Privacy Policy

Sunday GmbH, An der Alster 42, 20099 Hamburg (you will find exact contact details in the legal notice at https://sunday.gg/imprint/) is the "controller" in accordance with the applicable data protection law, in particular the EU General Data Protection Regulation (GDPR), for the processing of personal data in these webpages.

Personal data is information that may be used to find out personal or factual characteristics about you (e.g. name, address, telephone number, date of birth or email address). Information with which we cannot create a link (or can only do so with disproportionate effort) to you personally, e.g. via anonymisation of information, is not personal data.

You can visit our webpages without informing us about who you are and without stating to us any corresponding personal data (e.g. names, address, telephone number or email address), unless you provide them to us voluntarily or the corresponding legal provisions on the protection of your data allow this.

We will collect, process and use the personal data provided by you online only for the purposes stated to you.

Some data that we may collect about you is necessary in order for us to:
- provide you with the services you desire;
- perform our contracts with you;
- comply with legal provisions (e.g. billing).

If we directly collect data from you, we may ask for your permission and clearly label mandatory information (e.g. with a star [*]). Any other details without a star will be provided by you voluntarily.

The legal basis for the processing of your data may be the following:

- your consent to data use in accordance with Art. 6(1)(a) GDPR;
- the fulfilment of our service obligations resulting from the contracts concluded with you, in order to provide you with the desired services, in accordance with Art. 6(1)(b) GDPR;
- our legitimate interest in accordance with Art. 6(1)(f) GDPR, e.g. (our commercial interests in the improvement of our services, so that we can better understand your needs and expectations and therefore improve our services for you; for the prevention of fraud and to guarantee that the use of our webpages takes place completely and without fraudulent conduct; in order to guarantee the security of our services and ensure that our offering is technically safe and works properly; to secure and implement our contractual entitlements and claims)
- Legal bases in accordance with Art. 6(1)(c) GDPR, if the collection, storage, transfer or other processing of the data is legally prescribed or necessary for the processing, in order to fulfil our statutory obligations.

We will neither sell nor market your personal data to third parties, nor will we pass it on for other reasons, if this is not listed within this Data Privacy Statement. The passing on of your personal data without your explicit prior permission will only take place in the following cases, in addition to the other cases named in this Data Privacy Statement:

- If necessary for the resolution of unlawful use or misuse of our webpages or for prosecution, personal data will be passed on to the criminal prosecution authorities and, if necessary, to third parties who have been harmed. However, this will only take place if there are specific indications of unlawful conduct or misuse. We are also legally obliged to provide information to certain public bodies upon request. These are criminal prosecution authorities, authorities that pursue administrative offences punishable by a financial penalty, and the financial authorities.

- Forwarding to third parties bound to professional secrecy can only take place if this is necessary for the implementation of the contractual terms and conditions or other agreements, and our claims from contracts that you have concluded with us.

- For the provision of our service, we are occasionally reliant on contractually bound third party companies and external service providers, e.g. for the hosting. In such cases, information will be passed on to these companies or individual people in order to enable further processing. These external service providers are carefully selected by us and checked regularly, to ensure that your privacy remains protected, and they may only process the data for the purposes specified by us. They are also contractually obliged by us to only handle your data exclusively in accordance with this Data Privacy Statement and the German data privacy laws.

- As part of the further development of our business, the structure of our company may change, in that the legal form is changed, or subsidiary companies, business units or components are founded, purchased or sold. In the event of such transactions, the customer information will be passed on, together with the part of the company to be transferred, with your consent. During any transfer of personal data to third parties to the specified extent, we will ensure that the further use takes place in accordance with this Data Privacy Statement and the relevant data protection laws, and we will ask for your permission.

We do not create personal user profiles. In connection with the displaying of information requested by you, data is only stored on our servers in anonymised form, for the provision of our various services or for analysis purposes. General information is hereby logged, e.g. which content of our offering is accessed and when, and what pages are visited the most frequently. For these purposes, we use so-called "cookies" (small text files with configuration information). The cookies used serve in particular to determine the frequency of use and the number of users of our websites. This enables us to find out which parts of our websites and which other websites our visitors have visited.

However, these use data cannot be traced back to the users. None of this anonymously compiled use data will be matched with your personal data, and it will be promptly erased after the end of the statistical analysis.

Moreover, our webpages do not store cookies that do not have only technically necessary functions and do not only enable the proper functioning of our webpages if you have not accepted them beforehand. For this purpose, you must agree before the storage of cookies by selecting the types of cookies you desire or accept and clicking on "Akzeptieren" (accept) on the banner that contains the notice on the storage of cookies. Further detailed information about the types of cookies we use and how to configure the use of individual types of cookies, and agree and object to their use, can be found in our cookie settings.

