Information on Data Protection

1. Name and address of the controller

Responsible for the processing personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) is:

• Sinn Spezialuhren GmbH
• Wilhelm-Fay-Strasse 21
• 65936 Frankfurt am Main, Germany
• Tel.: +49 (0)69 9784 140
• Internet: www.sinn.de
• Email: info@sinn.de

You can contact our data protection officer at: datenschutz@sinn.de

2. Data subjects

This privacy policy applies to all natural persons who are customers, potential customers, suppliers or business partners of Sinn Spezialuhren GmbH or employees of a customer, supplier or business partner that cooperates with Sinn Spezialuhren GmbH as well as those who apply for a job with Sinn Spezialuhren GmbH. The privacy policy explains how Sinn Spezialuhren GmbH, Wilhelm-Fay-Strasse 21, 65936 Frankfurt am Main, Germany (hereinafter Sinn Spezialuhren, we, us) collects and processes your personal data in connection with the management of our business relationship.

2.1 Customers, potential customers, suppliers and business partners of Sinn Spezialuhren GmbH

a) Categories of personal data

Unless restricted by local laws, Sinn Spezialuhren collects, processes and uses the following categories of personal data about you:

• Name
• Title or position
• Business contact details (address, phone and fax numbers, email address)
• Name of employer
• Content of communication (e.g. email or business letters)
• Website registration and details concerning website use
• Contractual details
• Products or services supplied or offered
• Invoice and payment information
• Details about the business relationship

b) Purposes of data processing

If necessary, we process your personal data solely to ensure an effective customer relationship with you. This includes:

• Processing your enquiries and complaints
• Correcting previously submitted personal data due to changes in contact details or similar reasons
• Completing pre-contractual measures
• Implementing the contractual relationship
• Processing invoices
• Communicating with you
• Documenting the business relationship
• Sending advertising and promotional information
• Ensuring the security of our IT systems

2.2 Individuals who apply for a job with Sinn Spezialuhren

a) Categories of personal data

Sinn Spezialuhren collects, processes and uses the following categories of personal data, among others, in connection with your application:

• Personal details: name, nationality and date of birth;
• Contact details: home address, telephone numbers and email addresses;
• Application information: work experience (including references from previous employers), qualifications and professional background, academic background, language skills, professional knowledge and skills, certificates, membership in professional associations, social engagement
• Job interview records
• Communication data (email, written correspondence)

b) Purposes of data processing

If necessary, we process your personal data solely to ensure the effective management of your application. This includes:

• Application and recruitment activities
• Administration of your application documents
• Evaluation of qualifications
• Conducting interviews
• Making a hiring decision
• Planning the induction and new recruit process
• Communication with you

2.3 Visiting and using our website

When our website is visited, we may collect certain technical data about users, which is automatically sent to us by their web browser when they access a website online or use an application on a mobile device.
Such data is automatically recorded by our servers. It includes, but is not limited to, the IP address, browser type, browser language, the date and time of the visit, and uniform resource locators (URLs, i.e. website addresses) you visited before or after accessing our website.
Depending on the location of the user and the data concerned, such technical information may fall under the category of personal data.

The following list outlines the specific data concerned as well as the processing purposes, legal basis, recipients and transfers to third countries:

Log files

We create a log of your visit to our website. The following data is processed: name of the accessed website page, date and time of access, data transfer volumes, browser type and version, operating system in use, referrer URL (the previously visited website), your IP address and the requesting provider. This is necessary to ensure the security of the website and for analysis purposes. We process data accordingly on the basis of our legitimate interests in accordance with article (6)(1)(f) of the GDPR. The log file is deleted after seven days unless it is required to provide clarification or evidence of specific infringements that become known during the stipulated retention period.

Hosting

With regard to hosting, all data to be processed in connection with the running of this website is stored. This is necessary to enable website operation. We process data accordingly on the basis of our legitimate interests in accordance with article (6)(1)(f) of the GDPR. To make our website available, we use the services of web hosting providers, with whom we share the above data.

Contact

If you contact us, your data (name, contact and address details, if provided) and your message will be processed solely for the purpose of processing and managing your enquiry. We process this data on the basis of article 6(1)(b) or article 6(1)(f) of the GDPR in order to manage your enquiry.

