Whether you are a customer or interested in our website for other reasons: The protection of your data privacy is important to us. In the following, we explain which personal data we capture, what we use it for and how we protect it. Moreover, we inform you about your rights regarding data protection.
SOMMERRUST GmbH (hereinafter also: SOMMERRUST) operates a website under the domain www.sommerrust.com and www.sommerrust.de, including all subpages (hereinafter: Offer). At this website, SOMMERRUST offers information and online services on topics regarding business innovation and business model development. Inter alia, the website includes the online service “Business Model Waves Test” (hereinafter: BM Waves Test). The BM Waves Test is designed to identify risks as well as the potential for innovation of a company or business. Evaluation via the BM Waves Test is based on the users’ statements and data about the respective company or business and its working environment.
When we process personal data, this means that we collect, store, submit, delete or use personal data in some other form. Personal data refers to information that relates to a natural person, for example
We process personal data that we receive when you use our online offer. Such data arise in particular when you inform yourself online about our services, when you use online forms e.g. when registering on our website or for our “BM Waves Test”, or when you contact us in writing, by e-mail or by phone.
If you use our website for information purposes, we process the following data, which are technically necessary for us to display our website to you and to guarantee stability and security:
The log file is used only for statistical evaluation during the operation of the offer. In case of legal infringements, the website’s log files may be used to pursue these infringements. Processing is based on a balancing of interests that always takes your interests into account (Art. 6, para. 1 sentence 1 lit. f GDPR).
Some parts of our website require that the accessing browser can be identified also after a website change. Some cookies remain stored and enable us to recognize your browser the next time you visit our website.
In particular, the following data is stored and transmitted in the cookies:
The data that is collected with these technically required cookies are not used for profiling.
Processing is based on a balancing of interests that always takes your interests into account (Art. 6, para. 1 sentence 1 lit. f GDPR).
Most of the cookies ("session cookies") used by us and the data stored and transmitted therein are automatically deleted at the end of your visit. Other cookies ("persistent cookies") remain stored on your device until you delete them.
You can set your browser in such a way that you are informed about the setting of cookies and only allow the acceptance of cookies for certain cases, or generally exclude it. You can also activate the automatic deletion of cookies when closing the browser. You can delete cookies that have already been stored at any time. When cookies are deactivated, the functionality of our website may be limited.
You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
Alternatively to the browser plug-in or within browsers on mobile devices, please click this link: Opt-out of Google Analytics to prevent future data collection by Google Analytics within this website (the opt-out works only in this browser and only for this domain). An opt-out cookie is stored on your device. If you delete your cookies in this browser, you must click this link again.
We use Google Analytics to analyze and regularly improve the use of our website. With the generated statistics, we can improve our offer and make it more interesting for you as a user. Processing is based on a balancing of interests that always takes your interests into account (Art. 6, para. 1 sentence 1 lit. f GDPR).
For the exceptional cases in which personal data is transferred to the USA, Google is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
We do not use social media plug-ins. Instead, the buttons available in some places of the website represent a link to the website of the respective social media service (in our case Facebook, Twitter, Xing and LinkedIn). The existence of the buttons alone do not yet result in data to be collected and transmitted to these services. Only when you click on a button will you be directed to the page of the respective provider.
Some online services require the personal registration of the user. Registration usually involves entering the following data:
The data you enter will only be transmitted to us in encrypted form. The password is only stored encrypted and is not visible to us.
We may extend or restrict the registration data. In addition, the IP address used during registration and the date of registration are stored to prevent misuse of the registration function.
The data provided will be used for the use of the offer. It is also used to inform users about changes to the scope of the offer or technical changes by e-mail and to prevent misuse of the online services. The legal basis for the processing of the data is Art. 6, para. 1 sentence 1 lit. b and lit. f GDPR.
As a registered user you have the possibility to use our BM Waves Test. As part of doing the BM Waves Test you will provide information about your company or the company you work for. This information includes for example the business sector or number of employees. In addition, we will ask you to provide some context information about your job (e.g. location, hierarchy level, position). In most cases, this data will not be personal data. In some instances, however, especially for smaller companies of sole traders, freelancers, tradesmen or other self-employed persons, this may be the case. Based on the data you provide, the innovative capacity of the company is assessed.
