Data protection

1. Data protection at a glance

(1) General notes

The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data are any data by which you can be personally identified. For detailed information on the subject of data protection, please refer to our privacy policy listed below this text.

(2) Data collection on this website

Who is responsible for the data collection on this website?
Data processing on this website is carried out by the website operator. You can find the contact details of the website operator in the section "Information on the responsible party" in this data protection declaration.

How do we collect your data?
On the one hand, your data are collected by you providing them to us. This can be, for example, data that you enter in a contact form. Other data are collected automatically or after your consent when you visit the website by our IT systems. This is mainly technical data (e.g., Internet browser, operating system, or time of page view). The collection of this data takes place automatically as soon as you enter this website.

What do we use your data for?
Part of the data is collected to ensure error-free provision of the website. Other data may be used to analyze your user behavior.

What rights do you have regarding your data?
You have the right at any time to receive information free of charge on the origin, recipient, and purpose of your stored personal data. You also have a right to request the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent at any time in future. You also have the right to request the restriction of the processing of your personal data under certain circumstances. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

You can contact us at any time with regard to this and other questions on the subject of data protection.

(3) Third-party analysis tools and tools

When visiting this website, your surfing behavior can be statistically evaluated. This is done primarily with so-called analysis programs. Detailed information on these analysis programs can be found in the following privacy policy.

2. Hosting

We host the content of our website with the following provider: Strato

The provider is Strato AG, Otto-Ostrowski-Straße 7, 10249 Berlin (hereinafter "Strato"). When you visit our website, Strato collects various log files including your IP addresses.

For more information, please refer to Strato's privacy policy: https://www.strato.de/datenschutz/.

The use of Strato is based on Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in the most reliable presentation of our website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g., device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.

Job processing

We have concluded a contract on order processing (AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that this processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

A. General notes and mandatory information

(1) Data protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

When you use this website, various personal data are collected. Personal data are data with which you can be personally identified. This privacy policy explains what data we collect and what we use them for. It also explains how and for what purpose this is done.

We point out that data transmission over the Internet (e.g., communication by e-mail) security gaps. A complete protection of the data against access by third parties is not possible.

(2) Definitions

Following the example of Art. 4 of the GDPR, this data protection note is based on the following definitions:

"Personal data" (Art. 4 No. 1 GDPR) means any information relating to an identified or identifiable natural person ("data subject"). A person is identifiable if he or she can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, an online identifier, location data or by means of information relating to his or her physical, physiological, genetic, mental, economic, cultural, or social identity characteristics. The identifiability can also be given by means of a linkage of such information or other additional knowledge. The origin, form or embodiment of the information is irrelevant (photographs, video or audio recordings may also contain personal data).
"Processing" (Art. 4 No. 2 GDPR) means any operation which involves the handling of personal data, whether or not by automated (e., technology-based) means. This includes, in particular, the collection (i.e., acquisition), recording, organization, arrangement, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination, restriction, erasure or destruction of personal data, as well as the change of a purpose or intended use on which a data processing was originally based.
"Controller" (Art. 4 No. 7 DS-GVO) means the natural or legal person, public authority, agency, or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
"Third party" (Art. 4 No. 10 GDPR) means any natural or legal person, public authority, agency, or other body other than the data subject, the controller, the processor, and the persons who are authorized to process the personal data under the direct responsibility of the controller or processor; this also includes other group-affiliated legal entities.
"Processor" (Art. 4 No. 8 DS-GVO) is a natural or legal person, authority, institution, or other body that processes personal data on behalf of the controller, in particular in accordance with the controller's instructions (g., IT service provider). In particular, a processor is not a third party in the sense of data protection law.
"Consent" (Art. 4 No. 11 GDPR) of the data subject means any freely given, in informed manner, and unambiguous indication of his or her wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.

(3) Name and address of the controller

The controller for the processing of your personal data within the meaning of Art. 4 No. 7 DS-GVO is:
Sunshine PCB Ltd.
Walter-Freitag-Str.17
D-42899 Remscheid

For further information on our company, please refer to the imprint details on our website.

(4) Data protection officer

Due to the size of our company, we have not appointed a data protection officer.

If you have any questions, please contact the responsible office using the contact details below:

Sunshine PCB GmbH
Walter-Friday-Str.17
D-42899 Remscheid

Contact

Phone: +49 (0) 2191 9573-0
Fax: +49 (0) 2191 9573-45
Email: info@sunshinepcb.de

(5) Legal basis for data processing

By law, in principle, any processing of personal data is prohibited and only permitted if the data processing falls under one of the following justifications:

Art. 6 para.1 p. 1 lit. a DS-GVO ("consent"): When the data subject has voluntarily, in an informed manner and unambiguously indicated by a statement or other unambiguous affirmative act that he or she consents to the processing of personal data relating to him or her for one or more specific purposes.
Art. 6 para.1 p. 1 lit. b DS-GVO: If the processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the data subject.
Art. 6 para.1 p. 1 lit. c DS-GVO: If the processing is necessary for compliance with a legal obligation to which the controller is subject (e.g., a legal obligation to keep records).
Art. 6 para.1 p. 1 lit. d DS-GVO: If the processing is necessary to protect the vital interests of the data subject or another natural person.
Art. 6 para.1 p. 1 lit. e DS-GVO: Where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; or
Art. 6 para.1 p. 1 lit. f DS-GVO ("Legitimate Interests"): When processing is necessary to protect the legitimate (in particular legal or economic) interests of the controller or a third party unless the conflicting interests or rights of the data subject override (in particular if the data subject is a minor).

Storing information in the end user's terminal equipment or accessing information already stored in the terminal equipment is only permitted if it is covered by one of the following justifications:

§ Section 25 (1) TTDSG: If the end user has consented on the basis of clear and comprehensive information. The consent has to be given according to Art. 6 Abs.1 S. 1 lit. a DS-GVO.
§ Section 25 (2) no. 1 TTDSG: If the sole purpose is to carry out the transmission of a message via a public telecommunications network, or
§ Section 25 (2) no. 2 TTDSG: If the storage or access is absolutely necessary so that the provider of a telemedia service can provide a telemedia service expressly requested by the user.

For the processing operations carried out by us, we indicate below the applicable legal basis in each case. A processing operation may also be based on several legal bases.

(6) Data security

We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties (e.g., TSL encryption for our website), taking into account the state of the art, implementation costs and the nature, scope, context and purpose of the processing, as well as the existing risks of a data breach (including its probability and impact) for the data subject. Our security measures are continuously improved in line with technological developments.

We will be glad to provide you with more information on request.

(7) Data deletion and storage period

For the processing operations carried out by us, we indicate below in each case how long the data will be stored by us and when it will be deleted or blocked. Unless an explicit storage period is specified below, your personal data will be deleted or blocked as soon as the purpose or legal basis for the storage no longer applies. In principle, your data will only be stored on our servers in Germany, subject to any transfer that may take place in accordance with the provisions in A. (7) and A. (8).

However, storage may take place beyond the specified time in the event of a (threatened) legal dispute with you or other legal proceedings or if storage is provided for by statutory provisions to which we are subject as the responsible party (e.g., § 257 HGB, § 147 AO). If the storage period prescribed by the legal regulations expires, the personal data will be blocked or deleted unless further storage by us is necessary and there is a legal basis for this.

(8) Cooperation with processors

As with any larger company, we also use external domestic and foreign service providers (e.g., for IT, logistics, telecommunications, sales, and marketing) to handle our business transactions. They only act on our instructions and have been contractually obligated to comply with data protection regulations in accordance with Art. 28 DS-GVO.

If personal data from you are passed on by us to our subsidiaries or are passed on to us by our subsidiaries (e.g., for advertising purposes), this is done on the basis of existing order processing relationships.

(9) Note on data transfer to the USA and other third countries

In the course of our business relationships, your personal data may be transferred or disclosed to third party companies. These may also be located outside the European Economic Area (EEA), i.e., in third countries. Such processing is carried out exclusively for the fulfillment of contractual and business obligations and to maintain your business relationship with us (legal basis is Art. 6 para. 1 lit b or lit. f in each case in conjunction with Art. 44 et seq. DS-GVO). We will inform you of the respective details of the transfer in the following at the related relevant points.

