 DURATION OF DATA RETENTION
Your personal data will be deleted as soon as the purpose required for processing has been achieved. Different retention periods may arise due to legal requirements. In principle, the deletion takes place after the end of the competition. Your personal data will probably be deleted no later than 10 years after the end of competitions.
11. RIGHTS OF DATA SUBJECTS AND RIGHT OF APPEAL TO A SUPERVISORY AUTHORITY
As the data subject, you have the following rights vis-à-vis Sonova as the controller:
- Right of Access – The right to know what data is being processed and how
- Right to rectification – The right to request that inaccurate and out-of-date personal data be amended
- Right to Erasure – The right to have personal data erased
- Right to Restriction of Processing – The right to restrict processing of data
- Right to data portability – The right to transfer personal data directly from one system to another (in machine-readable form)
- Right to object – The right to withdraw consent given or to object to the processing of personal data
- Right to complain – You can complain to the supervisory authority responsible for Sonova.
The contact details are:
The State Commissioner for Data Protection Lower Saxony
Prinzenstrasse 5, 30159 Hanover
Telephone + 49 (0) 511 120 4500
Email: poststelle@lfd.niedersachsen.de
12. CHANGES
Since Sonova's website may undergo changes, it may be necessary to update the privacy policy in individual cases. Sonova reserves the right to change this privacy policy at any time. The current version of the privacy policy and information can be accessed on the Sonova Consumer Hearing GmbH website at https://www.sennheiser-hearing.com/privacy.