The utmost care and transparency form the basis for trustworthy cooperation with our customers. We should therefore like to inform you on how we process your personal data and how you may assert the rights to which you are entitled under the General Data Protection Regulation. Which personal data we process and our purpose in doing so depend on the respective contractual relationship.
Data Processing Controller:
SUND GmbH + Co. KG
You can contact our Data Protection Officer at:
SUND GmbH + Co. KG
Data Protection Officer
Whenever you submit an enquiry, have requested an offer from or concluded a contract with us, we process your personal data. In addition, we also process your personal data in compliance with legal obligations, for the protection of a legitimate interest, or on the basis of the consent which you have granted.
Depending on the respectively applicable legal requirements, this involves the following categories of personal data:
first name, last name
communication data (telephone, email address)
contractual master data, in particular the contract number and duration, the period of notice and type of contract
invoicing data/sales data
credit-history data relating to your company
payment details/bank account information relating to your company
if required, user account information, particularly registrations and logins
in the case of events - if required - video recordings and photographic images
During the initial contract procedure, we also draw on data made available to us by third parties. Depending on the respective type of contract, this involves the following categories of personal data:
if required, information (via credit agencies) on the creditworthiness of your company
We process personal data which we have received from our customers, service providers and suppliers.
In addition, we obtain personal data from the following sources:
publicly accessible sources: commercial or association registers, records of debtors, land registers
other corporate group companies
Primarily, we process your personal data in strict compliance with the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and any further applicable laws.
1. On the basis of any consent you have given (Article 6 [a] GDPR)
If you have expressed your voluntary consent to our collecting, processing or transferring certain personal data, this consent constitutes the legal basis for the processing of such data.
In the following cases, we process your personal data on the basis of the consent you have granted:
the transmission of email newsletters
personalised newsletter tracking
market research (e.g. customer satisfaction surveys)
marketing and the creation of advertising from customer profiles
2. In fulfilment of a contract (Article  [b] GDPR)
We use your personal data for the implementation of a sales contract. Within the scope of this contractual relationship, we particularly use your data in performance of the following tasks:
The establishment of contract-related communication, contract management, ongoing customer support, service centre activities, the processing of warranty claims, receivables management, contract-termination management.
For further information on the purpose of such data processing, please consult the respective contract documents and our General Terms and Conditions of Business.
3. Compliance with legal obligations (Article 6 [c] GDPR)
As a company, we are subject to various legal obligations. Compliance with such obligations may necessitate the processing of personal data:
4. Assertion of a legitimate interest (Article 6 [f] GDPR)
In certain cases we process your data in assertion of our own legitimate interest or that of a third party.
Should we retain your email address when concluding a contract, we use it in order to inform you of similar products and services. The legal basis in this connection is provided by our legitimate interest in optimising our offers and promoting our operations.
Centralised customer-data management within our corporate group
Measures to ensure building and plant safety
Video surveillance to safeguard our domiciliary right
Consultory advice from and data exchange with credit agencies in determining default and/or credit risks
Safeguarding IT security and IT operations
For purposes relating to the fulfilment of our contractual and legal obligations, your personal data are disclosed both to various public or internal bodies, and to external service providers.
Member companies in the corporate group:
SUND is a subsidiary in the SUND Group, which provides a centralised customer-data management system accessible to staff at any of our affiliated companies with the purpose of presenting to you the full extent of our service offer from a single source. You can visit any of the member companies in the SUND Group under the following link (www.sund-group.com).
External service providers:
We work together with a variety of selected external service providers in compliance with our contractual and legal obligations:
IT service providers (e,g. maintenance and hosting providers)
service providers for document and data destruction
payment service providers
advisors and consultants
service providers for marketing or sales
providers of telephone support (call centre)
In addition, we may also be obliged to submit your personal data to further recipients such as public authorities and thus comply with statutory disclosure obligations.
Should you have any questions concerning the individual recipients, please contact us at: email@example.com
Countries outside the European Union (and the EEA European Economic Area) manage the protection of personal data on the basis of different procedures to those adopted in countries within the European Union. In order to process your data, we also deploy service providers located in third countries outside the European Union. No decision has yet been taken by the EU Commission requiring that an appropriate level of overall protection be provided by these third countries.
