We are very pleased that you have shown interest in our company. Data protection has a particularly high priority for the management of Sinox GmbH. The use of the Internet pages of Shanghai Sinox Trading Co., Ltd. is possible without providing personal data; However, if a data subject wants to use special company services via our website, the processing of personal data may become necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we usually obtain the consent of the data subject.
The processing of personal data such as the name, address, e-mail address or telephone number of a person concerned is always carried out in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations of Shanghai Sinox Trading Co., Ltd. With this data protection declaration, our company would like to inform the public about the type, scope and purpose of the personal data we collect, use and process. In addition, data subjects are informed of the rights to which they are entitled by means of this data protection declaration.
As the controller, Shanghai Sinox Trading Co., Ltd. numerous technical and organizational measures have been taken to ensure the best possible protection of personal data processed via this website. However, Internet-based data transmissions can generally have security gaps, so that absolute protection may not be guaranteed. For this reason, every data subject can transmit personal data to us in an alternative way, e.g. with the phone.
Shanghai Sinox Trading Co.,Ltd. is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our data protection declaration should be legible and understandable for the general public as well as for our customers and business partners. To ensure this, we would first like to explain the terminology used.
In this data protection declaration, we use the following terms, among others:
a) Personal data
Personal data is any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors relevant to physical, physiological, genetic , intellectual, economic, cultural or social identity of that natural person.
b) Data subject
The data subject is any identified or identifiable natural person whose personal data is processed by the controller.
Processing is any operation or set of operations performed on personal data or on personal records, even if not automated, such as B. Collection, recording, organization, structuring, storage, adaptation or modification, retrieval, query, use. Disclosure by transmission, distribution or other making available, alignment or combination, restriction, deletion or destruction.
d) Restriction of processing
A restriction of processing is the marking of stored personal data with the aim of restricting their processing in the future.
Profiling is any form of automated processing of personal data which consists of using personal data to evaluate certain personal aspects of a natural person, in particular to analyze or predict aspects of that natural person's work performance, economic situation, health and personal preferences Person, interests, reliability, behavior, location or movements.
Pseudonymization means the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is stored separately and is subject to technical and organizational measures that the personal data is not specific or identifiable natural person.
g) Controller or data controller
The person responsible or responsible for processing is the natural or legal person, authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criterion for its appointment may be determined by Union or Member State law.
The processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
Recipient is a natural or legal person, a public authority, an agency or another body to which the personal data are passed on, regardless of whether they originate from a third party or not. However, public authorities that may receive personal data in the context of a specific investigation in accordance with Union or Member State law are not considered recipients. The processing of this data by these authorities is carried out in accordance with the applicable data protection regulations for the purposes of the processing.
j) third parties
A third party is a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and persons working under the direct supervision of the controller or the processor for the processing of personal data data are authorized.
Data subject consent is a freely given, specific, informed and unequivocal indication of the data subject's wishes, by which he or she signals, through a statement or an unequivocal positive action, consent to the processing of personal data concerning him or her .
2. Controller name and address
The person responsible within the meaning of the General Data Protection Regulation (GDPR), other data protection laws applicable in the member states of the European Union and other data protection regulations is:
Shanghai Sinox Trading Co.,Ltd.
555 Wuding Rd
People's Republic of China
Telephone: +86 131 2753 0302
3. Collection of general data and information
Shanghai Sinox Trading Co.,Ltd. collects a range of general data and information when a data subject or an automated system calls up the website. This general data and information is stored in the server log files. (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub -websites, (5) date and time of access to the website, (6) an Internet protocol address (IP address), (7) the Internet service provider of the access system and (8) other similar data and information that can be used in the event of attacks on our Information technology systems can be used.
Shanghai Sinox Trading Co.,Ltd. does not draw any conclusions about the data subject with these general data and information. Rather, this information is needed to (1) deliver the content of our website correctly, (2) optimize the content of our website and its advertising, (3) ensure the long-term viability of our information technology systems and website technology, and (4) law enforcement authorities provide the information necessary for criminal prosecution in the event of a cyber attack. Therefore, the Shanghai Sinox Trading Co.,Ltd. anonymously collected data and information statistically with the aim of increasing the data protection and data security of our company and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data of a person concerned.
4. Contact option via the website
Shanghai Sinox Trading Co.,Ltd. contains information that enables rapid electronic contact with our company and direct communication with us. This also includes a general address for so-called electronic mail (e-mail address) ). If a data subject contacts the person responsible by e-mail or via a contact form, the personal data transmitted by the data subject will be automatically saved. This personal data voluntarily transmitted by a data subject is stored for the purpose of processing or contacting the data subject. This personal data will not be passed on to third parties.
5. Routine deletion and blocking of personal data
The person responsible for processing processes and stores the personal data of the person concerned only for the period necessary to achieve the purpose of storage, or as far as this is required by the European legislator or other legislators in laws or regulations to which the person responsible for processing is subject , is granted to.
If the storage purpose is not applicable or if a storage period specified by European legislators or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.