Within the context of the BM Waves Test, we use personal and other data for the following purposes:
Our optional newsletter informs users regularly about our services
For sending our newsletter, we use the so-called double opt-in procedure, i.e. we will send you our newsletter by email only if you have expressly consented to activation of our newsletter service. After you have done so, we will email you a notification, asking you to click an embedded link in order to confirm the newsletter. If you wish to receive our newsletter, we need a valid email address from you.
You can cancel your subscription of our newsletter at any time by giving notice to firstname.lastname@example.org, to the contact details in our imprint (e.g. by letter) or by using our electronic contact sheet. In addition, every newsletter will contain a link to cancel your subscription.
When registering for our newsletter, we will save your IP address and the date of registration. This is done solely to prove possible misuse of your email address by third parties. No additional data will be collected during registration for the newsletter. Your data will only be used to send the newsletter and not be given to third parties. The legal basis for the processing of your data is Art. 6, para. 1 sentence 1 lit. a GDPR.
Our offer allows you to contact us. This is possible, for example, by sending an e-mail. The information you provide when contacting us, such as your name, address, e-mail address and telephone number, will be stored in order to process your inquiry and any subsequent correspondence. The legal basis for the processing of the data is Art. 6, para. 1 sentence 1 lit. b or f GDPR.
Within the framework of our website, you have the option of giving us your express consent (see Section III. 7 above). In this case we also process your personal data on this basis (Art. 6, para. 1 sentence 1 lit. a GDPR). You will also be informed of the purpose of your consent. You have the right to revoke your consent at any time. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation.
If necessary, we process your data beyond the provision of our website, in particular for the following purposes:
Processing is based on a balancing of interests that always takes your legitimate interests into account (Art. 6, para. 1 sentence 1 lit. f GDPR).
Within the scope of our online offer, we need your personal data to carry out a registration, to provide our BM Waves Test or to send our newsletter. Without you providing us with the necessary data, we cannot offer the corresponding service.
We will only pass on your personal data if you have expressly consented, if there is a legal basis for this or if this is necessary for the enforcement of our rights, in particular for the enforcement or defence of claims.
In addition, your data will be passed on if you do not use a browser plug-in or the opt-out cookie to prevent data processing by Google Analytics.
For details, please read the explanations above under III. 2) and 3).
Service providers used by us may also receive data for the aforementioned purposes if they meet the data protection requirements in this respect. These can be companies in the categories of IT services, telecommunications and marketing in particular.
We will delete your data when we no longer need it for the purposes for which it was originally collected. For example, we delete your usage data after your visit to our website, unless we are permitted to process it as described above in pseudonymized or anonymous form for statistical purposes or to investigate legal infringements. We delete your data from inquiries, for example, after successful processing, unless we are allowed to process them further for other reasons, for example to send you information about our offer. In addition, we process your personal data for as long as we have a business relationship with you, for example because you have a user account with us. This does not apply only if – for a limited time – the further processing of your data is necessary for other purposes, e.g. for archiving.
Your data will only be transferred to third countries in exceptional cases and only if you do not use a browser plug-in or the opt-out cookie to prevent data processing by Google Analytics.
For details, please read the explanations above under III. 2) and 3). No other data is transmitted to international organizations or to third countries (countries outside the European Economic Area - EEA).
You have the following rights towards us regarding your personal data:
In addition, there is a right of appeal to the responsible data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 FDPA).
Within the context of our website and of maintaining the business relationship, we do not use fully automated decision making pursuant to Art. 22 GDPR.
As part of our BM Waves test, we use certain automated processing steps to evaluate your company's innovative capacity. As far as it concerns sole proprietorship, this can be interpreted in individual cases as profiling. This is done to provide the service we offer you (Art. 6, para. 1 lit. b GDPR). Apart from that, we do not use profiling.
You have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data based on Art. 6 para. 1 sentence 1 lit. e GDPR (data processing in the public interest) and Art. 6 para. 1 sentence 1 lit. f GDPR (data processing on the basis of a balancing of interests); this also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR. If you object, we will no longer process your personal data, unless we can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
In individual cases, we may process your personal data for our direct marketing and advertising. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct marketing.
If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes.
The objection can be made form-free and should be addressed to: