1. We are responsible for your data
The protection and security of your personal data is of utmost importance to us. To allow you to feel safe with us in terms of data protection, we will process your personal data in strict compliance with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Law (BDSG).
Personal data is data from which you can be identified or are identifiable. We will only process your personal data if we are allowed to do so by law, or you have given us your prior consent. We, that is
Sovendus GmbH, Hermann-Veit-Str. 6, 76135 Karlsruhe, Germany
and our service providers, who will process your data on our behalf for the purposes specified below (hereinafter: Sovendus, ‘we’, ‘us’, ‘ourselves’). We provide vouchers and special offers to adult end customers for our product suppliers and advertising partners (Sovendus cooperation partners) from all branches of trade. Our service providers include, among others, software suppliers, email service providers and data processing service centres. Our service providers are not allowed to process your data for other purposes or on their own behalf.
You may contact us at the postal address mentioned above or by email at info[at]sovendus.co.uk. It is important to us that you can find out at any time from the following information which personal data is collected during your visit to our website and when using our services and offers, and how we process it.
2. How secure is your data?
We have implemented technical and organisational security measures to protect your personal data against manipulation, loss, destruction or access by unauthorised persons, and to ensure the protection of your rights and compliance with the applicable data protection regulations of the EU and the Federal Republic of Germany (Art. 32 GDPR).
The implemented measures taken are intended to guarantee the confidentiality and integrity of your data and to ensure the ongoing availability and resilience of our systems and services when processing your data over the long term. These measures are also intended to ensure the ability to restore the availability and access to data in a timely manner in the event of a physical or technical incident.
Our security measures also include encryption of your data. When your data is transferred to us, it is encrypted using Transport Layer Security (HTTPS). All of the information you provide online is sent via encrypted transmission. This means that this information cannot be viewed by unauthorised third parties at any time.
Our data processing and security measures undergo continuous improvement according to the state of the art. Our employees are of course bound in writing to confidentiality and to comply with the data protection requirements of the GDPR.
3. Our data protection officer
If you have questions regarding data protection or data security, you may contact our data protection officer by email at data-protection[at]sovendus.co.uk or by post at Sovendus GmbH, Hermann-Veit-Str. 6, D-76135 Karlsruhe, Germany.
4. What are mandatory data or mandatory fields?
If certain data fields are designated or marked as “mandatory data” or “mandatory fields” during collection, the provision of this data is either required by law or contract, or we need this data for the conclusion of the contract, the requested service or the indicated purpose. Of course, you are free to provide the data, even if it is mandatory, at your discretion. Failure to provide such information may mean that the contract cannot be fulfilled by us or that the requested service cannot be provided or the indicated purpose cannot be achieved.
5. What is your data processed for?
We will process your data to reply to your queries (Art. 6(1) (b) GDPR). The address and telecommunications data marked as mandatory is necessary to process and answer your querie. The voluntary communication of further data makes it easier for us to deal with your request and enables us to provide more detailed information. As a rule, we will store the information from your querie for a period of three months from our initial reply, in case there are further queries, unless a longer retention period is requiered for documentation purposes (Art. 6 (1) (c), Art. 5 (2) GDPR).
b. Pseudonymized customer analyses
We process your data from requests for voucher and special offers, email newsletters and the related transactions with Sovendus cooperation partners for pseudonymous analyses (see also c. and d.).
On the one hand, we would like to be able to present you offers tailored to your potential interests (such as local vouchers or special offers) at Sovendus an our cooperation partners on the internet. At the same time, we would like to consider possible restrictions of our cooperation partners in these pseudonymous analyses, which, for example, differentiate between new and existing customers in offers or, for example, impose time restrictions on orders, so that you are only offered vouchers that you can redeem and special offers, such as free trial offers for daily newspapers, magazines or product samples that can also be delivered to you.
Only pseudonymised data are used for this purpose (Art. 6 (1) (f) GDPR). Our legitimate interest lies in the successful marketing of voucher and benefit offers from Sovendus cooperation partners.
You can object to this processing at any time by pressing the button that follows to display “Disabled”. If you want to reactivate the pseudonymous analysis, press the button to display “Activated”.
Enabled (blue and switch on the right) / disabled (grey and switch on the left)
c. Our voucher offers
Some of our advertising partners will present our voucher offers after your online purchase on their website. In order to select a currently interesting voucher offer for you, our advertising partners will transmit your pseudonymised hash value of your e-mail address and your IP-address in encrypted form to us (Art. 6 (1) (f) GDPR). The pseudonymised hash value of your e-mail address is used to consider a possibly existing objection to receive offers from us (Art. 21 (3), Art. 6 (1) (c) GDPR). The IP-address will be exclusively used for data security purposes and as a rule the same will be anonymised after seven days.
Furthermore, our advertising partners will transmit order number, order value with currency, session ID, coupon code, and time stamp in pseudonymised form to us (Art. 6 (1) (f) GDPR). If you are interested in one of our voucher offers, while there is no objection existing to receive such offers, and if you click on the voucher banner, our advertising partners will transmit your form of address, your name and your e mail address in encrypted form to us (Art. 6 (1) (b) and (f) GDPR).