6. Rights of the data subject
a) Right of Confirmation
Every data subject has the right granted by the European legislator to obtain confirmation from the data controller as to whether personal data relating to them is being processed or not. If a data subject wishes to make use of this right to confirmation, they can contact an employee of the data controller at any time.
b) Right to information
Every data subject has the right granted by the European legislator to receive information free of charge from the person responsible for processing about their personal data stored at any time and a copy of this information. In addition, the European directives and regulations grant the data subject access to the following information:
the purposes of the processing;
the categories of personal data concerned;
the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular recipients in third countries or international organizations;
where possible, the envisaged period for which the personal data will be stored or, if that is not possible, the criteria used to determine that period;
the existence of the right to request from the controller the rectification or erasure of personal data or the restriction of the processing of personal data relating to the data subject, or to object to such processing;
the existence of the right to lodge a complaint with a supervisory authority;
if the personal data are not collected from the data subject, all available information on their source;
the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved and the significance and envisaged consequences of such processing for the data subject.
In addition, the data subject has the right to obtain information as to whether personal data is transmitted to a third country or to an international organization. If this is the case, the data subject has the right to be informed of the appropriate safeguards relating to the transfer.
If a data subject wishes to make use of this right to information, they can contact an employee of the data controller at any time.
c) Right to rectification
Every data subject has the right to obtain from the European legislator the right to request the rectification of inaccurate personal data concerning them without undue delay from the controller. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed by submitting a supplementary declaration.
If a data subject wishes to exercise this right to rectification, they can contact an employee of the data controller at any time.
d) Right to erasure (right to be forgotten)
Every data subject has the right to obtain from the European legislator the immediate erasure of personal data from the data controller, and the data controller is obliged to erase personal data immediately for one of the following reasons, as long as the processing is not necessary is:
The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
The data subject withdraws the consent on which the processing is based pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR and provided there is no other legal ground for the processing.
The data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR.
The personal data was processed unlawfully.
The personal data must be erased for compliance with a legal obligation under Union law or the law of a Member State to which the controller is subject.
The personal data were collected in connection with the offer of information society services in accordance with Article 8(1) of the GDPR.
If one of the above reasons applies and a data subject wishes to request the deletion of personal data held by Shanghai Sinox Trading Co., Ltd. have been stored, you can contact an employee of the person responsible for processing at any time. An employee of Shanghai Sinox Trading Co.,Ltd. must immediately ensure that the request for deletion is complied with immediately.
If the controller has published personal data and is obliged to erase the personal data pursuant to Article 17(1), the controller shall take reasonable measures, including technical measures, to prevent others, taking into account the available technology and the cost of implementation to inform those responsible for the processing of the personal data who have requested the deletion of links to this personal data or their reproduction or reproduction by the data subject, provided that no processing is required. An employee of Shanghai Sinox Trading Co.,Ltd. will agree on the necessary measures in individual cases.
e) Right to restriction of processing
Every data subject has the right granted by the European legislator to obtain a processing restriction from the data controller if one of the following conditions applies:
The accuracy of the personal data is contested by the data subject for a period during which the controller can verify the accuracy of the personal data.
The processing is unlawful and the data subject opposes the erasure of the personal data and instead requests the restriction of their use.
The person responsible for processing no longer needs the personal data for the purpose of processing, but they are required by the data subject for the establishment, exercise or defense of legal claims.
The data subject has objected to the processing pursuant to Article 21(1) of the GDPR pending verification that the legitimate grounds of the controller override the grounds of the data subject.
If one of the above conditions is met and a data subject requests the restriction of the processing of personal data carried out by Shanghai Sinox Trading Co., Ltd. be stored, she can contact an employee of the person responsible for processing at any time. The employee of Shanghai Sinox Trading Co.,Ltd. will arrange for the restriction of processing.
f) Right to data portability
Every data subject has the right granted by the European legislator to receive the personal data transmitted to a person responsible for processing in a structured, commonly used and machine-readable format. He has the right to freely transmit this data to another controller to whom the personal data has been transmitted, provided that the processing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR or a contract pursuant to Article 6(1)(b) of the GDPR, and the processing is automated as long as the processing is not necessary to perform a task in the public interest or to exercise official powers conferred on the controller.
In addition, when exercising their right to data portability in accordance with Article 20(1) of the GDPR, the data subject has the right to transfer personal data directly from one controller to another, where this is technically feasible and this is not the case interfere with the rights and freedoms of others.
In order to assert the right to data portability, the data subject can contact an employee of Shanghai Sinox Trading Co., Ltd. at any time. turn around.
g) Right to object
Every data subject has the right to object at any time to the European legislator, on grounds relating to his or her particular situation, against the processing of personal data based on letter e or f) of Article 6 paragraph 1 of the GDPR. This also applies to profiling based on these provisions.
Shanghai Sinox Trading Co.,Ltd. will no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or entity, exercise or defense of legal claims.