Some third countries are certified by the European Commission as having a level of data protection comparable to the EEA standard through so-called adequacy decisions (a list of these countries and a copy of the adequacy decisions can be obtained here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en). However, in other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. If this is the case, we ensure that data protection is adequately guaranteed. This is possible via binding company regulations, standard contractual clauses of the European Commission for the protection of personal data pursuant to Art. 46 Para. 1, 2 lit. c DS-GVO (the standard contractual clauses of 2021 are available at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32021D0915&locale-en), certificates or recognized codes of conduct.

Among other things, we use tools from companies based in the USA or other third countries that are not secure under data protection law. If these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries. For example, US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g., intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.

(10) No automated decision making (including profiling).

We do not intend to use any personal data collected from you for any automated decision-making process (including profiling).

(11) No obligation to provide personal data

We do not make the conclusion of contracts with us dependent on you providing us with personal data in advance. As a customer, you are under no legal or contractual obligation to provide us with your personal data; however, we may only be able to provide certain services to a limited extent or not at all if you do not provide the necessary data. If this should exceptionally be the case in the context of the products we offer presented below, you will be informed of this separately.

(12) Legal obligation to transfer certain data

We may be subject to a specific legal or statutory obligation to provide the lawfully processed personal data to third parties, in particular public bodies (Art. 6 para. 1 sentence 1 lit. c DS-GVO).

(13) Your rights

You can assert your rights as a data subject regarding your processed personal data at any time by contacting us using the contact details provided at the beginning of A. (2). You have the right as a data subject:

in accordance with Art. 15 DS-GVO to request information about your data processed by us. In particular, you can request information on the processing purposes, the category of data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if they were not collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information on their details;
in accordance with Art. 16 DS-GVO to demand the correction of incorrect or the completion of your data stored by us without
pursuant to Art. 17 DS-GVO to request the deletion of your data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise, or defense of legal
to request the restriction of the processing of your data in accordance with Art. 18 DS-GVO, insofar as the accuracy of the data is disputed by you or the processing is
pursuant to Art. 20 DS-GVO to receive your data that you have provided to us in a structured, common, and machine-readable format or to request the transfer to another controller ("data portability").
object to the processing pursuant to Art. 21 DS-GVO, provided that the processing is based on Art. 6 (1) p. 1 lit. e or lit. f DS-GVO. This is particularly the case if the processing is not necessary for the performance of a contract with you. Unless it is an objection to direct marketing, when exercising such an objection, we ask you to explain the reasons why we should not process your data as we have done. In the event of your justified objection, we will review the merits of the case and either discontinue or adapt the data processing or show you our compelling legitimate grounds on the basis of which we will continue the
in accordance with Art. 7 (3) DS-GVO, to revoke your consent given once (also before the applicability of the DS-GVO, e., before 25.5.2018) - i.e. your voluntary will, made understandable in an informed manner and unambiguously by means of a declaration or other unambiguous confirming act, that you agree to the processing of the personal data in question for one or more specific purposes - at any time vis-à-vis us, if you have given such consent. This has the consequence that we may no longer continue the data processing based on this consent for the future and
complain to a data protection supervisory authority about the processing of your personal data in our company in accordance with Art. 77 DS-GVO, such as the data protection supervisory authority responsible for us: State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia. Kavalleriestr. 2-4, 40213 Düsseldorf, Fax: 0211/38424-999, poststelle@ldi.nrw.de.

(14) Changes to the data protection note

In the context of the further development of data protection law and technological or organizational changes, our data protection information is regularly reviewed to determine whether it needs to be adapted or supplemented. You will be informed of any changes in particular on our German website at [address of the company's website]. This data protection note is valid as of August 2023.

(15) SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

B. Data collection on this website

(1) Explanation of the function

You can obtain information on our company and the services we offer in particular at www.sunshinepcb.de together with the associated sub-pages (hereinafter collectively referred to as "websites"). When you visit our websites, your personal data may be processed.

(2) Cookies

(3) Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

Browser type and version
Operating system used
Referrer URL
Host name of the accessing computer
Time of the server request
IP address

These data are not merged with other data sources.

The collection of these data is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website - for this purpose, the server log files must be collected.