When the required data have been processed to prepare your voucher, an e-mail with your voucher code will be sent to the e-mail address given by you (Art. 6 (1) (b) GDPR).
d. Our special offers
Some of our advertising partners present our special offers on their websites after you have made your online purchase on our site. To enable us to offer up-to-the-minute, regional offers that should be of interest to you, our advertising partners send us some pseudonymised and encrypted information, which includes the salutation, year of birth, country, postcode, hash value of the e-mail address and your IP address (Art. 6 (1) (f) GDPR). The pseudonymised hash value of the e-mail address will also be used by us for any possible rejection of advertising by you (Art. 21 (3), Art. 6 (1) (c) GDPR). We only use the IP address for the purpose of data security, and it is usually anonymised after seven days (Art. 6 (1) (b) and (f) GDPR).
When you click a special offer, your name, address details and e-mail address will also be forwarded to us by our advertising partner in encrypted form, so that we can prepare the personalised request for the special offer for the respective product provider (Art. 6 (1) (b) and (f) GDPR).
When you select one of our special offers, we first of all process your information that is required to order the special offer. Following this your details will also be sent to the product provider whose special offer you selected (Art. 6 (1) (b) GDPR). After this, we will only use your data in pseudonymised form for the purpose of analyses (Art. 6 (1) (f) GDPR (see b. above).
Once the details have been transmitted, the respective product provider is then responsible for any further processing of your data.
e. Email newsletter from Sovendus
If you select by your express consent (which you may withdraw at any time) your personal newsletter of one of our advertising partners, the respective advertising partner will directly send you by e-mail the selected newsletter (Art. 7 (2) No. 3 UWG, Art. 6(1) (a) GDPR).
To this end we will transmit your data and your consent declaration to the respective advertising partner (Art. 6 (1) (a) and (f) GDPR). If you wish to withdraw your consent, you may at any time contact the advertising partner.
f. Email newsletter from our advertising partners
If you select by your express consent (which you may withdraw at any time) your personal newsletter of one of our advertising partners, the respective advertising partner will directly send you by e-mail the selected newsletter (§ 7 section 2 n° 3 Act Against Unfair Competition, UWG, Art. 6 (1) (a) GDPR).
To this end we will transmit your data and your consent declaration to the respective advertising partner (Art. 6 (1) (a), (f) GDPR). If you wish to withdraw your consent, you may at any time contact the advertising partner.
g. Email newsletter from product suppliers
If you select by your express consent (which you may withdraw at any time) or on the basis of a contract your personal newsletter of a product supplier, the respective product supplier will directly send you by e-mail the selected newsletter (Art. 7 (2) No. 3 UWG, Art. 6 (1) (a) and (b) GDPR).
To this end we will transmit your data and your consent declaration or your contract declaration to the respective product supplier (Art. 7 (2) No. 3 UWG, Art. 6 (1) (a), (b) and (f) GDPR). If you wish to withdraw your consent, you may at any time contact the product supplier.
h. Documentation of consent
When we obtain your consent to the sending of e-mail newsletters, your IP address will be collected and stored for documentation purposes (Art. 7 (1), Art. 6 (1) (c) GDPR).
i. Duration of storage
We store the data we collected from you for advertising purposes until we receive your revocation of consent or your objection to the processing of your data for advertising purposes.
j. Change of purpose
k. Online applications
If you apply for a job with Sovendus, we will process your data to handle and evaluate your application (Art. 26 (1) GDPR). We need your address and telecommunication data marked as mandatory data to correctly assign your application and to contact you. Your application data marked as mandatory data allow us to assess the chances of success of your application.
If you are not chosen for or if you refuse the offered job, we will store your data for another three months for documentation purposes and then delete them, unless you have given us your consent to use your data for further application procedures (Art. 6 (1) (a) GDPR).
6. Right of objection and revocation at any time
You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data, provided that the legal requirements are met (Art. 21 (1) GDPR).
If you want to object to the processing of your data for advertising purposes or if you wish to withdraw your consent (Art. 21 (2) GDPR), you may at any time send a short message to our Data Protection Officer by e-mail to data-protection[at]sovendus.co.uk or by mail to Sovendus GmbH, Data Protection, Hermann-Veit-Straße 6, D-76135 Karlsruhe. Your data will then no longer be processed for the advertising purposes covered by your objection or your withdrawal of consent.
This does not affect the lawfulness of the processing before objection or withdrawal of consent.
If you object to the processing of your personal data for advertising purposes or if you withdraw your consent, we are obliged, according to data protection law pursuant to Art. 21 (3) GDPR, to enter the required data (name, address, e-mail address) into our internal advertising black list and to store (block) these data permanently, in order that we can compare them with future advertising files (Art. 6 (1) (c) and (f) GDPR). In this way we can ensure the ongoing observance of your objection or of your withdrawal of consent. We will use your blocked data exclusively for this purpose.
7. Use of technologies
a. Information required for technical purposes to send or prepare our service
We use these technologies required for technical purposes to enable and ensure the functionality of our websites and to implement the revocation of a technology, e.g. cookies and/or the revocation of your consent to the use of the technology (Article 6.1 b, f GDPR).
