Privacy Policy

Information according to Art. 13, 14 and 21 of the General Data Protection Regulation (GDPR) - This translation from the legally binding German version is for information purposes only.

Whether you are a customer or interested in our website for other reasons: The protection of your data privacy is important to us. In the following, we explain which personal data we capture, what we use it for and how we protect it. Moreover, we inform you about your rights regarding data protection.

I. Who we are

SOMMERRUST GmbH (hereinafter also: SOMMERRUST) operates a website under the domain www.sommerrust.com and www.sommerrust.de, including all subpages (hereinafter: Offer). At this website, SOMMERRUST offers information and online services on topics regarding business innovation and business model development. Inter alia, the website includes the online service “Business Model Waves Test” (hereinafter: BM Waves Test). The BM Waves Test is designed to identify risks as well as the potential for innovation of a company or business. Evaluation via the BM Waves Test is based on the users’ statements and data about the respective company or business and its working environment.

SOMMERRUST handles the personal data of its users in accordance with the General Data Protection Regulation (GDPR). Please contact us if you have any questions about this privacy policy or about how we protect your data:

SOMMERRUST GmbH
Rheinsberger Straße 49
10435 Berlin
Germany
E-Mail: privacy@sommerrust.com

II. What is this about?

When we process personal data, this means that we collect, store, submit, delete or use personal data in some other form. Personal data refers to information that relates to a natural person, for example

  • Customers of the SOMMERRUST GmbH like individual entrepreneurs (sole traders, freelancers, tradesmen or other self-employed persons) as well as employees or members of corporations (e.g. GmbH, AG, OHG)
  • Interested parties that want to inform themselves about our offerings on our website.

We process personal data that we receive when you use our online offer. Such data arise in particular when you inform yourself online about our services, when you use online forms e.g. when registering on our website or for our “BM Waves Test”, or when you contact us in writing, by e-mail or by phone.

III. What data do we collect and for what purpose do we process it when you visit our website?

1. Which data do we process when you use our website for information purposes?

If you use our website for information purposes, we process the following data, which are technically necessary for us to display our website to you and to guarantee stability and security:

  • destination IP address
  • name of the accessed file
  • time and date of the visit
  • transmitted data volume
  • notification regarding successful transfer
  • name of the web browser and its version as well as the operating system of the user
  • referrer URL
  • access provider
  • screen resolution

The log file is used only for statistical evaluation during the operation of the offer. In case of legal infringements, the website’s log files may be used to pursue these infringements. Processing is based on a balancing of interests that always takes your interests into account (Art. 6, para. 1 sentence 1 lit. f GDPR).

2. Do we use cookies?

This website uses cookies. Cookies serve to make our offer more user-friendly, effective and secure. Cookies are text files that are stored in the user’s browser. A cookie contains a string of characters that uniquely identifies your system when you return to the website at a later point in time.

Some parts of our website require that the accessing browser can be identified also after a website change. Some cookies remain stored and enable us to recognize your browser the next time you visit our website.

In particular, the following data is stored and transmitted in the cookies:

  • language settings
  • login data
  • information on forms that have not yet been completed in full as part of registration and further use of our online offer

The data that is collected with these technically required cookies are not used for profiling.

Processing is based on a balancing of interests that always takes your interests into account (Art. 6, para. 1 sentence 1 lit. f GDPR).

Most of the cookies ("session cookies") used by us and the data stored and transmitted therein are automatically deleted at the end of your visit. Other cookies ("persistent cookies") remain stored on your device until you delete them.

You can set your browser in such a way that you are informed about the setting of cookies and only allow the acceptance of cookies for certain cases, or generally exclude it. You can also activate the automatic deletion of cookies when closing the browser. You can delete cookies that have already been stored at any time. When cookies are deactivated, the functionality of our website may be limited.

3. Which analysis tools do we use?

Google Analytics

This website uses Google Analytics. Google Analytics is a web analytics service of Google Inc. ("Google"). Google Analytics uses cookies that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

This website uses Google Analytics with the extension "_anonymizeIp()". As a result, Google will truncate IP addresses beforehand within Member States of the European Union or in other signatory states to the Agreement on the European Economic Area. Establishing of a direct link that relates to a specific person within the context of further processing can thus be excluded. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and be truncated there. On our behalf, Google will use this information to evaluate your use of the website, to generate reports on website activities and to provide us with other services relating to website and internet use. The IP address transmitted by your browser in the context of Google Analytics will not be merged with other Google data. You may prevent the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this you may not be able to use the full functionality of this website.

