Privacy Policy for SOMMERRUST GmbH

I. Scope of application

SOMMERRUST GmbH (hereinafter also: SOMMERRUST) operates a website under the domain, including all subpages (hereinafter: Offer). At this website, SOMMERRUST offers information and online services on topics regarding business innovation and business model development. Inter alia, the website includes the online service “Business Model Waves Test” (hereinafter: BM Waves Test). The BM Waves Test is designed to identify risks as well as the potential for innovation of a company or business. Evaluation via the BM Waves Test is based on the users’ statements and data about the respective company or business and its working environment. This privacy policy informs users and other visitors of our website about the scope of personal data being collected, used and otherwise processed by SOMMERRUST. SOMMERRUST handles the personal data of its users in accordance with the German Telemedia Act (Telemediengesetz, “TMG“) and the German Federal Data Protection Act (Bundesdatenschutzgesetz, “BDSG“).

II. Personal information provided by the user

1. Collecting, processing and use of personal data

Personal data include all information concerning personal or material circumstances of an identified or identifiable individual. This includes e.g. name, email address and telephone number.

SOMMERRUST only collects, processes and uses personal data within the statutory boundaries or pursuant to the specific and express consent of the user. In general, personal data will not be given to third parties, especially not for advertising purposes.

All information provided by the user on our website will be encrypted before being transmitted to SOMMERRUST.

2. Cookies

Our online services use cookies which are being saved in the user’s browser. Cookies are small text files that facilitate access to and usability of our services. Our cookies contain information about the user’s visits to our website and the use of our services, e.g. language settings, login data, and frequency of visits. The use of cookies can be completely deactivated by altering the settings in all common internet browsers.

3. BM Waves Test

The BM Waves Test is based on information about the company or business provided by the user. The information required for evaluation relates to the line of business or number of employees as well as to the business environment (business premises, hierarchical levels, the employee’s field of duty). In general, this information does not contain personal data, but especially in the case of smaller enterprises this might be the case. Based on the data provided by the user, the company’s potential for innovation is being evaluated.

4. Registration

Some of SOMMERRUST’s online services require the user’s personal registration. The data provided during registration will be used to render our services. In addition, we consider personal registration necessary in order to prevent misuse of our services and to inform users about changes of our services and technical changes. During registration, the user will be asked to enter the following information:

  • name
  • surname
  • email
  • password

The password will be encrypted and cannot be accessed by SOMMERRUST.

SOMMERRUST may extend or restrict the information necessary for registration. In order to prevent misuse of the registration process, the IP address as well as the date of registration will be saved during the registration process.

5. Use of personal data

SOMMERRUST uses your personal data and other data for the following purposes:

  • The data provided for the BM Waves Test will be used for evaluating the capacity for innovation of a business or an organization.
  • The BM Waves Test may be carried out by a single person. The BM Waves Test is also offered as a group evaluation, enabling a group of employees or members of an organization to provide information for anonymous evaluation of the business. The information provided by the individual participants of the test will only be attributable to a specific participant and openly transmitted to and within the company or organization subject to prior and separate consent of the participants of the group evaluation.
  • The data will be saved and used for statistical purposes as well as to improve and develop the BM Waves Test and other online services offered by SOMMERRUST.
  • SOMMERRUST may use anonymized and aggregated data for scientific research publication

III. Visiting our website

In addition to the personal data provided by the users themselves, SOMMERRUST and third parties automatically collect certain data while using the website. Using SOMMERRUST’s offer implies interaction with the services of third parties.

1. Log information

Every time a user visits SOMMERRUST’s website, information is being sent from the user’s browser to our server log where it will be saved. The information transferred includes:

  • destination IP address
  • name of the accessed documents
  • time and date of the visit
  • transmitted data volume
  • notification regarding successful transfer
  • name of the web browser and its version as well as the operating system of the user
  • URL of the site that referred the user to SOMMERRUST
  • access provider

The log file is used only for statistical evaluation during the operation of the Offer. In case of legal infringements, the website’s log files may be used to pursue these infringements. The legal basis for the temporary storage of data is Art. 6 para. 1 lit. f DSGVO. The data will be deleted automatically after 4 weeks at the latest.

2. Google Analytics

This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, text files placed on the user’s computer, to help the website analyze how it is being used. The information generated by the cookie about the use of the website (including the user’s IP address) will be transmitted to and stored by Google on servers in the United States. In case the user actives IP masking on this website, the last octet of his IP address will be removed in the EU or another member state of the European Economics Area (EEA) prior to its use and storage in the United States. Only in exceptional cases the full IP address will be sent to a Google server in the United States before being reduced accordingly.

By demand of the host of this website, Google will use this information for the purpose of evaluating the user’s use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google. The user may refuse the use of cookies by selecting the appropriate settings on his or her browser. Attention: These changes may prevent the user from using the full functionality of this website.
Furthermore, the users may prevent their data from being used by Google Analytic by installing the Google Analytics opt-out browser add-on. The browser plugin can be downloaded at:

By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

3. Optimizely

This website uses Optimizely, a range of website analytics services for A/B and multivariate testing purposes provided by Optimizely, Inc. This service uses cookies to identify a visitor's browser and track website usage while on this website. The cookies do not collect personal information about the user. For more information on how Optimizely uses the data, please go to: Any user can prevent his tracking by Optimizely by following the instruction to opt out at

4. Facebook

This website uses social plugins (“plugins”) provided by the social network, operated by Facebook, Inc. (1601 S. California Avenue, Palo Alto, CA 94304, USA (“Facebook”)).

