Personal data is information that makes it possible to identify a natural person. This specifically includes your name, date of birth, address, telephone number, e-mail address as well as your IP address.
Anonymous data is data that does not allow a natural person to be identified.
Controller and data protection officer
Address: Ray Sono AG, Tumblingerstrasse 32, 80337 Munich, Germany
Contact information: https://www.raysono.com | Tel. +49 89 746 46-0 | firstname.lastname@example.org
To contact the data protection officer, please e-mail email@example.com
Your rights as a data subject
To begin with, we would like to inform you here about your rights as a data subject. These rights are codified in articles 15 to 22 of the EU-DS-GVO. They include:
- The right to information (Art. 15 EU-DS-GVO),
- The right to erasure (Art. 17 EU-DS-GVO),
- The right to rectification (Art. 16 EU-DS-GVO),
- The right to data portability (Art. 20 EU-DS-GVO),
- The right to restriction of data processing (Art. 18 EU-DS-GVO),
- The right to object to data processing (Art. 21 EU-DS-GVO).
To assert these rights, please contact firstname.lastname@example.org. You can also contact us at this address if you have questions about data processing in our company. Additionally, you have the right to file a complaint with a data protection supervisory authority.
Right of objection
Please note the following in connection with your right of objection:
If we process your personal data for purposes of direct marketing, you have the right to object to this data processing at any time without giving a reason. This also applies to profiling insofar as it is related to direct advertising.
If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes. You may object free of charge and without using a special form. Simply send your objection to email@example.com.
If we process your data to protect legitimate interests, you may object to this processing at any time on grounds relating to your particular situation; this also applies to profiling based on these provisions.
We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or unless we must process your data to assert, exercise or defend legal claims.
Purposes and legal bases of data processing
When processing your personal data, we comply with all provisions of the EU-DS-GVO, the BDSG (new) and all other applicable data protection regulations. The legal basis for the data processing result in particular from Art. 6 EU-DS-GVO.
We use your data to initiate business, fulfil contractual and legal obligations, carry out the contractual relationship, offer products and services, and to strengthen the customer relationship. This may also include analyses for marketing purposes and direct advertising.
Under the data protection law, your consent is required for permission. We will now inform you about the purposes of data processing and about your right of revoke permission. If your consent also refers to the processing of special categories of personal data, we will expressly point this out to you in the consent agreement, Art. 88 para. 1 EU-DS-GVO in conjunction with. Section 26 (3) BDSG (new).
Processing of special categories of personal data within the meaning of Art. 9 (1) EU-DS-GVO shall only take place if this is required by legal provisions and there is no reason to assume the existence of a legitimate interest on your part to exclude this processing, cf. Art. 88 (1) EU-DS-GVO in conjunction with Art. 26 (3) BDSG (new).
Disclosure to third parties
We will only pass on your data to third parties within the framework of statutory provisions or with your consent. Otherwise, we will not disclose your data to third parties unless we are obliged to do so by mandatory legal provisions (disclosure to external bodies such as supervisory authorities or law enforcement agencies).
Data recipients / categories of recipients
We ensure that within our company, only persons who need your data to fulfil contractual and legal obligations have access to this data.
In many cases, service providers support our technical departments to perform their tasks. We conclude all necessary data protection contracts with such service providers.
Third-country transfer / intention to transfer to third countries
Data is only transferred to third countries (outside the European Union or the European Economic Area) if necessary to fulfil the contractual relationship, if required by law, or if you have consented to this.
We transfer your personal data to a service provider or to group companies outside the European Economic Area: USA.
Third-country transfer to Google
If you give us your consent to use Google services (see Use of Google Analytics and Use of Google Tag Manager), we transmit data to Google. This transfer takes place within the framework of job processing based on standard data protection clauses (see also https://privacy.google.com/businesses/processorterms/mccs/).
Furthermore, within the scope of embedded YouTube videos (see YouTube platform), data is forwarded to the USA.
Data storage period
We store your data as long as they are needed for the respective processing purpose. Please note that numerous retention periods require that data continues to be stored. This relates in particular to retention obligations under commercial or tax law (e.g. Commercial Code, Fiscal Code, etc.). If there are no further storage obligations, the data is routinely deleted after achievement of its purpose.
In addition, we may retain data if you have given us permission to do so or if legal disputes arise and we use evidence under the legal statutes of limitations, which can be up to thirty years; the regular statute of limitations is three years.
Secure transfer of your data
We use appropriate technical and organisational security measures in the best possible way to protect all stored data against accidental or intentional manipulation, loss, destruction, or access by unauthorized persons. We continuously review these security levels in cooperation with security experts and adapt them to new security standards.
The data exchange from and to our website is encrypted. We use the HTTPS transmission protocol for our web presence, in each case using current encryption protocols. The option of alternative communication channels is also possible (e.g. the postal service).
Data categories, sources, and origin
Which data we process is determined by the respective context. This depends, for example, on whether you place an order online or enter an inquiry using our contact form, or whether you send us an application or submit a complaint.
Please note that we may also provide information for special processing situations in other suitable places, e.g. when uploading application documents or when a contact request is made.
When you visit our website, we collect and process the following data:
- Name of the Internet service provider
- Information about the website you are visiting us from
- Web browser and operating system used
- The IP address assigned by your Internet Service Provider
- Files requested, amount of data transferred, downloads/file exports
- Information about the web pages you load from us, incl. date and time
- For reasons of technical security (in particular to defend against attempted attacks on our web server), this data is stored in accordance with Art. 6 (1) lit. f EU-DS-GVO.
Consent Layer – Cookiebot
Our website contains a Consent Layer made by Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark. The consent layer allows you to consent to any data processing done on our website. This also includes opening the domain www.cookiebot.com.
When you provide your consent on our website, the following information is automatically logged with Cybot:
- The end user’s IP number in anonymised form (the last three digits are set to '0').
- The date and time of consent.
- The user agent of the end user’s browser.
- The URL from which consent was sent.
- An anonymous, random, and encrypted key.
- The consent status of the end user, which serves as proof of consent.
The key and consent status are stored in your browser in the “CookieConsent” cookie so that our website can automatically read and follow your consent in all subsequent page requests and future end-user sessions for up to 12 months. The key is used for proof of consent and for an option to verify that the consent status stored in the end user’s browser is unchanged from the original consent submitted to Cybot.
Furthermore, up-to-date information about the data processing operations for which your consent is required is reloaded from a central database of Cybot.
For online applications, we collect and process the following data:
- Salutation, title
- Last name, first name
- Contact details
- If entered: Links to your LinkedIn or Xing profile
- E-mail address (also for later login to the applicant portal)
- Password (for later login to the applicant portal)
- The uploaded application documents and other documents
- Desired place of work
- Indication of how you became aware of us
- Salary requirements
- Desired starting date
- Indication of whether you agree to be included in the applicant pool
When you send us an enquiry via our contact form, we process the following data:
- E-mail (necessary so that we can contact you)
- First name, last name, and message (optional)
If you write to us via the contact form, we process the data you provide to contact you and answer your questions and requests.
In doing so, we observe the principle of data economy and data avoidance by having you only provide the data we absolutely need to contact you (e-mail). In addition, we do process your IP address out of technical necessity and for legal protection. Answers for all other data fields are optional (e.g. to answer any individual questions).
To protect the security and confidentiality of your data as best as possible, we implement appropriate security measures. Your enquiry is transmitted to us encrypted via HTTPS.
If you contact us by e-mail, we process the personal data you provide in the e-mail solely for the purpose of processing your enquiry. If you do not use the forms offered for contacting us, no further data collection will take place.
Links to other providers
Our website also contains clearly recognisable links to the websites of other companies. We have no influence on the content of other providers’ websites. We can thus assume no warranty or liability for these contents. The respective provider or operator of those websites is always responsible for their content.
At the time of linking, the linked websites were checked for possible legal violations. No illegal content was recognisable at the time the websites were linked. Permanent control of the content of the linked websites, however, cannot be reasonably expected without concrete evidence of a legal violation. If we become aware of any infringements, we will remove such links immediately.
Social Media Links
Our website contains links to the social media services of Facebook, Instagram, LinkedIn, Xing, and Kununu. The links to the websites of these social media services can be recognised by their respective company logos. Following one of these links opens Ray Sono AG’s corporate presence on that service. Clicking a link to one of these social media services establishes a connection to the its servers. This communicates to the servers of the social media service the information that you have visited our website. In addition, further data is transferred to the provider of the social media service. These include, for example:
- The address of the web page on which the activated link is located
- The date and time the website was accessed or the link was activated
- Information about the browser and operating system used
- The IP address
If you are already logged in to the corresponding social media service at the time the link is activated, the provider of the social media service may be able to determine your username and possibly even your real name from the transmitted data and connect this information to your personal user account with the social media service. You can prevent the possibility of this information from being connected to your personal user account by previously logging out of your user account.
