Information on data protection and data security at Sennheiser electronic SE & Co. KG
1. Preliminary remark
This privacy policy applies to the websites of Sennheiser electronic SE & Co. KG (hereinafter referred to as "Sennheiser"). Different privacy policies texts may apply on other third-party servers and websites.
Sennheiser takes the protection of personal data very seriously. For this reason, we would like to inform the users of our website what data is stored and how this data is used. The data protection regulations oblige us to handle user data properly and appropriately. We will not use your data for purposes other than those stated.
Sennheiser is subject to the provisions of the European General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), the German Telemedia Act (TMG) and the German Telecommunications Telemedia Data Protection Act (TTDSG) and has taken appropriate technical and organizational measures to ensure that the regulations on data protection are observed.
2. Data Controller
Sennheiser electronic SE & Co. KG
Am Labor 1
30900 Wedemark
Germany
Tel .: +49 (0) 5130 600 0
Fax: +49 (0) 5130 600 1300
E-Mail: datenschutz@sennheiser.com
Further details can be found in the imprint.
Please note that there may also be marked third-party content on our websites for which Sennheiser is not responsible in terms of data protection and additional data protection information from the respective provider applies.
3. Data Protection Officer
If you have any questions about data protection and this privacy policy, you can also contact Sennheiser's data protection officer:
Dipl.-Kfm. Marc Althaus
Frapanweg 22
D-22589 Hamburg
4. Handling of personal data
Personal data is any information relating to an identified or identifiable natural person. A natural person is considered to be identifiable if they can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier or one or more special features.
5. Use of the website and creation of log data
5.1 Description of data processing
Every time a user accesses a Sennheiser website and every time a file is called up, data about this process is stored in a log file. Depending on the access log used, the log data record contains information with the following content:
- IP address of the requesting computer
- Name of the requested file
- Date and time of the request
- Access methods/functions desired by the requesting computer
- Access status of the web server
- Web server access status
- the URL from which the file was requested
- Operating system and browser type or browser settings.
No usage profiles are created in which IP addresses and personal data are linked. Something else only applies if this is presented separately in this privacy policy.
5.2 Legal basis for data processing
The legal basis results from the legitimate interest according to Article 6 Paragraph 1 Letter f GDPR and, if applicable, from the fulfilment of legal obligations according to Article 6 Paragraph 1 Letter c GDPR. Sennheiser's legitimate interest lies in the uninterrupted provision of website content and the prevention of unauthorized access.
5.3 Purpose of data processing
The personal data is used exclusively for the purpose of providing the content technically, identifying and tracking unauthorized access attempts/access to the web server, and for statistical evaluations such as visitor numbers and page popularity. The evaluation is only carried out by authorized personnel.
5.4 Duration of data storage
Your personal data will be deleted as soon as the purpose required for processing has been achieved. Different retention periods may arise due to legal requirements.
Regarding the use of the website, your data will be deleted after the end of the session, unless otherwise specified.
6. Contact, comment function, chat function, e-mails
6.1 Description of data processing
When using the contact form or contacting us via email, personal data is processed. The data entered is transmitted to Sennheiser. By using the comment function, the entries are displayed with the specified name on the website.
We also provide a chat function for the transmission of messages. We use the "iAdvize" software for this, which is provided by the company iAdvize SAS, vBat B Le Berlingot, 9 rue Nina Simone, CS 14021, F-44040 NANTES CEDEX 1 (hereinafter referred to as "iAdvize"). A corresponding data protection contract with iAdvize is in place. Further information on data protection can be found in iAdvize's privacy policy at: https://privacy.iadvize.com/en/
The following categories of data may be processed:
- product affiliation
- Master data (e.g. first name, surname)
- Address data (e.g. street, zip code)
- Contact details (e.g. telephone number, e-mail address)
- message content
Personal data that you provide us with is transmitted to us in encrypted form via a secure connection. The security procedure used (SSL – Secure Sockets Layer) corresponds to the usual state of the art. We use encryption with a 256-bit key for this. SSL encryption (recognizable by https:// in the address line of the browser and a lock symbol in the status bar at the bottom of the browser) is a protocol for encrypting data during transmission from the web server to the browser. During transmission, personal data is encrypted between the user's computer and our SSL server using the SSL protocol.
6.2 Legal basis for data processing
The legal basis results from the legitimate interest according to Art. 6 Para. 1 lit. f GDPR. The legitimate interest in the proper processing of the contact.
6.3 Purpose of data processing
The personal data is processed exclusively for the purpose of processing and answering contacts.