You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.

Alternatively to the browser plug-in or within browsers on mobile devices, please click this link: Opt-out of Google Analytics to prevent future data collection by Google Analytics within this website (the opt-out works only in this browser and only for this domain). An opt-out cookie is stored on your device. If you delete your cookies in this browser, you must click this link again.

We use Google Analytics to analyze and regularly improve the use of our website. With the generated statistics, we can improve our offer and make it more interesting for you as a user. Processing is based on a balancing of interests that always takes your interests into account (Art. 6, para. 1 sentence 1 lit. f GDPR).

For the exceptional cases in which personal data is transferred to the USA, Google is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

Third Party Information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of Use: http://www.google.com/analytics/terms/en.html, Privacy Policy Analytics: http://www.google.com/intl/en/analytics/learn/privacy.html, and Privacy Policy: http://www.google.de/intl/en/policies/privacy.

4. Social Media Plug-Ins

We do not use social media plug-ins. Instead, the buttons available in some places of the website represent a link to the website of the respective social media service (in our case Facebook, Twitter, Xing and LinkedIn). The existence of the buttons alone do not yet result in data to be collected and transmitted to these services. Only when you click on a button will you be directed to the page of the respective provider.

5. Registration function

Some online services require the personal registration of the user. Registration usually involves entering the following data:

  • first and last name
  • form of address
  • email
  • password

The data you enter will only be transmitted to us in encrypted form. The password is only stored encrypted and is not visible to us.

We may extend or restrict the registration data. In addition, the IP address used during registration and the date of registration are stored to prevent misuse of the registration function.

The data provided will be used for the use of the offer. It is also used to inform users about changes to the scope of the offer or technical changes by e-mail and to prevent misuse of the online services. The legal basis for the processing of the data is Art. 6, para. 1 sentence 1 lit. b and lit. f GDPR.

6. BM Waves Test

As a registered user you have the possibility to use our BM Waves Test. As part of doing the BM Waves Test you will provide information about your company or the company you work for. This information includes for example the business sector or number of employees. In addition, we will ask you to provide some context information about your job (e.g. location, hierarchy level, position). In most cases, this data will not be personal data. In some instances, however, especially for smaller companies of sole traders, freelancers, tradesmen or other self-employed persons, this may be the case. Based on the data you provide, the innovative capacity of the company is assessed.

Within the context of the BM Waves Test, we use personal and other data for the following purposes:

  • Based on the data provided for the BM Waves Test, we will create the test results for the assessment of the innovative capacity of the company or organization. The BM Waves Test can be done by a single person. It can also be conducted as a group test with a number of employees of a company or members of an organization. In this case, anonymous assessments are created for the group. The results of the BM Waves Test are stored and may be used for comparing them with later results. The processing of date is based on Art. 6, para. 1 sentence 1 lit. b GDPR.
  • Personal data are only shared within the company or organization provided the explicit consent of the respective participant (Art. 6, para. 1 sentence 1 lit. a GDPR).
  • SOMMERRUST GmbH also uses the data for statistical reasons and to further develop the BM Waves Test or other online services of the SOMMERUST GmbH. The data is used as a result of the balancing of interests that will always also consider your interests (Art. 6, para. 1 sentence 1 lit. f GDPR).
  • We also use anonymized and aggregated data for the purpose of scientific and other content-related publications.

7. Newsletter

Our optional newsletter informs users regularly about our services

For sending our newsletter, we use the so-called double opt-in procedure, i.e. we will send you our newsletter by email only if you have expressly consented to activation of our newsletter service. After you have done so, we will email you a notification, asking you to click an embedded link in order to confirm the newsletter. If you wish to receive our newsletter, we need a valid email address from you.

You can cancel your subscription of our newsletter at any time by giving notice to privacy@sommerrust.com, to the contact details in our imprint (e.g. by letter) or by using our electronic contact sheet. In addition, every newsletter will contain a link to cancel your subscription.

When registering for our newsletter, we will save your IP address and the date of registration. This is done solely to prove possible misuse of your email address by third parties. No additional data will be collected during registration for the newsletter. Your data will only be used to send the newsletter and not be given to third parties. The legal basis for the processing of your data is Art. 6, para. 1 sentence 1 lit. a GDPR.