The servers of the social media services are located in the USA and other countries outside the European Union. The data can therefore also be processed by the social media service provider in countries outside the European Union. Please note that companies in these countries are subject to data protection laws that do not generally protect personal data to the same extent as European Union member states protect this personal data.
User Profiles / Web Tracking Methods
Use of Google Analytics
We use the tracking tool Google Analytics from Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA: "Google") on our website. If you are a resident of the European Economic Area or Switzerland, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is the data controller responsible for your data that are collected in these procedures.
Your data are transmitted to Google and processed there for Google's own purposes. If you have a Google account, Google may also merge the data obtained from Google Analytics tracking. A third-country transfer takes place. Cf.: Third-country transfer/intent to transfer. Based on the EU-DS-GVO, we have concluded a corresponding order processing agreement with Google.
We use this tool to collect information about the use of our website and, based on this data, to be able to design and optimise our website in line with requirements.
Usage profiles are created from this data across all websites.
The tool is used based on your consent according to Art. 6 para. 1 lit. a EU-DS-GVO. You can withdraw your consent at any time by clicking here:
The objection is valid only for the device and the web browser on which it was set. Please repeat the process on all devices if desired. If you delete the opt-out cookie, you will be asked again for your consent for data transfer.
Furthermore, you can download a browser add-in for the deactivation of Google Analytics here: https://tools.google.com/dlpage/gaoptout?hl=de . This add-in is provided by Google for popular browser versions.
Data Storage Period
The data obtained via this procedure is deleted as soon as it is no longer required for our purposes. In our case, this is the case after 14 months.
Google Tag Manager (GTM)
We use the Google Tag Manager Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google") on our website.
The Tag Manager is used to manage functions of the Google Analytics tracking tool and the Google AdManager advertising service. Initially, the Google Tag Manager also controls your user decision (consent) via the so-called consent mode. This adapts the behaviour of the Google tools to your consent to this processing according to Art. 6 para. 1 lit. a EU-DS-GVO.
Your user decision is read out via corresponding scripts and cookies. Unless you have consented to the use of Google Analytics or Google AdManager, the Google Tag Manager prevents the collection by these tools. In doing so, the following data is collected: time stamp, user agent, referring URL, boolean information about consent status, random number generated each time the page loads, information about the consent management platform used by the website owner (e.g. developer ID). For technical reasons, the IP address, device information, browser information and URL are also transmitted to Google when the corresponding script is called up.
Your data will be transmitted to Google. Third-country transmission takes place.
We use the Google Tag Manager to store and implement your consent status and to control our Google tools (Google Analytics and Google AdManager).
The use of Google Tag Manager is based on our legitimate interest according to Art. 6 (1) lit. f EU-DS-GVO. The data processing is technically necessary to implement your consent for the Google Analytics and Google AdManager tools.
Your personal data is not stored by the Google Tag Manager after the respective session in the context of the consent mode. The Google Analytics and Google AdManager tools controlled by the Google Tag Manager are stored only for the duration of the period you consent to in the respective sections.
Our website also uses the “Facebook Pixel” of Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Facebook”). With its help, we can track the actions of users after they have seen or clicked on a Facebook ad. This allows us to track the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous to us, which means that we do not see the personal data of individual users. However, this data is stored and processed by Facebook, about which we are informing you about our present state of knowledge. According to Facebook's data usage policy, Facebook can associate this data with your Facebook account and use it for its own advertising purposes. You can allow Facebook and its partners to place ads on and off Facebook. Furthermore, Facebook may store a cookie on your computer for these purposes.
The use of the Facebook pixel is based on your consent pursuant to Art. 6 para. 1 lit. a EU-DS-GVO. You can revoke your consent at any time here:
The data obtained via this procedure is deleted as soon as it is no longer required for our purposes. In our case, this is the case after 180 days.
Your deactivation option: https://www.facebook.com/policies/cookies/
YouTube Platform and Google AdManager (formerly Doubleclick)
We have embedded various videos from the online video platform YouTube in our website. The operator of YouTube is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
To embed YouTube videos, we use the technical procedure known as framing. Framing is the process of simply inserting an HTML link provided by YouTube into the code of a website to create a playback frame on a third-party site, which allows the video stored on YouTube servers to be played.
We use the framing codes generated by YouTube in the so-called “extended data protection mode”. According to information on the YouTube platform, the cookie activity and the data collection initiated by it are linked only to usage of the video playback function itself. This prevents any collection of data through the mere use of a website that features framed content.
