Privacy Policy

This website is information offered by:
Sunshine GmbH Reisemobile
Industriestr. 8a
33813 Oerlinghausen

Company headquarters: Oerlinghausen
Place of jurisdiction: Lemgo: HRB [Trade Register] 4194
VAT ID: DE 170049221
Managing directors: Friedrich Gröppel, Anna Gröppel

This Privacy Policy provides you, as a user of our website, with all the necessary information about how, to what extent and for what purpose we or third-party suppliers collect data from you and use it.
Your data are collected and used strictly in accordance with the provisions of the EU General Data Protection Regulation (EU GDPR), German data protection law under the German Data Protection Adaptation and Implementation Act (DSAnpUG-EU), and the Telemedia Act (TMG), insofar as applicable.
We are committed to the confidentiality of your personal data and therefore work strictly within the limits set by the legal requirements.
Where possible, we only collect personal data from you on a voluntary basis. In addition, we only disclose this data to third parties with your express consent.
We use SSL encryption to ensure a high level of security for particularly confidential data, such as for payment transactions or with regard to your enquiries to us.
At this juncture, we would like to point out the general dangers of using the Internet, over which we have no influence. In particular, any data sent by email are not secure unless further precautions are implemented, and they can, in some instances, be acquired by third parties.

Terms used
"Personal data" refers to all information relating to an identified or identifiable natural person (hereinafter referred to as the "Data Subject"); a natural person is regarded as identifiable if he or she can be directly or indirectly identified, especially by means of association with an identifier such as a name, with an identification number, with location data, with an online identifier (e.g., a cookie), or with one or several special features reflecting the physical, physiological, genetic, psychological, economic, cultural, or social identity of that natural person.
"Processing" means any operation carried out with or without the aid of automated procedures, or any such series of operations in connection with personal data. The term has a broad scope and covers virtually every instance of dealing with data.
"Data Controller" refers to the natural or legal person, public authority, agency, or other body that alone or jointly with others determines the purposes and means of the processing of personal data.

Relevant legal basis
In accordance with art. 13 EU GDPR, we inform you of the legal basis for the data processing we carry out. If the legal basis is not mentioned in the Privacy Policy, the following applies:
• The legal basis for obtaining consent is art. 6 para. 1 lit. a and art. 7 EU GDPR
• The legal basis for processing in order to fulfil our services and execute contractual measures and to reply to enquiries is art. 6 para. 1 lit. b EU GDPR
• The legal basis for processing in order to fulfil our legal obligations is art. 6 para. 1 lit. c EU GDPR
• The legal basis for processing in order to protect our legitimate interests is art. 6 para. 1 lit. f EU GDPR.
In the event that vital interests of the Data Subject or another natural person require the processing of personal data, the legal basis is art. 6 para. 1 lit. d EU GDPR.

Cooperation with data processors and third parties
Insofar as we disclose or transmit data to other persons and companies (data processors or third parties) or otherwise grant them access to data in the course of the processing we carry out, this is only done on the basis of
• a legal authorisation (e.g., data to payment service provider, need to do so according to art. 6 para. 1 lit. b EU GDPR in order to fulfil the contract);
• your consent;
• a legal obligation that allows for this; or
• your legitimate interests (e.g., when using commissioned agents, web hosts, IT maintenance orders, etc.).
If we commission third parties with the processing of data on the basis of a so-called "data processing agreement", this is done on the basis of art. 28 EU GDPR.

Transfers to third countries
If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)), or if this takes place within the scope of using third-party services or disclosing or transmitting data to third parties, this shall only take place if it is done:
• to fulfil our (pre)contractual obligations;
• on the basis of your consent
• on the basis of a legal obligation; or
• on the basis of our legitimate interests.
Subject to legal or contractual authorisations, we process or leave the data in a third country only if the particular requirements of art. 44 ff. EU GDPR are met. This means, for example, that the processing is carried out on the basis of special guarantees, such as the officially recognised determination of a data protection level equivalent to that of the EU (e.g., through the "Privacy Shield" for the USA) or compliance with officially recognised special contractual obligations (so-called "standard contractual clauses").

