Privacy Policy

We provide you with this Privacy Policy to inform you about which data we collect when you visit the website and use the service at www.sonomotors.com and how we at Sono Motors handle your personal information.

I. Controller within the meaning of the General Data Protection Regulation

The website www.sonomotors.com is operated by Sono Motors GmbH (address: Waldmeisterstrasse 76, 80935, Munich and registration ID: HRB 24131).
Sono Motors GmbH is the body responsible for data protection within the meaning of § 11 of the Federal Data Protection Act (BDSG) or Art. 28 EU General Data Protection Regulation (GDPR) and § 62 BDSG (new).

Name and address of the data protection officer

The Controller’s data protection officer is:

Heiko Zentgraf
BÖLLINGER GROUP Holding GmbH
Salinenstraße 38-44
74177 Bad Friedrichshall
Germany
Tel.: 07136/9634-205
E-mail: h.zentgraf@boellinger-group.de

II. Provision of the website

Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer.

Thereby, the following data is collected:

  • – Information about the browser type and version used
  • – The operating system of the user
  • – The Internet service provider of the user
  • – The IP address of the user
  • – Date and time of access
  • – Websites from which the system of the user reaches our website
  • – Websites that are accessed by the user’s system through our website

The collection and temporary storage solely serves the technical function of the website. The data will never be linked to your personal data.

1. Legal basis for data processing

The legal basis for the temporary storage of data is Art. 6 para. 1 lit. f GDPR.

2. Purpose of data processing

The temporary storage of the IP address by the system is necessary to allow delivery of the website to the computer of the user. For this, the IP address of the user must be stored for the duration of the session.

This named purposes reflect our legitimate interest in the processing of data in the sense of Art. 6 para. 1 lit. f GDPR.

3. Duration of storage

The data will be deleted as soon as it is no longer necessary for the achievement of the purpose it was collected for. In the case of acquisition of the data to provide the website, this is the case when the respective session ends.

4. Right of objection

The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. The user has consequently no right to object this processing.

II. General information about personal data

1. Processing of personal data

Generally, we process personal data of our users only to the extent necessary to provide a functioning website and our content and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies in cases where prior obtaining of consent for factual reasons is not possible and the processing of the data is permitted by applicable law.

To protect the security of your data during transmission, we use state-of-the-art encryption techniques (such as SSL) over HTTPS.

2. Legal basis for the processing of personal data

The legal basis for the processing of your personal data are the following:

  • – Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) works as legal basis.
  • – In case of processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR is the legal basis. This also applies to processing operations required to carry out pre-contractual actions.
  • – Insofar as processing of personal data is required to fulfill a legal obligation that is subject to our company, Art. 6 para. 1 lit. c GDPR as legal basis.
  • – In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR is the legal basis.
  • – If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the first interest, Art. 6 para. 1 lit. f GDPR works as legal basis for processing.

3. Data erasure and storage duration

We adhere to the principles of data avoidance and data economy. Therefore, we only store your personal data for as long as is necessary to achieve the purposes stated here or according to the various periods of storage stipulated by the European or national legislature. After discontinuation of the respective purpose or expiration of these periods, the corresponding data are routinely and in accordance with the statutory provisions blocked or deleted, unless there is a need for further storage of data for closure of a contract or fulfillment of a contract.

III. Specific reasons for the processing of personal data

Inter alia, we collect and process personal data in the following cases:

  • – If you apply for a job with us via the website, the data processing is covered by Art. 6 para. 1 lit. a GDPR (see also the additional privacy policy for the application process under: https://sonomotors-jobs.personio.de/privacy-policy?language=en
  • – When you register for one of our newsletters
  • – When you reserve a car via the website, increase the corresponding deposit for the reservation or support us financially
  • – If you contact us directly in other cases, especially if you send us an email to the email addresses listed on the website.

To process the data, we use, among others, the CRM software and cloud solutions of the US provider Salesforce Inc., The Landmark @ One Market, Suite 300, San Francisco, CA 94105 (“Salesforce”). Salesforce is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy standards (https://www.privacyshield.gov/participant?id=a2zt0000000KzLyAAK&status=Active). In addition, Salesforce has passed the Certified Cloud Service certification by TÜV Rheinland and thus an in-depth review and is ISO 27001 certified.