6.4 Duration of data storage
Your personal data will be deleted as soon as the purpose required for processing has been fulfilled. Different retention periods may arise due to legal requirements.
7. Use of Sprout Social to manage personal data
7.1 Description of data processing
We use Sprout Social's social media management tool to manage and process your concerns that reach us publicly and/or via private messages via our social media channels (in particular Facebook, Instagram and LinkedIn). Sprout Social presents posts and messages relevant to us from all social media channels we use clearly and effectively for analysis and processing. At least your IP address is transmitted to Sprout Social. In addition, we process the data that you share with us via your social media accounts, in some cases according to your individual privacy settings, among other things
- Master data (e.g. first name, surname)
- Contact details (e.g. telephone number, e-mail address)
- dates of birth
- social media name
- number of followers
- profile picture and other publicly available pictures and/or
- interests and other personal information.
Data processing takes place on Sprout Social servers in the USA. In this respect, we have concluded an order processing contract in accordance with Art. 28 GDPR with Sprout Social, who process your personal data on our behalf, whereby the data transfer to the USA as a third country is based on the current standard contractual clauses. In addition, Sprout Social provides the essential information on the type and scope of data processing at https://sproutsocial.com/privacy-policy/. This is fully referenced.
7.2 Legal basis for data processing
The legal basis results from our legitimate interest according to Art. 6 Para. 1 lit. f GDPR.
7.3 Duration of data retention
Your personal data will be deleted as soon as the purpose required for processing has been achieved. Different retention periods may arise due to legal requirements.
7.4 Joint controllership
We determine the means and purposes of this data processing using Sprout Social together with Sennheiser Consumer Audio GmbH (hereinafter referred to as "SCA"). In this respect, we process your personal data together with SCA as joint controllers within the meaning of Art. 4 No. 7 Var. 2, 26 GDPR, whereby the personal data is processed by both persons responsible for the same purposes. We have concluded an agreement on joint responsibility with SCA. In particular, the agreement specifies in a transparent form which controller fulfils which obligation under the GDPR, regarding exercising the rights of the data subject, and who meets which information obligations under Art. 13 and 14 GDPR.
In detail:
- If a data subject contacts one of the parties to assert their rights as a data subject within the meaning of Art. 15 to 22 GDPR, this party undertakes to fulfil these rights in accordance with the requirements of the GDPR.
- If a data subject contacts one of the parties with a request for information about the data processing, this party undertakes to provide the data subject with the information required under Articles 13 and 14 GDPR free of charge in a precise, transparent, understandable, and easy manner accessible form in plain language free of charge. The parties agree on the content of the information on the joint processing activities that will be made available to the data subjects.
- The parties shall provide each other with the necessary information about their activities in accordance with the above regulations, which is necessary for the fulfilment of their data protection obligations, in a reasonable manner and without unreasonable delay. The parties undertake to use their best efforts to assist each other in fulfilling the rights and wishes of the data subject, regardless of the responsibility for the respective affected person.
- If personal data is to be deleted, the parties shall inform each other in advance. The other contracting party can object to the deletion for a legitimate reason, e.g., if they are legally obliged to store the data.
The essential content of this agreement, regarding the purpose and scope of data processing, data categories, data subjects and the legal basis for data processing, is also derived from this section of the privacy policy. We would be happy to provide you with the full content of the agreement on joint responsibility upon request.
8. Data processing of personal data using social media platforms
8.1 Description of data processing
a) Use of corporate websites
We maintain publicly accessible profiles on various social networks. As the operator of a company presence on the social media platforms, in the form of a social media fan page or a comparable design (“corporate presence”), we can only view the information stored in your public profile, and only if you have such a profile and are logged into it while you access our company website. In addition, we can see the information that you actively share with us via private messages and other direct communication channels. This includes, depending on your individual privacy settings, among others
- Master data (e.g. first name, surname)
- Contact details (e.g. telephone number, e-mail address)
- dates of birth
- social media name
- number of followers
- profile picture and other publicly available pictures and/or
- interests and other personal information.
When you visit our profiles, your personal data is not only collected, used, and stored by us, but also by the operators of the respective social media platform. This also happens if you do not have a profile on the respective social media platform yourself. The individual data processing operations and their scope differ depending on the operator of the respective social media platform and are not necessarily comprehensible for us. How the social media platforms use the data from the visit for their own purposes, to what extent activities on the respective pages are assigned to individual users, how long the social media platforms store personal data and whether data from a visit Third parties are not named conclusively and clearly by the social media platforms and are not known to us.