Rights of the Data Subjects
You have the right to request confirmation as to whether the data in question are being processed and to access information about this data, as well as to further information and a copy of the data in accordance with art. 15 EU GDPR.
According to art. 16 EU GDPR, you have the right to request the completion of data concerning you or to the rectification of inaccurate data concerning you.
In accordance with art. 17 EU GDPR, you have the right to demand that relevant data be erased immediately or, alternatively, to demand a restriction on the processing of the data in accordance with art. 18 EU GDPR.
In accordance with art. 20 EU GDPR, you have the right to request the data concerning you that you have provided to us and to request they be transmitted to other controllers.
Furthermore, in accordance with art. 77 EU GDPR, you also have the right to lodge a complaint with the responsible supervisory authority.

Right of withdrawal
You have the right to withdraw consent with effect for the future in accordance with art. 7 para. 3 EU GDPR.

Right to object
You can object to the future processing of your personal data at any time in accordance with art. 21 EU GDPR. Such an objection may be lodged in particular against processing for the purposes of direct advertising.

Erasure of data
You have the right to request the rectification, blocking or erasure of your data. This does not include data which have been kept due to legal provisions or is required for the orderly settlement of business transactions. Data are stored in a lock file for control purposes to ensure that data can be blocked at any time. If the data are not subject to a legal archiving obligation, we will delete them at your request. If an archiving obligation applies, we will block your data. For all questions and concerns regarding the rectification, blocking or erasure of personal data, please contact our data protection officer using the contact details in this Privacy Policy or at the address stated in the imprint.

Personal data
Every time a user accesses our Internet offering and every time a file is accessed, data about this process are temporarily saved and processed in a log file.
Before being stored, each data set is rendered anonymous by altering the IP address.
In particular, the following data is stored about each instance of access/retrieval:
• Anonymised IP address
• Date and time
• Page accessed/name of the file accessed
• Amount of data transferred
• Notification as to whether the access/retrieval was successful.
These data are used exclusively for statistical purposes and to improve the site/platform and are subsequently deleted. The data are not utilised in any other way nor are they passed on to third parties.
Following the principles of data avoidance and data economy, we collect personal data only to the extent that is and for as long as is necessary in order to use our website or that is required by law. When we collect personal data – such as your name, address or email address – this data collection is voluntary. These data will not be disclosed to third parties without your express consent. We take the protection of your personal data seriously and comply strictly with the relevant legal regulations and with this Privacy Policy when collecting and processing personal data. If the purpose for the data collection ceases to be valid or if the end of the statutory retention period has been reached, the collected data will be blocked or deleted. Our website can be used on a regular basis without disclosing personal data.

When individual pages are accessed, so-called temporary cookies are used in order to facilitate navigation. These session cookies do not contain any personal data and expire once the session has ended.
Techniques that make it possible to reconstruct the access behaviour of users are not used.

The hosting services we use serve to provide the following services:
• Infrastructure and platform services
• Computing capacity
• Storage space and database services
• Security and technical maintenance services that we use for the purpose of operating this website.
In this context, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, and the meta and communication data of customers, interested parties and visitors of this website, based on our legitimate interest regarding the efficient and secure provision of this online offering, in accordance with art. 6 para. 1 lit. f EU GDPR in conjunction with art. 28 EU GDPR (conclusion of data processing agreement).

Collection of access data and log files
We, or our hosting provider, collect data on the basis of our legitimate interests within the meaning of art. 6 para. 1 lit. f EU GDPR regarding each instance of access to the server on which this service is located (known as server log files). Access data includes the name of the requested website, the file, the date and time of access, the amount of data transferred, a report on whether the site was successfully retrieved, the browser type and version, the user's operating system, the referrer URL (the site visited before coming to our site), the user's IP address, and the requesting internet service provider. These log files cannot be traced back to you and your identity. Log file information is stored for a maximum of seven days for security reasons (e.g., to investigate misuse or fraud) and then deleted. Data which must be retained as potential evidence are not deleted until the relevant incident has been conclusively clarified.

SSL encryption
Our website uses SSL encryption when transmitting the confidential or personal information of our users. This encryption is enabled, for example, during payment processing and for requests you send us via our website. Please make sure that SSL encryption is enabled on your device when engaged in relevant activities. It is easy to tell whether encryption is enabled: the display on your browser line will change from "http://" to "https://". Data encrypted via SSL cannot be read by third parties. Only transmit your confidential information if SSL encryption is activated; if in doubt, please contact us.
You have the option to contact our data protection officer at any time to assert that your rights have been violated during the processing of your personal data. The contact details can be found here:

Digital DSB GmbH (GF: Jochen Murschel)
Lederstr. 116
72764 Reutlingen