The legal bases for this data processing are

- Section 25(2) No. 2 TDDDG (for the storage of information or access to information already stored in the device, as this is strictly necessary to provide the service explicitly requested by you) and Art. 6(1)(f) GDPR (for the subsequent processing of data to protect the legitimate interests of us)
- Section 25(1) TDDDG (for the storage of information or access to information in the device based on your consent) and Art. 6(1)(a) GDPR (which permits the subsequent processing of your personal data based on that same consent).

Most browsers are configured so that they automatically accept cookies. However, you can deactivate the storage of cookies or set your browser so that it notifies you before cookies are stored. Users who do not accept cookies may not be able to access certain parts of our website.

To manage your consents and fulfill our legal obligations regarding data privacy, we use the "Borlabs Cookie" consent management tool. When you interact with our cookie banner, a technically necessary cookie named borlabs-cookie is stored in your browser.

The storage of this information on your device is based on § 25 (2) No. 2 TDDDG, as it is strictly necessary to provide the service expressly requested by the user (managing and storing your privacy preferences). The subsequent processing of this data is based on Art. 6 (1) (f) GDPR. Our legitimate interest lies in the user-friendly management of cookie settings and the ability to provide proof of consent as required by the GDPR.

The borlabs-cookie does not collect or transmit any personal data to the provider of the tool. It is stored locally in your browser until it expires or is manually deleted by you.

If you have agreed to the use of corresponding cookies, our website may use Google Analytics, a website analysis service of Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA ("Google"). Google Analytics uses so-called "cookies", which are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website will generally be sent to a Google server in the USA, where it will be stored.

We would also like to point out that Google Analytics has been expanded with the code "gat._anonymizeIp();" within our website in order to guarantee the anonymised logging of IP addresses (so-called IP masking). Before the transmission, your IP address will therefore be shortened by Google within member states of the European Union or in other signatory states of the Agreement on the European Economic Area. Only in exceptional circumstances will the full IP address be sent to a Google server in the USA, where it will be stored. The IP address sent from your browser as part of Google Analytics will not be matched with other data by Google.

Google will use this information on our behalf in order to analyse your use of our website, compile reports on the website activities, and provide the website operator with services associated with the website use and internet use. Google may also pass on this information to third parties, if this is legally required or if third parties process this data on behalf of Google.

The storage of information in your terminal equipment or the access to information already stored in the terminal equipment by Google Analytics and Google Ads is based on your explicit consent in accordance with Section 25(1) TDDDG. The subsequent processing of your personal data by these services is carried out on the basis of your consent pursuant to Art. 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future by adjusting your preferences in our Cookie Consent Settings.

Alternatively, you can prevent the collection of data generated by the cookie by using the following methods:

• Browser Plugin: You can download and install the browser add-on available at: https://tools.google.com/dlpage/gaoptout?hl=en.
• Browser Settings: You can configure your browser to reject cookies. However, please note that this may limit the functionality of this website.

Further information about this can be found at http://tools.google.com/dlpage/gaoptout?hl=de or http://www.google.com/intl/de/analytics/learn/privacy.html (general information about Google Analytics and data privacy).

Your visit to our websites will be automatically logged by our web servers.

In connection with the information requested by you from our websites, data is hereby logged for the provision of our various services or for analysis and security purposes, and may be stored in anonymous form (non-personalised). The web server used by us automatically stores data about the displaying of our webpages in so-called server log files. This data is as follows:

- IP address
- Referrer URL (the site from which you visit us)
- Time of server request
- Host name of the accessing end device (the name of your internet service provider)
- Browser type and browser version
- Operating system used and its settings

The processing of the above-named data hereby takes place for security purposes, for general fraud prevention and as a precaution against attacks on our websites. An automated amalgamation of this data with data from other data sources does not take place.

If your IP address is automatically logged, it will be automatically deleted after 30 days at the latest.

Otherwise, only general information is logged, e.g. when which content of our offering is accessed and what pages are visited the most frequently, the names of the requested files and their dates and times of access. This data is used to improve our services and does not enable matches to be made with you personally.

We will not use this information for any other purposes.

The legal basis for the data processing is Art. 6(1)(f) GDPR, which allows the processing of data to protect legitimate interests of the data controller.

We only store personal data that you send to us for as long as we require it, in order to fulfil the purposes for which this data has been sent, or as long as this is stipulated by law:

- If you conclude contracts with us, we will store and process your personal data for the duration the contract and beyond for the fulfilment of your post-contractual obligations and matters, and for the duration of the statutory retention periods (maximum 10 years).