To ensure proper processing, we have closed a data processing addendum with Salesforce according to Art. 28 (3) sentence 1 GDPR.

 

1. Newsletter

With the following information, we will notify you about the contents of our newsletter as well as the registration and sending procedures and your right of objection. By subscribing to one of our newsletters, you agree to the receipt and the procedures described.

We offer various newsletters, for example, depending on which country you are in and in which language you would like to receive the newsletter. Therefore, in addition to the e-mail address, we also store the relevant country and the language you choose. In order to address you personally, we aslo ask for the correct salutation and your first name.

For an effective registration we need a valid e-mail address. In order to verify that an application is actually made by the owner of an e-mail address, we use the “Double opt-in” procedure. For this purpose we record the order of the newsletter, the dispatch of a confirmation mail and the receipt of the requested answer.

For delivery of our newsletters, we use MailChimp, a mailing list platform provided by Rocket Science Group, LLC, 675 Ponce De Leon Ave # 5000, Atlanta, GA 30308, USA. MailChimp is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European data protection standards (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active). The data entered by you for the purpose of receiving the newsletter will be stored by us and on the servers of MailChimp.

With the help of MailChimp we are also able to analyze our newsletters. So we can e.g. see if a newsletter message has been opened and which links have been clicked. We use this information for statistical purposes to further improve our service.

The legal basis for the processing of personal data to deliver the newsletters is Art. 6 para. 1 lit. a GDPR. The use of MailChimp as a mailing service provider and the statistical surveys are further based on our legitimate interests to be able to offer you the best possible newsletter (see Article 6 (1) (f) GDPR). To ensure proper processing, we have closed a data processing addendum with MailChimp according to Art. 28 (3) sentence 1 GDPR.

The consent to the storage and processing of your personal data for the newsletter can be revoked at any time. Each newsletter contains a respective link. In addition, you can notify your objection via the contact option indicated at the end of this data protection policy.

After unsubscribing the newsletter, your data will be deleted both from our servers and from the servers of MailChimp.

For details, please refer to the privacy policy of MailChimp: https://mailchimp.com/legal/privacy/

2. Reservation of a vehicle via the website

Through our website you can reserve a Sion vehicle from Sono Motors by making a down payment on the purchase price.

In order to process the reservation properly and to prepare a later potential vehicle purchase, we collect the following personal data with your consent:

  • – Title
  • – Surname
  • – First given name
  • – Email
  • – Street, house number, zip code, city, country

As part of the reservation, you will be assigned an individual customer number and a reservation number. With this data, an increase of the deposit of the reservation is possible.

For the processing of the down payment and a potential later vehicle purchase we use the payment platform of the service provider BS PAYONE GmbH. The data protection details of payment processing via BS PAYONE GmbH can be found in section III. 4. of this data protection policy.

Your data will be used exclusively to process the reservation and a potential purchase contract.

For details on how to reserve a Sion vehicle, please refer to our Terms and Conditions: https://sonomotors.com/wp-content/uploads/SonoMotors_GTC-VR_eng.pdf

The legal basis for the collection and processing is Art. 6 (1) lit. a + b GDPR.

The data will be stored during the execution of the reservation and a potential purchase contract and deleted according to the legal storage obligations. The data are necessary for a proper execution of the contract. A deletion or blocking of the data at your request is therefore only possible if the contractual relationship is terminated, too.

3. Financial support and investment

a) “Donations”

On our website you have the opportunity to financially support us as a start-up company.

If you provide us with an amount of money for no consideration as financial support (colloquially “donation”), we collect and process the following personal data:

  • – Title
  • – Surname
  • – First given name
  • – Email
  • – Street, house number, zip code, city, country

For the processing of the financial support we use the payment platform of the service provider BS PAYONE GmbH. The data protection details of payment processing via BS PAYONE GmbH can be found in section III. 4. of this data protection policy.

The legal basis for the collection and processing is Art. 6 (1) lit. a + b GDPR.

The data will be stored to ensure the proper execution of the payment and deleted according to the statutory retention requirements.

b) Crowdinvesting

On our website you also have the opportunity to financially support us as a start-up company as part of a crowdinvesting project.