Purchase processing

We process your order data in order to process the purchase contract. This data processing is carried out in accordance with the legal basis set out in article 6(1)(b) of the GDPR.
We share your address information with the company charged with delivery. If it is necessary for processing the contract, we also provide your email address or telephone number so that a delivery date can be agreed with the company charged with delivery (advance notice).
We share your transaction data (name, order date, payment method, dispatch and/or receipt date, amount and payee, if applicable, bank details or credit card details, if applicable address information, if applicable email adress) with the payment service provider responsible for processing payment. In the Sinn online shop, you will be taken from the ordering process directly to the payment pages, where you can then pay. Payment by credit card at our business locations is handled via the terminals of our external payment service provider.

Website analysis and marketing

We use cookies to enable the use of certain features. These are short data files that are stored on your device and exchanged with other providers. Some of the cookies we use are immediately deleted after you close your browser (‘session cookies’). Other cookies remain on your device and allow us to recognise your browser when you next visit (‘persistent cookies’). You can delete all of the cookies stored on your device, and the most popular browsers have settings that can prevent the storage of cookies. If these settings are active, you may need to make some settings every time you visit this website and accept that some features may be compromised as a result.

Video conference

We use the service Cisco Webex which is provided by Cisco Systems, Inc., Legal Department, 170 West Tasman Dr., San Jose, CA 95134, USA for our video conferences.

When a video conference is held with Cisco Webex, Cisco processes the following three categories of personal data.

• Registration information
• User information
• User-generated data

For more information about what data are processed from each category, see the Webex Meetings Privacy Data Sheet:
https://trustportal.cisco.com/c/dam/r/ctp/docs/privacydatasheet/collaboration/cisco-webex-meetings-privacy-data-sheet.pdf

All confidential data are encrypted by the service when they are stored. Stored data that are not encrypted are protected by highly secure protective mechanisms and conventional operating procedures for computing centres. The computing centres of Webex Meetings have a communications infrastructure which boasts industry-leading performance and availability. Cisco has secured its data centres for Webex Meetings both physically and logically. The corresponding certifications have been awarded pursuant to BSI C5 and ISO/IEC 27001:
https://trustportal.cisco.com/c/dam/r/ctp/docs/iso/collaboration/cisco-webex-teams-meetings-iso-27001.pdf

Cisco Webex meets the criteria of the following certificates and regulatory requirements:

• ISO/IEC 27001, 27017
• ISO 27018
• SOC 2 Type 1 and Type 2
• Cloud computing compliance criteria catalogue (C5) – German Federal Office for Information Security (BSI)
• EU–US Privacy Shield
• APEC Cross-Border Privacy Rules
• Binding corporate rules
• European standard contractual clauses
• European GDPR

Available certificates can be found at: https://trustportal.cisco.com/

3. Legal basis for data processing

We always process your personal data in accordance with the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG new).

Below you can read a description of the legal basis on which we process your personal data. Please note that these details are examples only and do not represent a complete or exhaustive list of the possible legal basis for data processing.

Consent (article 6(1)(a) of the GDPR)

We process certain personal data only with your prior, explicit consent. This is the case, for example, if you have agreed that we may send advertising or promotional information in electronic format. You are entitled to revoke your consent at any time in order to stop the continued processing of this data.

Fulfilment of a contract with you (article 6(1)(b) of the GDPR)

Data processing is necessary in order to fulfil a contract or to complete pre-contractual measures. Sinn Spezialuhren processes your personal data solely in order to meet the legal obligations resulting from such contracts.

Fulfilment of a legal obligation (article 6(1)(c) of the GDPR)

Sinn Spezialuhren is subject to a range of legal requirements. In order to comply with these requirements, we need to process certain personal data.

Protection of the legitimate interests of Sinn Spezialuhren or a third party (article 6(1)(f) of the GDPR)

Sinn Spezialuhren processes certain personal data in order to safeguard its legitimate interests or the interests of third parties. However, this only happens in individual cases if your interests as data subject do not have priority over the interests of Sinn Spezialuhren.

4. Recipients or categories of recipients of personal data

As a rule, Sinn Spezialuhren ensures that your personal data is accessible only to a limited number of authorised persons who need to know this information in line with the purposes of processing outlined above.
Your personal data is not disclosed, sold or otherwise transmitted to third parties unless this is necessary for the purpose of fulfilling the contract with you or you have given your express consent to such transmission.
We also employ external contractors when processing your enquiries and providing access to our services. These service providers are contractually obliged to comply with data protection regulations, and they process personal data only in line with our instructions.

