Global sonnen Privacy Policy for Customers and Business Partners
1. What does this Privacy Policy cover?
This Privacy Policy informs you about the processing of your personal data by companies belonging to the sonnen Group (hereinafter referred to as "sonnen", "we" or "us"), as well as by our parent company Shell.
This Privacy Policy applies to our customers, suppliers, business partners and/or investors, as well as visitors to our website and customer portal. If you visit any of the websites we offer, our provisions on data protection and the use of cookies also apply. Further information on this can be found in the privacy policies published on the website.
Furthermore, in countries where we operate, local privacy policies and regulations may apply, which reflect the locally applicable practices and legal requirements. This Privacy Policy is therefore always subject to the applicable legal provisions and may need to be adjusted accordingly.
This Privacy Policy explains which personal data is processed for what purposes, how long we retain personal data, how you can access and update your personal data, where you can obtain further information, and where you can lodge a complaint.
2. Special note if you are under 16 years old. Processing of personal data of children
If you are under 16 years old (or older, as legally required), please do not send us any personal data (such as name, address, and email). If you still wish to ask us a question that requires the input of your personal data (e.g., in connection with a training course or an event we offer), please contact your parents or legal guardians and ask them to contact us on your behalf.
3. What personal data do we process?
We process the following personal data from and in connection with individuals who are customers, suppliers, business partners and/or investors:
Private contact information (such as name, postal or email address, and telephone number) to the extent necessary for the intended purposes;
Business contacts and other information (such as business title, department, company name, and the reason for collaboration with sonnen).
4. Who is responsible for the personal data collected?
The data controller under applicable law is sonnen Holding GmbH, Am Riedbach 1, 87499 Wildpoldsried, Germany, and/or the company within the sonnen Group with which you have a contractual relationship.
5. For what purpose do we process your personal data?
We process the personal data received from you in the following cases, based on these provisions:
5.1 In the course of our business activities and for the performance of concluded contracts
Conducting our business activities, including for the purpose of research, development, and improvement of the products and services we offer; concluding and performing contracts with customers, suppliers, and business partners; for recording and billing services, products, and materials from and to sonnen; conducting and promoting business relationships, e.g., for maintaining and fostering contacts with existing and potentially future customers; for our accounting, customer service, the development, execution, and analysis of market surveys and marketing strategies.
5.2 Organizing our business operations
The organization and conduct of our business, including financial and asset management, the implementation of control mechanisms, for reporting, evaluations, audits, and internal investigations.
5.3 Health, Safety
To protect the health and safety of our employees, including the protection of an individual's life or health, we verify the identity of individuals and their access permissions to our companies' facilities and premises.
5.4 Compliance with Legal Requirements; Enforcement of Rights
Compliance with legal and statutory provisions, including for the purpose of conducting legal proceedings or defending against claims.
5.5 Comparison with Publicly Available Sanction Lists
To comply with legal obligations, protect assets, our employees, and contractors, and especially to ensure that sonnen can comply with all trade control, anti-money laundering, and/or anti-bribery and corruption laws, and other legal requirements, we regularly conduct checks (at least quarterly) of our existing and potential future customers and business partners.
This check is carried out using publicly available or government-issued sanction lists. It is conducted in Europe. For this purpose, we compare your first and last name with the data contained in the published sanction lists. In the event of an initial match, we will use your data stored by sonnen (e.g., date of birth, nationality, address) to verify whether the match is actually accurate. For this verification, sonnen may also use other public sources, such as information from credit rating agencies. For this purpose, sonnen may also contact the data subject directly to obtain further information. Should sonnen not be able to rule out the match, we reserve the right to engage the services of external consultants (KPMG EU) for further review and assessment.
If a match is confirmed, the Shell company Shell plc. has a legal reporting obligation to the US Securities and Exchange Commission (SEC, the US stock market supervisory authority). Shell Midstream Partners LP (MLP) is obliged to submit quarterly and annual reports to the SEC. Where legally required, sonnen must report to the relevant local supervisory authorities.