The crowdinvesting is completely handled by:

wiwin GmbH,
Große Bleiche 18-20,
55116 Mainz
Tel.: +49 (0)6131. 9714-0
Fax: +49 (0)6131. 9714-100
CEO: Matthias Willenbacher

Wiwin GmbH informs us once a week about new investors. The surname, first name, place of residence and loan amount as well as the corresponding contract number of the respective investor are transmitted to us and stored.

The data protection policy of wiwin GmbH can be found here: https://www.wiwin.de/datenschutzerklaerung

The legal basis for storage and processing is Art. 6 para. 1 lit. b, f GDPR.

Your data will be deleted after the crowinvesting project and the legal retention obligations have expired.

4. Payment via BS PayOne

For the settlement of all payment runs, in particular in the context of reservation / increase or financial support, we use the offer of our payment service provider:

BS PAYONE GmbH
Lyoner Straße 9
D-60528 Frankfurt/Main
www.bspayone.com
Commercial Register Frankfurt / Main, HRB-Nr. 28 985
VAT ID: DE 114129870
Managing Director: Niklaus Santschi, Jan Kanieß, Dr. Ing. Götz Möller, Carl Frederic Zitscher
Chairman of the Supervisory Board: Ottmar Bloching

BS PAYONE GmbH is authorized and regulated by the Federal Financial Supervisory Authority, Graurheindorfer Straße 108 in D-53117 Bonn, as payment institution.

The payment data you enter will be sent directly from your browser to PayOne. Depending on the chosen payment method, BS PAYONE GmbH will potentially forward data to other payment service providers (eg Paypal).

The privacy policy of BS PAYONE GmbH is available at www.payone.com/datenschutz/.

BS PAYONE will provide us with a summary of the payment process. We store this data together with the data provided by you for the reservation, increase or donation. The data on the means of payment used by you will only be sent in abbreviated form (only the last digit of the credit card number or IBAN).

The legal basis for storage and processing is Art. 6 para. 1 lit. b DSGVO. Your data will be deleted after termination of the legal relationship that triggers the payment and the respective legal retention obligations.

5. E-mail contact

You can contact us via the e-mail address provided on our website.

In this case, the user’s personal data transmitted with the e-mail will be stored.

In this context, there is no disclosure of the data to third parties. The data is used exclusively for processing the conversation.

The legal basis for the processing of the data transmitted in the course of sending an e-mail is Article 6 (1) lit. f GDPR. If the e-mail contact aims to conclude a contract, then additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.

IV. Google Analytics

This website uses functions of the web analytics service Google Analytics. Provider is the Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”).

Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

Google Analytics cookies are stored on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising.

Google LLC, based in the United States, is certified to the US Privacy Shield, which ensures compliance with the level of data protection in the EU.

IP anonymization

We have activated the function IP anonymization on this website. As a result, your IP address will be truncated by Google within member states of the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address provided by Google Analytics as part of Google Analytics will not be merged with other Google data.

Browser plugin

You can prevent the storage of cookies by a corresponding setting of your browser software; however, please note that if you do this, you may not be able to use all the features of this website to the fullest extent possible. In addition, you may prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en

Opposition to data collection

You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set which prevents the collection of your data on future visits to this website:  Activate Google Analytics.

For more information on handling of user data at Google Analytics, please refer to the Google Privacy Policy:

https://support.google.com/analytics/answer/6004245?hl=de.

Order processing

We have entered into a contract with Google for data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

V. Google AdWords

Our website uses the Google Adwords service. Google AdWords is an online advertising program of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”).

 

Using Google Adwords Conversion Tracking

We also use so-called conversion tracking when using the Google AdWords service. When you click on an ad served by Google, a conversion tracking cookie will be placed on your computer / device. These cookies lose their validity after 30 days, contain no personal data and are thus not used for personal identification. The information obtained using the conversion cookie is used to generate conversion statistics for AdWords advertisers who have opted for conversion tracking.