Google AdManager (formerly Doubleclick)
We use Google Ad Manager, a web advertising service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"), on our website. The tool displays advertisements (text ads, banners, etc.) and stores your interaction with the ads. This is done by cookies, pixels and scripts integrated by Google Inc. The stored information can be recorded, collected, and evaluated by Google Inc. or third parties.
In addition, Google Ad Manager may also use so-called (re)marketing tags (invisible graphics, also known as "web beacons") to collect information. Through their use, for example, visitor traffic on the website can be recorded and evaluated.
The basis for the processing of your personal data is your consent, the legal basis is Art. 6 para. 1 p. 1 lit. a EU-DS-GVO.
Google Ad Manager processes and stores your data in the USA. Google is obliged by corresponding contractual regulations to comply with the data protection standards and the level of data protection in the EU. Data processing or storage in third countries may also take place based on your consent (Art. 49 para. 1 sentence 1 lit. a DSGVO), in which case you will be informed of this separately when obtaining your consent.
Google uses the information obtained in this way to carry out an evaluation of your usage behaviour with regard to the Google Ad Manager ads. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. If you are registered with a Google service, Google may associate your visit with your account. To prevent this, you must first log out of your Google account.
You can prevent the storage of data by using the plug-ins provided by Google under the following link: https://www.google.com/settings/ads/plugin install.
Furthermore, you can revoke your consent at any time for the future. To do this, simply open our Consent banner and deselect the corresponding setting. Please note that the change in the Consent Banner settings must be made individually for each end device.
Details about which data Google makes available to us for evaluation and where this data comes from can be found via the following link: https://support.google.com/analytics/answer/2799357?hl=de#where
Advertising Purposes for Existing Customers (Art. 6 para. 1 lit. f EU-DS-GVO)
Ray Sono AG is interested in maintaining the customer relationship with you and to send you information and offers about our products / services. We thus process your data so that we can send you relevant information and offers by e-mail.
If you do not want us to do this, you can object at any time to the use of your personal data for the purpose of direct advertising; this also applies to profiling insofar as it relates to direct advertising. If you object to this, we will no longer process your data for this purpose.
You can file an objection free of charge and without a special form. You do not have to provide any reason. You should preferably call us at +49 89 746 46-0, send a written objection to firstname.lastname@example.org or by postal mail to Ray Sono AG, Tumblingerstraße 32, 80337 Munich.
Applicant Portal (Art. 6 para. 1 lit. a, b EU-DS-GVO)
We always treat your personal data confidentially and use it only to process your application, e.g. for arranging interviews, identifying suitable alternative areas of work, and other purposes related to the application as part of the personnel selection process.
Through technical and organisational measures, we ensure that during the application process, only the responsible employees of the HR department and the respective department have access to your personal data.
We will continue to use the Umantis applicant portal until 31.05.2021.
Operator of the Applicant Portal
Our applicant portal is operated by Personio GmbH, a company based in Germany, which offers personnel administration and applicant management software (https://www.personio.de/impressum/). The data transmitted as part of your application is transferred via TLS encryption and stored in a database. Personio is only the operator of the applicant portal and in this context is a processor according to Art. 28 DS-GVO. The basis for processing by Personio in this regard is a contract for commissioned processing between us and Personio.
In the course of providing the applicant portal, personal data is transferred to Personio GmbH. This is access data (IP addresses, access times, operating system, browsers used, crash reports, etc.). The transmission of this data is technically necessary to ensure the functionality of the applicant portal. Personio deletes the access data after 7 days.
The application form contains a separate data release declaration that allows your application to continue to be stored, even if you receive a rejection for the position you have applied to. If you consent to this, there is a possibility that we will include you in the pool of applicants and contact you again for suitable positions that match your profile.
We take technical and organisational measures to ensure that only those persons who participate directly in the selection process and require the data for this purpose have access to your data.
Your application will be stored for a maximum of 24 months if it is included in the applicant pool or forwarded, after which we will anonymise and delete your data in accordance with data protection regulations.
Of course, you will not suffer any disadvantages if you do agree to inclusion in the applicant pool.
In no case will we make an exclusively automated decision about a job placement.
Also with respect to the applicant pool, Ray Sono always ensures the secure and confidential treatment of your data and uses appropriate state-of-the-art technical and organisational measures to protect your data in accordance with applicable law.
Your data will be stored at Ray Sono for the above-mentioned purpose until the application process is completed and any legal deadlines in this regard have expired. Ray Sono will anonymise your data immediately after the expiration of these periods, at the latest after 6 months, unless the above-noted provisions regarding the applicant pool apply.