(4) Contact form

If you send us inquiries via the contact form, your data from the inquiry form, including the contact data you provided there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on these data without your consent.

The processing of these data is based on Art. 6 (1) lit. b DSGVO, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of requests addressed to us (Art. 6 para. 1 lit. f DSGVO) or on your consent (Art. 6 para. 1 lit. a DSGVO) if this has been requested; the consent can be revoked at any time.

The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g., after we have completed processing your request). Mandatory legal provisions - in particular retention periods - remain unaffected.

(5) Request by e-mail, telephone, or fax

If you contact us by e-mail, telephone or fax, your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request. We will not pass on these data without your consent.

The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g., after your request has been processed). Mandatory legal provisions - in particular legal retention periods - remain unaffected.

C. Plugins and tools

(1) Google Fonts

This site uses so-called web fonts from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: Google Fonts) for the uniform display of fonts. These are fonts that are loaded into your browser when you call up our website in order to ensure a uniform typeface when displaying the website.

The fonts are installed locally. A transfer of personal data to Google Fonts does not take place. The use of the fonts is based on our legitimate interest in a uniform presentation of our website (Art. 6 para. 1 lit. f DSGVO).

For more information on Google Fonts, please visit https://developers.google.com/fonts/faq and see Google's privacy policy: https://policies.google.com/privacy?hl=de.

(2) Matomo

We use the open-source software tool Matomo (formerly PIWIK) on our website. The software sets a cookie in your browser (for cookies, see already above). If individual pages of our website are called up, the following data are stored:

Two bytes of the IP address of the user's calling system (anonymized IP address).
The accessed web page
The website from which the user has reached the accessed website (referrer)
The subpages that are called from the called web page
The time spent on the website
The frequency of access to the website

The software runs exclusively on the servers of our website. Your personal data are only stored there. The data are not passed on to third parties.

Purpose and legal basis

We process your data with the help of the analysis software Matomo for the purpose of evaluating the use of individual components and content of our website on the basis of your consent pursuant to Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG. You give your consent by setting the use of cookies (cookie banner / Consent Manager), with which you can also declare your revocation at any time with effect for the future pursuant to Art. 7 para. 3 DSGVO. There is no legal or contractual obligation to provide your data. If you do not give us your consent, a visit to our website is possible without restriction, but not all functions may be fully available.

Storage duration

The specific storage period of the cookies set is 13 months.

(3) Usage of SalesViewer®-Technologie

On this website data is collected and saved for the purposes of marketing, market research and optimisation with the SalesViewer^®-Technologie from SalesViewer^® GmbH on the basis of the website operator having a justified interest (Art. 6 Para 1 f GDPR [DSGVO]).

A Javascript-based code will be used for this, to collect company-related data and how it is used. The data collected with this technology will be encrypted via a non-reversible one-way function (so-called hashing). The data will be anonymised straight away and it will not be used to identify in person the visitor of this website

The data saved by Salesviewer will be deleted as soon as it is no longer required for its intended purpose and there are no statutory safekeeping obligations preventing deletion.

An objection to data being collected and saved may be made at any time with future effect by clicking on this link https://www.salesviewer.com/opt-out
in order to prevent it from being logged in future by SalesViewer^® within this website. In doing so an opt-out cookie for this website will be deposited on your device. If you wish to delete your cookies in this browser you will have to click on this link again.

D. Sunshine PCB GmbH in social media

In addition to our website, Sunshine PCB GmbH is present in various social media. We are currently represented on LinkedIn, Facebook, and Twitter.
Please refer to the privacy policy of the respective operator for the purpose and scope of data collection as well as the provisions regarding the use of your data by the respective platform.

LinkedIn: https://www.linkedin.com/legal/privacy-policy?trk=organization-guest_footer-privacy-policy

Facebook: https://www.facebook.com/privacy/explanation

Twitter: https://twitter.com/de/privacy

E. Audio and video conferencing

(1) Data processing

Among other tools, we use online conferencing tools to communicate with our customers. The tools we use in detail are listed below. If you communicate with us via video or audio conference via the Internet, your personal data will be collected and processed by us and the provider of the respective conference tool.