8. How do we process your data when you contact us?

Our offer allows you to contact us. This is possible, for example, by sending an e-mail. The information you provide when contacting us, such as your name, address, e-mail address and telephone number, will be stored in order to process your inquiry and any subsequent correspondence. The legal basis for the processing of the data is Art. 6, para. 1 sentence 1 lit. b or f GDPR.

IV. Do we process your data on the basis of a consent?

Within the framework of our website, you have the option of giving us your express consent (see Section III. 7 above). In this case we also process your personal data on this basis (Art. 6, para. 1 sentence 1 lit. a GDPR). You will also be informed of the purpose of your consent. You have the right to revoke your consent at any time. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation.

V. For what other purposes do we process your data?

If necessary, we process your data beyond the provision of our website, in particular for the following purposes:

  • Enforcement of legal claims and defence in legal disputes,
  • Advertising or market and opinion research, unless you have objected to the use of your data for this purpose,
  • Guarantee of IT security,
  • Prevention and investigation of criminal offences.

Processing is based on a balancing of interests that always takes your legitimate interests into account (Art. 6, para. 1 sentence 1 lit. f GDPR).

VI. Am I obliged to give you certain personal data?

Within the scope of our online offer, we need your personal data to carry out a registration, to provide our BM Waves Test or to send our newsletter. Without you providing us with the necessary data, we cannot offer the corresponding service.

VII. Who gets my data?

We will only pass on your personal data if you have expressly consented, if there is a legal basis for this or if this is necessary for the enforcement of our rights, in particular for the enforcement or defence of claims.

In addition, your data will be passed on if you do not use a browser plug-in or the opt-out cookie to prevent data processing by Google Analytics.

For details, please read the explanations above under III. 2) and 3).

Service providers used by us may also receive data for the aforementioned purposes if they meet the data protection requirements in this respect. These can be companies in the categories of IT services, telecommunications and marketing in particular.

VIII. When do we delete your data?

We will delete your data when we no longer need it for the purposes for which it was originally collected. For example, we delete your usage data after your visit to our website, unless we are permitted to process it as described above in pseudonymized or anonymous form for statistical purposes or to investigate legal infringements. We delete your data from inquiries, for example, after successful processing, unless we are allowed to process them further for other reasons, for example to send you information about our offer. In addition, we process your personal data for as long as we have a business relationship with you, for example because you have a user account with us. This does not apply only if – for a limited time – the further processing of your data is necessary for other purposes, e.g. for archiving.

IX. Will your date be transmitted to a third country or international organization?

Your data will only be transferred to third countries in exceptional cases and only if you do not use a browser plug-in or the opt-out cookie to prevent data processing by Google Analytics.

For details, please read the explanations above under III. 2) and 3). No other data is transmitted to international organizations or to third countries (countries outside the European Economic Area - EEA).

X. What rights do you have regarding the processing of your data?

You have the following rights towards us regarding your personal data:

  • the right to be informed,
  • the right to correction or deletion,
  • the right to limit data processing,
  • the right to data transferability,
  • the right to revoke consent given.

In addition, there is a right of appeal to the responsible data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 FDPA).

XI. Do we use automated decision making in individual cases?

Within the context of our website and of maintaining the business relationship, we do not use fully automated decision making pursuant to Art. 22 GDPR.

XII. To what extent do we use profiling?

As part of our BM Waves test, we use certain automated processing steps to evaluate your company's innovative capacity. As far as it concerns sole proprietorship, this can be interpreted in individual cases as profiling. This is done to provide the service we offer you (Art. 6, para. 1 lit. b GDPR). Apart from that, we do not use profiling.

XIII. Information on your right of objection under Article 21 GDPR

1. Right of objection in individual cases

You have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data based on Art. 6 para. 1 sentence 1 lit. e GDPR (data processing in the public interest) and Art. 6 para. 1 sentence 1 lit. f GDPR (data processing on the basis of a balancing of interests); this also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR. If you object, we will no longer process your personal data, unless we can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

2. Objecting to the processing of your data for our direct marketing purposes

In individual cases, we may process your personal data for our direct marketing and advertising. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct marketing. If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes.
The objection can be made form-free and should be addressed to:

SOMMERRUST GmbH
Rheinsberger Straße 49
10435 Berlin
Germany
privacy@sommerrust.com