In addition, anonymous usage statistics are made available to us by the social media platforms, which we use to improve the user experience when visiting our company website. For details on the collection and storage of your personal data and the type, scope, and purpose of their use by the operator of the respective social media platform, please refer to the privacy policies of the respective operator. This is extensively referenced:
We would like to point out that you use the social media platforms and their functions at your own risk. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating).
b) Contact via social media
You can use our profiles on social media platforms to contact us (e.g. by creating your own posts, responding to one of our posts or by privately messaging us). The personal data you provide to us (see above) will be processed by us exclusively for the purpose of being able to contact you.
8.2 Legal basis for data processing
The legal basis in relation to our data processing results from
- our legitimate interest according to Art. 6 Para. 1 lit. f GDPR (Use of corporate websites) or
- Your consent to being contacted or required to fulfil a contract/implement pre-contractual measures in accordance with Art. 6 (1) lit. a) and b) GDPR (contact via social media platforms)
8.3 Duration of data retention
Your personal data will be deleted as soon as the purpose required for processing has been achieved. Different retention periods may arise due to legal requirements.
8.4 Joint controllership
We determine the means and purposes of this data processing through our social media channels together with SCA. In this respect, we process your personal data together with SCA as joint controllers within the meaning of Art. 4 No. 7 Var. 2, 26 GDPR, whereby the personal data is processed by both persons responsible for the same purposes. No anonymous usage statistics are provided to SCA. We have concluded an agreement on joint responsibility with SCA. In particular, the agreement specifies in a transparent form which controller fulfils which obligation under the GDPR, in particular regarding exercising the rights of the data subject, and who meets which information obligations under Art. 13 and 14 GDPR.
In detail:
- If a data subject contacts one of the parties to assert their rights as a data subject within the meaning of Art. 15 to 22 GDPR, this party undertakes to fulfil these rights in accordance with the requirements of the GDPR.
- If a data subject contacts one of the parties with a request for information about the data processing, this party undertakes to provide the data subject with the information required under Articles 13 and 14 GDPR free of charge in a precise, transparent, understandable, and easy manner accessible form in plain language free of charge. The parties agree on the content of the information on the joint processing activities that will be made available to the data subjects.
- The parties will provide each other with the necessary information about their activities according to the above regulations, which are necessary for the fulfilment of their data protection obligations, in a reasonable manner and without unreasonable delay. The parties undertake to use their best efforts to assist each other in fulfilling the rights and wishes of the data subject, regardless of the responsibility for the respective data subject.
- If personal data is to be deleted, the parties shall inform each other in advance. The other contracting party can object to the deletion for a legitimate reason, e.g., if they are legally obliged to store the data.
The essential content of this agreement, in particular regarding the purpose and scope of data processing, data categories, data subjects and the legal basis for data processing, is also derived from this section of the privacy policy. We would be happy to provide you with the full content of the agreement on joint responsibility upon request.
In addition, if we provide a company website, we process your personal data with the operator of the respective social media platform as joint controllers within the meaning of Art. 4 No. 7 Var. 2, 26 GDPR. We process your personal data within the scope set out above. We do not have access to the usage data that the respective social media platform collects to create these statistics. For this purpose, we have concluded an agreement on joint responsibility with the operators of the respective social media platform, the contents of which we will be happy to make comprehensively available to you on request.
9. Newsletters
9.1 Description of data processing
We offer you the opportunity to register for our Sennheiser newsletter to receive information and reports on current topics and products from us.
The following categories of data may be processed:
- Master data (e.g. first name, surname)
- Contact details (e.g. telephone number, e-mail address)
- product interests
- Timestamp of the declaration in the double opt-in
9.2 Legal basis for data processing
The legal basis results from the consent according to Art. 6 para.1 lit. a GDPR.
9.3 Purpose of data processing
The personal data is processed exclusively for the purpose of sending the newsletter.
9.4 Duration of data retention
Your personal data will be deleted as soon as the purpose required for processing has been achieved. Different retention periods may arise due to legal requirements.
The data will be deleted as soon as you object to receiving the newsletter.
You have the right to revoke your consent with future effect at any time.
10. Web store
10.1 Description of data processing
The processing of personal data is required to initiate and carry out the purchase or the purchase process. The following categories of data may be processed when you use our web shop:
- product selection
- Master data (e.g. first name, surname)
- Address data (e.g. street, zip code)
- Contact details (e.g. telephone number, e-mail address)
As part of your order, you have the option of subscribing to the Sennheiser newsletter. For more information, please refer to the statements in the "Newsletter" section.