The legal basis for this data processing is Article 6 (1) (c) and (f) GDPR.
The check does not lead to automated decisions regarding an existing customer or business partner, or a future customer or business partner.
6. Legal Basis for Processing Personal Data
The personal data covered by this Privacy Policy will be processed exclusively in accordance with the following provisions:
to contact an individual upon request before entering into a contract;
to execute a contract that you and sonnen have concluded;
insofar as it is necessary for compliance with the laws and legal provisions to which we are subject;
insofar as it is necessary for the pursuit of sonnen's legitimate business interests and these are not overridden by the fundamental rights and freedoms of the data subject; or
(only where legally required) with the explicit consent of an individual.
In cases where we process personal data with your consent, you have the right, unless otherwise provided by law, to withdraw your consent at any time. The withdrawal does not affect the lawfulness of processing carried out until the time of withdrawal.
7. To whom do we disclose personal data?
Your personal data will be processed exclusively for the purposes mentioned above. They will be disclosed strictly on a "need-to-know" basis as follows:
Your personal data will be transferred to other companies within the sonnen Group, including our parent company, Shell plc, insofar as this is necessary for the purposes mentioned under section 5.
we may also share your data within our corporate group to offer you promotions or inform you about related products and/or services. This is done based on your consent for marketing purposes, and in all cases, marketing material will only be sent to you by us
Shell's View of the Customer
To ensure a positive experience for you with the Shell Group, considering the context of your interaction with Shell, we combine the information obtained from the sources mentioned above to create a personal profile of you. This allows you to interact more easily with various Shell companies. Furthermore, it ensures that we have the most up-to-date information about you to better develop services and products and to tailor offers that match your specific interests.
However, please note that you have the ability to control how Shell uses this information. You can object to the combination of your personal data in this manner – for more details, please refer to the following section "Your Rights Regarding Your Personal Data".
Your personal data may also be transferred to companies within sonnen Holding GmbH that provide sonnen products and services which we require for the fulfillment of contracts concluded with you.
Authorized third parties, such as sales representatives, partners, service providers, and subcontractors of sonnen.
A competent public authority, government, or administration, insofar as this is necessary for the fulfillment of legal obligations to which the respective company of sonnen Holding GmbH is subject.
8. Transfer of Personal Data
Insofar as personal data is transferred to companies within the sonnen Group and/or to authorized third parties in accordance with the aforementioned provisions, located inside or outside the country in which you reside (including outside the European Economic Area), we take organizational, contractual, and legal measures to ensure that your personal data is processed exclusively for the purposes mentioned above and that an adequate level of personal data protection is maintained.
These measures include mechanisms approved by the European Commission for the transfer of personal data to third parties in countries whose data protection is not considered adequate, as well as additional local legal requirements.
9. How long will your personal data be stored?
sonnen stores all personal data collected for the conclusion and execution of a contract with a customer, supplier, or business partner, or in the context of submitting an offer, for the duration of the contractual relationship and up to 3 years after the termination of the cooperation.
In all other cases, personal data, including data collected in the context of an unsuccessful offer, as well as data processed according to section 5.5, will be deleted no later than three months after their collection.
In all cases, information may be retained for a) a longer period if there is a legal reason for it (in which case it will be deleted as soon as it is no longer needed for the legal purpose) or b) a shorter period if the purpose of storage has ceased before the defined period expires.
10. How can I access my personal data?
Our goal is to keep our information about you as accurate as possible. You have a right to information regarding your personal data.
You can access your personal data and request the correction or deletion of personal data. Data deletion can only be requested insofar as the purpose of storage has ceased. Furthermore, you have the right to request that the processing of your data and the transfer of data be limited to the necessary extent. For this purpose, please contact the data controller as further explained below.
11. Whom can I contact for further information?
Please address your questions and claims regarding this privacy policy to sonnen Holding GmbH, for the attention of the Management Board, Am Riedbach 1, 87499 Wildpoldsried, Germany, privacy-notice@sonnen.de. Additionally, the sonnen Holding GmbH company with which you have concluded a contract will also provide you with information.
