We take data protection seriously
The protection of your privacy when processing personal data (hereinafter referred to as “data”) is an important concern for us. We process your data only according to the legal requirements.
When you visit our website, our web servers store the IP address of your Internet service provider, the website from which you visit us, the web pages you visit on our website and the date and duration of your visit. This information is absolutely necessary for the technical transmission of the web pages and secure server operation. A personalized evaluation of this data does not take place.
If you send us data using the contact form, this data is stored on our servers in the course of data backup. Your data will only be used by us for processing your request. Your data will be treated in strictest confidence. It will not be forwarded to third parties.
Automatically saved data
Server log files
The provider of the site automatically collects and saves information in so-called server log files, which your browser automatically sends to us. These are:
- Date and time of the request
- Name of the requested file
- Page from which the file was requested
- Access status (file transmitted, file not found, etc.)
- Web browser and operating system used
- Complete IP address of the requesting computer
- Transmitted data quantity
This data is not combined with other data sources. Processing is carried out in accordance with Article 6 (1) (f) of the GDPR on the basis of our legitimate interest in improving the stability and functionality of our website.
For reasons of technical security, in particular to prevent attempts to attack our web server, this data is temporarily stored by us. It is not possible for us to draw conclusions about individual persons on the basis of this data. After seven days at the latest, the data is anonymized by shortening the IP address at domain level, so that it is no longer possible to establish a reference to the individual user. The data is also processed in anonymous form for statistical purposes; it is not compared with other databases or forwarded to third parties, even in excerpts. Only in the context of our server statistics, which we publish every two years in our activity report, does a presentation of the number of page views take place.
When you visit our internet site we may save information on your computer in the form of cookies. Cookies are small files which are transferred from an internet server to your browser and stored on its hard disk. Only the Internet Protocol address is stored here - no personal data.
Online job application
Your application data, that you send to us will be electronically collected and processed by us for the purposes of conducting the application process. This particularly includes the following personal data: First name, surname, e-mail address. If your application leads to an employment contract, your transmitted data may be stored by us in your personnel file for the purposes of usual organisational and administrative processes, taking relevant legal regulations into account.
If your application is unsuccessful, your transmitted data will be erased automatically two months following the rejection. This does not apply if legal requirements (e.g. the burden of proof according to the German General Act on Equal Treatment) mandate a longer storage period or if you have expressly agreed to your data being stored for longer in our prospects database.
We use the so-called double opt-in process for sending our newsletter, which means that we only send you a newsletter by e-mail if you have expressly confirmed beforehand that we can activate the newsletter service. We will send you a notification e-mail and ask you to click on one of the links contained in the e-mail to confirm that you would like to receive our newsletter. When you subscribe to our newsletter, we store your IP address and the date of the registration. This data is stored solely as evidence in case a third party misuses your e-mail address to sign you up to receive the newsletter without your knowledge or consent. If you no longer wish to receive our newsletter, you can object to this at any time without this incurring any costs other than the transmission costs according to the basic tariffs.
We have taken technical and administrative security precautions to protect your personal data against loss, destruction, manipulation and unauthorized access. All our employees and service providers working for us are bound by the applicable data protection laws.
Whenever we collect and process personal information, it is encrypted before it is transmitted.
This means that your data cannot be misused by third parties. Our security precautions are subject to a continuous improvement process and our privacy statements are constantly revised. Please make sure you have the latest version.
Information Obligations according to Article 13 of the GDPR
1. Who is responsible for the data processing and who can you turn to?
The responsible body is
SUMIDA Lehesten GmbH
07349 Lehesten, Germany
Telephone: +49 (0) 36653/ 400
The company data protection officer is
Projekt 29 GmbH & Co. KG
93047 Regensburg, Germany
Telephone: +49 (0) 941/ 2986930
2. Which data is processed and from which sources does this data come?
We process the data which we receive from you in the context of contractual preparation or processing through authorisations or in the context of your application to us or as part of your employment.
Personal data includes:
Your master/contact data, including, for customers, e.g. forename and surname, address,
contact data (e-mail address, telephone number, fax), bank data.
In the case of applicants and employees, this includes, for example, forename and surname, address, contact data (e-mail address, telephone number, fax), date of birth, data from CVs and work references, bank data.
In the case of business partners, this includes, for example, your legal representative, company, corporate register number, VAT ID No., operating number, address, contact data (e-mail address, telephone number, fax), bank data.
In addition, we also process the following additional personal data:
- Information of the type and content of contractual data, order data, turnover and receipt data, customer and supplier history and consultancy documents,
- Advertising and sales’ data,
- Information from your electronic interaction with us (e.g. IP address, login data),
- Other data which we have received from you in the context of our business relationship
(e.g. in customer discussions),
- Data which we generate ourselves from master / contact data and other data, such as data from customer requirements and customer potential analyses,
- The documentation of your approval declaration for the receipt of newsletters, for example.
3. For which purposes and upon which legal basis is the data is processed?
We process your data in accordance with the requirements of the GDPR and the 2018 German Federal Data Protection Act in the appropriately applicable version:
- To fulfil (pre-)contractual obligations (Art. 6 Para. 1 lit.b of the GDPR):
Your data is processed for contractual processing online or in one of our subsidiary companies, for contractual processing of your employment in our company. In particular,
the data is processed for potential business and execution of contracts with you.
- To fulfil legal obligations (Art. 6 Para. 1 lit.c of the GDPR):
Processing of your data is required for the purpose of fulfilling different legal obligations,
e.g. included in the German Commercial Code or the German Fiscal Code.