The following technologies are in use:
|Designation||Period of validity||Information / Function|
|SOV_OPTOUT||100 years||Required to store an end customer's objection to pseudonymous customer analysis in the long term.|
|Information text on the Sovendus web pages|
|cookieconsent_notice_accepted||1 year||Necessary to store an end customer's objection to pseudonymous customer analysis in the long term.|
|bePreScreen||Session||Required to integrate and display open Sovendus job postings from the applicant management system on Sovendus career websites.|
|Sovendus voucher process|
|Exactag||up till 20 years||Required for the settlement of the distributed vouchers in the cooperation between Sovendus and Tchibo GmbH, Hamburg. Information on a voucher request at Sovendus is transmitted to the Tchibo service provider Exactag, Düsseldorf via tracking pixels and links and cookies are set for this purpose. If you do not want this, you can use the following link to set an Exactag opt-out cookie for voucher campaigns of this advertising partner at Sovendus via the following link: https://www.sovendus.com/tchibo_exactag_optout|
|sov-nps||1 year||Required to prevent multiple use or misuse of the Net Promoter Score. Allows only a single rating by an end customer as long as the cookie is valid and present.|
b. What are cookies and what do we use them for?
“Cookies” are small files that are downloaded to your computer’s hard drive by your web browser or other programs. These are stored locally on the hard disk of your computer and kept ready for later retrieval.
to enable and ensure necessary technical functionality (Art. 6 (1) (b), (f) GDPR), to respect user rejection of cookies and/or the revocation of their consent on the use of such cookies (Art. 6 (1) (c) GDPR).
Session cookies are only used for the particular session. These cookies are deleted after the end of the session, i.e. after leaving our website or when the browser window is closed. Other cookies remain on your end device for a longer period of time and enable us or third parties to recognize your browser on your next visit (persistent cookies).
c. Deletion of cookies/revocation of your consent
You can set your web browser to notify you when cookies are set or to reject all or specific cookies in general (e.g. only third-party cookies). If you disable cookies using your browser, however, you will no longer be able to use various functions on our website.
The following links will inform you about this possibility for the most commonly used browsers:
Google Chrome: support.google.com/chrome/bin/answer.py
Please note that if you delete all cookies, those cookies used to comply with the revocation options will also be deleted.
d. Measuring reach with Matomo
We use the web analysis software Matomo in order to measure the reach of our website (creating anonymous visit and performance statistics). Measuring the reach helps us to measure performance, find navigation problems, optimise the technical performance, evaluate the capacity of the required server as well as to analyse the viewed contents. It is indispensable for the functionality of our website (para. 5, section 3 of the ePrivacy guideline 2002/58).
In order to distinguish users when measuring reach, Matomo uses a digital fingerprint consisting of browser information (type, version, plugins and language), operation system as well as your IP address. This digital fingerprint is only valid for 24 hours and will be anonymised thereafter.
The IP address will be anonymised immediately after it has been collected (Para 6, section 1, GDPR). Our lawful purpose is to carry out anonymised reach measurements under the principle of data minimisation (Para 5, Section 1 C, GDPR).
Thereafter, the processed data will be used to create anonymous visit and performance statistics about the browser types used, the browser versions, operating systems, countries of origins, date and time of the server requests, number of visits, stay on the website as well as links used.
This information will be used for no longer than 25 months for the purposes of measuring reach and will be deleted thereafter.
The data generated by Matomo relating to the use of this website will be processed exclusively on our servers and the servers of your data processors (Para. 28 GDPR) and not transferred to third parties.
You may object to the reach measurement with Matomo at any time with effect for the future by clicking on this button.
Enabled (blue and switch on the right) / disabled (grey and switch on the left)
Every time a user accesses this website or websites in our advertising network, data about this process are stored and processed temporarily in a log file (Art. 6 (1) (f) GDPR). These data include:
- category or type of file requested,
- data and time of request,
- amount of data transferred,
- notification whether the request was successful,
- the access method/function preferred by the requesting terminal,
- a description of the type of web browser used,
- referrer (website from which you have reached our website)
- IP address.
The temporary storing of these so-called server log data is required to perform the services for technical reasons and, thereafter, to ensure system security. The data are anonymised normally after seven days by shortening of the IP address.
9. How can you exercise your data protection rights?
If you have questions concerning the processing of your personal data by us, we will of course be pleased to provide information (Art. 15 GDPR) about the data relating to you. Moreover, provided that the legal requirements of the GDPR are met, you have the right to correction (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction of processing (Art. 18 GDPR), data portability (Art. 20 GDPR) and the right to object to processing (Art. 21 GDPR).
Please contact in all these cases our Data Protection Officer (see above 3.) at the communication addresses given there. If there is reasonable doubt about the identity of the natural person asserting the aforementioned rights, we will additionally request information necessary to confirm the identity.
Finally, you have the right to lodge a complaint with a competent data protection supervisory authority (Art. 77 GDPR, Section 19 BDSG).
Booth: November 2020