When Shanghai Sinox Trading Co.,Ltd. processes personal data for direct marketing purposes, the data subject has the right to object to the processing of personal data for such marketing at any time. This applies to profiling to the extent that it is related to such direct marketing. If the data subject objects to Shanghai Sinox Trading Co., Ltd. processing for direct marketing purposes, Shanghai Sinox Trading Co., Ltd. no longer process the personal data for these purposes.
In addition, the data subject has the right to object to the processing of personal data by Shanghai Sinox Trading Co., Ltd. for reasons relating to their particular situation. for scientific or historical research purposes or for statistical purposes pursuant to Article 89 paragraph 1 GDPR, unless the processing is necessary to fulfill a task for reasons of public interest.
In order to exercise the right to object, the data subject may contact any employee of Shanghai Sinox Trading Co., Ltd. turn around. In addition, within the framework of the use of information society services and notwithstanding Directive 2002 / 58 / EC, the data subject is free to exercise his right to object by automated means using technical specifications.
h) Automated individual decision-making, including profiling
Every data subject has the right to be granted by the European legislator not to be subject to a decision based solely on automated processing, including profiling, which has legal effects for him or her or similarly significantly affects him or her, as long as the decision is made (1) is not necessary for entering into, or the performance of, a contract between the data subject and a controller, or (2) is not authorized by Union law or the law of a Member State to which the controller is subject to and which also establishes appropriate measures to protect the data subject's rights and freedoms and legitimate interests, or (3) is not based on the data subject's explicit consent.
If the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) it is based on the data subject's explicit consent, the Shanghai Sinox Trading Co., Ltd. takes appropriate measures to protect the rights and freedoms of the data subject and legitimate interests, at least the right of the controller to human intervention, to express his or her point of view and to contest the decision.
If the data subject wishes to exercise the rights relating to automated individual decision-making, they can contact an employee of Shanghai Sinox Trading Co., Ltd. at any time. turn around.
i) Right of revocation of the data protection declaration
Every data subject has the right granted by European legislators to revoke their consent to the processing of their personal data at any time.
If the data subject wishes to exercise the right to withdraw consent, they can contact an employee of Shanghai Sinox Trading Co., Ltd. at any time. turn around.
7. Data protection for applications and application procedures
The person responsible for data processing collects and processes the personal data of the applicants for the purpose of processing the application procedure. The processing can also be done electronically. This is particularly the case when an applicant submits the relevant application documents to the controller by email or via a web form on the website. If the person responsible for data processing concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in accordance with the statutory provisions. If the person responsible for processing does not conclude an employment contract with the applicant, the application documents will be automatically deleted two months after notification of the rejection decision, provided that no other legitimate interests of the person responsible for processing prevent deletion. Another legitimate interest in this relationship is, for example, the burden of proof in proceedings under the General Equal Treatment Act (AGG).
8. Legal basis for processing
Art. 6 (1) lit. A GDPR serves as the legal basis for processing for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary for the delivery of goods or the provision of another service, the processing is based on Article 6 paragraph 1 lit. b GDPR. The same applies to such processing that is necessary to carry out pre-contractual measures, for example in the case of queries about our products or services. If our company is subject to a legal obligation that requires the processing of personal data, for example to fulfill tax obligations, the processing is based on Article 6 (1) lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured in our company and their name, age, health insurance data or other important information would have to be passed on to a doctor, hospital or a third party. Then the processing would be based on Art. 6 (1) lit. d GDPR. Finally, the processing could be based on Article 6 Paragraph 1 Letter f GDPR. This legal basis is used for processing that does not fall under one of the aforementioned legal grounds, provided that the processing is necessary for the purposes of the legitimate interests of our company or a third party, unless these interests are overridden by the interests or fundamental rights and fundamental freedoms of the data subject who require the protection of personal data. Such processing operations are particularly authorized as they have been expressly mentioned by the European legislator. He took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47 sentence 2 GDPR).
9. The legitimate interests of the controller or a third party
If the processing of personal data is based on Article 6 Paragraph 1 lit. f GDPR Our legitimate interest is to operate our business for the benefit of all our employees and shareholders.
10. Period for which the personal data will be stored
The criterion for the duration of the storage of personal data is the respective statutory retention period. After this period has expired, the corresponding data will be routinely deleted, provided this is no longer necessary to fulfill the contract or to initiate a contract.
11. Provision of personal data as a legal or contractual requirement; Prerequisite for the conclusion of a contract; Obligation of the data subject to provide the personal data; possible consequences of failure to provide such data
We would like to point out that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual provisions (e.g. information on the contractual partner). Sometimes it may be necessary to conclude a contract in which the data subject provides us with personal data, which must then be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with them. Failure to provide the personal data would mean that the contract with the data subject could not be concluded. Before personal data is provided by the data subject, the data subject must contact an employee. The employee clarifies to the person concerned whether the transmission of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to transmit the personal data and the consequences of non-transmission of the personal data.
12. Existence of Automated Decisions
As a responsible company, we do not use automated decision making or profiling.
This data protection declaration was created by the data protection guidelines generator of DGD - your external data protection officer - which was developed in cooperation with German lawyers from WILDE BEUGER SOLMECKE, Cologne.