Under these conditions, the recipients of personal data may include service providers, processors or other third parties tasked with providing the following services:

• Support and maintenance of IT and telecommunications systems
• Data destruction
• Debt recovery and payment processing
• Customer relationship management
• Marketing
• Website management
• Media technology
• Payments
• Purchasing and procurement

All data processing takes place in Germany or member states of the European Union. Should any personal data that we collect or process about you be shared with recipients located outside the European Economic Area (EEA), we have taken appropriate action to ensure compliance with the Data Protection Regulation, such as concluding appropriate EU model contract clauses, obtaining Privacy Shield certification (US), and implementing recognised codes of conduct or certification mechanisms under article 42 of the GDPR.

Payment by credit card at our business locations is handled by the external payment service provider Wirecard Bank AG, Einsteinring 35, 85609 Aschheim, Germany (Wirecard). For more details about data privacy and other legal information, please refer to: https://www.wirecardbank.com/GDPR

Payments by credit card in Sinn’s online shop are handled by the external payment service providers Commerzbank AG, Kaiserplatz, 60311 Frankfurt am Main, Germany and SIX Payment Services (Europe) S.A., 10, rue Gabriel Lippmann, 5365 Munsbach, Luxembourg. Further information about data protection policy as well as other legal information can be found under the following links.
Commerzbank AG: https://www.commerzbank.de/portal/de/footer1/recht/rechtliche_hinweise.html
SIX Payment Services (Europe) S.A.:https://www.six-payment-services.com/en/services/legal/privacy-statement.html

If you order a catalog with a delivery address in Switzerland, we will pass on your data for the purpose of processing the order to our Swiss sales partner Uhrenatelier Sonja Lobeto, Breitestrasse 13, 8472 Seuzach.

5. Duration of data storage

In accordance with article 17(1)(a) of the GDPR, your personal data is routinely deleted if it is no longer necessary for fulfilment of contract and no longer subject to statutory retention periods.
Instead of being deleted, data is blocked if there are legal or factual obstacles to deletion, for instance in the case of special commercial or tax-related retention obligations, to preserve evidence under a statute of limitations or to deal with outstanding claims.
In principle, we delete applicants’ data three months after the employment decision has been made by Sinn Spezialuhren or after candidates reject an offer from Sinn Spezialuhren. Sinn Spezialuhren may retain your application data for two years if you have agreed to be considered for other positions at Sinn Spezialuhren.

6. Automated decision-making processes

As a rule, we do not use automated decision-making processes under article 25 of the GDPR to justify and manage the business relationship. If such processes are used in individual cases, we will inform you about this separately in advance to the extent required by law.

7. Data security

Sinn Spezialuhren has taken appropriate technical and organisational measures to prevent the unauthorised or unlawful disclosure of your personal data and unauthorised or unlawful access to your personal data as well as the inadvertent or unlawful loss, destruction or modification of your personal data and any damage. These measures ensure a level of security that corresponds to the risks involved in processing and the nature of the personal data to be protected. Our security measures are continuously improved in line with developments in technology.

8. Your rights as data subject

a) Information

On request and at no cost, you may receive information about the personal data we have stored about you at any time.

b) Rectification, deletion, restriction of processing (blocking) and objection

If you no longer agree that your personal data may be stored or if this information is no longer correct, we will have your data deleted or blocked with appropriate notice or make the necessary corrections (to the extent possible under the applicable law). The same applies if we receive the instruction to restrict processing with future effect.

c) Data portability

Upon request, we will provide you with your data in a structured, commonly used and machine-readable format so that you can share this information with another controller if desired.

d) The right to lodge a complaint

You have the right to complain to the responsible supervisory authority about your rights as a data subject. Contact details of the Federal and State Commissioner for Data Protection can be found at:
(https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html).

e) The right to revoke consent with future effect

You are able to revoke any consent given at any time with future effect. Your withdrawal of consent does not affect the legality of any data processing carried out with your consent before the time of revocation.

f) Restrictions

In cases where we are unable to identify the data subject of information, for instance if it has been made anonymous for analysis purposes, the rights outlined above do not apply. It may be possible to exercise the right to information, deletion, blocking, correction or transfer to another company with respect to such information if you provide us with additional information that allows us to identify the data subject.

g) Exercising your rights as data subject

If you have any questions concerning the processing of your personal data, or if you would like to exercise your right to information, correction, blocking, objection or deletion with respect to your personal data, or to have it transferred to another company, please contact datenschutz@sinn.de.

9. Data protection information updates

This privacy policy is currently valid and was issued on 01 September 2020.