Privacy Policy

Data Privacy Statement

Thank you for your interest in our services and your visit to our website.

Data Privacy on the Webpages of Sunday GmbH

Data privacy and data security during the use of our website are a matter of course for us. Therefore, we would like to inform you below about which of your personal data we collect while you visit our website and for what purposes they are used.

This Data Privacy Statement applies for the internet offering of Sunday GmbH, which can be seen on the website accessible at the following domain: https://sunday.gg/ (hereinafter referred to as “our website”).

This Data Privacy Statement can be accessed, stored and printed at any time via the following URL: https://sunday.gg/privacy-policy/

As legislative changes or changes to our internal company processes could make an adjustment of this Data Privacy Statement necessary, please read through this Data Privacy Statement regularly.

Data Controller

Sunday GmbH, An der Alster 42, 20099 Hamburg (you will find exact contact details in the legal notice at https://sunday.gg/imprint/) is the “controller” in accordance with the applicable data protection law, in particular the EU General Data Protection Regulation (GDPR), for the processing of personal data in these webpages.

Personal Data

Personal data is information that may be used to find out personal or factual characteristics about you (e.g. name, address, telephone number, date of birth or email address). Information with which we cannot create a link (or can only do so with disproportionate effort) to you personally, e.g. via anonymisation of information, is not personal data.

What Personal Data is Collected and Processed by Us?

You can visit our webpages without informing us about who you are and without stating to us any corresponding personal data (e.g. names, address, telephone number or email address), unless you provide them to us voluntarily or the corresponding legal provisions on the protection of your data allow this.

Purpose

We will collect, process and use the personal data provided by you online only for the purposes stated to you.

Some data that we may collect about you is necessary in order for us to:
– provide you with the services you desire;
– perform our contracts with you;
– comply with legal provisions (e.g. billing).

If we directly collect data from you, we may ask for your permission and clearly label mandatory information (e.g. with a star [*]). Any other details without a star will be provided by you voluntarily.

Legal Basis

The legal basis for the processing of your data may be the following:

– your consent to data use in accordance with Art. 6(1)(a) GDPR;
– the fulfilment of our service obligations resulting from the contracts concluded with you, in order to provide you with the desired services, in accordance with Art. 6(1)(b) GDPR;
– our legitimate interest in accordance with Art. 6(1)(f) GDPR, e.g. (our commercial interests in the improvement of our services, so that we can better understand your needs and expectations and therefore improve our services for you; for the prevention of fraud and to guarantee that the use of our webpages takes place completely and without fraudulent conduct; in order to guarantee the security of our services and ensure that our offering is technically safe and works properly; to secure and implement our contractual entitlements and claims)
– Legal bases in accordance with Art. 6(1)(c) GDPR, if the collection, storage, transfer or other processing of the data is legally prescribed or necessary for the processing, in order to fulfil our statutory obligations.

Forwarding of Data

We will neither sell nor market your personal data to third parties, nor will we pass it on for other reasons, if this is not listed within this Data Privacy Statement. The passing on of your personal data without your explicit prior permission will only take place in the following cases, in addition to the other cases named in this Data Privacy Statement:

– If necessary for the resolution of unlawful use or misuse of our webpages or for prosecution, personal data will be passed on to the criminal prosecution authorities and, if necessary, to third parties who have been harmed. However, this will only take place if there are specific indications of unlawful conduct or misuse. We are also legally obliged to provide information to certain public bodies upon request. These are criminal prosecution authorities, authorities that pursue administrative offences punishable by a financial penalty, and the financial authorities.

– Forwarding to third parties bound to professional secrecy can only take place if this is necessary for the implementation of the contractual terms and conditions or other agreements, and our claims from contracts that you have concluded with us.