The conference tools collect all data that you provide/enter to use the tools (e-mail address and/or your telephone number). Furthermore, the conference tools process the duration of the conference, start and end (time) of participation in the conference, number of participants and other "context information" related to the communication process (metadata).

Furthermore, the provider of the tool processes all technical data that are required to handle the online communication. This includes in particular IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, and the type of connection.

If content is shared, uploaded, or otherwise made available within the tool, it will also be stored on the servers of the tool providers. Such content includes, in particular, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information shared during the use of the service.

Please note that we do not have full influence on the data processing operations of the tools used. Our options are largely determined by the corporate policy of the respective provider. For further information on data processing by the conference tools, please refer to the data protection statements of the respective tools used, which we have listed below this text.

Purpose and legal basis

The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 para. 1 lit. b DSGVO). Furthermore, the use of the tools serves the general simplification and acceleration of communication with us or our company (legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO). Insofar as consent has been requested, the tools in question are used on the basis of this consent; consent can be revoked at any time with effect for the future.

Storage duration

The data collected directly by us via the video and conference tools are deleted from our systems as soon as you request us to delete them, revoke your consent to store them, or the purpose for storing the data no longer applies. Stored cookies remain on your terminal device until you delete them. Mandatory legal retention periods remain unaffected.

We have no influence on the storage period of your data, which are stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.

Conference tools used

We use the following conferencing tools:

Microsoft Teams

We use Microsoft Teams. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. On the subject of data processing, Microsoft refers to the standardized customer agreement that can be viewed online: https://www.microsoft.com/licensing/docs/customeragreement

F. Privacy note for applicants

(1) Handling of applicant data

We offer you the opportunity to apply for a job with us (e.g., by e-mail, post or via LinkedIn). In the following, we inform you about the scope, purpose and use of your personal data collected as part of the application process. We assure you that the collection, processing, and use of your data will be carried out in accordance with applicable data protection law and all other legal provisions and that your data will be treated in strict confidence.

Scope and purpose of data collection

If you send us an application, we will process your associated personal data (e.g., contact and communication data, application documents, notes taken during interviews, etc.) insofar as this is necessary to decide on the establishment of an employment relationship. The legal basis for this is Section 26 BDSG under German law (initiation of an employment relationship), Art. 6 (1) lit. b DSGVO (general contract initiation) and - if you have given your consent - Art. 6 (1) lit. a DSGVO. The consent can be revoked at any time. Your personal data will only be passed on within our company to persons who are involved in processing your application.

If the application is successful, the data submitted by you will be stored in our data processing systems on the basis of Section 26 BDSG and Art. 6 (1) lit. b DSGVO for the purpose of implementing the employment relationship.

Data retention period

If we are unable to make you a job offer, if you reject a job offer, or if you withdraw your application, we reserve the right to retain the data you have provided on the basis of our legitimate interests (Art. 6 Para. 1 lit. f DSGVO) for up to 6 months from the end of the application process (rejection or withdrawal of the application). The data will then be deleted, and the physical application documents destroyed. This storage serves in particular as evidence in the event of a legal dispute. If it is evident that the data are required after the 6-month period has expired (e.g., due to an impending or pending legal dispute), the data will not be deleted until the purpose for continued storage no longer applies.

A longer storage can also take place if you have given a corresponding consent (Art. 6 para. 1 lit. a DSGVO) or if legal storage obligations oppose the deletion.

G. Data protection information for business contacts according to the GDPR

We would like to inform you of the processing of your personal data in connection with our business relationship.

Privacy contact information

You will find the responsible person in terms of data protection law on this page under the heading "A. General notes and mandatory information".

What data of yours do we process and for what purposes?

We process the data that we need to fulfill a contract or to carry out pre-contractual measures. These are primarily address data, contact persons and their contact options, bank details.

We process data of our contractual and business partners, e.g., customers and interested parties (collectively referred to as "contractual partners") in the context of contractual and comparable legal relationships as well as related measures and in the context of communication with contractual partners (or pre-contractual), e.g., to answer inquiries.