You can prevent the storage of cookies by a corresponding setting of your browser software; however, please note that if you do this, you may not be able to use all the features of this website to the fullest extent possible. In addition, you can opt-out of interest-based ads on Google and interest-based Google ads on the web (within the Google Display Network) in your browser by activating the swith “off” at http://www.google.com/settings/ads or by taking the steps for deactivation at http://www.aboutads.info/choices/.

For more information about your preferences and privacy at Google, please visit https://www.google.com/intl/en/policies/privacy/?fg=1

 

VI. Google Maps

On our website we use Google Maps (API) from Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). Google Maps is a web service for displaying interactive maps to provide geographic information The use of this service will in particular indicate the location of the test drive events and make it easier to get there.

When you visit any of the subpages where the Google Maps map is incorporated, information about your use of our website (such as your IP address) is transmitted to Google’s servers in the United States and stored there. This is done regardless of whether Google provides a user account that you are logged in to, or if there is no user account. When you’re logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on Google, you will need to log out of your Google Account before activating the button “Register” to the test drive. Google stores your data (even for non-logged-in users) as usage profiles and evaluates them. According to Art. 6 (1) (f) of the GDPR, such an evaluation is based on the legitimate interests of Google in the display of personalized advertising, market research and / or tailor-made design of its website. You have the right to object to the formation of these user profiles, whereby you have to contact Google to exercise these rights.

Google LLC, based in the United States, is certified to the US Privacy Shield, which ensures compliance with the level of data protection in the EU.

If you disagree with the future transmission of your data to Google when using Google Maps, you can also disable the Google Maps web service completely by turning off the JavaScript application in your browser. In this case, Google Maps and the map display on this website can not be used.

Google’s terms of service can be found at http://www.google.com/intl/en/policies/terms/regional.html

For additional terms of use for Google Maps, please visit https://www.google.com/intl/en_US/help/terms_maps.html

For details on privacy related to the use of Google Maps, please visit the Google Privacy Policy: http://www.google.com/intl/en/policies/privacy/

VII. Embedded YouTube videos

On some of our subpages of the website www.sonomotors.com we embed Youtube videos. The corresponding plug-ins are operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit a page with the YouTube plug-in, it will connect to Youtube’s servers. Youtube will be informed which pages you visit. If you are logged into your Youtube account, Youtube can assign your surfing behavior to you personally. This can be prevented by logging out of your Youtube account beforehand.

If a Youtube video is started, the provider uses cookies that collect information about user behavior.

Anyone who has disabled the storage of cookies for the Google Ad program will not have to expect such cookies when watching YouTube videos. Youtube also stores non-personal usage information in other cookies. If you want to prevent this, you must block the storage of cookies in the browser.

Further information on data protection at “Youtube” can be found in the privacy policy of the provider under:

https://www.google.de/intl/de/policies/privacy/

VIII. Your rights of information, rectification, data transmission, blocking, termination and opposition as well as for complaints

You have the right to receive information about your personal data stored by us at any time. You also have the right to rectification, data transfer, blocking or, apart from the prescribed data storage for business transactions, deletion of your personal data. To exercise your rights, please address the contact listed at the end of the data protection policy.

For a data lock to be taken into account at all times, these data must be stored in a lock file for control purposes. You can also request the deletion of the data, as long as there is no legal archiving obligation. As far as such an obligation exists, we lock your data on request.

You can make changes to or revoke your consent with effect for the future by notifying us.

Insofar as the storage and processing of personal data is absolutely necessary for the execution of a contractual relationship, the deletion of your data may depend on the fact that the contractual relationship is also dissolved.

If you believe that we are infringing the GDPR in the processing of personal data concerning you, you have the right to complain to the competent supervisory authority. You can assert this right with a supervisory authority in the Member State of your place of residence, your place of work or the place of the alleged breach.

In Bavaria the competent supervisory authority is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 27
91522 Ansbach

IX. Change of our data protection policy

We reserve the right to change this data protection policy from time to time to ensure that it complies with current legal requirements or to implement changes to our services, e.g. when introducing new services. Your new visit will be subject to the new data protection policy.

X. Questions about privacy / contact

If you have any questions about data protection or if you would like to contact us about any other privacy issue, please email us at: dataprotection@sonomotors.com

6453
reservations