– For the provision of our service, we are occasionally reliant on contractually bound third-party companies and external service providers, e.g. for the hosting. In such cases, information will be passed on to these companies or individual people in order to enable further processing. These external service providers are carefully selected by us and checked regularly, to ensure that your privacy remains protected, and they may only process the data for the purposes specified by us. They are also contractually obliged by us to only handle your data exclusively in accordance with this Data Privacy Statement and the German data privacy laws.

– As part of the further development of our business, the structure of our company may change, in that the legal form is changed, or subsidiary companies, business units or components are founded, purchased or sold. In the event of such transactions, the customer information will be passed on, together with the part of the company to be transferred, with your consent. During any transfer of personal data to third parties to the specified extent, we will ensure that the further use takes place in accordance with this Data Privacy Statement and the relevant data protection laws, and we will ask for your permission.

Use of Cookies

We do not create personal user profiles. In connection with the displaying of information requested by you, data is only stored on our servers in anonymised form, for the provision of our various services or for analysis purposes. General information is hereby logged, e.g. which content of our offering is accessed and when, and what pages are visited the most frequently. For these purposes, we use so-called “cookies” (small text files with configuration information). The cookies used serve in particular to determine the frequency of use and the number of users of our websites. This enables us to find out which parts of our websites and which other websites our visitors have visited.

However, these use data cannot be traced back to the users. None of this anonymously compiled use data will be matched with your personal data, and it will be promptly erased after the end of the statistical analysis.

Moreover, our webpages do not store cookies that do not have only technically necessary functions and do not only enable the proper functioning of our webpages if you have not accepted them beforehand. For this purpose, you must agree before the storage of cookies by selecting the types of cookies you desire or accept and clicking on “Akzeptieren” (accept) on the banner that contains the notice on the storage of cookies. Further detailed information about the types of cookies we use and how to configure the use of individual types of cookies, and agree and object to their use, can be found in our cookie settings.

The legal bases for this data processing are Art. 6(1)(f) GDPR (which permits the processing of data for the protection of legitimate interests of the data controller) and Art. 6(1)(a) GDPR (which permits data processing based on your consent).

Most browsers are configured so that they automatically accept cookies. However, you can deactivate the storage of cookies or set your browser so that it notifies you before cookies are stored. Users who do not accept cookies may not be able to access certain parts of our website.

Google Analytics

If you have agreed to the use of corresponding cookies, our website may use Google Analytics, a website analysis service of Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (“Google”). Google Analytics uses so-called “cookies”, which are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website will generally be sent to a Google server in the USA, where it will be stored.

We would also like to point out that Google Analytics has been expanded with the code “gat._anonymizeIp();” within our website in order to guarantee the anonymised logging of IP addresses (so-called IP masking). Before the transmission, your IP address will therefore be shortened by Google within member states of the European Union or in other signatory states of the Agreement on the European Economic Area. Only in exceptional circumstances will the full IP address be sent to a Google server in the USA, where it will be stored. The IP address sent from your browser as part of Google Analytics will not be matched with other data by Google.

Google will use this information on our behalf in order to analyse your use of our website, compile reports on the website activities, and provide the website operator with services associated with the website use and internet use. Google may also pass on this information to third parties, if this is legally required or if third parties process this data on behalf of Google.

The legal basis for this data processing is Art. 6(1)(f) GDPR, which allows the processing of data to protect legitimate interests of the data controller.

You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out to you that in this case, you may not be able to use all functions of this website to their full extent.

You can also prevent the logging of the data generated by the cookie and related to your use of the website by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

As an alternative to this browser plugin or within browsers on mobile devices, you can prevent the logging by Google Analytics by deactivating the functionality option in the cookie settings.

An opt-out cookie will then be placed, preventing the future logging of your data when visiting this website.

Further information about this can be found at http://tools.google.com/dlpage/gaoptout?hl=de or http://www.google.com/intl/de/analytics/learn/privacy.html (general information about Google Analytics and data privacy).