We have therefore adopted special measures for the purpose of ensuring that your data will be processed just as securely in such third countries as is the case within the European Union. In these third countries we conclude agreements with service providers which are in full compliance with the standard data privacy clauses drawn up by the EU Commission. These clauses include appropriate guarantees ensuring that secure protection is upheld by the third-country service provider.
Furthermore, our service providers in the USA are certified in accordance with the EU-US Privacy Shield Agreement.
Should you require greater insight into the existing guarantees, please contact us at firstname.lastname@example.org.
We store your personal data for as long as is necessary to comply with our statutory and contractual obligations.
Should storage of your data no longer be required for the fulfilment of contractual or legal obligations, such data will be deleted unless subsequent processing thereof is essential for the following purposes:
compliance with statutory retention periods under commercial and tax law. This particularly applies in the case of retention periods pursuant to the German Commercial Code (HGB) or German Fiscal Code (AO). Retention periods apply for up to ten years.
preservation of evidence in compliance with statutory limitation periods. Pursuant to limitation rules set out in in the German Civil Code (BGB), these limitation periods can, in certain cases, apply for up to 30 years; the regular limitation period applies for three years.
Any affected data subject has the right to obtain information pursuant to Article 15 GDPR, the right to rectification of data pursuant to Article 16 GDPR, the right to erasure of data pursuant to Article 17 GDPR, the right to restriction of processing pursuant to Article 18 GDPR, the right of objection pursuant to Article 21 GDPR and the right to data portability pursuant to Article 20 GDPR. As regards the right to obtain information and the right to erasure of data, the restrictions set forth in §§ 34 und 35 of the German Federal Data Protection Act (BDSG) shall apply.
1. Right of objection
You may object at any time to your data being used via electronic media for advertising purposes without incurring any other costs than those for transmission at the usual basic rates.
What is your right if data concerning you is processed on the basis of a legitimate or public interest?
Pursuant to Article 21(1) GDPR, you have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you which occurs pursuant to Article 6(1) (e) GDPR (data processing in the public interest) or Article 6(1) (f) GDPR (data processing for the protection of a legitimate interest); this also applies to any profiling conducted on the basis of this provision. Should you lodge an objection, we will discontinue the processing of your personal data unless we can demonstrate compelling legitimate grounds for such processing which override your rights, interests and freedoms, or such processing is conducted for the establishment, exercise or defence of legal claims.
What is your right if data processing is conducted for the purpose of direct marketing?
Insofar as we process your personal data for the purpose of direct marketing, you have the right, pursuant to Article 21(2) GDPR, to object at any time to personal data concerning you being processed for this purpose; this also applies to any profiling performed in connection with such direct marketing. Should you object to the processing of your personal data for the purpose of direct marketing, we will discontinue processing for this purpose.
2. Revocation of consent
You may at any time revoke your consent to the processing of personal data concerning you. Please note that your revocation will only apply for the future.
3. Right to obtain information
You may request information on whether we have stored any personal information concerning you. If desired, we will provide you with details on the data involved, the purposes for which these data are being processed, the parties to whom we disclose these data, how long these data will be stored, and on any additional rights relating to these data to which you are entitled.
4. Further rights
In addition, you have the right to rectification of incorrect data or erasure of your data. If no reason exists for continued storage, we will either erase your data or restrict processing thereof. You may also request that all personal data which you have entrusted to us be made available by us, either to you or to a person or company of your choice, in a structured, common and machine-readable format.
Furthermore, you may exercise the right of appealing to the competent data protection authority (Article 77 GDPR in connection with § 19 BDSG, the Federal Data Protection Act).
5. Assertion of your rights
You may assert your rights by applying to the controller or data protection officer via the contact data provided or our customer service: email@example.com / phone +49 40 5380960. We will promptly respond to your enquiry in accordance with legal requirements and inform you about the measures which we have taken.
In order to enter into a business relationship with us, you must provide such personal data as will be required for us to fulfil the contractual relationship, or those which we are obliged to collect in compliance with statutory requirements. Should you fail to provide these data, we will be unable to conduct and implement the contractual relationship.
Should any significant changes arise in the purpose of processing your personal data or the methods adopted in doing so, we will update this information in a timely manner and inform you promptly about these changes.
This current Data Privacy Statement was last updated in July 2021