We process these data in order to fulfill our contractual obligations. These include, in particular, the obligations to provide the agreed services, any update obligations and remedies in the event of warranty and other service disruptions. In addition, we process the data to protect our rights and for the purpose of administrative tasks associated with these obligations and company organization. Furthermore, we process the data on the basis of our legitimate interests in proper and business management as well as security measures to protect our contractual partners and our business operations from misuse, endangerment of their data, secrets, information, and rights (e.g., for the involvement of telecommunications, transport, and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). Within the framework of applicable law, we only disclose the data of contractual partners to third parties to the extent that this is necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners will be informed about further forms of processing, e.g., for marketing purposes, within the scope of this data protection declaration.

Types of data processed: inventory data (e.g., names, addresses); payment data (e.g., bank details, invoices, payment history); contact data (e.g., e-mail, telephone numbers); contract data (e.g., subject matter of contract, term, customer category).
Affected persons: Interested parties; business and contractual partners.
Purposes of processing: provision of contractual services and customer services, contact requests and communication, office, and organizational procedures, management, and response to requests.
Legal basis: Contract fulfillment and pre-contractual requests (Art. 6 para. 1 p. 1 lit. b) DSGVO); Legal obligation (Art. 6 para. 1 p. 1 lit. c) DSGVO); Legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO).

What is the legal basis for this?

The legal basis for the processing of your personal data during the business relationship is Art. 6 para. 1 lit. b) DSGVO. Accordingly, the processing of data is permissible in connection with the performance of contracts.

Should you also optionally submit data to us.

For these cases, you voluntarily consent by making a corresponding declaration in accordance with Art. 6 para. 1 lit. a) DSGVO.

Should the data be required for legal prosecution after the conclusion of the business relationship, data processing may be carried out on the basis of the requirements of the DSGVO, in particular for the exercise of legitimate interests pursuant to Art. 6 (1) f) DSGVO. Our interest then consists in the assertion or defense of claims.

To which recipients are the data passed on?

Your data will be passed on to partners in the group of companies necessary for the fulfillment of the contract and to service providers, such as logistics companies. In other cases, the transfer of your data is not intended.

How long will the data be stored?

The storage is based on the legal retention requirements. Afterwards, the data will be checked. If there is no need for further storage, the data will be deleted.

Your rights as a "data subject"

You have the right to obtain information on your personal data processed by us.

In the case of a request for information that is not made in writing, we ask for your understanding that we may then require proof from you that you are the person you claim to be.

Furthermore, you have a right to rectification or deletion or to restriction of processing, insofar as you are entitled to this by law.

Furthermore, you have a right to object to the processing within the scope of the legal requirements. The same applies to a right to data portability.

You have the right to complain about the processing of personal data by us to a data protection supervisory authority.

Disclosure of personal data

No personal data will be transferred to third parties without your express consent. A transfer to public authorities, law enforcement agencies and courts will only take place within the framework of a legal obligation. Our employees are also bound to secrecy and the confidential handling of your personal data.

In this context, the companies affiliated with Sunshine PCB GmbH in the SGC Group, as well as service providers contractually bound to us for commissioned data processing, are not considered third parties.

Links to websites of other providers

Our website may contain links to external websites. At the time the links were created, Sunshine PCB GmbH was satisfied that the linked sites did not contain any illegal content. However, Sunshine PCB GmbH cannot guarantee continuous control and has no influence on the content of the linked pages. Therefore, no liability is assumed for the contents after the link has been set.

Subject to change

The Sunshine PCB GmbH data protection declaration can be saved or printed out at any time. However, Sunshine PCB GmbH reserves the right to adapt the data protection declaration at any time in compliance with data protection law in order to meet the constant further development of the website.

Reference should also be made at this point to Section 4c of the German Federal Data Protection Act (BDSG), in particular Paragraph 1 No. 2, where the transfer of personal data for the purpose of fulfilling contracts is also permissible by way of exception to bodies in countries where there is no adequate level of data protection if additional protective measures are observed. For example, by using EU standard contractual clauses with the Indian service company, it will be possible to find a solution for transferring customer data for warranty processing that complies with data protection requirements.

Commissioned data processing is also privileged in the GDPR (cf. Art. 4 No. 8 and Art. 28 GDPR). This instrument can still serve as a justification for data transfers within the group.