Vimeo

Within our websites, we may use plugins of video portal Vimeo. The operator of this site is Vimeo, Inc. 555 West 18th Street New York, New York 10011, USA.
If you visit a site equipped with a Vimeo plugin, a connection to the Vimeo servers will be established. The Vimeo server will thereby be informed which of our sites you have visited.
If you are logged into your Vimeo account, you enable Vimeo to directly match your surfing behaviour with your personal profile. You can prevent this by logging out of your Vimeo account.
The use of Vimeo takes place in the interest of an appealing presentation of our online services. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR.
You can find further information about the handling of user data in the Vimeo data privacy declaration at https://vimeo.com/privacy.

YouTube

Within our sites, we may use plugins of video portal YouTube. The operator of the site is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
If you visit a site equipped with a YouTube plugin, a connection to the YouTube servers will be established. The YouTube server will thereby be informed which of our sites you have visited.
If you are logged into your YouTube account, you enable YouTube to directly match your surfing behaviour with your personal profile. You can prevent this by logging out of your YouTube account.
The use of YouTube takes place in the interest of an appealing presentation of our online services. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR.
You can find further information about the handling of user data in the YouTube data privacy declaration at https://www.google.de/intl/de/policies/privacy.

Google Maps

Within our websites, we may use map service Google Maps via an API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
For the use of the functions of Google Maps, it is necessary to store your IP address. This information will generally be sent to a Google server in the USA, where it will be stored. The provider of this site has no influence on this data transfer.
The use of Google Maps takes place in the interest of an appealing presentation of our online services and easy traceability of the locations stated by us on the website. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR.
More information about the use of user data can be found in the Google data privacy statement at https://www.google.de/intl/de/policies/privacy/.

Server Log Files

Your visit to our websites will be automatically logged by our web servers.

In connection with the information requested by you from our websites, data is hereby logged for the provision of our various services or for analysis and security purposes, and may be stored in anonymous form (non-personalised). The web server used by us automatically stores data about the displaying of our webpages in so-called server log files. This data is as follows:
– IP address
– Referrer URL (the site from which you visit us)
– Time of server request
– Host name of the accessing end device (the name of your internet service provider)
– Browser type and browser version
– Operating system used and its settings

The processing of the above-named data hereby takes place for security purposes, for general fraud prevention and as a precaution against attacks on our websites. An automated amalgamation of this data with data from other data sources does not take place.

If your IP address is automatically logged, it will be automatically deleted after 30 days at the latest.

Otherwise, only general information is logged, e.g. when which content of our offering is accessed and what pages are visited the most frequently, the names of the requested files and their dates and times of access. This data is used to improve our services and does not enable matches to be made with you personally.
We will not use this information for any other purposes.

The legal basis for the data processing is Art. 6(1)(f) GDPR, which allows the processing of data to protect legitimate interests of the data controller.

Data Storage

We only store personal data that you send to us for as long as we require it, in order to fulfil the purposes for which this data has been sent, or as long as this is stipulated by law:
– If you conclude contracts with us, we will store and process your personal data for the duration the contract and beyond for the fulfilment of your post-contractual obligations and matters, and for the duration of the statutory retention periods (maximum 10 years).
– If you have agreed to the use of your email address for marketing purposes, we will store your email address within our mailing database until you de-register or request that we erase the data.
– If you send us a query, we will process your personal data for the duration of the processing of your query.

When we no longer require your personal data, we will erase it from our systems and records, or anonymise it so that it can no longer be identified.
We can retain certain personal data in order to comply with our statutory and regulatory obligations, and to enable us to manage our rights (e.g. the assertion of our rights in court), or for statistical purposes (in anonymised form).

Data Security

For the secure transmission of your personal data, we use so-called SSL encryption. This form of transfer is recognised as a secure form of data transfer based on our current knowledge. We endeavour to take technical and organisational security measures to protect your personal data against unintentional or unlawful erasure, changes or loss, and against unauthorised forwarding or unauthorised access. Our employees are accordingly obliged to maintain secrecy and data privacy.