- To maintain justified interests (Art. 6 Para. 1 lit.f of the GDPR):
Due to a weighing of interests, data processing can take place beyond the actual fulfilment of the contract to maintain our justified interests and those of third parties. Data processing to maintain justified interests takes place, for example, in the following cases:
- Publicity or marketing (see No. 4),
- Measures for business control and further processing of services and products;
- Management of a group-wide customer database to improve customer service
- In the context of prosecutions.
- In the context of your consent (Art. 6 Para. 1 lit.a of the GDPR):
If you issue us with consent to process your data, for example, to send you our newsletter.
4. Processing of personal data for publicity purposes
You can revoke the use of your personal data for publicity purposes at any time in total or for individual activities, without incurring any costs additional to the transmission costs according to the basic tariffs.
We are authorised according to the legal stipulations of § 7 Para. 3 of the German Fair Trade Act to use the e-mail address you provided on contractual completion for direct marketing of similar goods and services of our own. You will receive these product recommendations from us, irrespective of whether you have received the newsletter or not.
If you do not wish to receive such recommendations from us by e-mail, then you can revoke the use of your address for this purpose at any time, without incurring any costs additional to the transmission costs according to the basis tariffs. A text message is sufficient for this. Of course, each e-mail always contains an unsubscribe link.
5. Who receives my data?
If we employ a service provider for any order processing, then we still remain responsible for the protection of your data. All the order processors are contractually obliged to treat your data confidentially and only to process it in the context of service provision. The order processors we appoint receive your data if they require the data to fulfil their appropriate service. They include, for example, service providers, who we require for the operation and security of our IT system,
as well as publicity and address publishing companies for our advertising campaigns.
Your data is processed in our customer database. The customer database supports the increase in the data quality of the existing customer data (elimination of duplicates, moved/deceased notes, address correction) and allows enrichment with data from public sources.
This data is made available to companies, within the group if required for data processing.
Customer data is stored separately and according to the company, whereby our parent group functions as the service provider for the individual participating companies.
If a statutory obligation exists or legal actions are being undertaken, then authorities and courts as well as external auditors may be recipients of your data.
In addition, for the purpose of contractual preparation and fulfilment, insurance companies, banks, information providers and service providers can be recipients of your data.
6. For how long is my data saved?
We will process your data up to the termination of the business relationship or up to the expiry of the valid statutory storage periods (derived from the German Commercial Code, German Fiscal Code, Institutional Care Act or Working Hours Act), and also up to the termination of any legal disputes,
in which the data is required as proof.
7. Is personal data transmitted to a third country?
Personal data is transmitted to SUMIDA companies based in non-EU countries. Transmission may take place in individual cases only on the basis of a determination of appropriateness by the European Commission, standard contractual clauses, suitable guarantees or your express approval.
8. Which data protection rights do I have?
At all times, you have a right to information, correction, deletion or restriction of the processing of your stored data, a right of objection against the processing as well as a right to data transferability and to a complaint in accordance with the conditions of data protection law.
Right to information:
You can request information from us as to whether and to what extent we process your data.
Right of correction:
If we process your data that is incomplete or incorrect, you can request that we correct or supplement it at any time.
Right of deletion:
You can request us to delete your data if we process it unlawfully or if the processing interferes disproportionately with your legitimate protection interests. Please note that there may be reasons that prevent immediate deletion, e.g. in the case of legally regulated storage obligations.
Irrespective of the exercise of your right to deletion, we will delete your data immediately and completely, unless there is a legal transaction or legal obligation to retain it.
Right to restrict processing:
You may request us to restrict the processing of your data if
- you dispute the accuracy of the data for a period of time that allows us to verify the accuracy of the data.
- the processing of the data is unlawful, but you refuse deletion and instead request a restriction on the use of the data,
- we no longer need the data for the intended purpose, but you still need this data to assert or defend legal claims, or
- you have lodged an objection to the processing of the data.
Right to data portability:
You may require us to provide you with the data you have provided to us in a structured, current and machine-readable format and to allow you to pass this data to another responsible person without our interference, provided that
- we process this data on the basis of revocable consent you have given or to fulfil a contract between us, and
- this processing takes place with the aid of an automated process.
If it is technically feasible, you can ask us to transfer your data directly to another responsible person.
Right of objection:
If we process your data for legitimate reasons, or on basis of your freely given consent, you can object to this data processing at any time;
this would also apply to profiling based on these provisions. We will then no longer process your data unless we can prove compelling reasons worthy of protection for the processing which outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims. You can object to the processing of your data for the purpose of direct advertising at any time without giving reasons.
Right of complaint:
If you are of the opinion that we have violated German or European data protection law when processing your data, please contact us to clarify any questions. Of course, you also have the right to contact the supervisory authority responsible for you, the respective national office for data protection supervision.
If you wish to assert any of the above rights against us, please contact our data protection officer.
In case of doubt, we may request additional information to confirm your identity.
As described above, you have special rights concerning your stored data. To claim one of these rights, or to get in contact with us in case of privacy concerns, please use this link to get directly to the corresponding contact form.
9. Am I obliged to provide data?
The processing of your data is required for the completion or fulfilment of the contract you have entered into with us. If you do not provide us with this data, we will usually be required to refuse the completion of the contract or not be able to execute an existing contract, meaning that we must terminate it. However, you are not obliged to issue approval for data processing of data which is not relevant to contractual completion or which is not required by law.
Changes to this privacy statement
All interested parties and visitors to our website can contact us about data protection issues at:
Projekt 29 GmbH & Co. KG
93047 Regensburg, Germany
Tel.: + 49 (0)941 2986930
Fax: + 49 (0)941 29869316