Additionally, you can contact our data protection officer at the following address: Deutsche Shell Holding GmbH, Michael Seus, Suhrenkamp 71-77, 22335 Hamburg, Germany, datenschutz@sonnen.de.
You can also lodge a complaint with a data protection authority. The competent supervisory authority for sonnen Holding GmbH is the Bavarian State Commissioner for Data Protection (BayLfD), Wagmüllerstraße 18, 80538 Munich, +49 89 212 673.0, poststelle@datenschutz-bayern.de.
12. Contact via email or the contact form
When you contact sonnen via email or the contact form, the data you provide (your email address, possibly your name and phone number) will be stored by us to process your inquiry and for any follow-up questions. This data will not be shared with third parties without your consent. The processing of this data is therefore based exclusively on Art. 6 para. 1 sentence 1 lit. a GDPR. The data collected in this context will remain with us until you request its deletion, revoke your consent for storage, or the purpose for data processing ceases to apply. Statutory retention obligations and other mandatory legal provisions remain unaffected by this.
13. Collection of personal data when visiting our website
When using the website for purely informational purposes, i.e., if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability and security (the legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR):
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Volume of data transferred in each case
- Website from which the request originates
- Browser
- Operating system and its interface
- Language and version of the browser software
14. Further functions and offers of our website
In addition to the purely informational use of our website, we offer various services that you can use if interested. For this purpose, you generally need to provide further personal data, which we use to provide the respective services and for which the aforementioned principles of data processing apply.
In some cases, we use external service providers and partner companies for processing your data or for the execution and handling of commissioned services. These have been carefully selected and commissioned by us, are bound by our instructions, and are regularly monitored.
Furthermore, we may share your personal data with third parties if participation in promotions, contests, contract conclusions, or similar services are offered by us jointly with partners. You will receive more detailed information on this when you provide your personal data or below in the offer description.
Your data is processed on the basis of Art. 6 para. 1 lit. a GDPR.
If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you about the implications of this circumstance in the offer description.
15. SSL or TLS Encryption
For security reasons and to protect the transmission of confidential content, such as inquiries or orders that you send to us, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address bar of your browser changes from "http://" to "https://" and a lock symbol is displayed in your browser's address bar.
With active SSL or TLS encryption, the data you transmit to us cannot be read by third parties.
16. Use of Cookies
Further information on the use of our website cookies can be found at: https://sonnen.pro/en-de/cookies.
17. eMail-Sicherheit
As soon as you initiate electronic contact with sonnen, you agree to electronic communication. We would like to point out that emails can be read or altered unauthorized and unnoticed during transmission. Encryption technology is only partially used on this website. sonnen uses software to filter unwanted emails (spam filter). The spam filter may reject emails if they are falsely identified as spam due to certain characteristics.
18. Security through Technical and Organizational Measures
In accordance with applicable legal provisions, we implement technical and organizational measures to protect personal data from accidental or intentional manipulation, loss, destruction, or access by unauthorized persons. The security measures in place are continuously improved in line with technological developments.
19. Publication of Job Advertisements / Online Job Applications
Your application data will be collected and processed electronically by us for the purpose of handling the application process. The legal basis for data processing is Art. 6 para. 1 lit. a GDPR. If your application leads to the conclusion of an employment contract, your transmitted data may be stored by us in your personnel file for the purpose of the usual organizational and administrative process, in compliance with the relevant legal provisions. The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. If your application is rejected, the data you submitted will be automatically deleted two months after notification of the rejection. This does not apply if longer storage is necessary due to legal requirements (e.g., the obligation to provide evidence under the General Equal Treatment Act) or if you have expressly consented to longer storage in our applicant database.
20. Changes to this Privacy Policy
This Privacy Policy may be adjusted over time. It applies in its current version and is subject to the respective applicable legal provisions. This Privacy Policy was last updated on November 22, 2021.