While visiting a page of our website that contains a social plugin, the user’s browser establishes a direct connection to Facebook servers. Facebook directly transfers the plugin content to the user’s browser which embeds the latter into the website, enabling Facebook to receive information about the user having accessed the respective page of our website. Thus SOMMERRUST has no influence on the data gathered by the plugin.
The embedded plugins provide Facebook with the information that the user has accessed on the corresponding page of our website. If the user is logged into Facebook, the visit can be assigned to the user’s Facebook account. If the user interacts with the plugins, for example by clicking “Like,” or entering a comment, the corresponding information is transmitted from the user’s browser directly to Facebook and stored by Facebook. Even if the user is not logged into Facebook, it may be possible that the plugins transmits the user’s IP-address to Facebook.
If you are a Facebook member and do not want Facebook to connect the data concerning your visit to our website with your member data already stored by Facebook, please log off Facebook before entering our website. Furthermore, you can block Facebook social plugins by using add-ons for your browser, like the "Facebook Blocker."

5. Twitter

This website also uses functions of Twitter. These functions are being offered by Twitter, Inc. (795 Folsom St., Suite 600, San Francisco, CA 94107, USA). The use of Twitter and the “Re-Tweet” function links the websites the user visits with the user’s Twitter account and makes this information available to other users. Data are transferred to Twitter in the process.

SOMMERRUST has no knowledge of the content of the transferred data or of its use by Twitter. According to Twitter, the plugin collects the user’s IP address and the address of the offer.

6. LinkedIn

This website also uses socalled social plugins (“plugins”) from the social network, which is operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (“LinkedIn“). While accessing a webpage that contains a LinkedIn plugin, the user’s browser establishes a direct connection with the LinkedIn servers. The content of the plugin is transferred by LinkedIn directly to the user’s browser, which then integrates it into the website.

The integration of the plugin provides LinkedIn with the information that the user has accessed the corresponding webpage of our website, regardless of whether the user interacts with the plugins or not. If the user is logged into LinkedIn, LinkedIn can assign the visit to the user’s LinkedIn account. If the user interacts with the plugin e.g. by using the “Share” button, the user’s browser will send the corresponding information directly to LinkedIn, where it will be stored. For more information on the purpose and scope of LinkedIn’s data collection and on how the information is processed and used by LinkedIn, please read LinkedIn’s privacy policy at

In order to prevent LinkedIn from collecting information about the user via our website, the user must log out of LinkedIn before visiting our website.

7. Xing

This website uses the social plugin of the social network Xing, operated by Xing AG, Gänsemarkt 43, 20354 Hamburg, Germany (“Xing”). Visiting a webpage on our website that contains a Xing plugin button, the browser establishes a direct connection to Xing’s servers.

The content of the Xing plugin is transmitted by Xing directly to the browser, which will embed the latter into the website. Therefore, SOMMERRUST has no influence on the amount of data that Xing collects via the plugin. According to Xing, personal data will not be collected when not clicking the button. Only with members logged in, such data, including the IP address, will be collected and stored.

For more information on the purpose and scope of Xing’s data collection and on how the information is processed and used by Xing, please read Xing’s privacy policy at

8. Liability for external links

Our website contains links to websites of third parties (“external links“). At the point of time when the external links were placed, SOMMERRUST was not aware of any legal infringements by those external websites. As soon as any legal infringement become known to SOMMERRUST, the link in question will be removed immediately.

9. Integration of third-party services

To enhance our services, it may be necessary to integrate contents of third parties into our Offer, such as videos from Youtube or services from Google Maps. In order to load this content of the third party providers, the user’s IP address has to be transmitted. SOMMERRUST undertakes to only use content of those third parties which use the user’s IP address solely to deliver the content requested to the user without saving it for other purposes.

IV. Newsletter

Our optional newsletter informs users regularly about SOMMERRUST and our services.

For sending our newsletter, we use the so-called double opt-in procedure, i.e. we will send you our newsletter by email only if you have expressly consented to activation of our newsletter service. After you have done so, we will email you a notification, asking you to click an embedded link in order to confirm the newsletter. If you wish to receive our newsletter, we need a valid email address from you.

You can cancel your subscription of our newsletter at any time by giving notice to, to the contact details in our imprint (e.g. by letter) or by using our electronic contact sheet. In addition, every newsletter will contain a link to cancel your subscription

When registering for our newsletter, we will save your IP address and the date of registration. This is done solely to prove possible misuse of your email address by third parties. No additional data will be collected during registration for the newsletter. Your data will only be used to send the newsletter and not be given to third parties.

V. Right to information

Users are entitled, within reasonable limits, to free information as to which extent their personal data are being stored by SOMMERRUST.

VI. Changes, correction and update of personal data; revocation of consent

Users are entitled to correction and update of their personal data in cases where they cannot do so themselves. In addition, users are entitled to blocking or deletion of their personal data unless SOMMERRUST is under a statutory obligation to store the specific data. In addition, the users’ personal data will be deleted if they revoke their consent to save and process such data or if due to statutory reasons, saving and processing the respective data is not permissible anymore. The users can revoke their consent to collect, process and use their personal data with effect for the future at any time via email to