In addition, you have the option of setting up a user account for convenient purchase processing. You have to assign a password. Alternatively, you can order as a guest without setting up a user account.
10.2 Legal basis for data processing
The legal basis results from the fulfilment of a contract in accordance with Article 6 (1) (b) GDPR.
10.3 Purpose of data processing
The personal data are processed exclusively for the purposes of processing the order and then shipping the product.
10.4 Duration of data retention
Your personal data will be deleted as soon as the purpose required for processing has been achieved. If you would like to delete your user account, please let us know using the contact form so that we can delete it.
Different retention periods may arise due to legal requirements. Your personal data relating to the order will be deleted after 10 years.
10.5 Disclosure of data to third parties
Various payment service providers are available to process your order. As part of the payment process, we transmit the payment data for your order to the payment service provider you have commissioned. In some cases, data is also collected by the respective payment service providers themselves. You can find more information in the privacy policy of the respective payment service provider.
For the delivery of the products, we transmit your address data to the respective shipping service provider. You can find more information in the privacy policy of the respective shipping service provider.
11. Job applications
11.1 Description of data processing
You can apply for job vacancies at Sennheiser in our online application tool at https://sennheiser.referrals.selectminds.com/latest-jobs. To apply, you must create a user account.
We use the “SelectMinds” platform for this, which is provided by the company ORACLE Deutschland BV & Co. KG, Riesstraße 25, 80992 Munich (hereinafter referred to as “Oracle”). A corresponding data protection contract with Oracle is in place. Further information on data protection can be found in Oracle's privacy policy at: https://www.oracle.com/de/legal/privacy/
The following categories of data may be processed:
- Master data (e.g. first name, surname)
- Address data (e.g. street, zip code)
- Contact details (e.g. telephone number, e-mail address)
- Application data (e.g. job advertisement, CV, certificates)
11.2 Legal basis for data processing
The legal basis results from the establishment of an employment relationship in accordance with Art. 26 (1) BDSG and, if necessary, for pre-contractual measures and the fulfilment of a contract in accordance with Art. 6 (1) lit. b GDPR.
11.3 Purpose of data processing
The personal data is processed exclusively for the purpose of selecting applicants and establishing contact.
11.4 Duration of data retention
Your personal data will be deleted as soon as the purpose required for processing has been achieved. Different retention periods may arise due to legal requirements.
In principle, the deletion takes place as soon as the data is no longer required for the selection of applicants. In the case of unsuccessful applications, your personal data will probably be deleted six months after the rejection decision in order to defend against any legal claims.
12. Sweepstakes
12.1 Description of data processing
Your personal data will be processed for participation in competitions on our website.
The following categories of data may be processed:
- Master data (e.g. first name, surname)
- Address data (e.g. street, zip code)
- Contact details (e.g. telephone number, e-mail address)
- Individual details of the respective competition
12.2 Legal basis for data processing
The legal basis results from your consent in accordance with Article 6 (1) (a) GDPR.
12.3 Purpose of data processing
The personal data will be processed exclusively for the purposes of selecting the winners, establishing contact and communication and, if necessary, for sending prizes.
12.4 Duration of data retention
Your personal data will be deleted as soon as the purpose required for processing has been achieved. Different retention periods may arise due to legal requirements.
In principle, the deletion takes place after the end of the competition. Your personal data will probably be deleted no later than 10 years after the end of competitions.
13. Automated decision making or profiling
Automated decision-making or profiling do not take place.
14. Rights of data subjects and right of appeal to a supervisory authority
As the data subject, you have the following rights vis-à-vis Sennheiser as the controller:
- Right of Access – The right to know what data is being processed and how
- Right to rectification – The right to request that inaccurate and out-of-date personal data be amended
- Right to Erasure – The right to have personal data erased
- Right to Restriction of Processing – The right to restrict processing of data
- Right to data portability – The right to transfer personal data directly from one system to another (in machine-readable form)
- Right to object – The right to withdraw consent given or to object to the processing of personal data
- Right to complain – You can complain to the supervisory authority responsible for Sennheiser. The contact details are:
The State Commissioner for Data Protection Lower Saxony
Prinzenstrasse 5
30159 Hanover
Telephone + 49 (0) 511 120 4500
Email: poststelle@lfd.niedersachsen.de
15. Changes
Since Sennheiser's website may undergo changes, it may be necessary to update the privacy policy in individual cases. Sennheiser reserves the right to change this privacy policy at any time. The current version of the privacy policy and information can be accessed on the Sennheiser website at https://en-de.sennheiser.com/privacy.