- If you have agreed to the use of your email address for marketing purposes, we will store your email address within our mailing database until you de-register or request that we erase the data.

- If you send us a query, we will process your personal data for the duration of the processing of your query.

When we no longer require your personal data, we will erase it from our systems and records, or anonymise it so that it can no longer be identified.

We can retain certain personal data in order to comply with our statutory and regulatory obligations, and to enable us to manage our rights (e.g. the assertion of our rights in court), or for statistical purposes (in anonymised form).

For the secure transmission of your personal data, we use so-called SSL encryption. This form of transfer is recognised as a secure form of data transfer based on our current knowledge. We endeavour to take technical and organisational security measures to protect your personal data against unintentional or unlawful erasure, changes or loss, and against unauthorised forwarding or unauthorised access. Our employees are accordingly obliged to maintain secrecy and data privacy.

In order to prevent the loss or misuse of the data stored by us, we take comprehensive technical and organisational safety precautions, which are regularly reviewed and adjusted to meet technological advances. If it is within our sphere of influence, we use in particular modern encryption techniques as well as a variety of other measures to prevent third parties from obtaining unauthorised information. You will recognise an encrypted connection when the address bar of the browser changes from "http://" to "https://" and you will see a lock symbol in your browser bar. If there is an SSL or TLS encryption, the data you exchange with us cannot be seen by third parties.

However, we would like to point out to you that due to the structure of the internet, it is possible that the data protection regulations and the above-named security measures of other persons or institutions not within our area of responsibility cannot be observed. In particular, data passed on in a non-encrypted form can be read by third parties, even if it is sent via email. We have no technical influence on this occurrence. In these cases, it is the responsibility of the user to protect the data it provides against misuse, by encryption or other methods.

Should you have any questions or comments about the handling or use of your personal data, or should you require information about the personal data stored about you, or should you wish to exercise your other rights named below, please contact us at:

Sunday GmbH
An der Alster 42
20099 Hamburg

Tel: 040 - 37 03 - 5440
Email: contact@sunday.gg

You can also use the contact details for other general queries and contact requests. You contact details will hereby be collected and processed by us. You can generally decide yourself which data you provide to us when contacting us. In this case, we will only use your data to respond to your query.

The processing of this data takes place based on your permission, in order to fulfil statutory obligations and to safeguard legitimate interests of Sunday GmbH as the provider of these websites.

As a data subject in the data processing, you have the following rights listed in this section. If you would like to exercise one of your rights named below, please contact us using the contact details named in the following "Contact" section.

Please note that we may request proof of your identity and extensive information about your query before we can process it.

Information, Restriction of Processing and Erasure

Within the framework of the applicable statutory provisions, you have the right at any time to obtain free information about the data stored about you personally, its origin and recipients, and the purpose of the data processing. On presentation of the respective prerequisites, you may also have the right to the rectification of incorrect data, the restriction of the processing, and the erasure of data.

Withdrawal of Your Consent to Data Processing

Some forms of data processing are only possible on the basis of your explicit consent. You can withdraw consent already given at any time. The legitimacy of the data processing carried out until the withdrawal will remain unaffected by the withdrawal.

Right to Data Portability

Regarding the data that we process automatically on the basis of your consent or in the performance of a contract, you generally have the right to access it yourself or have it provided to a third party in a customary, machine-readable format. If you require the direct transfer of this data to a third party, this will only take place if this is technically possible with reasonable effort.

Right to Lodge a Complaint with the Competent Supervisory Authority

In the event of data privacy violations caused by us, you have the right to lodge a complaint with the competent supervisory authority. The supervisory authority responsible for Sunday GmbH in data protection law matters is the Hamburgische Beauftragte für Datenschutz und Informationsfreiheit (HmbBfDI), the contact details of which can be found in the following link: https://www.datenschutz-hamburg.de/wir-ueber-uns-kontakt/wie-erreichen-sie-uns.html.

Operational Data Protection Officer of Sunday GmbH

As legally stipulated, we have appointed a data protection officer for our company:

Mr . Stephan Krämer, LL.M. (Attorney at law, Germany)
KINAST Rechtsanwaltsgesellschaft mbH
Nordstraße 17a
D-50733 Köln

You can contact our data protection officer via its website at http://www.kinast-partner.de.

Our website contains so-called hyperlinks to websites of other providers. When activating these hyperlinks, you will be forwarded directly from our website to the websites of the other providers. Regarding these links to external companies and other third parties, Sunday GmbH is not responsible for the data privacy requirements or the content of these websites.