Data Subject Rights
Of course, the previously mentioned data subject rights and complaint options remain open to you. (see above: Your rights as a data subject).
Revocation of your Declaration of Consent
You are entitled to revoke your consent to the use of your personal data at any time. To do so, simply send an e-mail to email@example.com.
Automated Individual Case Decisions
We do not use automated processing to arrive at any decisions.
Children and Online Offers
Persons under the age of 16 may not transmit personal data to us or provide a declaration of consent without the consent of their legal guardian. We encourage parents and guardians to actively participate in their children's online activities and interests.
The content of these pages has been carefully edited and reviewed. However, Ray Sono AG does not guarantee the timeliness, accuracy, completeness, or quality of the information provided. Liability claims against Ray Sono AG regarding damage caused by using any information provided, including any kind of information which is incomplete or incorrect, will thus be rejected unless it can be proven that Ray Sono AG acted with intent or gross negligence. Ray Sono AG expressly reserves the right to change, supplement, delete, or cease publication of parts or the entire site without prior notice.
To protect the data we store about our employees/customers/suppliers from accidental or intentional manipulation, loss, destruction, or access by unauthorised persons, we take appropriate technical and organisational measures. We continuously review these security levels in cooperation with security experts and adapt them to new security standards.
Notes on Data Protection in Social Media
Ray Sono AG maintains a social media presence on Facebook, Instagram, LinkedIn, Xing, Kununu, and YouTube. To the extent that we can control how your data is processed, we ensure compliance with the applicable data protection regulations.
The following section contains the most important information on data protection law as it relates to our web presences.
Name and Address of the Persons Responsible for the Operation
In addition to Ray Sono AG, the following companies are responsible for the company websites within the meaning of the EU Data Protection Regulation (EU-DS-GVO) and other data protection regulations:
(Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
(Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
(LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)
(New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany)
(New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany)
(Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland)
However, you yourself are responsible for the use of these platforms and their functions. This particularly applies to the use of interactive functions (e.g. commenting, sharing, rating).
We would also like to point out that your data may be processed outside the European Union. In regard to US providers certified under the “Privacy Shield”, please note that these providers commit themselves to comply with EU data protection standards.
Purpose and Legal Basis
We ourselves maintain our fan pages to communicate with page visitors and inform them about our offers.
In addition, we collect data for statistical purposes to further develop and optimise our content and make our offers more attractive. The data we need for this purpose (e.g. total number of page views, page activity and data provided by visitors, interactions) is processed by the social networks and provided to us. We have no influence on the generation and presentation.
In addition, your personal data is processed by social media providers for market research and advertising purposes. It is possible, for example, that usage profiles are created based on your usage behaviour and resulting interests. This can result in the placement of ads matching your interests – both inside and outside the platforms. Cookies are usually stored on your computer for this purpose. Regardless of this, data that is not collected directly on your end devices may also be stored in your usage profiles. The storage and analysis also take place across devices; this applies in particular, but not exclusively, if you are registered as a member and logged in to the respective platforms.
The processing of your personal data by Ray Sono AG is based on our legitimate interests in effective information and communication pursuant to Art. 6 para. 1 sentence 1 lit. f. EU-DS-GVO.
If you are asked for consent to data processing, i.e. if you declare your consent by confirming a button or similar (opt-in), the legal basis for this processing is Art. 6 para. 1 sentence 1 lit. a., Art. 7 EU-DS-GVO.
Your Rights / Option to Object
If you are a member of a social network and do not want the network to collect data about you via our presence and link it to your stored membership data with the respective network, you must
- log out of the respective network before visiting our fan page,
- delete the cookies present on your device and
- exit and restart your browser.
After logging in again, however, you will once more be recognisable to the network as a specific user.
For a detailed description of the respective processing and the options to object (opt-out), please refer to the information linked below:
Data protection statement: https://help.instagram.com/519522125107875
Opt-Out: http://www.networkadvertising.org/managing/opt_out.asp and https://www.youronlinechoices.com
Overall, you are already entitled to the rights described above regarding the processing of your personal data.
However, since Ray Sono AG does not have complete access to your personal data, you should contact the social media providers directly if you wish to assert your rights, as they each access the personal data of their users and can take appropriate measures and provide information.
If you still need help, we would be happy to provide you with support. Please contact firstname.lastname@example.org.
Notes on Copyright and Artistic Copyright
If you wish to publish pictures, texts, plans, videos, music, etc. on our website, you should know that you may thereby be assigning all rights of use to the network, which could ultimately have legal consequences for you if you are not the author or hold the rights to these yourself.