In order to prevent the loss or misuse of the data stored by us, we take comprehensive technical and organisational safety precautions, which are regularly reviewed and adjusted to meet technological advances. If it is within our sphere of influence, we use in particular modern encryption techniques as well as a variety of other measures to prevent third parties from obtaining unauthorised information. You will recognise an encrypted connection when the address bar of the browser changes from “http://” to “https://” and you will see a lock symbol in your browser bar. If there is an SSL or TLS encryption, the data you exchange with us cannot be seen by third parties.

However, we would like to point out to you that due to the structure of the internet, it is possible that the data protection regulations and the above-named security measures of other persons or institutions not within our area of responsibility cannot be observed. In particular, data passed on in a non-encrypted form can be read by third parties, even if it is sent via email. We have no technical influence on this occurrence. In these cases, it is the responsibility of the user to protect the data it provides against misuse, by encryption or other methods.

Contact

Should you have any questions or comments about the handling or use of your personal data, or should you require information about the personal data stored about you, or should you wish to exercise your other rights named below, please contact us at:

Sunday GmbH
An der Alster 42
20099 Hamburg

Tel: 040 – 37 03 – 5440
Email: contact@sunday.gg

You can also use the contact details for other general queries and contact requests.
You contact details will hereby be collected and processed by us. You can generally decide yourself which data you provide to us when contacting us. In this case, we will only use your data to respond to your query.
The processing of this data takes place based on your permission, in order to fulfil statutory obligations and to safeguard legitimate interests of Sunday GmbH as the provider of these websites.

Your Rights as a Data Subject

As a data subject in the data processing, you have the following rights listed in this section.
If you would like to exercise one of your rights named below, please contact us using the contact details named in the following “Contact” section.
Please note that we may request proof of your identity and extensive information about your query before we can process it.

Information, Restriction of Processing and Erasure

Within the framework of the applicable statutory provisions, you have the right at any time to obtain free information about the data stored about you personally, its origin and recipients, and the purpose of the data processing. On presentation of the respective prerequisites, you may also have the right to the rectification of incorrect data, the restriction of the processing, and the erasure of data.

Withdrawal of Your Consent to Data Processing

Some forms of data processing are only possible on the basis of your explicit consent. You can withdraw consent already given at any time. The legitimacy of the data processing carried out until the withdrawal will remain unaffected by the withdrawal.

Right to Data Portability

Regarding the data that we process automatically on the basis of your consent or in the performance of a contract, you generally have the right to access it yourself or have it provided to a third party in a customary, machine-readable format. If you require the direct transfer of this data to a third party, this will only take place if this is technically possible with reasonable effort.

Right to Lodge a Complaint with the Competent Supervisory Authority

In the event of data privacy violations caused by us, you have the right to lodge a complaint with the competent supervisory authority. The supervisory authority responsible for Sunday GmbH in data protection law matters is the Hamburgische Beauftragte für Datenschutz und Informationsfreiheit (HmbBfDI), the contact details of which can be found in the following link: https://www.datenschutz-hamburg.de/wir-ueber-uns-kontakt/wie-erreichen-sie-uns.html.

Operational Data Protection Officer of Sunday GmbH

As legally stipulated, we have appointed a data protection officer for our company:

Mr Rechtsanwalt Stephan Krämer, LL.M.
KINAST Rechtsanwaltsgesellschaft mbH
Hohenzollernring 54
D-50672 Köln

You can contact our data protection officer via its website at http://www.kinast-partner.de.

Hyperlinks to Other Websites

Our website contains so-called hyperlinks to websites of other providers. When activating these hyperlinks, you will be forwarded directly from our website to the websites of the other providers. Regarding these links to external companies and other third parties, Sunday GmbH is not responsible for the data privacy requirements or the content of these websites.

Version: May 2018